Split tests in a few files and add many tests for incs and checks
This commit is contained in:
parent
d29743357a
commit
5937a2d7aa
136
test/checks.bats
Normal file
136
test/checks.bats
Normal file
|
@ -0,0 +1,136 @@
|
||||||
|
#!/usr/bin/env bats
|
||||||
|
|
||||||
|
load test_helper
|
||||||
|
|
||||||
|
@test "Check OK for default values" {
|
||||||
|
touch "${JAILPATH}/var/log/lastlog"
|
||||||
|
# With default values (2 days critical, 1 day warning),
|
||||||
|
# a freshly connected jail should be "ok"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "0" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check WARNING for default values" {
|
||||||
|
lastlog_date=$(date -d -2days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
# With default values (2 days critical, 1 day warning),
|
||||||
|
# a 2 days old jail should be "warning"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "1" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check CRITICAL for default values" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
# With default values (2 days critical, 1 day warning),
|
||||||
|
# a 3 days old jail should be "critical"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "2" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check OK for custom values" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
CRITICAL=120
|
||||||
|
WARNING=96
|
||||||
|
OUT
|
||||||
|
# With custom values (5 days critical, 4 days warning),
|
||||||
|
# a 3 days old jail should be "ok"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "0" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check WARNING for custom values" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
CRITICAL=96
|
||||||
|
WARNING=48
|
||||||
|
OUT
|
||||||
|
# With custom values (4 days critical, 3 days warning),
|
||||||
|
# a 3 days old jail should be "warning"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "1" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check CRITICAL for custom values" {
|
||||||
|
lastlog_date=$(date -d -10days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
CRITICAL=96
|
||||||
|
WARNING=48
|
||||||
|
OUT
|
||||||
|
# With custom values (4 days critical, 3 days warning),
|
||||||
|
# a 10 days old jail should be "critical"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "2" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check OK for disabled WARNING" {
|
||||||
|
lastlog_date=$(date -d -2days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
WARNING=0
|
||||||
|
OUT
|
||||||
|
# With custom values (warning disabled, default critical),
|
||||||
|
# a 2 days old jail should still be "ok"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "0" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Check WARNING for disabled CRITICAL" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
CRITICAL=0
|
||||||
|
OUT
|
||||||
|
# With custom values (critical disabled, default warning),
|
||||||
|
# a 3 days old jail should only be "warning"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "1" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Custom values are parsed with only integers after equal" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
CRITICAL=0 # foo
|
||||||
|
OUT
|
||||||
|
# With custom values (critical disabled, default warning),
|
||||||
|
# a 3 days old jail should only be "warning"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "1" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Commented custom values are ignored" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
# CRITICAL=0
|
||||||
|
OUT
|
||||||
|
# With commented custom values (critical disabled),
|
||||||
|
# a 3 days old jail should still be "critical"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "2" "$status"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Invalid custom values are ignored" {
|
||||||
|
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
||||||
|
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
||||||
|
|
||||||
|
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
|
||||||
|
CRITICAL=foo
|
||||||
|
OUT
|
||||||
|
# With commented custom values (critical disabled),
|
||||||
|
# a 3 days old jail should still be "critical"
|
||||||
|
run /usr/lib/bkctld/bkctld-check
|
||||||
|
assert_equal "2" "$status"
|
||||||
|
}
|
92
test/connectivity.bats
Normal file
92
test/connectivity.bats
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
