Add Nmap tests of PCI compliance for Postfix and Dovecot

2017-01-25 11:31:04 +02:00 · 2017-01-25 11:31:04 +02:00 · 78cfad5804
parent 1087e598b1
commit 78cfad5804
1 changed files with 38 additions and 2 deletions
--- a/test/tests.bats
+++ b/test/tests.bats
@ -928,3 +928,39 @@ load 'test_helper/bats-assert/load'
  assert_success
  assert_output 1
 }
+
+#
+# PCI compliance
+#
+
+# dovecot
+@test "checking dovecot: only A grade TLS ciphers are used" {
+  run docker run --rm -i --link mail:dovecot \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 993 dovecot | grep "least strength: A"'
+  assert_success
+}
+
+@test "checking dovecot: nmap produces no warnings on TLS ciphers verifying" {
+  run docker run --rm -i --link mail:dovecot \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 993 dovecot | grep "warnings" | wc -l'
+  assert_success
+  assert_output 0
+}
+
+# postfix
+@test "checking postfix: only A grade TLS ciphers are used" {
+  run docker run --rm -i --link mail:postfix \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 587 postfix | grep "least strength: A"'
+  assert_success
+}
+
+@test "checking postfix: nmap produces no warnings on TLS ciphers verifying" {
+  run docker run --rm -i --link mail:postfix \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 587 postfix | grep "warnings" | wc -l'
+  assert_success
+  assert_output 0
+}