source: trunk/test/testrun_1.sh@ 176

Last change on this file since 176 was 172, checked in by katerina, 16 years ago

Documentation update, more dnmalloc fixes.

File size: 33.3 KB
RevLine 
[1]1#! /bin/sh
2
[27]3#
4# Copyright Rainer Wichmann (2006)
5#
6# License Information:
7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation; either version 2 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20#
21
[19]22RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE
23LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
[1]24
[19]25# --enable-login-watch --enable-xml-log
26# --enable-debug --enable-suidcheck --with-prelude
[1]27
[19]28BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug"
29export BUILDOPTS
[1]30
[19]31BASE="${PW_DIR}/testrun_testdata"; export BASE
32TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS
33TFILES="x y z"; export TFILES
[1]34
[19]35###########################################################
36#
37# ---- [Define tests here] ----
38#
[1]39
[19]40# 1 for testing new tests
41testrun1_setup=0
42
[169]43MAXTEST=15; export MAXTEST
[19]44
45test_dirs () {
46 for ff in $CDIRS; do
47 #
48 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
49 if [ $? -ne 0 ]; then
50 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
51 return 1
[1]52 fi
[19]53 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
54 if [ $tmp -ne 1 ]; then
55 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
56 fi
57 #
58 done
59 for ff in $NDIRS; do
60 #
61 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
62 if [ $? -eq 0 ]; then
63 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
64 return 1
65 fi
66 done
67}
68
[169]69
70TESTPOLICY_15="
71[Misc]
72DigestAlgo=SHA1
73RedefReadOnly = +TXT
74[ReadOnly]
75dir=${BASE}
76"
77mod_testdata_15 () {
78 mod_testdata_1
79}
80chk_testdata_15 () {
81 chk_testdata_1
82}
83
84TESTPOLICY_14="
85[Misc]
86DigestAlgo=MD5
87RedefReadOnly = +TXT
88[ReadOnly]
89dir=${BASE}
90"
91mod_testdata_14 () {
92 mod_testdata_1
93}
94chk_testdata_14 () {
95 chk_testdata_1
96}
97
[25]98#
99# combine file check schedule with one-shot mode
100#
[68]101TESTPOLICY_13="
[25]102[ReadOnly]
103dir=99${BASE}
104"
105
[68]106mod_testdata_13 () {
[51]107 one_sec_sleep
[25]108 echo "foobar" >"${BASE}/c/x"; # bad
109 chmod 0555 "${BASE}/a/y"; # bad
110 ORIGINAL='SetFilecheckTime=60'
111 REPLACEMENT='FileCheckScheduleOne = 6 12 * * *'
[51]112 ex -s $RCFILE <<EOF
[30]113%s/${ORIGINAL}/${REPLACEMENT}/g
114wq
[25]115EOF
116}
117
[68]118chk_testdata_13 () {
[25]119 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
120 tmp=`grep CRIT $LOGFILE | wc -l`
121 if [ $tmp -ne 2 ]; then
122 [ -z "$verbose" ] || log_msg_fail "policy count";
123 return 1
124 fi
125 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
126 if [ $? -ne 0 ]; then
127 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
128 return 1
129 fi
130 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
131 if [ $? -ne 0 ]; then
132 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
133 return 1
134 fi
135 CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
136 NDIRS="";
137 test_dirs;
138 return $?
139}
140
[68]141TESTPOLICY_12="
[19]142[ReadOnly]
143dir=99${BASE}
144[IgnoreAll]
145dir=-1${BASE}/b
146[Attributes]
147dir=1${BASE}/a
148"
149
[68]150mod_testdata_12 () {
[51]151 one_sec_sleep
[19]152 echo "foobar" >"${BASE}/b/x"; # ok
153 echo "foobar" >"${BASE}/c/x"; # bad
154 echo "foobar" >"${BASE}/a/x"; # ok
155 chmod 0555 "${BASE}/a/a/x"; # bad
156 chmod 0555 "${BASE}/a/a/a/x";# ok
157 chmod 0555 "${BASE}/a/y"; # bad
158}
159
[68]160chk_testdata_12 () {
[19]161 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
162 tmp=`grep CRIT $LOGFILE | wc -l`
163 if [ $tmp -ne 3 ]; then
164 [ -z "$verbose" ] || log_msg_fail "policy count";
165 return 1
[1]166 fi
[19]167 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
168 if [ $? -ne 0 ]; then
169 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
170 return 1
171 fi
172 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
173 if [ $? -ne 0 ]; then
174 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
175 return 1
176 fi
177 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
178 if [ $? -ne 0 ]; then
179 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
180 return 1
181 fi
182 CDIRS="a a/a a/b a/c c";
183 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
184 test_dirs;
185 return $?
