Adds config tests for iptables-persistent package

freedomofpress · Feb 11, 2021 · da2ae7c · da2ae7c
1 parent 47853d6
commit da2ae7c
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/molecule/testinfra/common/test_system_hardening.py b/molecule/testinfra/common/test_system_hardening.py
@@ -149,3 +149,14 @@ def test_no_ecrypt_messages_in_logs(host, logfile):
 def test_unused_packages_are_removed(host, package):
     """ Check if unused package is present """
     assert host.package(package).is_installed is False
+
+
+def test_iptables_packages(host):
+    """
+    Focal hosts should use iptables-persistent for enforcing
+    firewall config across reboots.
+    """
+    if host.system_info.codename == "focal":
+        assert host.package("iptables-persistent").is_installed
+    else
+        assert not host.package("iptables-persistent").is_installed