serverspec 0.4.9 → 0.4.10

Sign up to get free protection for your applications and to get access to all the features.
@@ -3,255 +3,69 @@ require 'spec_helper'
3
3
  include Serverspec::Helper::Gentoo
4
4
 
5
5
  describe 'Serverspec commands of Gentoo family' do
6
+ it_behaves_like 'support command check_file', '/etc/passwd'
7
+ it_behaves_like 'support command check_directory', '/var/log'
8
+
6
9
  it_behaves_like 'support command check_installed_by_gem', 'jekyll'
7
10
  it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
8
- end
9
-
10
- describe 'check_enabled' do
11
- subject { commands.check_enabled('httpd') }
12
- it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
13
- end
14
-
15
- describe 'check_file' do
16
- subject { commands.check_file('/etc/passwd') }
17
- it { should eq 'test -f /etc/passwd' }
18
- end
19
11
 
20
- describe 'check_mounted' do
21
- subject { commands.check_mounted('/') }
22
- it { should eq "mount | grep -w -- on\\ /" }
23
- end
24
-
25
- describe 'check_routing_table' do
26
- subject { commands.check_routing_table('192.168.100.0/24') }
27
- it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
28
- end
29
-
30
- describe 'check_reachable' do
31
- context "connect with name from /etc/services to localhost" do
32
- subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
33
- it { should eq "nc -vvvvzt localhost ssh -w 1" }
34
- end
35
- context "connect with ip and port 11111 and timeout of 5" do
36
- subject { commands.check_reachable('127.0.0.1', '11111', 'udp' ,5) }
37
- it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
38
- end
39
- context "do a ping" do
40
- subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
41
- it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
42
- end
43
- end
44
-
45
- describe 'check_resolvable' do
46
- context "resolve localhost by hosts" do
47
- subject { commands.check_resolvable('localhost', 'hosts') }
48
- it { should eq "grep -w -- localhost /etc/hosts" }
49
- end
50
- context "resolve localhost by dns" do
51
- subject { commands.check_resolvable('localhost', 'dns') }
52
- it { should eq "nslookup -timeout=1 localhost" }
53
- end
54
- context "resolve localhost with default settings" do
55
- subject { commands.check_resolvable('localhost',nil) }
56
- it { should eq 'getent hosts localhost' }
57
- end
58
- end
59
-
60
- describe 'check_directory' do
61
- subject { commands.check_directory('/var/log') }
62
- it { should eq 'test -d /var/log' }
63
- end
12
+ it_behaves_like 'support command check_mounted', '/'
64
13
 
65
- describe 'check_user' do
66
- subject { commands.check_user('root') }
67
- it { should eq 'id root' }
68
- end
14
+ it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
15
+ it_behaves_like 'support command check_reachable'
16
+ it_behaves_like 'support command check_resolvable'
69
17
 
70
- describe 'check_group' do
71
- subject { commands.check_group('wheel') }
72
- it { should eq 'getent group | grep -wq -- wheel' }
73
- end
18
+ it_behaves_like 'support command check_user', 'root'
19
+ it_behaves_like 'support command check_user', 'wheel'
74
20
 
75
- describe 'check_installed' do
76
- subject { commands.check_installed('httpd') }
77
- it { should eq '/usr/bin/eix httpd --installed' }
78
- end
21
+ it_behaves_like 'support command check_listening', 80
79
22
 
80
- describe 'check_listening' do
81
- subject { commands.check_listening(80) }
82
- it { should eq "netstat -tunl | grep -- :80\\ " }
83
- end
23
+ it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
84
24
 
85
- describe 'check_running' do
86
- subject { commands.check_running('httpd') }
87
- it { should eq '/etc/init.d/httpd status' }
88
- end
25
+ it_behaves_like 'support command check_running_under_supervisor', 'httpd'
26
+ it_behaves_like 'support command check_process', 'httpd'
89
27
 
90
- describe 'check_running_under_supervisor' do
91
- subject { commands.check_running_under_supervisor('httpd') }
92
- it { should eq 'supervisorctl status httpd' }
93
- end
28
+ it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
29
+ it_behaves_like 'support command check_file_contain_within'
94
30
 
95
- describe 'check_process' do
96
- subject { commands.check_process('httpd') }
97
- it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
98
- end
31
+ it_behaves_like 'support command check_mode', '/etc/sudoers', 440
32
+ it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
33
+ it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
99
34
 
100
- describe 'check_file_contain' do
101
- subject { commands.check_file_contain('/etc/passwd', 'root') }
102
- it { should eq "grep -q -- root /etc/passwd" }
103
- end
35
+ it_behaves_like 'support command check_cron_entry'
104
36
 