186}
[1]187
[68]188#
189# --- ACL/SELinux test case
190#
191TESTPOLICY_11="
192[ReadOnly]
193dir=99${BASE}
194[IgnoreAll]
195dir=-1${BASE}/b
196[Attributes]
197dir=1${BASE}/a
198[Misc]
199UseSelinuxCheck = no
200UseAclCheck = no
201"
202
203mod_testdata_11 () {
204 one_sec_sleep
205 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
206 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
207 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
208 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign)
209 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
210 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad
211 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad
212}
213
214chk_testdata_11 () {
215 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
216 tmp=`grep CRIT $LOGFILE | wc -l`
217 if [ $tmp -ne 1 ]; then
218 [ -z "$verbose" ] || log_msg_fail "policy count";
219 return 1
220 fi
221 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
222 if [ $? -ne 0 ]; then
223 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
224 return 1
225 fi
226 CDIRS="a a/a a/b a/c c";
227 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
228 test_dirs;
229 return $?
230}
231
232TESTPOLICY_10="
233[ReadOnly]
234dir=99${BASE}
235[IgnoreAll]
236dir=-1${BASE}/b
237[Attributes]
238dir=1${BASE}/a
239"
240
241mod_testdata_10 () {
242 one_sec_sleep
243 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
244 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
245 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
246 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign)
247 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
248 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad
249 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad
250}
251
252chk_testdata_10 () {
253 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
254 tmp=`grep CRIT $LOGFILE | wc -l`
255 if [ $tmp -ne 3 ]; then
256 [ -z "$verbose" ] || log_msg_fail "policy count";
257 return 1
258 fi
259 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
260 if [ $? -ne 0 ]; then
261 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
262 return 1
263 fi
264 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
265 if [ $? -ne 0 ]; then
266 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
267 return 1
268 fi
269 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
270 if [ $? -ne 0 ]; then
271 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
272 return 1
273 fi
274 CDIRS="a a/a a/b a/c c";
275 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
276 test_dirs;
277 return $?
278}
279
[19]280TESTPOLICY_9="
281[ReadOnly]
282dir=0${BASE}/b
283[Attributes]
284dir=2${BASE}/a/a
285"
[1]286
[19]287mod_testdata_9 () {
288 echo "foobar" >"${BASE}/b/x";
289 echo "foobar" >"${BASE}/a/x";
290 echo "foobar" >"${BASE}/x";
291}
292
293chk_testdata_9 () {
294 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
295 tmp=`grep CRIT $LOGFILE | wc -l`
296 if [ $tmp -ne 1 ]; then
297 [ -z "$verbose" ] || log_msg_fail "policy count";
298 return 1
299 fi
300 CDIRS="b a/a a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
301 NDIRS="a c a/b a/c";
302 test_dirs;
303 return $?
304}
305
306TESTPOLICY_8="
307[ReadOnly]
308dir=1${BASE}
309[Attributes]
310dir=1${BASE}/a/a
311"
312
313mod_testdata_8 () {
314 echo "foobar" >"${BASE}/a/x";
315 chmod 0555 "${BASE}/a/a/a/b/x";
316}
317
318chk_testdata_8 () {
319 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
320 tmp=`grep CRIT $LOGFILE | wc -l`
321 if [ $tmp -ne 1 ]; then
322 [ -z "$verbose" ] || log_msg_fail "policy count";
323 return 1
324 fi
325 CDIRS="a b c a/a a/a/a a/a/b a/a/c";
326 NDIRS="a/b a/c a/a/a/a a/a/a/b a/a/a/c";
327 test_dirs;
328 return $?
