serverspec 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +13 -1
- data/lib/serverspec/helper.rb +4 -0
- data/lib/serverspec/helper/type.rb +11 -0
- data/lib/serverspec/matchers/be_enabled.rb +6 -2
- data/lib/serverspec/matchers/be_running.rb +12 -9
- data/lib/serverspec/setup.rb +1 -2
- data/lib/serverspec/type/service.rb +31 -0
- data/lib/serverspec/version.rb +1 -1
- data/serverspec.gemspec +3 -3
- data/spec/darwin/commands_spec.rb +31 -29
- data/spec/darwin/matchers_spec.rb +3 -1
- data/spec/darwin/service_spec.rb +9 -0
- data/spec/debian/commands_spec.rb +35 -33
- data/spec/debian/matchers_spec.rb +3 -1
- data/spec/debian/service_spec.rb +10 -0
- data/spec/gentoo/commands_spec.rb +33 -33
- data/spec/gentoo/matchers_spec.rb +3 -1
- data/spec/gentoo/service_spec.rb +10 -0
- data/spec/redhat/commands_spec.rb +35 -33
- data/spec/redhat/matchers_spec.rb +3 -1
- data/spec/redhat/service_spec.rb +10 -0
- data/spec/solaris/commands_spec.rb +38 -36
- data/spec/solaris/matchers_spec.rb +3 -1
- data/spec/solaris/service_spec.rb +10 -0
- data/spec/support/shared_service_examples.rb +72 -0
- metadata +20 -6
data/Rakefile
CHANGED
@@ -1,4 +1,16 @@
|
|
1
1
|
require "bundler/gem_tasks"
|
2
2
|
require 'rspec/core/rake_task'
|
3
3
|
|
4
|
-
|
4
|
+
task :spec => 'spec:all'
|
5
|
+
|
6
|
+
namespace :spec do
|
7
|
+
oses = %w( darwin debian gentoo redhat solaris )
|
8
|
+
|
9
|
+
task :all => oses.map {|os| "spec:#{os}" }
|
10
|
+
|
11
|
+
oses.each do |os|
|
12
|
+
RSpec::Core::RakeTask.new(os.to_sym) do |t|
|
13
|
+
t.pattern = "spec/#{os}/*_spec.rb"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
data/lib/serverspec/helper.rb
CHANGED
@@ -1,17 +1,20 @@
|
|
1
1
|
RSpec::Matchers.define :be_running do
|
2
2
|
match do |process|
|
3
|
-
if (
|
4
|
-
|
3
|
+
if process.respond_to?(:running?)
|
4
|
+
process.running? @under
|
5
|
+
else
|
6
|
+
if (@under)
|
7
|
+
check_method = "check_running_under_#{@under}".to_sym
|
5
8
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
+
unless backend.respond_to?(check_method)
|
10
|
+
raise ArgumentError.new("`be_running` matcher doesn't support #{@under}")
|
11
|
+
end
|
9
12
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
+
backend.send(check_method, example, process)
|
14
|
+
else
|
15
|
+
backend.check_running(example, process)
|
16
|
+
end
|
13
17
|
end
|
14
|
-
|
15
18
|
end
|
16
19
|
|
17
20
|
chain :under do |under|
|
data/lib/serverspec/setup.rb
CHANGED
@@ -8,7 +8,6 @@ Select a backend type:
|
|
8
8
|
|
9
9
|
1) SSH
|
10
10
|
2) Exec (local)
|
11
|
-
3) Puppet providers (local)
|
12
11
|
|
13
12
|
Select number:
|
14
13
|
EOF
|
@@ -16,7 +15,7 @@ EOF
|
|
16
15
|
num = gets.to_i - 1
|
17
16
|
puts
|
18
17
|
|
19
|
-
@backend_type = [ 'Ssh', 'Exec'
|
18
|
+
@backend_type = [ 'Ssh', 'Exec' ][num]
|
20
19
|
if @backend_type == 'Ssh'
|
21
20
|
print "Input target host name: "
|
22
21
|
@hostname = gets.chomp
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module Serverspec
|
2
|
+
module Type
|
3
|
+
class Service
|
4
|
+
def initialize name
|
5
|
+
@name = name
|
6
|
+
end
|
7
|
+
|
8
|
+
def enabled?
