mirror of
https://github.com/inspec/inspec
synced 2024-09-22 15:32:02 +00:00
Merge pull request #303 from chef/sr/fix256
port resource: array attributes, resource alternative
This commit is contained in:
commit
d3fc0031d6
5 changed files with 72 additions and 40 deletions
|
@ -92,7 +92,7 @@ end
|
|||
|
||||
describe port(443) do
|
||||
it { should be_listening }
|
||||
its('protocol') {should eq 'tcp'}
|
||||
its('protocols') {should include 'tcp'}
|
||||
end
|
||||
```
|
||||
|
||||
|
|
|
@ -3176,10 +3176,10 @@ A ``port`` |inspec resource| block declares a port, and then depending on what n
|
|||
|
||||
describe port(514) do
|
||||
it { should be_listening }
|
||||
its('process') {should eq 'syslog'}
|
||||
its('processes') {should include 'syslog'}
|
||||
end
|
||||
|
||||
where the ``process`` returns the process listening on port 514.
|
||||
where the ``processes`` returns the processes listening on port 514.
|
||||
|
||||
Matchers
|
||||
-----------------------------------------------------
|
||||
|
@ -3195,33 +3195,33 @@ The ``be_listening`` matcher tests if the port is listening for traffic:
|
|||
|
||||
pid
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
The ``pid`` matcher tests the process identifier (PID):
|
||||
The ``pids`` matcher tests the process identifier (PID):
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
its('pid') { should eq '27808' }
|
||||
its('pids') { should eq ['27808'] }
|
||||
|
||||
process
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
The ``process`` matcher tests if the named process is running on the system:
|
||||
The ``processes`` matcher tests if the named process is running on the system:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
its('process') { should eq 'syslog' }
|
||||
its('processes') { should eq ['syslog'] }
|
||||
|
||||
protocol
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
The ``protocol`` matcher tests the Internet protocol: |icmp| (``'icmp'``), |tcp| (``'tcp'`` or ``'tcp6'``), or |udp| (``'udp'`` or ``'udp6'``):
|
||||
The ``protocols`` matcher tests the Internet protocol: |icmp| (``'icmp'``), |tcp| (``'tcp'`` or ``'tcp6'``), or |udp| (``'udp'`` or ``'udp6'``):
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
its('protocol') { should eq 'tcp' }
|
||||
its('protocols') { should eq ['tcp'] }
|
||||
|
||||
or for the |ipv6| protocol:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
its('protocol') { should eq 'tcp6' }
|
||||
its('protocols') { should eq ['tcp6'] }
|
||||
|
||||
Examples
|
||||
-----------------------------------------------------
|
||||
|
@ -3233,7 +3233,7 @@ The following examples show how to use this InSpec audit resource.
|
|||
|
||||
describe port(80) do
|
||||
it { should be_listening }
|
||||
its('protocol') {should eq 'tcp'}
|
||||
its('protocols') {should eq ['tcp']}
|
||||
end
|
||||
|
||||
**Test port 80, listening with TCP version IPv6 protocol**
|
||||
|
@ -3242,7 +3242,7 @@ The following examples show how to use this InSpec audit resource.
|
|||
|
||||
describe port(80) do
|
||||
it { should be_listening }
|
||||
its('protocol') {should eq 'tcp6'}
|
||||
its('protocols') {should eq ['tcp6']}
|
||||
end
|
||||
|
||||
**Test ports for HTTPs**
|
||||
|
@ -3255,7 +3255,22 @@ The following examples show how to use this InSpec audit resource.
|
|||
|
||||
describe port(443) do
|
||||
it { should be_listening }
|
||||
its('protocol') {should eq 'tcp'}
|
||||
its('protocols') {should eq ['tcp']}
|
||||
end
|
||||
|
||||
**Test port 80 on a specific address**
|
||||
|
||||
This check can be implemented in two equivalent ways:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
describe port(80) do
|
||||
it { should be_listening }
|
||||
its('addresses') {should include '0.0.0.0'}
|
||||
end
|
||||
|
||||
describe port('0.0.0.0', 80) do
|
||||
it { should be_listening }
|
||||
end
|
||||
|
||||
postgres_conf
|
||||
|
|
|
@ -21,11 +21,12 @@ class Port < Inspec.resource(1)
|
|||
example "
|
||||
describe port(80) do
|
||||
it { should be_listening }
|
||||
its('protocol') {should eq 'tcp'}
|
||||
its('protocols') {should eq ['tcp']}
|
||||
end
|
||||
"
|
||||
|
||||
def initialize(port)
|
||||
def initialize(ip = nil, port) # rubocop:disable OptionalArguments
|
||||
@ip = ip
|
||||
@port = port
|
||||
@port_manager = nil
|
||||
@cache = nil
|
||||
|
@ -48,17 +49,17 @@ class Port < Inspec.resource(1)
|
|||
info.size > 0
|
||||
end
|
||||
|
||||
def protocol
|
||||
def protocols
|
||||
res = info.map { |x| x[:protocol] }.uniq.compact
|
||||
res.size > 0 ? res : nil
|
||||
end
|
||||
|
||||
def process
|
||||
def processes
|
||||
res = info.map { |x| x[:process] }.uniq.compact
|
||||
res.size > 0 ? res : nil
|
||||
end
|
||||
|
||||
def pid
|
||||
def pids
|
||||
res = info.map { |x| x[:pid] }.uniq.compact
|
||||
res.size > 0 ? res : nil
|
||||
end
|
||||
|
@ -75,18 +76,21 @@ class Port < Inspec.resource(1)
|
|||
return @cache = [] if @port_manager.nil?
|
||||
# query ports
|
||||
ports = @port_manager.info || []
|
||||
@cache = ports.select { |p| p[:port] == @port }
|
||||
@cache = ports.select { |p| p[:port] == @port && (!@ip || p[:address] == @ip) }
|
||||
end
|
||||
end
|
||||
|
||||
# implements an info method and returns all ip adresses and protocols for
|
||||
# each port
|
||||
# [{
|
||||
# port: 80,
|
||||
# address: [{
|
||||
# ip: '0.0.0.0'
|
||||
# protocol: 'tcp'
|
||||
# }],
|
||||
# port: 22,
|
||||
# address: '0.0.0.0'
|
||||
# protocol: 'tcp'
|
||||
# },
|
||||
# {
|
||||
# port: 22,
|
||||
# address: '::'
|
||||
# protocol: 'tcp6'
|
||||
# }]
|
||||
class PortsInfo
|
||||
attr_reader :inspec
|
||||
|
|
|
@ -4,6 +4,6 @@ if os.unix?
|
|||
# check that ssh runs
|
||||
describe port(22) do
|
||||
it { should be_listening }
|
||||
its('protocol') { should include('tcp') }
|
||||
its('protocols') { should include('tcp') }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,45 +9,58 @@ describe 'Inspec::Resources::Port' do
|
|||
it 'verify port on Ubuntu 14.04' do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource('port', 22)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocol).must_equal %w{ tcp tcp6 }
|
||||
_(resource.pid).must_equal [1]
|
||||
_(resource.process).must_equal ['sshd']
|
||||
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
||||
_(resource.pids).must_equal [1]
|
||||
_(resource.processes).must_equal ['sshd']
|
||||
end
|
||||
|
||||
it 'verify port on MacOs x' do
|
||||
resource = MockLoader.new(:osx104).load_resource('port', 2022)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocol).must_equal ['tcp']
|
||||
_(resource.process).must_equal ['VBoxHeadl']
|
||||
_(resource.protocols).must_equal ['tcp']
|
||||
_(resource.processes).must_equal ['VBoxHeadl']
|
||||
end
|
||||
|
||||
it 'verify port on Windows' do
|
||||
resource = MockLoader.new(:windows).load_resource('port', 135)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocol).must_equal ['tcp']
|
||||
_(resource.process).must_equal nil
|
||||
_(resource.protocols).must_equal ['tcp']
|
||||
_(resource.processes).must_equal nil
|
||||
end
|
||||
|
||||
it 'verify port on FreeBSD' do
|
||||
resource = MockLoader.new(:freebsd10).load_resource('port', 22)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocol).must_equal %w{ tcp6 tcp }
|
||||
_(resource.pid).must_equal [668]
|
||||
_(resource.process).must_equal ['sshd']
|
||||
_(resource.protocols).must_equal %w{ tcp6 tcp }
|
||||
_(resource.pids).must_equal [668]
|
||||
_(resource.processes).must_equal ['sshd']
|
||||
end
|
||||
|
||||
it 'verify port on wrlinux' do
|
||||
resource = MockLoader.new(:wrlinux).load_resource('port', 22)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocol).must_equal %w{ tcp tcp6 }
|
||||
_(resource.process).must_equal ['sshd']
|
||||
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
||||
_(resource.processes).must_equal ['sshd']
|
||||
end
|
||||
|
||||
it 'verify running on undefined' do
|
||||
resource = MockLoader.new(:undefined).load_resource('port', 22)
|
||||
_(resource.listening?).must_equal false
|
||||
_(resource.protocol).must_equal nil
|
||||
_(resource.pid).must_equal nil
|
||||
_(resource.process).must_equal nil
|
||||
_(resource.protocols).must_equal nil
|
||||
_(resource.pids).must_equal nil
|
||||
_(resource.processes).must_equal nil
|
||||
end
|
||||
|
||||
it 'verify port and interface on Ubuntu 14.04' do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource('port', '0.0.0.0', 22)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal %w{ tcp }
|
||||
_(resource.pids).must_equal [1]
|
||||
_(resource.processes).must_equal ['sshd']
|
||||
end
|
||||
|
||||
it 'verify not listening port on interface on Ubuntu 14.04' do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource('port', '127.0.0.1', 22)
|
||||
_(resource.listening?).must_equal false
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue