
287 lines
8.9 KiB
Raw Normal View History

2018-03-05 15:29:08 +01:00
#!/usr/bin/env bats
load test_helper
2018-03-05 15:29:08 +01:00
setup() {
2020-04-02 13:32:14 +02:00
. /usr/lib/bkctld/includes
2020-04-02 14:51:09 +02:00
rm -f /root/bkctld.key*
ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
grep -qE "^BACKUP_DISK=" /etc/default/bkctld || echo "BACKUP_DISK=/dev/vdb" >> /etc/default/bkctld
2019-01-08 11:01:17 +01:00
JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
2020-04-02 13:32:14 +02:00
PORT=$(awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
INC_NAME=$(date +"%Y-%m-%d-%H")
2020-04-02 14:51:09 +02:00
inode=$(stat --format=%i /backup)
/usr/lib/bkctld/bkctld-init "${JAILNAME}"
2018-03-28 15:11:49 +02:00
teardown() {
2020-04-02 13:32:14 +02:00
/usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
2018-03-28 15:11:49 +02:00
@test "init-filesystem" {
2019-01-08 11:01:17 +01:00
inode=$(stat --format=%i /backup)
2018-03-28 15:11:49 +02:00
if [ "${inode}" -eq 256 ]; then
# On a btrfs filesystem, the jail should be a btrfs volume
2020-04-02 13:32:14 +02:00
run stat --format=%i "${JAILPATH}"
2018-03-28 15:11:49 +02:00
[ "${output}" -eq 256 ]
# On an ext4 filesystem, the jail should be a regular directory
2020-04-02 13:32:14 +02:00
run test -d "${JAILPATH}"
2018-03-28 15:11:49 +02:00
[ "${status}" -eq 0 ]
2020-04-02 18:28:15 +02:00
@test "init-incs-policy" {
# An incs_policy file should exist
2020-04-02 18:28:15 +02:00
run test -e "${CONFDIR}/${JAILNAME}.d/incs_policy"
[ "${status}" -eq 0 ]
2018-03-28 15:11:49 +02:00
@test "start" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
2020-04-02 13:32:14 +02:00
pid=$(cat "${JAILPATH}/${SSHD_PID}")
# A started jail should have an SSH pid file
2018-03-28 15:11:49 +02:00
run ps --pid "${pid}"
2018-03-28 15:11:49 +02:00
@test "stop" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
2020-04-02 13:32:14 +02:00
pid=$(cat "${JAILPATH}/${SSHD_PID}")
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not have an SSH pid file
2018-03-28 15:11:49 +02:00
run ps --pid "${pid}"
2018-03-28 15:11:49 +02:00
@test "reload" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-reload "${JAILNAME}"
# A reloaded jail should mention the restart in the authlog
2020-04-02 13:32:14 +02:00
run grep "Received SIGHUP; restarting." "${JAILPATH}/var/log/authlog"
2018-03-28 15:11:49 +02:00
@test "restart" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
pid_before=$(cat "${JAILPATH}/${SSHD_PID}")
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-restart "${JAILNAME}"
pid_after=$(cat "${JAILPATH}/${SSHD_PID}")
2020-04-02 14:51:09 +02:00
# A restarted jail should have a different pid
refute_equal "${pid_before}" "${pid_after}"
2018-03-05 15:29:08 +01:00
2018-03-28 15:11:49 +02:00
@test "status" {
2019-01-08 11:01:17 +01:00
run /usr/lib/bkctld/bkctld-status "${JAILNAME}"
2018-03-28 15:11:49 +02:00
@test "is-on" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
# A started jail should report to be ON
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
2020-04-02 14:51:09 +02:00
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not report to be ON
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
@test "key-absent" {
2020-04-02 13:32:14 +02:00
run cat "${JAILPATH}/root/.ssh/authorized_keys"
assert_equal "$output" ""
@test "key-present" {
/usr/lib/bkctld/bkctld-key "${JAILNAME}" "${keyfile}"
# The key should be present in the SSH authorized_keys file
run cat "${JAILPATH}/root/.ssh/authorized_keys"
assert_equal "$output" "$(cat ${keyfile})"
2018-03-05 15:29:08 +01:00
2018-03-05 16:15:35 +01:00
@test "port" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
2020-04-02 13:32:14 +02:00
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
# A jail should be accessible on the specified SSH port
2020-04-02 14:51:09 +02:00
run nc -vz "${PORT}"
@test "ip-none" {
# A jail has no IP restriction by default in SSH config
run grep "root@" "${JAILPATH}/etc/ssh/sshd_config"
@test "ip-single" {
# When an IP is added for a jail
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" ""
# An IP restriction should be present in SSH config
run grep "root@" "${JAILPATH}/etc/ssh/sshd_config"
@test "ip-multiple" {
# When multiple IP are added for a jail
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" ""
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" ""
# The corresponding IP restrictions should be present in SSH config
run grep -E -o "root@10.0.0.[0-9]+" "${JAILPATH}/etc/ssh/sshd_config"
