serverspec 0.4.9 → 0.4.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3,255 +3,69 @@ require 'spec_helper'
3
3
  include Serverspec::Helper::Gentoo
4
4
 
5
5
  describe 'Serverspec commands of Gentoo family' do
6
+ it_behaves_like 'support command check_file', '/etc/passwd'
7
+ it_behaves_like 'support command check_directory', '/var/log'
8
+
6
9
  it_behaves_like 'support command check_installed_by_gem', 'jekyll'
7
10
  it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
8
- end
9
-
10
- describe 'check_enabled' do
11
- subject { commands.check_enabled('httpd') }
12
- it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
13
- end
14
-
15
- describe 'check_file' do
16
- subject { commands.check_file('/etc/passwd') }
17
- it { should eq 'test -f /etc/passwd' }
18
- end
19
11
 
20
- describe 'check_mounted' do
21
- subject { commands.check_mounted('/') }
22
- it { should eq "mount | grep -w -- on\\ /" }
23
- end
24
-
25
- describe 'check_routing_table' do
26
- subject { commands.check_routing_table('192.168.100.0/24') }
27
- it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
28
- end
29
-
30
- describe 'check_reachable' do
31
- context "connect with name from /etc/services to localhost" do
32
- subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
33
- it { should eq "nc -vvvvzt localhost ssh -w 1" }
34
- end
35
- context "connect with ip and port 11111 and timeout of 5" do
36
- subject { commands.check_reachable('127.0.0.1', '11111', 'udp' ,5) }
37
- it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
38
- end
39
- context "do a ping" do
40
- subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
41
- it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
42
- end
43
- end
44
-
45
- describe 'check_resolvable' do
46
- context "resolve localhost by hosts" do
47
- subject { commands.check_resolvable('localhost', 'hosts') }
48
- it { should eq "grep -w -- localhost /etc/hosts" }
49
- end
50
- context "resolve localhost by dns" do
51
- subject { commands.check_resolvable('localhost', 'dns') }
52
- it { should eq "nslookup -timeout=1 localhost" }
53
- end
54
- context "resolve localhost with default settings" do
55
- subject { commands.check_resolvable('localhost',nil) }
56
- it { should eq 'getent hosts localhost' }
57
- end
58
- end
59
-
60
- describe 'check_directory' do
61
- subject { commands.check_directory('/var/log') }
62
- it { should eq 'test -d /var/log' }
63
- end
12
+ it_behaves_like 'support command check_mounted', '/'
64
13
 
65
- describe 'check_user' do
66
- subject { commands.check_user('root') }
67
- it { should eq 'id root' }
68
- end
14
+ it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
15
+ it_behaves_like 'support command check_reachable'
16
+ it_behaves_like 'support command check_resolvable'
69
17
 
70
- describe 'check_group' do
71
- subject { commands.check_group('wheel') }
72
- it { should eq 'getent group | grep -wq -- wheel' }
73
- end
18
+ it_behaves_like 'support command check_user', 'root'
19
+ it_behaves_like 'support command check_user', 'wheel'
74
20
 
75
- describe 'check_installed' do
76
- subject { commands.check_installed('httpd') }
77
- it { should eq '/usr/bin/eix httpd --installed' }
78
- end
21
+ it_behaves_like 'support command check_listening', 80
79
22
 
80
- describe 'check_listening' do
81
- subject { commands.check_listening(80) }
82
- it { should eq "netstat -tunl | grep -- :80\\ " }
83
- end
23
+ it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
84
24
 
85
- describe 'check_running' do
86
- subject { commands.check_running('httpd') }
87
- it { should eq '/etc/init.d/httpd status' }
88
- end
25
+ it_behaves_like 'support command check_running_under_supervisor', 'httpd'
26
+ it_behaves_like 'support command check_process', 'httpd'
89
27
 
90
- describe 'check_running_under_supervisor' do
91
- subject { commands.check_running_under_supervisor('httpd') }
92
- it { should eq 'supervisorctl status httpd' }
93
- end
28
+ it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
29
+ it_behaves_like 'support command check_file_contain_within'
94
30
 
95
- describe 'check_process' do
96
- subject { commands.check_process('httpd') }
97
- it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
98
- end
31
+ it_behaves_like 'support command check_mode', '/etc/sudoers', 440
32
+ it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
33
+ it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
99
34
 
100
- describe 'check_file_contain' do
101
- subject { commands.check_file_contain('/etc/passwd', 'root') }
102
- it { should eq "grep -q -- root /etc/passwd" }
103
- end
35
+ it_behaves_like 'support command check_cron_entry'
104
36
 
