summaryrefslogtreecommitdiff
path: root/smoketest/scripts
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-05-13 18:43:58 +0200
committerChristian Poessinger <christian@poessinger.com>2022-05-13 18:43:58 +0200
commitf105efc658b96a12eb4ecc12e245ecd67a6468e1 (patch)
treed5b327714ee894c7e0f4ce110991fda34e94ef28 /smoketest/scripts
parent37a08888d103556326ecd13e4738301ac901c861 (diff)
downloadvyos-1x-f105efc658b96a12eb4ecc12e245ecd67a6468e1.tar.gz
vyos-1x-f105efc658b96a12eb4ecc12e245ecd67a6468e1.zip
smoketest: add sshguard allow-from case
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-xsmoketest/scripts/cli/test_service_ssh.py15
1 files changed, 10 insertions, 5 deletions
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py
index 2e96a7035..0b029dd00 100755
--- a/smoketest/scripts/cli/test_service_ssh.py
+++ b/smoketest/scripts/cli/test_service_ssh.py
@@ -214,19 +214,22 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
self.assertNotIn(test_user, usernames)
def test_ssh_dynamic_protection(self):
- """
- check sshguard service
- """
+ # check sshguard service
+
SSHGUARD_CONFIG = '/etc/sshguard/sshguard.conf'
+ SSHGUARD_WHITELIST = '/etc/sshguard/whitelist'
SSHGUARD_PROCESS = 'sshguard'
block_time = '123'
detect_time = '1804'
port = '22'
threshold = '10'
+ allow_list = ['192.0.2.0/24', '2001:db8::/48']
self.cli_set(base_path + ['dynamic-protection', 'block-time', block_time])
self.cli_set(base_path + ['dynamic-protection', 'detect-time', detect_time])
self.cli_set(base_path + ['dynamic-protection', 'threshold', threshold])
+ for allow in allow_list:
+ self.cli_set(base_path + ['dynamic-protection', 'allow-from', allow])
# commit changes
self.cli_commit()
@@ -245,10 +248,13 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
]
tmp_sshguard_conf = read_file(SSHGUARD_CONFIG)
-
for line in sshguard_lines:
self.assertIn(line, tmp_sshguard_conf)
+ tmp_whitelist_conf = read_file(SSHGUARD_WHITELIST)
+ for allow in allow_list:
+ self.assertIn(allow, tmp_whitelist_conf)
+
# Delete service ssh dynamic-protection
# but not service ssh itself
self.cli_delete(base_path + ['dynamic-protection'])
@@ -256,6 +262,5 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
self.assertFalse(process_named_running(SSHGUARD_PROCESS))
-
if __name__ == '__main__':
unittest.main(verbosity=2)