initial testing repo

.gitignore

@@ -0,0 +1,6 @@
+**/.librarian
+**/Puppetfile.lock
+**/.tmp
+Gemfile.lock
+Berksfile.lock
+nbproject

.rubocop.yml

@@ -0,0 +1,22 @@
+AllCops:
+  Exclude:
+    - vendor/**
+    - metadata.rb
+    - '**/Puppetfile'
+    - Puppetfile
+
+
+Documentation:
+  Enabled: false
+AlignParameters:
+  Enabled: true
+Encoding:
+  Enabled: true
+HashSyntax:
+  Enabled: true
+LineLength:
+  Enabled: false
+MethodLength:
+  Max: 30
+NumericLiterals:
+  MinDigits: 10

.travis.yml

@@ -0,0 +1,5 @@
+rvm:
+  - 1.9.3
+  - 2.0.0
+language: ruby
+script: bundle exec rake run_all_linters

Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gem 'rake'
+gem 'serverspec'
+gem 'rubocop',    '~> 0.23'

README.md

@@ -1,2 +1,43 @@
 tests-apache-hardening
-======================
+=====================
+
+This are the integration tests for the projects
+
+- https://github.com/TelekomLabs/puppet-apache-hardening
+- https://github.com/TelekomLabs/chef-apache-hardening
+
+they start at `integration` level
+
+you can use the gem `kitchen-sharedtests`
+
+- https://github.com/ehaselwanter/kitchen-sharedtests/
+
+to make them available to your project. Use `thor kitchen:fetch-remote-tests` to put the repo into `test/integration`
+
+## Standalone Usage
+
+you can target the integration tests to any host were you have ssh access
+
+rake -T gives you a list of suites you can run (well ignore directories which are obviously not suites for now)
+
+```
+± rake -T
+rake serverspec:default    # Run serverspec suite default
+```
+
+run it with:
+
+```
+bundle install
+
+# default user and ssh-key
+
+bundle exec rake serverspec:default target_host=<name-or-ip-of-target-server>
+
+# or with user, host, password
+
+ASK_LOGIN_PASSWORD=true bundle exec rake serverspec:default target_host=192.168.1.222 user=stack
+```
+
+add `format=html` to get a report.html document
+

Rakefile

@@ -0,0 +1,45 @@
+# encoding: utf-8
+
+require 'rake'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+# Rubocop
+desc 'Run Rubocop lint checks'
+task :rubocop do
+  RuboCop::RakeTask.new
+end
+
+# Lint the cookbook
+desc 'Run linters'
+task :run_all_linters => [:rubocop] # rubocop:disable Style/HashSyntax
+task :default => :run_all_linters # rubocop:disable Style/HashSyntax
+
+# Serverspec tests
+suites = Dir.glob('*').select { |entry| File.directory?(entry) }
+
+class ServerspecTask < RSpec::Core::RakeTask
+  attr_accessor :target
+
+  def spec_command
+    if target.nil?
+      puts 'specify either env TARGET_HOST or target_host='
+      exit 1
+    end
+
+    cmd = super
+    "env TARGET_HOST=#{target} STANDALONE_SPEC=true #{cmd}  --format documentation --no-profile"
+  end
+end
+
+namespace :serverspec do
+  suites.each do |suite|
+    desc "Run serverspec suite #{suite}"
+    ServerspecTask.new(suite.to_sym) do |t|
+      t.rspec_opts = '--no-color --format html --out report.html' if ENV['format'] == 'html'
+      t.target = ENV['TARGET_HOST'] || ENV['target_host']
+      t.ruby_opts = "-I #{suite}/serverspec"
+      t.pattern = "#{suite}/serverspec/*_spec.rb"
+    end
+  end
+end

default/puppet/Modulefile

@@ -0,0 +1,12 @@
+name    'hardening/apache_hardening'
+version '0.1.0'
+source 'https://github.com/TelekomLabs/puppet-apache-hardening'
+author 'Markus Schmall'
+license 'Apache License, Version 2.0'
+summary 'Configures Apache for security hardening'
+description 'Configures Apache for security hardening'
+project_page 'https://github.com/TelekomLabs/puppet-apache-hardening'
+
+dependency 'hardening/hardening_stdlib', '>=0.0.0 <1.0.0'
+dependency 'puppetlabs/apache'
+

