redBorder · manegron · Sep 20, 2024 · Jun 13, 2024 · Jun 13, 2024 · Jun 13, 2024
diff --git a/Rakefile b/Rakefile
@@ -20,7 +20,7 @@ end
 
 namespace :spec do
   host = ENV['TARGET_HOST'] || '10.1.209.20'
-  task all: %i[services configuration]
+  task all: %i[services configuration users]
 
   desc 'run configuration tests'
   RSpec::Core::RakeTask.new(:configuration) do |t|
@@ -42,4 +42,11 @@ namespace :spec do
     t.pattern = 'spec/modules/monitor/*_spec.rb'
     t.rspec_opts = '--format documentation'  # O "--format progress"
   end
+
+  desc 'run user tests'
+  RSpec::Core::RakeTask.new(:users) do |t|
+    puts "Running user tests on #{host} ..."
+    t.pattern = 'spec/users/*_spec.rb'
+    t.rspec_opts = '--format documentation'  # O "--format progress"
+  end
 end
diff --git a/spec/users/f2k_spec.rb b/spec/users/f2k_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'f2k'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/http2k_spec.rb b/spec/users/http2k_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = 'redborder-http2k'
+usr = 'http2k'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/kafka_spec.rb b/spec/users/kafka_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = 'redborder-kafka'
+usr = 'kafka'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/memcached_spec.rb b/spec/users/memcached_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'memcached'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/minio_spec.rb b/spec/users/minio_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'minio'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/bin/bash') }
+end
diff --git a/spec/users/pmacct_spec.rb b/spec/users/pmacct_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'pmacct'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/postfix_spec.rb b/spec/users/postfix_spec.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+describe user('postfix') do
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/postgres_spec.rb b/spec/users/postgres_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = 'postgresql'
+usr = 'postgres'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell '/bin/bash' }
+end
diff --git a/spec/users/redborder_dswatcher_spec.rb b/spec/users/redborder_dswatcher_spec.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+pkg = usr = 'redborder-dswatcher'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/redborder_events_counter_spec.rb b/spec/users/redborder_events_counter_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'redborder-events-counter'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/redborder_monitor_spec.rb b/spec/users/redborder_monitor_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'redborder-monitor'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/redborder_spec.rb b/spec/users/redborder_spec.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+describe user('redborder') do
+  it { should exist }
+  it { should have_login_shell '/bin/bash' }
+end
diff --git a/spec/users/root_spec.rb b/spec/users/root_spec.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+describe user('root') do
+  it { should exist }
+  it { should have_login_shell '/bin/bash' }
+end
diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# This file is for system users in general
+
+require 'spec_helper'
+require 'set'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+describe 'Checking only these users has login permission' do
+  passwd = command('cat /etc/passwd').stdout.split("\n")
+  bash_users = passwd.select { |p| p.include? '/bin/bash' }
+  bash_users.map! { |p| p.split(':').first }
+  bash_users = Set.new bash_users
+
+  allowed_users = Set.new %w[root redborder postgres minio]
+  not_allowed_users = bash_users - allowed_users
+
+  it 'should only allow specified users to have login permissions' do
+    expect(not_allowed_users.to_a).to be_empty
+  end
+end
diff --git a/spec/users/webui.rb b/spec/users/webui.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'webui'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end
diff --git a/spec/users/zookeeper.rb b/spec/users/zookeeper.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+set :os, family: 'redhat', release: '9', arch: 'x86_64'
+
+pkg = usr = 'zookeeper'
+describe user(usr) do
+  before(:all) do
+    skip("Package #{pkg} is not installed") unless package(pkg).installed?
+  end
+  it { should exist }
+  it { should have_login_shell('/sbin/nologin') }
+end