2018-08-05 20:25:51 +00:00
|
|
|
require 'serverspec'
|
|
|
|
|
|
|
|
|
|
set :backend, :exec
|
|
|
|
|
|
2018-08-10 21:33:35 +00:00
|
|
|
puts
|
|
|
|
|
puts '================================'
|
|
|
|
|
puts %x(ansible --version)
|
|
|
|
|
puts '================================'
|
|
|
|
|
|
2018-08-05 20:25:51 +00:00
|
|
|
describe package('fail2ban') do
|
|
|
|
|
it { should be_installed }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe file('/etc/fail2ban/jail.conf') do
|
|
|
|
|
it { should exist }
|
|
|
|
|
it { should be_file }
|
|
|
|
|
it { should be_mode 644 }
|
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
|
it { should contain 'bantime = 600' }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe file('/etc/fail2ban/jail.d/jails.conf') do
|
|
|
|
|
it { should exist }
|
|
|
|
|
it { should be_file }
|
|
|
|
|
it { should be_mode 644 }
|
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
|
it { should contain '[ssh]' }
|
|
|
|
|
it { should contain '[nextcloud]' }
|
|
|
|
|
it { should contain 'port = 80,443' }
|
|
|
|
|
it { should contain 'maxretry = 2' }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe file('/etc/fail2ban/filter.d/nextcloud.conf') do
|
|
|
|
|
it { should exist }
|
|
|
|
|
it { should be_file }
|
|
|
|
|
it { should be_mode 644 }
|
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
|
it { should contain "failregex = Login failed.*Remote IP.*'<HOST>'" }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe service('fail2ban') do
|
|
|
|
|
it { should be_enabled }
|
|
|
|
|
it { should be_running.under('systemd') }
|
|
|
|
|
end
|
