Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
Use vyos.xml_ref.default_value to query XML default values and take them into
account when validating properly applied defaults in individual smoketests
instead of using hardcoded values like 443 for https port.
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
|
|
|
|
|
|
Sshguard protects hosts from brute-force attacks
Can inspect logs and block "bad" addresses by threshold
Auto-generate rules for nftables
When service stopped all generated rules are deleted
nft "type filter hook input priority filter - 10"
set service ssh dynamic-protection
set service ssh dynamic-protection block-time 120
set service ssh dynamic-protection detect-time 1800
set service ssh dynamic-protection threshold 30
set service ssh dynamic-protection whitelist-address 192.0.2.1
|
|
|
|
|
|
In order to test for proper system authentication and security setup a new
testcase is added which performs an SSH login and command execution with a
predefined user. The result (output of uname -a) must match the output if the
command is run natively.
We also try to login as an invalid user - this is not allowed to work.
|
|
|
|
... minor change to speed-up test time
|
|
Currently every smoketest does the setup and destruction of the configsession
on its own durin setUp(). This creates a lot of overhead and one configsession
should be re-used during execution of every smoketest script.
In addiion a test that failed will leaf the system in an unconsistent state.
For this reason before the test is executed we will save the running config
to /tmp and the will re-load the config after the test has passed, always
ensuring a clean environment for the next test.
|
|
|
|
|
|
|
|
|
|
This is for better readability during testruns
|
|
|
|
Bind sshd to given VRF and check if it really runs in the VRF context.
|
|
|
|
|
|
|
|
vyos-smoketest-integration (T2832)
* 'master' of github.com:vyos/vyos-smoketest: (153 commits)
pppoe-server: test some more values
lcd: adjust to cli changes
lcd: adapt test to new CLI design
pppoe-server: initial smoketest with local and radius auth
pppoe: validate dhcpv6 client will be started
wireless: validate hostapd/wpa_supplicant is running
pppoe: sync to new dhcpv6-pd cli
anyconnect: T2812: add basic testing
ethernet: check interface disable state
router-advert: check 'infinity' option in script logic
ssh: config file is now volatile (moved to /run)
ipv6: link-local: test address assignment on interfaces
router-advert: add initial test
mdns-repeater: add basic test
pseudo-ethernet: extend smoketests with VIFs
l2tpv3: add initial interface test
wireless: use library function for loading kernel modules
ethernet: test "ip" subtree of interface for e.g. ARP settings
pppoe: use assertEqual()
service: bcast-relay: add initial tests
...
|