mirror of
https://github.com/inspec/inspec
synced 2024-11-14 08:57:11 +00:00
08e3b90f2b
Signed-off-by: Jonathan Hartman <j@hartman.io>
244 lines
9 KiB
Ruby
244 lines
9 KiB
Ruby
# encoding: utf-8
|
|
# author: Christoph Hartmann
|
|
# author: Dominik Richter
|
|
|
|
require 'helper'
|
|
require 'inspec/resource'
|
|
|
|
describe 'Inspec::Resources::Port' do
|
|
it 'verify port on Ubuntu 14.04' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
_(resource.pids).must_equal [1222]
|
|
_(resource.processes).must_equal ['sshd']
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
|
end
|
|
|
|
it 'lists all ports' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port')
|
|
_(resource.entries.length).must_equal 9
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ udp tcp tcp6 }
|
|
_(resource.pids).must_equal [1146, 1222, 1722, 579]
|
|
_(resource.processes).must_equal ['dhclient', 'sshd', 'java', 'nginx', 'sendmail']
|
|
_(resource.addresses).must_equal ['0.0.0.0', '10.0.2.15', 'fe80::a00:27ff:fe32:ed09', '::']
|
|
end
|
|
|
|
it 'filter ports by conditions' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port').where { protocol =~ /udp/i }
|
|
_(resource.entries.length).must_equal 1
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal ['udp']
|
|
_(resource.pids).must_equal [1146]
|
|
_(resource.processes).must_equal ['dhclient']
|
|
_(resource.addresses).must_equal ['0.0.0.0']
|
|
end
|
|
|
|
it 'verify UDP port on Ubuntu 14.04' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', 68)
|
|
_(resource.entries.length).must_equal 1
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal ['udp']
|
|
_(resource.pids).must_equal [1146]
|
|
_(resource.processes).must_equal ['dhclient']
|
|
_(resource.addresses).must_equal ['0.0.0.0']
|
|
end
|
|
|
|
it 'accepts the port as a string' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', '68')
|
|
_(resource.entries.length).must_equal 1
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal ['udp']
|
|
_(resource.pids).must_equal [1146]
|
|
_(resource.processes).must_equal ['dhclient']
|
|
_(resource.addresses).must_equal ['0.0.0.0']
|
|
end
|
|
|
|
it 'properly handles multiple processes using one fd' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', '80')
|
|
_(resource.entries.length).must_equal 1
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal ['tcp']
|
|
_(resource.pids).must_equal [579]
|
|
_(resource.processes).must_equal ['nginx']
|
|
_(resource.addresses).must_equal ['0.0.0.0']
|
|
end
|
|
|
|
it 'properly handles a IPv4 address in a v6 listing' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', 9200)
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
_(resource.addresses).must_equal ['10.0.2.15', 'fe80::a00:27ff:fe32:ed09']
|
|
end
|
|
|
|
it 'verify port on Alpine Linux without iproute2 installed' do
|
|
resource = MockLoader.new(:alpine).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
_(resource.pids).must_equal [1]
|
|
_(resource.processes).must_equal ['sshd']
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
|
end
|
|
|
|
it 'verify port on MacOs x' do
|
|
resource = MockLoader.new(:osx104).load_resource('port', 2022)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.pids).must_equal [6835]
|
|
_(resource.protocols).must_equal ['tcp']
|
|
_(resource.processes).must_equal ['VBoxHeadl']
|
|
_(resource.addresses).must_equal ["127.0.0.1"]
|
|
end
|
|
|
|
it 'verify port on Windows 2012r2' do
|
|
resource = MockLoader.new(:windows).load_resource('port', 135)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.pids).must_equal [564]
|
|
_(resource.protocols).must_equal ['tcp']
|
|
_(resource.processes).must_equal ['RpcSs']
|
|
_(resource.addresses).must_equal ['0.0.0.0', '::']
|
|
end
|
|
|
|
it 'verify SSL port on Windows 2012r2' do
|
|
resource = MockLoader.new(:windows).load_resource('port', 443)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.pids).must_equal [4]
|
|
_(resource.protocols).must_equal ['tcp']
|
|
_(resource.processes).must_equal ['System']
|
|
_(resource.addresses).must_equal ['0.0.0.0', '::']
|
|
end
|
|
|
|
it 'verify syslog port on Windows 2012r2' do
|
|
resource = MockLoader.new(:windows).load_resource('port', 514)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.pids).must_equal [1120]
|
|
_(resource.protocols).must_equal ['udp']
|
|
_(resource.processes).must_equal ['Syslogd_Service.exe']
