test(nomodsecurity): use adjusted modules suite instead

This commit is contained in:
Imran Iqbal 2021-02-12 10:33:32 +00:00
parent f35054dd82
commit 838b917221
No known key found for this signature in database
GPG Key ID: 6D8629439D2B7819
7 changed files with 4 additions and 303 deletions

View File

@ -3,6 +3,10 @@
control 'apache mod_security configuration' do control 'apache mod_security configuration' do
title 'should match desired lines' title 'should match desired lines'
only_if('Disabled on Arch Linux') do
!%w[arch].include?(platform[:name])
end
modspec_file = modspec_file =
case platform[:family] case platform[:family]
when 'redhat', 'fedora' when 'redhat', 'fedora'

View File

@ -1,50 +0,0 @@
# InSpec Profile: `modules`
This shows the implementation of the `modules` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
## Verify a profile
InSpec ships with built-in features to verify a profile structure.
```bash
$ inspec check modules
Summary
-------
Location: modules
Profile: profile
Controls: 4
Timestamp: 2019-06-24T23:09:01+00:00
Valid: true
Errors
------
Warnings
--------
```
## Execute a profile
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
```bash
$ inspec exec modules
..
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
8 examples, 0 failures
```
## Execute a specific control from a profile
To run one control from the profile use `inspec exec /path/to/profile --controls name`.
```bash
$ inspec exec modules --controls package
.
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
1 examples, 0 failures
```
See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

View File

@ -1,110 +0,0 @@
# frozen_string_literal: true
control 'apache configuration' do
title 'should match desired lines'
apachectl = 'apachectl -t'
case platform[:family]
when 'debian', 'suse'
vhostdir = '/etc/apache2/sites-available'
logrotatedir = '/etc/logrotate.d/apache2'
logdir = '/var/log/apache2'
moddir = '/etc/apache2/mods-enabled'
sitesdir = '/etc/apache2/sites-enabled'
when 'redhat', 'fedora'
vhostdir = '/etc/httpd/vhosts.d'
logrotatedir = '/etc/logrotate.d/httpd'
logdir = '/var/log/httpd'
moddir = '/etc/httpd/conf.modules.d'
sitesdir = '/etc/httpd/sites-enabled'
apachectl = 'httpd -t'
when 'gentoo'
vhostdir = '/etc/apache2/vhosts.d'
logrotatedir = '/etc/logrotate.d/apache2'
logdir = '/var/log/apache2'
moddir = '/etc/apache2/mods-enabled'
sitesdir = '/etc/apache2/sites-enabled'
# `linux` here is sufficient for `arch`
when 'linux', 'arch'
vhostdir = '/etc/httpd/conf/vhosts'
logrotatedir = '/etc/logrotate.d/httpd'
logdir = '/var/log/httpd'
moddir = '/etc/httpd/conf.modules.d'
sitesdir = '/etc/httpd/sites-enabled'
when 'bsd'
vhostdir = '/usr/local/etc/apache24/Includes'
logdir = '/var/log'
# logrotatedir = ?
# moddir = '?'
# sitesdir = '?'
end
describe command(apachectl) do
its('stdout') { should eq '' }
its('stderr') { should include 'Syntax OK' }
its('exit_status') { should eq 0 }
end
describe file(vhostdir) do
it { should exist }
it { should be_directory }
its('type') { should eq :directory }
end
describe file(logrotatedir) do
it { should exist }
its('type') { should eq :file }
end
describe file(logdir) do
it { should exist }
it { should be_directory }
its('type') { should eq :directory }
end
describe file(moddir) do
it { should exist }
it { should be_directory }
its('type') { should eq :directory }
end
describe file(sitesdir) do
it { should exist }
it { should be_directory }
its('type') { should eq :directory }
end
end
control 'apache configuration (unique)' do
title 'should match desired lines'
case platform[:family]
when 'debian'
config_file = '/etc/apache2/apache2.conf'
wwwdir = '/srv'
when 'suse'
config_file = '/etc/apache2/httpd.conf'
wwwdir = '/srv/www'
when 'redhat', 'fedora'
config_file = '/etc/httpd/conf/httpd.conf'
wwwdir = '/var/www'
when 'gentoo'
config_file = '/etc/apache2/httpd.conf'
wwwdir = '/var/www'
when 'linux', 'arch'
config_file = '/etc/httpd/conf/httpd.conf'
wwwdir = '/srv/http'
when 'bsd'
config_file = '/usr/local/etc/apache24/httpd.conf'
wwwdir = '/usr/local/www/apache24/'
end
describe file(config_file) do
it { should be_file }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0644' }
its('content') do
should include(
'This file is managed by Salt! Do not edit by hand!'
)
end
end
describe file(wwwdir) do
it { should exist }
it { should be_directory }
its('type') { should eq :directory }
end
end

