imv_policy_manager: Added capability to execute an allow or block shell command string

[people/ms/strongswan.git] / testing / tests / tnc / tnccs-20-pdp-pt-tls / hosts / alice / etc / strongswan.conf

diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index 21961d4b1f20a0f0949e8ca68e7af2011e6487e0..857e6d6d63f7039a65d93dd0bd3ef7b28f92a328 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,9 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 nonce x509 revocation constraints openssl socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+  load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
 
-  plugins { 
+  plugins {
     tnc-pdp {
       server = aaa.strongswan.org
       radius {
@@ -13,16 +13,22 @@ charon {
   }
 }
 
-libtnccs {
-  plugins {
-    tnccs-20 {
-      max_batch_size = 131056
-      max_message_size = 131024
-    }
-  }
+libtls {
+  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 }
 
 libimcv {
   database = sqlite:///etc/pts/config.db
   policy_script = ipsec imv_policy_manager
+
+  plugins {
+    imv-swid {
+      rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+    }
+  }
+}
+
+imv_policy_manager {
+  command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
+  command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
 }