329}
330
331
332TESTPOLICY_7="
333[ReadOnly]
334dir=${BASE}
335[Attributes]
336dir=${BASE}/a/a
337[GrowingLogFiles]
338dir=${BASE}/a/a/a
339[IgnoreAll]
340file=${BASE}/a/a/a/z
341dir=${BASE}/b
[122]342[Misc]
343IgnoreMissing=${BASE}/a/[[:alnum:]]+/[[:alnum:]]+\$
344IgnoreAdded=${BASE}/a/(b|c)/[[:alnum:]]+\$
[19]345"
346
347mod_testdata_7 () {
[51]348 one_sec_sleep
[19]349 echo "foobar" >"${BASE}/a/a/a/z" # ok
350 echo "foobar" >"${BASE}/a/a/a/x" # bad
351 echo "foobar" >"${BASE}/a/a/x" # ok
352 echo "foobar" >"${BASE}/a/x" # bad
353 chmod 0555 "${BASE}/a" # bad
354 chmod 0555 "${BASE}/b" # ok
[122]355
356 rm "${BASE}/a/c/z"
357 touch "${BASE}/a/c/zz2"
[19]358}
359
360
361chk_testdata_7 () {
362 tmp=`grep CRIT $LOGFILE | wc -l`
[122]363 if [ $tmp -ne 4 ]; then
[19]364 [ -z "$verbose" ] || log_msg_fail "policy count";
365 return 1
366 fi
[122]367 egrep "ERROR.*POLICY MISSING.*${BASE}/a/c/z" $LOGFILE >/dev/null 2>&1
368 if [ $? -eq 0 ]; then
369 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/z";
370 return 1
371 fi
372 egrep "CRIT.*POLICY ADDED.*${BASE}/a/c/zz2" $LOGFILE >/dev/null 2>&1
373 if [ $? -eq 0 ]; then
374 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/zz2";
375 return 1
376 fi
[19]377 egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/a/a/x" $LOGFILE >/dev/null 2>&1
378 if [ $? -ne 0 ]; then
379 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/x";
380 return 1
381 fi
382 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a" $LOGFILE >/dev/null 2>&1
383 if [ $? -ne 0 ]; then
384 [ -z "$verbose" ] || log_msg_fail "${BASE}/a";
385 return 1
386 fi
387 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
388 if [ $? -ne 0 ]; then
389 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
390 return 1
391 fi
392}
393
394
395TESTPOLICY_6="
396[ReadOnly]
397dir=${BASE}
398[Attributes]
399file=${BASE}/a/y
400file=${BASE}/b/y
401file=${BASE}/c/y
402file=${BASE}/a/a/y
403file=${BASE}/a/b/y
404file=${BASE}/a/c/y
405file=${BASE}/a/a/a/y
406file=${BASE}/a/a/b/y
407file=${BASE}/a/a/c/y
408file=${BASE}/a/a/a/a/y
409file=${BASE}/a/a/a/b/y
410file=${BASE}/a/a/a/c/y
411"
412
413mod_testdata_6 () {
[51]414 one_sec_sleep
[19]415 for ff in $TDIRS; do
416 echo "foobar" >"${BASE}/${ff}/x"
417 chmod 0555 "${BASE}/${ff}/y"
418 echo "foobar" >"${BASE}/${ff}/z"
419 done
420}
421
422chk_testdata_6 () {
423 count6=0
424 for ff in $TDIRS; do
[1]425 #
[19]426 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
427 if [ $? -ne 0 ]; then
428 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
429 return 1
430 fi
431 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
432 if [ $tmp -ne 1 ]; then
433 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
434 fi
[1]435 #
[19]436 for gg in $TFILES; do
437 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
438 if [ $? -ne 0 ]; then
439 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
440 fi
441 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
442 if [ $tmp -ne 1 ]; then
443 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
444 fi
445 done
446 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/x" $LOGFILE >/dev/null 2>&1
447 if [ $? -ne 0 ]; then
448 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/x";
449 return 1
450 fi
451 let "count6 = count6 + 1" >/dev/null
452 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/z" $LOGFILE >/dev/null 2>&1
453 if [ $? -ne 0 ]; then
454 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/z";
455 return 1
456 fi
457 let "count6 = count6 + 1" >/dev/null
458 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/${ff}/y" $LOGFILE >/dev/null 2>&1
459 if [ $? -ne 0 ]; then
460 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/y";
