From 92aad0b1dc5406f4f46e517354da60526419bcc9 Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Tue, 27 May 2014 10:45:30 +0200 Subject: [PATCH 1/4] corrected "Space missing inside" --- default/serverspec/spec_helper.rb | 1 - default/serverspec/ssh_spec.rb | 176 +++++++++++++++--------------- 2 files changed, 88 insertions(+), 89 deletions(-) diff --git a/default/serverspec/spec_helper.rb b/default/serverspec/spec_helper.rb index 6b01caf..ba9b6d3 100644 --- a/default/serverspec/spec_helper.rb +++ b/default/serverspec/spec_helper.rb @@ -9,4 +9,3 @@ c.os = backend(Serverspec::Commands::Base).check_os end end - diff --git a/default/serverspec/ssh_spec.rb b/default/serverspec/ssh_spec.rb index 7947b68..9cb7c88 100644 --- a/default/serverspec/ssh_spec.rb +++ b/default/serverspec/ssh_spec.rb @@ -35,263 +35,263 @@ describe 'check sshd_config' do describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitRootLogin no$|^PermitRootLogin without-password$/} + its(:content) { should match /^PermitRootLogin no$|^PermitRootLogin without-password$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Port [0-9]?/} + its(:content) { should match /^Port [0-9]?/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AddressFamily inet|any$/} + its(:content) { should match /^AddressFamily inet|any$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ListenAddress*/} + its(:content) { should match /^ListenAddress*/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^HostKey*/} + its(:content) { should match /^HostKey*/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Protocol 2$/} + its(:content) { should match /^Protocol 2$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^StrictModes yes$/} + its(:content) { should match /^StrictModes yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^SyslogFacility AUTH$/} + its(:content) { should match /^SyslogFacility AUTH$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^LogLevel VERBOSE$/} + its(:content) { should match /^LogLevel VERBOSE$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/} + its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(MACs hmac-ripemd160$)/} + its(:content) { should match /^(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(MACs hmac-ripemd160$)/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KexAlgorithms (diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)|(diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)$/} + its(:content) { should match /^KexAlgorithms (diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)|(diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KeyRegenerationInterval 1h$/} + its(:content) { should match /^KeyRegenerationInterval 1h$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ServerKeyBits 2048$/} + its(:content) { should match /^ServerKeyBits 2048$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^UseLogin no$/} + its(:content) { should match /^UseLogin no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^UsePrivilegeSeparation yes$/} + its(:content) { should match /^UsePrivilegeSeparation yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitUserEnvironment no$/} + its(:content) { should match /^PermitUserEnvironment no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^LoginGraceTime 30s$/} + its(:content) { should match /^LoginGraceTime 30s$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxAuthTries 2$/} + its(:content) { should match /^MaxAuthTries 2$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxSessions 10$/} + its(:content) { should match /^MaxSessions 10$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxStartups 10:30:100$/} + its(:content) { should match /^MaxStartups 10:30:100$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^RSAAuthentication yes$/} + its(:content) { should match /^RSAAuthentication yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PubkeyAuthentication yes$/} + its(:content) { should match /^PubkeyAuthentication yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^IgnoreRhosts yes$/} + its(:content) { should match /^IgnoreRhosts yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^IgnoreUserKnownHosts yes$/} + its(:content) { should match /^IgnoreUserKnownHosts yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^RhostsRSAAuthentication no$/} + its(:content) { should match /^RhostsRSAAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^HostbasedAuthentication no$/} + its(:content) { should match /^HostbasedAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PasswordAuthentication no$/} + its(:content) { should match /^PasswordAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitEmptyPasswords no$/} + its(:content) { should match /^PermitEmptyPasswords no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ChallengeResponseAuthentication no$/} + its(:content) { should match /^ChallengeResponseAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosAuthentication no$/} + its(:content) { should match /^KerberosAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosOrLocalPasswd no$/} + its(:content) { should match /^KerberosOrLocalPasswd no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosTicketCleanup yes$/} + its(:content) { should match /^KerberosTicketCleanup yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#KerberosGetAFSToken no$/} + its(:content) { should match /^#KerberosGetAFSToken no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GSSAPIAuthentication no$/} + its(:content) { should match /^GSSAPIAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GSSAPICleanupCredentials yes$/} + its(:content) { should match /^GSSAPICleanupCredentials yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#DenyUsers \*$/} + its(:content) { should match /^#DenyUsers \*$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowUsers user1$/} + its(:content) { should match /^#AllowUsers user1$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#DenyGroups \*$/} + its(:content) { should match /^#DenyGroups \*$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowGroups group1$/} + its(:content) { should match /^#AllowGroups group1$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^TCPKeepAlive no$/} + its(:content) { should match /^TCPKeepAlive no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ClientAliveInterval 600$/} + its(:content) { should match /^ClientAliveInterval 600$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ClientAliveCountMax 3$/} + its(:content) { should match /^ClientAliveCountMax 3$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitTunnel no$/} + its(:content) { should match /^PermitTunnel no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AllowTcpForwarding no$/} + its(:content) { should match /^AllowTcpForwarding no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AllowAgentForwarding no$/} + its(:content) { should match /^AllowAgentForwarding no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GatewayPorts no$/} + its(:content) { should match /^GatewayPorts no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^X11Forwarding no$/} + its(:content) { should match /^X11Forwarding no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^X11UseLocalhost yes$/} + its(:content) { should match /^X11UseLocalhost yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PrintMotd no$/} + its(:content) { should match /^PrintMotd no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PrintLastLog no$/} + its(:content) { should match /^PrintLastLog no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Banner \/etc\/ssh\/banner\.txt$/} + its(:content) { should match /^#Banner \/etc\/ssh\/banner\.txt$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#UseDNS yes$/} + its(:content) { should match /^#UseDNS yes$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PidFile \/var\/run\/sshd\.pid$/} + its(:content) { should match /^#PidFile \/var\/run\/sshd\.pid$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#MaxStartups 10$/} + its(:content) { should match /^#MaxStartups 10$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory none$/} + its(:content) { should match /^#ChrootDirectory none$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory \/home\/\%u$/} + its(:content) { should match /^#ChrootDirectory \/home\/\%u$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Subsystem sftp internal-sftp -l VERBOSE$/} + its(:content) { should match /^#Subsystem sftp internal-sftp -l VERBOSE$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Match Group sftponly$/} + its(:content) { should match /^#Match Group sftponly$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ForceCommand internal-sftp -l VERBOSE$/} + its(:content) { should match /^#ForceCommand internal-sftp -l VERBOSE$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory \/sftpchroot\/home\/\%u$/} + its(:content) { should match /^#ChrootDirectory \/sftpchroot\/home\/\%u$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowTcpForwarding no$/} + its(:content) { should match /^#AllowTcpForwarding no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PasswordAuthentication no$/} + its(:content) { should match /^#PasswordAuthentication no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PermitRootLogin no$/} + its(:content) { should match /^#PermitRootLogin no$/ } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#X11Forwarding no$/} + its(:content) { should match /^#X11Forwarding no$/ } end end @@ -299,95 +299,95 @@ describe 'check ssh_config' do describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^AddressFamily inet|any$/} + its(:content) { should match /^AddressFamily inet|any$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Host/} + its(:content) { should match /^Host/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Port [0-9]?/} + its(:content) { should match /^Port [0-9]?/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Protocol 2$/} + its(:content) { should match /^Protocol 2$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^BatchMode no$/} + its(:content) { should match /^BatchMode no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^CheckHostIP yes$/} + its(:content) { should match /^CheckHostIP yes$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^StrictHostKeyChecking ask$/} + its(:content) { should match /^StrictHostKeyChecking ask$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/} + its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^MACs (hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(hmac-ripemd160$)/} + its(:content) { should match /^MACs (hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(hmac-ripemd160$)/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^KexAlgorithms (ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256)|(ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)$/} + its(:content) { should match /^KexAlgorithms (ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256)|(ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^ForwardAgent no$/} + its(:content) { should match /^ForwardAgent no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^ForwardX11 no$/} + its(:content) { should match /^ForwardX11 no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^HostbasedAuthentication no$/} + its(:content) { should match /^HostbasedAuthentication no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^RhostsRSAAuthentication no$/} + its(:content) { should match /^RhostsRSAAuthentication no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^RSAAuthentication yes$/} + its(:content) { should match /^RSAAuthentication yes$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^PasswordAuthentication no$/} + its(:content) { should match /^PasswordAuthentication no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^GSSAPIAuthentication