serverspec 2.20.0 → 2.21.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 66f6953dc912f1f3dde3a1fec42856e8a265ee3b
4
- data.tar.gz: e2ecb5d6667ab22ad18cf6cf6eb162398f37fd36
3
+ metadata.gz: 80a66cac3a0e0f04fbff5ee08259816cd8229507
4
+ data.tar.gz: 2c41a714e0d59bf76b57b5e1994776e9e27b94ad
5
5
  SHA512:
6
- metadata.gz: 5324ea6b44db6e935ac44e07974c09a3a962952ab4808c5780f5aab61dc8c2778240226bd6caac1d05f8eb8b2760388e166adc063f4e4ce13b1501072fb49065
7
- data.tar.gz: b7a2a14d1a098ef4e5d5bd78bd496950e4d789ccab92ea59fccc684fb66e510bae7fe9c57b585c3bc52e14a7936c39d28692e900a18fb67cbf8fdeb660e548e1
6
+ metadata.gz: e401a74410d52b817b79ad27909187e7c70dc8d2c7048026ee15f5bb09ecdc4f45dcb299f60322cfaf1e3a31785040ee561a37896a2ccd97d1cb424dade562ff
7
+ data.tar.gz: 5d41fa72698add20304f08f2dad003f7e703196846a8edc66e27634ed75069070e1080ab3a07fa60931a0a2a8e3d32aeac2a3e79830ce5d9008967706b4a8b9c
@@ -33,7 +33,6 @@ cache:
33
33
  install:
34
34
  - git submodule update --init --recursive
35
35
  - ps: Enable-PSRemoting -Force
36
- - ps: Set-ExecutionPolicy RemoteSigned
37
36
  - winrm quickconfig -q
38
37
  - winrm set winrm/config/client @{TrustedHosts="*"}
39
38
  - winrm set winrm/config/client/auth @{Basic="true"}
@@ -10,6 +10,7 @@ module Serverspec
10
10
  windows_feature windows_hot_fix windows_registry_key
11
11
  windows_scheduled_task zfs docker_base docker_image
12
12
  docker_container x509_certificate x509_private_key
13
+ linux_audit_system
13
14
  )
14
15
 
15
16
  types.each {|type| require "serverspec/type/#{type}" }
@@ -0,0 +1,45 @@
1
+ module Serverspec::Type
2
+ class LinuxAuditSystem < Base
3
+ def initialize(name=nil)
4
+ @name = 'linux_audit_system'
5
+ @runner = Specinfra::Runner
6
+ @rules_content = nil
7
+ end
8
+
9
+ def enabled?
10
+ status_of('enabled') == '1'
11
+ end
12
+
13
+ def running?
14
+ pid = status_of('pid')
15
+ (!pid.nil? && pid.size > 0 && pid != '0')
16
+ end
17
+
18
+ def rules
19
+ if @rules_content.nil?
20
+ @rules_content = @runner.run_command('/sbin/auditctl -l').stdout || ''
21
+ end
22
+ @rules_content
23
+ end
24
+
25
+ private
26
+
27
+ def status_of(part)
28
+ cmd = "/sbin/auditctl -s"
29
+ status_str = @runner.run_command(cmd).stdout.chomp
30
+ status_map = parse_status(status_str)
31
+ status_map[part] || ''
32
+ end
33
+
34
+ def parse_status(status_str)
35
+ map = nil
36
+ if status_str =~ /^AUDIT_STATUS/ then
37
+ map = status_str.split(' ')[1..-1].inject({}) { |res,elem| a = elem.split('='); res.store(a[0],a[1] || ''); res }
38
+ else
39
+ map = status_str.split("\n").inject({}) { |res,elem| a = elem.split(' '); res.store(a[0],a[1] || ''); res }
40
+ end
41
+ map
42
+ end
43
+
44
+ end
45
+ end
@@ -1,3 +1,3 @@
1
1
  module Serverspec
2
- VERSION = "2.20.0"
2
+ VERSION = "2.21.0"
3
3
  end
@@ -0,0 +1,139 @@
1
+ require 'spec_helper'
2
+
3
+ set :os, :family => 'linux'
4
+
5
+ describe linux_audit_system do
6
+ let(:stdout) { out_auditctl1_1 }
7
+ it { should be_enabled }
8
+ end
9
+
10
+ describe linux_audit_system do
11
+ let(:stdout) { out_auditctl1_2 }
12
+ it { should_not be_enabled }
13
+ end
14
+
15
+ describe linux_audit_system do
16
+ let(:stdout) { out_auditctl1_1 }
17
+ it { should be_running }
18
+ end
19
+
20
+ describe linux_audit_system do
21
+ let(:stdout) { out_auditctl1_3 }
22
+ it { should_not be_running }
23
+ end
24
+
25
+ describe linux_audit_system do
26
+ let(:stdout) { out_auditctl1_4 }
27
+ it { should_not be_running }
28
+ end
29
+
30
+ describe linux_audit_system do
31
+ let(:stdout) { out_auditctl2_1 }
32
+ it { should be_enabled }
33
+ end
34
+
35
+ describe linux_audit_system do
36
+ let(:stdout) { out_auditctl2_2 }
37
+ it { should_not be_enabled }
38
+ end
39
+
40
+ describe linux_audit_system do
41
+ let(:stdout) { out_auditctl2_1 }
42
+ it { should be_running }
43
+ end
44
+
45
+ describe linux_audit_system do
46
+ let(:stdout) { out_auditctl2_3 }
47
+ it { should_not be_running }
48
+ end
49
+
50
+ describe linux_audit_system do
51
+ let(:stdout) { out_auditctl2_4 }
52
+ it { should_not be_running }
53
+ end
54
+
55
+ describe linux_audit_system do
56
+ let(:stdout) { '-a -w /etc/sysconfig -p wa -k test' }
57
+ its(:rules) { should match %r!-w /etc/sysconfig.*-k test! }
58
+ end
59
+
60
+ describe linux_audit_system do
61
+ let(:stdout) { 'test' }
62
+ its(:rules) { should eq 'test' }
63
+ its(:rules) { should match /es/ }
64
+ its(:rules) { should_not match /ab/ }
65
+ end
66
+
67
+ # variants of auditctl -s output for different versions
68
+
69
+ def out_auditctl1_1
70
+ "AUDIT_STATUS: enabled=1 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
71
+ end
72
+
73
+ def out_auditctl1_2
74
+ "AUDIT_STATUS: enabled=0 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
75
+ end
76
+
77
+ def out_auditctl1_3
78
+ "AUDIT_STATUS: enabled=1 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
79
+ end
80
+
81
+ def out_auditctl1_4
82
+ "AUDIT_STATUS: enabled=1 flag=1 pid= rate_limit=0 backlog_limit=320 lost=0 backlog=0"
83
+ end
84
+
85
+ def out_auditctl2_1
86
+ <<EOS
87
+ enabled 1
88
+ failure 1
89
+ pid 5939
90
+ rate_limit 0
91
+ backlog_limit 64
92
+ lost 0
93
+ backlog 0
94
+ backlog_wait_time 60000
95
+ loginuid_immutable 0 unlocked
96
+ EOS
97
+ end
98
+
99
+ def out_auditctl2_2
100
+ <<EOS
101
+ enabled 0
102
+ failure 1
103
+ pid 5939
104
+ rate_limit 0
105
+ backlog_limit 64
106
+ lost 0
107
+ backlog 0
108
+ backlog_wait_time 60000
109
+ loginuid_immutable 0 unlocked
110
+ EOS
111
+ end
112
+
113
+ def out_auditctl2_3
114
+ <<EOS
115
+ enabled 0
116
+ failure 1
117
+ pid 0
118
+ rate_limit 0
119
+ backlog_limit 64
120
+ lost 0
121
+ backlog 0
122
+ backlog_wait_time 60000
123
+ loginuid_immutable 0 unlocked
124
+ EOS
125
+ end
126
+
127
+ def out_auditctl2_4
128
+ <<EOS
129
+ enabled 0
130
+ failure 1
131
+ pid
132
+ rate_limit 0
133
+ backlog_limit 64
134
+ lost 0
135
+ backlog 0
136
+ backlog_wait_time 60000
137
+ loginuid_immutable 0 unlocked
138
+ EOS
139
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: serverspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.20.0
4
+ version: 2.21.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gosuke Miyashita
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-21 00:00:00.000000000 Z
11
+ date: 2015-08-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -162,6 +162,7 @@ files:
162
162
  - lib/serverspec/type/ipnat.rb
163
163
  - lib/serverspec/type/iptables.rb
164
164
  - lib/serverspec/type/kernel_module.rb
165
+ - lib/serverspec/type/linux_audit_system.rb
165
166
  - lib/serverspec/type/linux_kernel_parameter.rb
166
167
  - lib/serverspec/type/lxc.rb
167
168
  - lib/serverspec/type/mail_alias.rb
@@ -239,6 +240,7 @@ files:
239
240
  - spec/type/linux/ip6tables_spec.rb
240
241
  - spec/type/linux/iptables_spec.rb
241
242
  - spec/type/linux/kernel_module_spec.rb
243
+ - spec/type/linux/linux_audit_system_spec.rb
242
244
  - spec/type/linux/linux_kernel_parameter_spec.rb
243
245
  - spec/type/linux/lxc_container_spec.rb
244
246
  - spec/type/linux/selinux_module_spec.rb
@@ -380,6 +382,7 @@ test_files:
380
382
  - spec/type/linux/ip6tables_spec.rb
381
383
  - spec/type/linux/iptables_spec.rb
382
384
  - spec/type/linux/kernel_module_spec.rb
385
+ - spec/type/linux/linux_audit_system_spec.rb
383
386
  - spec/type/linux/linux_kernel_parameter_spec.rb
384
387
  - spec/type/linux/lxc_container_spec.rb
385
388
  - spec/type/linux/selinux_module_spec.rb