From 67de93dad1f4fb0ada634c8f7a5d29badf64b3bf Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Thu, 17 Aug 2023 04:56:14 +0530
Subject: [PATCH] feat: test firewall configuration using ufw

---
 .gitignore          | 160 ++++++++++++++++++++++++++++++++++++
 requirements.txt    | 192 ++++++++++++++++++++++++++++++++++++++++++++
 tests/test_basic.py |  27 +++++++
 3 files changed, 379 insertions(+)
 create mode 100644 tests/test_basic.py

diff --git a/.gitignore b/.gitignore
index 5ceb386..7d38bf1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,161 @@
 venv
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
diff --git a/requirements.txt b/requirements.txt
index 6e46125..f927207 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,3 +29,195 @@ requests==2.31.0
 resolvelib==1.0.1
 salt==3006.1
 urllib3==2.0.3
+airdrop-ng==1.1
+airgraph-ng==1.1
+apparmor==3.1.6
+appdirs==1.4.4
+argcomplete==2.0.0
+asttokens==2.2.1
+async-timeout==4.0.2
+attrs==22.2.0
+autocommand==2.2.2
+autopage==0.5.1
+Babel==2.12.1
+beautifulsoup4==4.12.2
+binwalk==2.3.3
+black==23.7.0
+borgbackup==1.2.4
+Brlapi==0.8.5
+btrfsutil==6.3.3
+certifi==2023.7.22
+cffi==1.15.1
+chardet==5.2.0
+charset-normalizer==3.2.0
+click==8.1.6
+cliff==4.3.0
+cmd2==2.4.3
+codespell==2.2.5
+colorama==0.4.6
+ConfigArgParse==1.5.3
+contourpy==1.1.0
+crit==3.18
+cryptography==41.0.3
+cupshelpers==1.0
+cycler==0.11.0
+Cython==3.0.0
+dbus-python==1.3.2
+debtcollector==2.5.0
+decorator==5.1.1
+defusedxml==0.7.1
+deprecation==2.1.0
+devtools==0.11.0
+distlib==0.3.7
+distro==1.8.0
+dnspython==2.3.0
+dogpile.cache==1.1.8
+executing==1.2.0
+fastjsonschema==2.18.0
+filelock==3.12.2
+fonttools==4.42.0
+gevent==22.10.2
+git-filter-repo==2.38.0
+gpg==1.21.0
+greenlet==2.0.2
+html5lib==1.1
+httpie==3.2.1
+idna==3.4
+importlib-metadata==5.0.0
+inflect==7.0.0
+iotop==0.6
+iso8601==2.0.0
+jaraco.context==4.3.0
+jaraco.functools==3.8.1
+jaraco.text==3.11.1
+jedi==0.18.2
+jmespath==1.0.1
+jsonpatch==1.33
+jsonpointer==2.4
+jsonschema==4.19.0
+jsonschema-specifications==2023.7.1
+keystoneauth1==5.2.1
+kiwisolver==1.4.4
+lensfun==0.3.4
+LibAppArmor==3.1.6
+libfdt==1.7.0
+libtorrent==2.0.9
+libvirt-python==9.6.0
+lit==15.0.7.dev0
+louis==3.26.0
+lxml==4.9.2
+Mako==1.2.4
+mallard-ducktype==1.0.2
+Markdown==3.4.4
+markdown-it-py==2.2.0
+MarkupSafe==2.1.3
+matplotlib==3.7.2
+mdurl==0.1.2
+MemoizeDB==2021.11.20.2.41.2
+meson==1.2.1
+more-itertools==10.1.0
+msgpack==1.0.5
+multidict==6.0.4
+mypy-extensions==1.0.0
+netaddr==0.8.0
+netifaces==0.11.0
+nftables==0.1
+numpy==1.25.1
+openshot-qt==3.1.1
+openstacksdk==1.0.1
