Initial config for install specs using serverspec

.gemrc

@@ -0,0 +1,8 @@
+:backtrace: false
+:benchmark: false
+:bulk_threshold: 1000
+:sources:
+- http://rubygems.org/
+:update_sources: true
+:verbose: true
+gem: --no-ri --no-rdoc

.ruby-gemset

@@ -0,0 +1 @@
+securedrop

.ruby-version

@@ -0,0 +1 @@
+ruby-2.1.0

Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'serverspec'
+gem 'fpm'

Gemfile.lock

@@ -0,0 +1,52 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.3.5)
+    arr-pm (0.0.8)
+      cabin (> 0)
+    backports (3.4.0)
+    cabin (0.6.1)
+    childprocess (0.4.0)
+      ffi (~> 1.0, >= 1.0.11)
+    clamp (0.6.3)
+    diff-lcs (1.2.5)
+    ffi (1.9.3)
+    fpm (1.0.2)
+      arr-pm (~> 0.0.8)
+      backports (>= 2.6.2)
+      cabin (>= 0.6.0)
+      childprocess
+      clamp (~> 0.6)
+      ffi
+      ftw (~> 0.0.30)
+      json (>= 1.7.7)
+    ftw (0.0.39)
+      addressable
+      backports (>= 2.6.2)
+      cabin (> 0)
+      http_parser.rb (= 0.5.3)
+    highline (1.6.20)
+    http_parser.rb (0.5.3)
+    json (1.8.1)
+    net-ssh (2.7.0)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.7)
+    rspec-expectations (2.14.4)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.4)
+    serverspec (0.14.4)
+      highline
+      net-ssh
+      rspec (>= 2.13.0)
+      specinfra (>= 0.1.0)
+    specinfra (0.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  fpm
+  serverspec

spec/default/ossec_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+['postfix', 'procmail'].each do |pkg|
+  describe package(pkg) do
+    it { should be_installed }
+  end
+end
+
+describe file('/etc/postfix/main.cf') do
+  it { should be_file }
+  its(:content) { should match /^mailbox_command = \/usr\/bin\/procmail$/ }
+end
+
+describe file("/var/ossec/.gnupg") do
+  it { should be_directory }
+  it { should be_owned_by "ossec" }
+  it { should be_mode '700' }
+end
+
+describe file("/var/ossec/.procmailrc") do
+  its(:content) { should match "/var/ossec/send_encrypted_alarm.sh" }
+end
+
+describe file("/var/ossec/send_encrypted_alarm.sh") do
+  it { should be_mode '0755' }
+end
+
+describe file("/var/log/procmail.log") do
+  it { should be_owned_by "ossec" }
+end
+

spec/spec_helper.rb

@@ -0,0 +1,46 @@
+require 'serverspec'
+require 'pathname'
+require 'net/ssh'
+
+include SpecInfra::Helper::Ssh
+include SpecInfra::Helper::DetectOS
+
+RSpec.configure do |c|
+  if ENV['ASK_SUDO_PASSWORD']
+    require 'highline/import'
+    c.sudo_password = ask("Enter sudo password: ") { |q| q.echo = false }
+  else
+    c.sudo_password = ENV['SUDO_PASSWORD']
+  end
+  c.before :all do
+    block = self.class.metadata[:example_group_block]
+    if RUBY_VERSION.start_with?('1.8')
+      file = block.to_s.match(/.*@(.*):[0-9]+>/)[1]
+    else
+      file = block.source_location.first
+    end
+    host  = File.basename(Pathname.new(file).dirname)
+    if c.host != host
+      c.ssh.close if c.ssh
+      c.host  = host
+      options = Net::SSH::Config.for(c.host)
+      user    = options[:user] || Etc.getlogin
+      vagrant_up = `vagrant up default`
+      config = `vagrant ssh-config default`
+      if config != ''
+        config.each_line do |line|
+          if match = /HostName (.*)/.match(line)
+            host = match[1]
+          elsif  match = /User (.*)/.match(line)
+            user = match[1]
+          elsif match = /IdentityFile (.*)/.match(line)
+            options[:keys] =  [match[1].gsub(/"/,'')]
+          elsif match = /Port (.*)/.match(line)
+            options[:port] = match[1]
+          end
+        end
+      end
+      c.ssh   = Net::SSH.start(host, user, options)
+    end
+  end
+end