瀏覽代碼

Merge pull request #280 from netmanagers/master

fix(server-status): enable module in debian if `server_status_require…
tags/v0.41.1
Imran Iqbal 4 年之前
父節點
當前提交
cb47ee30bf
No account linked to committer's email address
共有 15 個文件被更改,包括 296 次插入16 次删除
  1. +4
    -0
      apache/files/server-status.conf.jinja
  2. +16
    -0
      apache/server_status.sls
  3. +19
    -1
      kitchen.yml
  4. +39
    -0
      test/integration/default/controls/config_spec.rb
  5. +20
    -0
      test/integration/default/controls/packages_spec.rb
  6. +19
    -0
      test/integration/default/controls/services_spec.rb
  7. +50
    -0
      test/integration/modules/README.md
  8. +12
    -0
      test/integration/modules/controls/config_spec.rb
  9. +3
    -1
      test/integration/modules/controls/mod_security_spec.rb
  10. +19
    -0
      test/integration/modules/controls/packages_spec.rb
  11. +36
    -0
      test/integration/modules/controls/server_status_spec.rb
  12. +19
    -0
      test/integration/modules/controls/services_spec.rb
  13. +18
    -0
      test/integration/modules/inspec.yml
  14. +0
    -14
      test/salt/pillar/default.sls
  15. +22
    -0
      test/salt/pillar/modules.sls

+ 4
- 0
apache/files/server-status.conf.jinja 查看文件

@@ -1,3 +1,7 @@
########################################################################
# File managed by Salt at <{{ source }}>.
# Your changes will be overwritten.
########################################################################
<Location "/server-status">
SetHandler server-status
{%- if apache.version == '2.4' %}

+ 16
- 0
apache/server_status.sls 查看文件

@@ -18,3 +18,19 @@ include:
- module: apache-restart
- module: apache-reload
- service: apache

{%- if grains['os_family'] == "Debian" %}
a2enconf server-status:
cmd.run:
- unless: 'test -L /etc/apache2/conf-enabled/server-status.conf'
- order: 225
- require:
- pkg: apache
- file: {{ apache.confdir }}/server-status.conf
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}

+ 19
- 1
kitchen.yml 查看文件

@@ -157,7 +157,7 @@ suites:
base:
'*':
- apache
- apache.mod_security
- apache.config
pillars:
top.sls:
base:
@@ -168,3 +168,21 @@ suites:
verifier:
inspec_tests:
- path: test/integration/default
- name: modules
provisioner:
state_top:
base:
'*':
- apache
- apache.mod_security
- apache.server_status
pillars:
top.sls:
base:
'*':
- apache
pillars_from_files:
apache.sls: test/salt/pillar/modules.sls
verifier:
inspec_tests:
- path: test/integration/modules

+ 39
- 0
test/integration/default/controls/config_spec.rb 查看文件

@@ -0,0 +1,39 @@
# frozen_string_literal: true

control 'apache configuration' do
title 'should match desired lines'

config_file =
case platform[:family]
when 'debian'
'/etc/apache2/apache2.conf'
when 'redhat', 'fedora'
'/etc/httpd/conf/httpd.conf'
when 'suse'
'/etc/apache2/httpd.conf'
# `linux` here is sufficient for `arch`
when 'linux'
'/etc/httpd/conf/httpd.conf'
end
describe file(config_file) do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0644' }
its('content') do
should include(
'This file is managed by Salt! Do not edit by hand!'
)
end
end
end
control 'apache configuration' do
title 'should be valid'

describe command('apachectl -t') do
its('stdout') { should eq '' }
its('stderr') { should include 'Syntax OK' }

its('exit_status') { should eq 0 }
end
end

+ 20
- 0
test/integration/default/controls/packages_spec.rb 查看文件

@@ -0,0 +1,20 @@
# frozen_string_literal: true

control 'apache package' do
title 'should be installed'

package_name =
case platform[:family]
when 'debian', 'suse'
'apache2'
when 'redhat', 'fedora'
'httpd'
# `linux` here is sufficient for `arch`
when 'linux'
'apache'
end

describe package(package_name) do
it { should be_installed }
end
end

+ 19
- 0
test/integration/default/controls/services_spec.rb 查看文件

@@ -0,0 +1,19 @@
# frozen_string_literal: true

control 'apache service' do
impact 0.5
title 'should be running and enabled'

service_name =
case platform[:family]
when 'debian', 'suse'
'apache2'
when 'redhat', 'fedora', 'linux'
'httpd'
end

describe service(service_name) do
it { should be_enabled }
it { should be_running }
end
end

+ 50
- 0
test/integration/modules/README.md 查看文件

@@ -0,0 +1,50 @@
# InSpec Profile: `modules`

This shows the implementation of the `modules` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).

