serverspec 0.9.1 → 0.9.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +1 -1
- data/lib/serverspec/backend/exec.rb +2 -0
- data/lib/serverspec/commands/aix.rb +69 -0
- data/lib/serverspec/helper/aix.rb +9 -0
- data/lib/serverspec/helper.rb +1 -0
- data/lib/serverspec/version.rb +1 -1
- data/lib/serverspec.rb +2 -0
- data/spec/aix/command_spec.rb +48 -0
- data/spec/aix/commands_spec.rb +13 -0
- data/spec/aix/cron_spec.rb +21 -0
- data/spec/aix/default_gateway_spec.rb +16 -0
- data/spec/aix/file_spec.rb +395 -0
- data/spec/aix/group_spec.rb +21 -0
- data/spec/aix/host_spec.rb +58 -0
- data/spec/aix/interface_spec.rb +24 -0
- data/spec/aix/iptables_spec.rb +21 -0
- data/spec/aix/kernel_module_spec.rb +12 -0
- data/spec/aix/linux_kernel_parameter_spec.rb +36 -0
- data/spec/aix/package_spec.rb +94 -0
- data/spec/aix/php_config_spec.rb +36 -0
- data/spec/aix/port_spec.rb +30 -0
- data/spec/aix/routing_table_spec.rb +120 -0
- data/spec/aix/selinux_spec.rb +18 -0
- data/spec/aix/service_spec.rb +93 -0
- data/spec/aix/user_spec.rb +58 -0
- data/spec/aix/yumrepo_spec.rb +25 -0
- data/spec/aix/zfs_spec.rb +18 -0
- metadata +43 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4eeced11ef9fa8cc2353a2747706ced43e97558
|
4
|
+
data.tar.gz: 845034cbc6d34d36a2a3566a39b34f19f924fd48
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1eea47c5f65a3dcfa6664352c3d718e4045201dd37f2630b5a7c866fa652074c2350c09e1d63c666bed9454177867f7e2c343beda9735e6d6549b227e017e155
|
7
|
+
data.tar.gz: db04934904b9bba0336c00bb3883449e68f4c36c80efa903de168e4785bc5c1f13dc0693989c3a96c83c93150dc38bda925fe3fbcea82db4dc1c1e2a3ed6988c
|
data/Rakefile
CHANGED
@@ -4,7 +4,7 @@ require 'rspec/core/rake_task'
|
|
4
4
|
task :spec => 'spec:all'
|
5
5
|
|
6
6
|
namespace :spec do
|
7
|
-
oses = %w( darwin debian gentoo redhat solaris solaris10 solaris11 smartos windows)
|
7
|
+
oses = %w( darwin debian gentoo redhat aix solaris solaris10 solaris11 smartos windows)
|
8
8
|
|
9
9
|
task :all => [ oses.map {|os| "spec:#{os}" }, :helpers, :exec, :ssh, :cmd, :winrm, :powershell ].flatten
|
10
10
|
|
@@ -166,6 +166,8 @@ module Serverspec
|
|
166
166
|
'Debian'
|
167
167
|
elsif run_command('ls /etc/gentoo-release')[:exit_status] == 0
|
168
168
|
'Gentoo'
|
169
|
+
elsif run_command('uname -s')[:stdout] =~ /AIX/i
|
170
|
+
'Aix'
|
169
171
|
elsif (os = run_command('uname -sr')[:stdout]) && os =~ /SunOS/i
|
170
172
|
if os =~ /5.10/
|
171
173
|
'Solaris10'
|
@@ -0,0 +1,69 @@
|
|
1
|
+
require 'shellwords'
|
2
|
+
|
3
|
+
module Serverspec
|
4
|
+
module Commands
|
5
|
+
class Aix < Base
|
6
|
+
class NotImplementedError < Exception; end
|
7
|
+
|
8
|
+
def check_access_by_user(file, user, access)
|
9
|
+
"su -s sh -c \"test -#{access} #{file}\" #{user}"
|
10
|
+
end
|
11
|
+
|
12
|
+
def check_enabled(service,level=nil)
|
13
|
+
"lssrc -s #{escape(service)} | grep active"
|
14
|
+
end
|
15
|
+
|
16
|
+
def check_running(service)
|
17
|
+
"ps -ef | grep -v grep | grep #{escape(service)}"
|
18
|
+
end
|
19
|
+
|
20
|
+
def check_installed(package,version)
|
21
|
+
|
22
|
+
if version
|
23
|
+
"lslpp -L #{escape(package)} | awk '{print $2}' | grep -w -- #{version}"
|
24
|
+
else
|
25
|
+
"lslpp -L #{escape(package)}"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def check_listening(port)
