serverspec 0.9.1 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Rakefile +1 -1
- data/lib/serverspec/backend/exec.rb +2 -0
- data/lib/serverspec/commands/aix.rb +69 -0
- data/lib/serverspec/helper/aix.rb +9 -0
- data/lib/serverspec/helper.rb +1 -0
- data/lib/serverspec/version.rb +1 -1
- data/lib/serverspec.rb +2 -0
- data/spec/aix/command_spec.rb +48 -0
- data/spec/aix/commands_spec.rb +13 -0
- data/spec/aix/cron_spec.rb +21 -0
- data/spec/aix/default_gateway_spec.rb +16 -0
- data/spec/aix/file_spec.rb +395 -0
- data/spec/aix/group_spec.rb +21 -0
- data/spec/aix/host_spec.rb +58 -0
- data/spec/aix/interface_spec.rb +24 -0
- data/spec/aix/iptables_spec.rb +21 -0
- data/spec/aix/kernel_module_spec.rb +12 -0
- data/spec/aix/linux_kernel_parameter_spec.rb +36 -0
- data/spec/aix/package_spec.rb +94 -0
- data/spec/aix/php_config_spec.rb +36 -0
- data/spec/aix/port_spec.rb +30 -0
- data/spec/aix/routing_table_spec.rb +120 -0
- data/spec/aix/selinux_spec.rb +18 -0
- data/spec/aix/service_spec.rb +93 -0
- data/spec/aix/user_spec.rb +58 -0
- data/spec/aix/yumrepo_spec.rb +25 -0
- data/spec/aix/zfs_spec.rb +18 -0
- metadata +43 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4eeced11ef9fa8cc2353a2747706ced43e97558
|
4
|
+
data.tar.gz: 845034cbc6d34d36a2a3566a39b34f19f924fd48
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1eea47c5f65a3dcfa6664352c3d718e4045201dd37f2630b5a7c866fa652074c2350c09e1d63c666bed9454177867f7e2c343beda9735e6d6549b227e017e155
|
7
|
+
data.tar.gz: db04934904b9bba0336c00bb3883449e68f4c36c80efa903de168e4785bc5c1f13dc0693989c3a96c83c93150dc38bda925fe3fbcea82db4dc1c1e2a3ed6988c
|
data/Rakefile
CHANGED
@@ -4,7 +4,7 @@ require 'rspec/core/rake_task'
|
|
4
4
|
task :spec => 'spec:all'
|
5
5
|
|
6
6
|
namespace :spec do
|
7
|
-
oses = %w( darwin debian gentoo redhat solaris solaris10 solaris11 smartos windows)
|
7
|
+
oses = %w( darwin debian gentoo redhat aix solaris solaris10 solaris11 smartos windows)
|
8
8
|
|
9
9
|
task :all => [ oses.map {|os| "spec:#{os}" }, :helpers, :exec, :ssh, :cmd, :winrm, :powershell ].flatten
|
10
10
|
|
@@ -166,6 +166,8 @@ module Serverspec
|
|
166
166
|
'Debian'
|
167
167
|
elsif run_command('ls /etc/gentoo-release')[:exit_status] == 0
|
168
168
|
'Gentoo'
|
169
|
+
elsif run_command('uname -s')[:stdout] =~ /AIX/i
|
170
|
+
'Aix'
|
169
171
|
elsif (os = run_command('uname -sr')[:stdout]) && os =~ /SunOS/i
|
170
172
|
if os =~ /5.10/
|
171
173
|
'Solaris10'
|
@@ -0,0 +1,69 @@
|
|
1
|
+
require 'shellwords'
|
2
|
+
|
3
|
+
module Serverspec
|
4
|
+
module Commands
|
5
|
+
class Aix < Base
|
6
|
+
class NotImplementedError < Exception; end
|
7
|
+
|
8
|
+
def check_access_by_user(file, user, access)
|
9
|
+
"su -s sh -c \"test -#{access} #{file}\" #{user}"
|
10
|
+
end
|
11
|
+
|
12
|
+
def check_enabled(service,level=nil)
|
13
|
+
"lssrc -s #{escape(service)} | grep active"
|
14
|
+
end
|
15
|
+
|
16
|
+
def check_running(service)
|
17
|
+
"ps -ef | grep -v grep | grep #{escape(service)}"
|
18
|
+
end
|
19
|
+
|
20
|
+
def check_installed(package,version)
|
21
|
+
|
22
|
+
if version
|
23
|
+
"lslpp -L #{escape(package)} | awk '{print $2}' | grep -w -- #{version}"
|
24
|
+
else
|
25
|
+
"lslpp -L #{escape(package)}"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def check_listening(port)
|
