Skip to content

update nginx with tests and requirements #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 15, 2014
Merged

update nginx with tests and requirements #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions default/serverspec/nginx_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,21 @@
conf_paths = [ nginx_conf, nginx_hardening ]

# check for files
describe 'nginx core configuration' do

describe file(nginx_conf) do
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should_not be_readable.by('others') }
it { should_not be_writable.by('others') }
it { should_not be_executable.by('others') }
end

# ... find stuff in conf.d and sites-available and sites-enabled + both folders
# suid / sgid bits

end

describe 'nginx default files' do
describe file(File.join(nginx_confd, 'default.conf')) do
it { should_not be_file }
Expand All @@ -55,54 +70,77 @@
# check configuration parameters
describe 'check nginx configuration' do

# DTAG SEC: Req. 3.03-3
describe file(nginx_conf) do
its(:content) { should_not match(/^\s*user root;$/) }
end

# DTAG SEC: Req. 3.03-3
describe file(nginx_conf) do
its(:content) { should_not match(/^\s*group root;$/) }
end

# DTAG SEC: Req. 3.03-16
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*server_tokens off;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*client_body_buffer_size 1k;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*client_max_body_size 1k;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*keepalive_timeout\s+5 5;$/) }
end

# DTAG SEC: Req. 3.03-16
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*more_clear_headers 'Server';$/) }
end

# DTAG SEC: Req. 3.03-16
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*more_clear_headers 'X-Powered-By';$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*client_header_buffer_size 1k;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*large_client_header_buffers 2 1k;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*client_body_timeout 10;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*client_header_timeout 10;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*send_timeout 10;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*limit_conn_zone \$binary_remote_addr zone=default:10m;$/) }
end

# DTAG SEC: Req. 3.01-9
describe nginx_conf(conf_paths) do
its(:content) { should match(/^\s*limit_conn default 5;$/) }
end
Expand Down