summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-05-13 13:11:57 +0200
committerGitHub <noreply@github.com>2022-05-13 13:11:57 +0200
commit8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d (patch)
treebf04d8f50795c90a745f1be1aba58cf4af00602e /smoketest
parentd70c2b4493366c02f025f43d2a777b2bef3e1789 (diff)
parent2e81f9e057f598a9a9e5c2d617e3d0818005d850 (diff)
downloadvyos-1x-8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d.tar.gz
vyos-1x-8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d.zip
Merge pull request #1320 from sever-sever/T4408
sshguard: T4408: Add service ssh dynamic-protection
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_service_ssh.py44
1 files changed, 44 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py
index 77ad5bc0d..2e96a7035 100755
--- a/smoketest/scripts/cli/test_service_ssh.py
+++ b/smoketest/scripts/cli/test_service_ssh.py
@@ -213,5 +213,49 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
usernames = [x[0] for x in getpwall()]
self.assertNotIn(test_user, usernames)
+ def test_ssh_dynamic_protection(self):
+ """
+ check sshguard service
+ """
+ SSHGUARD_CONFIG = '/etc/sshguard/sshguard.conf'
+ SSHGUARD_PROCESS = 'sshguard'
+ block_time = '123'
+ detect_time = '1804'
+ port = '22'
+ threshold = '10'
+
+ self.cli_set(base_path + ['dynamic-protection', 'block-time', block_time])
+ self.cli_set(base_path + ['dynamic-protection', 'detect-time', detect_time])
+ self.cli_set(base_path + ['dynamic-protection', 'threshold', threshold])
+
+ # commit changes
+ self.cli_commit()
+
+ # Check configured port
+ tmp = get_config_value('Port')
+ self.assertIn(port, tmp)
+
+ # Check sshgurad service
+ self.assertTrue(process_named_running(SSHGUARD_PROCESS))
+
+ sshguard_lines = [
+ f'THRESHOLD={threshold}',
+ f'BLOCK_TIME={block_time}',
+ f'DETECTION_TIME={detect_time}'
+ ]
+
+ tmp_sshguard_conf = read_file(SSHGUARD_CONFIG)
+
+ for line in sshguard_lines:
+ self.assertIn(line, tmp_sshguard_conf)
+
+ # Delete service ssh dynamic-protection
+ # but not service ssh itself
+ self.cli_delete(base_path + ['dynamic-protection'])
+ self.cli_commit()
+
+ self.assertFalse(process_named_running(SSHGUARD_PROCESS))
+
+
if __name__ == '__main__':
unittest.main(verbosity=2)