| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Sshguard protects hosts from brute-force attacks
Can inspect logs and block "bad" addresses by threshold
Auto-generate rules for nftables
When service stopped all generated rules are deleted
nft "type filter hook input priority filter - 10"
set service ssh dynamic-protection
set service ssh dynamic-protection block-time 120
set service ssh dynamic-protection detect-time 1800
set service ssh dynamic-protection threshold 30
set service ssh dynamic-protection whitelist-address 192.0.2.1
|
|
|
|
|
|
In order to test for proper system authentication and security setup a new
testcase is added which performs an SSH login and command execution with a
predefined user. The result (output of uname -a) must match the output if the
command is run natively.
We also try to login as an invalid user - this is not allowed to work.
|
|
|
|
... minor change to speed-up test time
|
|
Currently every smoketest does the setup and destruction of the configsession
on its own durin setUp(). This creates a lot of overhead and one configsession
should be re-used during execution of every smoketest script.
In addiion a test that failed will leaf the system in an unconsistent state.
For this reason before the test is executed we will save the running config
to /tmp and the will re-load the config after the test has passed, always
ensuring a clean environment for the next test.
|
|
|
|
|
|
|
|
|
|
This is for better readability during testruns
|
|
|
|
Bind sshd to given VRF and check if it really runs in the VRF context.
|
|
|
|
|
|
|
|
vyos-smoketest-integration (T2832)
* 'master' of github.com:vyos/vyos-smoketest: (153 commits)
pppoe-server: test some more values
lcd: adjust to cli changes
lcd: adapt test to new CLI design
pppoe-server: initial smoketest with local and radius auth
pppoe: validate dhcpv6 client will be started
wireless: validate hostapd/wpa_supplicant is running
pppoe: sync to new dhcpv6-pd cli
anyconnect: T2812: add basic testing
ethernet: check interface disable state
router-advert: check 'infinity' option in script logic
ssh: config file is now volatile (moved to /run)
ipv6: link-local: test address assignment on interfaces
router-advert: add initial test
mdns-repeater: add basic test
pseudo-ethernet: extend smoketests with VIFs
l2tpv3: add initial interface test
wireless: use library function for loading kernel modules
ethernet: test "ip" subtree of interface for e.g. ARP settings
pppoe: use assertEqual()
service: bcast-relay: add initial tests
...
|
