inspec/test/integration/default/registry_key_spec.rb

114 lines
3.9 KiB
Ruby
Raw Normal View History

2015-11-12 17:56:08 +00:00
# encoding: utf-8
2016-08-12 08:19:35 +00:00
unless os.windows?
STDERR.puts "\033[1;33mTODO: Not running #{__FILE__} because we are not on Windows.\033[0m"
return
end
2015-11-17 21:12:19 +00:00
2016-05-10 17:23:11 +00:00
describe registry_key('HKLM\System\Test') do
it { should exist }
it { should have_value('test') }
it { should have_property('binary value', :binary) }
it { should have_property('Binary value', :binary) }
it { should have_property('string value') }
it { should have_property('String value') }
it { should have_property('dword value', :dword) }
it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
it { should have_property_value('qword value', :qword, 0) }
it { should have_property_value('Qword value', :qword, 0) }
it { should have_property_value('binary value', :binary, 'dfa0f066') }
it { should have_property_value('Binary value', :binary, 'dfa0f066') }
end
2015-11-17 21:12:19 +00:00
2016-10-05 10:28:34 +00:00
describe registry_key('HKLM\Missing\In\Action') do
it { should_not exist }
end
2016-05-10 17:23:11 +00:00
# serverspec compatability
describe windows_registry_key('HKLM\System\Test') do
it { should exist }
it { should have_value('test') }
it { should have_property('string value') }
it { should have_property('binary value', :type_binary) }
it { should have_property('dword value', :type_dword) }
it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
it { should have_property_value('qword value', :type_qword, 0) }
it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
end
2015-11-17 21:12:19 +00:00
2016-05-10 17:23:11 +00:00
describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
it { should exist }
its('MaxSize') { should_not eq nil }
end
2015-11-12 17:56:08 +00:00
2016-05-10 17:23:11 +00:00
describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
it { should exist }
it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
# case-insensitive test
it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
end
2015-11-12 17:56:08 +00:00
2016-05-10 17:23:11 +00:00
describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
it { should exist }
its('NullSessionShares') { should eq [''] }
end
2015-11-12 17:56:08 +00:00
2016-05-10 17:23:11 +00:00
describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
it { should exist }
its('Isolation64Bit') { should eq 1 }
# check that its is case-insensitive
its('isolation64bit') { should eq 1 }
end
2015-11-12 17:56:08 +00:00
describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
it { should exist }
its('NTLMMinServerSec') { should eq 537_395_200 }
its('NtlmMinServerSec') { should eq 537_395_200 }
end
2016-05-10 17:23:11 +00:00
describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
it { should exist }
its('MinEncryptionLevel') { should eq 3 }
end
2015-11-17 21:12:19 +00:00
# test option hash
describe registry_key({
hive: 'HKLM',
key: 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
}) do
it { should exist }
its('MinEncryptionLevel') { should eq 3 }
end
describe registry_key({
hive: 'HKEY_LOCAL_MACHINE',
key: 'SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\8C941B34EA1EA6ED9AE2BC54CF687252B4C9B561'
}) do
2016-05-10 17:23:11 +00:00
it { should exist }
2015-11-12 17:56:08 +00:00
end
# test regular expressions in our match
describe registry_key({
hive: 'HKEY_LOCAL_MACHINE',
key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
}) do
its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
end
# verify all children via a regular expression
control 'regex-test' do
title "Ensure 'Always install with elevated privileges' is set to 'Disabled'"
children = registry_key({
hive: 'HKEY_USERS'
}).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/)
describe children do
it { should_not eq []}
end
children.each { |key|
describe registry_key(key) do
its('AlwaysInstallElevated') { should cmp 0 }
end
}
end