|
30
|
+
regexp = "*.#{port} "
|
31
|
+
"netstat -an -f inet | awk '{print $4}' | grep -- #{regexp}"
|
32
|
+
#"netstat -an -f inet | awk '{print $4}' | grep -- #{escape(regexp)}"
|
33
|
+
end
|
34
|
+
|
35
|
+
def check_belonging_group(user, group)
|
36
|
+
"lsuser -a groups #{escape(user)} | awk -F'=' '{print $2}'| sed -e 's/,/ /g' |grep -w -- #{escape(group)}"
|
37
|
+
end
|
38
|
+
|
39
|
+
def check_gid(group, gid)
|
40
|
+
regexp = "^#{group}"
|
41
|
+
"cat etc/group | grep -w -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
|
42
|
+
end
|
43
|
+
|
44
|
+
def check_login_shell(user, path_to_shell)
|
45
|
+
"lsuser -a shell #{escape(user)} |awk -F'=' '{print $2}' | grep -w -- #{escape(path_to_shell)}"
|
46
|
+
end
|
47
|
+
|
48
|
+
def check_home_directory(user, path_to_home)
|
49
|
+
"lsuser -a home #{escape(user)} | awk -F'=' '{print $2}' | grep -w -- #{escape(path_to_home)}"
|
50
|
+
end
|
51
|
+
|
52
|
+
def check_mode(file, mode)
|
53
|
+
false unless sprintf("%o",File.stat(file).mode).slice!(3,3) == mode
|
54
|
+
end
|
55
|
+
|
56
|
+
def check_owner(file, owner)
|
57
|
+
regexp = "^#{owner}$"
|
58
|
+
"ls -al #{escape(file)} | awk '{print $3}' | grep -- #{escape(regexp)}"
|
59
|
+
end
|
60
|
+
|
61
|
+
def check_grouped(file, group)
|
62
|
+
regexp = "^#{group}$"
|
63
|
+
"ls -al #{escape(file)} | awk '{print $4}' | grep -- #{escape(regexp)}"
|
64
|
+
end
|
65
|
+
|
66
|
+
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/lib/serverspec/helper.rb
CHANGED
@@ -11,6 +11,7 @@ require 'serverspec/helper/puppet'
|
|
11
11
|
require 'serverspec/helper/redhat'
|
12
12
|
require 'serverspec/helper/debian'
|
13
13
|
require 'serverspec/helper/gentoo'
|
14
|
+
require 'serverspec/helper/aix'
|
14
15
|
require 'serverspec/helper/solaris'
|
15
16
|
require 'serverspec/helper/solaris10'
|
16
17
|
require 'serverspec/helper/solaris11'
|
data/lib/serverspec/version.rb
CHANGED
data/lib/serverspec.rb
CHANGED
@@ -11,6 +11,7 @@ require 'serverspec/commands/linux'
|
|
11
11
|
require 'serverspec/commands/redhat'
|
12
12
|
require 'serverspec/commands/debian'
|
13
13
|
require 'serverspec/commands/gentoo'
|
14
|
+
require 'serverspec/commands/aix'
|
14
15
|
require 'serverspec/commands/solaris'
|
15
16
|
require 'serverspec/commands/solaris10'
|
16
17
|
require 'serverspec/commands/solaris11'
|
@@ -35,6 +36,7 @@ RSpec.configure do |c|
|
|
35
36
|
c.include(Serverspec::Helper::RedHat, :os => :redhat)
|
36
37
|
c.include(Serverspec::Helper::Debian, :os => :debian)
|
37
38
|
c.include(Serverspec::Helper::Gentoo, :os => :gentoo)
|
39
|
+
c.include(Serverspec::Helper::Aix, :os => :aix)
|
38
40
|
c.include(Serverspec::Helper::Solaris, :os => :solaris)
|
39
41
|
c.include(Serverspec::Helper::Solaris10, :os => :solaris10)
|
40
42
|
c.include(Serverspec::Helper::Solaris11, :os => :solaris11)
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe command('cat /etc/resolv.conf') do
|
6
|
+
let(:stdout) { "nameserver 127.0.0.1\r\n" }
|
7
|
+
it { should return_stdout("nameserver 127.0.0.1") }
|
8
|
+
its(:command) { should eq 'cat /etc/resolv.conf' }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe 'complete matching of stdout' do
|
12
|
+
context command('cat /etc/resolv.conf') do
|
13
|
+
let(:stdout) { "foocontent-should-be-includedbar\r\n" }
