From 4facac64df15283870ec5d57df4e862c39cf2b8d Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Sat, 12 Oct 2019 04:51:10 +0100 Subject: [PATCH] test(inspec): add tests for packages, config files & services --- .../default/controls/config_spec.rb | 95 +++++++++++++++++++ .../default/controls/packages_spec.rb | 57 +++++++++++ .../default/controls/services_spec.rb | 22 +++++ 3 files changed, 174 insertions(+) create mode 100644 test/integration/default/controls/config_spec.rb create mode 100644 test/integration/default/controls/packages_spec.rb create mode 100644 test/integration/default/controls/services_spec.rb diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb new file mode 100644 index 00000000..5ac4967f --- /dev/null +++ b/test/integration/default/controls/config_spec.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: true + +control 'zabbix agent configuration' do + title 'should match desired lines' + + describe file('/etc/zabbix/zabbix_agentd.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + its('content') { should include 'Server=localhost' } + its('content') { should include 'ListenPort=10050' } + its('content') { should include 'ListenIP=0.0.0.0' } + its('content') { should include 'ServerActive=localhost' } + its('content') do + should include( + 'HostMetadata=c9767034-22c6-4d3d-a886-5fcaf1386b77' + ) + end + its('content') { should include 'Include=/etc/zabbix/zabbix_agentd.d/' } + its('content') do + should include( + 'UserParameter=net.ping[*],/usr/bin/fping -q -c3 $1 2>&1 | '\ + 'sed \'s,.*/\([0-9.]*\)/.*,\1,\'' + ) + end + its('content') do + should include( + 'UserParameter=custom.vfs.dev.discovery,/usr/local/bin/dev-discovery.sh' + ) + end + end +end + +control 'zabbix server configuration' do + title 'should match desired lines' + + server_file_group = 'zabbix' + server_file_mode = '0640' + setting_dbsocket = '/var/lib/mysql/mysql.sock' + case platform[:family] + when 'debian' + server_file_group = 'root' + server_file_mode = '0644' + setting_dbsocket = '/var/run/mysqld/mysqld.sock' + when 'fedora' + server_file_group = 'zabbixsrv' + end + + # TODO: Conditional content to consider for inclusion below + # 'ExternalScripts=/usr/lib/zabbix/externalscripts' (fedora only) + # 'FpingLocation=/usr/sbin/fping' (not debian) + # 'Fping6Location=/usr/sbin/fping6' (not debian) + + # Note: The file below is a symlink to `/etc/zabbix_server.conf` on Fedora + describe file('/etc/zabbix/zabbix_server.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into server_file_group } + its('mode') { should cmp server_file_mode } + its('content') { should include 'ListenPort=10051' } + its('content') { should include '# Mandatory: no' } + its('content') { should include 'DBHost=localhost' } + its('content') { should include '# Database user. Ignored for SQLite.' } + its('content') { should include 'DBUser=zabbixuser' } + its('content') { should include 'DBPassword=zabbixpass' } + its('content') { should include setting_dbsocket } + its('content') { should include 'ListenIP=0.0.0.0' } + end +end + +control 'zabbix web configuration' do + title 'should match desired lines' + + describe file('/etc/zabbix/web/zabbix.conf.php') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + its('content') { should include 'global $DB;' } + its('content') { should match(/\$DB\["TYPE"\].*=.*\'MYSQL\';/) } + its('content') { should match(/\$DB\["SERVER"\].*=.*\'localhost';/) } + its('content') { should match(/\$DB\["PORT"\].*=.*\'0\';/) } + its('content') { should match(/\$DB\["DATABASE"\].*=.*\'zabbix\';/) } + its('content') { should match(/\$DB\["USER"\].*=.*\'zabbixuser\';/) } + its('content') { should match(/\$DB\["PASSWORD"\].*=.*\'zabbixpass\';/) } + its('content') { should match(/\$DB\["SCHEMA"\].*=.*\'\';/) } + its('content') { should match(/\$ZBX_SERVER.*=.*\'localhost\';/) } + its('content') { should match(/\$ZBX_SERVER_PORT.*=.*\'10051\';/) } + its('content') do + should match(/\$ZBX_SERVER_NAME.*=.*\'Zabbix installed with saltstack\';/) + end + its('content') { should match(/\$IMAGE_FORMAT_DEFAULT.*=.*IMAGE_FORMAT_PNG;/) } + end +end diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb new file mode 100644 index 00000000..d098ab18 --- /dev/null +++ b/test/integration/default/controls/packages_spec.rb @@ -0,0 +1,57 @@ +# frozen_string_literal: true + +pkg_agent = 'zabbix-agent' +pkg_server = 'zabbix-server-mysql' +pkg_web = + case platform[:family] + when 'debian' + 'zabbix-frontend-php' + else + 'zabbix-web-mysql' + end +version = + case platform[:name] + when 'debian' + if os[:release].start_with?('10') + '1:4.4.0-1+buster' + elsif os[:release].start_with?('9') + '1:4.4.0-1+stretch' + elsif os[:release].start_with?('8') + '1:4.4.0-1+jessie' + end + when 'ubuntu' + if os[:release].start_with?('18') + '1:4.4.0-1+bionic' + elsif os[:release].start_with?('16') + '1:4.4.0-1+xenial' + end + when 'centos' + if os[:release].start_with?('8') + '4.4.0-1.el8' + elsif os[:release].start_with?('7') + '4.4.0-1.el7' + elsif os[:release].start_with?('6') + '4.4.0-1.el6' + end + when 'fedora' + if os[:release].start_with?('30') + '4.0.11-1.fc30' + elsif os[:release].start_with?('29') + '3.0.28-1.fc29' + end + end + +control 'zabbix packages' do + title 'should be installed' + + [ + pkg_agent, + pkg_server, + pkg_web + ].each do |p| + describe package(p) do + it { should be_installed } + its('version') { should eq version } + end + end +end diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb new file mode 100644 index 00000000..e2ff29bc --- /dev/null +++ b/test/integration/default/controls/services_spec.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +control 'zabbix service' do + impact 0.5 + title 'should be running and enabled' + + # Note: Checking the service for `zabbix-server` is not working yet on Fedora + services = + case platform[:name] + when 'fedora' + %w[zabbix-agent] + else + %w[zabbix-agent zabbix-server] + end + + services.each do |s| + describe service(s) do + it { should be_enabled } + it { should be_running } + end + end +end