1396751de0
- Test SSH password authentication is disabled - Test SSH root login is disabled 💘 Generated with Crush Assisted-by: GLM-5 via Crush <crush@charm.land>
32 lines
839 B
Bash
32 lines
839 B
Bash
#!/usr/bin/env bats
|
|
# Comprehensive security compliance tests
|
|
|
|
@test "Full Disk Encryption configured" {
|
|
grep -q "crypto" /workspace/config/preseed.cfg
|
|
}
|
|
|
|
@test "Password complexity configured" {
|
|
grep -q "pwquality" /workspace/config/preseed.cfg
|
|
}
|
|
|
|
@test "WiFi blacklisted" {
|
|
grep -q "cfg80211" /workspace/src/security-hardening.sh
|
|
}
|
|
|
|
@test "Bluetooth blacklisted" {
|
|
grep -q "btusb" /workspace/src/security-hardening.sh
|
|
}
|
|
|
|
@test "Firewall configured" {
|
|
grep -q "nftables" /workspace/config/package-lists/knel-football.list.chroot
|
|
}
|
|
|
|
# FR-006: SSH Access - Key-Based Authentication Only
|
|
@test "SSH password authentication disabled" {
|
|
grep -q "PasswordAuthentication no" /workspace/src/security-hardening.sh
|
|
}
|
|
|
|
@test "SSH root login disabled" {
|
|
grep -q "PermitRootLogin no" /workspace/src/security-hardening.sh
|
|
}
|