|
14
|
+
it { should_not return_stdout('content-should-be-included') }
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
describe 'regexp matching of stdout' do
|
19
|
+
context command('cat /etc/resolv.conf') do
|
20
|
+
let(:stdout) { "nameserver 127.0.0.1\r\n" }
|
21
|
+
it { should return_stdout(/127\.0\.0\.1/) }
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe command('cat /etc/resolv.conf') do
|
26
|
+
let(:stdout) { "No such file or directory\r\n" }
|
27
|
+
it { should return_stderr("No such file or directory") }
|
28
|
+
its(:command) { should eq 'cat /etc/resolv.conf' }
|
29
|
+
end
|
30
|
+
|
31
|
+
describe 'complete matching of stderr' do
|
32
|
+
context command('cat /etc/resolv.conf') do
|
33
|
+
let(:stdout) { "No such file or directory\r\n" }
|
34
|
+
it { should_not return_stdout('file') }
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
describe 'regexp matching of stderr' do
|
39
|
+
context command('cat /etc/resolv.conf') do
|
40
|
+
let(:stdout) { "No such file or directory\r\n" }
|
41
|
+
it { should return_stderr(/file/) }
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
describe command('cat /etc/resolv.conf') do
|
46
|
+
it { should return_exit_status 0 }
|
47
|
+
its(:command) { should eq 'cat /etc/resolv.conf' }
|
48
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe 'check_yumrepo' do
|
6
|
+
subject { commands.check_yumrepo('epel') }
|
7
|
+
it { should eq 'yum repolist all -C | grep ^epel' }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe 'check_yumrepo_enabled' do
|
11
|
+
subject { commands.check_yumrepo_enabled('epel') }
|
12
|
+
it { should eq 'yum repolist all -C | grep ^epel | grep enabled' }
|
13
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe cron do
|
6
|
+
it { should have_entry '* * * * * /usr/local/bin/batch.sh' }
|
7
|
+
its(:command) { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe cron do
|
11
|
+
it { should_not have_entry 'invalid entry' }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe cron do
|
15
|
+
it { should have_entry('* * * * * /usr/local/bin/batch.sh').with_user('root') }
|
16
|
+
its(:command) { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe cron do
|
20
|
+
it { should_not have_entry('* * * * * /usr/local/bin/batch.sh').with_user('invalid-user') }
|
21
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe default_gateway do
|
6
|
+
let(:stdout) { "default via 192.168.1.1 dev eth1 \r\n" }
|
7
|
+
|
8
|
+
its(:ipaddress) { should eq '192.168.1.1' }
|
9
|
+
its(:command) { should eq "ip route | grep -E '^default |^default '" }
|
10
|
+
|
11
|
+
its(:interface) { should eq 'eth1' }
|
12
|
+
its(:command) { should eq "ip route | grep -E '^default |^default '" }
|
13
|
+
|
14
|
+
its(:ipaddress) { should_not eq '192.168.1.2' }
|
15
|
+
its(:interface) { should_not eq 'eth0' }
|
16
|
+
end
|
@@ -0,0 +1,395 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe file('/etc/ssh/sshd_config') do
|
6
|
+
it { should be_file }
|
7
|
+
its(:command) { should eq "test -f /etc/ssh/sshd_config" }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe file('/etc/invalid_file') do
|
11
|
+
it { should_not be_file }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe file('/etc/ssh') do
|
15
|
+
it { should be_directory }
|
16
|
+
