### Test Windows Services Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Check the installation status, enabled state, running status, and start mode of Windows services. ```ruby describe service('DNS Client') do it { should be_installed } it { should be_enabled } it { should be_running } it { should have_start_mode("Manual") } end ``` -------------------------------- ### serverspec-init: Interactive Project Scaffolding Source: https://context7.com/mizzy/serverspec/llms.txt Run the interactive setup wizard to bootstrap a new Serverspec project. It prompts for OS type and backend type, then generates necessary project files. ```bash # Run the interactive setup wizard serverspec-init # Select OS type: # 1) UN*X # 2) Windows # Select number: 1 # # Select a backend type: # 1) SSH # 2) Exec (local) # Select number: 2 # # Generated files: # + spec/ # + spec/localhost/ # + spec/localhost/sample_spec.rb # + spec/spec_helper.rb # + Rakefile # + .rspec ``` -------------------------------- ### Test Windows Directories and Files Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Use these RSpec examples to verify the existence, readability, and writability of directories and files on Windows. ```ruby describe file('c:/windows') do it { should be_directory } it { should be_readable } it { should_not be_writable.by('Everyone') } end describe file('c:/temp/test.txt') do it { should be_file } it { should contain "some text" } end ``` -------------------------------- ### Test Installed Windows Packages Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Verify if a specific package is installed on a Windows system. ```ruby describe package('Adobe AIR') do it { should be_installed} end ``` -------------------------------- ### Verify installed packages with Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Checks if a package is installed, optionally with a specific version or installed via an alternate provider. Supports version comparison. ```ruby # spec/localhost/packages_spec.rb require 'spec_helper' describe package('nginx') do it { should be_installed } end describe package('curl') do it { should be_installed.with_version('7.68.0') } end # Install via alternate provider describe package('bundler') do it { should be_installed.by('gem') } end describe package('myapp') do it { should be_installed.by('pip') } end # Version comparison describe package('openssl') do it 'should be at least 1.1.0' do expect(subject.version).to be >= '1.1.0' end end ``` -------------------------------- ### Test Windows Features Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Check if a Windows feature is installed and verify the installation method (e.g., dism, powershell). ```ruby describe windows_feature('Minesweeper') do it{ should be_installed } it{ should be_installed.by("dism") } it{ should be_installed.by("powershell") } end ``` -------------------------------- ### Serverspec: Verify System Services Source: https://context7.com/mizzy/serverspec/llms.txt Tests the state of system services, including whether they are running, enabled at boot, monitored by a process supervisor, or have specific start properties. Includes OS-specific guards and Windows service start mode checks. ```ruby # spec/localhost/services_spec.rb require 'spec_helper' # Basic running + enabled checks (cross-platform with OS guard) describe service('nginx') do it { should be_running } it { should be_enabled } end describe service('httpd'), :if => os[:family] == 'redhat' do it { should be_running } it { should be_enabled } it { should be_enabled.with_level(3) } end # Supervised by monit describe service('nginx') do it { should be_monitored_by('monit') } it { should be_monitored_by('monit').with_name('nginx_monitor') } end # Windows service start mode describe service('W32Time') do it { should have_start_mode('Auto') } end ``` -------------------------------- ### Execute Commands on Windows and Match Output Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Run commands on Windows hosts via PowerShell and assert specific patterns in the standard output. ```ruby describe command('& "ipconfig"') do its(:stdout) { should match /IPv4 Address(\.| )*: 192\.168\.1\.100/ } end ``` -------------------------------- ### Test IIS Websites Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Verify the existence, enabled state, running status, application pool, and physical path of IIS websites. ```ruby describe iis_website("Default Website") do it { should exist } it { should be_enabled } it { should be_running } it { should be_in_app_pool "DefaultAppPool" } it { should have_physical_path "c:/inetpub/wwwroot" } end ``` -------------------------------- ### Test Windows Registry Keys and Properties Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Verify the existence of registry keys, their properties, and specific property values, including different data types. ```ruby describe windows_registry_key('HKEY_USERS\S-1-5-21-1319311448-2088773778-316617838-32407\Test MyKey') do it { should exist } it { should have_property('string value') } it { should have_property('binary value', :type_binary) } it { should have_property('dword value', :type_dword) } it { should have_value('test default data') } it { should have_property_value('multistring value', :type_multistring, "test\nmulti\nstring\ndata") } it { should have_property_value('qword value', :type_qword, 'adff32') } it { should have_property_value('binary value', :type_binary, 'dfa0f066') } end ``` -------------------------------- ### Verify YUM Repository Configuration Source: https://context7.com/mizzy/serverspec/llms.txt Ensures that a specified YUM repository exists and is enabled on the system. Useful for verifying package sources. ```ruby # spec/localhost/repos_spec.rb require 'spec_helper' describe yumrepo('epel') do it { should exist } it { should be_enabled } end describe yumrepo('internal-packages') do it { should exist } it { should be_enabled } end ``` -------------------------------- ### Verify Network Interface Properties Source: https://context7.com/mizzy/serverspec/llms.txt Tests for the existence, state, and IP configuration of network interfaces. Ensure the interface name and IP address match your system's configuration. ```ruby require 'spec_helper' describe interface('eth0') do it { should exist } it { should be_up } it { should have_ipv4_address('192.168.1.10') } its(:speed) { should eq 1000 } its(:mtu) { should eq 1500 } end describe interface('lo') do it { should have_ipv4_address('127.0.0.1') } it { should have_ipv6_address('::1') } end ``` -------------------------------- ### Configure Remote Windows Testing with Serverspec (WinRM) Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Set up remote testing for Windows hosts using WinRM. Ensure Windows Remote Management is configured on the target host. ```ruby require 'serverspec' require 'winrm' set :backend, :winrm set :os, :family => 'windows' user = pass = endpoint = "http://#{ENV['TARGET_HOST']}:5985/wsman" if Gem::Version.new(WinRM::VERSION) < Gem::Version.new('2') winrm = ::WinRM::WinRMWebService.new(endpoint, :ssl, :user => user, :pass => pass, :basic_auth_only => true) winrm.set_timeout 300 # 5 minutes max timeout for any operation else opts = { user: user, password: pass, endpoint: endpoint, operation_timeout: 300, no_ssl_peer_verification: false, } winrm = ::WinRM::Connection.new(opts) end Specinfra.configuration.winrm = winrm ``` -------------------------------- ### Configure Local Windows Testing with Serverspec Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Use this configuration for local testing on Windows machines, similar to the Exec option on Linux/Unix. ```ruby require 'serverspec' set :backend, :cmd set :os, :family => 'windows' ``` -------------------------------- ### Run Serverspec Tests with Rake Source: https://github.com/mizzy/serverspec/blob/master/README.md To run the tests for the Serverspec gem, use the `bundle exec rake` command. Using `rspec` directly will not work. ```bash bundle exec rake ``` -------------------------------- ### Test Windows Users and Groups Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Check for the existence of users and their group memberships, as well as the existence of groups. ```ruby describe user('some.admin') do it { should exist } it { should belong_to_group('Administrators')} end describe group('Guests') do it { should exist } end describe group('MYDOMAIN\Domain Users') do it { should exist } end ``` -------------------------------- ### Test Listening Windows Ports Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Verify if a specific network port is listening on a Windows host. ```ruby describe port(139) do it { should be_listening } end ``` -------------------------------- ### Rakefile for Multi-host Task Automation Source: https://context7.com/mizzy/serverspec/llms.txt Automates Serverspec tests across multiple hosts. Discovers per-host spec directories and creates Rake tasks for each host and an :all task. ```ruby # Rakefile require 'rake' require 'rspec/core/rake_task' task :spec => 'spec:all' task :default => :spec namespace :spec do targets = [] Dir.glob('./spec/*').each do |dir| next unless File.directory?(dir) target = File.basename(dir) target = "_#{target}" if target == "default" targets << target end task :all => targets task :default => :all targets.each do |target| original_target = target == "_default" ? target[1..-1] : target desc "Run serverspec tests to #{original_target}" RSpec::Core::RakeTask.new(target.to_sym) do |t| ENV['TARGET_HOST'] = original_target t.pattern = "spec/#{original_target}/*_spec.rb" end end end # bundle exec rake spec # run all hosts # bundle exec rake spec:web-server # run only web-server ``` -------------------------------- ### Verify Host Resolution and Reachability Source: https://context7.com/mizzy/serverspec/llms.txt Tests if a hostname resolves correctly via DNS or hosts file and if it's reachable over the network. Specify the protocol and port for reachability checks. ```ruby # spec/localhost/hosts_spec.rb require 'spec_helper' describe host('example.com') do it { should be_resolvable } it { should be_resolvable.by('dns') } it { should be_reachable } it { should be_reachable.with(:port => 443, :proto => 'tcp', :timeout => 5) } end describe host('internal-db') do it { should be_resolvable.by('hosts') } its(:ipaddress) { should eq '10.0.0.5' } end ``` -------------------------------- ### Verify SELinux Mode Source: https://context7.com/mizzy/serverspec/llms.txt Asserts the current SELinux enforcement mode on the system. Ensure SELinux is configured as expected. ```ruby # spec/localhost/selinux_spec.rb require 'spec_helper' describe selinux do it { should be_enforcing } end ``` -------------------------------- ### Verify ZFS Dataset Properties Source: https://context7.com/mizzy/serverspec/llms.txt Asserts that a ZFS dataset exists and possesses specific properties like compression, mountpoint, or quota. Can check for inclusion of properties. ```ruby # spec/localhost/zfs_spec.rb require 'spec_helper' describe zfs('tank/data') do it { should exist } it { should have_property('compression' => 'lz4') } it { should have_property('mountpoint' => '/data') } end describe zfs('tank/backups') do its(:property) { should include('quota' => '100G') } end ``` -------------------------------- ### Verify Firewall Rules (iptables/ip6tables) Source: https://context7.com/mizzy/serverspec/llms.txt Checks for the existence of specific iptables or ip6tables rules. You can specify the table and chain for more precise checks. ```ruby # spec/localhost/firewall_spec.rb require 'spec_helper' describe iptables do it { should have_rule('-P INPUT DROP') } it { should have_rule('-A INPUT -p tcp --dport 22 -j ACCEPT') } it { should have_rule('-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT') } end # Specify table and chain describe iptables do it { should have_rule('-A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE').with_table('nat').with_chain('POSTROUTING') } end describe ip6tables do it { should have_rule('-P INPUT DROP') } end ``` -------------------------------- ### Exec (Local) Backend Configuration for Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Configures Serverspec to run commands directly on the local machine without SSH. Optional settings for environment variables and path are commented out. ```ruby # spec/spec_helper.rb — local exec backend require 'serverspec' set :backend, :exec # Optional: set environment variables passed to every command # set :env, :LANG => 'C', :LC_MESSAGES => 'C' # Optional: prepend paths # set :path, '/sbin:/usr/local/sbin:$PATH' # Run tests locally: # bundle exec rake spec ``` -------------------------------- ### Verify file properties with Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Tests existence, type, permissions, ownership, content, checksums, SELinux labels, and parsed content (JSON/YAML) for filesystem entries. Ensure correct imports if using JSON/YAML parsing. ```ruby # spec/localhost/files_spec.rb require 'spec_helper' describe file('/etc/nginx/nginx.conf') do it { should be_file } it { should exist } it { should be_owned_by 'root' } it { should be_grouped_into 'root' } it { should be_mode 644 } it { should be_readable } it { should be_readable.by('owner') } it { should contain('worker_processes') } it { should contain(/server_name\s+example\.com/) } it { should contain('listen 80').from(%r{server \{}).to(/\}/) } end describe file('/var/www/html') do it { should be_directory } it { should be_owned_by 'www-data' } end describe file('/etc/ssl/certs/ca-link') do it { should be_symlink } it { should be_linked_to '/etc/ssl/certs/ca-certificates.crt' } end describe file('/etc/app/config.json') do it 'should have correct app port' do expect(subject.content_as_json['server']['port']).to eq(8080) end end describe file('/etc/app/config.yml') do it 'should enable caching' do expect(subject.content_as_yaml['cache']['enabled']).to be true end end describe file('/etc/passwd') do it { should be_immutable } end describe file('/data') do it { should be_mounted } it { should be_mounted.with(:type => 'ext4') } it { should be_mounted.only_with(:device => '/dev/sdb1', :type => 'ext4') } end ``` -------------------------------- ### Verify Running Processes Source: https://context7.com/mizzy/serverspec/llms.txt Confirms that a named process is running and allows inspection of its properties like user, group, and memory usage. Use 'count' to check the number of instances. ```ruby # spec/localhost/processes_spec.rb require 'spec_helper' describe process('nginx') do it { should be_running } its(:user) { should eq 'www-data' } its(:count) { should eq 4 } end describe process('sshd') do it { should be_running } its(:user) { should eq 'root' } end ``` -------------------------------- ### Create New Pull Request Source: https://github.com/mizzy/serverspec/blob/master/README.md Initiate a new pull request for your feature branch. ```bash Create new Pull Request ``` -------------------------------- ### Verify Docker Resources Source: https://context7.com/mizzy/serverspec/llms.txt Checks for the existence and running state of Docker containers and images. You can also verify volume mounts and inspect raw Docker data. ```ruby # spec/localhost/docker_spec.rb require 'spec_helper' describe docker_image('nginx:latest') do it { should exist } end describe docker_container('web') do it { should exist } it { should be_running } it { should have_volume('/var/www/html', '/srv/www') } end # Access raw docker inspect data describe docker_container('web') do it 'exposes port 80' do expect(subject['HostConfig.PortBindings']).to have_key('80/tcp') end end ``` -------------------------------- ### Verify Loaded Kernel Modules Source: https://context7.com/mizzy/serverspec/llms.txt Asserts that a specific kernel module is currently loaded into the system. Useful for ensuring necessary modules are active. ```ruby # spec/localhost/kernel_spec.rb require 'spec_helper' describe kernel_module('nf_conntrack') do it { should be_loaded } end describe kernel_module('ip6table_filter') do it { should be_loaded } end ``` -------------------------------- ### Push Feature Branch Source: https://github.com/mizzy/serverspec/blob/master/README.md Push your new feature branch to the origin repository using `git push`. ```bash git push origin my-new-feature ``` -------------------------------- ### Verify Linux Kernel Parameters (sysctl) Source: https://context7.com/mizzy/serverspec/llms.txt Reads and asserts the values of sysctl kernel parameters. Ensure the parameter name and expected value are correct for your system. ```ruby # spec/localhost/sysctl_spec.rb require 'spec_helper' describe linux_kernel_parameter('net.ipv4.ip_forward') do its(:value) { should eq 1 } end describe linux_kernel_parameter('vm.swappiness') do its(:value) { should eq 10 } end describe linux_kernel_parameter('net.ipv6.conf.all.disable_ipv6') do its(:value) { should eq 0 } end ``` -------------------------------- ### Verify command output with Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Runs a shell command on the target host and allows assertions against its stdout, stderr, and exit status. Supports parsing JSON output. ```ruby # spec/localhost/commands_spec.rb require 'spec_helper' describe command('ruby --version') do its(:stdout) { should match(/ruby 3\./) } its(:exit_status) { should eq 0 } end describe command('systemctl is-active postgresql') do its(:stdout) { should contain('active') } its(:exit_status) { should eq 0 } end describe command('df -h /') do its(:stdout) { should_not match(/100%/) } end # Parse JSON output describe command('curl -s http://localhost:3000/health') do it 'returns healthy status' do expect(subject.stdout_as_json['status']).to eq('ok') end end ``` -------------------------------- ### Verify system users with Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Checks that a user account exists, belongs to expected groups, has the right UID, shell, home directory, and authorized SSH keys. Differentiates between system and regular users. ```ruby # spec/localhost/users_spec.rb require 'spec_helper' describe user('deploy') do it { should exist } it { should belong_to_group 'www-data' } it { should belong_to_primary_group 'deploy' } it { should have_uid 1001 } it { should have_home_directory '/home/deploy' } it { should have_login_shell '/bin/bash' } it { should have_authorized_key 'ssh-rsa AAAA...xyz deploy@ci' } end describe user('daemon') do it { should be_system_user } end describe user('root') do its(:uid) { should eq 0 } end ``` -------------------------------- ### Verify SELinux Status Source: https://context7.com/mizzy/serverspec/llms.txt Checks if SELinux is enforcing, permissive, or disabled. Can also verify specific SELinux policies. ```ruby require 'spec_helper' describe selinux do it { should be_enforcing } it { should be_enforcing.with_policy('targeted') } # or: # it { should be_permissive } # it { should be_disabled } end ``` -------------------------------- ### Verify listening ports with Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Confirms that a TCP or UDP port is open and listening, with optional protocol and local address constraints. Supports IPv6 checks. ```ruby # spec/localhost/ports_spec.rb require 'spec_helper' describe port(80) do it { should be_listening } end describe port(443) do it { should be_listening.with('tcp') } end describe port(53) do it { should be_listening.with('udp') } end # Bind to a specific address describe port(8080) do it { should be_listening.on('127.0.0.1').with('tcp') } end # IPv6 describe port(80) do it { should be_listening.with('tcp6') } end ``` -------------------------------- ### Test IIS Application Pools Source: https://github.com/mizzy/serverspec/blob/master/WINDOWS_SUPPORT.md Check for the existence and .NET Framework version of IIS application pools. ```ruby describe iis_app_pool("DefaultAppPool") do it { should exist } it { should have_dotnet_version "2.0" } end ``` -------------------------------- ### Verify system groups with Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Validates a group's existence, GID, and system-group status. ```ruby # spec/localhost/groups_spec.rb require 'spec_helper' describe group('www-data') do it { should exist } it { should have_gid 33 } end describe group('nogroup') do it { should be_system_group } end ``` -------------------------------- ### Verify Cron Entries Source: https://context7.com/mizzy/serverspec/llms.txt Checks if a specific cron entry exists for a given user. Ensure the cron command and username are accurate. ```ruby # spec/localhost/cron_spec.rb require 'spec_helper' describe cron do it { should have_entry('0 2 * * * /usr/bin/backup.sh').with_user('root') } it { should have_entry('@daily /usr/local/bin/rotate-logs').with_user('deploy') } end ``` -------------------------------- ### SSH Backend Configuration for Serverspec Source: https://context7.com/mizzy/serverspec/llms.txt Configures Serverspec to connect to remote hosts via SSH. Reads connection options from ~/.ssh/config and uses the TARGET_HOST environment variable to select the target. ```ruby # spec/spec_helper.rb — SSH backend configuration require 'serverspec' require 'net/ssh' set :backend, :ssh if ENV['ASK_SUDO_PASSWORD'] require 'highline/import' set :sudo_password, ask("Enter sudo password: ") { |q| q.echo = false } else set :sudo_password, ENV['SUDO_PASSWORD'] end host = ENV['TARGET_HOST'] options = Net::SSH::Config.for(host) options[:user] ||= Etc.getlogin set :host, options[:host_name] || host set :ssh_options, options # Run tests against web-server-01: # TARGET_HOST=web-server-01 bundle exec rake spec ``` -------------------------------- ### Commit Changes Source: https://github.com/mizzy/serverspec/blob/master/README.md After making changes, commit them using `git commit -am` with a descriptive message. ```bash git commit -am 'Add some feature' ``` -------------------------------- ### Create a New Feature Branch Source: https://github.com/mizzy/serverspec/blob/master/README.md When contributing to Serverspec, create a new feature branch using `git checkout -b` followed by your branch name. ```bash git checkout -b my-new-feature ``` -------------------------------- ### Verify X.509 Certificate Properties Source: https://context7.com/mizzy/serverspec/llms.txt Inspects X.509 certificate properties such as subject, issuer, validity, key length, and Subject Alternative Names (SANs). Use for validating TLS/SSL certificates. ```ruby # spec/localhost/certificates_spec.rb require 'spec_helper' describe x509_certificate('/etc/ssl/certs/server.crt') do it { should be_certificate } it { should be_valid } its(:subject) { should eq 'CN = example.com, O = Example Inc, C = US' } its(:issuer) { should match(/Let's Encrypt/) its(:keylength) { should be >= 2048 } its(:fingerprint) { should match(/SHA1 Fingerprint=/) } it 'should not expire within 30 days' do expect(subject.validity_in_days).to be > 30 end it 'should have correct SANs' do expect(subject.subject_alt_names).to include('DNS:example.com', 'DNS:www.example.com') end it { should have_purpose('SSL server') } end ``` -------------------------------- ### Verify Routing Table Entries Source: https://context7.com/mizzy/serverspec/llms.txt Confirms the presence of specific network route entries in the system's routing table, including destination and interface or gateway. ```ruby # spec/localhost/routing_spec.rb require 'spec_helper' describe routing_table do it { should have_entry(:destination => '192.168.100.0/24', :interface => 'eth1') } it { should have_entry(:destination => '0.0.0.0/0', :gateway => '10.0.0.1') } end ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.