42 lines
1.1 KiB
Python
42 lines
1.1 KiB
Python
import os
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
os.environ["MOLECULE_INVENTORY_FILE"]
|
|
).get_hosts("all")
|
|
|
|
|
|
def test_sysctl_file(host):
|
|
sysctl = host.file("/etc/sysctl.d/local.conf")
|
|
|
|
assert sysctl.exists
|
|
assert sysctl.user == "root"
|
|
assert sysctl.group == "root"
|
|
assert sysctl.mode == 0o644
|
|
|
|
|
|
def test_modprobe_file(host):
|
|
modprobe = host.file("/etc/modprobe.d/custom.conf")
|
|
|
|
assert modprobe.exists
|
|
assert modprobe.user == "root"
|
|
assert modprobe.group == "root"
|
|
assert modprobe.mode == 0o644
|
|
assert modprobe.contains("install usb-storage /bin/true")
|
|
assert modprobe.contains("blacklist firewire-core")
|
|
|
|
|
|
def test_coredump_config(host):
|
|
assert host.file("/etc/sysctl.d/dump.conf").exists
|
|
assert host.file("/etc/security/limits.d/dump.conf").exists
|
|
assert host.file("/etc/profile.d/dump.sh").exists
|
|
|
|
|
|
def test_cgroup_config(host):
|
|
grub = host.file("/boot/grub2/grubenv")
|
|
proc = host.run("grep cgroup /proc/filesystems")
|
|
|
|
assert grub.contains("systemd.unified_cgroup_hierarchy=1")
|
|
assert "cgroup2" in proc.stdout
|