RubyGems - serverspec - Versions diffs - 2.20.0 → 2.21.0 - Mend

serverspec 2.20.0 → 2.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/appveyor.yml +0 -1
data/lib/serverspec/helper/type.rb +1 -0
data/lib/serverspec/type/linux_audit_system.rb +45 -0
data/lib/serverspec/version.rb +1 -1
data/spec/type/linux/linux_audit_system_spec.rb +139 -0
metadata +5 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 66f6953dc912f1f3dde3a1fec42856e8a265ee3b
-  data.tar.gz: e2ecb5d6667ab22ad18cf6cf6eb162398f37fd36
+  metadata.gz: 80a66cac3a0e0f04fbff5ee08259816cd8229507
+  data.tar.gz: 2c41a714e0d59bf76b57b5e1994776e9e27b94ad
 SHA512:
-  metadata.gz: 5324ea6b44db6e935ac44e07974c09a3a962952ab4808c5780f5aab61dc8c2778240226bd6caac1d05f8eb8b2760388e166adc063f4e4ce13b1501072fb49065
-  data.tar.gz: b7a2a14d1a098ef4e5d5bd78bd496950e4d789ccab92ea59fccc684fb66e510bae7fe9c57b585c3bc52e14a7936c39d28692e900a18fb67cbf8fdeb660e548e1
+  metadata.gz: e401a74410d52b817b79ad27909187e7c70dc8d2c7048026ee15f5bb09ecdc4f45dcb299f60322cfaf1e3a31785040ee561a37896a2ccd97d1cb424dade562ff
+  data.tar.gz: 5d41fa72698add20304f08f2dad003f7e703196846a8edc66e27634ed75069070e1080ab3a07fa60931a0a2a8e3d32aeac2a3e79830ce5d9008967706b4a8b9c

data/appveyor.yml CHANGED

@@ -33,7 +33,6 @@ cache:
 install:
   - git submodule update --init --recursive
   - ps: Enable-PSRemoting -Force
-  - ps: Set-ExecutionPolicy RemoteSigned
   - winrm quickconfig -q
   - winrm set winrm/config/client @{TrustedHosts="*"}
   - winrm set winrm/config/client/auth @{Basic="true"}

data/lib/serverspec/helper/type.rb CHANGED

@@ -10,6 +10,7 @@ module Serverspec
         windows_feature windows_hot_fix windows_registry_key
         windows_scheduled_task zfs docker_base docker_image
         docker_container x509_certificate x509_private_key
+        linux_audit_system
       )
       types.each {|type| require "serverspec/type/#{type}" }

data/lib/serverspec/type/linux_audit_system.rb ADDED

@@ -0,0 +1,45 @@
+module Serverspec::Type
+  class LinuxAuditSystem < Base
+    def initialize(name=nil)
+      @name = 'linux_audit_system'
+      @runner = Specinfra::Runner
+      @rules_content = nil
+    end
+    def enabled?
+      status_of('enabled') == '1'
+    end
+    def running?
+      pid = status_of('pid')
+      (!pid.nil? && pid.size > 0 && pid != '0')
+    end
+    def rules
+      if @rules_content.nil?
+        @rules_content = @runner.run_command('/sbin/auditctl -l').stdout || ''
+      end
+      @rules_content
+    end
+    private
+    def status_of(part)
+      cmd = "/sbin/auditctl -s"
+      status_str = @runner.run_command(cmd).stdout.chomp
+      status_map = parse_status(status_str)
+      status_map[part] || ''
+    end
+    def parse_status(status_str)
+      map = nil
+      if status_str =~ /^AUDIT_STATUS/ then
+        map = status_str.split(' ')[1..-1].inject({}) { |res,elem| a = elem.split('='); res.store(a[0],a[1] || ''); res }
+      else
+        map = status_str.split("\n").inject({}) { |res,elem| a = elem.split(' '); res.store(a[0],a[1] || ''); res }
+      end
+      map
+    end
+  end
+end

