Skip to content

Commit

Permalink
Enable core dumps if they are enabled via attribute
Browse files Browse the repository at this point in the history
Fixes #165
  • Loading branch information
artem-sidorenko committed Oct 16, 2017
1 parent 731f1f2 commit 2eba874
Show file tree
Hide file tree
Showing 4 changed files with 88 additions and 21 deletions.
4 changes: 3 additions & 1 deletion recipes/limits.rb
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,7 @@
mode '0440'
owner 'root'
group 'root'
not_if { node['os-hardening']['security']['kernel']['enable_core_dump'] }
if node['os-hardening']['security']['kernel']['enable_core_dump']
action :delete
end
end
4 changes: 3 additions & 1 deletion recipes/profile.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,7 @@
mode 0755
owner 'root'
group 'root'
not_if { node['os-hardening']['security']['kernel']['enable_core_dump'] }
if node['os-hardening']['security']['kernel']['enable_core_dump']
action :delete
end
end
55 changes: 45 additions & 10 deletions spec/recipes/limits_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,16 +23,6 @@

subject { chef_run }

it 'creates /etc/sysconfig/init' do
is_expected.to create_template(
'/etc/security/limits.d/10.hardcore.conf'
).with(
user: 'root',
group: 'root',
mode: '0440'
)
end

it 'creates /etc/security/limits.d directory' do
is_expected.to create_directory('/etc/security/limits.d').with(
user: 'root',
Expand All @@ -41,4 +31,49 @@
recursive: true
)
end

describe 'core dump setting' do
let(:enable_core_dump) { nil }
let(:chef_run) do
ChefSpec::ServerRunner.new do |node|
node.override['os-hardening']['security']['kernel']['enable_core_dump'] = enable_core_dump if enable_core_dump # rubocop:disable Metrics/LineLength
end.converge(described_recipe)
end

context 'enable_core_dump has its default value' do
it 'should create the settings file' do
is_expected.to create_template(
'/etc/security/limits.d/10.hardcore.conf'
).with(
user: 'root',
group: 'root',
mode: '0440'
)
end
end

context 'enable_core_dump is disabled' do
let(:enable_core_dump) { false }

it 'should create the settings file' do
is_expected.to create_template(
'/etc/security/limits.d/10.hardcore.conf'
).with(
user: 'root',
group: 'root',
mode: '0440'
)
end
end

context 'enable_core_dump is enabled' do
let(:enable_core_dump) { true }

it 'should remove the settings file' do
is_expected.to delete_template(
'/etc/security/limits.d/10.hardcore.conf'
)
end
end
end
end
46 changes: 37 additions & 9 deletions spec/recipes/profile_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,46 @@
#

describe 'os-hardening::profile' do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
let(:enable_core_dump) { nil }
let(:chef_run) do
ChefSpec::ServerRunner.new do |node|
node.override['os-hardening']['security']['kernel']['enable_core_dump'] = enable_core_dump if enable_core_dump # rubocop:disable Metrics/LineLength
end.converge(described_recipe)
end

subject { chef_run }

it 'create /etc/profile.d/pinerolo_profile.sh' do
is_expected.to create_template('/etc/profile.d/pinerolo_profile.sh').with(
source: 'profile.conf.erb',
mode: 0755,
owner: 'root',
group: 'root'
)
context 'enable_core_dump has its default value' do
it 'create /etc/profile.d/pinerolo_profile.sh' do
is_expected.to create_template('/etc/profile.d/pinerolo_profile.sh').with(
source: 'profile.conf.erb',
mode: 0755,
owner: 'root',
group: 'root'
)
end
end

context 'enable_core_dump is disabled' do
let(:enable_core_dump) { false }

it 'create /etc/profile.d/pinerolo_profile.sh' do
is_expected.to create_template('/etc/profile.d/pinerolo_profile.sh').with(
source: 'profile.conf.erb',
mode: 0755,
owner: 'root',
group: 'root'
)
end
end

context 'enable_core_dump is enabled' do
let(:enable_core_dump) { true }

it 'should remove the settings file' do
is_expected.to delete_template(
'/etc/profile.d/pinerolo_profile.sh'
)
end
end
end

0 comments on commit 2eba874

Please sign in to comment.