105
- describe 'check_file_contain_within' do
106
- context 'contain a pattern in the file' do
107
- subject { commands.check_file_contain_within('Gemfile', 'rspec') }
108
- it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
109
- end
37
+ it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
110
38
 
111
- context 'contain a pattern after a line in a file' do
112
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
113
- it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
114
- end
39
+ it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
115
40
 
116
- context 'contain a pattern before a line in a file' do
117
- subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
118
- it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
119
- end
41
+ it_behaves_like 'support command check_uid', 'root', 0
42
+ it_behaves_like 'support command check_gid', 'root', 0
120
43
 
121
- context 'contain a pattern from within a line and another line in a file' do
122
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
123
- it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
124
- end
125
- end
44
+ it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
45
+ it_behaves_like 'support command check_home_directory', 'root', '/root'
126
46
 
127
- describe 'check_file_md5checksum' do
128
- subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
129
- it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
130
- end
47
+ it_behaves_like 'support command check_authorized_key'
131
48
 
132
- describe 'check_mode' do
133
- subject { commands.check_mode('/etc/sudoers', 440) }
134
- it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
135
- end
49
+ it_behaves_like 'support command check_iptables'
50
+ it_behaves_like 'support command check_selinux'
136
51
 
137
- describe 'check_owner' do
138
- subject { commands.check_owner('/etc/passwd', 'root') }
139
- it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
140
- end
52
+ it_behaves_like 'support command get_mode'
141
53
 
142
- describe 'check_grouped' do
143
- subject { commands.check_grouped('/etc/passwd', 'wheel') }
144
- it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
54
+ it_behaves_like 'support command check_access_by_user'
145
55
  end
146
56
 
147
- describe 'check_cron_entry' do
148
- context 'specify root user' do
149
- subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
150
- it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
151
- end
152
-
153
- context 'no specified user' do
154
- subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
155
- it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
156
- end
157
- end
158
-
159
- describe 'check_link' do
160
- subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
161
- it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
162
- end
163
-
164
- describe 'check_belonging_group' do
165
- subject { commands.check_belonging_group('root', 'wheel') }
166
- it { should eq "id root | awk '{print $3}' | grep -- wheel" }
167
- end
168
-
169
- describe 'have_gid' do
170
- subject { commands.check_gid('root', 0) }
171
- it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
172
- end
173
-
174
- describe 'have_uid' do
175
- subject { commands.check_uid('root', 0) }
176
- it { should eq "id root | grep -- \\^uid\\=0\\(" }
177
- end
178
-
179
- describe 'have_login_shell' do
180
- subject { commands.check_login_shell('root', '/bin/bash') }
181
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
182
- end
183
-
184
- describe 'have_home_directory' do
185
- subject { commands.check_home_directory('root', '/root') }
186
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
187
- end
188
-
189
- describe 'have_authorized_key' do
190
- key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
191
- escaped_key = key.gsub(/ /, '\ ')
192
-
193
- context 'with commented publickey' do
194
- commented_key = key + " foo@bar.local"
195
- subject { commands.check_authorized_key('root', commented_key) }
196
- describe 'when command insert publickey is removed comment' do
197
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
198
- end
199
- end
200
-
201
- context 'with uncomented publickey' do
202
- subject { commands.check_authorized_key('root', key) }
203
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
204
- end
205
- end
206
-
207
- describe 'check_ipatbles' do
208
- context 'check a rule without a table and a chain' do
209
- subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
210
- it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
211
- end
212
-
213
- context 'chack a rule with a table and a chain' do
214
- subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
215
- it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
216
- end
217
- end
218
-
219
- describe 'check_selinux' do
220
- context 'enforcing' do
221
- subject { commands.check_selinux('enforcing') }
222
- it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
223
- end
224
-
225
- context 'permissive' do
226
- subject { commands.check_selinux('permissive') }
227
- it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
228
- end
229
-
230
- context 'disabled' do
231
- subject { commands.check_selinux('disabled') }
232
- it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
233
- end
57
+ describe 'check_enabled' do
58
+ subject { commands.check_enabled('httpd') }
59
+ it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
234
60
  end
235
61
 
236
- describe 'get_mode' do
237
- subject { commands.get_mode('/dev') }
238
- it { should eq 'stat -c %a /dev' }
62
+ describe 'check_installed' do
63
+ subject { commands.check_installed('httpd') }
64
+ it { should eq '/usr/bin/eix httpd --installed' }
239
65
  end
240
66
 
241
- describe 'check_access_by_user' do
242
- context 'read access' do
243
- subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
244
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
245
- end
246
-
247
- context 'write access' do
248
- subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
249
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -w /tmp/somethingw" dummyuser2' }
250
- end
251
-
252
- context 'execute access' do
253
- subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
254
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -x /tmp/somethingx" dummyuser3' }
255
- end
67
+ describe 'check_running' do
68
+ subject { commands.check_running('httpd') }
69
+ it { should eq '/etc/init.d/httpd status' }
256
70
  end
257
71
 