data/lib/serverspec/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "2.20.0"
+  VERSION = "2.21.0"
 end

data/spec/type/linux/linux_audit_system_spec.rb ADDED

@@ -0,0 +1,139 @@
+require 'spec_helper'
+set :os, :family => 'linux'
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_1 }
+  it { should be_enabled }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_2 }
+  it { should_not be_enabled }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_1 }
+  it { should be_running }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_3 }
+  it { should_not be_running }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl1_4 }
+  it { should_not be_running }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_1 }
+  it { should be_enabled }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_2 }
+  it { should_not be_enabled }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_1 }
+  it { should be_running }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_3 }
+  it { should_not be_running }
+end
+describe linux_audit_system do
+  let(:stdout) { out_auditctl2_4 }
+  it { should_not be_running }
+end
+describe linux_audit_system do
+  let(:stdout) { '-a -w /etc/sysconfig -p wa -k test' }
+  its(:rules) { should match %r!-w /etc/sysconfig.*-k test! }
+end
+describe linux_audit_system do
+  let(:stdout) { 'test' }
+  its(:rules) { should eq 'test' }
+  its(:rules) { should match /es/ }
+  its(:rules) { should_not match /ab/ }
+end
+# variants of auditctl -s output for different versions
+def out_auditctl1_1
+  "AUDIT_STATUS: enabled=1 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+def out_auditctl1_2
+  "AUDIT_STATUS: enabled=0 flag=1 pid=881 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+def out_auditctl1_3
+  "AUDIT_STATUS: enabled=1 flag=1 pid=0 rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+def out_auditctl1_4
+  "AUDIT_STATUS: enabled=1 flag=1 pid= rate_limit=0 backlog_limit=320 lost=0 backlog=0"
+end
+def out_auditctl2_1
+  <<EOS
+enabled 1
+failure 1
+pid 5939
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+def out_auditctl2_2
+  <<EOS
+enabled 0
+failure 1
+pid 5939
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+def out_auditctl2_3
+  <<EOS
+enabled 0
+failure 1
+pid 0
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end
+def out_auditctl2_4
+  <<EOS
+enabled 0
+failure 1
+pid
+rate_limit 0
+backlog_limit 64
+lost 0
+backlog 0
+backlog_wait_time 60000
+loginuid_immutable 0 unlocked
+EOS
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: serverspec
 version: !ruby/object:Gem::Version
-  version: 2.20.0
+  version: 2.21.0
 platform: ruby
 authors:
 - Gosuke Miyashita
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-07-21 00:00:00.000000000 Z
+date: 2015-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -162,6 +162,7 @@ files:
 - lib/serverspec/type/ipnat.rb
 - lib/serverspec/type/iptables.rb
 - lib/serverspec/type/kernel_module.rb
+- lib/serverspec/type/linux_audit_system.rb
 - lib/serverspec/type/linux_kernel_parameter.rb
 - lib/serverspec/type/lxc.rb
 - lib/serverspec/type/mail_alias.rb
@@ -239,6 +240,7 @@ files:
 - spec/type/linux/ip6tables_spec.rb
 - spec/type/linux/iptables_spec.rb
 - spec/type/linux/kernel_module_spec.rb
+- spec/type/linux/linux_audit_system_spec.rb
 - spec/type/linux/linux_kernel_parameter_spec.rb
 - spec/type/linux/lxc_container_spec.rb
 - spec/type/linux/selinux_module_spec.rb
@@ -380,6 +382,7 @@ test_files:
 - spec/type/linux/ip6tables_spec.rb
 - spec/type/linux/iptables_spec.rb
 - spec/type/linux/kernel_module_spec.rb
+- spec/type/linux/linux_audit_system_spec.rb
 - spec/type/linux/linux_kernel_parameter_spec.rb
 - spec/type/linux/lxc_container_spec.rb
 - spec/type/linux/selinux_module_spec.rb