461 return 1
462 fi
463 let "count6 = count6 + 1" >/dev/null
464 done
465 tmp=`grep CRIT $LOGFILE | wc -l`
466 if [ $tmp -ne $count6 ]; then
467 [ -z "$verbose" ] || log_msg_fail "policy count";
468 return 1
469 fi
470}
471
472TESTPOLICY_5="
473[Attributes]
474dir=${BASE}
475file=${BASE}/a/a/c/x
476[ReadOnly]
477file=${BASE}/a/a/c/y
478[GrowingLogFiles]
479dir=${BASE}/a/a/c
480dir=${BASE}/a/a/b
481dir=${BASE}/a/b
482"
483
484mod_testdata_5 () {
485 mod_testdata_4
[169]486 echo "1 This is a xxxx file" > "${BASE}/a/a/b/x" # GrowingLogFiles
487 echo "1 This is a test file" > "${BASE}/a/a/b/y" # GrowingLogFiles
488 echo "2 This is a test file" >> "${BASE}/a/a/b/y" # GrowingLogFiles
489 echo "1 This is a xxxx file bad" > "${BASE}/a/a/b/z" # GrowingLogFiles
490 echo "2 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles
491 echo "3 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles
[19]492}
493
494chk_testdata_5 () {
495 for ff in $TDIRS; do
[1]496 #
[19]497 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
498 if [ $? -ne 0 ]; then
499 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
500 return 1
[1]501 fi
[19]502 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
503 if [ $tmp -ne 1 ]; then
504 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
505 fi
[1]506 #
[19]507 for gg in $TFILES; do
508 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
509 if [ $? -ne 0 ]; then
510 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
511 fi
512 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
513 if [ $tmp -ne 1 ]; then
514 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
515 fi
516 done
517 done
518 egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/x" $LOGFILE >/dev/null 2>&1
519 if [ $? -ne 0 ]; then
520 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/x";
521 return 1
522 fi
523 egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/z" $LOGFILE >/dev/null 2>&1
524 if [ $? -ne 0 ]; then
525 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/z";
526 return 1
527 fi
528 egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
529 if [ $? -ne 0 ]; then
530 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
531 return 1
532 fi
533 egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1
534 if [ $? -ne 0 ]; then
535 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z";
536 return 1
537 fi
538 egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1
539 if [ $? -ne 0 ]; then
540 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y";
541 return 1
542 fi
543 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
544 if [ $? -ne 0 ]; then
545 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
546 return 1
547 fi
548 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
549 if [ $? -ne 0 ]; then
550 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
551 return 1
552 fi
553 egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1
554 if [ $? -ne 0 ]; then
555 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
556 return 1
557 fi
558 egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1
559 if [ $? -ne 0 ]; then
560 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
561 return 1
562 fi
563 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
564 if [ $? -ne 0 ]; then
565 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
566 return 1
567 fi
568 tmp=`grep CRIT $LOGFILE | wc -l`
569 if [ $tmp -ne 9 ]; then
570 [ -z "$verbose" ] || log_msg_fail "policy count";
571 return 1
572 fi
573}
[1]574
575
[19]576TESTPOLICY_4="
577[Attributes]
578dir=${BASE}
579file=${BASE}/a/a/c/x
580[ReadOnly]
581file=${BASE}/a/a/c/y
582[LogFiles]
583dir=${BASE}/a/a/c
584dir=${BASE}/a/b
585"
[1]586
[19]587mod_testdata_4 () {
