serverspec 0.4.9 → 0.4.10

Sign up to get free protection for your applications and to get access to all the features.
@@ -11,7 +11,7 @@ module Serverspec
11
11
 
12
12
  def check_mode file, mode
13
13
  regexp = "^#{mode}$"
14
- "stat -f %A #{escape(file)} | grep -- #{escape(regexp)}"
14
+ "stat -f%Lp #{escape(file)} | grep -- #{escape(regexp)}"
15
15
  end
16
16
 
17
17
  def check_owner file, owner
@@ -25,7 +25,7 @@ module Serverspec
25
25
  end
26
26
 
27
27
  def get_mode(file)
28
- "stat -f %A #{escape(file)}"
28
+ "stat -f%Lp #{escape(file)}"
29
29
  end
30
30
 
31
31
  def check_access_by_user file, user, access
@@ -1,3 +1,3 @@
1
1
  module Serverspec
2
- VERSION = "0.4.9"
2
+ VERSION = "0.4.10"
3
3
  end
@@ -3,125 +3,47 @@ require 'spec_helper'
3
3
  include Serverspec::Helper::Darwin
4
4
 
5
5
  describe 'Serverspec commands of Darwin family' do
6
+ it_behaves_like 'support command check_file', '/etc/passwd'
7
+ it_behaves_like 'support command check_directory', '/var/log'
8
+
6
9
  it_behaves_like 'support command check_installed_by_gem', 'jekyll'
7
10
  it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
8
- end
9
-
10
- describe 'check_file' do
11
- subject { commands.check_file('/etc/passwd') }
12
- it { should eq 'test -f /etc/passwd' }
13
- end
14
-
15
- describe 'check_mounted' do
16
- subject { commands.check_mounted('/') }
17
- it { should eq "mount | grep -w -- on\\ /" }
18
- end
19
-
20
- describe 'check_reachable' do
21
- context "connect with name from /etc/services to localhost" do
22
- subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
23
- it { should eq "nc -vvvvzt localhost ssh -w 1" }
24
- end
25
- context "connect with ip and port 11111 and timeout of 5" do
26
- subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
27
- it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
28
- end
29
- context "do a ping" do
30
- subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
31
- it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
32
- end
33
- end
34
-
35
- describe 'check_routing_table' do
36
- subject { commands.check_routing_table('192.168.100.0/24') }
37
- it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
38
- end
39
-
40
- describe 'check_resolvable' do
41
- context "resolve localhost by hosts" do
42
- subject { commands.check_resolvable('localhost', 'hosts') }
43
- it { should eq "grep -w -- localhost /etc/hosts" }
44
- end
45
- context "resolve localhost by dns" do
46
- subject { commands.check_resolvable('localhost', 'dns') }
47
- it { should eq "nslookup -timeout=1 localhost" }
48
- end
49
- context "resolve localhost with default settings" do
50
- subject { commands.check_resolvable('localhost',nil) }
51
- it { should eq 'getent hosts localhost' }
52
- end
53
- end
54
11
 
55
- describe 'check_directory' do
56
- subject { commands.check_directory('/var/log') }
57
- it { should eq 'test -d /var/log' }
58
- end
12
+ it_behaves_like 'support command check_mounted', '/'
59
13
 
60
- describe 'check_user' do
61
- subject { commands.check_user('root') }
62
- it { should eq 'id root' }
63
- end
14
+ it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
15
+ it_behaves_like 'support command check_reachable'
16
+ it_behaves_like 'support command check_resolvable'
64
17
 
65
- describe 'check_group' do
66
- subject { commands.check_group('wheel') }
67
- it { should eq 'getent group | grep -wq -- wheel' }
68
- end
18
+ it_behaves_like 'support command check_user', 'root'
19
+ it_behaves_like 'support command check_user', 'wheel'
69
20
 