#!/usr/bin/env bats
|
||||||
|
|
||||||
|
load test_helper
|
||||||
|
|
||||||
|
@test "Without SSH key" {
|
||||||
|
run cat "${JAILPATH}/root/.ssh/authorized_keys"
|
||||||
|
assert_equal "$output" ""
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "With SSH key" {
|
||||||
|
keyfile=/root/bkctld.key.pub
|
||||||
|
/usr/lib/bkctld/bkctld-key "${JAILNAME}" "${keyfile}"
|
||||||
|
# The key should be present in the SSH authorized_keys file
|
||||||
|
run cat "${JAILPATH}/root/.ssh/authorized_keys"
|
||||||
|
assert_equal "$output" "$(cat ${keyfile})"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Custom port" {
|
||||||
|
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||||
|
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
||||||
|
# A jail should be accessible on the specified SSH port
|
||||||
|
run nc -vz 127.0.0.1 "${PORT}"
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "No IP restriction" {
|
||||||
|
# A jail has no IP restriction by default in SSH config
|
||||||
|
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Single IP restriction" {
|
||||||
|
# When an IP is added for a jail
|
||||||
|
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
||||||
|
# An IP restriction should be present in SSH config
|
||||||
|
run grep "root@10.0.0.1" "${JAILPATH}/etc/ssh/sshd_config"
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Multiple IP restrictions" {
|
||||||
|
# When multiple IP are added for a jail
|
||||||
|
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
||||||
|
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.2"
|
||||||
|
# The corresponding IP restrictions should be present in SSH config
|
||||||
|
run grep -E -o "root@10.0.0.[0-9]+" "${JAILPATH}/etc/ssh/sshd_config"
|
||||||
|
|
||||||
|
assert_line "root@10.0.0.1"
|
||||||
|
assert_line "root@10.0.0.2"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Removing IP restriction" {
|
||||||
|
# Add an IP
|
||||||
|
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
||||||
|
# Remove IP
|
||||||
|
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "0.0.0.0/0"
|
||||||
|
# All IP restrictions should be removed from SSH config
|
||||||
|
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "SSH connectivity" {
|
||||||
|
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||||
|
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
||||||
|
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
|
||||||
|
|
||||||
|
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
|
||||||
|
|
||||||
|
# A started jail should be accessible via SSH
|
||||||
|
run ssh ${ssh_options} root@127.0.0.1 ls
|
||||||
|
assert_success
|
||||||
|
|
||||||
|
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
|
||||||
|
# A stopped jail should not be accessible via SSH
|
||||||
|
run ssh ${ssh_options} root@127.0.0.1 ls
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Rsync connectivity" {
|
||||||
|
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||||
|
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
||||||
|
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
|
||||||
|
|
||||||
|
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
|
||||||
|
# A started jail should be accessible via Rsync
|
||||||
|
run rsync -a -e "ssh ${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
|
||||||
|
assert_success
|
||||||
|
|
||||||
|
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
|
||||||
|
# A stopped jail should not be accessible via Rsync
|
||||||
|
run rsync -a -e "${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
|
||||||
|
assert_failure
|
||||||
|
}
|
101
test/incs.bats
Normal file
101
test/incs.bats
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
#!/usr/bin/env bats
|
||||||
|
|
||||||
|
load test_helper
|
||||||
|
|
||||||
|
|
||||||
|
@test "Inc policy after jail init" {
|
||||||
|
# An incs_policy file should exist
|
||||||
|
run test -e "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
||||||
|
[ "${status}" -eq 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Normal inc creation" {
|
||||||
|
/usr/lib/bkctld/bkctld-inc
|
||||||
|
|
||||||
|
if is_btrfs "/backup"; then
|
||||||
|
# On a btrfs filesystem, the inc should be a btrfs volume
|
||||||
|
run is_btrfs "${INCSPATH}/${INC_NAME}"
|
||||||
|
assert_success
|
||||||
|
else
|
||||||
|
# On an ext4 filesystem, the inc should be a regular directory
|
||||||
|
