test(nomodsecurity): use adjusted modules
suite instead
This commit is contained in:
parent
f35054dd82
commit
838b917221
@ -3,6 +3,10 @@
|
|||||||
control 'apache mod_security configuration' do
|
control 'apache mod_security configuration' do
|
||||||
title 'should match desired lines'
|
title 'should match desired lines'
|
||||||
|
|
||||||
|
only_if('Disabled on Arch Linux') do
|
||||||
|
!%w[arch].include?(platform[:name])
|
||||||
|
end
|
||||||
|
|
||||||
modspec_file =
|
modspec_file =
|
||||||
case platform[:family]
|
case platform[:family]
|
||||||
when 'redhat', 'fedora'
|
when 'redhat', 'fedora'
|
||||||
|
@ -1,50 +0,0 @@
|
|||||||
# InSpec Profile: `modules`
|
|
||||||
|
|
||||||
This shows the implementation of the `modules` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
|
|
||||||
|
|
||||||
## Verify a profile
|
|
||||||
|
|
||||||
InSpec ships with built-in features to verify a profile structure.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ inspec check modules
|
|
||||||
Summary
|
|
||||||
-------
|
|
||||||
Location: modules
|
|
||||||
Profile: profile
|
|
||||||
Controls: 4
|
|
||||||
Timestamp: 2019-06-24T23:09:01+00:00
|
|
||||||
Valid: true
|
|
||||||
|
|
||||||
Errors
|
|
||||||
------
|
|
||||||
|
|
||||||
Warnings
|
|
||||||
--------
|
|
||||||
```
|
|
||||||
|
|
||||||
## Execute a profile
|
|
||||||
|
|
||||||
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ inspec exec modules
|
|
||||||
..
|
|
||||||
|
|
||||||
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
|
|
||||||
8 examples, 0 failures
|
|
||||||
```
|
|
||||||
|
|
||||||
## Execute a specific control from a profile
|
|
||||||
|
|
||||||
To run one control from the profile use `inspec exec /path/to/profile --controls name`.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ inspec exec modules --controls package
|
|
||||||
.
|
|
||||||
|
|
||||||
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
|
|
||||||
1 examples, 0 failures
|
|
||||||
```
|
|
||||||
|
|
||||||
See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).
|
|
@ -1,110 +0,0 @@
|
|||||||
# frozen_string_literal: true
|
|
||||||
|
|
||||||
control 'apache configuration' do
|
|
||||||
title 'should match desired lines'
|
|
||||||
|
|
||||||
apachectl = 'apachectl -t'
|
|
||||||
case platform[:family]
|
|
||||||
when 'debian', 'suse'
|
|
||||||
vhostdir = '/etc/apache2/sites-available'
|
|
||||||
logrotatedir = '/etc/logrotate.d/apache2'
|
|
||||||
logdir = '/var/log/apache2'
|
|
||||||
moddir = '/etc/apache2/mods-enabled'
|
|
||||||
sitesdir = '/etc/apache2/sites-enabled'
|
|
||||||
when 'redhat', 'fedora'
|
|
||||||
vhostdir = '/etc/httpd/vhosts.d'
|
|
||||||
logrotatedir = '/etc/logrotate.d/httpd'
|
|
||||||
logdir = '/var/log/httpd'
|
|
||||||
moddir = '/etc/httpd/conf.modules.d'
|
|
||||||
sitesdir = '/etc/httpd/sites-enabled'
|
|
||||||
apachectl = 'httpd -t'
|
|
||||||
when 'gentoo'
|
|
||||||
vhostdir = '/etc/apache2/vhosts.d'
|
|
||||||
logrotatedir = '/etc/logrotate.d/apache2'
|
|
||||||
logdir = '/var/log/apache2'
|
|
||||||
moddir = '/etc/apache2/mods-enabled'
|
|
||||||
sitesdir = '/etc/apache2/sites-enabled'
|
|
||||||
# `linux` here is sufficient for `arch`
|
|
||||||
when 'linux', 'arch'
|
|
||||||
vhostdir = '/etc/httpd/conf/vhosts'
|
|
||||||
logrotatedir = '/etc/logrotate.d/httpd'
|
|
||||||
logdir = '/var/log/httpd'
|
|
||||||
moddir = '/etc/httpd/conf.modules.d'
|
|
||||||
sitesdir = '/etc/httpd/sites-enabled'
|
|
||||||
when 'bsd'
|
|
||||||
vhostdir = '/usr/local/etc/apache24/Includes'
|
|
||||||
logdir = '/var/log'
