From 30d9c2b72d3307a6095de50ad1c11fb3f53f19b3 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 14 Feb 2017 16:19:44 +0100 Subject: [FIRE-4512] lowered number of minimum rules --- include/tests_firewalls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include/tests_firewalls') diff --git a/include/tests_firewalls b/include/tests_firewalls index 4c434c7e..c9933bf9 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -145,14 +145,14 @@ # # Test : FIRE-4512 # Description : Check iptables for empty ruleset (should have at least 10 or more rules) - if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ! -z "${IPTABLESBINARY}" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset" if [ ${SKIPTEST} -eq 0 ]; then FIND=$(${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | ${WCBINARY} -l | ${TRBINARY} -d ' ') if [ ! -z "${FIND}" ]; then FIREWALL_ACTIVE=1 - if [ ${FIND} -le 10 ]; then - # Firewall is active, but clearly needs configuration + if [ ${FIND} -le 5 ]; then + # Firewall is active, but needs configuration FIREWALL_EMPTY_RULESET=1 LogText "Result: iptables ruleset seems to be empty (found ${FIND} rules)" Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_WARNING}" --color RED -- cgit v1.2.3