summaryrefslogtreecommitdiff
path: root/testing/tests/tnc/tnccs-20-nea-pt-tls
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/tnc/tnccs-20-nea-pt-tls')
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat4
4 files changed, 11 insertions, 14 deletions
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
index 198b2bde3..7850e2e74 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
@@ -10,7 +10,7 @@ alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -21,5 +21,5 @@ alice::cat /var/log/daemon.log::received software ID inventory with ... items fo
alice::cat /var/log/daemon.log::1 SWID tag target::YES
alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
index 1148b945a..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -32,7 +29,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swima {
@@ -44,6 +41,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
index d8ac3ab41..c895148f2 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 16:55:16 +0000