mirror of
https://github.com/inspec/inspec
synced 2025-02-17 06:28:40 +00:00
Support special cases for crontab resource
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
This commit is contained in:
Juan Carlos Castillo Cano
Dominik Richter
parent
ff4e65cab3
commit
1c98ff13f6
5 changed files with 83 additions and 10 deletions
|
|
@ -4,7 +4,7 @@ title: About the crontab Resource
|
||||||
|
|
||||||
# crontab
|
# crontab
|
||||||
|
|
||||||
Use the `crontab` InSpec audit resource to test the crontab entries for a particular user on the system.
|
Use the `crontab` InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc).
|
||||||
|
|
||||||
## Syntax
|
## Syntax
|
||||||
|
|
||||||
|
|
@ -66,3 +66,19 @@ The following examples show how to use this InSpec audit resource.
|
||||||
describe crontab.where { command =~ /a partial command string/ } do
|
describe crontab.where { command =~ /a partial command string/ } do
|
||||||
its('entries.length') { should cmp 1 }
|
its('entries.length') { should cmp 1 }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
### Test a special time string (i.e., @yearly /root/anual_report.sh)
|
||||||
|
|
||||||
|
describe crontab.commands('/root/anual_report.sh') do
|
||||||
|
its('hours') { should cmp '0' }
|
||||||
|
its('minutes') { should cmp '0' }
|
||||||
|
its('days') { should cmp '1' }
|
||||||
|
its('months') { should cmp '1' }
|
||||||
|
end
|
||||||
|
|
||||||
|
### Test @reboot case
|
||||||
|
|
||||||
|
describe crontab.commands('/root/reboot.sh') do
|
||||||
|
its('hours') { should cmp '-1' }
|
||||||
|
its('minutes') { should cmp '-1' }
|
||||||
|
end
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,20 @@ module Inspec::Resources
|
||||||
data, = parse_comment_line(l, comment_char: '#', standalone_comments: false)
|
data, = parse_comment_line(l, comment_char: '#', standalone_comments: false)
|
||||||
return nil if data.nil? || data.empty?
|
return nil if data.nil? || data.empty?
|
||||||
|
|
||||||
|
case data
|
||||||
|
when /@hourly .*/
|
||||||
|
{ 'minute' => '0', 'hour' => '*', 'day' => '*', 'month' => '*', 'weekday' => '*', 'command' => data.split(/\s+/, 2).at(1) }
|
||||||
|
when /@(midnight|daily) .*/
|
||||||
|
{ 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '*', 'command' => data.split(/\s+/, 2).at(1) }
|
||||||
|
when /@weekly .*/
|
||||||
|
{ 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '0', 'command' => data.split(/\s+/, 2).at(1) }
|
||||||
|
when /@monthly ./
|
||||||
|
{ 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '*', 'weekday' => '*', 'command' => data.split(/\s+/, 2).at(1) }
|
||||||
|
when /@(annually|yearly) .*/
|
||||||
|
{ 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '1', 'weekday' => '*', 'command' => data.split(/\s+/, 2).at(1) }
|
||||||
|
when /@reboot .*/
|
||||||
|
{ 'minute' => '-1', 'hour' => '-1', 'day' => '-1', 'month' => '-1', 'weekday' => '-1', 'command' => data.split(/\s+/, 2).at(1) }
|
||||||
|
else
|
||||||
elements = data.split(/\s+/, 6)
|
elements = data.split(/\s+/, 6)
|
||||||
{
|
{
|
||||||
'minute' => elements.at(0),
|
'minute' => elements.at(0),
|
||||||
|
|
@ -56,6 +70,7 @@ module Inspec::Resources
|
||||||
'command' => elements.at(5),
|
'command' => elements.at(5),
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def crontab_cmd
|
def crontab_cmd
|
||||||
@user.nil? ? 'crontab -l' : "crontab -l -u #{@user}"
|
@user.nil? ? 'crontab -l' : "crontab -l -u #{@user}"
|
||||||
|
|
|
||||||
|
|
@ -303,6 +303,8 @@ class MockLoader
|
||||||
'crontab -l' => cmd.call('crontab-root'),
|
'crontab -l' => cmd.call('crontab-root'),
|
||||||
# crontab display for non-current user
|
# crontab display for non-current user
|
||||||
'crontab -l -u foouser' => cmd.call('crontab-foouser'),
|
'crontab -l -u foouser' => cmd.call('crontab-foouser'),
|
||||||
|
# crontab display for special time strings
|
||||||
|
'crontab -l -u special' => cmd.call('crontab-special'),
|
||||||
# zfs output for dataset tank/tmp
|
# zfs output for dataset tank/tmp
|
||||||
'/sbin/zfs get -Hp all tank/tmp' => cmd.call('zfs-get-all-tank-tmp'),
|
'/sbin/zfs get -Hp all tank/tmp' => cmd.call('zfs-get-all-tank-tmp'),
|
||||||
# zfs output for pool tank
|
# zfs output for pool tank
|
||||||
|
|
|
||||||
7
test/unit/mock/cmd/crontab-special
Normal file
7
test/unit/mock/cmd/crontab-special
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
#
|
||||||
|
# This is a sample crontab file for unit testing, for user 'special'
|
||||||
|
#
|
||||||
|
|
||||||
|
* * * * * /bin/custom_script.sh
|
||||||
|
@yearly /usr/local/bin/foo.sh bar
|
||||||
|
@reboot /bin/echo "Rebooting" > /var/log/rebooting.log
|
||||||
|
|
@ -75,4 +75,37 @@ describe 'Inspec::Resources::Crontab' do
|
||||||
_(crontab.to_s).must_equal 'crontab for user foouser'
|
_(crontab.to_s).must_equal 'crontab for user foouser'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'special strings' do
|
||||||
|
let(:crontab) { load_resource('crontab', 'special') }
|
||||||
|
|
||||||
|
it 'returns all params of the file' do
|
||||||
|
_(crontab.params).must_equal([
|
||||||
|
{
|
||||||
|
'minute' => '*',
|
||||||
|
'hour' => '*',
|
||||||
|
'day' => '*',
|
||||||
|
'month' => '*',
|
||||||
|
'weekday' => '*',
|
||||||
|
'command' => '/bin/custom_script.sh',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'minute' => '0',
|
||||||
|
'hour' => '0',
|
||||||
|
'day' => '1',
|
||||||
|
'month' => '1',
|
||||||
|
'weekday' => '*',
|
||||||
|
'command' => '/usr/local/bin/foo.sh bar'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'minute' => '-1',
|
||||||
|
'hour' => '-1',
|
||||||
|
'day' => '-1',
|
||||||
|
'month' => '-1',
|
||||||
|
'weekday' => '-1',
|
||||||
|
'command' => '/bin/echo "Rebooting" > /var/log/rebooting.log'
|
||||||
|
}
|
||||||
|
])
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue