serverspec 0.4.9 → 0.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/serverspec/commands/darwin.rb +2 -2
- data/lib/serverspec/version.rb +1 -1
- data/spec/darwin/commands_spec.rb +29 -162
- data/spec/debian/commands_spec.rb +39 -227
- data/spec/gentoo/commands_spec.rb +39 -225
- data/spec/redhat/commands_spec.rb +38 -209
- data/spec/solaris/commands_spec.rb +35 -140
- data/spec/support/shared_commands_examples.rb +236 -7
- metadata +2 -2
@@ -3,255 +3,69 @@ require 'spec_helper'
|
|
3
3
|
include Serverspec::Helper::Gentoo
|
4
4
|
|
5
5
|
describe 'Serverspec commands of Gentoo family' do
|
6
|
+
it_behaves_like 'support command check_file', '/etc/passwd'
|
7
|
+
it_behaves_like 'support command check_directory', '/var/log'
|
8
|
+
|
6
9
|
it_behaves_like 'support command check_installed_by_gem', 'jekyll'
|
7
10
|
it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
|
8
|
-
end
|
9
|
-
|
10
|
-
describe 'check_enabled' do
|
11
|
-
subject { commands.check_enabled('httpd') }
|
12
|
-
it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
|
13
|
-
end
|
14
|
-
|
15
|
-
describe 'check_file' do
|
16
|
-
subject { commands.check_file('/etc/passwd') }
|
17
|
-
it { should eq 'test -f /etc/passwd' }
|
18
|
-
end
|
19
11
|
|
20
|
-
|
21
|
-
subject { commands.check_mounted('/') }
|
22
|
-
it { should eq "mount | grep -w -- on\\ /" }
|
23
|
-
end
|
24
|
-
|
25
|
-
describe 'check_routing_table' do
|
26
|
-
subject { commands.check_routing_table('192.168.100.0/24') }
|
27
|
-
it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
|
28
|
-
end
|
29
|
-
|
30
|
-
describe 'check_reachable' do
|
31
|
-
context "connect with name from /etc/services to localhost" do
|
32
|
-
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
33
|
-
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
34
|
-
end
|
35
|
-
context "connect with ip and port 11111 and timeout of 5" do
|
36
|
-
subject { commands.check_reachable('127.0.0.1', '11111', 'udp' ,5) }
|
37
|
-
it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
|
38
|
-
end
|
39
|
-
context "do a ping" do
|
40
|
-
subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
|
41
|
-
it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
describe 'check_resolvable' do
|
46
|
-
context "resolve localhost by hosts" do
|
47
|
-
subject { commands.check_resolvable('localhost', 'hosts') }
|
48
|
-
it { should eq "grep -w -- localhost /etc/hosts" }
|
49
|
-
end
|
50
|
-
context "resolve localhost by dns" do
|
51
|
-
subject { commands.check_resolvable('localhost', 'dns') }
|
52
|
-
it { should eq "nslookup -timeout=1 localhost" }
|
53
|
-
end
|
54
|
-
context "resolve localhost with default settings" do
|
55
|
-
subject { commands.check_resolvable('localhost',nil) }
|
56
|
-
it { should eq 'getent hosts localhost' }
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
describe 'check_directory' do
|
61
|
-
subject { commands.check_directory('/var/log') }
|
62
|
-
it { should eq 'test -d /var/log' }
|
63
|
-
end
|
12
|
+
it_behaves_like 'support command check_mounted', '/'
|
64
13
|
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
end
|
14
|
+
it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
|
15
|
+
it_behaves_like 'support command check_reachable'
|
16
|
+
it_behaves_like 'support command check_resolvable'
|
69
17
|
|
70
|
-
|
71
|
-
|
72
|
-
it { should eq 'getent group | grep -wq -- wheel' }
|
73
|
-
end
|
18
|
+
it_behaves_like 'support command check_user', 'root'
|
19
|
+
it_behaves_like 'support command check_user', 'wheel'
|
74
20
|
|
75
|
-
|
76
|
-
subject { commands.check_installed('httpd') }
|
77
|
-
it { should eq '/usr/bin/eix httpd --installed' }
|
78
|
-
end
|
21
|
+
it_behaves_like 'support command check_listening', 80
|
79
22
|
|
80
|
-
|
81
|
-
subject { commands.check_listening(80) }
|
82
|
-
it { should eq "netstat -tunl | grep -- :80\\ " }
|
83
|
-
end
|
23
|
+
it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
|
84
24
|
|
85
|
-
|
86
|
-
|
87
|
-
it { should eq '/etc/init.d/httpd status' }
|
88
|
-
end
|
25
|
+
it_behaves_like 'support command check_running_under_supervisor', 'httpd'
|
26
|
+
it_behaves_like 'support command check_process', 'httpd'
|
89
27
|
|
90
|
-
|
91
|
-
|
92
|
-
it { should eq 'supervisorctl status httpd' }
|
93
|
-
end
|
28
|
+
it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
|
29
|
+
it_behaves_like 'support command check_file_contain_within'
|
94
30
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
end
|
31
|
+
it_behaves_like 'support command check_mode', '/etc/sudoers', 440
|
32
|
+
it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
|
33
|
+
it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
|
99
34
|
|
100
|
-
|
101
|
-
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
102
|
-
it { should eq "grep -q -- root /etc/passwd" }
|
103
|
-
end
|
35
|
+
it_behaves_like 'support command check_cron_entry'
|
104
36
|
|
105
|
-
|
106
|
-
context 'contain a pattern in the file' do
|
107
|
-
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
108
|
-
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
109
|
-
end
|
37
|
+
it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
|
110
38
|
|
111
|
-
|
112
|
-
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
|
113
|
-
it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
|
114
|
-
end
|
39
|
+
it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
|
115
40
|
|
116
|
-
|
117
|
-
|
118
|
-
it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
|
119
|
-
end
|
41
|
+
it_behaves_like 'support command check_uid', 'root', 0
|
42
|
+
it_behaves_like 'support command check_gid', 'root', 0
|
120
43
|
|
121
|
-
|
122
|
-
|
123
|
-
it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
|
124
|
-
end
|
125
|
-
end
|
44
|
+
it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
|
45
|
+
it_behaves_like 'support command check_home_directory', 'root', '/root'
|
126
46
|
|
127
|
-
|
128
|
-
subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
|
129
|
-
it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
|
130
|
-
end
|
47
|
+
it_behaves_like 'support command check_authorized_key'
|
131
48
|
|
132
|
-
|
133
|
-
|
134
|
-
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
135
|
-
end
|
49
|
+
it_behaves_like 'support command check_iptables'
|
50
|
+
it_behaves_like 'support command check_selinux'
|
136
51
|
|
137
|
-
|
138
|
-
subject { commands.check_owner('/etc/passwd', 'root') }
|
139
|
-
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
140
|
-
end
|
52
|
+
it_behaves_like 'support command get_mode'
|
141
53
|
|
142
|
-
|
143
|
-
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
144
|
-
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
54
|
+
it_behaves_like 'support command check_access_by_user'
|
145
55
|
end
|
146
56
|
|
147
|
-
describe '
|
148
|
-
|
149
|
-
|
150
|
-
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
151
|
-
end
|
152
|
-
|
153
|
-
context 'no specified user' do
|
154
|
-
subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
|
155
|
-
it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
156
|
-
end
|
157
|
-
end
|
158
|
-
|
159
|
-
describe 'check_link' do
|
160
|
-
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
161
|
-
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
162
|
-
end
|
163
|
-
|
164
|
-
describe 'check_belonging_group' do
|
165
|
-
subject { commands.check_belonging_group('root', 'wheel') }
|
166
|
-
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
167
|
-
end
|
168
|
-
|
169
|
-
describe 'have_gid' do
|
170
|
-
subject { commands.check_gid('root', 0) }
|
171
|
-
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
172
|
-
end
|
173
|
-
|
174
|
-
describe 'have_uid' do
|
175
|
-
subject { commands.check_uid('root', 0) }
|
176
|
-
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
177
|
-
end
|
178
|
-
|
179
|
-
describe 'have_login_shell' do
|
180
|
-
subject { commands.check_login_shell('root', '/bin/bash') }
|
181
|
-
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
182
|
-
end
|
183
|
-
|
184
|
-
describe 'have_home_directory' do
|
185
|
-
subject { commands.check_home_directory('root', '/root') }
|
186
|
-
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
187
|
-
end
|
188
|
-
|
189
|
-
describe 'have_authorized_key' do
|
190
|
-
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
191
|
-
escaped_key = key.gsub(/ /, '\ ')
|
192
|
-
|
193
|
-
context 'with commented publickey' do
|
194
|
-
commented_key = key + " foo@bar.local"
|
195
|
-
subject { commands.check_authorized_key('root', commented_key) }
