mCaptcha/iac
2
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity

feat: test firewall configuration using ufw

Browse source
This commit is contained in:
Aravinth Manivannan 2023-08-17 04:56:14 +05:30
parent 46b8ba769a
commit 67de93dad1
Signed by: realaravinth
GPG key ID: AD9F0F08E855ED88
3 changed files with 379 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

160
.gitignore vendored
View file

@ -1 +1,161 @@
venv venv
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

192
requirements.txt
View file

@ -29,3 +29,195 @@ requests==2.31.0
resolvelib==1.0.1 resolvelib==1.0.1
salt==3006.1 salt==3006.1
urllib3==2.0.3 urllib3==2.0.3
airdrop-ng==1.1
airgraph-ng==1.1
apparmor==3.1.6
appdirs==1.4.4
argcomplete==2.0.0
asttokens==2.2.1
async-timeout==4.0.2
attrs==22.2.0
autocommand==2.2.2
autopage==0.5.1
Babel==2.12.1
beautifulsoup4==4.12.2
binwalk==2.3.3
black==23.7.0
borgbackup==1.2.4
Brlapi==0.8.5
btrfsutil==6.3.3
certifi==2023.7.22
cffi==1.15.1
chardet==5.2.0
charset-normalizer==3.2.0
click==8.1.6
cliff==4.3.0
cmd2==2.4.3
codespell==2.2.5
colorama==0.4.6
ConfigArgParse==1.5.3
contourpy==1.1.0
crit==3.18
cryptography==41.0.3
cupshelpers==1.0
cycler==0.11.0
Cython==3.0.0
dbus-python==1.3.2
debtcollector==2.5.0
decorator==5.1.1
defusedxml==0.7.1
deprecation==2.1.0
devtools==0.11.0
distlib==0.3.7
distro==1.8.0
dnspython==2.3.0
dogpile.cache==1.1.8
executing==1.2.0
fastjsonschema==2.18.0
filelock==3.12.2
fonttools==4.42.0
gevent==22.10.2
git-filter-repo==2.38.0
gpg==1.21.0
greenlet==2.0.2
html5lib==1.1
httpie==3.2.1
idna==3.4
importlib-metadata==5.0.0
inflect==7.0.0
iotop==0.6
iso8601==2.0.0
jaraco.context==4.3.0
jaraco.functools==3.8.1
jaraco.text==3.11.1
jedi==0.18.2
jmespath==1.0.1
jsonpatch==1.33
jsonpointer==2.4
jsonschema==4.19.0
jsonschema-specifications==2023.7.1
keystoneauth1==5.2.1
kiwisolver==1.4.4
lensfun==0.3.4
LibAppArmor==3.1.6
libfdt==1.7.0
libtorrent==2.0.9
libvirt-python==9.6.0
lit==15.0.7.dev0
louis==3.26.0
lxml==4.9.2
Mako==1.2.4
mallard-ducktype==1.0.2
Markdown==3.4.4
markdown-it-py==2.2.0
MarkupSafe==2.1.3
matplotlib==3.7.2
mdurl==0.1.2
MemoizeDB==2021.11.20.2.41.2
meson==1.2.1
more-itertools==10.1.0
msgpack==1.0.5
multidict==6.0.4
mypy-extensions==1.0.0
netaddr==0.8.0
netifaces==0.11.0
nftables==0.1
numpy==1.25.1
openshot-qt==3.1.1
openstacksdk==1.0.1
ordered-set==4.1.0
os-service-types==1.7.0
osc-lib==2.8.0
oslo.config==9.1.1
oslo.i18n==6.0.0
oslo.serialization==5.1.1
oslo.utils==6.1.0
packaging==23.1
parso==0.8.3
pathspec==0.11.2
pbr==5.11.1
perf==0.1
Pillow==10.0.0
pipenv==2023.7.23
pipx==1.2.0
platformdirs==3.10.0
ply==3.11
pm2ml==2021.11.20.2.41.2
pooch==1.7.0
Powerpill==2021.11.20.2.41.2
prettytable==3.6.0
protobuf==4.23.4
psutil==5.9.5
pwquality==1.4.5
pyalpm==0.10.6
pyasn1==0.4.8
pybind11==2.11.1
pycairo==1.24.0
pycparser==2.21
pycups==2.0.1
pycurl==7.45.2
pydantic==1.10.9
Pygments==2.16.1
PyGObject==3.44.1
pynvim==0.4.3
pyOpenSSL==23.2.0
pyparsing==3.0.9
pyperclip==1.8.2
PyQt5==5.15.9
PyQt5-sip==12.12.2
PyQtWebEngine==5.15.6
pyrsistent==0.19.3
pysequoia==0.1.20
PySocks==1.7.1
python-cinderclient==9.3.0
python-dateutil==2.8.2
python-glanceclient==4.1.0
python-keystoneclient==5.1.0
python-novaclient==18.3.0
python-openstackclient==6.2.0
pytz==2023.3
pyxdg==0.28
PyYAML==6.0.1
pyzmq==25.1.1
redis==4.6.0
referencing==0.30.2
Reflector==2023.6.28.0.36.1
requests==2.28.2
requests-toolbelt==1.0.0
requestsexceptions==1.4.0
rfc3986==2.0.0
rich==13.5.2
rpds-py==0.9.2
rpm==4.18.1
scipy==1.11.1
simplejson==3.19.1
six==1.16.0
soupsieve==2.4.1
stevedore==5.1.0
TBB==0.2
tomli==2.0.1
torbrowser-launcher==0.3.6
tqdm==4.65.0
trash-cli==0.23.2.13.2
trimage==1.0.6
trove-classifiers==2023.8.8
typing_extensions==4.7.1
uc-micro-py==1.0.2
ufw==0.36.2
urllib3==1.26.15
userpath==1.8.0
validate-pyproject==0.13.post1.dev0+gb752273.d20230520
vboxapi==1.0
virtualenv==20.24.3
virtualenv-clone==0.5.7
warlock==2.0.1
wcwidth==0.2.6
webencodings==0.5.1
wrapt==1.14.1
XCGF==2021.11.20.2.41.3
XCPF==2021.12.24.10.22.41
youtube-dl==2021.12.17
yt-dlp==2023.7.6
zipp==3.16.2
zope.event==5.0
zope.interface==6.0

27
tests/test_basic.py Normal file
View file

@ -0,0 +1,27 @@
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import os
def test_ssh_is_listening(host):
socket = host.socket(f"tcp://0.0.0.0:22")
assert socket.is_listening
def test_ufw_service_running_and_enabled(host):
service = host.service("ufw")
assert service.is_running
assert service.is_enabled
def test_ssh_service_running_and_enabled(host):
service = host.service("ssh")
assert service.is_running
assert service.is_enabled
def test_ssh_is_installed(host):
pkg = host.package("openssh-server")
assert pkg.is_installed