|
9
|
+
backend.check_enabled(nil, @name)
|
10
|
+
end
|
11
|
+
|
12
|
+
def running? under
|
13
|
+
if under
|
14
|
+
check_method = "check_running_under_#{under}".to_sym
|
15
|
+
|
16
|
+
unless backend.respond_to?(check_method)
|
17
|
+
raise ArgumentError.new("`be_running` matcher doesn't support #{@under}")
|
18
|
+
end
|
19
|
+
|
20
|
+
backend.send(check_method, nil, @name)
|
21
|
+
else
|
22
|
+
backend.check_running(nil, @name)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def to_s
|
27
|
+
"Service #{@name}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
data/lib/serverspec/version.rb
CHANGED
data/serverspec.gemspec
CHANGED
@@ -18,9 +18,9 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
-
spec.
|
22
|
-
spec.
|
23
|
-
spec.
|
21
|
+
spec.add_runtime_dependency "net-ssh"
|
22
|
+
spec.add_runtime_dependency "rspec", "~> 2.0"
|
23
|
+
spec.add_runtime_dependency "highline"
|
24
24
|
spec.add_development_dependency "bundler", "~> 1.3"
|
25
25
|
spec.add_development_dependency "rake"
|
26
26
|
end
|
@@ -1,16 +1,18 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Darwin
|
4
|
+
|
5
|
+
describe 'check_file' do
|
4
6
|
subject { commands.check_file('/etc/passwd') }
|
5
7
|
it { should eq 'test -f /etc/passwd' }
|
6
8
|
end
|
7
9
|
|
8
|
-
describe 'check_mounted'
|
10
|
+
describe 'check_mounted' do
|
9
11
|
subject { commands.check_mounted('/') }
|
10
12
|
it { should eq "mount | grep -w -- on\\ /" }
|
11
13
|
end
|
12
14
|
|
13
|
-
describe 'check_reachable'
|
15
|
+
describe 'check_reachable' do
|
14
16
|
context "connect with name from /etc/services to localhost" do
|
15
17
|
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
16
18
|
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
@@ -25,12 +27,12 @@ describe 'check_reachable', :os => :darwin do
|
|
25
27
|
end
|
26
28
|
end
|
27
29
|
|
28
|
-
describe 'check_routing_table'
|
30
|
+
describe 'check_routing_table' do
|
29
31
|
subject { commands.check_routing_table('192.168.100.0/24') }
|
30
32
|
it { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
31
33
|
end
|
32
34
|
|
33
|
-
describe 'check_resolvable'
|
35
|
+
describe 'check_resolvable' do
|
34
36
|
context "resolve localhost by hosts" do
|
35
37
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
36
38
|
it { should eq "grep -w -- localhost /etc/hosts" }
|
@@ -45,47 +47,47 @@ describe 'check_resolvable', :os => :darwin do
|
|
45
47
|
end
|
46
48
|
end
|
47
49
|
|
48
|
-
describe 'check_directory'
|
50
|
+
describe 'check_directory' do
|
49
51
|
subject { commands.check_directory('/var/log') }
|
50
52
|
it { should eq 'test -d /var/log' }
|
51
53
|
end
|
52
54
|
|
53
|
-
describe 'check_user'
|
55
|
+
describe 'check_user' do
|
54
56
|
subject { commands.check_user('root') }
|
55
57
|
it { should eq 'id root' }
|
56
58
|
end
|
57
59
|
|
58
|
-
describe 'check_group'
|
60
|
+
describe 'check_group' do
|
59
61
|
subject { commands.check_group('wheel') }
|
60
62
|
it { should eq 'getent group | grep -wq -- wheel' }
|
61
63
|
end
|
62
64
|
|
63
|
-
describe 'check_listening'
|
65
|
+
describe 'check_listening' do
|
64
66
|
subject { commands.check_listening(80) }
|
65
67
|
it { should eq "netstat -tunl | grep -- :80\\ " }
|
66
68
|
end
|
67
69
|
|
68
|
-
describe 'check_running'
|
70
|
+
describe 'check_running' do
|
69
71
|
subject { commands.check_running('httpd') }
|
70
72
|
it { should eq 'service httpd status' }
|
71
73
|
end
|
72
74
|
|
73
|
-
describe 'check_running_under_supervisor'