30
|
+
regexp = "*.#{port} "
|
31
|
+
"netstat -an -f inet | awk '{print $4}' | grep -- #{regexp}"
|
32
|
+
#"netstat -an -f inet | awk '{print $4}' | grep -- #{escape(regexp)}"
|
33
|
+
end
|
34
|
+
|
35
|
+
def check_belonging_group(user, group)
|
36
|
+
"lsuser -a groups #{escape(user)} | awk -F'=' '{print $2}'| sed -e 's/,/ /g' |grep -w -- #{escape(group)}"
|
37
|
+
end
|
38
|
+
|
39
|
+
def check_gid(group, gid)
|
40
|
+
regexp = "^#{group}"
|
41
|
+
"cat etc/group | grep -w -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
|
42
|
+
end
|
43
|
+
|
44
|
+
def check_login_shell(user, path_to_shell)
|
45
|
+
"lsuser -a shell #{escape(user)} |awk -F'=' '{print $2}' | grep -w -- #{escape(path_to_shell)}"
|
46
|
+
end
|
47
|
+
|
48
|
+
def check_home_directory(user, path_to_home)
|
49
|
+
"lsuser -a home #{escape(user)} | awk -F'=' '{print $2}' | grep -w -- #{escape(path_to_home)}"
|
50
|
+
end
|
51
|
+
|
52
|
+
def check_mode(file, mode)
|
53
|
+
false unless sprintf("%o",File.stat(file).mode).slice!(3,3) == mode
|
54
|
+
end
|
55
|
+
|
56
|
+
def check_owner(file, owner)
|
57
|
+
regexp = "^#{owner}$"
|
58
|
+
"ls -al #{escape(file)} | awk '{print $3}' | grep -- #{escape(regexp)}"
|
59
|
+
end
|
60
|
+
|
61
|
+
def check_grouped(file, group)
|
62
|
+
regexp = "^#{group}$"
|
63
|
+
"ls -al #{escape(file)} | awk '{print $4}' | grep -- #{escape(regexp)}"
|
64
|
+
end
|
65
|
+
|
66
|
+
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/lib/serverspec/helper.rb
CHANGED
@@ -11,6 +11,7 @@ require 'serverspec/helper/puppet'
|
|
11
11
|
require 'serverspec/helper/redhat'
|
12
12
|
require 'serverspec/helper/debian'
|
13
13
|
require 'serverspec/helper/gentoo'
|
14
|
+
require 'serverspec/helper/aix'
|
14
15
|
require 'serverspec/helper/solaris'
|
15
16
|
require 'serverspec/helper/solaris10'
|
16
17
|
require 'serverspec/helper/solaris11'
|
data/lib/serverspec/version.rb
CHANGED
data/lib/serverspec.rb
CHANGED
@@ -11,6 +11,7 @@ require 'serverspec/commands/linux'
|
|
11
11
|
require 'serverspec/commands/redhat'
|
12
12
|
require 'serverspec/commands/debian'
|
13
13
|
require 'serverspec/commands/gentoo'
|
14
|
+
require 'serverspec/commands/aix'
|
14
15
|
require 'serverspec/commands/solaris'
|
15
16
|
require 'serverspec/commands/solaris10'
|
16
17
|
require 'serverspec/commands/solaris11'
|
@@ -35,6 +36,7 @@ RSpec.configure do |c|
|
|
35
36
|
c.include(Serverspec::Helper::RedHat, :os => :redhat)
|
36
37
|
c.include(Serverspec::Helper::Debian, :os => :debian)
|
37
38
|
c.include(Serverspec::Helper::Gentoo, :os => :gentoo)
|
39
|
+
c.include(Serverspec::Helper::Aix, :os => :aix)
|
38
40
|
c.include(Serverspec::Helper::Solaris, :os => :solaris)
|
39
41
|
c.include(Serverspec::Helper::Solaris10, :os => :solaris10)
|
40
42
|
c.include(Serverspec::Helper::Solaris11, :os => :solaris11)
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe command('cat /etc/resolv.conf') do
|
6
|
+
let(:stdout) { "nameserver 127.0.0.1\r\n" }
|
7
|
+
it { should return_stdout("nameserver 127.0.0.1") }
|
8
|
+
its(:command) { should eq 'cat /etc/resolv.conf' }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe 'complete matching of stdout' do
|
12
|
+
context command('cat /etc/resolv.conf') do
|
13
|
+
let(:stdout) { "foocontent-should-be-includedbar\r\n" }
|
14
|
+