+ordered-set==4.1.0
+os-service-types==1.7.0
+osc-lib==2.8.0
+oslo.config==9.1.1
+oslo.i18n==6.0.0
+oslo.serialization==5.1.1
+oslo.utils==6.1.0
+packaging==23.1
+parso==0.8.3
+pathspec==0.11.2
+pbr==5.11.1
+perf==0.1
+Pillow==10.0.0
+pipenv==2023.7.23
+pipx==1.2.0
+platformdirs==3.10.0
+ply==3.11
+pm2ml==2021.11.20.2.41.2
+pooch==1.7.0
+Powerpill==2021.11.20.2.41.2
+prettytable==3.6.0
+protobuf==4.23.4
+psutil==5.9.5
+pwquality==1.4.5
+pyalpm==0.10.6
+pyasn1==0.4.8
+pybind11==2.11.1
+pycairo==1.24.0
+pycparser==2.21
+pycups==2.0.1
+pycurl==7.45.2
+pydantic==1.10.9
+Pygments==2.16.1
+PyGObject==3.44.1
+pynvim==0.4.3
+pyOpenSSL==23.2.0
+pyparsing==3.0.9
+pyperclip==1.8.2
+PyQt5==5.15.9
+PyQt5-sip==12.12.2
+PyQtWebEngine==5.15.6
+pyrsistent==0.19.3
+pysequoia==0.1.20
+PySocks==1.7.1
+python-cinderclient==9.3.0
+python-dateutil==2.8.2
+python-glanceclient==4.1.0
+python-keystoneclient==5.1.0
+python-novaclient==18.3.0
+python-openstackclient==6.2.0
+pytz==2023.3
+pyxdg==0.28
+PyYAML==6.0.1
+pyzmq==25.1.1
+redis==4.6.0
+referencing==0.30.2
+Reflector==2023.6.28.0.36.1
+requests==2.28.2
+requests-toolbelt==1.0.0
+requestsexceptions==1.4.0
+rfc3986==2.0.0
+rich==13.5.2
+rpds-py==0.9.2
+rpm==4.18.1
+scipy==1.11.1
+simplejson==3.19.1
+six==1.16.0
+soupsieve==2.4.1
+stevedore==5.1.0
+TBB==0.2
+tomli==2.0.1
+torbrowser-launcher==0.3.6
+tqdm==4.65.0
+trash-cli==0.23.2.13.2
+trimage==1.0.6
+trove-classifiers==2023.8.8
+typing_extensions==4.7.1
+uc-micro-py==1.0.2
+ufw==0.36.2
+urllib3==1.26.15
+userpath==1.8.0
+validate-pyproject==0.13.post1.dev0+gb752273.d20230520
+vboxapi==1.0
+virtualenv==20.24.3
+virtualenv-clone==0.5.7
+warlock==2.0.1
+wcwidth==0.2.6
+webencodings==0.5.1
+wrapt==1.14.1
+XCGF==2021.11.20.2.41.3
+XCPF==2021.12.24.10.22.41
+youtube-dl==2021.12.17
+yt-dlp==2023.7.6
+zipp==3.16.2
+zope.event==5.0
+zope.interface==6.0
diff --git a/tests/test_basic.py b/tests/test_basic.py
new file mode 100644
index 0000000..5f1aa80
--- /dev/null
+++ b/tests/test_basic.py
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+import os
+
+
+def test_ssh_is_listening(host):
+    socket = host.socket(f"tcp://0.0.0.0:22")
+    assert socket.is_listening
+
+
+def test_ufw_service_running_and_enabled(host):
+    service = host.service("ufw")
+    assert service.is_running
+    assert service.is_enabled
+
+
+def test_ssh_service_running_and_enabled(host):
+    service = host.service("ssh")
+    assert service.is_running
+    assert service.is_enabled
+
+
+def test_ssh_is_installed(host):
+    pkg = host.package("openssh-server")
+    assert pkg.is_installed