run test -d "${INCSPATH}/${INC_NAME}"
|
||||||
|
assert_success
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Normal inc creation (with old incs policy)" {
|
||||||
|
mv "${CONFDIR}/${JAILNAME}.d/incs_policy" "${CONFDIR}/${JAILNAME}"
|
||||||
|
|
||||||
|
/usr/lib/bkctld/bkctld-inc
|
||||||
|
|
||||||
|
if is_btrfs "/backup"; then
|
||||||
|
# On a btrfs filesystem, the inc should be a btrfs volume
|
||||||
|
run is_btrfs "${INCSPATH}/${INC_NAME}"
|
||||||
|
assert_success
|
||||||
|
else
|
||||||
|
# On an ext4 filesystem, the inc should be a regular directory
|
||||||
|
run test -d "${INCSPATH}/${INC_NAME}"
|
||||||
|
assert_success
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "No inc creation without inc policy" {
|
||||||
|
# Remove inc_policy
|
||||||
|
rm -f "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
||||||
|
# … and old file
|
||||||
|
rm -f "${CONFDIR}/${JAILNAME}"
|
||||||
|
|
||||||
|
/usr/lib/bkctld/bkctld-inc
|
||||||
|
|
||||||
|
run test -d "${INCSPATH}/${INC_NAME}"
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "No inc creation with LOCK" {
|
||||||
|
run rm -rf "${INCSPATH}"
|
||||||
|
assert_success
|
||||||
|
|
||||||
|
touch "/run/lock/bkctld/inc-${JAILNAME}-${INC_NAME}.lock"
|
||||||
|
|
||||||
|
/usr/lib/bkctld/bkctld-inc
|
||||||
|
|
||||||
|
run test -d "${INCSPATH}/${INC_NAME}"
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Recent inc is kept after 'rm'" {
|
||||||
|
# Setup simple incs policy
|
||||||
|
echo "+%Y-%m-%d.-0day" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
||||||
|
|
||||||
|
# Prepare an inc older than the policy
|
||||||
|
recent_inc_path="${INCSPATH}/${INC_NAME}"
|
||||||
|
|
||||||
|
# Create the inc, then run 'rm'
|
||||||
|
/usr/lib/bkctld/bkctld-inc
|
||||||
|
/usr/lib/bkctld/bkctld-rm
|
||||||
|
|
||||||
|
# Recent inc should be present
|
||||||
|
run test -d "${recent_inc_path}"
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Older inc is removed by 'rm'" {
|
||||||
|
# Setup simple incs policy
|
||||||
|
echo "+%Y-%m-%d.-0day" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
||||||
|
|
||||||
|
# Prepare an inc older than the policy
|
||||||
|
recent_inc_path="${INCSPATH}/${INC_NAME}"
|
||||||
|
older_inc_name=$(date -d -1days +"%Y-%m-%d-%H")
|
||||||
|
older_inc_path="${INCSPATH}/${older_inc_name}"
|
||||||
|
|
||||||
|
# Create the inc, rename it to make it older, then run 'rm'
|
||||||
|
/usr/lib/bkctld/bkctld-inc
|
||||||
|
mv "${recent_inc_path}" "${older_inc_path}"
|
||||||
|
/usr/lib/bkctld/bkctld-rm
|
||||||
|
|
||||||
|
# Older inc should be removed
|
||||||
|
run test -d "${older_inc_path}"
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
# TODO: add many tests for incs (creation and removal)
|
217
test/main.bats
217
test/main.bats
|
@ -2,29 +2,6 @@
|
||||||
|
|
||||||
load test_helper
|
load test_helper
|
||||||
|
|
||||||
setup() {
|
|
||||||
. /usr/lib/bkctld/includes
|
|
||||||
|
|
||||||
rm -f /root/bkctld.key*
|
|
||||||
ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
|
|
||||||
|
|
||||||
grep -qE "^BACKUP_DISK=" /etc/default/bkctld || echo "BACKUP_DISK=/dev/vdb" >> /etc/default/bkctld
|
|
||||||
|
|
||||||
JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
|
|
||||||
JAILPATH="/backup/jails/${JAILNAME}"
|
|
||||||
INCSPATH="/backup/incs/${JAILNAME}"
|
|
||||||
PORT=$(awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
|
|
||||||
INC_NAME=$(date +"%Y-%m-%d-%H")
|
|
||||||
|
|
||||||
inode=$(stat --format=%i /backup)
|
|
||||||
|
|
||||||
/usr/lib/bkctld/bkctld-init "${JAILNAME}"
|
|
||||||
}
|
|
||||||
|
|
||||||
teardown() {
|
|
||||||
/usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "init-filesystem" {
|
@test "init-filesystem" {
|
||||||
inode=$(stat --format=%i /backup)
|
inode=$(stat --format=%i /backup)
|
||||||
if [ "${inode}" -eq 256 ]; then
|
if [ "${inode}" -eq 256 ]; then
|
||||||
|
@ -38,12 +15,6 @@ teardown() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "init-incs-policy" {
|
|
||||||
# An incs_policy file should exist
|
|
||||||
run test -e "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
|
||||||
[ "${status}" -eq 0 ]
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "start" {
|
@test "start" {
|
||||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||||
pid=$(cat "${JAILPATH}/${SSHD_PID}")
|
pid=$(cat "${JAILPATH}/${SSHD_PID}")
|
||||||
|
@ -96,191 +67,3 @@ teardown() {
|
||||||
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