it { should_not return_stdout('content-should-be-included') }
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
describe 'regexp matching of stdout' do
|
19
|
+
context command('cat /etc/resolv.conf') do
|
20
|
+
let(:stdout) { "nameserver 127.0.0.1\r\n" }
|
21
|
+
it { should return_stdout(/127\.0\.0\.1/) }
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe command('cat /etc/resolv.conf') do
|
26
|
+
let(:stdout) { "No such file or directory\r\n" }
|
27
|
+
it { should return_stderr("No such file or directory") }
|
28
|
+
its(:command) { should eq 'cat /etc/resolv.conf' }
|
29
|
+
end
|
30
|
+
|
31
|
+
describe 'complete matching of stderr' do
|
32
|
+
context command('cat /etc/resolv.conf') do
|
33
|
+
let(:stdout) { "No such file or directory\r\n" }
|
34
|
+
it { should_not return_stdout('file') }
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
describe 'regexp matching of stderr' do
|
39
|
+
context command('cat /etc/resolv.conf') do
|
40
|
+
let(:stdout) { "No such file or directory\r\n" }
|
41
|
+
it { should return_stderr(/file/) }
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
describe command('cat /etc/resolv.conf') do
|
46
|
+
it { should return_exit_status 0 }
|
47
|
+
its(:command) { should eq 'cat /etc/resolv.conf' }
|
48
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe 'check_yumrepo' do
|
6
|
+
subject { commands.check_yumrepo('epel') }
|
7
|
+
it { should eq 'yum repolist all -C | grep ^epel' }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe 'check_yumrepo_enabled' do
|
11
|
+
subject { commands.check_yumrepo_enabled('epel') }
|
12
|
+
it { should eq 'yum repolist all -C | grep ^epel | grep enabled' }
|
13
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe cron do
|
6
|
+
it { should have_entry '* * * * * /usr/local/bin/batch.sh' }
|
7
|
+
its(:command) { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe cron do
|
11
|
+
it { should_not have_entry 'invalid entry' }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe cron do
|
15
|
+
it { should have_entry('* * * * * /usr/local/bin/batch.sh').with_user('root') }
|
16
|
+
its(:command) { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe cron do
|
20
|
+
it { should_not have_entry('* * * * * /usr/local/bin/batch.sh').with_user('invalid-user') }
|
21
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe default_gateway do
|
6
|
+
let(:stdout) { "default via 192.168.1.1 dev eth1 \r\n" }
|
7
|
+
|
8
|
+
its(:ipaddress) { should eq '192.168.1.1' }
|
9
|
+
its(:command) { should eq "ip route | grep -E '^default |^default '" }
|
10
|
+
|
11
|
+
its(:interface) { should eq 'eth1' }
|
12
|
+
its(:command) { should eq "ip route | grep -E '^default |^default '" }
|
13
|
+
|
14
|
+
its(:ipaddress) { should_not eq '192.168.1.2' }
|
15
|
+
its(:interface) { should_not eq 'eth0' }
|
16
|
+
end
|
@@ -0,0 +1,395 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include Serverspec::Helper::RedHat
|
4
|
+
|
5
|
+
describe file('/etc/ssh/sshd_config') do
|
6
|
+
it { should be_file }
|
7
|
+
its(:command) { should eq "test -f /etc/ssh/sshd_config" }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe file('/etc/invalid_file') do
|
11
|
+
it { should_not be_file }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe file('/etc/ssh') do
|
15
|
+