## Verify a profile

InSpec ships with built-in features to verify a profile structure.

```bash
$ inspec check modules
Summary
-------
Location: modules
Profile: profile
Controls: 4
Timestamp: 2019-06-24T23:09:01+00:00
Valid: true

Errors
------

Warnings
--------
```

## Execute a profile

To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.

```bash
$ inspec exec modules
..

Finished in 0.0025 seconds (files took 0.12449 seconds to load)
8 examples, 0 failures
```

## Execute a specific control from a profile

To run one control from the profile use `inspec exec /path/to/profile --controls name`.

```bash
$ inspec exec modules --controls package
.

Finished in 0.0025 seconds (files took 0.12449 seconds to load)
1 examples, 0 failures
```

See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

+ 12
- 0
test/integration/modules/controls/config_spec.rb 查看文件

@@ -0,0 +1,12 @@
# frozen_string_literal: true

control 'apache configuration' do
title 'should be valid'

describe command('apachectl -t') do
its('stdout') { should eq '' }
its('stderr') { should include 'Syntax OK' }

its('exit_status') { should eq 0 }
end
end

test/integration/default/controls/mod_security_spec.rb → test/integration/modules/controls/mod_security_spec.rb 查看文件

@@ -1,6 +1,6 @@
# frozen_string_literal: true

control 'Apache mod_security configuration' do
control 'apache mod_security configuration' do
title 'should match desired lines'

modspec_file =
@@ -9,6 +9,8 @@ control 'Apache mod_security configuration' do
'/etc/httpd/conf.d/mod_security.conf'
when 'debian'
'/etc/modsecurity/modsecurity.conf-recommended'
when 'suse'
'/etc/apache2/conf.d/mod_security2.conf'
end

describe file(modspec_file) do

+ 19
- 0
test/integration/modules/controls/packages_spec.rb 查看文件

@@ -0,0 +1,19 @@
# frozen_string_literal: true

control 'apache mod_security package' do
title 'should be installed'

package_name =
case platform[:family]
when 'debian'
'libapache2-mod-security2'
when 'redhat', 'fedora'
'mod_security'
when 'suse'
'apache2-mod_security2'
end

describe package(package_name) do
it { should be_installed }
end
end

+ 36
- 0
test/integration/modules/controls/server_status_spec.rb 查看文件

@@ -0,0 +1,36 @@
# frozen_string_literal: true

control 'apache server_status configuration' do
title 'should match desired lines'

server_status_stanza = <<~SS_STANZA
<Location "/server-status">
SetHandler server-status
Require local
Require host foo.example.com
Require ip 10.8.8.0/24
</Location>
SS_STANZA

confdir =
case platform[:family]
when 'debian'
'/etc/apache2/conf-available'
when 'redhat', 'fedora'
'/etc/httpd/conf.d'
when 'suse'
'/etc/apache2/conf.d'
# `linux` here is sufficient for `arch`
when 'linux'
'/etc/httpd/conf/extra'
end

describe file("#{confdir}/server-status.conf") do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0644' }
its('content') { should include '# File managed by Salt' }
its('content') { should include server_status_stanza }
end
end

+ 19
- 0
test/integration/modules/controls/services_spec.rb 查看文件

@@ -0,0 +1,19 @@
# frozen_string_literal: true

control 'apache service' do
impact 0.5
title 'should be running and enabled'

service_name =
case platform[:family]
when 'debian', 'suse'
'apache2'
when 'redhat', 'fedora', 'linux'
'httpd'
end

describe service(service_name) do
it { should be_enabled }
it { should_not be_running }
end
end

+ 18
- 0
test/integration/modules/inspec.yml 查看文件

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: modules
title: apache formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the apache formula manages modules correctly
supports:
- platform-name: debian
- platform-name: ubuntu
- platform-name: centos
- platform-name: fedora
- platform-name: opensuse
- platform-name: suse
- platform-name: freebsd
- platform-name: amazon
- platform-name: arch

+ 0
- 14
test/salt/pillar/default.sls 查看文件

@@ -1,17 +1,3 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
apache:
manage_service_states: false
mod_security:
crs_install: true
manage_config: true
sec_rule_engine: 'On'
sec_request_body_access: 'On'
sec_request_body_limit: '14000000'
sec_request_body_no_files_limit: '114002'
sec_request_body_in_memory_limit: '114002'
sec_request_body_limit_action: 'Reject'
sec_pcre_match_limit: '15000'
sec_pcre_match_limit_recursion: '15000'
sec_debug_log_level: '3'

+ 22
- 0
test/salt/pillar/modules.sls 查看文件

@@ -0,0 +1,22 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
apache:
manage_service_states: false
mod_security:
crs_install: true
manage_config: true
sec_rule_engine: 'On'
sec_request_body_access: 'On'
sec_request_body_limit: '14000000'
sec_request_body_no_files_limit: '114002'
sec_request_body_in_memory_limit: '114002'
sec_request_body_limit_action: 'Reject'
sec_pcre_match_limit: '15000'
sec_pcre_match_limit_recursion: '15000'
sec_debug_log_level: '3'
server_status_require:
ip:
- 10.8.8.0/24
host:
- foo.example.com

Loading…
取消
儲存