added additional test (find rhosts-files, check /etc/shadow owner and rights, check PATH variable, check umask)

Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
2024-11-22 19:23:02 +00:00 · 2014-07-09 10:22:48 +02:00 · 2014-07-09 10:22:48 +02:00 · 0b7986100b
commit 0b7986100b
parent ebe8e86604
1 changed files with 40 additions and 0 deletions
--- a/default/serverspec/sysctl_spec.rb
+++ b/default/serverspec/sysctl_spec.rb
@ -207,3 +207,43 @@ describe 'ExecShield' do
    its(:value) { should eq 2 }
  end
 end
+
+# GIS: Req 3.21-4
+describe command('find / -name \'.rhosts\' | wc -l ') do
+  its(:stdout) { should match /0/ }
+end
+
+# GIS: Req 3.21-4
+describe command('find / -name \'hosts.equiv\' | wc -l ') do
+  its(:stdout) { should match /0/ }
+end
+
+# GIS: Req 3.21-7
+describe file('/etc/shadow') do
+  it { should be_owned_by 'root' }
+end
+
+# GIS: Req 3.21-7
+describe file('/etc/shadow') do
+  it { should be_mode 600 }
+end
+
+# GIS: Req 3.21-8
+describe command('echo $PATH | grep -ci \'\.\'') do
+  its(:stdout) { should match /0/ }
+end
+
+# GIS: Req 3.21-8
+describe file('/etc/login.defs') do
+  its(:content) { should match /^ENV_SUPATH\s+PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:/ }
+end
+
+# GIS: Req 3.21-8
+describe file('/etc/login.defs') do
+  its(:content) { should match /^ENV_PATH\s+PATH=\/usr\/local\/bin:\/usr\/bin:\/bin:/ }
+end
+
+# GIS: Req 3.21-10
+describe file('/etc/login.defs') do
+  its(:content) { should match /^UMASK +027/ }
+end