ansible-role-fail2ban/test/integration/fail2ban/serverspec/fail2ban_spec.rb

48 lines
1.2 KiB
Ruby
Raw Normal View History

2018-08-05 20:25:51 +00:00
require 'serverspec'
set :backend, :exec
2018-08-10 21:33:35 +00:00
puts
puts '================================'
puts %x(ansible --version)
puts '================================'
2018-08-05 20:25:51 +00:00
describe package('fail2ban') do
it { should be_installed }
end
describe file('/etc/fail2ban/jail.conf') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain 'bantime = 600' }
end
describe file('/etc/fail2ban/jail.d/jails.conf') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain '[ssh]' }
it { should contain '[nextcloud]' }
it { should contain 'port = 80,443' }
it { should contain 'maxretry = 2' }
end
describe file('/etc/fail2ban/filter.d/nextcloud.conf') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain "failregex = Login failed.*Remote IP.*'<HOST>'" }
end
describe service('fail2ban') do
it { should be_enabled }
it { should be_running.under('systemd') }
end