|
75
|
+
describe 'check_running_under_supervisor' do
|
74
76
|
subject { commands.check_running_under_supervisor('httpd') }
|
75
77
|
it { should eq 'supervisorctl status httpd' }
|
76
78
|
end
|
77
79
|
|
78
|
-
describe 'check_process'
|
80
|
+
describe 'check_process' do
|
79
81
|
subject { commands.check_process('httpd') }
|
80
82
|
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
81
83
|
end
|
82
84
|
|
83
|
-
describe 'check_file_contain'
|
85
|
+
describe 'check_file_contain' do
|
84
86
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
85
87
|
it { should eq "grep -q -- root /etc/passwd" }
|
86
88
|
end
|
87
89
|
|
88
|
-
describe 'check_file_contain_within'
|
90
|
+
describe 'check_file_contain_within' do
|
89
91
|
context 'contain a pattern in the file' do
|
90
92
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
91
93
|
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
@@ -107,67 +109,67 @@ describe 'check_file_contain_within', :os => :darwin do
|
|
107
109
|
end
|
108
110
|
end
|
109
111
|
|
110
|
-
describe 'check_file_md5checksum'
|
112
|
+
describe 'check_file_md5checksum' do
|
111
113
|
subject { commands.check_file_md5checksum('/usr/bin/rsync', '03ba2dcdd50ec3a7a45d3900902a83ce') }
|
112
114
|
it { should eq "openssl md5 /usr/bin/rsync | cut -d'=' -f2 | cut -c 2- | grep -E ^03ba2dcdd50ec3a7a45d3900902a83ce$" }
|
113
115
|
end
|
114
116
|
|
115
|
-
describe 'check_mode'
|
117
|
+
describe 'check_mode' do
|
116
118
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
117
119
|
it { should eq 'stat -f %A /etc/sudoers | grep -- \\^440\\$' }
|
118
120
|
end
|
119
121
|
|
120
|
-
describe 'check_owner'
|
122
|
+
describe 'check_owner' do
|
121
123
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
122
124
|
it { should eq 'stat -f %Su /etc/passwd | grep -- \\^root\\$' }
|
123
125
|
end
|
124
126
|
|
125
|
-
describe 'check_grouped'
|
127
|
+
describe 'check_grouped' do
|
126
128
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
127
129
|
it { should eq 'stat -f %Sg /etc/passwd | grep -- \\^wheel\\$' }
|
128
130
|
end
|
129
131
|
|
130
|
-
describe 'check_cron_entry'
|
132
|
+
describe 'check_cron_entry' do
|
131
133
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
132
134
|
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
133
135
|
end
|
134
136
|
|
135
|
-
describe 'check_link'
|
137
|
+
describe 'check_link' do
|
136
138
|
subject { commands.check_link('/etc/system-release', '/etc/darwin-release') }
|
137
139
|
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/darwin-release' }
|
138
140
|
end
|
139
141
|
|
140
|
-
describe 'check_installed_by_gem'
|
142
|
+
describe 'check_installed_by_gem' do
|
141
143
|
subject { commands.check_installed_by_gem('jekyll') }
|
142
144
|
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
143
145
|
end
|
144
146
|
|
145
|
-
describe 'check_belonging_group'
|
147
|
+
describe 'check_belonging_group' do
|
146
148
|
subject { commands.check_belonging_group('root', 'wheel') }
|
147
149
|
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
148
150
|
end
|
149
151
|
|
150
|
-
describe 'have_gid'
|
152
|
+
describe 'have_gid' do
|
151
153
|
subject { commands.check_gid('root', 0) }
|
152
154
|
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
153
155
|
end
|
154
156
|
|
155
|
-
describe 'have_uid'
|
157
|
+
describe 'have_uid' do
|
156
158
|
subject { commands.check_uid('root', 0) }
|
157
159
|
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
