diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2016-10-15 16:26:15 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-10-15 16:26:15 +0300 |
| commit | 81024635aa9c3c9697e8228bac48449dff8bba2e (patch) | |
| tree | e82b6fd1335089aebcc19468c5aa12023483481a /include/tests_firewalls | |
| parent | b6a9d294d87f1fcccb187172c5a658bf017c49b5 (diff) | |
Improve detection of pf on FreeBSD
Diffstat (limited to 'include/tests_firewalls')
| -rw-r--r-- | include/tests_firewalls | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/include/tests_firewalls b/include/tests_firewalls index 87611fa3..5b4d59f6 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -190,29 +190,28 @@ # # Test : FIRE-4518 # Description : Checking status of pf firewall components - Register --test-no FIRE-4518 --weight L --network NO --category security --description "Check pf firewall components" + # Notes : Use /dev/pf as first detection method if pf is available + if [ ! -e /dev/pf ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No /dev/pf file"; fi + Register --test-no FIRE-4518 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check pf firewall components" if [ ${SKIPTEST} -eq 0 ]; then - PFFOUND=0; PFLOGDFOUND=0 # Check status with pfctl LogText "Test: checking pf status via pfctl" if [ ! -z "${PFCTLBINARY}" ]; then FIND=$(${PFCTLBINARY} -sa 2>&1 | ${GREPBINARY} "^Status" | ${HEADBINARY} -1 | ${AWKBINARY} '{ print $2 }') - if [ "${FIND}" = "Enabled" ]; then + if [ "${FIND}" = "Disabled" ]; then + if IsVerbose; then Display --indent 2 --text "- Checking pf status (pfctl)" --result "${STATUS_DISABLED}" --color RED; fi + LogText "Result: pf is disabled" + AddHP 0 3 + elif [ "${FIND}" = "Enabled" ]; then Display --indent 2 --text "- Checking pf status (pfctl)" --result "${STATUS_ENABLED}" --color GREEN LogText "Result: pf is enabled" PFFOUND=1 AddHP 3 3 else - if [ "${FIND}" = "Disabled" ]; then - Display --indent 2 --text "- Checking pf status (pfctl)" --result "${STATUS_DISABLED}" --color RED - LogText "Result: pf is disabled" - AddHP 0 3 - else - Display --indent 2 --text "- Checking pf status (pfctl)" --result "${STATUS_UNKNOWN}" --color YELLOW - ReportException ${TEST_NO} "Unknown status of pf firewall" - fi + Display --indent 2 --text "- Checking pf status (pfctl)" --result "${STATUS_UNKNOWN}" --color YELLOW + ReportException ${TEST_NO} "Unknown status of pf firewall" fi fi |