diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-05-13 18:43:58 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-05-13 18:43:58 +0200 |
commit | f105efc658b96a12eb4ecc12e245ecd67a6468e1 (patch) | |
tree | d5b327714ee894c7e0f4ce110991fda34e94ef28 /smoketest/scripts/cli | |
parent | 37a08888d103556326ecd13e4738301ac901c861 (diff) | |
download | vyos-1x-f105efc658b96a12eb4ecc12e245ecd67a6468e1.tar.gz vyos-1x-f105efc658b96a12eb4ecc12e245ecd67a6468e1.zip |
smoketest: add sshguard allow-from case
Diffstat (limited to 'smoketest/scripts/cli')
-rwxr-xr-x | smoketest/scripts/cli/test_service_ssh.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index 2e96a7035..0b029dd00 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -214,19 +214,22 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): self.assertNotIn(test_user, usernames) def test_ssh_dynamic_protection(self): - """ - check sshguard service - """ + # check sshguard service + SSHGUARD_CONFIG = '/etc/sshguard/sshguard.conf' + SSHGUARD_WHITELIST = '/etc/sshguard/whitelist' SSHGUARD_PROCESS = 'sshguard' block_time = '123' detect_time = '1804' port = '22' threshold = '10' + allow_list = ['192.0.2.0/24', '2001:db8::/48'] self.cli_set(base_path + ['dynamic-protection', 'block-time', block_time]) self.cli_set(base_path + ['dynamic-protection', 'detect-time', detect_time]) self.cli_set(base_path + ['dynamic-protection', 'threshold', threshold]) + for allow in allow_list: + self.cli_set(base_path + ['dynamic-protection', 'allow-from', allow]) # commit changes self.cli_commit() @@ -245,10 +248,13 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): ] tmp_sshguard_conf = read_file(SSHGUARD_CONFIG) - for line in sshguard_lines: self.assertIn(line, tmp_sshguard_conf) + tmp_whitelist_conf = read_file(SSHGUARD_WHITELIST) + for allow in allow_list: + self.assertIn(allow, tmp_whitelist_conf) + # Delete service ssh dynamic-protection # but not service ssh itself self.cli_delete(base_path + ['dynamic-protection']) @@ -256,6 +262,5 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): self.assertFalse(process_named_running(SSHGUARD_PROCESS)) - if __name__ == '__main__': unittest.main(verbosity=2) |