105
- describe 'check_file_contain_within' do
106
- context 'contain a pattern in the file' do
107
- subject { commands.check_file_contain_within('Gemfile', 'rspec') }
108
- it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
109
- end
37
+ it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
110
38
 
111
- context 'contain a pattern after a line in a file' do
112
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
113
- it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
114
- end
39
+ it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
115
40
 
116
- context 'contain a pattern before a line in a file' do
117
- subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
118
- it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
119
- end
41
+ it_behaves_like 'support command check_uid', 'root', 0
42
+ it_behaves_like 'support command check_gid', 'root', 0
120
43
 
121
- context 'contain a pattern from within a line and another line in a file' do
122
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
123
- it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
124
- end
125
- end
44
+ it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
45
+ it_behaves_like 'support command check_home_directory', 'root', '/root'
126
46
 
127
- describe 'check_file_md5checksum' do
128
- subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
129
- it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
130
- end
47
+ it_behaves_like 'support command check_authorized_key'
131
48
 
132
- describe 'check_mode' do
133
- subject { commands.check_mode('/etc/sudoers', 440) }
134
- it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
135
- end
49
+ it_behaves_like 'support command check_iptables'
50
+ it_behaves_like 'support command check_selinux'
136
51
 
137
- describe 'check_owner' do
138
- subject { commands.check_owner('/etc/passwd', 'root') }
139
- it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
140
- end
52
+ it_behaves_like 'support command get_mode'
141
53
 
142
- describe 'check_grouped' do
143
- subject { commands.check_grouped('/etc/passwd', 'wheel') }
144
- it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
54
+ it_behaves_like 'support command check_access_by_user'
145
55
  end
146
56
 
147
- describe 'check_cron_entry' do
148
- context 'specify root user' do
149
- subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
150
- it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
151
- end
152
-
153
- context 'no specified user' do
154
- subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
155
- it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
156
- end
157
- end
158
-
159
- describe 'check_link' do
160
- subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
161
- it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
162
- end
163
-
164
- describe 'check_belonging_group' do
165
- subject { commands.check_belonging_group('root', 'wheel') }
166
- it { should eq "id root | awk '{print $3}' | grep -- wheel" }
167
- end
168
-
169
- describe 'have_gid' do
170
- subject { commands.check_gid('root', 0) }
171
- it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
172
- end
173
-
174
- describe 'have_uid' do
175
- subject { commands.check_uid('root', 0) }
176
- it { should eq "id root | grep -- \\^uid\\=0\\(" }
177
- end
178
-
179
- describe 'have_login_shell' do
180
- subject { commands.check_login_shell('root', '/bin/bash') }
181
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
182
- end
183
-
184
- describe 'have_home_directory' do
185
- subject { commands.check_home_directory('root', '/root') }
186
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
187
- end
188
-
189
- describe 'have_authorized_key' do
190
- key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
191
- escaped_key = key.gsub(/ /, '\ ')
192
-
193
- context 'with commented publickey' do
194
- commented_key = key + " foo@bar.local"
195
- subject { commands.check_authorized_key('root', commented_key) }
196
- describe 'when command insert publickey is removed comment' do
197
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
198
- end
199
- end
200
-
201
- context 'with uncomented publickey' do
202
- subject { commands.check_authorized_key('root', key) }
203
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
204
- end
205
- end
206
-
207
- describe 'check_ipatbles' do
208
- context 'check a rule without a table and a chain' do
209
- subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
210
- it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
211
- end
212
-
213
- context 'chack a rule with a table and a chain' do
214
- subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
215
- it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
216
- end
217
- end
218
-
219
- describe 'check_selinux' do
220
- context 'enforcing' do
221
- subject { commands.check_selinux('enforcing') }
222
- it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
223
- end
224
-
225
- context 'permissive' do
226
- subject { commands.check_selinux('permissive') }
227
- it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
228
- end
229
-
230
- context 'disabled' do
231
- subject { commands.check_selinux('disabled') }
232
- it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
233
- end
57
+ describe 'check_enabled' do
58
+ subject { commands.check_enabled('httpd') }
59
+ it { should eq "/sbin/rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
234
60
  end
235
61
 
236
- describe 'get_mode' do
237
- subject { commands.get_mode('/dev') }
238
- it { should eq 'stat -c %a /dev' }
62
+ describe 'check_installed' do
63
+ subject { commands.check_installed('httpd') }
64
+ it { should eq '/usr/bin/eix httpd --installed' }
239
65
  end
240
66
 
241
- describe 'check_access_by_user' do
242
- context 'read access' do
243
- subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
244
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
245
- end
246
-
247
- context 'write access' do
248
- subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
249
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -w /tmp/somethingw" dummyuser2' }
250
- end
251
-
252
- context 'execute access' do
253
- subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
254
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -x /tmp/somethingx" dummyuser3' }
255
- end
67
+ describe 'check_running' do
68
+ subject { commands.check_running('httpd') }
69
+ it { should eq '/etc/init.d/httpd status' }
256
70
  end
257
71
 