|
196
|
-
describe 'when command insert publickey is removed comment' do
|
197
|
-
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
198
|
-
end
|
199
|
-
end
|
200
|
-
|
201
|
-
context 'with uncomented publickey' do
|
202
|
-
subject { commands.check_authorized_key('root', key) }
|
203
|
-
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
204
|
-
end
|
205
|
-
end
|
206
|
-
|
207
|
-
describe 'check_ipatbles' do
|
208
|
-
context 'check a rule without a table and a chain' do
|
209
|
-
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
210
|
-
it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
211
|
-
end
|
212
|
-
|
213
|
-
context 'chack a rule with a table and a chain' do
|
214
|
-
subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
|
215
|
-
it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
|
216
|
-
end
|
217
|
-
end
|
218
|
-
|
219
|
-
describe 'check_selinux' do
|
220
|
-
context 'enforcing' do
|
221
|
-
subject { commands.check_selinux('enforcing') }
|
222
|
-
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
223
|
-
end
|
224
|
-
|
225
|
-
context 'permissive' do
|
226
|
-
subject { commands.check_selinux('permissive') }
|
227
|
-
it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
|
228
|
-
end
|
229
|
-
|
230
|
-
context 'disabled' do
|
231
|
-
subject { commands.check_selinux('disabled') }
|
232
|
-
it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
|
233
|
-
end
|
57
|
+
describe 'check_enabled' do
|
58
|
+
subject { commands.check_enabled('httpd') }
|
59
|
+
it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
|
234
60
|
end
|
235
61
|
|
236
|
-
describe '
|
237
|
-
subject { commands.
|
238
|
-
it { should eq '
|
62
|
+
describe 'check_installed' do
|
63
|
+
subject { commands.check_installed('httpd') }
|
64
|
+
it { should eq '/usr/bin/eix httpd --installed' }
|
239
65
|
end
|
240
66
|
|
241
|
-
describe '
|
242
|
-
|
243
|
-
|
244
|
-
it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
|
245
|
-
end
|
246
|
-
|
247
|
-
context 'write access' do
|
248
|
-
subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
|
249
|
-
it { should eq 'su -s /bin/sh -c "/usr/bin/test -w /tmp/somethingw" dummyuser2' }
|
250
|
-
end
|
251
|
-
|
252
|
-
context 'execute access' do
|
253
|
-
subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
|
254
|
-
it { should eq 'su -s /bin/sh -c "/usr/bin/test -x /tmp/somethingx" dummyuser3' }
|
255
|
-
end
|
67
|
+
describe 'check_running' do
|
68
|
+
subject { commands.check_running('httpd') }
|
69
|
+
it { should eq '/etc/init.d/httpd status' }
|
256
70
|
end
|
257
71
|
|
@@ -3,239 +3,68 @@ require 'spec_helper'
|
|
3
3
|
include Serverspec::Helper::RedHat
|
4
4
|
|
5
5
|
describe 'Serverspec commands of Red Hat' do
|
6
|
+
it_behaves_like 'support command check_file', '/etc/passwd'
|
7
|
+
it_behaves_like 'support command check_directory', '/var/log'
|
8
|
+
|
6
9
|
it_behaves_like 'support command check_installed_by_gem', 'jekyll'
|
7
10
|
it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
|
8
|
-
end
|
9
|
-
|
10
|
-
describe 'check_enabled' do
|
11
|
-
subject { commands.check_enabled('httpd') }
|
12
|
-
it { should eq '/sbin/chkconfig --list httpd | grep 3:on' }
|
13
|
-
end
|
14
|
-
|
15
|
-
describe 'check_file' do
|
16
|
-
subject { commands.check_file('/etc/passwd') }
|
17
|
-
it { should eq 'test -f /etc/passwd' }
|
18
|
-
end
|
19
|
-
|
20
|
-
describe 'check_mounted' do
|
21
|
-
subject { commands.check_mounted('/') }
|
22
|
-
it { should eq "mount | grep -w -- on\\ /" }
|
23
|
-
end
|
24
11
|
|
25
|
-
|
26
|
-
subject { commands.check_routing_table('192.168.100.0/24') }
|
27
|
-
it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
|
28
|
-
end
|
29
|
-
|
30
|
-
describe 'check_reachable' do
|
31
|
-
context "connect with name from /etc/services to localhost" do
|
32
|
-
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
33
|
-
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
34
|
-
end
|
35
|
-
context "connect with ip and port 11111 and timeout of 5" do
|
36
|
-
subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
|
37
|
-
it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
|
38
|
-
end
|
39
|
-
context "do a ping" do
|
40
|
-
subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
