File: README.md

package info (click to toggle)
openvpn3-client 24.1%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 19,384 kB
  • sloc: cpp: 180,128; python: 11,591; ansic: 1,878; sh: 1,767; java: 402; lisp: 81; makefile: 44
file content (57 lines) | stat: -rw-r--r-- 2,456 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
Device Posture Check Test Program (devposture-proxy)
====================================================

This program is used to interact with the Device Posture Check service
provided by the ``openvpn3-service-devposture`` service.

The purpose of this service is to collect certain information from the
host it runs on request by a VPN server and provide that result back to
the VPN server.  This is done via "Device Posture Check Requests", aka
:code:`dpc_-_request` objects.  This is a JSON object sent to the VPN client
by the server and follows a standardised `dpc-request` format.  The locally
running `openvpn3-service-devposture` service will parse these requests and
provide a JSON :code:`dpc_response` response back.  To test this service
locally without a server setup, the `devposture-proxy` tool will generate
the `dpc_request` object and present the result from the service.

Two example profiles are shipped together with the basic
`openvpn3-service-devposture` installation; :code:`example1.json` and
:code:`example2.json`.  The filename stem (filename without extension),
declares what is called the *Device Posture Enterprise Profile*.

Examples
--------
The `./devposture-proxy` tool must be run as :code:`root`.  The default
configuration expects only the :code:`openvpn` user to call the
`openvpn3-service-devposture` service.  To achieve this, this test tool
will drop all privileges to become :code:`openvpn` before establishing
a connection to the device posture check service.

### List supported DPC checker modules

     # ./devposture --list-modules

### Run the defined tests in the :code:`example1` Enterprise Profile

     # ./devposture-proxy --enterprise-profile example1 \
                          --test host_info --test client_time

The tests `host_info` and `client_time` are defined in the
:code:`example1.json` file.

### Run the defined tests in the :code:`example1` Enterprise Profile

     # ./devposture-proxy --enterprise-profile example2 \
                          --test merged-results

This profile uses a variant of the first example, where all the tests
from both test modules

### Run a specific DPC protocol check

The examples provides defines two different response protocols;
:code:`dpc-example1` and :code:`dpc-example2`.  To run just the `host_info`
check as defined in the `dpc-example1` protocol:

     # ./devposture-proxy --protocol dpc-example1 \
                          --test host_info