no$/} + its(:content) { should match /^GSSAPIAuthentication no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^GSSAPIDelegateCredentials no$/} + its(:content) { should match /^GSSAPIDelegateCredentials no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Tunnel no$/} + its(:content) { should match /^Tunnel no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^PermitLocalCommand no$/} + its(:content) { should match /^PermitLocalCommand no$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Compression yes$/} + its(:content) { should match /^Compression yes$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^#EscapeChar ~$/} + its(:content) { should match /^#EscapeChar ~$/ } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^#VisualHostKey yes$/} + its(:content) { should match /^#VisualHostKey yes$/ } end end From 0b3a6acfae1aa77f5709cc8a9203a69e4ebe2aa5 Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Tue, 27 May 2014 10:53:32 +0200 Subject: [PATCH 2/4] fix intendation --- default/serverspec/ssh_spec.rb | 566 ++++++++++++++++----------------- 1 file changed, 283 insertions(+), 283 deletions(-) diff --git a/default/serverspec/ssh_spec.rb b/default/serverspec/ssh_spec.rb index 9cb7c88..c89dc0e 100644 --- a/default/serverspec/ssh_spec.rb +++ b/default/serverspec/ssh_spec.rb @@ -1,393 +1,393 @@ require 'spec_helper' RSpec.configure do |c| - c.filter_run_excluding :skipOn => backend(Serverspec::Commands::Base).check_os[:family] + c.filter_run_excluding :skipOn => backend(Serverspec::Commands::Base).check_os[:family] end describe 'SSH owner, group and permissions' do - describe file('/etc/ssh') do - it { should be_directory } - end + describe file('/etc/ssh') do + it { should be_directory } + end - describe file('/etc/ssh') do - it { should be_owned_by 'root' } - end + describe file('/etc/ssh') do + it { should be_owned_by 'root' } + end - describe file('/etc/ssh') do - it { should be_mode 555 } - end + describe file('/etc/ssh') do + it { should be_mode 555 } + end - describe file('/etc/ssh/sshd_config') do - it { should be_owned_by 'root' } - end + describe file('/etc/ssh/sshd_config') do + it { should be_owned_by 'root' } + end - describe file('/etc/ssh/sshd_config') do - it { should be_mode 400 } - end + describe file('/etc/ssh/sshd_config') do + it { should be_mode 400 } + end - describe file('/etc/ssh/ssh_config') do - it { should be_mode 444 } - end + describe file('/etc/ssh/ssh_config') do + it { should be_mode 444 } + end end describe 'check sshd_config' do - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitRootLogin no$|^PermitRootLogin without-password$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PermitRootLogin no$|^PermitRootLogin without-password$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Port [0-9]?/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^Port [0-9]?/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AddressFamily inet|any$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^AddressFamily inet|any$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ListenAddress*/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^ListenAddress*/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^HostKey*/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^HostKey*/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Protocol 2$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^Protocol 2$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^StrictModes yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^StrictModes yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^SyslogFacility AUTH$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^SyslogFacility AUTH$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^LogLevel VERBOSE$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^LogLevel VERBOSE$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(MACs hmac-ripemd160$)/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(MACs hmac-ripemd160$)/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KexAlgorithms (diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)|(diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^KexAlgorithms (diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)|(diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KeyRegenerationInterval 1h$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^KeyRegenerationInterval 1h$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ServerKeyBits 2048$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^ServerKeyBits 2048$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^UseLogin no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^UseLogin no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^UsePrivilegeSeparation yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^UsePrivilegeSeparation yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitUserEnvironment no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PermitUserEnvironment no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^LoginGraceTime 30s$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^LoginGraceTime 30s$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxAuthTries 2$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^MaxAuthTries 2$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxSessions 10$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^MaxSessions 10$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxStartups 10:30:100$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^MaxStartups 10:30:100$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^RSAAuthentication yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^RSAAuthentication yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PubkeyAuthentication yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PubkeyAuthentication yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^IgnoreRhosts yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^IgnoreRhosts yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^IgnoreUserKnownHosts yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^IgnoreUserKnownHosts yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^RhostsRSAAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^RhostsRSAAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^HostbasedAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^HostbasedAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PasswordAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PasswordAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitEmptyPasswords no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PermitEmptyPasswords no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ChallengeResponseAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^ChallengeResponseAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^KerberosAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosOrLocalPasswd no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^KerberosOrLocalPasswd no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosTicketCleanup yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^KerberosTicketCleanup yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#KerberosGetAFSToken no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#KerberosGetAFSToken no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GSSAPIAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^GSSAPIAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GSSAPICleanupCredentials yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^GSSAPICleanupCredentials yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#DenyUsers \*$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#DenyUsers \*$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowUsers user1$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#AllowUsers user1$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#DenyGroups \*$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#DenyGroups \*$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowGroups group1$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#AllowGroups group1$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^TCPKeepAlive no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^TCPKeepAlive no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ClientAliveInterval 600$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^ClientAliveInterval 600$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ClientAliveCountMax 3$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^ClientAliveCountMax 3$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitTunnel no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PermitTunnel no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AllowTcpForwarding no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^AllowTcpForwarding no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AllowAgentForwarding no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^AllowAgentForwarding no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GatewayPorts no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^GatewayPorts no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^X11Forwarding no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^X11Forwarding no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^X11UseLocalhost yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^X11UseLocalhost yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PrintMotd no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PrintMotd no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PrintLastLog no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^PrintLastLog no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Banner \/etc\/ssh\/banner\.txt$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#Banner \/etc\/ssh\/banner\.txt$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#UseDNS yes$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#UseDNS yes$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PidFile \/var\/run\/sshd\.pid$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#PidFile \/var\/run\/sshd\.pid$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#MaxStartups 10$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#MaxStartups 10$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory none$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#ChrootDirectory none$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory \/home\/\%u$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#ChrootDirectory \/home\/\%u$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Subsystem sftp internal-sftp -l VERBOSE$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#Subsystem sftp internal-sftp -l VERBOSE$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Match Group sftponly$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#Match Group sftponly$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ForceCommand internal-sftp -l VERBOSE$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#ForceCommand internal-sftp -l VERBOSE$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory \/sftpchroot\/home\/\%u$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#ChrootDirectory \/sftpchroot\/home\/\%u$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowTcpForwarding no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#AllowTcpForwarding no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PasswordAuthentication no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#PasswordAuthentication no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PermitRootLogin no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#PermitRootLogin no$/ } + end - describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#X11Forwarding no$/ } - end + describe file('/etc/ssh/sshd_config') do + its(:content) { should match /^#X11Forwarding no$/ } + end end describe 'check ssh_config' do - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^AddressFamily inet|any$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^AddressFamily inet|any$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Host/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^Host/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Port [0-9]?