@@ -3,239 +3,68 @@ require 'spec_helper'
3
3
  include Serverspec::Helper::RedHat
4
4
 
5
5
  describe 'Serverspec commands of Red Hat' do
6
+ it_behaves_like 'support command check_file', '/etc/passwd'
7
+ it_behaves_like 'support command check_directory', '/var/log'
8
+
6
9
  it_behaves_like 'support command check_installed_by_gem', 'jekyll'
7
10
  it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
8
- end
9
-
10
- describe 'check_enabled' do
11
- subject { commands.check_enabled('httpd') }
12
- it { should eq '/sbin/chkconfig --list httpd | grep 3:on' }
13
- end
14
-
15
- describe 'check_file' do
16
- subject { commands.check_file('/etc/passwd') }
17
- it { should eq 'test -f /etc/passwd' }
18
- end
19
-
20
- describe 'check_mounted' do
21
- subject { commands.check_mounted('/') }
22
- it { should eq "mount | grep -w -- on\\ /" }
23
- end
24
11
 
25
- describe 'check_routing_table' do
26
- subject { commands.check_routing_table('192.168.100.0/24') }
27
- it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
28
- end
29
-
30
- describe 'check_reachable' do
31
- context "connect with name from /etc/services to localhost" do
32
- subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
33
- it { should eq "nc -vvvvzt localhost ssh -w 1" }
34
- end
35
- context "connect with ip and port 11111 and timeout of 5" do
36
- subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
37
- it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
38
- end
39
- context "do a ping" do
40
- subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
41
- it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
42
- end
43
- end
44
-
45
- describe 'check_resolvable' do
46
- context "resolve localhost by hosts" do
47
- subject { commands.check_resolvable('localhost', 'hosts') }
48
- it { should eq "grep -w -- localhost /etc/hosts" }
49
- end
50
- context "resolve localhost by dns" do
51
- subject { commands.check_resolvable('localhost', 'dns') }
52
- it { should eq "nslookup -timeout=1 localhost" }
53
- end
54
- context "resolve localhost with default settings" do
55
- subject { commands.check_resolvable('localhost',nil) }
56
- it { should eq 'getent hosts localhost' }
57
- end
58
- end
12
+ it_behaves_like 'support command check_mounted', '/'
59
13
 
60
- describe 'check_directory' do
61
- subject { commands.check_directory('/var/log') }
62
- it { should eq 'test -d /var/log' }
63
- end
14
+ it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
15
+ it_behaves_like 'support command check_reachable'
16
+ it_behaves_like 'support command check_resolvable'
64
17
 
65
- describe 'check_user' do
66
- subject { commands.check_user('root') }
67
- it { should eq 'id root' }
68
- end
18
+ it_behaves_like 'support command check_user', 'root'
19
+ it_behaves_like 'support command check_user', 'wheel'
69
20
 
70
- describe 'check_group' do
71
- subject { commands.check_group('wheel') }
72
- it { should eq 'getent group | grep -wq -- wheel' }
73
- end
21
+ it_behaves_like 'support command check_listening', 80
74
22
 
75
- describe 'check_installed' do
76
- subject { commands.check_installed('httpd') }
77
- it { should eq 'rpm -q httpd' }
78
- end
23
+ it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
79
24
 
80
- describe 'check_listening' do
81
- subject { commands.check_listening(80) }
82
- it { should eq "netstat -tunl | grep -- :80\\ " }
83
- end
25
+ it_behaves_like 'support command check_running_under_supervisor', 'httpd'
26
+ it_behaves_like 'support command check_process', 'httpd'
84
27
 
85
- describe 'check_running' do
86
- subject { commands.check_running('httpd') }
87
- it { should eq '/sbin/service httpd status' }
88
- end
28
+ it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
29
+ it_behaves_like 'support command check_file_contain_within'
89
30
 
90
- describe 'check_running_under_supervisor' do
91
- subject { commands.check_running_under_supervisor('httpd') }
92
- it { should eq 'supervisorctl status httpd' }
93
- end
31
+ it_behaves_like 'support command check_mode', '/etc/sudoers', 440
32
+ it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
33
+ it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
94
34
 
95
- describe 'check_process' do
96
- subject { commands.check_process('httpd') }
97
- it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
98
- end
35
+ it_behaves_like 'support command check_cron_entry'
99
36
 
100
- describe 'check_file_contain' do
101
- subject { commands.check_file_contain('/etc/passwd', 'root') }
102
- it { should eq "grep -q -- root /etc/passwd" }
103
- end
37
+ it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
104
38
 
