From f25852637a7aeb8608b4618b952407b59b0dbf7e Mon Sep 17 00:00:00 2001 From: Arnaud Patard Date: Thu, 21 Jan 2021 11:39:55 +0100 Subject: [PATCH] feat(pillar.example,test/): add example and test for richrule ratelimit Document and test the accept rate limiting of the rich rule. Signed-off-by: Arnaud Patard --- pillar.example | 8 ++++++++ test/integration/default/controls/zones_spec.rb | 7 +++++++ .../integration/default/files/_mapdata/amazonlinux-2.yaml | 7 +++++++ .../default/files/_mapdata/arch-base-latest.yaml | 7 +++++++ test/integration/default/files/_mapdata/centos-7.yaml | 7 +++++++ test/integration/default/files/_mapdata/centos-8.yaml | 7 +++++++ test/integration/default/files/_mapdata/debian-10.yaml | 7 +++++++ test/integration/default/files/_mapdata/debian-9.yaml | 7 +++++++ test/integration/default/files/_mapdata/fedora-31.yaml | 7 +++++++ test/integration/default/files/_mapdata/fedora-32.yaml | 7 +++++++ test/integration/default/files/_mapdata/opensuse-15.yaml | 7 +++++++ test/integration/default/files/_mapdata/ubuntu-16.yaml | 7 +++++++ test/integration/default/files/_mapdata/ubuntu-18.yaml | 7 +++++++ test/integration/default/files/_mapdata/ubuntu-20.yaml | 7 +++++++ 14 files changed, 99 insertions(+) diff --git a/pillar.example b/pillar.example index e68b767..0735832 100644 --- a/pillar.example +++ b/pillar.example @@ -126,6 +126,14 @@ firewalld: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http + ports: # {%- if grains['id'] == 'salt.example.com' %} - comment: salt-master diff --git a/test/integration/default/controls/zones_spec.rb b/test/integration/default/controls/zones_spec.rb index eee6953..b1b6cbf 100644 --- a/test/integration/default/controls/zones_spec.rb +++ b/test/integration/default/controls/zones_spec.rb @@ -37,6 +37,13 @@ control 'zones/public.xml configuration' do + + + + + + + ZONE_XML end diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml index 818cb7e..dcaeff6 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-2.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml index 254c382..223d80c 100644 --- a/test/integration/default/files/_mapdata/arch-base-latest.yaml +++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml index e77e920..55add4f 100644 --- a/test/integration/default/files/_mapdata/centos-7.yaml +++ b/test/integration/default/files/_mapdata/centos-7.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml index 994f917..5d4969a 100644 --- a/test/integration/default/files/_mapdata/centos-8.yaml +++ b/test/integration/default/files/_mapdata/centos-8.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml index 9d3473e..9d89fcc 100644 --- a/test/integration/default/files/_mapdata/debian-10.yaml +++ b/test/integration/default/files/_mapdata/debian-10.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml index 92713d7..19a8e64 100644 --- a/test/integration/default/files/_mapdata/debian-9.yaml +++ b/test/integration/default/files/_mapdata/debian-9.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/fedora-31.yaml b/test/integration/default/files/_mapdata/fedora-31.yaml index 6e2d197..7838855 100644 --- a/test/integration/default/files/_mapdata/fedora-31.yaml +++ b/test/integration/default/files/_mapdata/fedora-31.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml index b1738ec..ca4c18b 100644 --- a/test/integration/default/files/_mapdata/fedora-32.yaml +++ b/test/integration/default/files/_mapdata/fedora-32.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml index 012fcaf..ac9a402 100644 --- a/test/integration/default/files/_mapdata/opensuse-15.yaml +++ b/test/integration/default/files/_mapdata/opensuse-15.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml index 4f8fcd0..fbeedc9 100644 --- a/test/integration/default/files/_mapdata/ubuntu-16.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml index b7f93f9..dac5c61 100644 --- a/test/integration/default/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index 9e037e3..5d56702 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -134,6 +134,13 @@ values: name: fail2ban-ssh reject: type: icmp-port-unreachable + - accept: + limit: "3/m" + log: + level: warning + limit: "3/m" + prefix: "http fw limit 3/m" + service: http services: - http - https