/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^Port [0-9]?/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Protocol 2$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^Protocol 2$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^BatchMode no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^BatchMode no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^CheckHostIP yes$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^CheckHostIP yes$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^StrictHostKeyChecking ask$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^StrictHostKeyChecking ask$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^MACs (hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(hmac-ripemd160$)/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^MACs (hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(hmac-ripemd160$)/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^KexAlgorithms (ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256)|(ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^KexAlgorithms (ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256)|(ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^ForwardAgent no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^ForwardAgent no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^ForwardX11 no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^ForwardX11 no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^HostbasedAuthentication no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^HostbasedAuthentication no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^RhostsRSAAuthentication no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^RhostsRSAAuthentication no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^RSAAuthentication yes$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^RSAAuthentication yes$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^PasswordAuthentication no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^PasswordAuthentication no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^GSSAPIAuthentication no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^GSSAPIAuthentication no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^GSSAPIDelegateCredentials no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^GSSAPIDelegateCredentials no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Tunnel no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^Tunnel no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^PermitLocalCommand no$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^PermitLocalCommand no$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Compression yes$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^Compression yes$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^#EscapeChar ~$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^#EscapeChar ~$/ } + end - describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^#VisualHostKey yes$/ } - end + describe file('/etc/ssh/ssh_config') do + its(:content) { should match /^#VisualHostKey yes$/ } + end end From 8c9ac66350954fae31557306272903690c4a7fc5 Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Tue, 27 May 2014 11:02:14 +0200 Subject: [PATCH 3/4] fix ambiguous regexp --- default/serverspec/ssh_spec.rb | 176 ++++++++++++++++----------------- 1 file changed, 88 insertions(+), 88 deletions(-) diff --git a/default/serverspec/ssh_spec.rb b/default/serverspec/ssh_spec.rb index c89dc0e..1a9db42 100644 --- a/default/serverspec/ssh_spec.rb +++ b/default/serverspec/ssh_spec.rb @@ -35,263 +35,263 @@ describe 'check sshd_config' do describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitRootLogin no$|^PermitRootLogin without-password$/ } + its(:content) { should match(/^PermitRootLogin no$|^PermitRootLogin without-password$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Port [0-9]?/ } + its(:content) { should match(/^Port [0-9]?/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AddressFamily inet|any$/ } + its(:content) { should match(/^AddressFamily inet|any$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ListenAddress*/ } + its(:content) { should match(/^ListenAddress*/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^HostKey*/ } + its(:content) { should match(/^HostKey*/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Protocol 2$/ } + its(:content) { should match(/^Protocol 2$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^StrictModes yes$/ } + its(:content) { should match(/^StrictModes yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^SyslogFacility AUTH$/ } + its(:content) { should match(/^SyslogFacility AUTH$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^LogLevel VERBOSE$/ } + its(:content) { should match(/^LogLevel VERBOSE$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } + its(:content) { should match(/^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(MACs hmac-ripemd160$)/ } + its(:content) { should match(/^(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(MACs hmac-ripemd160$)/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KexAlgorithms (diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)|(diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)$/ } + its(:content) { should match(/^KexAlgorithms (diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)|(diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KeyRegenerationInterval 1h$/ } + its(:content) { should match(/^KeyRegenerationInterval 1h$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ServerKeyBits 2048$/ } + its(:content) { should match(/^ServerKeyBits 2048$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^UseLogin no$/ } + its(:content) { should match(/^UseLogin no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^UsePrivilegeSeparation yes$/ } + its(:content) { should match(/^UsePrivilegeSeparation yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitUserEnvironment no$/ } + its(:content) { should match(/^PermitUserEnvironment no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^LoginGraceTime 30s$/ } + its(:content) { should match(/^LoginGraceTime 30s$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxAuthTries 2$/ } + its(:content) { should match(/^MaxAuthTries 2$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxSessions 10$/ } + its(:content) { should match(/^MaxSessions 10$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^MaxStartups 10:30:100$/ } + its(:content) { should match(/^MaxStartups 10:30:100$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^RSAAuthentication yes$/ } + its(:content) { should match(/^RSAAuthentication yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PubkeyAuthentication yes$/ } + its(:content) { should match(/^PubkeyAuthentication yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^IgnoreRhosts yes$/ } + its(:content) { should match(/^IgnoreRhosts yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^IgnoreUserKnownHosts yes$/ } + its(:content) { should match(/^IgnoreUserKnownHosts yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^RhostsRSAAuthentication no$/ } + its(:content) { should match(/^RhostsRSAAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^HostbasedAuthentication no$/ } + its(:content) { should match(/^HostbasedAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PasswordAuthentication no$/ } + its(:content) { should match(/^PasswordAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitEmptyPasswords no$/ } + its(:content) { should match(/^PermitEmptyPasswords no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ChallengeResponseAuthentication no$/ } + its(:content) { should match(/^ChallengeResponseAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosAuthentication no$/ } + its(:content) { should match(/^KerberosAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosOrLocalPasswd no$/ } + its(:content) { should match(/^KerberosOrLocalPasswd no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^KerberosTicketCleanup yes$/ } + its(:content) { should match(/^KerberosTicketCleanup yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#KerberosGetAFSToken no$/ } + its(:content) { should match(/^#KerberosGetAFSToken no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GSSAPIAuthentication no$/ } + its(:content) { should match(/^GSSAPIAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GSSAPICleanupCredentials yes$/ } + its(:content) { should match(/^GSSAPICleanupCredentials yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#DenyUsers \*$/ } + its(:content) { should match(/^#DenyUsers \*$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowUsers user1$/ } + its(:content) { should match(/^#AllowUsers user1$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#DenyGroups \*$/ } + its(:content) { should match(/^#DenyGroups \*$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowGroups group1$/ } + its(:content) { should match(/^#AllowGroups group1$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^TCPKeepAlive no$/ } + its(:content) { should match(/^TCPKeepAlive no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ClientAliveInterval 600$/ } + its(:content) { should match(/^ClientAliveInterval 600$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^ClientAliveCountMax 3$/ } + its(:content) { should match(/^ClientAliveCountMax 3$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PermitTunnel no$/ } + its(:content) { should match(/^PermitTunnel no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AllowTcpForwarding no$/ } + its(:content) { should match(/^AllowTcpForwarding no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^AllowAgentForwarding no$/ } + its(:content) { should match(/^AllowAgentForwarding no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^GatewayPorts no$/ } + its(:content) { should match(/^GatewayPorts no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^X11Forwarding no$/ } + its(:content) { should match(/^X11Forwarding no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^X11UseLocalhost yes$/ } + its(:content) { should match(/^X11UseLocalhost yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PrintMotd no$/ } + its(:content) { should match(/^PrintMotd no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^PrintLastLog no$/ } + its(:content) { should match(/^PrintLastLog no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Banner \/etc\/ssh\/banner\.txt$/ } + its(:content) { should match(/^#Banner \/etc\/ssh\/banner\.txt$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#UseDNS yes$/ } + its(:content) { should match(/^#UseDNS yes$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PidFile \/var\/run\/sshd\.pid$/ } + its(:content) { should match(/^#PidFile \/var\/run\/sshd\.pid$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#MaxStartups 10$/ } + its(:content) { should match(/^#MaxStartups 10$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory none$/ } + its(:content) { should match(/^#ChrootDirectory none$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory \/home\/\%u$/ } + its(:content) { should match(/^#ChrootDirectory \/home\/\%u$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Subsystem sftp internal-sftp -l VERBOSE$/ } + its(:content) { should match(/^#Subsystem sftp internal-sftp -l