augeas-lenses 1.2.0-0ubuntu1.3 / usr / share / augeas / lenses / dist / tests / test_hosts_access.aug

This file is indexed.

/usr/share/augeas/lenses/dist/tests/test_hosts_access.aug is in augeas-lenses 1.2.0-0ubuntu1.3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
module Test_Hosts_Access =

let multi_daemon = "sshd, sendmail : 10.234.\n"

test Hosts_Access.lns get multi_daemon =
  { "1"
    { "process" = "sshd" }
    { "process" = "sendmail" }
    { "client" = "10.234." }
  }

let multi_daemon_spc = "sshd sendmail : 10.234.\n"

test Hosts_Access.lns get multi_daemon_spc =
  { "1"
    { "process" = "sshd" }
    { "process" = "sendmail" }
    { "client" = "10.234." }
  }

let multi_client = "sshd: 10.234. , 192.168.\n"

test Hosts_Access.lns get multi_client =
  { "1"
    { "process" = "sshd" }
    { "client" = "10.234." }
    { "client" = "192.168." }
  }

let multi_client_spc = "sshd: 10.234. 192.168.\n"

test Hosts_Access.lns get multi_client_spc =
  { "1"
    { "process" = "sshd" }
    { "client" = "10.234." }
    { "client" = "192.168." }
  }

let daemon_except = "ALL Except sshd : 10.234.\n"

test Hosts_Access.lns get daemon_except =
  { "1"
    { "process" = "ALL" }
    { "except"
      { "process" = "sshd" }
    }
    { "client" = "10.234." }
  }

let client_except = "sshd : ALL EXCEPT 192.168\n"

test Hosts_Access.lns get client_except =
  { "1"
    { "process" = "sshd" }
    { "client" = "ALL" }
    { "except"
      { "client" = "192.168" }
    }
  }

let daemon_host = "sshd@192.168.0.1: 10.234.\n"

test Hosts_Access.lns get daemon_host =
  { "1"
    { "process" = "sshd"
      { "host" = "192.168.0.1" }
    }
    { "client" = "10.234." }
  }

let user_client = "sshd: root@.example.tld\n"

test Hosts_Access.lns get user_client =
  { "1"
    { "process" = "sshd" }
    { "client" = ".example.tld"
      { "user" = "root" }
    }
  }

let shell_command = "sshd: 192.168. : /usr/bin/my_cmd -t -f some_arg\n"

test Hosts_Access.lns get shell_command =
  { "1"
    { "process" = "sshd" }
    { "client" = "192.168." }
    { "shell_command" = "/usr/bin/my_cmd -t -f some_arg" }
  }

let client_netgroup = "sshd: @hostgroup\n"
test Hosts_Access.lns get client_netgroup =
  { "1"
    { "process" = "sshd" }
    { "client" = "@hostgroup" }
  }

let client_netmask = "sshd: 192.168.0.0/255.255.0.0\n"
test Hosts_Access.lns get client_netmask =
  { "1"
    { "process" = "sshd" }
    { "client" = "192.168.0.0"
      { "netmask" = "255.255.0.0" } }
  }

let client_cidr_v4 = "sshd: 192.168.0.0/24\n"
test Hosts_Access.lns get client_cidr_v4 =
  { "1"
    { "process" = "sshd" }
    { "client" = "192.168.0.0"
      { "netmask" = "24" } }
  }

let client_cidr_v6 = "sshd: [fe80::%fxp0]/64\n"
test Hosts_Access.lns get client_cidr_v6 =
  { "1"
    { "process" = "sshd" }
    { "client" = "[fe80::%fxp0]"
      { "netmask" = "64" } }
  }

let client_file = "sshd: /etc/external_file\n"
test Hosts_Access.lns get client_file =
  { "1"
    { "process" = "sshd" }
    { "file" = "/etc/external_file" }
  }