105
- describe 'check_file_contain_within' do
106
- context 'contain a pattern in the file' do
107
- subject { commands.check_file_contain_within('Gemfile', 'rspec') }
108
- it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
109
- end
39
+ it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
110
40
 
111
- context 'contain a pattern after a line in a file' do
112
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
113
- it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
114
- end
41
+ it_behaves_like 'support command check_uid', 'root', 0
42
+ it_behaves_like 'support command check_gid', 'root', 0
115
43
 
116
- context 'contain a pattern before a line in a file' do
117
- subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
118
- it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
119
- end
44
+ it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
45
+ it_behaves_like 'support command check_home_directory', 'root', '/root'
120
46
 
121
- context 'contain a pattern from within a line and another line in a file' do
122
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
123
- it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
124
- end
125
- end
47
+ it_behaves_like 'support command check_authorized_key'
126
48
 
127
- describe 'check_file_md5checksum' do
128
- subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
129
- it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
130
- end
49
+ it_behaves_like 'support command check_iptables'
50
+ it_behaves_like 'support command check_selinux'
131
51
 
132
- describe 'check_mode' do
133
- subject { commands.check_mode('/etc/sudoers', 440) }
134
- it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
52
+ it_behaves_like 'support command get_mode'
135
53
  end
136
54
 
137
- describe 'check_owner' do
138
- subject { commands.check_owner('/etc/passwd', 'root') }
139
- it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
140
- end
141
-
142
- describe 'check_grouped' do
143
- subject { commands.check_grouped('/etc/passwd', 'wheel') }
144
- it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
145
- end
146
-
147
- describe 'check_cron_entry' do
148
- context 'specify root user' do
149
- subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
150
- it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
151
- end
152
-
153
- context 'no specified user' do
154
- subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
155
- it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
156
- end
157
- end
158
-
159
- describe 'check_link' do
160
- subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
161
- it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
162
- end
163
-
164
- describe 'check_belonging_group' do
165
- subject { commands.check_belonging_group('root', 'wheel') }
166
- it { should eq "id root | awk '{print $3}' | grep -- wheel" }
167
- end
168
-
169
- describe 'have_gid' do
170
- subject { commands.check_gid('root', 0) }
171
- it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
172
- end
173
-
174
- describe 'have_uid' do
175
- subject { commands.check_uid('root', 0) }
176
- it { should eq "id root | grep -- \\^uid\\=0\\(" }
177
- end
178
-
179
- describe 'have_login_shell' do
180
- subject { commands.check_login_shell('root', '/bin/bash') }
181
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
182
- end
183
-
184
- describe 'have_home_directory' do
185
- subject { commands.check_home_directory('root', '/root') }
186
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
187
- end
188
-
189
- describe 'have_authorized_key' do
190
- key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
191
- escaped_key = key.gsub(/ /, '\ ')
192
-
193
- context 'with commented publickey' do
194
- commented_key = key + " foo@bar.local"
195
- subject { commands.check_authorized_key('root', commented_key) }
196
- describe 'when command insert publickey is removed comment' do
197
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
198
- end
199
- end
200
-
201
- context 'with uncomented publickey' do
202
- subject { commands.check_authorized_key('root', key) }
203
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
204
- end
205
- end
206
-
207
- describe 'check_ipatbles' do
208
- context 'check a rule without a table and a chain' do
209
- subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
210
- it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
211
- end
212
-
213
- context 'chack a rule with a table and a chain' do
214
- subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
215
- it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
216
- end
55
+ describe 'check_enabled' do
56
+ subject { commands.check_enabled('httpd') }
57
+ it { should eq '/sbin/chkconfig --list httpd | grep 3:on' }
217
58
  end
218
59
 
219
- describe 'check_selinux' do
220
- context 'enforcing' do
221
- subject { commands.check_selinux('enforcing') }
222
- it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
223
- end
224
-
225
- context 'permissive' do
226
- subject { commands.check_selinux('permissive') }
227
- it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
228
- end
229
-
230
- context 'disabled' do
231
- subject { commands.check_selinux('disabled') }
232
- it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
233
- end
60
+ describe 'check_installed' do
61
+ subject { commands.check_installed('httpd') }
62
+ it { should eq 'rpm -q httpd' }
234
63
  end
235
64
 
236
- describe 'get_mode' do
237
- subject { commands.get_mode('/dev') }
238
- it { should eq 'stat -c %a /dev' }
65
+ describe 'check_running' do
66
+ subject { commands.check_running('httpd') }
67
+ it { should eq '/sbin/service httpd status' }
239
68
  end
240
69
 
241
70
  describe 'check_access_by_user' do