Imran Iqbal
il y a 3 ans
7 fichiers modifiés avec 4 ajouts et 303 suppressions
+ 4
- 0
test/integration/modules/controls/mod_security_spec.rb
Voir le fichier
| @@ -3,6 +3,10 @@ | |||
| control 'apache mod_security configuration' do | |||
| title 'should match desired lines' | |||
| only_if('Disabled on Arch Linux') do | |||
| !%w[arch].include?(platform[:name]) | |||
| end | |||
| modspec_file = | |||
| case platform[:family] | |||
| when 'redhat', 'fedora' | |||
+ 0
- 50
test/integration/nomodsecurity/README.md
Voir le fichier
| @@ -1,50 +0,0 @@ | |||
| # InSpec Profile: `modules` | |||
| This shows the implementation of the `modules` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). | |||
| ## Verify a profile | |||
| InSpec ships with built-in features to verify a profile structure. | |||
| ```bash | |||
| $ inspec check modules | |||
| Summary | |||
| ------- | |||
| Location: modules | |||
| Profile: profile | |||
| Controls: 4 | |||
| Timestamp: 2019-06-24T23:09:01+00:00 | |||
| Valid: true | |||
| Errors | |||
| ------ | |||
| Warnings | |||
| -------- | |||
| ``` | |||
| ## Execute a profile | |||
| To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. | |||
| ```bash | |||
| $ inspec exec modules | |||
| .. | |||
| Finished in 0.0025 seconds (files took 0.12449 seconds to load) | |||
| 8 examples, 0 failures | |||
| ``` | |||
| ## Execute a specific control from a profile | |||
| To run one control from the profile use `inspec exec /path/to/profile --controls name`. | |||
| ```bash | |||
| $ inspec exec modules --controls package | |||
| . | |||
| Finished in 0.0025 seconds (files took 0.12449 seconds to load) | |||
| 1 examples, 0 failures | |||
| ``` | |||
| See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). | |||
+ 0
- 110
test/integration/nomodsecurity/controls/config_spec.rb
Voir le fichier
| @@ -1,110 +0,0 @@ | |||
| # frozen_string_literal: true | |||
| control 'apache configuration' do | |||
| title 'should match desired lines' | |||
| apachectl = 'apachectl -t' | |||
| case platform[:family] | |||
| when 'debian', 'suse' | |||
| vhostdir = '/etc/apache2/sites-available' | |||
| logrotatedir = '/etc/logrotate.d/apache2' | |||
| logdir = '/var/log/apache2' | |||
| moddir = '/etc/apache2/mods-enabled' | |||
| sitesdir = '/etc/apache2/sites-enabled' | |||
| when 'redhat', 'fedora' | |||
| vhostdir = '/etc/httpd/vhosts.d' | |||
| logrotatedir = '/etc/logrotate.d/httpd' | |||
| logdir = '/var/log/httpd' | |||
| moddir = '/etc/httpd/conf.modules.d' | |||
| sitesdir = '/etc/httpd/sites-enabled' | |||
| apachectl = 'httpd -t' | |||
| when 'gentoo' | |||
| vhostdir = '/etc/apache2/vhosts.d' | |||
| logrotatedir = '/etc/logrotate.d/apache2' | |||
| logdir = '/var/log/apache2' | |||
| moddir = '/etc/apache2/mods-enabled' | |||
| sitesdir = '/etc/apache2/sites-enabled' | |||
| # `linux` here is sufficient for `arch` | |||
| when 'linux', 'arch' | |||
| vhostdir = '/etc/httpd/conf/vhosts' | |||
| logrotatedir = '/etc/logrotate.d/httpd' | |||
| logdir = '/var/log/httpd' | |||
| moddir = '/etc/httpd/conf.modules.d' | |||
| sitesdir = '/etc/httpd/sites-enabled' | |||
| when 'bsd' | |||
| vhostdir = '/usr/local/etc/apache24/Includes' | |||
| logdir = '/var/log' | |||
| # logrotatedir = ? | |||