158
160
|
end
|
159
161
|
|
160
|
-
describe 'have_login_shell'
|
162
|
+
describe 'have_login_shell' do
|
161
163
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
162
164
|
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
163
165
|
end
|
164
166
|
|
165
|
-
describe 'have_home_directory'
|
167
|
+
describe 'have_home_directory' do
|
166
168
|
subject { commands.check_home_directory('root', '/root') }
|
167
169
|
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
168
170
|
end
|
169
171
|
|
170
|
-
describe 'have_authorized_key'
|
172
|
+
describe 'have_authorized_key' do
|
171
173
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
172
174
|
escaped_key = key.gsub(/ /, '\ ')
|
173
175
|
|
@@ -185,12 +187,12 @@ describe 'have_authorized_key', :os => :darwin do
|
|
185
187
|
end
|
186
188
|
end
|
187
189
|
|
188
|
-
describe 'get_mode'
|
190
|
+
describe 'get_mode' do
|
189
191
|
subject { commands.get_mode('/dev') }
|
190
192
|
it { should eq 'stat -f %A /dev' }
|
191
193
|
end
|
192
194
|
|
193
|
-
describe 'check_access_by_user'
|
195
|
+
describe 'check_access_by_user' do
|
194
196
|
context 'read access' do
|
195
197
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
196
198
|
it { should eq 'sudo -u dummyuser1 -s /bin/test -r /tmp/something' }
|
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Darwin
|
4
|
+
|
5
|
+
describe 'Serverspec matchers of Darwin' do
|
4
6
|
it_behaves_like 'support be_running matcher', 'sshd'
|
5
7
|
it_behaves_like 'support be_running.under("supervisor") matcher', 'growthforecast'
|
6
8
|
it_behaves_like 'support be_running.under("not implemented") matcher', 'growthforecast'
|
@@ -0,0 +1,9 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::Darwin
|
4
|
+
|
5
|
+
describe 'Serverspec service matchers of Darwin family' do
|
6
|
+
it_behaves_like 'support service running matcher', 'sshd'
|
7
|
+
it_behaves_like 'support service running under supervisor matcher', 'sshd'
|
8
|
+
it_behaves_like 'support service running under unimplemented matcher', 'sshd'
|
9
|
+
end
|
@@ -1,26 +1,28 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
3
|
+
include Serverspec::Helper::Debian
|
4
|
+
|
5
|
+
describe 'check_enabled' do
|
4
6
|
subject { commands.check_enabled('httpd') }
|
5
7
|
it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
|
6
8
|
end
|
7
9
|
|
8
|
-
describe 'check_file'
|
10
|
+
describe 'check_file' do
|
9
11
|
subject { commands.check_file('/etc/passwd') }
|
10
12
|
it { should eq 'test -f /etc/passwd' }
|
11
13
|
end
|
12
14
|
|
13
|
-
describe 'check_mounted'
|
15
|
+
describe 'check_mounted' do
|
14
16
|
subject { commands.check_mounted('/') }
|
15
17
|
it { should eq "mount | grep -w -- on\\ /" }
|
16
18
|
end
|
17
19
|
|
18
|
-
describe 'check_routing_table'
|
20
|
+
describe 'check_routing_table' do
|
19
21
|
subject { commands.check_routing_table('192.168.100.0/24') }
|
20
22
|
it { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
21
23
|
end
|
22
24
|
|
23
|
-
describe 'check_reachable'
|
25
|
+
describe 'check_reachable' do
|
24
26
|
context "connect with name from /etc/services to localhost" do
|
25
27
|
subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
|
26
28
|
it { should eq "nc -vvvvzt localhost ssh -w 1" }
|
@@ -35,7 +37,7 @@ describe 'check_reachable', :os => :debian do
|
|
35
37
|
end
|
36
38
|
end
|
37
39
|
|
38
|
-
describe 'check_resolvable'
|
40
|
+
describe 'check_resolvable' do
|
39
41
|
