add registry_key recipe and spec tests

inspec · Nov 12, 2015 · 24f1bfe · 24f1bfe
1 parent 0a7cb92
commit 24f1bfe
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 0 deletions.
diff --git a/test/integration/cookbooks/os_prepare/recipes/registry_key.rb b/test/integration/cookbooks/os_prepare/recipes/registry_key.rb
@@ -0,0 +1,44 @@
+# encoding: utf-8
+# author: Alex Pop
+#
+# change a few Windows registry keys for testing purposes
+
+# rule 'windows-audit-103'
+# title 'Configure System Event Log (System)'
+registry_key 'HKLM\Software\Policies\Microsoft\Windows\EventLog\System' do
+  values [{ name: 'MaxSize', type: :dword, data: 67_108_864 }]
+  recursive true
+  action :create
+end
+
+# rule 'windows-base-101'
+# title 'Safe DLL Search Mode is Enabled'
+registry_key 'HKLM\System\CurrentControlSet\Control\Session Manager' do
+  values [{ name: 'SafeDllSearchMode', type: :dword, data: 1 }]
+  recursive true
+  action :create
+end
+
+# rule 'windows-base-103'
+# title 'All Shares are Configured to Prevent Anonymous Access'
+registry_key 'HKLM\System\CurrentControlSet\Services\LanManServer\Parameters' do
+  values [{ name: 'NullSessionShares', type: :multi_string, data: [] }]
+  recursive true
+  action :create
+end
+
+# rule 'windows-ie-101'
+# title 'IE 64-bit tab'
+registry_key 'HKLM\Software\Policies\Microsoft\Internet Explorer\Main' do
+  values [{ name: 'Isolation64Bit', type: :dword, data: 1 }]
+  recursive true
+  action :create
+end
+
+# rule 'windows-rdp-101'
+# title 'Strong Encryption for Windows Remote Desktop Required'
+registry_key 'HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' do
+  values [{ name: 'MinEncryptionLevel', type: :dword, data: 3 }]
+  recursive true
+  action :create
+end
diff --git a/test/integration/default/registry_key_spec.rb b/test/integration/default/registry_key_spec.rb
@@ -0,0 +1,38 @@
+# encoding: utf-8
+
+if os[:family] == 'windows'
+  # rule 'windows-audit-103' do
+  # title 'Configure System Event Log (System)'
+  describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
+    it { should exist }
+    its('MaxSize') { should_not eq nil }
+  end
+
+  # rule 'windows-base-101' do
+  # title 'Safe DLL Search Mode is Enabled'
+  describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
+    it { should exist }
+    it { should_not have_property_value('SafeDllSearchMode', :type_dword, '0') }
+  end
+
+  # rule 'windows-base-103'
+  # title 'All Shares are Configured to Prevent Anonymous Access'
+  describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
+    it { should exist }
+    its('NullSessionShares') { should eq nil }
+  end
+
+  # rule 'windows-ie-101'
+  # title 'IE 64-bit tab'
+  describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
+    it { should exist }
+    its('Isolation64Bit') { should eq 1 }
+  end
+
+  # rule 'windows-rdp-101'
+  # title 'Strong Encryption for Windows Remote Desktop Required'
+  describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
+    it { should exist }
+    its('MinEncryptionLevel') { should eq 3 }
+  end
+end