|
41
|
-
it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
describe 'check_resolvable' do
|
46
|
-
context "resolve localhost by hosts" do
|
47
|
-
subject { commands.check_resolvable('localhost', 'hosts') }
|
48
|
-
it { should eq "grep -w -- localhost /etc/hosts" }
|
49
|
-
end
|
50
|
-
context "resolve localhost by dns" do
|
51
|
-
subject { commands.check_resolvable('localhost', 'dns') }
|
52
|
-
it { should eq "nslookup -timeout=1 localhost" }
|
53
|
-
end
|
54
|
-
context "resolve localhost with default settings" do
|
55
|
-
subject { commands.check_resolvable('localhost',nil) }
|
56
|
-
it { should eq 'getent hosts localhost' }
|
57
|
-
end
|
58
|
-
end
|
12
|
+
it_behaves_like 'support command check_mounted', '/'
|
59
13
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
end
|
14
|
+
it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
|
15
|
+
it_behaves_like 'support command check_reachable'
|
16
|
+
it_behaves_like 'support command check_resolvable'
|
64
17
|
|
65
|
-
|
66
|
-
|
67
|
-
it { should eq 'id root' }
|
68
|
-
end
|
18
|
+
it_behaves_like 'support command check_user', 'root'
|
19
|
+
it_behaves_like 'support command check_user', 'wheel'
|
69
20
|
|
70
|
-
|
71
|
-
subject { commands.check_group('wheel') }
|
72
|
-
it { should eq 'getent group | grep -wq -- wheel' }
|
73
|
-
end
|
21
|
+
it_behaves_like 'support command check_listening', 80
|
74
22
|
|
75
|
-
|
76
|
-
subject { commands.check_installed('httpd') }
|
77
|
-
it { should eq 'rpm -q httpd' }
|
78
|
-
end
|
23
|
+
it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
|
79
24
|
|
80
|
-
|
81
|
-
|
82
|
-
it { should eq "netstat -tunl | grep -- :80\\ " }
|
83
|
-
end
|
25
|
+
it_behaves_like 'support command check_running_under_supervisor', 'httpd'
|
26
|
+
it_behaves_like 'support command check_process', 'httpd'
|
84
27
|
|
85
|
-
|
86
|
-
|
87
|
-
it { should eq '/sbin/service httpd status' }
|
88
|
-
end
|
28
|
+
it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
|
29
|
+
it_behaves_like 'support command check_file_contain_within'
|
89
30
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
end
|
31
|
+
it_behaves_like 'support command check_mode', '/etc/sudoers', 440
|
32
|
+
it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
|
33
|
+
it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
|
94
34
|
|
95
|
-
|
96
|
-
subject { commands.check_process('httpd') }
|
97
|
-
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
98
|
-
end
|
35
|
+
it_behaves_like 'support command check_cron_entry'
|
99
36
|
|
100
|
-
|
101
|
-
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
102
|
-
it { should eq "grep -q -- root /etc/passwd" }
|
103
|
-
end
|
37
|
+
it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
|
104
38
|
|
105
|
-
|
106
|
-
context 'contain a pattern in the file' do
|
107
|
-
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
108
|
-
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
109
|
-
end
|
39
|
+
it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
|
110
40
|
|
111
|
-
|
112
|
-
|
113
|
-
it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
|
114
|
-
end
|
41
|
+
it_behaves_like 'support command check_uid', 'root', 0
|
42
|
+
it_behaves_like 'support command check_gid', 'root', 0
|
115
43
|
|
116
|
-
|
117
|
-
|
118
|
-
it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
|
119
|
-
end
|
44
|
+
it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
|
45
|
+
it_behaves_like 'support command check_home_directory', 'root', '/root'
|
120
46
|
|
121
|
-
|
122
|
-
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
|
123
|
-
it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
|
124
|
-
end
|
125
|
-
end
|
47
|
+
it_behaves_like 'support command check_authorized_key'
|
126
48
|
|
127
|
-
|
128
|
-
|
129
|
-
it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
|
130
|
-
end
|
49
|
+
it_behaves_like 'support command check_iptables'
|
50
|
+
it_behaves_like 'support command check_selinux'
|
131
51
|
|
132
|
-
|
133
|
-
subject { commands.check_mode('/etc/sudoers', 440) }
|
134
|
-
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
52
|
+
it_behaves_like 'support command get_mode'
|
135
53
|
end
|
136
54
|
|
137
|
-
describe '
|
138
|
-
subject { commands.