VERBOSE$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#Match Group sftponly$/ } + its(:content) { should match(/^#Match Group sftponly$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ForceCommand internal-sftp -l VERBOSE$/ } + its(:content) { should match(/^#ForceCommand internal-sftp -l VERBOSE$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#ChrootDirectory \/sftpchroot\/home\/\%u$/ } + its(:content) { should match(/^#ChrootDirectory \/sftpchroot\/home\/\%u$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#AllowTcpForwarding no$/ } + its(:content) { should match(/^#AllowTcpForwarding no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PasswordAuthentication no$/ } + its(:content) { should match(/^#PasswordAuthentication no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#PermitRootLogin no$/ } + its(:content) { should match(/^#PermitRootLogin no$/) } end describe file('/etc/ssh/sshd_config') do - its(:content) { should match /^#X11Forwarding no$/ } + its(:content) { should match(/^#X11Forwarding no$/) } end end @@ -299,95 +299,95 @@ describe 'check ssh_config' do describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^AddressFamily inet|any$/ } + its(:content) { should match(/^AddressFamily inet|any$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Host/ } + its(:content) { should match(/^Host/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Port [0-9]?/ } + its(:content) { should match(/^Port [0-9]?/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Protocol 2$/ } + its(:content) { should match(/^Protocol 2$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^BatchMode no$/ } + its(:content) { should match(/^BatchMode no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^CheckHostIP yes$/ } + its(:content) { should match(/^CheckHostIP yes$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^StrictHostKeyChecking ask$/ } + its(:content) { should match(/^StrictHostKeyChecking ask$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/ } + its(:content) { should match(/^Ciphers (aes128-ctr,aes256-ctr,aes192-ctr)|(aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc)$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^MACs (hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(hmac-ripemd160$)/ } + its(:content) { should match(/^MACs (hmac-sha2-256,hmac-sha2-512,hmac-ripemd160)|(hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1)|(hmac-ripemd160$)/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^KexAlgorithms (ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256)|(ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)$/ } + its(:content) { should match(/^KexAlgorithms (ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256)|(ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^ForwardAgent no$/ } + its(:content) { should match(/^ForwardAgent no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^ForwardX11 no$/ } + its(:content) { should match(/^ForwardX11 no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^HostbasedAuthentication no$/ } + its(:content) { should match(/^HostbasedAuthentication no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^RhostsRSAAuthentication no$/ } + its(:content) { should match(/^RhostsRSAAuthentication no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^RSAAuthentication yes$/ } + its(:content) { should match(/^RSAAuthentication yes$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^PasswordAuthentication no$/ } + its(:content) { should match(/^PasswordAuthentication no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^GSSAPIAuthentication no$/ } + its(:content) { should match(/^GSSAPIAuthentication no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^GSSAPIDelegateCredentials no$/ } + its(:content) { should match(/^GSSAPIDelegateCredentials no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Tunnel no$/ } + its(:content) { should match(/^Tunnel no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^PermitLocalCommand no$/ } + its(:content) { should match(/^PermitLocalCommand no$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^Compression yes$/ } + its(:content) { should match(/^Compression yes$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^#EscapeChar ~$/ } + its(:content) { should match(/^#EscapeChar ~$/) } end describe file('/etc/ssh/ssh_config') do - its(:content) { should match /^#VisualHostKey yes$/ } + its(:content) { should match(/^#VisualHostKey yes$/) } end end From 0af42da96426c9eb49c4bf45cc59fef6bfe03ede Mon Sep 17 00:00:00 2001 From: Edmund Haselwanter Date: Tue, 27 May 2014 12:11:53 +0200 Subject: [PATCH 4/4] Use %r for regular expressions matching more than 1 '/' character. --- default/serverspec/ssh_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/default/serverspec/ssh_spec.rb b/default/serverspec/ssh_spec.rb index 1a9db42..2d87694 100644 --- a/default/serverspec/ssh_spec.rb +++ b/default/serverspec/ssh_spec.rb @@ -239,7 +239,7 @@ end describe file('/etc/ssh/sshd_config') do - its(:content) { should match(/^#Banner \/etc\/ssh\/banner\.txt$/) } + its(:content) { should match(%r(^#Banner /etc/ssh/banner\.txt$)) } end describe file('/etc/ssh/sshd_config') do @@ -247,7 +247,7 @@ end describe file('/etc/ssh/sshd_config') do - its(:content) { should match(/^#PidFile \/var\/run\/sshd\.pid$/) } + its(:content) { should match(%r(^#PidFile /var/run/sshd\.pid$)) } end describe file('/etc/ssh/sshd_config') do @@ -259,7 +259,7 @@ end describe file('/etc/ssh/sshd_config') do - its(:content) { should match(/^#ChrootDirectory \/home\/\%u$/) } + its(:content) { should match(%r(^#ChrootDirectory /home/\%u$)) } end describe file('/etc/ssh/sshd_config') do @@ -275,7 +275,7 @@ end describe file('/etc/ssh/sshd_config') do - its(:content) { should match(/^#ChrootDirectory \/sftpchroot\/home\/\%u$/) } + its(:content) { should match(%r(^#ChrootDirectory /sftpchroot/home/\%u$)) } end describe file('/etc/ssh/sshd_config') do