From 103ed2afb3a266a8173c3dcfb5d416bb0f3ba188 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sat, 28 Jan 2017 15:46:42 +0100 Subject: Added FIRE-4586 --- db/tests.db | 1 + include/tests_firewalls | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/db/tests.db b/db/tests.db index 438394f0..ef8448a6 100644 --- a/db/tests.db +++ b/db/tests.db @@ -139,6 +139,7 @@ FIRE-4534:test:security:firewalls:MacOS:Check Little Snitch firewall: FIRE-4536:test:security:firewalls:Linux:Check nftables status: FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration: FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration: +FIRE-4586:test:security:firewalls::Check firewall logging: FIRE-4590:test:security:firewalls::Check firewall status: HOME-9302:test:security:homedirs::Create list with home directories: HOME-9310:test:security:homedirs::Checking for suspicious shell history files: diff --git a/include/tests_firewalls b/include/tests_firewalls index 25f95907..6c6ab28a 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -453,6 +453,23 @@ # Check for specific features in nftables releases # ################################################################################# +# + # Test : FIRE-4586 + # Description : Check firewall logging + if [ ${FIREWALL_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FIRE-4586 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check firewall logging" + if [ ${SKIPTEST} -eq 0 ]; then + if [ ${IPTABLES_ACTIVE} -eq 1 ]; then + if [ ! -z "${IPTABLESSAVEBINARY}" ]; then + HAS_LOGGING=$(${IPTABLESSAVEBINARY} | ${GREPBINARY} "-j LOG") + if [ -z "${HAS_LOGGING}" ]; then + Report "firewall_no_logging[]=iptables" + fi + fi + fi + fi +# +################################################################################# # # Test : FIRE-4590 # Description : Check if at least one firewall if active -- cgit v1.2.3