| # moddir = '?' | |||
| # sitesdir = '?' | |||
| end | |||
| describe command(apachectl) do | |||
| its('stdout') { should eq '' } | |||
| its('stderr') { should include 'Syntax OK' } | |||
| its('exit_status') { should eq 0 } | |||
| end | |||
| describe file(vhostdir) do | |||
| it { should exist } | |||
| it { should be_directory } | |||
| its('type') { should eq :directory } | |||
| end | |||
| describe file(logrotatedir) do | |||
| it { should exist } | |||
| its('type') { should eq :file } | |||
| end | |||
| describe file(logdir) do | |||
| it { should exist } | |||
| it { should be_directory } | |||
| its('type') { should eq :directory } | |||
| end | |||
| describe file(moddir) do | |||
| it { should exist } | |||
| it { should be_directory } | |||
| its('type') { should eq :directory } | |||
| end | |||
| describe file(sitesdir) do | |||
| it { should exist } | |||
| it { should be_directory } | |||
| its('type') { should eq :directory } | |||
| end | |||
| end | |||
| control 'apache configuration (unique)' do | |||
| title 'should match desired lines' | |||
| case platform[:family] | |||
| when 'debian' | |||
| config_file = '/etc/apache2/apache2.conf' | |||
| wwwdir = '/srv' | |||
| when 'suse' | |||
| config_file = '/etc/apache2/httpd.conf' | |||
| wwwdir = '/srv/www' | |||
| when 'redhat', 'fedora' | |||
| config_file = '/etc/httpd/conf/httpd.conf' | |||
| wwwdir = '/var/www' | |||
| when 'gentoo' | |||
| config_file = '/etc/apache2/httpd.conf' | |||
| wwwdir = '/var/www' | |||
| when 'linux', 'arch' | |||
| config_file = '/etc/httpd/conf/httpd.conf' | |||
| wwwdir = '/srv/http' | |||
| when 'bsd' | |||
| config_file = '/usr/local/etc/apache24/httpd.conf' | |||
| wwwdir = '/usr/local/www/apache24/' | |||
| end | |||
| describe file(config_file) do | |||
| it { should be_file } | |||
| it { should be_grouped_into 'root' } | |||
| its('mode') { should cmp '0644' } | |||
| its('content') do | |||
| should include( | |||
| 'This file is managed by Salt! Do not edit by hand!' | |||
| ) | |||
| end | |||
| end | |||
| describe file(wwwdir) do | |||
| it { should exist } | |||
| it { should be_directory } | |||
| its('type') { should eq :directory } | |||
| end | |||
| end | |||
+ 0
- 63
test/integration/nomodsecurity/controls/packages_spec.rb
Voir le fichier
| @@ -1,63 +0,0 @@ | |||
| # frozen_string_literal: true | |||
| # Overide by OS | |||
| control 'apache package' do | |||
| title 'should be installed' | |||
| case platform[:family] | |||
| when 'debian' | |||
| package_name = 'apache2' | |||
| user_name = 'www-data' | |||
| group_name = 'www-data' | |||
| when 'suse' | |||
| package_name = 'apache2' | |||
| user_name = 'wwwrun' | |||
| group_name = 'wwwrun' | |||
| when 'redhat', 'fedora' | |||
| package_name = 'httpd' | |||
| user_name = 'apache' | |||
| group_name = 'apache' | |||
| when 'gentoo' | |||
| package_name = 'www-servers/apache' | |||
| user_name = 'apache' | |||
| group_name = 'apache' | |||
| when 'linux', 'arch' | |||
| package_name = 'apache' | |||
| user_name = 'http' | |||
| group_name = 'http' | |||
| when 'bsd' | |||
| package_name = 'apache24' | |||
| user_name = 'www' | |||
| group_name = 'www' | |||
| when 'windows' | |||
| package_name = 'apache-httpd' | |||