[51]588 one_sec_sleep
[19]589 echo "foobar" >> "${BASE}/a/a/x" # Attributes
590 echo "foobar" > "${BASE}/a/a/c/foo" # new within LogFiles
591 echo "foobar" >> "${BASE}/a/a/c/y" # ReadOnly
592 echo "foobar" >> "${BASE}/a/a/c/x" # Attributes
593 chmod 0555 "${BASE}/a/a/c/x" # Attributes
594 chmod 0555 "${BASE}/a/a/c/z" # LogFiles
595 echo "foobar" >> "${BASE}/a/b/x" # LogFiles
596 echo "" > "${BASE}/a/b/y" # LogFiles
597 chmod 0555 "${BASE}/a/b/z" # LogFiles
598 touch "${BASE}/a/a/[1;30m" # non-printable character in filename
599}
[1]600
[19]601chk_testdata_4 () {
602 for ff in $TDIRS; do
603 #
604 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
605 if [ $? -ne 0 ]; then
606 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
607 return 1
608 fi
609 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
610 if [ $tmp -ne 1 ]; then
611 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
612 fi
613 #
614 for gg in $TFILES; do
615 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
616 if [ $? -ne 0 ]; then
617 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
618 fi
619 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
620 if [ $tmp -ne 1 ]; then
621 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
622 fi
623 done
624 done
625 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
626 if [ $? -ne 0 ]; then
627 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
628 return 1
629 fi
630 egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
631 if [ $? -ne 0 ]; then
632 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
633 return 1
634 fi
635 egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1
636 if [ $? -ne 0 ]; then
637 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z";
638 return 1
639 fi
640 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
641 if [ $? -ne 0 ]; then
642 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
643 return 1
644 fi
645 egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1
646 if [ $? -ne 0 ]; then
647 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
648 return 1
649 fi
650 egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1
651 if [ $? -ne 0 ]; then
652 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
653 return 1
654 fi
655 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
656 if [ $? -ne 0 ]; then
657 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
658 return 1
659 fi
660 tmp=`grep CRIT $LOGFILE | wc -l`
661 if [ $tmp -ne 6 ]; then
662 [ -z "$verbose" ] || log_msg_fail "policy count";
663 return 1
664 fi
665}
[1]666
[19]667TESTPOLICY_3="
668[Attributes]
669dir=${BASE}
670file=${BASE}/a/a/c/x
671[ReadOnly]
672file=${BASE}/a/a/c/y
673[IgnoreAll]
674dir=${BASE}/a/a/c
675"
676mod_testdata_3 () {
[51]677 one_sec_sleep
[19]678 echo "foobar" > "${BASE}/a/b/foo" # new within Attributes
679 chmod 0555 "${BASE}/a/b"
680 echo "foobar" > "${BASE}/a/a/c/foo" # new within IgnoreAll
681 echo "foobar" > "${BASE}/a/a/c/y" # ReadOnly
682 chmod 0555 "${BASE}/a/a/c/x" # Attributes
683 chmod 0555 "${BASE}/a/a/c/z" # IgnoreAll
684}
[1]685
[19]686chk_testdata_3 () {
687 for ff in $TDIRS; do
[1]688 #
[19]689 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
690 if [ $? -ne 0 ]; then
691 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
692 return 1
693 fi
694 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
695 if [ $tmp -ne 1 ]; then
696 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
697 fi
698 #
699 for gg in $TFILES; do
700 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
701 if [ $? -ne 0 ]; then
702 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
703 fi
704 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
705 if [ $tmp -ne 1 ]; then
706 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
707 fi
708 done
709 done
710 egrep "CRIT.*POLICY ADDED.*${BASE}/a/b/foo" $LOGFILE >/dev/null 2>&1
711 if [ $? -ne 0 ]; then
712 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/foo";
713 return 1
714 fi
715 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
716 if [ $? -ne 0 ]; then
717 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
718 return 1
719 fi
720 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1
721 if [ $? -ne 0 ]; then
722 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b";
723 return 1
724 fi
725 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
726 if [ $? -ne 0 ]; then
727 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
728 return 1
729 fi
730 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
731 if [ $? -ne 0 ]; then
732 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
733 return 1
734 fi
735 tmp=`grep CRIT $LOGFILE | wc -l`
736 if [ $tmp -ne 5 ]; then
737 [ -z "$verbose" ] || log_msg_fail "policy count";
738 return 1
739 fi
740}
741
742TESTPOLICY_2="
743[ReadOnly]
744dir=${BASE}
745file=${BASE}/a/a/c/x
746[IgnoreAll]
747dir=${BASE}/a/a/c
748"
749mod_testdata_2 () {
[169]750 # mod_testdata_1;
751 one_sec_sleep
752 touch "${BASE}/a/a/x"
753 chmod 0555 "${BASE}/a/a/y"
754 mv "${BASE}/a/b/y" "${BASE}/a/b/yy";
755 echo "1 This is a test file" > "${BASE}/a/b/y";
756 echo "2 This is a test file" >> "${BASE}/a/b/y";
757 echo "4 This is a test file" >> "${BASE}/a/b/z";
758 rm "${BASE}/a/b/yy"; # mv/rm to force new inode
759 rm "${BASE}/a/b/l_y";
760 ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y";
761 echo "foobar" > "${BASE}/a/c/y"
[19]762 rm "${BASE}/a/a/c/y"
763 echo "foobar" > "${BASE}/a/a/c/foo"
764 chmod 0555 "${BASE}/a/a/c/x"
765 chmod 0555 "${BASE}/a/a/c/z"
766}
767
768chk_testdata_2 () {
769 for ff in $TDIRS; do
770 #
771 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
772 if [ $? -ne 0 ]; then
773 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
774 return 1
775 fi
776 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
777 if [ $tmp -ne 1 ]; then
778 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
779 fi
780 #
781 for gg in $TFILES; do
782 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
783 if [ $? -ne 0 ]; then
784 if [ x"${ff}/${gg}" = x"a/a/c/y" ]; then :; else
785 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
786 return 1
[1]787 fi
[19]788 fi
789 done
790 done
791 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
792 if [ $? -ne 0 ]; then
793 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
794 return 1
795 fi
796 egrep "CRIT.*POLICY MISSING.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
797 if [ $? -ne 0 ]; then
798 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
799 return 1
800 fi
801 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
802 if [ $? -ne 0 ]; then
803 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
804 return 1
805 fi
806 tmp=`grep CRIT $LOGFILE | wc -l`
[169]807 if [ $tmp -ne 10 ]; then
[19]808 [ -z "$verbose" ] || log_msg_fail "policy count";
809 return 1
810 fi
811}
[1]812
[19]813TESTPOLICY_1="
[169]814[Misc]
815RedefReadOnly = +TXT
[19]816[ReadOnly]
817dir=${BASE}
818"
819
820mod_testdata_1 () {
[51]821 one_sec_sleep
[19]822 touch "${BASE}/a/a/x"
823 chmod 0555 "${BASE}/a/a/y"
[169]824 mv "${BASE}/a/b/y" "${BASE}/a/b/yy";
825 echo "1 This is a test file" > "${BASE}/a/b/y";
826 echo "2 This is a test file" >> "${BASE}/a/b/y";
827 echo "4 This is a test file" >> "${BASE}/a/b/z";
828 rm "${BASE}/a/b/yy"; # mv/rm to force new inode
829 rm "${BASE}/a/b/l_y";
830 ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y";
[19]831 echo "foobar" > "${BASE}/a/c/y"
[169]832 #
833 mv "${BASE}/b/x" "${BASE}/b/xx"; # mv/rm to force new inode
834 mkdir "${BASE}/b/x"
835 rm "${BASE}/b/xx";
836 #
837 mv "${BASE}/b/y" "${BASE}/b/yy"; # mv/rm to force new inode
838 ln -s "${BASE}/b/z" "${BASE}/b/y"
839 rm "${BASE}/b/yy";
840 #
841 rm "${BASE}/b/l_x"; echo "1 This is a test file" > "${BASE}/b/l_x";
[19]842}
843
844chk_testdata_1 () {
845 for ff in $TDIRS; do
846 #
847 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
848 if [ $? -ne 0 ]; then
849 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
850 return 1
[1]851 fi
[19]852 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
853 if [ $tmp -ne 1 ]; then
854 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
[169]855 return 1
[19]856 fi
857 #
858 for gg in $TFILES; do
859 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
860 if [ $? -ne 0 ]; then
[169]861 if [ "${BASE}/${ff}" != "${BASE}/b" ]; then
862 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checksum)";
863 return 1
864 fi
[19]865 fi
866 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
867 if [ $tmp -ne 1 ]; then
[169]868 if [ "${BASE}/${ff}" != "${BASE}/b" ]; then
869 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
870 return 1
871 fi
[19]872 fi
873 done
874 done
[169]875 #
876 #
877 #
878 egrep "CRIT.*POLICY \[ReadOnly\] ----H---T-.*${BASE}/b" $LOGFILE >/dev/null 2>&1
879 if [ $? -ne 0 ]; then
880 [ -z "$verbose" ] || log_msg_fail "${BASE}/b";
881 return 1
882 fi
883 egrep "CRIT.*POLICY \[ReadOnly\] CL-I-M--TS.*${BASE}/b/y" $LOGFILE >/dev/null 2>&1
884 if [ $? -ne 0 ]; then
885 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/y";
886 return 1
887 fi
888 egrep "CRIT.*POLICY \[ReadOnly\] CL---M--TS.*${BASE}/b/l_x" $LOGFILE >/dev/null 2>&1
889 if [ $? -ne 0 ]; then
890 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/l_x";
891 return 1
892 fi
893 egrep "CRIT.*POLICY \[ReadOnly\] C--IHM--TS.*${BASE}/b/x" $LOGFILE >/dev/null 2>&1
894 if [ $? -ne 0 ]; then
895 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/x";
896 return 1
897 fi
898 #
899 #
900 #
[19]901 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
902 if [ $? -ne 0 ]; then
903 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
904 return 1
905 fi
906 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
907 if [ $? -ne 0 ]; then
908 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
909 return 1
910 fi
911 egrep "CRIT.*POLICY \[ReadOnly\] ---I----T-.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1
912 if [ $? -ne 0 ]; then
913 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y";
914 return 1
915 fi
[169]916 egrep "CRIT.*POLICY \[ReadOnly\] -L-I----T-.*${BASE}/a/b/l_y" $LOGFILE >/dev/null 2>&1
917 if [ $? -ne 0 ]; then
918 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/l_y";
919 return 1
920 fi
[19]921 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1
922 if [ $? -ne 0 ]; then
923 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b";
924 return 1
925 fi
[169]926 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
927 if [ $? -ne 0 ]; then
928 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
929 return 1
930 fi
[19]931 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/c/y" $LOGFILE >/dev/null 2>&1
932 if [ $? -ne 0 ]; then
933 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/y";
934 return 1
935 fi
936 tmp=`grep CRIT $LOGFILE | wc -l`
[169]937 if [ $tmp -ne 11 ]; then
[19]938 [ -z "$verbose" ] || log_msg_fail "policy count";
939 return 1
940 fi
[169]941 for ff in x y z; do
942 ./samhain --list-file "${BASE}/a/a/${ff}" -d "$PW_DIR/.samhain_file" > "$PW_DIR/.samhain_tmp"
943 diff "$PW_DIR/.samhain_tmp" "${BASE}/a/a/${ff}" >/dev/null
944 if [ $? -ne 0 ]; then
