From 889a57fc030dbd49d775d43ff72bf8059c86122a Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Fri, 12 Aug 2016 09:57:03 +0200
Subject: [PATCH] Added DBS-1888 to test for Redis bound to localhost

---
 db/tests.db             |  2 ++
 include/tests_databases | 24 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/db/tests.db b/db/tests.db
index e44b12cd..aba6acbb 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -89,6 +89,8 @@ DBS-1860:test:security:databases::Checking active DB2 instances:
 DBS-1880:test:security:databases::Checking active Redis processes:
 DBS-1882:test:security:databases::Redis configuration file:
 DBS-1884:test:security:databases::Redis configuration (requirepass):
+DBS-1886:test:security:databases::Redis configuration (CONFIG command renamed):
+DBS-1888:test:security:databases::Redis configuration (bind on localhost):
 FINT-4310:test:security:file_integrity::AFICK availability:
 FINT-4314:test:security:file_integrity::AIDE availability:
 FINT-4315:test:security:file_integrity::Check AIDE configuration file:
diff --git a/include/tests_databases b/include/tests_databases
index c32bf0a0..53a3d84f 100644
--- a/include/tests_databases
+++ b/include/tests_databases
@@ -253,6 +253,30 @@
     fi
 #
 #################################################################################
+#
+    # Test        : DBS-1888
+    # Description : Determine Redis configuration option: bind on localhost
+    if [ ${REDIS_RUNNING} -eq 1 -a ${REDIS_CONFIGURATION_FOUND} -eq 1 ]; then PREQS_METS="YES"; else PREQS_MET="NO"; fi
+    Register --test-no DBS-1888 --weight L --network NO --preqs-met "${PREQS_MET}" --category security --description "Redis: bind on localhost"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if FileIsReadable ${REDIS_CONFIGURATION}; then
+            if SearchItem "^bind (localhost|127\.)" "${REDIS_CONFIGURATION}" "--sensitive"; then
+                LogText "Result: found 'bind on localhost' configured"
+                AddHP 3 3
+                Display --indent 4 --text "- Redis (bind on localhost)" --result "${STATUS_FOUND}" --color GREEN
+                Report "redis_bind_localhost=1"
+            else
+                AddHP 0 3
+                Display --indent 4 --text "- Redis (bind on localhost)" --result "${STATUS_NOT_FOUND}" --color YELLOW
+                ReportSuggestion "${TEST_NO}" "Use 'bind' setting to listen on localhost for Redis instance" "${REDIS_CONFIGURATION}" "solution:configure 'bind localhost' to listen on localhost only"
+                Report "redis_bind_localhost=0"
+            fi
+        else
+            LogText "Result: test skipped, as we can't read configuration file"
+        fi
+    fi
+#
+#################################################################################
 #
 
     if [ ${DATABASE_ENGINE_RUNNING} -eq 0 ]; then