From ce32c6333a88d94cb9317fca2479ba2f7dd50e31 Mon Sep 17 00:00:00 2001 From: Victor Holanda Date: Fri, 21 Jul 2023 11:46:45 +0200 Subject: [PATCH 1/3] Add ssh_audit test to hpctestlist The test downloads the ssh-audit tool from GitHub and checks if there is any configuration that is considered as a failure. The test is compatible with all the job schedulers. Because it only checks the localhost, where the test script runs. So, it becomes the responsibility of ReFrame to spawn the test script in the desired systems. --- hpctestlib/system/ssh/ssh_audit.py | 33 ++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 hpctestlib/system/ssh/ssh_audit.py diff --git a/hpctestlib/system/ssh/ssh_audit.py b/hpctestlib/system/ssh/ssh_audit.py new file mode 100644 index 0000000000..1833aff6e2 --- /dev/null +++ b/hpctestlib/system/ssh/ssh_audit.py @@ -0,0 +1,33 @@ +# Copyright 2016-2023 Swiss National Supercomputing Centre (CSCS/ETH Zurich) +# ReFrame Project Developers. See the top-level LICENSE file for details. +# +# SPDX-License-Identifier: BSD-3-Clause + +import reframe as rfm +import reframe.utility as util +import reframe.utility.sanity as sn + + +@rfm.simple_test +class ssh_audit_check(rfm.RunOnlyRegressionTest): + '''ssh audit config test. + + `ssh-audit is a tool for ssh server & client configuration auditing. + + The check consist on performing the basic ssh server config auditing + using the master version of https://github.com/jtesta/ssh-audit. + ''' + + executable = './ssh-audit.py' + executable_opts = ['-n', '-l', 'fail', 'localhost'] + sourcesdir = 'https://github.com/jtesta/ssh-audit' + tags = {'system', 'ssh'} + + @sanity_function + def assert_no_fails_are_found(self): + '''Assert that no fails are reported by the tool.''' + + return sn.assert_not_found( + r'\S+\s+--\s+\[fail\]', self.stdout, + msg=(f"found ssh config failures") + ) From e05b2d999b62452134c0f618ed75e59faca02a51 Mon Sep 17 00:00:00 2001 From: Victor Holanda Date: Fri, 21 Jul 2023 12:58:55 +0200 Subject: [PATCH 2/3] Address linter remarks --- hpctestlib/system/ssh/ssh_audit.py | 1 - 1 file changed, 1 deletion(-) diff --git a/hpctestlib/system/ssh/ssh_audit.py b/hpctestlib/system/ssh/ssh_audit.py index 1833aff6e2..bafbe6adcb 100644 --- a/hpctestlib/system/ssh/ssh_audit.py +++ b/hpctestlib/system/ssh/ssh_audit.py @@ -4,7 +4,6 @@ # SPDX-License-Identifier: BSD-3-Clause import reframe as rfm -import reframe.utility as util import reframe.utility.sanity as sn From 0caf47a40ea4b1cb0b76607c9fafb2b3edde1d19 Mon Sep 17 00:00:00 2001 From: Victor Holanda Date: Tue, 25 Jul 2023 14:28:49 +0200 Subject: [PATCH 3/3] Address the PR remarks --- hpctestlib/system/ssh/ssh_audit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hpctestlib/system/ssh/ssh_audit.py b/hpctestlib/system/ssh/ssh_audit.py index bafbe6adcb..ee429c6213 100644 --- a/hpctestlib/system/ssh/ssh_audit.py +++ b/hpctestlib/system/ssh/ssh_audit.py @@ -11,7 +11,7 @@ class ssh_audit_check(rfm.RunOnlyRegressionTest): '''ssh audit config test. - `ssh-audit is a tool for ssh server & client configuration auditing. + ssh-audit is a tool for ssh server & client configuration auditing. The check consist on performing the basic ssh server config auditing using the master version of https://github.com/jtesta/ssh-audit.