1 module Test_Hosts_Access =
3 let multi_daemon = "sshd, sendmail : 10.234.\n"
5 test Hosts_Access.lns get multi_daemon =
8 { "process" = "sendmail" }
9 { "client" = "10.234." }
12 let multi_daemon_spc = "sshd sendmail : 10.234.\n"
14 test Hosts_Access.lns get multi_daemon_spc =
16 { "process" = "sshd" }
17 { "process" = "sendmail" }
18 { "client" = "10.234." }
21 let multi_client = "sshd: 10.234. , 192.168.\n"
23 test Hosts_Access.lns get multi_client =
25 { "process" = "sshd" }
26 { "client" = "10.234." }
27 { "client" = "192.168." }
30 let multi_client_spc = "sshd: 10.234. 192.168.\n"
32 test Hosts_Access.lns get multi_client_spc =
34 { "process" = "sshd" }
35 { "client" = "10.234." }
36 { "client" = "192.168." }
39 let daemon_except = "ALL Except sshd : 10.234.\n"
41 test Hosts_Access.lns get daemon_except =
45 { "process" = "sshd" }
47 { "client" = "10.234." }
50 let client_except = "sshd : ALL EXCEPT 192.168\n"
52 test Hosts_Access.lns get client_except =
54 { "process" = "sshd" }
57 { "client" = "192.168" }
61 let daemon_host = "sshd@192.168.0.1: 10.234.\n"
63 test Hosts_Access.lns get daemon_host =
66 { "host" = "192.168.0.1" }
68 { "client" = "10.234." }
71 let user_client = "sshd: root@.example.tld\n"
73 test Hosts_Access.lns get user_client =
75 { "process" = "sshd" }
76 { "client" = ".example.tld"
81 let shell_command = "sshd: 192.168. : /usr/bin/my_cmd -t -f some_arg\n"
83 test Hosts_Access.lns get shell_command =
85 { "process" = "sshd" }
86 { "client" = "192.168." }
87 { "shell_command" = "/usr/bin/my_cmd -t -f some_arg" }
90 let client_netgroup = "sshd: @hostgroup\n"
91 test Hosts_Access.lns get client_netgroup =
93 { "process" = "sshd" }
94 { "client" = "@hostgroup" }
97 let client_netmask = "sshd: 192.168.0.0/255.255.0.0\n"
98 test Hosts_Access.lns get client_netmask =
100 { "process" = "sshd" }
101 { "client" = "192.168.0.0"
102 { "netmask" = "255.255.0.0" } }
105 let client_cidr_v4 = "sshd: 192.168.0.0/24\n"
106 test Hosts_Access.lns get client_cidr_v4 =
108 { "process" = "sshd" }
109 { "client" = "192.168.0.0"
110 { "netmask" = "24" } }
113 let client_cidr_v6 = "sshd: [fe80::%fxp0]/64\n"
114 test Hosts_Access.lns get client_cidr_v6 =
116 { "process" = "sshd" }
117 { "client" = "[fe80::%fxp0]"
118 { "netmask" = "64" } }
121 let client_file = "sshd: /etc/external_file\n"
122 test Hosts_Access.lns get client_file =
124 { "process" = "sshd" }
125 { "file" = "/etc/external_file" }
128 let client_wildcard = "sshd: 192.168.?.*\n"
129 test Hosts_Access.lns get client_wildcard =
131 { "process" = "sshd" }
132 { "client" = "192.168.?.*" }
135 let sample_hosts_allow = "# hosts.allow This file describes the names of the hosts which are
136 # allowed to use the local INET services, as decided
137 # by the '/usr/sbin/tcpd' server.
138 in.telnetd: 192.168.1.
139 sshd: 70.16., 207.228.
144 test Hosts_Access.lns get sample_hosts_allow =
145 { "#comment" = "hosts.allow This file describes the names of the hosts which are" }
146 { "#comment" = "allowed to use the local INET services, as decided" }
147 { "#comment" = "by the '/usr/sbin/tcpd' server." }
149 { "process" = "in.telnetd" }
150 { "client" = "192.168.1." }
153 { "process" = "sshd" }
154 { "client" = "70.16." }
155 { "client" = "207.228." }
158 { "process" = "ipop3d" }
162 { "process" = "sendmail" }
167 let sample_hosts_deny = "#
168 # hosts.deny This file describes the names of the hosts which are
169 # *not* allowed to use the local INET services, as decided
170 # by the '/usr/sbin/tcpd' server.
177 test Hosts_Access.lns get sample_hosts_deny =
179 { "#comment" = "hosts.deny This file describes the names of the hosts which are" }
180 { "#comment" = "*not* allowed to use the local INET services, as decided" }
181 { "#comment" = "by the '/usr/sbin/tcpd' server." }
183 { "process" = "in.telnetd" }
188 { "process" = "sshd" }
191 { "client" = "64.179." }
196 let ip_mask = "sshd: 61./255.255.255.255\n"
198 test Hosts_Access.lns get ip_mask =
200 { "process" = "sshd" }
201 { "client" = "61." { "netmask" = "255.255.255.255" } } }
203 (* Support options from hosts_options(5) *)
204 test Hosts_Access.lns get "sshd: all: keepalive\n" =
206 { "process" = "sshd" }
210 test Hosts_Access.lns get "sshd: all: severity mail.info\n" =
212 { "process" = "sshd" }
214 { "severity" = "mail.info" } }
216 test Hosts_Access.lns get "sshd: all: severity mail.info : rfc931 5 : DENY\n" =
218 { "process" = "sshd" }
220 { "severity" = "mail.info" }
224 (* Ticket #255, from FreeBSD *)
225 let host_options_cmds = "# You need to be clever with finger; do _not_ backfinger!! You can easily
226 # start a \"finger war\".
228 : spawn (echo Finger. | \
229 /usr/bin/mail -s \"tcpd\: %u@%h[%a] fingered me!\" root) & \
232 # The rest of the daemons are protected.
235 : twist /bin/echo \"You are not welcome to use %d from %h.\"
238 test Hosts_Access.lns get host_options_cmds =
239 { "#comment" = "You need to be clever with finger; do _not_ backfinger!! You can easily" }
240 { "#comment" = "start a \"finger war\"." }
242 { "process" = "fingerd" }
244 { "spawn" = "(echo Finger. | \
245 /usr/bin/mail -s \"tcpd\\: %u@%h[%a] fingered me!\" root) &" }
248 { "#comment" = "The rest of the daemons are protected." }
250 { "process" = "ALL" }
252 { "severity" = "auth.info" }
253 { "twist" = "/bin/echo \"You are not welcome to use %d from %h.\"" } }