its(:command) { should eq "test -d /etc/ssh" }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe file('/etc/invalid_directory') do
|
20
|
+
it { should_not be_directory }
|
21
|
+
end
|
22
|
+
|
23
|
+
describe file('/var/run/unicorn.sock') do
|
24
|
+
it { should be_socket }
|
25
|
+
its(:command) { should eq "test -S /var/run/unicorn.sock" }
|
26
|
+
end
|
27
|
+
|
28
|
+
describe file('/etc/invalid_socket') do
|
29
|
+
it { should_not be_socket }
|
30
|
+
end
|
31
|
+
|
32
|
+
describe file('/etc/ssh/sshd_config') do
|
33
|
+
it { should contain 'This is the sshd server system-wide configuration file' }
|
34
|
+
its(:command) { should eq "grep -q -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config || grep -qF -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
|
35
|
+
end
|
36
|
+
|
37
|
+
describe file('/etc/ssh/sshd_config') do
|
38
|
+
it { should contain /^This is the sshd server system-wide configuration file/ }
|
39
|
+
its(:command) { should eq "grep -q -- \\^This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config || grep -qF -- \\^This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
|
40
|
+
end
|
41
|
+
|
42
|
+
describe file('/etc/ssh/sshd_config') do
|
43
|
+
it { should_not contain 'This is invalid text!!' }
|
44
|
+
end
|
45
|
+
|
46
|
+
describe file('Gemfile') do
|
47
|
+
it { should contain('rspec').from(/^group :test do/).to(/^end/) }
|
48
|
+
its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec - || sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -qF -- rspec -" }
|
49
|
+
end
|
50
|
+
|
51
|
+
describe file('/etc/ssh/sshd_config') do
|
52
|
+
it { should_not contain('This is invalid text!!').from(/^group :test do/).to(/^end/) }
|
53
|
+
end
|
54
|
+
|
55
|
+
describe file('Gemfile') do
|
56
|
+
it { should contain('rspec').after(/^group :test do/) }
|
57
|
+
its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec - || sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -qF -- rspec -" }
|
58
|
+
end
|
59
|
+
|
60
|
+
describe file('/etc/ssh/sshd_config') do
|
61
|
+
it { should_not contain('This is invalid text!!').after(/^group :test do/) }
|
62
|
+
end
|
63
|
+
|
64
|
+
describe file('Gemfile') do
|
65
|
+
it { should contain('rspec').before(/^end/) }
|
66
|
+
its(:command) { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec - || sed -n 1,/\\^end/p Gemfile | grep -qF -- rspec -" }
|
67
|
+
end
|
68
|
+
|
69
|
+
describe file('/etc/ssh/sshd_config') do
|
70
|
+
it { should_not contain('This is invalid text!!').before(/^end/) }
|
71
|
+
end
|
72
|
+
|
73
|
+
describe file('/etc/passwd') do
|
74
|
+
it { should be_mode 644 }
|
75
|
+
its(:command) { should eq "stat -c %a /etc/passwd | grep -- \\^644\\$" }
|
76
|
+
end
|
77
|
+
|
78
|
+
describe file('/etc/passwd') do
|
79
|
+
it { should_not be_mode 'invalid' }
|
80
|
+
end
|
81
|
+
|
82
|
+
describe file('/etc/passwd') do
|
83
|
+
it { should be_owned_by 'root' }
|
84
|
+
its(:command) { should eq "stat -c %U /etc/passwd | grep -- \\^root\\$" }
|
85
|
+
end
|
86
|
+
|
87
|
+
describe file('/etc/passwd') do
|
88
|
+
it { should_not be_owned_by 'invalid-owner' }
|
89
|
+
end
|
90
|
+
|
91
|
+
describe file('/etc/passwd') do
|
92
|
+
it { should be_grouped_into 'root' }
|
93
|
+
its(:command) { should eq "stat -c %G /etc/passwd | grep -- \\^root\\$" }