it { should be_directory }
|
16
|
+
its(:command) { should eq "test -d /etc/ssh" }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe file('/etc/invalid_directory') do
|
20
|
+
it { should_not be_directory }
|
21
|
+
end
|
22
|
+
|
23
|
+
describe file('/var/run/unicorn.sock') do
|
24
|
+
it { should be_socket }
|
25
|
+
its(:command) { should eq "test -S /var/run/unicorn.sock" }
|
26
|
+
end
|
27
|
+
|
28
|
+
describe file('/etc/invalid_socket') do
|
29
|
+
it { should_not be_socket }
|
30
|
+
end
|
31
|
+
|
32
|
+
describe file('/etc/ssh/sshd_config') do
|
33
|
+
it { should contain 'This is the sshd server system-wide configuration file' }
|
34
|
+
its(:command) { should eq "grep -q -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config || grep -qF -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
|
35
|
+
end
|
36
|
+
|
37
|
+
describe file('/etc/ssh/sshd_config') do
|
38
|
+
it { should contain /^This is the sshd server system-wide configuration file/ }
|
39
|
+
its(:command) { should eq "grep -q -- \\^This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config || grep -qF -- \\^This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
|
40
|
+
end
|
41
|
+
|
42
|
+
describe file('/etc/ssh/sshd_config') do
|
43
|
+
it { should_not contain 'This is invalid text!!' }
|
44
|
+
end
|
45
|
+
|
46
|
+
describe file('Gemfile') do
|
47
|
+
it { should contain('rspec').from(/^group :test do/).to(/^end/) }
|
48
|
+
its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec - || sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -qF -- rspec -" }
|
49
|
+
end
|
50
|
+
|
51
|
+
describe file('/etc/ssh/sshd_config') do
|
52
|
+
it { should_not contain('This is invalid text!!').from(/^group :test do/).to(/^end/) }
|
53
|
+
end
|
54
|
+
|
55
|
+
describe file('Gemfile') do
|
56
|
+
it { should contain('rspec').after(/^group :test do/) }
|
57
|
+
its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec - || sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -qF -- rspec -" }
|
58
|
+
end
|
59
|
+
|
60
|
+
describe file('/etc/ssh/sshd_config') do
|
61
|
+
it { should_not contain('This is invalid text!!').after(/^group :test do/) }
|
62
|
+
end
|
63
|
+
|
64
|
+
describe file('Gemfile') do
|
65
|
+
it { should contain('rspec').before(/^end/) }
|
66
|
+
its(:command) { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec - || sed -n 1,/\\^end/p Gemfile | grep -qF -- rspec -" }
|
67
|
+
end
|
68
|
+
|
69
|
+
describe file('/etc/ssh/sshd_config') do
|
70
|
+
it { should_not contain('This is invalid text!!').before(/^end/) }
|
71
|
+
end
|
72
|
+
|
73
|
+
describe file('/etc/passwd') do
|
74
|
+
it { should be_mode 644 }
|
75
|
+
its(:command) { should eq "stat -c %a /etc/passwd | grep -- \\^644\\$" }
|
76
|
+
end
|
77
|
+
|
78
|
+
describe file('/etc/passwd') do
|
79
|
+
it { should_not be_mode 'invalid' }
|
80
|
+
end
|
81
|
+
|
82
|
+
describe file('/etc/passwd') do
|
83
|
+
it { should be_owned_by 'root' }
|
84
|
+
its(:command) { should eq "stat -c %U /etc/passwd | grep -- \\^root\\$" }
|
85
|
+
end
|
86
|
+
|
87
|
+
describe file('/etc/passwd') do
|
88
|
+
it { should_not be_owned_by 'invalid-owner' }
|
89
|
+
end
|
90
|
+
|
91
|
+
describe file('/etc/passwd') do
|
92
|
+
it { should be_grouped_into 'root' }
|
93
|
+
