diff options
| author | Mathieu Othacehe <othacehe@gnu.org> | 2025-11-06 15:31:03 +0100 |
|---|---|---|
| committer | Mathieu Othacehe <othacehe@gnu.org> | 2025-11-08 11:25:55 +0100 |
| commit | 23fce946eba82434900e95c4ca13bc575932b014 (patch) | |
| tree | 6afaec893257ef165d36db72d18a5453618ad2fd /gnu | |
| parent | efb910877f6ddf415519c66a2f305c00fb070454 (diff) | |
gnu: tests: Fix fail2ban tests.
As discussed here: https://github.com/fail2ban/fail2ban/issues/1593, the
monitored file has to be present before the fail2ban service starts. Create
this file in a dedicated activation service.
* gnu/tests/security.scm (%auth-log-activation-service): New variable.
(run-fail2ban-basic-test, run-fail2ban-simple-test)
(run-fail2ban-extension-test): Use it.
Fixes: guix/guix#3645
Change-Id: Ic12891cc5438abbd041ceb19e1d22dae51c7c848
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/tests/security.scm | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/gnu/tests/security.scm b/gnu/tests/security.scm index 93cbe4a9772..8887396b89b 100644 --- a/gnu/tests/security.scm +++ b/gnu/tests/security.scm @@ -97,6 +97,17 @@ (gexp->derivation test-name test))) +;; The /var/log/secure file that is monitored by fail2ban has to be present +;; before the service starts. This limitation is discussed here: +;; https://github.com/fail2ban/fail2ban/issues/1593. +(define %auth-log-activation-service + (simple-service 'create-authlog-file + activation-service-type + #~(begin + (call-with-output-file "/var/log/secure" + (lambda (port) + (display "" port)))))) + (define run-fail2ban-basic-test (fail2ban-test "fail2ban-basic-test" @@ -121,12 +132,14 @@ (define run-fail2ban-simple-test (fail2ban-test - "fail2ban-basic-test" + "fail2ban-simple-test" (simple-operating-system - (service fail2ban-service-type (fail2ban-configuration - (jails (list (fail2ban-jail-configuration - (name "sshd"))))))) + %auth-log-activation-service + (service fail2ban-service-type + (fail2ban-configuration + (jails (list (fail2ban-jail-configuration + (name "sshd"))))))) (test-equal "fail2ban sshd jail running status output" '("Status for the jail: sshd" @@ -175,8 +188,11 @@ "fail2ban-extension-test" (simple-operating-system - (service (fail2ban-jail-service openssh-service-type (fail2ban-jail-configuration - (name "sshd") (enabled? #t))) + %auth-log-activation-service + (service (fail2ban-jail-service openssh-service-type + (fail2ban-jail-configuration + (name "sshd") + (enabled? #t))) (openssh-configuration)) (service static-networking-service-type (list %qemu-static-networking))) |