|
|
_(resource.addresses).must_equal ['0.0.0.0']
|
|
end
|
|
|
|
it 'verify not listening port on Windows' do
|
|
resource = MockLoader.new(:windows).load_resource('port', 666)
|
|
_(resource.listening?).must_equal false
|
|
_(resource.addresses).must_equal []
|
|
_(resource.protocols).must_equal []
|
|
_(resource.processes).must_equal []
|
|
_(resource.addresses).must_equal []
|
|
end
|
|
|
|
it 'verify all ports on Windows 2012r2' do
|
|
resource = MockLoader.new(:windows).load_resource('port')
|
|
resource.entries.length.must_equal 49
|
|
resource.protocols('tcp').entries.length.must_equal 34
|
|
resource.protocols('udp').entries.length.must_equal 15
|
|
end
|
|
|
|
it 'verify port on Windows 2008 (unpriviledged)' do
|
|
ml = MockLoader.new(:windows)
|
|
# kill windows 2012 shell commands
|
|
ml.backend.backend.commands
|
|
.select { |k, _| k.start_with? 'Get-NetTCPConnection' }
|
|
.values.each { |r| r.stdout = '' }
|
|
|
|
resource = ml.load_resource('port', 135)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.pids).must_equal [564]
|
|
_(resource.protocols).must_equal ['tcp']
|
|
_(resource.processes).must_equal ['RpcSs']
|
|
_(resource.addresses).must_equal %w{0.0.0.0 ::}
|
|
end
|
|
|
|
it 'verify port list on Windows 2008 (unpriviledged)' do
|
|
ml = MockLoader.new(:windows)
|
|
# kill windows 2012 shell commands
|
|
ml.backend.backend.commands
|
|
.select { |k, _| k.start_with? 'Get-NetTCPConnection' }
|
|
.values.each { |r| r.stdout = '' }
|
|
|
|
resource = ml.load_resource('port')
|
|
resource.entries.length.must_equal 49
|
|
resource.protocols('tcp').entries.length.must_equal 34
|
|
resource.protocols('udp').entries.length.must_equal 15
|
|
end
|
|
|
|
it 'verify port on FreeBSD' do
|
|
resource = MockLoader.new(:freebsd10).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ tcp6 tcp }
|
|
_(resource.pids).must_equal [668]
|
|
_(resource.processes).must_equal ['sshd']
|
|
_(resource.addresses).must_equal ["0:0:0:0:0:0:0:0", "0.0.0.0"]
|
|
end
|
|
|
|
it 'verify port on wrlinux' do
|
|
resource = MockLoader.new(:wrlinux).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.pids).must_equal [1222]
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
_(resource.processes).must_equal ['sshd']
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
|
end
|
|
|
|
it 'verify running on undefined' do
|
|
resource = MockLoader.new(:undefined).load_resource('port', 22)
|
|
_(resource.listening?).must_equal false
|
|
_(resource.protocols).must_equal []
|
|
_(resource.pids).must_equal []
|
|
_(resource.processes).must_equal []
|
|
_(resource.addresses).must_equal []
|
|
end
|
|
|
|
it 'verify port and interface on Ubuntu 14.04' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', '0.0.0.0', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ tcp }
|
|
_(resource.pids).must_equal [1222]
|
|
_(resource.processes).must_equal ['sshd']
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
|
end
|
|
|
|
it 'verify not listening port on interface on Ubuntu 14.04' do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource('port', '127.0.0.1', 22)
|
|
_(resource.listening?).must_equal false
|
|
_(resource.addresses).must_equal []
|
|
end
|
|
|
|
it 'verify port on Solaris 10' do
|
|
resource = MockLoader.new(:solaris10).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
|
end
|
|
|
|
it 'verify port on Solaris 11' do
|
|
resource = MockLoader.new(:solaris11).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
|
end
|
|
|
|
it 'verify port on hpux' do
|
|
resource = MockLoader.new(:hpux).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
_(resource.addresses).must_equal ["0.0.0.0", "0:0:0:0:0:0:0:0" ]
|
|
end
|
|
|
|
it 'verify not listening port on hpux' do
|
|
resource = MockLoader.new(:hpux).load_resource('port', 23)
|
|
_(resource.listening?).must_equal false
|
|
_(resource.protocols).must_equal []
|
|
_(resource.addresses).must_equal []
|
|
end
|
|
|
|
it 'verify port on aix' do
|
|
resource = MockLoader.new(:aix).load_resource('port', 22)
|
|
_(resource.listening?).must_equal true
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
|
end
|
|
|
|
it 'verify not listening port on aix' do
|
|
resource = MockLoader.new(:aix).load_resource('port', 23)
|
|
_(resource.listening?).must_equal false
|
|
_(resource.protocols).must_equal []
|
|
_(resource.addresses).must_equal []
|
|
end
|
|
end
|