|
139
|
-
it { should eq '
|
140
|
-
end
|
141
|
-
|
142
|
-
describe 'check_grouped' do
|
143
|
-
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
144
|
-
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
145
|
-
end
|
146
|
-
|
147
|
-
describe 'check_cron_entry' do
|
148
|
-
context 'specify root user' do
|
149
|
-
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
150
|
-
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
151
|
-
end
|
152
|
-
|
153
|
-
context 'no specified user' do
|
154
|
-
subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
|
155
|
-
it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
156
|
-
end
|
157
|
-
end
|
158
|
-
|
159
|
-
describe 'check_link' do
|
160
|
-
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
161
|
-
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
162
|
-
end
|
163
|
-
|
164
|
-
describe 'check_belonging_group' do
|
165
|
-
subject { commands.check_belonging_group('root', 'wheel') }
|
166
|
-
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
167
|
-
end
|
168
|
-
|
169
|
-
describe 'have_gid' do
|
170
|
-
subject { commands.check_gid('root', 0) }
|
171
|
-
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
172
|
-
end
|
173
|
-
|
174
|
-
describe 'have_uid' do
|
175
|
-
subject { commands.check_uid('root', 0) }
|
176
|
-
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
177
|
-
end
|
178
|
-
|
179
|
-
describe 'have_login_shell' do
|
180
|
-
subject { commands.check_login_shell('root', '/bin/bash') }
|
181
|
-
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
182
|
-
end
|
183
|
-
|
184
|
-
describe 'have_home_directory' do
|
185
|
-
subject { commands.check_home_directory('root', '/root') }
|
186
|
-
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
187
|
-
end
|
188
|
-
|
189
|
-
describe 'have_authorized_key' do
|
190
|
-
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
191
|
-
escaped_key = key.gsub(/ /, '\ ')
|
192
|
-
|
193
|
-
context 'with commented publickey' do
|
194
|
-
commented_key = key + " foo@bar.local"
|
195
|
-
subject { commands.check_authorized_key('root', commented_key) }
|
196
|
-
describe 'when command insert publickey is removed comment' do
|
197
|
-
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
198
|
-
end
|
199
|
-
end
|
200
|
-
|
201
|
-
context 'with uncomented publickey' do
|
202
|
-
subject { commands.check_authorized_key('root', key) }
|
203
|
-
it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
|
204
|
-
end
|
205
|
-
end
|
206
|
-
|
207
|
-
describe 'check_ipatbles' do
|
208
|
-
context 'check a rule without a table and a chain' do
|
209
|
-
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
210
|
-
it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
211
|
-
end
|
212
|
-
|
213
|
-
context 'chack a rule with a table and a chain' do
|
214
|
-
subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
|
215
|
-
it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
|
216
|
-
end
|
55
|
+
describe 'check_enabled' do
|
56
|
+
subject { commands.check_enabled('httpd') }
|
57
|
+
it { should eq '/sbin/chkconfig --list httpd | grep 3:on' }
|
217
58
|
end
|
218
59
|
|
219
|
-
describe '
|
220
|
-
|
221
|
-
|
222
|
-
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
223
|
-
end
|
224
|
-
|
225
|
-
context 'permissive' do
|
226
|
-
subject { commands.check_selinux('permissive') }
|
227
|
-
it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
|
228
|
-
end
|
229
|
-
|
230
|
-
context 'disabled' do
|
231
|
-
subject { commands.check_selinux('disabled') }
|
232
|
-
it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
|
233
|
-
end
|
60
|
+
describe 'check_installed' do
|
61
|
+
subject { commands.check_installed('httpd') }
|
62
|
+
it { should eq 'rpm -q httpd' }
|
234
63
|
end
|
235
64
|
|
236
|
-
describe '
|
237
|
-
subject { commands.
|
238
|
-
it { should eq '
|
65
|
+
describe 'check_running' do
|
66
|
+
subject { commands.check_running('httpd') }
|
67
|
+
it { should eq '/sbin/service httpd status' }
|
239
68
|
end
|
240
69
|
|
241
70
|
describe 'check_access_by_user' do
|