|
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
|
||||||
assert_failure
|
assert_failure
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "key-absent" {
|
|
||||||
run cat "${JAILPATH}/root/.ssh/authorized_keys"
|
|
||||||
assert_equal "$output" ""
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "key-present" {
|
|
||||||
keyfile=/root/bkctld.key.pub
|
|
||||||
/usr/lib/bkctld/bkctld-key "${JAILNAME}" "${keyfile}"
|
|
||||||
# The key should be present in the SSH authorized_keys file
|
|
||||||
run cat "${JAILPATH}/root/.ssh/authorized_keys"
|
|
||||||
assert_equal "$output" "$(cat ${keyfile})"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "port" {
|
|
||||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
|
||||||
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
|
||||||
# A jail should be accessible on the specified SSH port
|
|
||||||
run nc -vz 127.0.0.1 "${PORT}"
|
|
||||||
assert_success
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "ip-none" {
|
|
||||||
# A jail has no IP restriction by default in SSH config
|
|
||||||
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
|
|
||||||
assert_success
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "ip-single" {
|
|
||||||
# When an IP is added for a jail
|
|
||||||
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
|
||||||
# An IP restriction should be present in SSH config
|
|
||||||
run grep "root@10.0.0.1" "${JAILPATH}/etc/ssh/sshd_config"
|
|
||||||
assert_success
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "ip-multiple" {
|
|
||||||
# When multiple IP are added for a jail
|
|
||||||
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
|
||||||
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.2"
|
|
||||||
# The corresponding IP restrictions should be present in SSH config
|
|
||||||
run grep -E -o "root@10.0.0.[0-9]+" "${JAILPATH}/etc/ssh/sshd_config"
|
|
||||||
|
|
||||||
assert_line "root@10.0.0.1"
|
|
||||||
assert_line "root@10.0.0.2"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "ip-remove" {
|
|
||||||
# Add an IP
|
|
||||||
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
|
||||||
# Remove IP
|
|
||||||
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "0.0.0.0/0"
|
|
||||||
# All IP restrictions should be removed from SSH config
|
|
||||||
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
|
|
||||||
assert_success
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "inc" {
|
|
||||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
|
||||||
/usr/lib/bkctld/bkctld-inc
|
|
||||||
|
|
||||||
if [ "${inode}" -eq 256 ]; then
|
|
||||||
# On a btrfs filesystem, the inc should be a btrfs volume
|
|
||||||
run stat --format=%i "${INCSPATH}/${INC_NAME}"
|
|
||||||
assert_success 256
|
|
||||||
else
|
|
||||||
# On an ext4 filesystem, the inc should be a regular directory
|
|
||||||
run test -d "${INCSPATH}/${INC_NAME}"
|
|
||||||
assert_success
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "ssh" {
|
|
||||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
|
||||||
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
|
||||||
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
|
|
||||||
|
|
||||||
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
|
|
||||||
|
|
||||||
# A started jail should be accessible via SSH
|
|
||||||
run ssh ${ssh_options} root@127.0.0.1 ls
|
|
||||||
assert_success
|
|
||||||
|
|
||||||
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
|
|
||||||
# A stopped jail should not be accessible via SSH
|
|
||||||
run ssh ${ssh_options} root@127.0.0.1 ls
|
|
||||||
assert_failure
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "rsync" {
|
|
||||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
|
||||||
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
|
||||||
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
|
|
||||||
|
|
||||||
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
|
|
||||||
# A started jail should be accessible via Rsync
|
|
||||||
run rsync -a -e "ssh ${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
|
|
||||||
assert_success
|
|
||||||
|
|
||||||
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
|
|
||||||
# A stopped jail should not be accessible via Rsync
|
|
||||||
run rsync -a -e "${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
|
|
||||||
assert_failure
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-default-ok" {
