treewide: reformat with nixfmt-rfc-style
This commit is contained in:
Martin Weinelt
parent
03433d472f
commit
1a7f3d718c
21 changed files with 2086 additions and 1680 deletions
239
tests/clamav.nix
239
tests/clamav.nix
|
|
@ -24,73 +24,79 @@
|
|||
name = "clamav";
|
||||
|
||||
nodes = {
|
||||
server = { pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../default.nix
|
||||
./lib/config.nix
|
||||
];
|
||||
server =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../default.nix
|
||||
./lib/config.nix
|
||||
];
|
||||
|
||||
virtualisation.memorySize = 1500;
|
||||
virtualisation.memorySize = 1500;
|
||||
|
||||
environment.systemPackages = with pkgs; [ netcat ];
|
||||
environment.systemPackages = with pkgs; [ netcat ];
|
||||
|
||||
services.rsyslogd = {
|
||||
enable = true;
|
||||
defaultConfig = ''
|
||||
*.* /dev/console
|
||||
'';
|
||||
};
|
||||
|
||||
services.clamav.updater.enable = lib.mkForce false;
|
||||
systemd.services.old-clam = {
|
||||
before = [ "clamav-daemon.service" ];
|
||||
requiredBy = [ "clamav-daemon.service" ];
|
||||
description = "ClamAV virus database";
|
||||
|
||||
preStart = ''
|
||||
mkdir -m 0755 -p /var/lib/clamav
|
||||
chown clamav:clamav /var/lib/clamav
|
||||
'';
|
||||
|
||||
script = ''
|
||||
cp ${blobs}/clamav/main.cvd /var/lib/clamav/
|
||||
cp ${blobs}/clamav/daily.cvd /var/lib/clamav/
|
||||
cp ${blobs}/clamav/bytecode.cvd /var/lib/clamav/
|
||||
chown clamav:clamav /var/lib/clamav/*
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
PrivateTmp = "yes";
|
||||
PrivateDevices = "yes";
|
||||
};
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.example.com";
|
||||
domains = [ "example.com" "example2.com" ];
|
||||
virusScanning = true;
|
||||
|
||||
loginAccounts = {
|
||||
"user1@example.com" = {
|
||||
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
|
||||
aliases = [ "postmaster@example.com" ];
|
||||
catchAll = [ "example.com" ];
|
||||
};
|
||||
"user@example2.com" = {
|
||||
hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0";
|
||||
};
|
||||
};
|
||||
enableImap = true;
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"root/eicar.com.txt".text = "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
|
||||
};
|
||||
services.rsyslogd = {
|
||||
enable = true;
|
||||
defaultConfig = ''
|
||||
*.* /dev/console
|
||||
'';
|
||||
};
|
||||
client = { nodes, pkgs, ... }: let
|
||||
|
||||
services.clamav.updater.enable = lib.mkForce false;
|
||||
systemd.services.old-clam = {
|
||||
before = [ "clamav-daemon.service" ];
|
||||
requiredBy = [ "clamav-daemon.service" ];
|
||||
description = "ClamAV virus database";
|
||||
|
||||
preStart = ''
|
||||
mkdir -m 0755 -p /var/lib/clamav
|
||||
chown clamav:clamav /var/lib/clamav
|
||||
'';
|
||||
|
||||
script = ''
|
||||
cp ${blobs}/clamav/main.cvd /var/lib/clamav/
|
||||
cp ${blobs}/clamav/daily.cvd /var/lib/clamav/
|
||||
cp ${blobs}/clamav/bytecode.cvd /var/lib/clamav/
|
||||
chown clamav:clamav /var/lib/clamav/*
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
PrivateTmp = "yes";
|
||||
PrivateDevices = "yes";
|
||||
};
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.example.com";
|
||||
domains = [
|
||||
"example.com"
|
||||
"example2.com"
|
||||
];
|
||||
virusScanning = true;
|
||||
|
||||
loginAccounts = {
|
||||
"user1@example.com" = {
|
||||
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
|
||||
aliases = [ "postmaster@example.com" ];
|
||||
catchAll = [ "example.com" ];
|
||||
};
|
||||
"user@example2.com" = {
|
||||
hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0";
|
||||
};
|
||||
};
|
||||
enableImap = true;
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"root/eicar.com.txt".text = "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
|
||||
};
|
||||
};
|
||||
client =
|
||||
{ nodes, pkgs, ... }:
|
||||
let
|
||||
serverIP = nodes.server.networking.primaryIPAddress;
|
||||
clientIP = nodes.client.networking.primaryIPAddress;
|
||||
grep-ip = pkgs.writeScriptBin "grep-ip" ''
|
||||
|
|
@ -98,20 +104,25 @@
|
|||
echo grep '${clientIP}' "$@" >&2
|
||||
exec grep '${clientIP}' "$@"
|
||||
'';
|
||||
in {
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./lib/config.nix
|
||||
./lib/config.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fetchmail msmtp procmail findutils grep-ip
|
||||
fetchmail
|
||||
msmtp
|
||||
procmail
|
||||
findutils
|
||||
grep-ip
|
||||
];
|
||||
environment.etc = {
|
||||
"root/.fetchmailrc" = {
|
||||
text = ''
|
||||
poll ${serverIP} with proto IMAP
|
||||
user 'user1@example.com' there with password 'user1' is 'root' here
|
||||
mda procmail
|
||||
poll ${serverIP} with proto IMAP
|
||||
user 'user1@example.com' there with password 'user1' is 'root' here
|
||||
mda procmail
|
||||
'';
|
||||
mode = "0700";
|
||||
};
|
||||
|
|
@ -185,59 +196,59 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
start_all()
|
||||
|
||||
server.wait_for_unit("multi-user.target")
|
||||
client.wait_for_unit("multi-user.target")
|
||||
server.wait_for_unit("multi-user.target")
|
||||
client.wait_for_unit("multi-user.target")
