mirror of
https://github.com/inspec/inspec
synced 2024-11-30 08:30:39 +00:00
7fc7942ab1
* New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * Modifications to new resourec - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * Modifications to new resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * Modifications to new resource firewalld Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Modifications to new resource - firewalld Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse. Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Modifications made * installed? method now tells by checking if firewall-cmd is a command on the system * The firewalld_command method now strips the stdout of the return * added another test for testing multiple active zones Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Fixing rake lint issue Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Fixing match and returning boolean for seeing if firewalld is running Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Fixing lint issues Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Empty commit to rerun. Accidentally updated branch. Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Rerunning test, accidentally updated branch. needs sign off commit Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
64 lines
2.2 KiB
Ruby
64 lines
2.2 KiB
Ruby
# encoding: utf-8
|
|
# author: Matthew Dromazos
|
|
|
|
require 'helper'
|
|
require 'inspec/resource'
|
|
|
|
describe 'Inspec::Resources::FirewallD' do
|
|
centResource = MockLoader.new(:centos7).load_resource('firewalld')
|
|
|
|
it 'verify firewalld detects a zone' do
|
|
_(centResource.has_zone?('public')).must_equal true
|
|
_(centResource.has_zone?('zonenotinfirewalld')).must_equal false
|
|
end
|
|
|
|
it 'verity firewalld is running' do
|
|
_(centResource.running?).must_equal true
|
|
end
|
|
|
|
it 'verify firewalld detects a default_zone' do
|
|
_(centResource.default_zone).must_equal 'public'
|
|
end
|
|
|
|
it 'parses zones with multiple interfaces' do
|
|
entries = centResource.where { zone == 'public' }
|
|
_(entries.interfaces).must_equal [['enp0s3', 'eno2']]
|
|
end
|
|
|
|
it 'detects services in an active zone' do
|
|
entries = centResource.where { zone == 'public' }
|
|
_(entries.services).must_equal [['ssh', 'icmp']]
|
|
end
|
|
|
|
it 'detects multiple active zones' do
|
|
entries = centResource.where { zone == 'public' }
|
|
_(entries.interfaces).must_equal [['enp0s3', 'eno2']]
|
|
entries = centResource.where { zone == 'default' }
|
|
_(entries.interfaces).must_equal [['enp0s3']]
|
|
end
|
|
|
|
it 'detects sources in an active zone' do
|
|
entries = centResource.where { zone == 'public' }
|
|
_(entries.sources).must_equal [['192.168.1.0/24', '192.168.1.2']]
|
|
end
|
|
|
|
it 'verify firewalld detects a whether or not a service is allowed in a zone' do
|
|
_(centResource.has_service_enabled_in_zone?('ssh', 'public')).must_equal true
|
|
end
|
|
|
|
it 'verify firewalld detects ports enabled for a service in a zone' do
|
|
_(centResource.service_ports_enabled_in_zone('ssh', 'public')).must_equal ['22/tcp']
|
|
end
|
|
|
|
it 'verify firewalld detects protocols enabled for a service in a zone' do
|
|
_(centResource.service_protocols_enabled_in_zone('ssh', 'public')).must_equal ['icmp']
|
|
end
|
|
|
|
it 'verify firewalld detects a whether or not a service is allowed in a zone' do
|
|
_(centResource.has_port_enabled_in_zone?('22/udp', 'public')).must_equal true
|
|
end
|
|
|
|
it 'verify firewalld detects a whether or not a rule is enabled in a zone' do
|
|
_(centResource.has_rule_enabled?('family=ipv4 source address=192.168.0.14 accept', 'public')).must_equal true
|
|
end
|
|
end
|