its(:command) { should eq "stat -c %G /etc/passwd | grep -- \\^root\\$" }
|
94
|
+
end
|
95
|
+
|
96
|
+
describe file('/etc/passwd') do
|
97
|
+
it { should_not be_grouped_into 'invalid-group' }
|
98
|
+
end
|
99
|
+
|
100
|
+
describe file('/etc/pam.d/system-auth') do
|
101
|
+
it { should be_linked_to '/etc/pam.d/system-auth-ac' }
|
102
|
+
its(:command) { should eq "stat -c %N /etc/pam.d/system-auth | grep -- /etc/pam.d/system-auth-ac" }
|
103
|
+
end
|
104
|
+
|
105
|
+
describe file('dummy-link') do
|
106
|
+
it { should_not be_linked_to '/invalid/target' }
|
107
|
+
end
|
108
|
+
|
109
|
+
describe file('/dev') do
|
110
|
+
let(:stdout) { "755\r\n" }
|
111
|
+
it { should be_readable }
|
112
|
+
its(:command) { should eq "stat -c %a /dev" }
|
113
|
+
end
|
114
|
+
|
115
|
+
describe file('/dev') do
|
116
|
+
let(:stdout) { "333\r\n" }
|
117
|
+
it { should_not be_readable }
|
118
|
+
end
|
119
|
+
|
120
|
+
describe file('/dev') do
|
121
|
+
let(:stdout) { "400\r\n" }
|
122
|
+
it { should be_readable.by('owner') }
|
123
|
+
end
|
124
|
+
|
125
|
+
describe file('/dev') do
|
126
|
+
let(:stdout) { "044\r\n" }
|
127
|
+
it { should_not be_readable.by('owner') }
|
128
|
+
end
|
129
|
+
|
130
|
+
describe file('/dev') do
|
131
|
+
let(:stdout) { "040\r\n" }
|
132
|
+
it { should be_readable.by('group') }
|
133
|
+
end
|
134
|
+
|
135
|
+
describe file('/dev') do
|
136
|
+
let(:stdout) { "404\r\n" }
|
137
|
+
it { should_not be_readable.by('group') }
|
138
|
+
end
|
139
|
+
|
140
|
+
describe file('/dev') do
|
141
|
+
let(:stdout) { "044\r\n" }
|
142
|
+
it { should be_readable.by('others') }
|
143
|
+
end
|
144
|
+
|
145
|
+
describe file('/dev') do
|
146
|
+
let(:stdout) { "443\r\n" }
|
147
|
+
it { should_not be_readable.by('others') }
|
148
|
+
end
|
149
|
+
|
150
|
+
describe file('/tmp') do
|
151
|
+
it { should be_readable.by_user('mail') }
|
152
|
+
its(:command) { should eq "runuser -s /bin/sh -c \"test -r /tmp\" mail" }
|
153
|
+
end
|
154
|
+
|
155
|
+
describe file('/tmp') do
|
156
|
+
it { should_not be_readable.by_user('invalid-user') }
|
157
|
+
end
|
158
|
+
|
159
|
+
describe file('/dev') do
|
160
|
+
let(:stdout) { "755\r\n" }
|
161
|
+
it { should be_writable }
|
162
|
+
its(:command) { should eq "stat -c %a /dev" }
|
163
|
+
end
|
164
|
+
|
165
|
+
describe file('/dev') do
|
166
|
+
let(:stdout) { "555\r\n" }
|
167
|
+
it { should_not be_writable }
|
168
|
+
end
|
169
|
+
|
170
|
+
describe file('/dev') do
|
171
|
+
let(:stdout) { "200\r\n" }
|
172
|
+
it { should be_writable.by('owner') }
|
173
|
+
end
|
174
|
+
|
175
|
+
describe file('/dev') do
|
176
|
+
let(:stdout) { "555\r\n" }
|
177
|
+
it { should_not be_writable.by('owner') }
|
178
|
+
end
|
179
|
+
|
180
|
+
describe file('/dev') do
|
181
|
+
let(:stdout) { "030\r\n" }
|
182
|
+
it { should be_writable.by('group') }
|
183
|
+
end
|
184
|
+
|
185
|
+
describe file('/dev') do
|
186
|
+
let(:stdout) { "555\r\n" }
|
187
|
+
it { should_not be_writable.by('group') }
|
188
|
+
end
|
189
|
+
|
190
|
+
describe file('/dev') do
|
191
|
+
let(:stdout) { "666\r\n" }
|
192
|
+
it { should be_writable.by('others') }
|
193
|
+
end
|
194
|
+
|
195
|
+
describe file('/dev') do
|
196
|
+
let(:stdout) { "555\r\n" }
|
197
|
+
it { should_not be_writable.by('others') }
|
198
|
+
end
|
199
|
+
|
200
|
+
