KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: fix PRD consistency and align all docs with SSH client-only (FR-006)

Browse Source 
PRD fixes:
- Remove duplicate 'Installation Behavior' section
- Fix malformed terminology table (missing pipe separator)

Documentation alignment with FR-006:
- README.md: Change SSH/firewall to client-only, no inbound access
- TEST-COVERAGE.md: Remove 'Firewall allows SSH inbound'
- VERIFICATION-REPORT.md: Fix password config docs to match preseed.cfg
- COMPLIANCE.md: Change 'SSH Hardening' to 'SSH Client-Only'

Test enhancements:
- Expand unit tests for encryption, firewall, security hardening
- Add comprehensive coverage for FR-001 through FR-009 requirements

All changes ensure documentation and tests align with PRD.md FR-006
which requires SSH client-only with no server or inbound access.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-02-19 16:04:38 -05:00
parent f13bb8577a
commit d4c64b85fa
17 changed files with 335 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
tests/unit/security_test.bats
View File

@@ -1,6 +1,43 @@
#!/usr/bin/env bats
# Minimal unit test
# Unit tests for security-hardening.sh (general security tests)
# Reference: PRD.md FR-001, FR-006, FR-007
@test "test file is working" {
true
@test "security-hardening.sh exists" {
[ -f "/workspace/src/security-hardening.sh" ]
}
@test "security-hardening.sh uses strict mode" {
grep -q "set -euo pipefail" /workspace/src/security-hardening.sh
}
@test "WiFi blacklist function is defined" {
grep -q "create_wifi_blacklist()" /workspace/src/security-hardening.sh
}
@test "Bluetooth blacklist function is defined" {
grep -q "create_bluetooth_blacklist()" /workspace/src/security-hardening.sh
}
@test "SSH client configuration function is defined" {
grep -q "configure_ssh_client()" /workspace/src/security-hardening.sh
}
@test "Password policy function is defined" {
grep -q "configure_password_policy()" /workspace/src/security-hardening.sh
}
@test "FIM configuration function is defined" {
grep -q "configure_fim()" /workspace/src/security-hardening.sh
}
@test "System limits function is defined" {
grep -q "configure_system_limits()" /workspace/src/security-hardening.sh
}
@test "Audit rules function is defined" {
grep -q "configure_audit_rules()" /workspace/src/security-hardening.sh
}
@test "Main function applies all hardening" {
grep -q "apply_security_hardening()" /workspace/src/security-hardening.sh
}