simplify tests

Author: chris-rock

default/serverspec/os_spec.rb

@@ -17,47 +17,29 @@
 
 require 'spec_helper'
 
-
 describe command('find / -name \'.rhosts\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-
 describe command('find / -name \'hosts.equiv\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-
 describe file('/etc/shadow') do
   it { should be_owned_by 'root' }
-end
-
-
-describe file('/etc/shadow') do
   it { should be_mode 600 }
 end
 
-
 describe command('echo $PATH | grep -ci \'\.\'') do
   its(:stdout) { should match(/^0/) }
 end
 
-
 describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_SUPATH\s+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}) }
-end
-
-
-describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_PATH\s+PATH=/usr/local/bin:/usr/bin:/bin}) }
-end
-
-
-describe file('/etc/login.defs') do
   its(:content) { should match(/^UMASK +027/) }
 end
 
-
 describe 'SUID/ SGID blacklist  check' do
   it 'found no blacklisted suid/sgid' do
     blacklist = [
@@ -93,7 +75,6 @@
   end
 end
 
-
 describe 'Unique uid' do
   it 'check for unique uids' do
     actual = command('cat /etc/passwd | cut -d \':\' -f 3').stdout.split(/\r?\n/)

default/serverspec/sysctl_spec.rb

@@ -19,27 +19,22 @@
 
 describe 'IP V4 networking' do
 
-
   context linux_kernel_parameter('net.ipv4.ip_forward') do
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.default.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do
     its(:value) { should eq 1 }
   end
@@ -48,7 +43,6 @@
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.icmp_ratelimit') do
     its(:value) { should eq 100 }
   end
@@ -61,12 +55,10 @@
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.arp_ignore') do
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.arp_announce') do
     its(:value) { should eq 2 }
   end
@@ -87,12 +79,10 @@
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.accept_source_route') do
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.default.accept_source_route') do
     its(:value) { should eq 0 }
   end
@@ -134,7 +124,6 @@
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv6.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
@@ -206,7 +195,6 @@
 
 describe 'ExecShield' do
 
-
   # check if we find the nx flag
   if command('cat /proc/cpuinfo').stdout =~ /^flags.*?:.*? nx( .*?)?$/
     true
@@ -221,7 +209,6 @@
     end
   end
 
-
   context linux_kernel_parameter('kernel.randomize_va_space') do
     its(:value) { should eq 2 }
   end

lockdown/serverspec/os_spec.rb

@@ -17,47 +17,29 @@
 
 require 'spec_helper'
 
-
 describe command('find / -name \'.rhosts\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-
 describe command('find / -name \'hosts.equiv\' | wc -l ') do
   its(:stdout) { should match(/^0/) }
 end
 
-
-describe file('/etc/shadow') do
-  it { should be_owned_by 'root' }
-end
-
-
 describe file('/etc/shadow') do
   it { should be_mode 600 }
+  it { should be_owned_by 'root' }
 end
 
-
 describe command('echo $PATH | grep -ci \'\.\'') do
   its(:stdout) { should match(/^0/) }
 end
 
-
 describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_SUPATH\s+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}) }
-end
-
-
-describe file('/etc/login.defs') do
   its(:content) { should match(%r{^ENV_PATH\s+PATH=/usr/local/bin:/usr/bin:/bin}) }
-end
-
-
-describe file('/etc/login.defs') do
   its(:content) { should match(/^UMASK +027/) }
 end
 
-
 describe 'SUID/ SGID whitelist check' do
   it 'found only whitelist suid/sgid' do
     whitelist = [
@@ -114,7 +96,6 @@
   end
 end
 
-
 describe 'Unique uid' do
   it 'check for unique uids' do
     actual = command('cat /etc/passwd | cut -d \':\' -f 3').stdout.split(/\r?\n/)

lockdown/serverspec/sysctl_spec.rb

@@ -19,27 +19,22 @@
 
 describe 'IP V4 networking' do
 
-
   context linux_kernel_parameter('net.ipv4.ip_forward') do
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.default.rp_filter') do
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.icmp_echo_ignore_broadcasts') do
     its(:value) { should eq 1 }
   end
@@ -48,7 +43,6 @@
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.icmp_ratelimit') do
     its(:value) { should eq 100 }
   end
@@ -61,12 +55,10 @@
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.arp_ignore') do
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.arp_announce') do
     its(:value) { should eq 2 }
   end
@@ -87,12 +79,10 @@
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.all.accept_source_route') do
     its(:value) { should eq 0 }
   end
 
-
   context linux_kernel_parameter('net.ipv4.conf.default.accept_source_route') do
     its(:value) { should eq 0 }
   end
@@ -134,7 +124,6 @@
     its(:value) { should eq 1 }
   end
 
-
   context linux_kernel_parameter('net.ipv6.conf.all.forwarding') do
     its(:value) { should eq 0 }
   end
@@ -198,7 +187,6 @@
 
 describe 'ExecShield' do
 
-
   # check if we find the nx flag
   if command('cat /proc/cpuinfo').return_stdout?(/^flags.*?:.*? nx( .*?)?$/)
     true
@@ -213,7 +201,6 @@
     end
   end
 
-
   context linux_kernel_parameter('kernel.randomize_va_space') do
     its(:value) { should eq 2 }
   end