|
94
|
+
end
|
95
|
+
|
96
|
+
describe file('/etc/passwd') do
|
97
|
+
it { should_not be_grouped_into 'invalid-group' }
|
98
|
+
end
|
99
|
+
|
100
|
+
describe file('/etc/pam.d/system-auth') do
|
101
|
+
it { should be_linked_to '/etc/pam.d/system-auth-ac' }
|
102
|
+
its(:command) { should eq "stat -c %N /etc/pam.d/system-auth | grep -- /etc/pam.d/system-auth-ac" }
|
103
|
+
end
|
104
|
+
|
105
|
+
describe file('dummy-link') do
|
106
|
+
it { should_not be_linked_to '/invalid/target' }
|
107
|
+
end
|
108
|
+
|
109
|
+
describe file('/dev') do
|
110
|
+
let(:stdout) { "755\r\n" }
|
111
|
+
it { should be_readable }
|
112
|
+
its(:command) { should eq "stat -c %a /dev" }
|
113
|
+
end
|
114
|
+
|
115
|
+
describe file('/dev') do
|
116
|
+
let(:stdout) { "333\r\n" }
|
117
|
+
it { should_not be_readable }
|
118
|
+
end
|
119
|
+
|
120
|
+
describe file('/dev') do
|
121
|
+
let(:stdout) { "400\r\n" }
|
122
|
+
it { should be_readable.by('owner') }
|
123
|
+
end
|
124
|
+
|
125
|
+
describe file('/dev') do
|
126
|
+
let(:stdout) { "044\r\n" }
|
127
|
+
it { should_not be_readable.by('owner') }
|
128
|
+
end
|
129
|
+
|
130
|
+
describe file('/dev') do
|
131
|
+
let(:stdout) { "040\r\n" }
|
132
|
+
it { should be_readable.by('group') }
|
133
|
+
end
|
134
|
+
|
135
|
+
describe file('/dev') do
|
136
|
+
let(:stdout) { "404\r\n" }
|
137
|
+
it { should_not be_readable.by('group') }
|
138
|
+
end
|
139
|
+
|
140
|
+
describe file('/dev') do
|
141
|
+
let(:stdout) { "044\r\n" }
|
142
|
+
it { should be_readable.by('others') }
|
143
|
+
end
|
144
|
+
|
145
|
+
describe file('/dev') do
|
146
|
+
let(:stdout) { "443\r\n" }
|
147
|
+
it { should_not be_readable.by('others') }
|
148
|
+
end
|
149
|
+
|
150
|
+
describe file('/tmp') do
|
151
|
+
it { should be_readable.by_user('mail') }
|
152
|
+
its(:command) { should eq "runuser -s /bin/sh -c \"test -r /tmp\" mail" }
|
153
|
+
end
|
154
|
+
|
155
|
+
describe file('/tmp') do
|
156
|
+
it { should_not be_readable.by_user('invalid-user') }
|
157
|
+
end
|
158
|
+
|
159
|
+
describe file('/dev') do
|
160
|
+
let(:stdout) { "755\r\n" }
|
161
|
+
it { should be_writable }
|
162
|
+
its(:command) { should eq "stat -c %a /dev" }
|
163
|
+
end
|
164
|
+
|
165
|
+
describe file('/dev') do
|
166
|
+
let(:stdout) { "555\r\n" }
|
167
|
+
it { should_not be_writable }
|
168
|
+
end
|
169
|
+
|
170
|
+
describe file('/dev') do
|
171
|
+
let(:stdout) { "200\r\n" }
|
172
|
+
it { should be_writable.by('owner') }
|
173
|
+
end
|
174
|
+
|
175
|
+
describe file('/dev') do
|
176
|
+
let(:stdout) { "555\r\n" }
|
177
|
+
it { should_not be_writable.by('owner') }
|
178
|
+
end
|
179
|
+
|
180
|
+
describe file('/dev') do
|
181
|
+
let(:stdout) { "030\r\n" }
|
182
|
+
it { should be_writable.by('group') }
|
183
|
+
end
|
184
|
+
|
185
|
+
describe file('/dev') do
|
186
|
+
let(:stdout) { "555\r\n" }
|
187
|
+
it { should_not be_writable.by('group') }
|
188
|
+
end
|
189
|
+
|
190
|
+
describe file('/dev') do
|
191
|
+
let(:stdout) { "666\r\n" }
|
192
|
+
it { should be_writable.by('others') }
|
193
|
+
end
|
194
|
+
|
195
|
+
describe file('/dev') do
|
196
|
+
let(:stdout) { "555\r\n" }
|
197
|
+
it { should_not be_writable.by('others') }
|
198
|
+
end
|
199
|
+
|
200
|
+