describe file('/tmp') do
|
201
|
+
it { should be_writable.by_user('mail') }
|
202
|
+
its(:command) { should eq "runuser -s /bin/sh -c \"test -w /tmp\" mail" }
|
203
|
+
end
|
204
|
+
|
205
|
+
describe file('/tmp') do
|
206
|
+
it { should_not be_writable.by_user('invalid-user') }
|
207
|
+
end
|
208
|
+
|
209
|
+
describe file('/dev') do
|
210
|
+
let(:stdout) { "755\r\n" }
|
211
|
+
it { should be_executable }
|
212
|
+
its(:command) { should eq "stat -c %a /dev" }
|
213
|
+
end
|
214
|
+
|
215
|
+
describe file('/dev') do
|
216
|
+
let(:stdout) { "666\r\n" }
|
217
|
+
it { should_not be_executable }
|
218
|
+
end
|
219
|
+
|
220
|
+
describe file('/dev') do
|
221
|
+
let(:stdout) { "100\r\n" }
|
222
|
+
it { should be_executable.by('owner') }
|
223
|
+
end
|
224
|
+
|
225
|
+
describe file('/dev') do
|
226
|
+
let(:stdout) { "666\r\n" }
|
227
|
+
it { should_not be_executable.by('owner') }
|
228
|
+
end
|
229
|
+
|
230
|
+
describe file('/dev') do
|
231
|
+
let(:stdout) { "070\r\n" }
|
232
|
+
it { should be_executable.by('group') }
|
233
|
+
end
|
234
|
+
|
235
|
+
describe file('/dev') do
|
236
|
+
let(:stdout) { "666\r\n" }
|
237
|
+
it { should_not be_executable.by('group') }
|
238
|
+
end
|
239
|
+
|
240
|
+
describe file('/dev') do
|
241
|
+
let(:stdout) { "001\r\n" }
|
242
|
+
it { should be_executable.by('others') }
|
243
|
+
end
|
244
|
+
|
245
|
+
describe file('/dev') do
|
246
|
+
let(:stdout) { "666\r\n" }
|
247
|
+
it { should_not be_executable.by('others') }
|
248
|
+
end
|
249
|
+
|
250
|
+
describe file('/tmp') do
|
251
|
+
it { should be_executable.by_user('mail') }
|
252
|
+
its(:command) { should eq "runuser -s /bin/sh -c \"test -x /tmp\" mail" }
|
253
|
+
end
|
254
|
+
|
255
|
+
describe file('/tmp') do
|
256
|
+
it { should_not be_executable.by_user('invalid-user') }
|
257
|
+
end
|
258
|
+
|
259
|
+
describe file('/') do
|
260
|
+
it { should be_mounted }
|
261
|
+
its(:command) { should eq "mount | grep -w -- on\\ /" }
|
262
|
+
end
|
263
|
+
|
264
|
+
describe file('/etc/invalid-mount') do
|
265
|
+
it { should_not be_mounted }
|
266
|
+
end
|
267
|
+
|
268
|
+
describe file('/') do
|
269
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
270
|
+
it { should be_mounted.with( :type => 'ext4' ) }
|
271
|
+
end
|
272
|
+
|
273
|
+
describe file('/') do
|
274
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
275
|
+
it { should be_mounted.with( :type => 'ext4', :options => { :rw => true } ) }
|
276
|
+
end
|
277
|
+
|
278
|
+
describe file('/') do
|
279
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
280
|
+
it { should be_mounted.with( :type => 'ext4', :options => { :mode => 620 } ) }
|
281
|
+
end
|
282
|
+
|
283
|
+
describe file('/') do
|
284
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
285
|
+
it { should be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_root' ) }
|
286
|
+
end
|
287
|
+
|
288
|
+
describe file('/') do
|
289
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
290
|
+
it { should_not be_mounted.with( :type => 'xfs' ) }
|
291
|
+
end
|
292
|
+
|
293
|
+
describe file('/') do
|
294
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
295
|
+
it { should_not be_mounted.with( :type => 'ext4', :options => { :rw => false } ) }
|
296
|
+
end
|
297
|
+
|
298
|
+
describe file('/') do