@@ -3,239 +3,68 @@ require 'spec_helper'
3
3
  include Serverspec::Helper::RedHat
4
4
 
5
5
  describe 'Serverspec commands of Red Hat' do
6
+ it_behaves_like 'support command check_file', '/etc/passwd'
7
+ it_behaves_like 'support command check_directory', '/var/log'
8
+
6
9
  it_behaves_like 'support command check_installed_by_gem', 'jekyll'
7
10
  it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
8
- end
9
-
10
- describe 'check_enabled' do
11
- subject { commands.check_enabled('httpd') }
12
- it { should eq '/sbin/chkconfig --list httpd | grep 3:on' }
13
- end
14
-
15
- describe 'check_file' do
16
- subject { commands.check_file('/etc/passwd') }
17
- it { should eq 'test -f /etc/passwd' }
18
- end
19
-
20
- describe 'check_mounted' do
21
- subject { commands.check_mounted('/') }
22
- it { should eq "mount | grep -w -- on\\ /" }
23
- end
24
11
 
25
- describe 'check_routing_table' do
26
- subject { commands.check_routing_table('192.168.100.0/24') }
27
- it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
28
- end
29
-
30
- describe 'check_reachable' do
31
- context "connect with name from /etc/services to localhost" do
32
- subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
33
- it { should eq "nc -vvvvzt localhost ssh -w 1" }
34
- end
35
- context "connect with ip and port 11111 and timeout of 5" do
36
- subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
37
- it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
38
- end
39
- context "do a ping" do
40
- subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
41
- it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
42
- end
43
- end
44
-
45
- describe 'check_resolvable' do
46
- context "resolve localhost by hosts" do
47
- subject { commands.check_resolvable('localhost', 'hosts') }
48
- it { should eq "grep -w -- localhost /etc/hosts" }
49
- end
50
- context "resolve localhost by dns" do
51
- subject { commands.check_resolvable('localhost', 'dns') }
52
- it { should eq "nslookup -timeout=1 localhost" }
53
- end
54
- context "resolve localhost with default settings" do
55
- subject { commands.check_resolvable('localhost',nil) }
56
- it { should eq 'getent hosts localhost' }
57
- end
58
- end
12
+ it_behaves_like 'support command check_mounted', '/'
59
13
 
60
- describe 'check_directory' do
61
- subject { commands.check_directory('/var/log') }
62
- it { should eq 'test -d /var/log' }
63
- end
14
+ it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
15
+ it_behaves_like 'support command check_reachable'
16
+ it_behaves_like 'support command check_resolvable'
64
17
 
65
- describe 'check_user' do
66
- subject { commands.check_user('root') }
67
- it { should eq 'id root' }
68
- end
18
+ it_behaves_like 'support command check_user', 'root'
19
+ it_behaves_like 'support command check_user', 'wheel'
69
20
 
70
- describe 'check_group' do
71
- subject { commands.check_group('wheel') }
72
- it { should eq 'getent group | grep -wq -- wheel' }
73
- end
21
+ it_behaves_like 'support command check_listening', 80
74
22
 
75
- describe 'check_installed' do
76
- subject { commands.check_installed('httpd') }
77
- it { should eq 'rpm -q httpd' }
78
- end
23
+ it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
79
24
 
80
- describe 'check_listening' do
81
- subject { commands.check_listening(80) }
82
- it { should eq "netstat -tunl | grep -- :80\\ " }
83
- end
25
+ it_behaves_like 'support command check_running_under_supervisor', 'httpd'
26
+ it_behaves_like 'support command check_process', 'httpd'
84
27
 
85
- describe 'check_running' do
86
- subject { commands.check_running('httpd') }
87
- it { should eq '/sbin/service httpd status' }
88
- end
28
+ it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
29
+ it_behaves_like 'support command check_file_contain_within'
89
30
 
90
- describe 'check_running_under_supervisor' do
91
- subject { commands.check_running_under_supervisor('httpd') }
92
- it { should eq 'supervisorctl status httpd' }
93
- end
31
+ it_behaves_like 'support command check_mode', '/etc/sudoers', 440
32
+ it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
33
+ it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
94
34
 
95
- describe 'check_process' do
96
- subject { commands.check_process('httpd') }
97
- it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
98
- end
35
+ it_behaves_like 'support command check_cron_entry'
99
36
 
100
- describe 'check_file_contain' do
101
- subject { commands.check_file_contain('/etc/passwd', 'root') }
102
- it { should eq "grep -q -- root /etc/passwd" }
103
- end
37
+ it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
104
38
 
