diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2017-02-14 18:19:44 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-02-14 18:19:44 +0300 |
commit | 30d9c2b72d3307a6095de50ad1c11fb3f53f19b3 (patch) | |
tree | be472d887da021cb0926684a5e262605a14c0b0f /include | |
parent | c0e604c0594c879f3c642a16aeacc3b75ed8cf2e (diff) |
[FIRE-4512] lowered number of minimum rules
Diffstat (limited to 'include')
-rw-r--r-- | include/tests_firewalls | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/tests_firewalls b/include/tests_firewalls index 4c434c7e..c9933bf9 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -145,14 +145,14 @@ # # Test : FIRE-4512 # Description : Check iptables for empty ruleset (should have at least 10 or more rules) - if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ! -z "${IPTABLESBINARY}" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset" if [ ${SKIPTEST} -eq 0 ]; then FIND=$(${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | ${WCBINARY} -l | ${TRBINARY} -d ' ') if [ ! -z "${FIND}" ]; then FIREWALL_ACTIVE=1 - if [ ${FIND} -le 10 ]; then - # Firewall is active, but clearly needs configuration + if [ ${FIND} -le 5 ]; then + # Firewall is active, but needs configuration FIREWALL_EMPTY_RULESET=1 LogText "Result: iptables ruleset seems to be empty (found ${FIND} rules)" Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_WARNING}" --color RED |