default/puppet/Puppetfile

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+#^syntax detection
+
+forge "http://forge.puppetlabs.com"
+
+# use dependencies defined in Modulefile
+modulefile

default/puppet/manifests/site.pp

@@ -0,0 +1,6 @@
+# Configure Apache Server as you normally would:
+
+
+
+class { 'apache_hardening':
+}

default/roles/mysql.json

@@ -0,0 +1,16 @@
+{
+    "name": "apache",
+    "default_attributes": { },
+    "override_attributes": { },
+    "json_class": "Chef::Role",
+    "description": "Apache Hardened Server Test Role",
+    "chef_type": "role",
+    "default_attributes" : {
+      }
+    },
+    "run_list": [
+        "recipe[chef-solo-search]",
+        "recipe[apt]",
+        "recipe[apache-hardening::server]"
+    ]
+}

default/serverspec/apache_spec.rb

@@ -0,0 +1,44 @@
+# encoding: utf-8
+#
+# Copyright 2014, Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+
+RSpec.configure do |c|
+  c.filter_run_excluding skipOn: backend(Serverspec::Commands::Base).check_os[:family]
+end
+
+RSpec::Matchers.define :match_key_value do |key, value|
+  match do |actual|
+    actual =~ /^\s*?#{key}\s*?=\s*?#{value}/
+  end
+end
+
+# set OS-dependent filenames and paths
+case backend.check_os[:family]
+when 'Ubuntu', 'Debian'
+  service_name = 'apache2'
+when 'RedHat', 'Fedora'
+
+  service_name = 'apache'
+end
+
+describe service("#{service_name}") do
+  it { should be_enabled }
+  it { should be_running }
+end
+

default/serverspec/spec_helper.rb

@@ -0,0 +1,83 @@
+# encoding: utf-8
+#
+# Copyright 2014, Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if ENV['STANDALONE_SPEC']
+
+  require 'serverspec'
+  require 'pathname'
+  require 'net/ssh'
+  require 'highline/import'
+
+  include Serverspec::Helper::Ssh
+  include Serverspec::Helper::Exec
+  include Serverspec::Helper::DetectOS
+
+  RSpec.configure do |c|
+
+    if ENV['ASK_SUDO_PASSWORD']
+      c.sudo_password = ask('Enter sudo password: ') { |q| q.echo = false }
+    else
+      c.sudo_password = ENV['SUDO_PASSWORD']
+    end
+
+    options = {}
+
+    if ENV['ASK_LOGIN_PASSWORD']
+      options[:password] = ask("\nEnter login password: ") { |q| q.echo = false }
+    else
+      options[:password] = ENV['LOGIN_PASSWORD']
+    end
+
+    if ENV['ASK_LOGIN_USERNAME']
+      user = ask("\nEnter login username: ") { |q| q.echo = false }
+    else
+      user = ENV['LOGIN_USERNAME'] || ENV['user'] || Etc.getlogin
+    end
+
+    if user.nil?
+      puts 'specify login user env LOGIN_USERNAME= or user='
+      exit 1
+    end
+
+    # @see https://github.com/serverspec/serverspec/issues/267
+    ENV['LANG'] = 'C'
+    options[:send_env] = options[:send_env] | [/^LANG$/]
+
+    c.host  = ENV['TARGET_HOST']
+    options.merge(Net::SSH::Config.for(c.host))
+    c.ssh   = Net::SSH.start(c.host, user, options)
+    c.os    = backend.check_os
+
+  end
+
+else
+  require 'serverspec'
+  require 'pathname'
+
+  include Serverspec::Helper::Exec
+  include Serverspec::Helper::DetectOS
+
+  RSpec.configure do |c|
+
+    # @see https://github.com/serverspec/serverspec/issues/267
+    ENV['LANG'] = 'C'
+
+    c.before :all do
+      c.os = backend(Serverspec::Commands::Base).check_os
+    end
+  end
+end