| end | |||
| describe package(package_name) do | |||
| it { should be_installed } | |||
| end | |||
| describe group(group_name) do | |||
| it { should exist } | |||
| end | |||
| describe user(user_name) do | |||
| it { should exist } | |||
| end | |||
| end | |||
| control 'apache module packages' do | |||
| title 'should be installed' | |||
| package_name = | |||
| case platform[:family] | |||
| when 'debian' | |||
| 'libapache2-mod-security2' | |||
| when 'redhat', 'fedora' | |||
| 'mod_security' | |||
| when 'suse' | |||
| 'apache2-mod_security2' | |||
| end | |||
| describe package(package_name) do | |||
| it { should be_installed } | |||
| end | |||
| end | |||
+ 0
- 36
test/integration/nomodsecurity/controls/server_status_spec.rb
Voir le fichier
| @@ -1,36 +0,0 @@ | |||
| # frozen_string_literal: true | |||
| control 'apache server_status configuration' do | |||
| title 'should match desired lines' | |||
| server_status_stanza = <<~SS_STANZA | |||
| <Location "/server-status"> | |||
| SetHandler server-status | |||
| Require local | |||
| Require host foo.example.com | |||
| Require ip 10.8.8.0/24 | |||
| </Location> | |||
| SS_STANZA | |||
| confdir = | |||
| case platform[:family] | |||
| when 'debian' | |||
| '/etc/apache2/conf-available' | |||
| when 'redhat', 'fedora' | |||
| '/etc/httpd/conf.d' | |||
| when 'suse' | |||
| '/etc/apache2/conf.d' | |||
| # `linux` here is sufficient for `arch` | |||
| when 'linux' | |||
| '/etc/httpd/conf/extra' | |||
| end | |||
| describe file("#{confdir}/server-status.conf") do | |||
| it { should be_file } | |||
| it { should be_owned_by 'root' } | |||
| it { should be_grouped_into 'root' } | |||
| its('mode') { should cmp '0644' } | |||
| its('content') { should include '# File managed by Salt' } | |||
| its('content') { should include server_status_stanza } | |||
| end | |||
| end | |||
+ 0
- 26
test/integration/nomodsecurity/controls/services_spec.rb
Voir le fichier
| @@ -1,26 +0,0 @@ | |||
| # frozen_string_literal: true | |||
| # Overide by OS | |||
| control 'apache service' do | |||
| impact 0.5 | |||
| title 'should be running and enabled' | |||
| service_name = | |||
| case platform[:family] | |||
| when 'debian', 'suse' | |||
| 'apache2' | |||
| when 'redhat', 'fedora', 'linux' | |||
| 'httpd' | |||
| when 'gentoo' | |||
| 'www-servers/apache' | |||
| when 'bsd' | |||
| 'apache24' | |||
| when 'windows' | |||
| 'apache' | |||
| end | |||
| describe service(service_name) do | |||
| it { should be_enabled } | |||
| it { should be_running } | |||
| end | |||
| end | |||
+ 0
- 18
test/integration/nomodsecurity/inspec.yml
Voir le fichier
| @@ -1,18 +0,0 @@ | |||
| # -*- coding: utf-8 -*- | |||
| # vim: ft=yaml | |||
| --- | |||
| name: modules | |||
| title: apache formula | |||
| maintainer: SaltStack Formulas | |||
| license: Apache-2.0 | |||
| summary: Verify that the apache formula manages modules correctly | |||
| supports: | |||
| - platform-name: debian | |||
| - platform-name: ubuntu | |||
| - platform-name: centos | |||
| - platform-name: fedora | |||
| - platform-name: opensuse | |||
| - platform-name: suse | |||
| - platform-name: freebsd | |||
| - platform-name: amazon | |||
| - platform-name: arch | |||
Chargement…