|
|
||||||
# logrotatedir = ?
|
|
||||||
# moddir = '?'
|
|
||||||
# sitesdir = '?'
|
|
||||||
end
|
|
||||||
describe command(apachectl) do
|
|
||||||
its('stdout') { should eq '' }
|
|
||||||
its('stderr') { should include 'Syntax OK' }
|
|
||||||
its('exit_status') { should eq 0 }
|
|
||||||
end
|
|
||||||
describe file(vhostdir) do
|
|
||||||
it { should exist }
|
|
||||||
it { should be_directory }
|
|
||||||
its('type') { should eq :directory }
|
|
||||||
end
|
|
||||||
describe file(logrotatedir) do
|
|
||||||
it { should exist }
|
|
||||||
its('type') { should eq :file }
|
|
||||||
end
|
|
||||||
describe file(logdir) do
|
|
||||||
it { should exist }
|
|
||||||
it { should be_directory }
|
|
||||||
its('type') { should eq :directory }
|
|
||||||
end
|
|
||||||
describe file(moddir) do
|
|
||||||
it { should exist }
|
|
||||||
it { should be_directory }
|
|
||||||
its('type') { should eq :directory }
|
|
||||||
end
|
|
||||||
describe file(sitesdir) do
|
|
||||||
it { should exist }
|
|
||||||
it { should be_directory }
|
|
||||||
its('type') { should eq :directory }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
control 'apache configuration (unique)' do
|
|
||||||
title 'should match desired lines'
|
|
||||||
|
|
||||||
case platform[:family]
|
|
||||||
when 'debian'
|
|
||||||
config_file = '/etc/apache2/apache2.conf'
|
|
||||||
wwwdir = '/srv'
|
|
||||||
when 'suse'
|
|
||||||
config_file = '/etc/apache2/httpd.conf'
|
|
||||||
wwwdir = '/srv/www'
|
|
||||||
when 'redhat', 'fedora'
|
|
||||||
config_file = '/etc/httpd/conf/httpd.conf'
|
|
||||||
wwwdir = '/var/www'
|
|
||||||
when 'gentoo'
|
|
||||||
config_file = '/etc/apache2/httpd.conf'
|
|
||||||
wwwdir = '/var/www'
|
|
||||||
when 'linux', 'arch'
|
|
||||||
config_file = '/etc/httpd/conf/httpd.conf'
|
|
||||||
wwwdir = '/srv/http'
|
|
||||||
when 'bsd'
|
|
||||||
config_file = '/usr/local/etc/apache24/httpd.conf'
|
|
||||||
wwwdir = '/usr/local/www/apache24/'
|
|
||||||
end
|
|
||||||
describe file(config_file) do
|
|
||||||
it { should be_file }
|
|
||||||
it { should be_grouped_into 'root' }
|
|
||||||
its('mode') { should cmp '0644' }
|
|
||||||
its('content') do
|
|
||||||
should include(
|
|
||||||
'This file is managed by Salt! Do not edit by hand!'
|
|
||||||
)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
describe file(wwwdir) do
|
|
||||||
it { should exist }
|
|
||||||
it { should be_directory }
|
|
||||||
its('type') { should eq :directory }
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,63 +0,0 @@
|
|||||||
# frozen_string_literal: true
|
|
||||||
|
|
||||||
# Overide by OS
|
|
||||||
control 'apache package' do
|
|
||||||
title 'should be installed'
|
|
||||||
|
|
||||||
case platform[:family]
|
|
||||||
when 'debian'
|
|
||||||
package_name = 'apache2'
|
|
||||||
user_name = 'www-data'
|
|
||||||
group_name = 'www-data'
|
|
||||||
when 'suse'
|
|
||||||
package_name = 'apache2'
|
|
||||||
user_name = 'wwwrun'
|
|
||||||
group_name = 'wwwrun'
|
|
||||||
when 'redhat', 'fedora'
|
|
||||||
package_name = 'httpd'
|
|
||||||
user_name = 'apache'
|
|
||||||
group_name = 'apache'
|
|
||||||
when 'gentoo'
|
|
||||||
package_name = 'www-servers/apache'
|
|
||||||
user_name = 'apache'
|
|
||||||
group_name = 'apache'
|
|
||||||
when 'linux', 'arch'
|
|
||||||
package_name = 'apache'
|
|
||||||
user_name = 'http'
|
|
||||||
group_name = 'http'
|
|
||||||
when 'bsd'
|
|
||||||
package_name = 'apache24'
|
|
||||||
user_name = 'www'
|
|
||||||
group_name = 'www'
|
|
||||||
when 'windows'
