167 lines
4.8 KiB
Ruby
167 lines
4.8 KiB
Ruby
#!/usr/bin/ruby
|
|
|
|
require 'rubyqa'
|
|
require 'erb'
|
|
|
|
include RubyQA
|
|
|
|
info_template = ERB.new <<EOF, trim_mode: '-'
|
|
==============================================
|
|
Test : <%= @name %>
|
|
==============================================
|
|
|
|
<% @tests.each do |hostname,data| -%>
|
|
<%= hostname %>
|
|
----------------------------------------------
|
|
Serials: <%= data[:context][:serial] %>
|
|
System Date: <%= data[:context][:date] %>
|
|
HWCLOCK: <%= data[:context][:hwclock] %>
|
|
Timezone: <%= data[:context][:timezone] %>
|
|
eSocket Status: <%= data[:context][:esocket_status] %>
|
|
eSocket Patch: <%= data[:context][:esocket_patch] %>
|
|
keystore md5s:
|
|
<% data[:context][:keystore_md5s].each do |line| -%>
|
|
- <%= line %>
|
|
<% end -%>
|
|
<% end -%>
|
|
EOF
|
|
Manager.new_test("Get Information", template: info_template){|host,context|
|
|
serial_matcher = /\"(\S+)\"/
|
|
serials = host.exec("sudo facter 2>/dev/null | grep serial | cut -d '>' -f 2 | tr -d ','")
|
|
|
|
context[:serial] = serials.scan(serial_matcher).map{|serial| "\"#{serial.first}\""}.join(',')
|
|
context[:date] = Time.parse(host.exec('date').strip)
|
|
context[:hwclock] = Time.parse(host.exec('sudo hwclock').strip)
|
|
context[:timezone] = host.exec('readlink -f /etc/localtime').strip.gsub(/(\/usr\/share|\/etc)\/zoneinfo\//,'')
|
|
context[:esocket_status] = host.exec('sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- systemctl is-active esocket').strip
|
|
context[:esocket_patch] = host.exec('sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- ls -1 /home/esocket/eSocket.POS').split(/\n/).select{|line| line =~ /patch/}.last
|
|
context[:keystore_md5s] = host.exec('sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- md5sum /home/esocket/eSocket.POS/keystore/*').split(/\n/).map(&:strip)
|
|
}
|
|
|
|
firewall_template = ERB.new <<EOF, trim_mode: '-'
|
|
==============================================
|
|
Test : <%= @name %>
|
|
==============================================
|
|
<% @tests.each do |hostname,data| -%>
|
|
<%= hostname %>
|
|
----------------------------------------------
|
|
<% data[:context][:chains].each do |name, info| -%>
|
|
Chain <%= name %>
|
|
<% info.each do |rule| -%>
|
|
<%= rule[:line] %>
|
|
<% end -%>
|
|
<% end -%>
|
|
|
|
<% end -%>
|
|
EOF
|
|
|
|
filter_regex = /^target/
|
|
chain_regex = /Chain (?<name>\S+)/
|
|
rule_regex = /(?<target>\S+)[[:space:]]+(?<protocols>\S+)[[:space:]]+(?<opts>\S+)[[:space:]]+(?<source>\S+)[[:space:]]+(?<destination>\S+)/
|
|
Manager.new_test("Firewall Forward Rules", template: firewall_template) {|host,context|
|
|
host_firewall_rules = host.exec("sudo itptables -L FORWARD")
|
|
context[:chains]=Hash.new
|
|
|
|
current_chain = ""
|
|
host_firewall_rules.split(/\n/).each do |line|
|
|
case line
|
|
when chain_regex
|
|
info = chain_regex.match(line)
|
|
current_chain = info['name']
|
|
context[:chains][current_chain] = Array.new
|
|
|
|
when filter_regex
|
|
next
|
|
|
|
when rule_regex
|
|
rule = Hash.new
|
|
info = rule_regex.match(line)
|
|
rule[:target]=info['target']
|
|
rule[:source]=info['source']
|
|
rule[:destination]=info['destination']
|
|
rule[:protocols]=info['protocols']
|
|
rule[:line]=line
|
|
context[:chains][current_chain] << rule
|
|
end
|
|
end
|
|
}
|
|
|
|
Manager.new_test("Check if hostname is correctly configured") {|host,context|
|
|
pass = true
|
|
name = host.name
|
|
hosts = host.exec("cat /etc/hosts")
|
|
hostname = host.exec("cat /etc/hostname").strip
|
|
not_configured_in = Array.new
|
|
|
|
if not hosts =~ /127\.0\.0\.1.*#{name}/
|
|
pass = false
|
|
not_configured_in << "/etc/hosts"
|
|
end
|
|
|
|
if not hostname =~ /#{name}/
|
|
pass = false
|
|
not_configured_in << "/etc/hostname"
|
|
end
|
|
|
|
if not_configured_in.count > 0
|
|
context[:note] = "Hostname was not configured in #{not_configured_in.join(',')}"
|
|
end
|
|
|
|
pass
|
|
}
|
|
|
|
Manager.new_test("Puppet Certs Generated") {|host|
|
|
|
|
}
|
|
|
|
Manager.new_test("OpenVPN Certs Generated") {|host, context|
|
|
listing = host.exec('ls -1 /etc/openvpn/mgmt/easy-rsa/keys/')
|
|
files_not_generated = Array.new
|
|
pass = true
|
|
|
|
if ! listing =~ /my.crt/
|
|
pass = false
|
|
files_not_generated << 'my.crt'
|
|
end
|
|
|
|
if ! listing =~ /my.key/
|
|
pass = false
|
|
files_not_generated << 'my.key'
|
|
end
|
|
|
|
if not pass
|
|
context[:note] = "Files not created: #{files_not_generated.join(',')}"
|
|
end
|
|
|
|
pass
|
|
|
|
}
|
|
|
|
Manager.new_test("Ensure netcat installed on aci, prx & host"){|host, context|
|
|
pass = true
|
|
|
|
aci_listing = host.exec("sudo lxc-attach -n ${HOSTNAME/red?/aci0} -- apt list --installed")
|
|
prx_listing = host.exec("sudo lxc-attach -n ${HOSTNAME/red?/prx0} -- apt list --installed")
|
|
host_listing = host.exec("sudo apt list --installed")
|
|
not_installed_on = Array.new
|
|
|
|
if not aci_listing =~ /netcat/
|
|
not_installed_on << "aci"
|
|
end
|
|
|
|
if not prx_listing =~ /netcat/
|
|
not_installed_on << "prx"
|
|
end
|
|
|
|
if not host_listing =~ /netcat/
|
|
not_installed_on << "host"
|
|
end
|
|
|
|
if not_installed_on.count > 0
|
|
pass = false
|
|
context[:note] = "netcat not installed on #{not_installed_on.join(',')}"
|
|
end
|
|
|
|
pass
|
|
}
|