|
||||
|
||||
# TODO put this blocking into the systemd units? I am not sure if rspamd already waits for the clamd socket.
|
||||
server.wait_until_succeeds(
|
||||
"set +e; timeout 1 nc -U /run/rspamd/rspamd-milter.sock < /dev/null; [ $? -eq 124 ]"
|
||||
)
|
||||
server.wait_until_succeeds(
|
||||
"set +e; timeout 1 nc -U /run/clamav/clamd.ctl < /dev/null; [ $? -eq 124 ]"
|
||||
)
|
||||
# TODO put this blocking into the systemd units? I am not sure if rspamd already waits for the clamd socket.
|
||||
server.wait_until_succeeds(
|
||||
"set +e; timeout 1 nc -U /run/rspamd/rspamd-milter.sock < /dev/null; [ $? -eq 124 ]"
|
||||
)
|
||||
server.wait_until_succeeds(
|
||||
"set +e; timeout 1 nc -U /run/clamav/clamd.ctl < /dev/null; [ $? -eq 124 ]"
|
||||
)
|
||||
|
||||
client.execute("cp -p /etc/root/.* ~/")
|
||||
client.succeed("mkdir -p ~/mail")
|
||||
client.succeed("ls -la ~/ >&2")
|
||||
client.succeed("cat ~/.fetchmailrc >&2")
|
||||
client.succeed("cat ~/.procmailrc >&2")
|
||||
client.succeed("cat ~/.msmtprc >&2")
|
||||
client.execute("cp -p /etc/root/.* ~/")
|
||||
client.succeed("mkdir -p ~/mail")
|
||||
client.succeed("ls -la ~/ >&2")
|
||||
client.succeed("cat ~/.fetchmailrc >&2")
|
||||
client.succeed("cat ~/.procmailrc >&2")
|
||||
client.succeed("cat ~/.msmtprc >&2")
|
||||
|
||||
# fetchmail returns EXIT_CODE 1 when no new mail
|
||||
client.succeed("fetchmail --nosslcertck -v || [ $? -eq 1 ] >&2")
|
||||
# fetchmail returns EXIT_CODE 1 when no new mail
|
||||
client.succeed("fetchmail --nosslcertck -v || [ $? -eq 1 ] >&2")
|
||||
|
||||
# Verify that mail can be sent and received before testing virus scanner
|
||||
client.execute("rm ~/mail/*")
|
||||
client.succeed("msmtp -a user2 user1@example.com < /etc/root/safe-email >&2")
|
||||
# give the mail server some time to process the mail
|
||||
server.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
|
||||
client.execute("rm ~/mail/*")
|
||||
# fetchmail returns EXIT_CODE 0 when it retrieves mail
|
||||
client.succeed("fetchmail --nosslcertck -v >&2")
|
||||
client.execute("rm ~/mail/*")
|
||||
# Verify that mail can be sent and received before testing virus scanner
|
||||
client.execute("rm ~/mail/*")
|
||||
client.succeed("msmtp -a user2 user1@example.com < /etc/root/safe-email >&2")
|
||||
# give the mail server some time to process the mail
|
||||
server.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
|
||||
client.execute("rm ~/mail/*")
|
||||
# fetchmail returns EXIT_CODE 0 when it retrieves mail
|
||||
client.succeed("fetchmail --nosslcertck -v >&2")
|
||||
client.execute("rm ~/mail/*")
|
||||
|
||||
with subtest("virus scan file"):
|
||||
server.succeed(
|
||||
'set +o pipefail; clamdscan $(readlink -f /etc/root/eicar.com.txt) | grep "Txt\\.Malware\\.Agent-1787597 FOUND" >&2'
|
||||
)
|
||||
with subtest("virus scan file"):
|
||||
server.succeed(
|
||||
'set +o pipefail; clamdscan $(readlink -f /etc/root/eicar.com.txt) | grep "Txt\\.Malware\\.Agent-1787597 FOUND" >&2'
|
||||
)
|
||||
|
||||
with subtest("virus scan email"):
|
||||
client.succeed(
|
||||
'set +o pipefail; msmtp -a user2 user1@example.com < /etc/root/virus-email 2>&1 | tee /dev/stderr | grep "server message: 554 5\\.7\\.1" >&2'
|
||||
)
|
||||
server.succeed("journalctl -u rspamd | grep -i eicar")
|
||||
# give the mail server some time to process the mail
|
||||
server.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
|
||||
with subtest("virus scan email"):
|
||||
client.succeed(
|
||||
'set +o pipefail; msmtp -a user2 user1@example.com < /etc/root/virus-email 2>&1 | tee /dev/stderr | grep "server message: 554 5\\.7\\.1" >&2'
|
||||
)
|
||||
server.succeed("journalctl -u rspamd | grep -i eicar")
|
||||
# give the mail server some time to process the mail
|
||||
server.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
|
||||
|
||||
with subtest("no warnings or errors"):
|
||||
server.fail("journalctl -u postfix | grep -i error >&2")
|
||||
server.fail("journalctl -u postfix | grep -i warning >&2")
|
||||
server.fail("journalctl -u dovecot2 | grep -i error >&2")
|
||||
server.fail("journalctl -u dovecot2 | grep -i warning >&2")
|
||||
'';
|
||||
with subtest("no warnings or errors"):
|
||||
server.fail("journalctl -u postfix | grep -i error >&2")
|
||||
server.fail("journalctl -u postfix | grep -i warning >&2")
|
||||
server.fail("journalctl -u dovecot2 | grep -i error >&2")
|
||||
server.fail("journalctl -u dovecot2 | grep -i warning >&2")
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue