diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 5a3a3de4..2a993fcd 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -295,77 +295,76 @@ class { 'fail2ban': end end - # rubocop:enable RSpec/MultipleExpectations context 'when overriding default port configuration' do before(:all) do pp = <<-EOS class { 'fail2ban': } EOS - yaml = <<-EOS -fail2ban::jails_config: - ssh: - port: 'ssh,2200' - dropbear: - port: 'ssh,2201' - selinux-ssh: - port: 'ssh,2202' - apache-auth: - port: '80,443' - apache-badbots: - port: '80,443' - apache-noscript: - port: '80,443' - apache-overflows: - port: '80,443' - apache-nohome: - port: '80,443' - apache-botsearch: - port: '80,443' - apache-fakegooglebot: - port: '80,443' - apache-modsecurity: - port: '80,443' - apache-shellshock: - port: '80,443' - nginx-http-auth: - port: '80,443' - nginx-limit-req: - port: '80,443' - nginx-botsearch: - port: '80,443' - php-url-fopen: - port: '80,443' - suhosin: - port: '80,443' - lighttpd-auth: - port: '80,443' - roundcube-auth: - port: '80,443' - openwebmail: - port: '80,443' - horde: - port: '80,443' - groupoffice: - port: '80,443' - sogo-auth: - port: '80,443' - tine20: - port: '80,443' - drupal-auth: - port: '80,443' - guacamole: - port: '80,443' - monit: - port: '2811' - webmin-auth: - port: '10001' - froxlor-auth: - port: '80,443' - squid: - port: '3128' - 3proxy: - port: '3129' -EOS + yaml = <<~EOS + fail2ban::jails_config: + ssh: + port: 'ssh,2200' + dropbear: + port: 'ssh,2201' + selinux-ssh: + port: 'ssh,2202' + apache-auth: + port: '80,443' + apache-badbots: + port: '80,443' + apache-noscript: + port: '80,443' + apache-overflows: + port: '80,443' + apache-nohome: + port: '80,443' + apache-botsearch: + port: '80,443' + apache-fakegooglebot: + port: '80,443' + apache-modsecurity: + port: '80,443' + apache-shellshock: + port: '80,443' + nginx-http-auth: + port: '80,443' + nginx-limit-req: + port: '80,443' + nginx-botsearch: + port: '80,443' + php-url-fopen: + port: '80,443' + suhosin: + port: '80,443' + lighttpd-auth: + port: '80,443' + roundcube-auth: + port: '80,443' + openwebmail: + port: '80,443' + horde: + port: '80,443' + groupoffice: + port: '80,443' + sogo-auth: + port: '80,443' + tine20: + port: '80,443' + drupal-auth: + port: '80,443' + guacamole: + port: '80,443' + monit: + port: '2811' + webmin-auth: + port: '10001' + froxlor-auth: + port: '80,443' + squid: + port: '3128' + 3proxy: + port: '3129' + EOS shell "echo \"#{yaml}\" > /etc/puppetlabs/code/environments/production/data/common.yaml" apply_manifest(pp, catch_failures: true) @@ -381,13 +380,13 @@ class { 'fail2ban': } else shell("grep \"\\[sshd\\]\" -A 10 #{config_file_path}") end - expect(r.stdout).to match %r{^port\s+\=\s+ssh,2200$} + expect(r.stdout).to match %r{^port\s+=\s+ssh,2200$} end it 'is expected to modify lighttpd-auth port' do if fail2ban_is_at_least('0.8.7') shell("grep \"\\[lighttpd-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -395,7 +394,7 @@ class { 'fail2ban': } it 'is expected to modify roundcube-auth port' do if fail2ban_is_at_least('0.8.9') shell("grep \"\\[roundcube-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -403,7 +402,7 @@ class { 'fail2ban': } it 'is expected to modify apache-nohome port' do if fail2ban_is_at_least('0.8.10') shell("grep \"\\[apache-nohome\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -411,7 +410,7 @@ class { 'fail2ban': } it 'is expected to modify suhosin port' do if fail2ban_is_at_least('0.9.0') shell("grep \"\\[suhosin\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -420,7 +419,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[selinux-ssh\\]\" -A 5 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+ssh,2202$} + expect(r.stdout).to match %r{^port\s+=\s+ssh,2202$} end end end @@ -429,7 +428,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[apache-auth\\]\" -A 5 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -438,7 +437,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[horde\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -447,7 +446,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[groupoffice\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -456,7 +455,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[openwebmail\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -464,7 +463,7 @@ class { 'fail2ban': } it 'is expected to modify apache-botsearch port' do if fail2ban_is_at_least('0.9.0') shell("grep \"\\[apache-botsearch\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -472,7 +471,7 @@ class { 'fail2ban': } it 'is expected to modify apache-shellshock port' do if fail2ban_is_at_least('0.9.0') shell("grep \"\\[apache-shellshock\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -480,7 +479,7 @@ class { 'fail2ban': } it 'is expected to modify tine20 port' do if fail2ban_is_at_least('0.9.0') shell("grep \"\\[tine20\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -488,7 +487,7 @@ class { 'fail2ban': } it 'is expected to modify nginx-botsearch port' do if fail2ban_is_at_least('0.9.2') shell("grep \"\\[nginx-botsearch\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -498,13 +497,13 @@ class { 'fail2ban': } when 'Debian' if fail2ban_is_at_least('0.9.4') shell("grep \"\\[nginx-limit-req\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end when 'RedHat' if fact('os.release.major').to_i >= 8 shell("grep \"\\[nginx-limit-req\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -513,7 +512,7 @@ class { 'fail2ban': } it 'is expected to modify apache-badbots port' do if fail2ban_is_at_least('0.9.4') shell("grep \"\\[apache-badbots\\]\" -A 7 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -521,57 +520,57 @@ class { 'fail2ban': } it 'is expected to modify apache-fakegooglebot port' do if fail2ban_is_at_least('0.9.6') shell("grep \"\\[apache-fakegooglebot\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end it 'is expected to modify dropbear port' do shell("grep \"\\[dropbear\\]\" -A 5 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+ssh,2201$} + expect(r.stdout).to match %r{^port\s+=\s+ssh,2201$} end end it 'is expected to modify apache-modsecurity port' do shell("grep \"\\[apache-modsecurity\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end it 'is expected to modify nginx-http-auth port' do shell("grep \"\\[nginx-http-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end it 'is expected to modify apache-noscript port' do shell("grep \"\\[apache-noscript\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end it 'is expected to modify apache-overflows port' do shell("grep \"\\[apache-overflows\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end it 'is expected to modify sogo-auth port' do shell("grep \"\\[sogo-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end it 'is expected to modify php-url-fopen port' do shell("grep \"\\[php-url-fopen\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end it 'is expected to modify drupal-auth port' do if fail2ban_is_at_least('0.9.0') shell("grep \"\\[drupal-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -579,7 +578,7 @@ class { 'fail2ban': } it 'is expected to modify guacamole port' do if fail2ban_is_at_least('0.9.0') shell("grep \"\\[guacamole\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -587,7 +586,7 @@ class { 'fail2ban': } it 'is expected to modify monit port' do if fail2ban_is_at_least('0.9.1') shell("grep \"\\[monit\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+2811$} + expect(r.stdout).to match %r{^port\s+=\s+2811$} end end end @@ -596,7 +595,7 @@ class { 'fail2ban': } # since 0.8.9 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[webmin-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+10001$} + expect(r.stdout).to match %r{^port\s+=\s+10001$} end end end @@ -605,7 +604,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[froxlor-auth\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+80,443$} + expect(r.stdout).to match %r{^port\s+=\s+80,443$} end end end @@ -614,7 +613,7 @@ class { 'fail2ban': } # since 0.8.12 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[squid\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+3128$} + expect(r.stdout).to match %r{^port\s+=\s+3128$} end end end @@ -623,7 +622,7 @@ class { 'fail2ban': } # since 0.8.11 unless fact('os.family') == 'Debian' && fact('os.release.major') == '8' shell("grep \"\\[3proxy\\]\" -A 6 #{config_file_path}") do |r| - expect(r.stdout).to match %r{^port\s+\=\s+3129$} + expect(r.stdout).to match %r{^port\s+=\s+3129$} end end end