forked from glidenote/serverspec-snippets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ruby.serverspec.snip
533 lines (414 loc) · 14.4 KB
/
ruby.serverspec.snip
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
# Serverspec
# Resource Types http://serverspec.org/resource_types.html
snippet req_spec_helper
require 'spec_helper'
## cgroup http://serverspec.org/resource_types.html#cgroup
snippet cgroup
describe cgroup('${1:description}') do
its('${2:cgroup parameters}') { should ${3} }
end
## command http://serverspec.org/resource_types.html#command
snippet command
describe command('${1:command}') do
${2:TARGET}
end
snippet command_return_stdout
it { should return_stdout '${1:pattern}' }
snippet command_return_stderr
it { should return_stderr '${1:pattern}' }
snippet command_return_exit_status
it { should return_exit_status '${1:status_code}' }
snippet command_its_stdout_stderr
describe command('${1:command}') do
its(:stdout) { should match /${2:pattern}/ }
end
describe command('${3:command}') do
its(:stderr) { should match /${4:pattern}/ }
end
snippet command_its_exit_status
describe command('${1:command}') do
its(:exit_status) { should eq ${2:pattern} }
end
# cron http://serverspec.org/resource_types.html#cron
snippet cron
describe cron do
it { should have_entry '${1:cron}' }
end
snippet cron_with_user
describe cron do
it { should have_entry('${1:cron}').with_user('${2:user}') }
end
# default_gateway http://serverspec.org/resource_types.html#default_gateway
snippet default_gateway
describe default_gateway do
its(:ipaddress) { should eq '${1:ipaddress}' }
its(:interface) { should eq '${2:interface}' }
end
# file http://serverspec.org/resource_types.html#file
snippet file
describe file('${1:file}') do
${2:TARGET}
end
snippet file_be_file
it { should be_file }
snippet file_be_directory
it { should be_directory }
snippet file_be_socket
it { should be_socket }
snippet file_content
its(:content) { should match /${1:pattern}/ }
snippet file_be_mode
it { should be_mode ${1:mode} }
snippet file_be_owned_by
it { should be_owned_by '${1:owner}' }
snippet file_be_grouped_into
it { should be_grouped_into '${1:group}' }
snippet file_be_linked_to
it { should be_linked_to '${1:link}' }
snippet file_be_readable
it { should be_readable }
snippet file_be_readable_extend
it { should be_readable.by('${1:owner}') }
it { should be_readable.by('${2:group}') }
it { should be_readable.by('${3:others}') }
it { should be_readable.by_user('${4:username}') }
snippet file_be_writable
it { should be_writable }
snippet file_be_writable_extend
it { should be_writable.by('${1:owner}') }
it { should be_writable.by('${2:group}') }
it { should be_writable.by('${3:others}') }
it { should be_writable.by_user('${4:username}') }
snippet file_be_executable
it { should be_executable }
snippet file_be_executable_extend
it { should be_executable.by('${1:owner}') }
it { should be_executable.by('${2:group}') }
it { should be_executable.by('${3:others}') }
it { should be_executable.by_user('${4:username}') }
snippet file_be_mounted
it { should be_mounted }
snippet file_be_mounted_type
it { should be_mounted.with( :type => '${1:type}' ) }
snippet file_be_mounted_options
it { should be_mounted.with( :options => { ${1:option} } ) }
snippet file_be_mounted_extend
it do
should be_mounted.only_with(
:device => '${1:device}',
:type => '${2:type}',
:options => {
${2:options}
}
)
end
snippet file_be_version
it { should be_version('${1:version}') }
snippet file_match_md5checksum
it { should match_md5checksum '${1:md5checksum}' }
snippet file_match_sha256checksum
it { should match_sha256checksum '${1:sha256checksum}' }
snippet file_its_md5checksum
its(:md5sum) { should eq '${1:md5sum}' }
snippet file_its_sha256sum
its(:sha256sum) { should eq '${1:sha256sum}' }
snippet file_resource
it { should be_file }
its(:content) { should match /${1:pattern}/ }
it { should be_mode ${2:mode} }
it { should be_owned_by '${3:owner}' }
it { should be_grouped_into '${4:group}' }
## group http://serverspec.org/resource_types.html#group
snippet group
describe group('${1:group}') do
${2:TARGET}
end
snippet group_exist
it { should exist }
snippet group_have_gid
it { should have_gid ${1:gid} }
## host http://serverspec.org/resource_types.html#host
snippet host
describe host('${1:hostname}') do
end
snippet host_be_resolvable
it { should be_resolvable }
snippet host_be_resolvable_hosts
it { should be_resolvable.by('hosts') }
snippet host_be_resolvable_dns