70
- describe 'check_listening' do
71
- subject { commands.check_listening(80) }
72
- it { should eq "netstat -tunl | grep -- :80\\ " }
73
- end
21
+ it_behaves_like 'support command check_listening', 80
74
22
 
75
- describe 'check_running' do
76
- subject { commands.check_running('httpd') }
77
- it { should eq '/sbin/service httpd status' }
78
- end
23
+ it_behaves_like 'support command check_running_under_supervisor', 'httpd'
24
+ it_behaves_like 'support command check_process', 'httpd'
79
25
 
80
- describe 'check_running_under_supervisor' do
81
- subject { commands.check_running_under_supervisor('httpd') }
82
- it { should eq 'supervisorctl status httpd' }
83
- end
26
+ it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
27
+ it_behaves_like 'support command check_file_contain_within'
84
28
 
85
- describe 'check_process' do
86
- subject { commands.check_process('httpd') }
87
- it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
88
- end
29
+ it_behaves_like 'support command check_cron_entry'
89
30
 
90
- describe 'check_file_contain' do
91
- subject { commands.check_file_contain('/etc/passwd', 'root') }
92
- it { should eq "grep -q -- root /etc/passwd" }
93
- end
31
+ it_behaves_like 'support command check_link', '/etc/system-release', '/etc/darwin-release'
94
32
 
95
- describe 'check_file_contain_within' do
96
- context 'contain a pattern in the file' do
97
- subject { commands.check_file_contain_within('Gemfile', 'rspec') }
98
- it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
99
- end
33
+ it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
100
34
 
101
- context 'contain a pattern after a line in a file' do
102
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
103
- it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
104
- end
35
+ it_behaves_like 'support command check_uid', 'root', 0
36
+ it_behaves_like 'support command check_gid', 'root', 0
105
37
 
106
- context 'contain a pattern before a line in a file' do
107
- subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
108
- it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
109
- end
38
+ it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
39
+ it_behaves_like 'support command check_home_directory', 'root', '/root'
110
40
 
111
- context 'contain a pattern from within a line and another line in a file' do
112
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
113
- it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
114
- end
115
- end
116
-
117
- describe 'check_file_md5checksum' do
118
- subject { commands.check_file_md5checksum('/usr/bin/rsync', '03ba2dcdd50ec3a7a45d3900902a83ce') }
119
- it { should eq "openssl md5 /usr/bin/rsync | cut -d'=' -f2 | cut -c 2- | grep -E ^03ba2dcdd50ec3a7a45d3900902a83ce$" }
41
+ it_behaves_like 'support command check_authorized_key'
120
42
  end
121
43
 
122
44
  describe 'check_mode' do
123
45
  subject { commands.check_mode('/etc/sudoers', 440) }
124
- it { should eq 'stat -f %A /etc/sudoers | grep -- \\^440\\$' }
46
+ it { should eq 'stat -f%Lp /etc/sudoers | grep -- \\^440\\$' }
125
47
  end
126
48
 
127
49
  describe 'check_owner' do
@@ -134,69 +56,9 @@ describe 'check_grouped' do
134
56
  it { should eq 'stat -f %Sg /etc/passwd | grep -- \\^wheel\\$' }
135
57
  end
136
58
 