describe file('/tmp') do
|
201
|
+
it { should be_writable.by_user('mail') }
|
202
|
+
its(:command) { should eq "runuser -s /bin/sh -c \"test -w /tmp\" mail" }
|
203
|
+
end
|
204
|
+
|
205
|
+
describe file('/tmp') do
|
206
|
+
it { should_not be_writable.by_user('invalid-user') }
|
207
|
+
end
|
208
|
+
|
209
|
+
describe file('/dev') do
|
210
|
+
let(:stdout) { "755\r\n" }
|
211
|
+
it { should be_executable }
|
212
|
+
its(:command) { should eq "stat -c %a /dev" }
|
213
|
+
end
|
214
|
+
|
215
|
+
describe file('/dev') do
|
216
|
+
let(:stdout) { "666\r\n" }
|
217
|
+
it { should_not be_executable }
|
218
|
+
end
|
219
|
+
|
220
|
+
describe file('/dev') do
|
221
|
+
let(:stdout) { "100\r\n" }
|
222
|
+
it { should be_executable.by('owner') }
|
223
|
+
end
|
224
|
+
|
225
|
+
describe file('/dev') do
|
226
|
+
let(:stdout) { "666\r\n" }
|
227
|
+
it { should_not be_executable.by('owner') }
|
228
|
+
end
|
229
|
+
|
230
|
+
describe file('/dev') do
|
231
|
+
let(:stdout) { "070\r\n" }
|
232
|
+
it { should be_executable.by('group') }
|
233
|
+
end
|
234
|
+
|
235
|
+
describe file('/dev') do
|
236
|
+
let(:stdout) { "666\r\n" }
|
237
|
+
it { should_not be_executable.by('group') }
|
238
|
+
end
|
239
|
+
|
240
|
+
describe file('/dev') do
|
241
|
+
let(:stdout) { "001\r\n" }
|
242
|
+
it { should be_executable.by('others') }
|
243
|
+
end
|
244
|
+
|
245
|
+
describe file('/dev') do
|
246
|
+
let(:stdout) { "666\r\n" }
|
247
|
+
it { should_not be_executable.by('others') }
|
248
|
+
end
|
249
|
+
|
250
|
+
describe file('/tmp') do
|
251
|
+
it { should be_executable.by_user('mail') }
|
252
|
+
its(:command) { should eq "runuser -s /bin/sh -c \"test -x /tmp\" mail" }
|
253
|
+
end
|
254
|
+
|
255
|
+
describe file('/tmp') do
|
256
|
+
it { should_not be_executable.by_user('invalid-user') }
|
257
|
+
end
|
258
|
+
|
259
|
+
describe file('/') do
|
260
|
+
it { should be_mounted }
|
261
|
+
its(:command) { should eq "mount | grep -w -- on\\ /" }
|
262
|
+
end
|
263
|
+
|
264
|
+
describe file('/etc/invalid-mount') do
|
265
|
+
it { should_not be_mounted }
|
266
|
+
end
|
267
|
+
|
268
|
+
describe file('/') do
|
269
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
270
|
+
it { should be_mounted.with( :type => 'ext4' ) }
|
271
|
+
end
|
272
|
+
|
273
|
+
describe file('/') do
|
274
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
275
|
+
it { should be_mounted.with( :type => 'ext4', :options => { :rw => true } ) }
|
276
|
+
end
|
277
|
+
|
278
|
+
describe file('/') do
|
279
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
280
|
+
it { should be_mounted.with( :type => 'ext4', :options => { :mode => 620 } ) }
|
281
|
+
end
|
282
|
+
|
283
|
+
describe file('/') do
|
284
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
285
|
+
it { should be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_root' ) }
|
286
|
+
end
|
287
|
+
|
288
|
+
describe file('/') do
|
289
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
290
|
+
it { should_not be_mounted.with( :type => 'xfs' ) }
|
291
|
+
end
|
292
|
+
|
293
|
+
describe file('/') do
|
294
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
295
|
+
it { should_not be_mounted.with( :type => 'ext4', :options => { :rw => false } ) }
|
296
|
+
end
|
297
|
+
|
298
|
+
describe file('/') do