|
|
||||||
touch "${JAILPATH}/var/log/lastlog"
|
|
||||||
# With default values (2 days critical, 1 day warning),
|
|
||||||
# a freshly connected jail should be "ok"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "0"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-default-warning" {
|
|
||||||
lastlog_date=$(date -d -2days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
# With default values (2 days critical, 1 day warning),
|
|
||||||
# a 2 days old jail should be "warning"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "1"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-default-critical" {
|
|
||||||
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
# With default values (2 days critical, 1 day warning),
|
|
||||||
# a 3 days old jail should be "critical"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "2"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-custom-ok" {
|
|
||||||
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
|
|
||||||
echo "CRITICAL=120" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
echo "WARNING=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
# With custom values (5 days critical, 4 days warning),
|
|
||||||
# a 3 days old jail should be "ok"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "0"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-custom-warning" {
|
|
||||||
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
|
|
||||||
echo "CRITICAL=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
echo "WARNING=48" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
# With custom values (4 days critical, 3 days warning),
|
|
||||||
# a 3 days old jail should be "warning"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "1"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-custom-critical" {
|
|
||||||
lastlog_date=$(date -d -10days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
|
|
||||||
echo "CRITICAL=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
echo "WARNING=48" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
# With custom values (4 days critical, 3 days warning),
|
|
||||||
# a 10 days old jail should be "critical"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "2"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-disabled-warning" {
|
|
||||||
lastlog_date=$(date -d -2days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
|
|
||||||
echo "WARNING=0" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
# With custom values (warning disabled, default critical),
|
|
||||||
# a 2 days old jail should still be "ok"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert_equal "$status" "0"
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "check-disabled-critical" {
|
|
||||||
lastlog_date=$(date -d -3days --iso-8601=seconds)
|
|
||||||
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
|
|
||||||
|
|
||||||
echo "CRITICAL=0" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
|
|
||||||
# With custom values (critical disabled, default warning),
|
|
||||||
# a 3 days old jail should only be "warning"
|
|
||||||
run /usr/lib/bkctld/bkctld-check
|
|
||||||
assert [ "$status" = "1" ]
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,3 +1,35 @@
|
||||||
|
|
||||||
|
setup() {
|
||||||
|
. /usr/lib/bkctld/includes
|
||||||
|
|
||||||
|
rm -f /root/bkctld.key*
|
||||||
|
ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
|
||||||
|
|
||||||
|
grep -qE "^BACKUP_DISK=" /etc/default/bkctld || echo "BACKUP_DISK=/dev/vdb" >> /etc/default/bkctld
|
||||||
|
|
||||||
|
JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
|
||||||
|
JAILPATH="/backup/jails/${JAILNAME}"
|
||||||
|
INCSPATH="/backup/incs/${JAILNAME}"
|
||||||
|
PORT=$(awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
|
||||||
|
INC_NAME=$(date +"%Y-%m-%d-%H")
|
||||||
|
|
||||||
|
inode=$(stat --format=%i /backup)
|
||||||
|
|
||||||
|
/usr/lib/bkctld/bkctld-init "${JAILNAME}"
|
||||||
|
}
|
||||||
|
|
||||||
|
teardown() {
|
||||||
|
/usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
|
||||||
|
}
|
||||||
|
|
||||||
|
is_btrfs() {
|
||||||
|
path=$1
|
||||||
|
|
||||||
|
inode=$(stat --format=%i "${path}")
|
||||||
|
|
||||||
|
test $inode -eq 256
|
||||||
|
}
|
||||||
|
|
||||||
flunk() {
|
flunk() {
|
||||||
{ if [ "$#" -eq 0 ]; then cat -
|
{ if [ "$#" -eq 0 ]; then cat -
|
||||||
else echo "$@"
|
else echo "$@"
|
||||||
|
|
Loading…
Reference in a new issue