From: Philippe Antoine Date: Tue, 13 Jan 2026 20:36:42 +0000 (+0100) Subject: ssh: adds test with hassh disabled X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48cf24f822ac5ae354a8675a889aeed4ee27b5bc;p=thirdparty%2Fsuricata-verify.git ssh: adds test with hassh disabled Ticket: 8223 --- diff --git a/tests/ssh-hassh-disabled/suricata.yaml b/tests/ssh-hassh-disabled/suricata.yaml new file mode 100644 index 000000000..f0bc748e8 --- /dev/null +++ b/tests/ssh-hassh-disabled/suricata.yaml @@ -0,0 +1,16 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - alert + - ssh + +app-layer: + # error-policy: ignore + protocols: + ssh: + hassh: no diff --git a/tests/ssh-hassh-disabled/test.rules b/tests/ssh-hassh-disabled/test.rules new file mode 100644 index 000000000..15e1b528c --- /dev/null +++ b/tests/ssh-hassh-disabled/test.rules @@ -0,0 +1,4 @@ +alert ssh any any -> any any (msg:"match SSH hash"; ssh.hassh; content:"2dd6531c7e89d3c925db9214711be76a"; sid:1;) +alert ssh any any -> any any (msg:"match SSH hash-server"; ssh.hassh.server; content:"6832f1ce43d4397c2c0a3e2f8c94334e"; sid:2;) +alert ssh any any -> any any (msg:"match SSH hash-string"; ssh.hassh.string; content:"umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1"; sid:3;) +alert ssh any any -> any any (msg:"match SSH hash-server-string"; ssh.hassh.server.string; content:"none,zlib@openssh.com"; sid:4;) \ No newline at end of file diff --git a/tests/ssh-hassh-disabled/test.yaml b/tests/ssh-hassh-disabled/test.yaml new file mode 100644 index 000000000..78898422c --- /dev/null +++ b/tests/ssh-hassh-disabled/test.yaml @@ -0,0 +1,14 @@ +requires: + min-version: 9 + +args: + - -k none + +pcap: ../ssh-hassh/input.pcap + +exit-code: 1 + +checks: + - shell: + args: grep "hassh support is not enabled" stderr | wc -l | xargs + expect: 4