serverspec 2.20.0 → 2.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 66f6953dc912f1f3dde3a1fec42856e8a265ee3b
-  data.tar.gz: e2ecb5d6667ab22ad18cf6cf6eb162398f37fd36
+  metadata.gz: 80a66cac3a0e0f04fbff5ee08259816cd8229507
+  data.tar.gz: 2c41a714e0d59bf76b57b5e1994776e9e27b94ad
 SHA512:
-  metadata.gz: 5324ea6b44db6e935ac44e07974c09a3a962952ab4808c5780f5aab61dc8c2778240226bd6caac1d05f8eb8b2760388e166adc063f4e4ce13b1501072fb49065
-  data.tar.gz: b7a2a14d1a098ef4e5d5bd78bd496950e4d789ccab92ea59fccc684fb66e510bae7fe9c57b585c3bc52e14a7936c39d28692e900a18fb67cbf8fdeb660e548e1
+  metadata.gz: e401a74410d52b817b79ad27909187e7c70dc8d2c7048026ee15f5bb09ecdc4f45dcb299f60322cfaf1e3a31785040ee561a37896a2ccd97d1cb424dade562ff
+  data.tar.gz: 5d41fa72698add20304f08f2dad003f7e703196846a8edc66e27634ed75069070e1080ab3a07fa60931a0a2a8e3d32aeac2a3e79830ce5d9008967706b4a8b9c

data/appveyor.yml

@@ -33,7 +33,6 @@ cache:
 install:
   - git submodule update --init --recursive
   - ps: Enable-PSRemoting -Force
-  - ps: Set-ExecutionPolicy RemoteSigned
   - winrm quickconfig -q
   - winrm set winrm/config/client @{TrustedHosts="*"}
   - winrm set winrm/config/client/auth @{Basic="true"}

data/lib/serverspec/helper/type.rb

@@ -10,6 +10,7 @@ module Serverspec
         windows_feature windows_hot_fix windows_registry_key
         windows_scheduled_task zfs docker_base docker_image
         docker_container x509_certificate x509_private_key
+        linux_audit_system
       )
 
       types.each {|type| require "serverspec/type/#{type}" }

data/lib/serverspec/type/linux_audit_system.rb

@@ -0,0 +1,45 @@
+module Serverspec::Type
+  class LinuxAuditSystem < Base
+    def initialize(name=nil)
+      @name = 'linux_audit_system'
+      @runner = Specinfra::Runner
+      @rules_content = nil
+    end
+
+    def enabled?
+      status_of('enabled') == '1'
+    end
+
+    def running?
+      pid = status_of('pid')
+      (!pid.nil? && pid.size > 0 && pid != '0')
+    end
+
+    def rules
+      if @rules_content.nil?
+        @rules_content = @runner.run_command('/sbin/auditctl -l').stdout || ''
+      end
+      @rules_content
+    end
+
+    private
+
+    def status_of(part)
+      cmd = "/sbin/auditctl -s"
+      status_str = @runner.run_command(cmd).stdout.chomp
+      status_map = parse_status(status_str)
+      status_map[part] || ''
+    end
+
+    def parse_status(status_str)
+      map = nil
+      if status_str =~ /^AUDIT_STATUS/ then
+        map = status_str.split(' ')[1..-1].inject({}) { |res,elem| a = elem.split('='); res.store(a[0],a[1] || ''); res }
+      else
+        map = status_str.split("\n").inject({}) { |res,elem| a = elem.split(' '); res.store(a[0],a[1] || ''); res } 
+      end
+      map
+    end
+
+  end
+end

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "2.20.0"
+  VERSION = "2.21.0"
 end

data/spec/type/linux/linux_audit_system_spec.rb

@@ -0,0 +1,139 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_1 }
+  it { should be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_2 }
+  it { should_not be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_1 }
+  it { should be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_3 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_4 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_1 }
+  it { should be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_2 }
+  it { should_not be_enabled }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_1 }
+  it { should be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_3 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_4 }
+  it { should_not be_running }
+end
+
+describe linux_audit_system do
+  let(:stdout) { '-a -w /etc/sysconfig -p wa -k test' }
+  its(:rules) { should match %r!-w /etc/sysconfig.*-k test! }
+end
+
+describe linux_audit_system do
+  let(:stdout) { 'test' }
+  its(:rules) { should eq 'test' }
+  its(:rules) { should match /es/ }
+  its(:rules) { should_not match /ab/ }
+end
+
+# variants of auditctl -s output for different versions
+
+def out_auditctl1_1
+  "AUDIT_STATUS: enabled=1 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl1_2
+  "AUDIT_STATUS: enabled=0 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl1_3
+  "AUDIT_STATUS: enabled=1 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl1_4
+  "AUDIT_STATUS: enabled=1 flag=1 pid= rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+
+def out_auditctl2_1
+  <<EOS
+enabled 1
+failure 1
+pid 5939
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+
+def out_auditctl2_2
+  <<EOS
+enabled 0
+failure 1
+pid 5939
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+
+def out_auditctl2_3
+  <<EOS
+enabled 0
+failure 1
+pid 0
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+
+def out_auditctl2_4
+  <<EOS
+enabled 0
+failure 1
+pid
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: serverspec
 version: !ruby/object:Gem::Version
-  version: 2.20.0
+  version: 2.21.0
 platform: ruby
 authors:
 - Gosuke Miyashita
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-21 00:00:00.000000000 Z
+date: 2015-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -162,6 +162,7 @@ files:
 - lib/serverspec/type/ipnat.rb
 - lib/serverspec/type/iptables.rb
 - lib/serverspec/type/kernel_module.rb
+- lib/serverspec/type/linux_audit_system.rb
 - lib/serverspec/type/linux_kernel_parameter.rb
 - lib/serverspec/type/lxc.rb
 - lib/serverspec/type/mail_alias.rb
@@ -239,6 +240,7 @@ files:
 - spec/type/linux/ip6tables_spec.rb
 - spec/type/linux/iptables_spec.rb
 - spec/type/linux/kernel_module_spec.rb
+- spec/type/linux/linux_audit_system_spec.rb
 - spec/type/linux/linux_kernel_parameter_spec.rb
 - spec/type/linux/lxc_container_spec.rb
 - spec/type/linux/selinux_module_spec.rb
@@ -380,6 +382,7 @@ test_files:
 - spec/type/linux/ip6tables_spec.rb
 - spec/type/linux/iptables_spec.rb
 - spec/type/linux/kernel_module_spec.rb
+- spec/type/linux/linux_audit_system_spec.rb
 - spec/type/linux/linux_kernel_parameter_spec.rb
 - spec/type/linux/lxc_container_spec.rb
 - spec/type/linux/selinux_module_spec.rb