|
299
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
300
|
+
it { should_not be_mounted.with( :type => 'ext4', :options => { :mode => 600 } ) }
|
301
|
+
end
|
302
|
+
|
303
|
+
describe file('/') do
|
304
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
305
|
+
it { should_not be_mounted.with( :type => 'xfs', :device => '/dev/mapper/VolGroup-lv_root' ) }
|
306
|
+
end
|
307
|
+
|
308
|
+
describe file('/') do
|
309
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
310
|
+
it { should_not be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_r00t' ) }
|
311
|
+
end
|
312
|
+
|
313
|
+
describe file('/etc/invalid-mount') do
|
314
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
315
|
+
it { should_not be_mounted.with( :type => 'ext4' ) }
|
316
|
+
end
|
317
|
+
|
318
|
+
describe file('/') do
|
319
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
320
|
+
it do
|
321
|
+
should be_mounted.only_with(
|
322
|
+
:device => '/dev/mapper/VolGroup-lv_root',
|
323
|
+
:type => 'ext4',
|
324
|
+
:options => {
|
325
|
+
:rw => true,
|
326
|
+
:mode => 620,
|
327
|
+
}
|
328
|
+
)
|
329
|
+
end
|
330
|
+
end
|
331
|
+
|
332
|
+
describe file('/') do
|
333
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
334
|
+
it do
|
335
|
+
should_not be_mounted.only_with(
|
336
|
+
:device => '/dev/mapper/VolGroup-lv_root',
|
337
|
+
:type => 'ext4',
|
338
|
+
:options => {
|
339
|
+
:rw => true,
|
340
|
+
:mode => 620,
|
341
|
+
:bind => true,
|
342
|
+
}
|
343
|
+
)
|
344
|
+
end
|
345
|
+
end
|
346
|
+
|
347
|
+
describe file('/') do
|
348
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
349
|
+
it do
|
350
|
+
should_not be_mounted.only_with(
|
351
|
+
:device => '/dev/mapper/VolGroup-lv_root',
|
352
|
+
:type => 'ext4',
|
353
|
+
:options => {
|
354
|
+
:rw => true,
|
355
|
+
}
|
356
|
+
)
|
357
|
+
end
|
358
|
+
end
|
359
|
+
|
360
|
+
describe file('/') do
|
361
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
362
|
+
it do
|
363
|
+
should_not be_mounted.only_with(
|
364
|
+
:device => '/dev/mapper/VolGroup-lv_roooooooooot',
|
365
|
+
:type => 'ext4',
|
366
|
+
:options => {
|
367
|
+
:rw => true,
|
368
|
+
:mode => 620,
|
369
|
+
}
|
370
|
+
)
|
371
|
+
end
|
372
|
+
end
|
373
|
+
|
374
|
+
describe file('/etc/invalid-mount') do
|
375
|
+
let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
|
376
|
+
it { should_not be_mounted.only_with( :type => 'ext4' ) }
|
377
|
+
end
|
378
|
+
|
379
|
+
describe file('/etc/services') do
|
380
|
+
it { should match_md5checksum '35435ea447c19f0ea5ef971837ab9ced' }
|
381
|
+
its(:command) { should eq "md5sum /etc/services | grep -iw -- \\^35435ea447c19f0ea5ef971837ab9ced" }
|
382
|
+
end
|
383
|
+
|
384
|
+
describe file('invalid-file') do
|
385
|
+
it { should_not match_md5checksum 'INVALIDMD5CHECKSUM' }
|
386
|
+
end
|
387
|
+
|
388
|
+
describe file('/etc/services') do
|
389
|
+
it { should match_sha256checksum '0c3feee1353a8459f8c7d84885e6bc602ef853751ffdbce3e3b6dfa1d345fc7a' }
|
390
|
+
its(:command) { should eq "sha256sum /etc/services | grep -iw -- \\^0c3feee1353a8459f8c7d84885e6bc602ef853751ffdbce3e3b6dfa1d345fc7a" }
|
391
|
+
end
|
392
|
+
|
393
|
+
describe file('invalid-file') do
|
394
|
+
it { should_not match_sha256checksum 'INVALIDSHA256CHECKSUM' }
|
395
|
+
end
|