forked from mizzy/serverspec
/
solaris.rb
110 lines (94 loc) · 3.47 KB
/
solaris.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
module Serverspec
module Commands
class Solaris < Base
def check_enabled(service, level=3)
"svcs -l #{escape(service)} 2> /dev/null | egrep '^enabled *true$'"
end
def check_installed(package, version=nil)
cmd = "pkg list -H #{escape(package)} 2> /dev/null"
if version
cmd = "#{cmd} | grep -qw -- #{escape(version)}"
end
cmd
end
def check_listening(port)
regexp = "\.#{port} "
"netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- #{escape(regexp)}"
end
def check_running(service)
"svcs -l #{escape(service)} status 2> /dev/null | egrep '^state *online$'"
end
def check_cron_entry(user, entry)
entry_escaped = entry.gsub(/\*/, '\\*')
if user.nil?
"crontab -l | grep -- #{escape(entry_escaped)}"
else
"crontab -l #{escape(user)} | grep -- #{escape(entry_escaped)}"
end
end
def check_zfs(zfs, property=nil)
if property.nil?
"zfs list -H #{escape(zfs)}"
else
commands = []
property.sort.each do |key, value|
regexp = "^#{value}$"
commands << "zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
end
commands.join(' && ')
end
end
def check_ipfilter_rule(rule)
"ipfstat -io 2> /dev/null | grep -- #{escape(rule)}"
end
def check_ipnat_rule(rule)
regexp = "^#{rule}$"
"ipnat -l 2> /dev/null | grep -- #{escape(regexp)}"
end
def check_svcprop(svc, property, value)
regexp = "^#{value}$"
"svcprop -p #{escape(property)} #{escape(svc)} | grep -- #{escape(regexp)}"
end
def check_svcprops(svc, property)
commands = []
property.sort.each do |key, value|
regexp = "^#{value}$"
commands << "svcprop -p #{escape(key)} #{escape(svc)} | grep -- #{escape(regexp)}"
end
commands.join(' && ')
end
def check_file_contain_within(file, expected_pattern, from=nil, to=nil)
from ||= '1'
to ||= '$'
checker = check_file_contain("/dev/stdin", expected_pattern)
"sed -n #{escape(from)},#{escape(to)}p #{escape(file)} | #{checker}"
end
def check_belonging_group(user, group)
"id -Gn #{escape(user)} | grep -- #{escape(group)}"
end
def check_gid(group, gid)
regexp = "^#{group}:"
"getent group | grep -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
end
def check_home_directory(user, path_to_home)
"getent passwd #{escape(user)} | cut -f 6 -d ':' | grep -w -- #{escape(path_to_home)}"
end
def check_login_shell(user, path_to_shell)
"getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
end
def check_access_by_user(file, user, access)
# http://docs.oracle.com/cd/E23823_01/html/816-5166/su-1m.html
## No need for login shell as it seems that behavior as superuser is favorable for us, but needs
## to be better tested under real solaris env
"su #{user} -c \"test -#{access} #{file}\""
end
def check_reachable(host, port, proto, timeout)
if port.nil?
"ping -n #{escape(host)} #{escape(timeout)}"
else
"nc -vvvvz#{escape(proto[0].chr)} -w #{escape(timeout)} #{escape(host)} #{escape(port)}"
end
end
end
end
end