View File

@ -1,63 +0,0 @@
# frozen_string_literal: true
# Overide by OS
control 'apache package' do
title 'should be installed'
case platform[:family]
when 'debian'
package_name = 'apache2'
user_name = 'www-data'
group_name = 'www-data'
when 'suse'
package_name = 'apache2'
user_name = 'wwwrun'
group_name = 'wwwrun'
when 'redhat', 'fedora'
package_name = 'httpd'
user_name = 'apache'
group_name = 'apache'
when 'gentoo'
package_name = 'www-servers/apache'
user_name = 'apache'
group_name = 'apache'
when 'linux', 'arch'
package_name = 'apache'
user_name = 'http'
group_name = 'http'
when 'bsd'
package_name = 'apache24'
user_name = 'www'
group_name = 'www'
when 'windows'
package_name = 'apache-httpd'
end
describe package(package_name) do
it { should be_installed }
end
describe group(group_name) do
it { should exist }
end
describe user(user_name) do
it { should exist }
end
end
control 'apache module packages' do
title 'should be installed'
package_name =
case platform[:family]
when 'debian'
'libapache2-mod-security2'
when 'redhat', 'fedora'
'mod_security'
when 'suse'
'apache2-mod_security2'
end
describe package(package_name) do
it { should be_installed }
end
end

View File

@ -1,36 +0,0 @@
# frozen_string_literal: true
control 'apache server_status configuration' do
title 'should match desired lines'
server_status_stanza = <<~SS_STANZA
<Location "/server-status">
SetHandler server-status
Require local
Require host foo.example.com
Require ip 10.8.8.0/24
</Location>
SS_STANZA
confdir =
case platform[:family]
when 'debian'
'/etc/apache2/conf-available'
when 'redhat', 'fedora'
'/etc/httpd/conf.d'
when 'suse'
'/etc/apache2/conf.d'
# `linux` here is sufficient for `arch`
when 'linux'
'/etc/httpd/conf/extra'
end
describe file("#{confdir}/server-status.conf") do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0644' }
its('content') { should include '# File managed by Salt' }
its('content') { should include server_status_stanza }
end
end

View File

@ -1,26 +0,0 @@
# frozen_string_literal: true
# Overide by OS
control 'apache service' do
impact 0.5
title 'should be running and enabled'
service_name =
case platform[:family]
when 'debian', 'suse'
'apache2'
when 'redhat', 'fedora', 'linux'
'httpd'
when 'gentoo'
'www-servers/apache'
when 'bsd'
'apache24'
when 'windows'
'apache'
end
describe service(service_name) do
it { should be_enabled }
it { should be_running }
end
end

View File

@ -1,18 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: modules
title: apache formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the apache formula manages modules correctly
supports:
- platform-name: debian
- platform-name: ubuntu
- platform-name: centos
- platform-name: fedora
- platform-name: opensuse
- platform-name: suse
- platform-name: freebsd
- platform-name: amazon
- platform-name: arch