105
- describe 'check_file_contain_within' do
106
- context 'contain a pattern in the file' do
107
- subject { commands.check_file_contain_within('Gemfile', 'rspec') }
108
- it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
109
- end
39
+ it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
110
40
 
111
- context 'contain a pattern after a line in a file' do
112
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
113
- it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
114
- end
41
+ it_behaves_like 'support command check_uid', 'root', 0
42
+ it_behaves_like 'support command check_gid', 'root', 0
115
43
 
116
- context 'contain a pattern before a line in a file' do
117
- subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
118
- it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
119
- end
44
+ it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
45
+ it_behaves_like 'support command check_home_directory', 'root', '/root'
120
46
 
121
- context 'contain a pattern from within a line and another line in a file' do
122
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
123
- it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
124
- end
125
- end
47
+ it_behaves_like 'support command check_authorized_key'
126
48
 
127
- describe 'check_file_md5checksum' do
128
- subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
129
- it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
130
- end
49
+ it_behaves_like 'support command check_iptables'
50
+ it_behaves_like 'support command check_selinux'
131
51
 
132
- describe 'check_mode' do
133
- subject { commands.check_mode('/etc/sudoers', 440) }
134
- it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
52
+ it_behaves_like 'support command get_mode'
135
53
  end
136
54
 
137
- describe 'check_owner' do
138
- subject { commands.check_owner('/etc/passwd', 'root') }
139
- it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
140
- end
141
-
142
- describe 'check_grouped' do
143
- subject { commands.check_grouped('/etc/passwd', 'wheel') }
144
- it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
145
- end
146
-
147
- describe 'check_cron_entry' do
148
- context 'specify root user' do
149
- subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
150
- it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
151
- end
152
-
153
- context 'no specified user' do
154
- subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
155
- it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
156
- end
157
- end
158
-
159
- describe 'check_link' do
160
- subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
161
- it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
162
- end
163
-
164
- describe 'check_belonging_group' do
165
- subject { commands.check_belonging_group('root', 'wheel') }
166
- it { should eq "id root | awk '{print $3}' | grep -- wheel" }
167
- end
168
-
169
- describe 'have_gid' do
170
- subject { commands.check_gid('root', 0) }
171
- it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
172
- end
173
-
174
- describe 'have_uid' do
175
- subject { commands.check_uid('root', 0) }
176
- it { should eq "id root | grep -- \\^uid\\=0\\(" }
177
- end
178
-
179
- describe 'have_login_shell' do
180
- subject { commands.check_login_shell('root', '/bin/bash') }
181
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
182
- end
183
-
184
- describe 'have_home_directory' do
185
- subject { commands.check_home_directory('root', '/root') }
186
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
187
- end
188
-
189
- describe 'have_authorized_key' do
190
- key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
191
- escaped_key = key.gsub(/ /, '\ ')
192
-
193
- context 'with commented publickey' do
194
- commented_key = key + " foo@bar.local"
195
- subject { commands.check_authorized_key('root', commented_key) }
196
- describe 'when command insert publickey is removed comment' do
197
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
198
- end
199
- end
200
-
201
- context 'with uncomented publickey' do
202
- subject { commands.check_authorized_key('root', key) }
203
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
204
- end
205
- end
206
-
207
- describe 'check_ipatbles' do
208
- context 'check a rule without a table and a chain' do
209
- subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
210
- it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
211
- end
212
-
213
- context 'chack a rule with a table and a chain' do
214
- subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
215
- it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
216
- end
55
+ describe 'check_enabled' do
56
+ subject { commands.check_enabled('httpd') }
57
+ it { should eq '/sbin/chkconfig --list httpd | grep 3:on' }
217
58
  end
218
59
 
219
- describe 'check_selinux' do
220
- context 'enforcing' do
221
- subject { commands.check_selinux('enforcing') }
222
- it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
223
- end
224
-
225
- context 'permissive' do
226
- subject { commands.check_selinux('permissive') }
227
- it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
228
- end
229
-
230
- context 'disabled' do
231
- subject { commands.check_selinux('disabled') }
232
- it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
233
- end
60
+ describe 'check_installed' do
61
+ subject { commands.check_installed('httpd') }
62
+ it { should eq 'rpm -q httpd' }
234
63
  end
235
64
 
236
- describe 'get_mode' do
237
- subject { commands.get_mode('/dev') }
238
- it { should eq 'stat -c %a /dev' }
65
+ describe 'check_running' do
66
+ subject { commands.check_running('httpd') }
67
+ it { should eq '/sbin/service httpd status' }
239
68
  end
240
69
 
241
70
  describe 'check_access_by_user' do