2021-04-09 09:05:06 +00:00
|
|
|
require "helper"
|
|
|
|
require "inspec/resource"
|
|
|
|
require "inspec/resources/selinux"
|
|
|
|
|
|
|
|
describe "Inspec::Resources::Selinux" do
|
2021-04-16 14:37:06 +00:00
|
|
|
let(:resource) { load_resource("selinux") }
|
|
|
|
|
2021-04-12 09:08:13 +00:00
|
|
|
it "verify selinux is installed" do
|
|
|
|
resource = load_resource("selinux", "/etc/selinux/selinux_conf")
|
|
|
|
_(resource.installed?).must_equal true
|
|
|
|
end
|
|
|
|
|
2021-04-09 09:05:06 +00:00
|
|
|
it "verify selinux state - enforcing" do
|
|
|
|
_(resource.enforcing?).must_equal true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "verify selinux state - permissive" do
|
|
|
|
_(resource.permissive?).must_equal false
|
|
|
|
end
|
|
|
|
|
2021-04-16 14:37:06 +00:00
|
|
|
it "verify selinux disabled" do
|
2021-04-09 09:05:06 +00:00
|
|
|
_(resource.disabled?).must_equal false
|
|
|
|
end
|
|
|
|
|
2021-04-16 14:37:06 +00:00
|
|
|
it "verify selinux policy type is targeted" do
|
|
|
|
_(resource.policy).must_equal "targeted"
|
|
|
|
end
|
|
|
|
|
2021-04-09 14:56:13 +00:00
|
|
|
it "verify selinux on linux" do
|
|
|
|
resource = MockLoader.new(:linux).load_resource("selinux")
|
|
|
|
_(resource.enforcing?).must_equal true
|
|
|
|
_(resource.permissive?).must_equal false
|
|
|
|
_(resource.disabled?).must_equal false
|
|
|
|
end
|
|
|
|
|
2021-04-09 09:05:06 +00:00
|
|
|
it "verify selinux on windows" do
|
2021-04-09 14:56:13 +00:00
|
|
|
resource = MockLoader.new(:windows).load_resource("selinux")
|
2021-04-12 09:08:13 +00:00
|
|
|
_(resource.installed?).must_equal false
|
|
|
|
_(resource.enforcing?).must_equal false
|
2021-04-09 14:56:13 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it "verify selinux on freebsd" do
|
|
|
|
resource = MockLoader.new(:freebsd12).load_resource("selinux")
|
2021-04-12 09:08:13 +00:00
|
|
|
_(resource.installed?).must_equal false
|
|
|
|
_(resource.enforcing?).must_equal false
|
2021-04-09 09:05:06 +00:00
|
|
|
end
|
2021-04-16 14:37:06 +00:00
|
|
|
|
2022-02-08 08:34:22 +00:00
|
|
|
it "verify selinux on Amazon Linux" do
|
|
|
|
resource = MockLoader.new(:amazon2).load_resource("selinux")
|
|
|
|
_(resource.installed?).must_equal false
|
|
|
|
_(resource.enforcing?).must_equal true
|
|
|
|
end
|
|
|
|
|
2021-04-16 14:37:06 +00:00
|
|
|
it "verify selinux.modules is exist" do
|
|
|
|
_(resource.modules.exist?).must_equal true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "verify selinux.modules parsing" do
|
|
|
|
_(resource.modules.names).must_equal %w{foo bar baz}
|
|
|
|
_(resource.modules.states).must_equal %w{enabled disabled enabled}
|
|
|
|
_(resource.modules.status).must_equal %w{installed installed installed}
|
|
|
|
_(resource.modules.priorities).must_equal %w{100 100 100}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "verify selinux.booleans is exist" do
|
|
|
|
_(resource.booleans.exist?).must_equal true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "verify selinux.booleans parsing" do
|
|
|
|
_(resource.booleans.names).must_equal %w{xen_use_nfs xend_run_blktap zebra_write_config}
|
|
|
|
_(resource.booleans.states).must_equal %w{off on off}
|
|
|
|
_(resource.booleans.defaults).must_equal %w{off on off}
|
|
|
|
end
|
2021-04-09 09:05:06 +00:00
|
|
|
end
|