]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 471f5c7)
ssh: adds test with hassh disabled
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 13 Jan 2026 20:36:42 +0000 (21:36 +0100)
committerVictor Julien <vjulien@oisf.net>
Fri, 16 Jan 2026 21:07:40 +0000 (21:07 +0000)
Ticket: 8223

tests/ssh-hassh-disabled/suricata.yaml [new file with mode: 0644] patch | blob
tests/ssh-hassh-disabled/test.rules [new file with mode: 0644] patch | blob
tests/ssh-hassh-disabled/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/ssh-hassh-disabled/suricata.yaml b/tests/ssh-hassh-disabled/suricata.yaml
new file mode 100644 (file)
index 0000000..f0bc748
--- /dev/null
+++ b/tests/ssh-hassh-disabled/suricata.yaml
@@ -0,0 +1,16 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - alert
+        - ssh
+
+app-layer:
+  # error-policy: ignore
+  protocols:
+    ssh:
+      hassh: no
diff --git a/tests/ssh-hassh-disabled/test.rules b/tests/ssh-hassh-disabled/test.rules
new file mode 100644 (file)
index 0000000..15e1b52
--- /dev/null
+++ b/tests/ssh-hassh-disabled/test.rules
@@ -0,0 +1,4 @@
+alert ssh any any -> any any (msg:"match SSH hash"; ssh.hassh; content:"2dd6531c7e89d3c925db9214711be76a"; sid:1;)
+alert ssh any any -> any any (msg:"match SSH hash-server"; ssh.hassh.server; content:"6832f1ce43d4397c2c0a3e2f8c94334e"; sid:2;)
+alert ssh any any -> any any (msg:"match SSH hash-string"; ssh.hassh.string; content:"umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1"; sid:3;)
+alert ssh any any -> any any (msg:"match SSH hash-server-string"; ssh.hassh.server.string; content:"none,zlib@openssh.com"; sid:4;)
\ No newline at end of file
diff --git a/tests/ssh-hassh-disabled/test.yaml b/tests/ssh-hassh-disabled/test.yaml
new file mode 100644 (file)
index 0000000..7889842
--- /dev/null
+++ b/tests/ssh-hassh-disabled/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 9
+
+args:
+ - -k none
+
+pcap: ../ssh-hassh/input.pcap
+
+exit-code: 1
+
+checks:
+    - shell:
+        args: grep "hassh support is not enabled" stderr | wc -l | xargs
+        expect: 4
Mirror of https://github.com/OISF/suricata-verify.git