137
- describe 'check_cron_entry' do
138
- context 'specify root user' do
139
- subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
140
- it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
141
- end
142
-
143
- context 'no specified user' do
144
- subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
145
- it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
146
- end
147
- end
148
-
149
- describe 'check_link' do
150
- subject { commands.check_link('/etc/system-release', '/etc/darwin-release') }
151
- it { should eq 'stat -c %N /etc/system-release | grep -- /etc/darwin-release' }
152
- end
153
-
154
- describe 'check_belonging_group' do
155
- subject { commands.check_belonging_group('root', 'wheel') }
156
- it { should eq "id root | awk '{print $3}' | grep -- wheel" }
157
- end
158
-
159
- describe 'have_gid' do
160
- subject { commands.check_gid('root', 0) }
161
- it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
162
- end
163
-
164
- describe 'have_uid' do
165
- subject { commands.check_uid('root', 0) }
166
- it { should eq "id root | grep -- \\^uid\\=0\\(" }
167
- end
168
-
169
- describe 'have_login_shell' do
170
- subject { commands.check_login_shell('root', '/bin/bash') }
171
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
172
- end
173
-
174
- describe 'have_home_directory' do
175
- subject { commands.check_home_directory('root', '/root') }
176
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
177
- end
178
-
179
- describe 'have_authorized_key' do
180
- key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
181
- escaped_key = key.gsub(/ /, '\ ')
182
-
183
- context 'with commented publickey' do
184
- commented_key = key + " foo@bar.local"
185
- subject { commands.check_authorized_key('root', commented_key) }
186
- describe 'when command insert publickey is removed comment' do
187
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
188
- end
189
- end
190
-
191
- context 'with uncomented publickey' do
192
- subject { commands.check_authorized_key('root', key) }
193
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
194
- end
195
- end
196
-
197
59
  describe 'get_mode' do
198
60
  subject { commands.get_mode('/dev') }
199
- it { should eq 'stat -f %A /dev' }
61
+ it { should eq 'stat -f%Lp /dev' }
200
62
  end
201
63
 
202
64
  describe 'check_access_by_user' do
@@ -215,3 +77,8 @@ describe 'check_access_by_user' do
215
77
  it { should eq 'sudo -u dummyuser3 -s /bin/test -x /tmp/somethingx' }
216
78
  end
217
79
  end
80
+
81
+ describe 'check_file_md5checksum' do
82
+ subject { commands.check_file_md5checksum('/usr/bin/rsync', '03ba2dcdd50ec3a7a45d3900902a83ce') }
83
+ it { should eq "openssl md5 /usr/bin/rsync | cut -d'=' -f2 | cut -c 2- | grep -E ^03ba2dcdd50ec3a7a45d3900902a83ce$" }
84
+ end
@@ -3,256 +3,68 @@ require 'spec_helper'
3
3
  include Serverspec::Helper::Debian
4
4
 
5
5
  describe 'Serverspec commands of Debian family' do
6
+ it_behaves_like 'support command check_file', '/etc/passwd'
7
+ it_behaves_like 'support command check_directory', '/var/log'
8
+
6
9
  it_behaves_like 'support command check_installed_by_gem', 'jekyll'
7
10
  it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
8
- end
9
11
 
10
- describe 'check_enabled' do
11
- subject { commands.check_enabled('httpd') }
12
- it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
13
- end
12
+ it_behaves_like 'support command check_mounted', '/'
14
13
 
15
- describe 'check_file' do
16
- subject { commands.check_file('/etc/passwd') }
17
- it { should eq 'test -f /etc/passwd' }
18
- end
14
+ it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
15
+ it_behaves_like 'support command check_reachable'
16
+ it_behaves_like 'support command check_resolvable'
19
17
 
20
- describe 'check_mounted' do
21
- subject { commands.check_mounted('/') }
22
- it { should eq "mount | grep -w -- on\\ /" }
23
- end
18
+ it_behaves_like 'support command check_user', 'root'
19
+ it_behaves_like 'support command check_user', 'wheel'
24
20
 
25
- describe 'check_routing_table' do
26
- subject { commands.check_routing_table('192.168.100.0/24') }
27
- it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
28
- end
21
+ it_behaves_like 'support command check_listening', 80
29
22
 
30
- describe 'check_reachable' do
31
- context "connect with name from /etc/services to localhost" do
32
- subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
33
- it { should eq "nc -vvvvzt localhost ssh -w 1" }
34
- end
35
- context "connect with ip and port 11111 and timeout of 5" do
36
- subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
37
- it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
38
- end
39
- context "do a ping" do
40
- subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
41
- it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
42
- end
43
- end
23
+ it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
44
24
 