let client_wildcard = "sshd: 192.168.?.*\n"
test Hosts_Access.lns get client_wildcard =
  { "1"
    { "process" = "sshd" }
    { "client" = "192.168.?.*" }
  }

let sample_hosts_allow = "# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
in.telnetd:	192.168.1.
sshd:		70.16., 207.228.
ipop3d:		ALL
sendmail:	ALL
"

test Hosts_Access.lns get sample_hosts_allow =
  { "#comment" = "hosts.allow	This file describes the names of the hosts which are" }
  { "#comment" = "allowed to use the local INET services, as decided" }
  { "#comment" = "by the '/usr/sbin/tcpd' server." }
  { "1"
    { "process" = "in.telnetd" }
    { "client" = "192.168.1." }
  }
  { "2"
    { "process" = "sshd" }
    { "client" = "70.16." }
    { "client" = "207.228." }
  }
  { "3"
    { "process" = "ipop3d" }
    { "client" = "ALL" }
  }
  { "4"
    { "process" = "sendmail" }
    { "client" = "ALL" }
  }


let sample_hosts_deny = "#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
in.telnetd: all

sshd: 61., 62., \
 64.179., 65.
"

test Hosts_Access.lns get sample_hosts_deny =
  {  }
  { "#comment" = "hosts.deny	This file describes the names of the hosts which are" }
  { "#comment" = "*not* allowed to use the local INET services, as decided" }
  { "#comment" = "by the '/usr/sbin/tcpd' server." }
  { "1"
    { "process" = "in.telnetd" }
    { "client" = "all" }
  }
  {  }
  { "2"
    { "process" = "sshd" }
    { "client" = "61." }
    { "client" = "62." }
    { "client" = "64.179." }
    { "client" = "65." }
  }


let ip_mask = "sshd: 61./255.255.255.255\n"

test Hosts_Access.lns get ip_mask =
  { "1"
    { "process" = "sshd" }
    { "client" = "61." { "netmask" = "255.255.255.255" } } }

(* Support options from hosts_options(5) *)
test Hosts_Access.lns get "sshd: all: keepalive\n" =
  { "1"
    { "process" = "sshd" }
    { "client" = "all" }
    { "keepalive" } }

test Hosts_Access.lns get "sshd: all: severity mail.info\n" =
  { "1"
    { "process" = "sshd" }
    { "client" = "all" }
    { "severity" = "mail.info" } }

test Hosts_Access.lns get "sshd: all: severity mail.info : rfc931 5 : DENY\n" =
  { "1"
    { "process" = "sshd" }
    { "client" = "all" }
    { "severity" = "mail.info" }
    { "rfc931" = "5" }
    { "DENY" } }

(* Ticket #255, from FreeBSD *)
let host_options_cmds = "# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a \"finger war\".
fingerd : ALL \
        : spawn (echo Finger. | \
         /usr/bin/mail -s \"tcpd\: %u@%h[%a] fingered me!\" root) & \
        : deny

# The rest of the daemons are protected.
ALL : ALL : \
          severity auth.info \
        : twist /bin/echo \"You are not welcome to use %d from %h.\"
"

test Hosts_Access.lns get host_options_cmds = 
  { "#comment" = "You need to be clever with finger; do _not_ backfinger!! You can easily" }
  { "#comment" = "start a \"finger war\"." }
  { "1"
    { "process" = "fingerd" }
    { "client" = "ALL" }
    { "spawn" = "(echo Finger. | \
         /usr/bin/mail -s \"tcpd\\: %u@%h[%a] fingered me!\" root) &" }
    { "deny" } }
  {  }
  { "#comment" = "The rest of the daemons are protected." }
  { "2"
    { "process" = "ALL" }
    { "client" = "ALL" }
    { "severity" = "auth.info" }
    { "twist" = "/bin/echo \"You are not welcome to use %d from %h.\"" } }

APT Browse - Built by Thomas Orozco.