assert_line "root@"
assert_line "root@"
@test "ip-remove" {
# Add an IP
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" ""
# Remove IP
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" ""
# All IP restrictions should be removed from SSH config
run grep "root@" "${JAILPATH}/etc/ssh/sshd_config"
2018-03-05 16:15:35 +01:00
2018-03-28 15:11:49 +02:00
@test "inc" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
2019-01-08 11:01:17 +01:00
2020-04-02 14:51:09 +02:00
2018-03-28 15:11:49 +02:00
if [ "${inode}" -eq 256 ]; then
# On a btrfs filesystem, the inc should be a btrfs volume
2020-04-02 14:51:09 +02:00
run stat --format=%i "${INCSPATH}/${INC_NAME}"
assert_success 256
2018-03-28 15:11:49 +02:00
# On an ext4 filesystem, the inc should be a regular directory
2020-04-02 14:51:09 +02:00
run test -d "${INCSPATH}/${INC_NAME}"
2018-03-28 15:11:49 +02:00
2018-03-05 16:15:35 +01:00
@test "ssh" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
2020-04-02 13:32:14 +02:00
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
2020-04-02 14:51:09 +02:00
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
# A started jail should be accessible via SSH
run ssh ${ssh_options} root@ ls
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not be accessible via SSH
run ssh ${ssh_options} root@ ls
2018-03-05 15:29:08 +01:00
@test "rsync" {
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
2020-04-02 13:32:14 +02:00
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
2019-01-08 11:01:17 +01:00
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
2020-04-02 14:51:09 +02:00
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
# A started jail should be accessible via Rsync
run rsync -a -e "ssh ${ssh_options}" /tmp/ root@
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not be accessible via Rsync
run rsync -a -e "${ssh_options}" /tmp/ root@
2018-03-05 16:15:35 +01:00
2019-01-08 11:01:17 +01:00
@test "check-default-ok" {
touch "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a freshly connected jail should be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "0"
2020-04-02 14:51:09 +02:00
@test "check-default-warning" {
lastlog_date=$(date -d -2days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a 2 days old jail should be "warning"
2019-01-08 11:01:17 +01:00
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "1"
2019-01-08 11:01:17 +01:00
@test "check-default-critical" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a 3 days old jail should be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "2"
@test "check-custom-ok" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
2020-04-02 14:51:09 +02:00
echo "CRITICAL=120" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
echo "WARNING=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (5 days critical, 4 days warning),
# a 3 days old jail should be "ok"
2019-01-08 11:01:17 +01:00
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "0"
2019-01-08 11:01:17 +01:00
@test "check-custom-warning" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "CRITICAL=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
echo "WARNING=48" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (4 days critical, 3 days warning),
# a 3 days old jail should be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "1"
@test "check-custom-critical" {
lastlog_date=$(date -d -10days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "CRITICAL=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
echo "WARNING=48" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (4 days critical, 3 days warning),
# a 10 days old jail should be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "2"
@test "check-disabled-warning" {
lastlog_date=$(date -d -2days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "WARNING=0" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (warning disabled, default critical),
# a 2 days old jail should still be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "0"
@test "check-disabled-critical" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
2020-04-02 14:51:09 +02:00
echo "CRITICAL=0" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (critical disabled, default warning),
# a 3 days old jail should only be "warning"
2019-01-08 11:01:17 +01:00
run /usr/lib/bkctld/bkctld-check
assert [ "$status" = "1" ]
2019-01-08 11:01:17 +01:00