45
- describe 'check_resolvable' do
46
- context "resolve localhost by hosts" do
47
- subject { commands.check_resolvable('localhost', 'hosts') }
48
- it { should eq "grep -w -- localhost /etc/hosts" }
49
- end
50
- context "resolve localhost by dns" do
51
- subject { commands.check_resolvable('localhost', 'dns') }
52
- it { should eq "nslookup -timeout=1 localhost" }
53
- end
54
- context "resolve localhost with default settings" do
55
- subject { commands.check_resolvable('localhost',nil) }
56
- it { should eq 'getent hosts localhost' }
57
- end
58
- end
25
+ it_behaves_like 'support command check_running_under_supervisor', 'httpd'
26
+ it_behaves_like 'support command check_process', 'httpd'
59
27
 
60
- describe 'check_file_md5checksum' do
61
- subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
62
- it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
63
- end
28
+ it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
29
+ it_behaves_like 'support command check_file_contain_within'
64
30
 
31
+ it_behaves_like 'support command check_mode', '/etc/sudoers', 440
32
+ it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
33
+ it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
65
34
 
66
- describe 'check_directory' do
67
- subject { commands.check_directory('/var/log') }
68
- it { should eq 'test -d /var/log' }
69
- end
35
+ it_behaves_like 'support command check_cron_entry'
70
36
 
71
- describe 'check_user' do
72
- subject { commands.check_user('root') }
73
- it { should eq 'id root' }
74
- end
37
+ it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
75
38
 
76
- describe 'check_group' do
77
- subject { commands.check_group('wheel') }
78
- it { should eq 'getent group | grep -wq -- wheel' }
79
- end
39
+ it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
80
40
 
81
- describe 'check_installed' do
82
- subject { commands.check_installed('httpd') }
83
- it { should eq 'dpkg -s httpd' }
84
- end
41
+ it_behaves_like 'support command check_uid', 'root', 0
42
+ it_behaves_like 'support command check_gid', 'root', 0
85
43
 
86
- describe 'check_listening' do
87
- subject { commands.check_listening(80) }
88
- it { should eq "netstat -tunl | grep -- :80\\ " }
89
- end
90
-
91
- describe 'check_running' do
92
- subject { commands.check_running('httpd') }
93
- it { should eq '/sbin/service httpd status' }
94
- end
95
-
96
-
97
- describe 'check_running_under_supervisor' do
98
- subject { commands.check_running_under_supervisor('httpd') }
99
- it { should eq 'supervisorctl status httpd' }
100
- end
44
+ it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
45
+ it_behaves_like 'support command check_home_directory', 'root', '/root'
101
46
 
102
- describe 'check_process' do
103
- subject { commands.check_process('httpd') }
104
- it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
105
- end
106
-
107
- describe 'check_file_contain' do
108
- subject { commands.check_file_contain('/etc/passwd', 'root') }
109
- it { should eq "grep -q -- root /etc/passwd" }
110
- end
47
+ it_behaves_like 'support command check_authorized_key'
111
48
 
112
- describe 'check_file_contain_within' do
113
- context 'contain a pattern in the file' do
114
- subject { commands.check_file_contain_within('Gemfile', 'rspec') }
115
- it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
116
- end
49
+ it_behaves_like 'support command check_iptables'
50
+ it_behaves_like 'support command check_selinux'
117
51
 
118
- context 'contain a pattern after a line in a file' do
119
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
120
- it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
121
- end
52
+ it_behaves_like 'support command get_mode'
122
53
 
123
- context 'contain a pattern before a line in a file' do
124
- subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
125
- it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
126
- end
127
-
128
- context 'contain a pattern from within a line and another line in a file' do
129
- subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
130
- it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
131
- end
54
+ it_behaves_like 'support command check_access_by_user'
132
55
  end
133
56
 
134
- describe 'check_mode' do
135
- subject { commands.check_mode('/etc/sudoers', 440) }
136
- it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
137
- end
138
-
139
- describe 'check_owner' do
140
- subject { commands.check_owner('/etc/passwd', 'root') }
141
- it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
142
- end
143
-
144
- describe 'check_grouped' do
145
- subject { commands.check_grouped('/etc/passwd', 'wheel') }
146
- it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
147
- end
148
-
149
- describe 'check_cron_entry' do
150
- context 'specify root user' do
151
- subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
152
- it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
153
- end
154
-
155
- context 'no specified user' do
156
- subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
157
- it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
158
- end
159
- end
160
-
161
- describe 'check_link' do
162
- subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
163
- it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
164
- end
165
-
166
- describe 'check_belonging_group' do
167
- subject { commands.check_belonging_group('root', 'wheel') }
168
- it { should eq "id root | awk '{print $3}' | grep -- wheel" }
169
- end
170
-
171
- describe 'have_gid' do
172
- subject { commands.check_gid('root', 0) }
173
- it { should eq "getent group | grep -w -- \\^root | cut -f 3 -d ':' | grep -w -- 0" }
174
- end
175
-
176
- describe 'have_uid' do
177
- subject { commands.check_uid('root', 0) }
178
- it { should eq "id root | grep -- \\^uid\\=0\\(" }
179
- end
180
-
181
- describe 'have_login_shell' do
182
- subject { commands.check_login_shell('root', '/bin/bash') }
183
- it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
184
- end
185
-
186
- describe 'have_home_directory' do
187
- subject { commands.check_home_directory('root', '/root') }
188
- it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
189
- end
190
-
191
- describe 'have_authorized_key' do
192
- key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
193
- escaped_key = key.gsub(/ /, '\ ')
194
-
195
- context 'with commented publickey' do
196
- commented_key = key + " foo@bar.local"
197
- subject { commands.check_authorized_key('root', commented_key) }
198
- describe 'when command insert publickey is removed comment' do
199
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
200
- end
201
- end
202
-
203
- context 'with uncomented publickey' do
204
- subject { commands.check_authorized_key('root', key) }
205
- it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
206
- end
207
- end
208
-
209
- describe 'check_ipatbles' do
210
- context 'check a rule without a table and a chain' do
211
- subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
212
- it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
213
- end
214
-
215
- context 'chack a rule with a table and a chain' do
216
- subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
217
- it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
218
- end
219
- end
220
-
221
- describe 'check_selinux' do
222
- context 'enforcing' do
223
- subject { commands.check_selinux('enforcing') }
224
- it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
225
- end
226
-
227
- context 'permissive' do
228
- subject { commands.check_selinux('permissive') }
229
- it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
230
- end
231
-
232
- context 'disabled' do
233
- subject { commands.check_selinux('disabled') }
234
- it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
235
- end
57
+ describe 'check_enabled' do
58
+ subject { commands.check_enabled('httpd') }
59
+ it { should eq 'ls /etc/rc3.d/ | grep -- httpd' }
236
60
  end
237
61
 
238
- describe 'get_mode' do
239
- subject { commands.get_mode('/dev') }
240
- it { should eq 'stat -c %a /dev' }
62
+ describe 'check_installed' do
63
+ subject { commands.check_installed('httpd') }
64
+ it { should eq 'dpkg -s httpd' }
241
65
  end
242
66
 
243
- describe 'check_access_by_user' do
244
- context 'read access' do
245
- subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
246
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
247
- end
248
-
249
- context 'write access' do
250
- subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
251
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -w /tmp/somethingw" dummyuser2' }
252
- end
253
-
254
- context 'execute access' do
255
- subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
256
- it { should eq 'su -s /bin/sh -c "/usr/bin/test -x /tmp/somethingx" dummyuser3' }
257
- end
67
+ describe 'check_running' do
68
+ subject { commands.check_running('httpd') }
69
+ it { should eq '/sbin/service httpd status' }
258
70
  end