46 lines
1.4 KiB
Ruby
46 lines
1.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
control 'apache mod_security configuration' do
|
|
title 'should match desired lines'
|
|
|
|
only_if('Disabled on Arch Linux') do
|
|
!%w[arch].include?(platform[:name])
|
|
end
|
|
|
|
modspec_file =
|
|
case system.platform[:family]
|
|
when 'redhat', 'fedora'
|
|
'/etc/httpd/conf.d/mod_security.conf'
|
|
when 'debian'
|
|
'/etc/modsecurity/modsecurity.conf-recommended'
|
|
when 'suse'
|
|
'/etc/apache2/conf.d/mod_security2.conf'
|
|
when 'bsd'
|
|
'/usr/local/etc/modsecurity/modsecurity.conf'
|
|
end
|
|
|
|
modspec_file_group =
|
|
case system.platform[:family]
|
|
when 'bsd'
|
|
'wheel'
|
|
else
|
|
'root'
|
|
end
|
|
|
|
describe file(modspec_file) do
|
|
it { should be_file }
|
|
its('mode') { should cmp '0644' }
|
|
its('owner') { should eq 'root' }
|
|
its('group') { should eq modspec_file_group }
|
|
its('content') { should match(/SecRuleEngine On/) }
|
|
its('content') { should match(/SecRequestBodyAccess On/) }
|
|
its('content') { should match(/SecRequestBodyLimit 14000000/) }
|
|
its('content') { should match(/SecRequestBodyNoFilesLimit 114002/) }
|
|
its('content') { should match(/SecRequestBodyInMemoryLimit 114002/) }
|
|
its('content') { should match(/SecRequestBodyLimitAction Reject/) }
|
|
its('content') { should match(/SecPcreMatchLimit 15000/) }
|
|
its('content') { should match(/SecPcreMatchLimitRecursion 15000/) }
|
|
its('content') { should match(/SecDebugLogLevel 3/) }
|
|
end
|
|
end
|