|
299
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
300
|
+
it { should_not be_mounted.with( :type => 'ext4', :options => { :mode => 600 } ) }
|
301
|
+
end
|
302
|
+
|
303
|
+
describe file('/') do
|
304
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
305
|
+
it { should_not be_mounted.with( :type => 'xfs', :device => '/dev/mapper/VolGroup-lv_root' ) }
|
306
|
+
end
|
307
|
+
|
308
|
+
describe file('/') do
|
309
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
310
|
+
it { should_not be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_r00t' ) }
|
311
|
+
end
|
312
|
+
|
313
|
+
describe file('/etc/invalid-mount') do
|
314
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
315
|
+
it { should_not be_mounted.with( :type => 'ext4' ) }
|
316
|
+
end
|
317
|
+
|
318
|
+
describe file('/') do
|
319
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
320
|
+
it do
|
321
|
+
should be_mounted.only_with(
|
322
|
+
:device => '/dev/mapper/VolGroup-lv_root',
|
323
|
+
:type => 'ext4',
|
324
|
+
:options => {
|
325
|
+
:rw => true,
|
326
|
+
:mode => 620,
|
327
|
+
}
|
328
|
+
)
|
329
|
+
end
|
330
|
+
end
|
331
|
+
|
332
|
+
describe file('/') do
|
333
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
334
|
+
it do
|
335
|
+
should_not be_mounted.only_with(
|
336
|
+
:device => '/dev/mapper/VolGroup-lv_root',
|
337
|
+
:type => 'ext4',
|
338
|
+
:options => {
|
339
|
+
:rw => true,
|
340
|
+
:mode => 620,
|
341
|
+
:bind => true,
|
342
|
+
}
|
343
|
+
)
|
344
|
+
end
|
345
|
+
end
|
346
|
+
|
347
|
+
describe file('/') do
|
348
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
349
|
+
it do
|
350
|
+
should_not be_mounted.only_with(
|
351
|
+
:device => '/dev/mapper/VolGroup-lv_root',
|
352
|
+
:type => 'ext4',
|
353
|
+
:options => {
|
354
|
+
:rw => true,
|
355
|
+
}
|
356
|
+
)
|
357
|
+
end
|
358
|
+
end
|
359
|
+
|
360
|
+
describe file('/') do
|
361
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
362
|
+
it do
|
363
|
+
should_not be_mounted.only_with(
|
364
|
+
:device => '/dev/mapper/VolGroup-lv_roooooooooot',
|
365
|
+
:type => 'ext4',
|
366
|
+
:options => {
|
367
|
+
:rw => true,
|
368
|
+
:mode => 620,
|
369
|
+
}
|
370
|
+
)
|
371
|
+
end
|
372
|
+
end
|
373
|
+
|
374
|
+
describe file('/etc/invalid-mount') do
|
375
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
376
|
+
it { should_not be_mounted.only_with( :type => 'ext4' ) }
|
377
|
+
end
|
378
|
+
|
379
|
+
describe file('/etc/services') do
|
380
|
+
it { should match_md5checksum '35435ea447c19f0ea5ef971837ab9ced' }
|
381
|
+
its(:command) { should eq "md5sum /etc/services | grep -iw -- \\^35435ea447c19f0ea5ef971837ab9ced" }
|
382
|
+
end
|
383
|
+
|
384
|
+
describe file('invalid-file') do
|
385
|
+
it { should_not match_md5checksum 'INVALIDMD5CHECKSUM' }
|
386
|
+
end
|
387
|
+
|
388
|
+
describe file('/etc/services') do
|
389
|
+
it { should match_sha256checksum '0c3feee1353a8459f8c7d84885e6bc602ef853751ffdbce3e3b6dfa1d345fc7a' }
|
390
|
+
its(:command) { should eq "sha256sum /etc/services | grep -iw -- \\^0c3feee1353a8459f8c7d84885e6bc602ef853751ffdbce3e3b6dfa1d345fc7a" }
|
391
|
+
end
|
392
|
+
|
393
|
+
describe file('invalid-file') do
|
394
|
+
it { should_not match_sha256checksum 'INVALIDSHA256CHECKSUM' }
|
395
|
+
end
|