|
|
||||||
package_name = 'apache-httpd'
|
|
||||||
end
|
|
||||||
|
|
||||||
describe package(package_name) do
|
|
||||||
it { should be_installed }
|
|
||||||
end
|
|
||||||
describe group(group_name) do
|
|
||||||
it { should exist }
|
|
||||||
end
|
|
||||||
describe user(user_name) do
|
|
||||||
it { should exist }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
control 'apache module packages' do
|
|
||||||
title 'should be installed'
|
|
||||||
|
|
||||||
package_name =
|
|
||||||
case platform[:family]
|
|
||||||
when 'debian'
|
|
||||||
'libapache2-mod-security2'
|
|
||||||
when 'redhat', 'fedora'
|
|
||||||
'mod_security'
|
|
||||||
when 'suse'
|
|
||||||
'apache2-mod_security2'
|
|
||||||
end
|
|
||||||
|
|
||||||
describe package(package_name) do
|
|
||||||
it { should be_installed }
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,36 +0,0 @@
|
|||||||
# frozen_string_literal: true
|
|
||||||
|
|
||||||
control 'apache server_status configuration' do
|
|
||||||
title 'should match desired lines'
|
|
||||||
|
|
||||||
server_status_stanza = <<~SS_STANZA
|
|
||||||
<Location "/server-status">
|
|
||||||
SetHandler server-status
|
|
||||||
Require local
|
|
||||||
Require host foo.example.com
|
|
||||||
Require ip 10.8.8.0/24
|
|
||||||
</Location>
|
|
||||||
SS_STANZA
|
|
||||||
|
|
||||||
confdir =
|
|
||||||
case platform[:family]
|
|
||||||
when 'debian'
|
|
||||||
'/etc/apache2/conf-available'
|
|
||||||
when 'redhat', 'fedora'
|
|
||||||
'/etc/httpd/conf.d'
|
|
||||||
when 'suse'
|
|
||||||
'/etc/apache2/conf.d'
|
|
||||||
# `linux` here is sufficient for `arch`
|
|
||||||
when 'linux'
|
|
||||||
'/etc/httpd/conf/extra'
|
|
||||||
end
|
|
||||||
|
|
||||||
describe file("#{confdir}/server-status.conf") do
|
|
||||||
it { should be_file }
|
|
||||||
it { should be_owned_by 'root' }
|
|
||||||
it { should be_grouped_into 'root' }
|
|
||||||
its('mode') { should cmp '0644' }
|
|
||||||
its('content') { should include '# File managed by Salt' }
|
|
||||||
its('content') { should include server_status_stanza }
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,26 +0,0 @@
|
|||||||
# frozen_string_literal: true
|
|
||||||
|
|
||||||
# Overide by OS
|
|
||||||
control 'apache service' do
|
|
||||||
impact 0.5
|
|
||||||
title 'should be running and enabled'
|
|
||||||
|
|
||||||
service_name =
|
|
||||||
case platform[:family]
|
|
||||||
when 'debian', 'suse'
|
|
||||||
'apache2'
|
|
||||||
when 'redhat', 'fedora', 'linux'
|
|
||||||
'httpd'
|
|
||||||
when 'gentoo'
|
|
||||||
'www-servers/apache'
|
|
||||||
when 'bsd'
|
|
||||||
'apache24'
|
|
||||||
when 'windows'
|
|
||||||
'apache'
|
|
||||||
end
|
|
||||||
|
|
||||||
describe service(service_name) do
|
|
||||||
it { should be_enabled }
|
|
||||||
it { should be_running }
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,18 +0,0 @@
|
|||||||
# -*- coding: utf-8 -*-
|
|
||||||
# vim: ft=yaml
|
|
||||||
---
|
|
||||||
name: modules
|
|
||||||
title: apache formula
|
|
||||||
maintainer: SaltStack Formulas
|
|
||||||
license: Apache-2.0
|
|
||||||
summary: Verify that the apache formula manages modules correctly
|
|
||||||
supports:
|
|
||||||
- platform-name: debian
|
|
||||||
- platform-name: ubuntu
|
|
||||||
- platform-name: centos
|
|
||||||
- platform-name: fedora
|
|
||||||
- platform-name: opensuse
|
|
||||||
- platform-name: suse
|
|
||||||
- platform-name: freebsd
|
|
||||||
- platform-name: amazon
|
|
||||||
- platform-name: arch
|
|
Loading…
Reference in New Issue
Block a user