context "resolve localhost by hosts" do
|
40
42
|
subject { commands.check_resolvable('localhost', 'hosts') }
|
41
43
|
it { should eq "grep -w -- localhost /etc/hosts" }
|
@@ -50,59 +52,59 @@ describe 'check_resolvable', :os => :debian do
|
|
50
52
|
end
|
51
53
|
end
|
52
54
|
|
53
|
-
describe 'check_file_md5checksum'
|
55
|
+
describe 'check_file_md5checksum' do
|
54
56
|
subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
|
55
57
|
it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
|
56
58
|
end
|
57
59
|
|
58
60
|
|
59
|
-
describe 'check_directory'
|
61
|
+
describe 'check_directory' do
|
60
62
|
subject { commands.check_directory('/var/log') }
|
61
63
|
it { should eq 'test -d /var/log' }
|
62
64
|
end
|
63
65
|
|
64
|
-
describe 'check_user'
|
66
|
+
describe 'check_user' do
|
65
67
|
subject { commands.check_user('root') }
|
66
68
|
it { should eq 'id root' }
|
67
69
|
end
|
68
70
|
|
69
|
-
describe 'check_group'
|
71
|
+
describe 'check_group' do
|
70
72
|
subject { commands.check_group('wheel') }
|
71
73
|
it { should eq 'getent group | grep -wq -- wheel' }
|
72
74
|
end
|
73
75
|
|
74
|
-
describe 'check_installed'
|
76
|
+
describe 'check_installed' do
|
75
77
|
subject { commands.check_installed('httpd') }
|
76
78
|
it { should eq 'dpkg -s httpd' }
|
77
79
|
end
|
78
80
|
|
79
|
-
describe 'check_listening'
|
81
|
+
describe 'check_listening' do
|
80
82
|
subject { commands.check_listening(80) }
|
81
83
|
it { should eq "netstat -tunl | grep -- :80\\ " }
|
82
84
|
end
|
83
85
|
|
84
|
-
describe 'check_running'
|
86
|
+
describe 'check_running' do
|
85
87
|
subject { commands.check_running('httpd') }
|
86
88
|
it { should eq 'service httpd status' }
|
87
89
|
end
|
88
90
|
|
89
91
|
|
90
|
-
describe 'check_running_under_supervisor'
|
92
|
+
describe 'check_running_under_supervisor' do
|
91
93
|
subject { commands.check_running_under_supervisor('httpd') }
|
92
94
|
it { should eq 'supervisorctl status httpd' }
|
93
95
|
end
|
94
96
|
|
95
|
-
describe 'check_process'
|
97
|
+
describe 'check_process' do
|
96
98
|
subject { commands.check_process('httpd') }
|
97
99
|
it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
|
98
100
|
end
|
99
101
|
|
100
|
-
describe 'check_file_contain'
|
102
|
+
describe 'check_file_contain' do
|
101
103
|
subject { commands.check_file_contain('/etc/passwd', 'root') }
|
102
104
|
it { should eq "grep -q -- root /etc/passwd" }
|
103
105
|
end
|
104
106
|
|
105
|
-
describe 'check_file_contain_within'
|
107
|
+
describe 'check_file_contain_within' do
|
106
108
|
context 'contain a pattern in the file' do
|
107
109
|
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
|
108
110
|
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
|
@@ -124,62 +126,62 @@ describe 'check_file_contain_within', :os => :debian do
|
|
124
126
|
end
|
125
127
|
end
|
126
128
|
|
127
|
-
describe 'check_mode'
|
129
|
+
describe 'check_mode' do
|
128
130
|
subject { commands.check_mode('/etc/sudoers', 440) }
|
129
131
|
it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
|
130
132
|
end
|
131
133
|
|
132
|
-
describe 'check_owner'
|
134
|
+
describe 'check_owner' do
|
133
135
|
subject { commands.check_owner('/etc/passwd', 'root') }
|
134
136
|
it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
|
135
137
|
end
|
136
138
|
|
137
|
-
describe 'check_grouped'
|
139
|
+
describe 'check_grouped' do
|
138
140
|
subject { commands.check_grouped('/etc/passwd', 'wheel') }
|
139
141
|