it { should be_resolvable.by('dns') }
snippet host_be_reachable
# ping
it { should be_reachable }
# tcp port 22
it { should be_reachable.with( :port => 22 ) }
# set protocol explicitly
it { should be_reachable.with( :port => 22, :proto => 'tcp' ) }
# udp port 53
it { should be_reachable.with( :port => 53, :proto => 'udp' ) }
# timeout setting (default is 5 seconds)
it { should be_reachable.with( :port => 22, :proto => 'tcp', :timeout => 1 ) }
snippet host_its_ipaddress_eq
its(:ipaddress) { should eq '${1:ipaddress}' }
snippet host_its_ipaddress_match
its(:ipaddress) { should match '${1:ipaddress}' }
## iis_app_pool http://serverspec.org/resource_types.html#iis_app_pool
snippet iis_app_pool
describe iis_app_pool('${1:Default App Pool}') do
end
snippet iis_app_pool_exists
it{ should exist }
snippet iis_app_pool_have_dotnet_version
it{ should have_dotnet_version('${1:version}') }
## iis_website http://serverspec.org/resource_types.html#iis_website
snippet iis_website
describe iis_website('${1:Default Website}') do
end
snippet iis_website_exists
it{ should exist }
snippet iis_website_enabled
it{ should be_enabled }
snippet iis_website_running
it{ should be_running }
snippet iis_website_in_app_pool
it{ should be_in_app_pool('Default App Pool') }
snippet iis_website_have_physical_path
it{ should have_physical_path('C:\\inetpub\\www') }
## interface http://serverspec.org/resource_types.html#interface
snippet interface
describe interface('${1:interface}') do
end
snippet interface_up
describe interface('${1:interface}') do
it { should be_up }
end
snippet interface_speed
its(:speed) { should eq ${1:speed} }
snippet interface_have_ipv4_address
it { should have_ipv4_address("${1:ipaddress}") }
it { should have_ipv4_address("${2:ipaddress/netmask}") }
## ipfilter http://serverspec.org/resource_types.html#ipfilter
snippet ipfilter_have_rule
describe ipfilter do
it { should have_rule '${1:ipfilter_rule}' }
end
## ipnat http://serverspec.org/resource_types.html#ipnat
snippet ipnat_have_rule
describe ipnat do
it { should have_rule '${1:ipnat_rule}' }
end
## iptables http://serverspec.org/resource_types.html#iptables
snippet iptables_have_rule
describe iptables do
it { should have_rule('${1:iptables_rule}') }
end
snippet iptables_have_rule_extend
describe iptables do
it { should have_rule('${1:iptables_rule}').with_table('${2:table}').with_chain('${3:chain}') }
end
## kernel_module http://serverspec.org/resource_types.html#kernel_module
snippet kernel_module_be_loaded
describe kernel_module('${1:kernel_module}') do
it { should be_loaded }
end
## linux_kernel_parameter http://serverspec.org/resource_types.html#linux_kernel_parameter
snippet linux_kernel_parameter
describe 'Linux kernel parameters' do
context linux_kernel_parameter('net.ipv4.tcp_syncookies') do
its(:value) { should eq 1 }
end
context linux_kernel_parameter('kernel.shmall') do
its(:value) { should be >= 4294967296 }
end
context linux_kernel_parameter('kernel.shmmax') do
its(:value) { should be <= 68719476736 }
end
context linux_kernel_parameter('kernel.osrelease') do
its(:value) { should eq '2.6.32-131.0.15.el6.x86_64' }
end
context linux_kernel_parameter('net.ipv4.tcp_wmem') do
its(:value) { should match /4096\t16384\t4194304/ }
end
end
## LXC http://serverspec.org/resource_types.html#LXC
snippet lxc
describe lxc('${1:lxc}') do
it { should exist }
it { should be_running }
end
## mail_alias http://serverspec.org/resource_types.html#mail_alias
snippet mail_alias
describe mail_alias('${1:mail_alias}') do
it { should be_aliased_to '${2:user}' }
end
## package http://serverspec.org/resource_types.html#package
snippet package_be_installed
describe package('${1:package}') do
it { should be_installed }
end
snippet package_be_installed_gem
describe package('${1:gem_name}') do
it { should be_installed.by('gem').with_version('${2:gem_version}') }
end
## php_config http://serverspec.org/resource_types.html#php_config
snippet php_config
describe 'PHP config parameters' do
context php_config('default_mimetype') do
its(:value) { should eq 'text/html' }
end
context php_config('session.cache_expire') do
its(:value) { should eq 180 }
end
context php_config('mbstring.http_output_conv_mimetypes') do
its(:value) { should match /application/ }
end
end
## port http://serverspec.org/resource_types.html#port
snippet port_be_listening
describe port(${1:port_number}) do
it { should be_listening }
end
snippet port_be_listening_extend
describe port(${1:port_number}) do
