28 lines
1019 B
Ruby
28 lines
1019 B
Ruby
describe 'apache.mod_security' do
|
|
|
|
case os[:family]
|
|
when 'redhat'
|
|
modspec_file = '/etc/httpd/conf.d/mod_security.conf'
|
|
when 'debian', 'ubuntu'
|
|
modspec_file = '/etc/modsecurity/modsecurity.conf-recommended'
|
|
else
|
|
# No other supported ATM
|
|
end
|
|
|
|
describe file(modspec_file) do
|
|
it { should exist }
|
|
it { should be_mode 644 }
|
|
it { should be_owned_by 'root' }
|
|
it { should be_grouped_into 'root' }
|
|
its(:content) { should match /SecRuleEngine On/ }
|
|
its(:content) { should match /SecRequestBodyAccess On/ }
|
|
its(:content) { should match /SecRequestBodyLimit 14000000/ }
|
|
its(:content) { should match /SecRequestBodyNoFilesLimit 114002/ }
|
|
its(:content) { should match /SecRequestBodyInMemoryLimit 114002/ }
|
|
its(:content) { should match /SecRequestBodyLimitAction Reject/ }
|
|
its(:content) { should match /SecPcreMatchLimit 15000/ }
|
|
its(:content) { should match /SecPcreMatchLimitRecursion 15000/ }
|
|
its(:content) { should match /SecDebugLogLevel 3/ }
|
|
end
|
|
end
|