it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
|
140
142
|
end
|
141
143
|
|
142
|
-
describe 'check_cron_entry'
|
144
|
+
describe 'check_cron_entry' do
|
143
145
|
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
|
144
146
|
it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
145
147
|
end
|
146
148
|
|
147
|
-
describe 'check_link'
|
149
|
+
describe 'check_link' do
|
148
150
|
subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
|
149
151
|
it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
|
150
152
|
end
|
151
153
|
|
152
|
-
describe 'check_installed_by_gem'
|
154
|
+
describe 'check_installed_by_gem' do
|
153
155
|
subject { commands.check_installed_by_gem('jekyll') }
|
154
156
|
it { should eq 'gem list --local | grep -- \\^jekyll\\ ' }
|
155
157
|
end
|
156
158
|
|
157
|
-
describe 'check_belonging_group'
|
159
|
+
describe 'check_belonging_group' do
|
158
160
|
subject { commands.check_belonging_group('root', 'wheel') }
|
159
161
|
it { should eq "id root | awk '{print $3}' | grep -- wheel" }
|
160
162
|
end
|
161
163
|
|
162
|
-
describe 'have_gid'
|
164
|
+
describe 'have_gid' do
|
163
165
|
subject { commands.check_gid('root', 0) }
|
164
166
|
it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
|
165
167
|
end
|
166
168
|
|
167
|
-
describe 'have_uid'
|
169
|
+
describe 'have_uid' do
|
168
170
|
subject { commands.check_uid('root', 0) }
|
169
171
|
it { should eq "id root | grep -- \\^uid\\=0\\(" }
|
170
172
|
end
|
171
173
|
|
172
|
-
describe 'have_login_shell'
|
174
|
+
describe 'have_login_shell' do
|
173
175
|
subject { commands.check_login_shell('root', '/bin/bash') }
|
174
176
|
it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
175
177
|
end
|
176
178
|
|
177
|
-
describe 'have_home_directory'
|
179
|
+
describe 'have_home_directory' do
|
178
180
|
subject { commands.check_home_directory('root', '/root') }
|
179
181
|
it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
180
182
|
end
|
181
183
|
|
182
|
-
describe 'have_authorized_key'
|
184
|
+
describe 'have_authorized_key' do
|
183
185
|
key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
|
184
186
|
escaped_key = key.gsub(/ /, '\ ')
|
185
187
|
|
@@ -197,7 +199,7 @@ describe 'have_authorized_key', :os => :debian do
|
|
197
199
|
end
|
198
200
|
end
|
199
201
|
|
200
|
-
describe 'check_ipatbles'
|
202
|
+
describe 'check_ipatbles' do
|
201
203
|
context 'check a rule without a table and a chain' do
|
202
204
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
203
205
|
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
@@ -209,7 +211,7 @@ describe 'check_ipatbles', :os => :debian do
|
|
209
211
|
end
|
210
212
|
end
|
211
213
|
|
212
|
-
describe 'check_selinux'
|
214
|
+
describe 'check_selinux' do
|
213
215
|
context 'enforcing' do
|
214
216
|
subject { commands.check_selinux('enforcing') }
|
215
217
|
it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
|
@@ -226,12 +228,12 @@ describe 'check_selinux', :os => :debian do
|
|
226
228
|
end
|
227
229
|
end
|
228
230
|
|
229
|
-
describe 'get_mode'
|
231
|
+
describe 'get_mode' do
|
230
232
|
subject { commands.get_mode('/dev') }
|
231
233
|
it { should eq 'stat -c %a /dev' }
|
232
234
|
end
|
233
235
|
|
234
|
-
describe 'check_access_by_user'
|
236
|
+
describe 'check_access_by_user' do
|
235
237
|
context 'read access' do
|
236
238
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
237
239
|
it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
|