it { should be_listening.with('${2:protocol}') }
end
## ppa http://serverspec.org/resource_types.html#ppa
snippet ppa_exist
describe ppa('${1:ppa-name}') do
it { should exist }
end
snippet ppa_be_enabled
describe ppa('${1:ppa-name}') do
it { should be_enabled }
end
## process http://serverspec.org/resource_types.html#process
snippet process
describe process("${1:process}") do
its(:args) { should match /${2:pattern}/ }
end
snippet process_be_running
describe process("${1:process}") do
it { should be_running }a
end
## routing_table http://serverspec.org/resource_types.html#routing_table
snippet routing_table_have_entry
describe routing_table do
it do
should have_entry(
:destination => '${1:iptables/netmask}',
:interface => '${2:interface}',
:gateway => '${3:gateway}',
)
end
end
## selinux http://serverspec.org/resource_types.html#selinux
snippet selinux
# SELinux should be disabled
describe selinux do
it { should be_disabled }
end
# SELinux should be enforcing
describe selinux do
it { should be_enforcing }
end
# SELinux should be permissive
describe selinux do
it { should be_permissive }
end
## service http://serverspec.org/resource_types.html#service
snippet service
describe service('${1:service}') do
${2:TARGET}
end
snippet service_be_enabled
it { should be_enabled }
snippet service_be_enabled_level
it { should be_enabled.with_level(${1:level}) }
snippet service_be_installed_for_windows
it { should be_installed }
snippet service_be_running
it { should be_running }
snippet service_be_running_under
it { should be_running.under('${1:supervisor}') }
snippet service_be_monitored_by
it { should be_monitored_by('${1:monitored_by}')
snippet service_have_start_mode_for_windows
it { should have_start_mode('Manual') }
snippet service_be_enabled_and_running
it { should be_enabled }
it { should be_running }
## user http://serverspec.org/resource_types.html#user
snippet user
describe user('${1:user}') do
${2:TARGET}
end
snippet user_exist
it { should exist }
snippet user_belong_to_group
it { should belong_to_group '${2:group}' }
snippet user_have_uid
it { should have_uid ${1:uid} }
snippet user_have_home_directory
it { should have_home_directory '${1:dir_path}' }
snippet user_have_login_shell
it { should have_login_shell '${1:shell_path}' }
snippet user_have_authorized_key
it { should have_authorized_key '${1:authorized_key}' }
snippet user_resource
it { should exist }
it { should have_uid ${1:uid} }
it { should belong_to_group '${2:group}' }
it { should have_home_directory '${3:dir_path}' }
it { should have_login_shell '${4:shell_path}' }
it { should have_authorized_key '${5:authorized_key}' }
## windows_feature http://serverspec.org/resource_types.html#windows_feature
snippet windows_feature_installed
describe windows_feature('${1:service}') do
it{ should be_installed }
end
snippet windows_feature_installed_extend
describe windows_feature('IIS-Webserver') do
it{ should be_installed.by("dism") }
end
describe windows_feature('Web-Webserver') do
it{ should be_installed.by("powershell") }
end
## windows_registry_key http://serverspec.org/resource_types.html#windows_registry_key
snippet windows_registry_key_exist
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should exist }
end
snippet windows_registry_key_have_property
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should have_property('string value') }
it { should have_property('binary value', :type_binary) }
it { should have_property('dword value', :type_dword) }
end
snippet windows_registry_key_have_value
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should have_value('test default data') }
end
snippet windows_registry_key_have_property_value
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should have_property_value('multistring value', :type_multistring, "test\nmulti\nstring\ndata") }
it { should have_property_value('qword value', :type_qword, 'adff32') }
it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
end
## yumrepo http://serverspec.org/resource_types.html#yumrepo
snippet yumrepo_exist
describe yumrepo('${1:repo}') do
it { should exist }
end
snippet yumrepo_be_enabled
describe yumrepo('${1:repo}') do
it { should be_enabled }
end
# zfs http://serverspec.org/resource_types.html#zfs
snippet zfs_exist
describe zfs('${1:pool}') do
it { should exist }
end
snippet zfs_have_property
describe zfs('${1:pool}') do
it { should have_property 'mountpoint' => '${2:value}', 'compression' => '${3:value}' }
end