diff --git a/gnu/tests/security.scm b/gnu/tests/security.scm index 93cbe4a977..8887396b89 100644 --- a/gnu/tests/security.scm +++ b/gnu/tests/security.scm @@ -97,6 +97,17 @@ (gexp->derivation test-name test))) +;; The /var/log/secure file that is monitored by fail2ban has to be present +;; before the service starts. This limitation is discussed here: +;; https://github.com/fail2ban/fail2ban/issues/1593. +(define %auth-log-activation-service + (simple-service 'create-authlog-file + activation-service-type + #~(begin + (call-with-output-file "/var/log/secure" + (lambda (port) + (display "" port)))))) + (define run-fail2ban-basic-test (fail2ban-test "fail2ban-basic-test" @@ -121,12 +132,14 @@ (define run-fail2ban-simple-test (fail2ban-test - "fail2ban-basic-test" + "fail2ban-simple-test" (simple-operating-system - (service fail2ban-service-type (fail2ban-configuration - (jails (list (fail2ban-jail-configuration - (name "sshd"))))))) + %auth-log-activation-service + (service fail2ban-service-type + (fail2ban-configuration + (jails (list (fail2ban-jail-configuration + (name "sshd"))))))) (test-equal "fail2ban sshd jail running status output" '("Status for the jail: sshd" @@ -175,8 +188,11 @@ "fail2ban-extension-test" (simple-operating-system - (service (fail2ban-jail-service openssh-service-type (fail2ban-jail-configuration - (name "sshd") (enabled? #t))) + %auth-log-activation-service + (service (fail2ban-jail-service openssh-service-type + (fail2ban-jail-configuration + (name "sshd") + (enabled? #t))) (openssh-configuration)) (service static-networking-service-type (list %qemu-static-networking)))