diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:52 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:52 +0000 |
| commit | a95cd20bb8e569c5a5f43808555e90ea436b858f (patch) | |
| tree | 7fb27265ca110c329d4d42336c979cab09fff04e /debian/tests | |
| parent | Adding upstream version 1:7.0.3. (diff) | |
| download | suricata-a95cd20bb8e569c5a5f43808555e90ea436b858f.tar.xz suricata-a95cd20bb8e569c5a5f43808555e90ea436b858f.zip | |
Adding debian version 1:7.0.3-1.debian/1%7.0.3-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/tests')
| -rw-r--r-- | debian/tests/control | 46 | ||||
| -rw-r--r-- | debian/tests/systemd-service-test.sh | 130 |
2 files changed, 176 insertions, 0 deletions
diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..1dca1c2 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,46 @@ +Test-Command: suricata --build-info +Depends: @ + +Test-Command: suricatasc -c "version" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: suricatasc -c "command-list" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: suricatasc -c "capture-mode" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: sleep 10 && suricatasc -c "dump-counters" +Depends: @ +Restrictions: needs-root, isolation-container + +Test-Command: suricatasc -c "uptime" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: suricatasc -c "reload-rules" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: suricatasc -c "iface-list" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: suricatasc -c "shutdown" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Test-Command: sleep 10 && suricatasc -c "running-mode" +Depends: @ +Restrictions: needs-root, isolation-container, flaky + +Tests: systemd-service-test.sh +Depends: @, systemd, procps +Restrictions: needs-root, isolation-container, allow-stderr + +Test-Command: src/suricata -u +Depends: @, @builddeps@, procps, geoip-database +Restrictions: needs-root, isolation-container, build-needed, allow-stderr diff --git a/debian/tests/systemd-service-test.sh b/debian/tests/systemd-service-test.sh new file mode 100644 index 0000000..089a8b2 --- /dev/null +++ b/debian/tests/systemd-service-test.sh @@ -0,0 +1,130 @@ +#!/bin/sh + +set -ex + +SERVICE="suricata.service" +ETC_SERVICE_FILE="/etc/systemd/system/${SERVICE}" +LIB_SERVICE_FILE="/lib/systemd/system/${SERVICE}" +CONFIG_FILE="/etc/suricata/suricata.yaml" +IFACE=$(ip route show | awk '/default/ {print $5}') + +if [ ! -r "$LIB_SERVICE_FILE" ] ; then + : ERROR unable to read $LIB_SERVICE_FILE + exit 1 +fi +if [ ! -w "$CONFIG_FILE" ] ; then + : ERROR unable to write to $CONFIG_FILE + exit 1 +fi + +systemctl_action() +{ + if ! systemctl $1 $SERVICE ; then + journalctl -u $SERVICE + return 1 + fi + return 0 +} + +echo " +%YAML 1.1 +--- +default-rule-path: /etc/suricata/rules +rule-files: + - tor.rules + - http-events.rules + - smtp-events.rules + - dns-events.rules + - tls-events.rules +classification-file: /etc/suricata/classification.config +reference-config-file: /etc/suricata/reference.config +default-log-dir: /var/log/suricata/ +af-packet: + - interface: $IFACE + cluster-id: 99 + cluster-type: cluster_flow + defrag: yes + - interface: default + tpacket-v3: yes + block-size: 131072 +app-layer: + protocols: + ssh: + enabled: yes +host-mode: auto +unix-command: + enabled: yes + filename: /var/run/suricata-command.socket +detect: + profile: medium + custom-values: + toclient-groups: 3 + toserver-groups: 25 + sgh-mpm-context: auto + inspection-recursion-limit: 3000 + grouping: + profiling: + grouping: + dump-to-disk: false + include-rules: false + include-mpm-stats: false +mpm-algo: auto +spm-algo: auto +" > $CONFIG_FILE + +# +# before start, package installation may start the daemon +# +if systemctl -q is-active $SERVICE ; then + : WARNING initial service running, stopping now + if ! systemctl_action stop ; then + : ERROR cant stop initial service + exit 1 + fi +fi + +# +# First run of the daemon and basic checks +# +if ! systemctl_action start ; then + : ERROR cant start the service + exit 1 +fi +sleep 10 # wait for service startup +systemctl status $SERVICE + +# +# Restart the daemon +# +if ! systemctl_action restart ; then + : ERROR unable to restart the service + exit 1 +fi + +sleep 10 # wait for serive startup +if ! systemctl -q is-active $SERVICE ; then + journalctl -u $SERVICE + : ERROR service not active after restart + exit 1 +fi + +# +# Reload the daemon +# + +: WARNING: Not testing daemon reload: it timeouts in ci.debian.net + +#if ! systemctl_action reload ; then +# : ERROR unable to reload the service +# exit 1 +#fi + +#sleep 10 # wait for service reload +#if ! systemctl -q is-active $SERVICE ; then +# journalctl -u $SERVICE +# : ERROR service not active after reload +# exit 1 +#fi + +: INFO all tests OK +exit 0 |