diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-05-13 13:11:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-13 13:11:57 +0200 |
commit | 8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d (patch) | |
tree | bf04d8f50795c90a745f1be1aba58cf4af00602e /smoketest/scripts | |
parent | d70c2b4493366c02f025f43d2a777b2bef3e1789 (diff) | |
parent | 2e81f9e057f598a9a9e5c2d617e3d0818005d850 (diff) | |
download | vyos-1x-8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d.tar.gz vyos-1x-8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d.zip |
Merge pull request #1320 from sever-sever/T4408
sshguard: T4408: Add service ssh dynamic-protection
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-x | smoketest/scripts/cli/test_service_ssh.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index 77ad5bc0d..2e96a7035 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -213,5 +213,49 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): usernames = [x[0] for x in getpwall()] self.assertNotIn(test_user, usernames) + def test_ssh_dynamic_protection(self): + """ + check sshguard service + """ + SSHGUARD_CONFIG = '/etc/sshguard/sshguard.conf' + SSHGUARD_PROCESS = 'sshguard' + block_time = '123' + detect_time = '1804' + port = '22' + threshold = '10' + + self.cli_set(base_path + ['dynamic-protection', 'block-time', block_time]) + self.cli_set(base_path + ['dynamic-protection', 'detect-time', detect_time]) + self.cli_set(base_path + ['dynamic-protection', 'threshold', threshold]) + + # commit changes + self.cli_commit() + + # Check configured port + tmp = get_config_value('Port') + self.assertIn(port, tmp) + + # Check sshgurad service + self.assertTrue(process_named_running(SSHGUARD_PROCESS)) + + sshguard_lines = [ + f'THRESHOLD={threshold}', + f'BLOCK_TIME={block_time}', + f'DETECTION_TIME={detect_time}' + ] + + tmp_sshguard_conf = read_file(SSHGUARD_CONFIG) + + for line in sshguard_lines: + self.assertIn(line, tmp_sshguard_conf) + + # Delete service ssh dynamic-protection + # but not service ssh itself + self.cli_delete(base_path + ['dynamic-protection']) + self.cli_commit() + + self.assertFalse(process_named_running(SSHGUARD_PROCESS)) + + if __name__ == '__main__': unittest.main(verbosity=2) |