945 [ -z "$verbose" ] || log_msg_fail "diff $PW_DIR/.samhain_tmp ${BASE}/a/a/${ff}"
946 return 1
947 fi
948 done
949
[19]950 return 0
951}
[1]952
953
[19]954##############################################################
955#
956# Common subroutines
957#
[1]958
[19]959mkconfig_misc ()
960{
961 test -f "${RCFILE}" || touch "${RCFILE}"
962 cat >> "${RCFILE}" <<End-of-data
963[Misc]
964Daemon=no
965SetFilecheckTime=60
966TrustedUser=uucp,fax,fnet
967SetRecursionLevel=10
968SetLoopTime=30
969ReportFullDetail = no
970ChecksumTest=check
971
972End-of-data
973}
974
975mkconfig_log ()
976{
977 test -f "${RCFILE}" || touch "${RCFILE}"
978 cat >> "${RCFILE}" <<End-of-data
979[Log]
980MailSeverity=none
981LogSeverity=warn
982SyslogSeverity=none
983PrintSeverity=info
984MailSeverity=none
985#Restrict to certain classes of messages
986#LogClass=RUN
987#PreludeSeverity=err
988#ExportSeverity=none
989
990End-of-data
991}
992
993mkconfig_sev ()
994{
995 test -f "${RCFILE}" || touch "${RCFILE}"
996 cat >> "${RCFILE}" <<End-of-data
997[EventSeverity]
998SeverityUser0=crit
999SeverityUser1=crit
1000SeverityReadOnly=crit
1001SeverityLogFiles=crit
1002SeverityGrowingLogs=crit
1003SeverityIgnoreNone=crit
1004SeverityAttributes=crit
1005SeverityIgnoreAll=crit
1006SeverityFiles=err
1007SeverityDirs=err
1008SeverityNames=warn
1009
1010End-of-data
1011}
1012
1013prep_testpolicy ()
1014{
1015 test -f "${RCFILE}" || touch "${RCFILE}"
1016 eval echo '"$'"TESTPOLICY_$1"'"' >>"${RCFILE}"
1017}
1018
1019prep_init ()
1020{
1021 rm -f ./.samhain_file
1022 rm -f "${LOGFILE}"
1023 rm -f ./.samhain_lock
1024
1025 rm -f "${RCFILE}"
1026 mkconfig_sev
1027 mkconfig_log
1028 mkconfig_misc
1029}
1030
1031run_init ()
1032{
[22]1033 rm -f test_log_valgrind
[19]1034
[22]1035 ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind
1036
[19]1037 if test x$? = x0; then
1038 [ -z "$verbose" ] || log_msg_ok "init...";
1039 else
1040 [ -z "$quiet" ] && log_msg_fail "init...";
1041 return 1
1042 fi
1043}
1044
1045run_check ()
1046{
[138]1047 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
[68]1048
1049 if test x$? = x0; then
[19]1050
1051 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
[68]1052
[19]1053 if [ $? -ne 0 ]; then
1054 [ -z "$quiet" ] && log_msg_fail "mv logfile...";
1055 return 1
1056 fi
1057 [ -z "$verbose" ] || log_msg_ok "check...";
1058 else
1059 [ -z "$quiet" ] && log_msg_fail "check...";
1060 return 1
1061 fi
1062}
1063
1064run_update ()
1065{
[22]1066 ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind
[19]1067
1068 if test x$? = x0; then
1069 [ -z "$verbose" ] || log_msg_ok "update...";
1070 else
1071 [ -z "$quiet" ] && log_msg_fail "update...";
1072 return 1
1073 fi
1074}
1075
1076run_check_after_update ()
1077{
1078 rm -rf $LOGFILE
1079
[22]1080 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
[19]1081
1082 if test x$? = x0; then
1083 #
1084 tmp=`./samhain -j -L $LOGFILE | grep CRIT | wc -l`
1085 if [ $tmp -ne 0 ]; then
1086 [ -z "$verbose" ] || log_msg_fail "update not successful(?)";
1087 return 1
1088 fi
[30]1089 #
1090 # wtmp may not be readable
1091 #
1092 tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l`
[19]1093 if [ $tmp -ne 0 ]; then
[30]1094 [ -z "$verbose" ] || log_msg_fail "errors during check";
[19]1095 return 1
1096 fi
1097 #
[22]1098 [ -z "$VALGRIND" ] || {
1099 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;
1100 if [ $tmp -ne 0 ]; then
1101 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";
1102 cat test_log_valgrind
1103 return 1;
1104 fi;
1105 }
1106 #
[19]1107 [ -z "$verbose" ] || log_msg_ok "check(2)...";
1108 else
1109 [ -z "$quiet" ] && log_msg_fail "check(2)...";
1110 return 1
1111 fi
1112}
1113
1114prep_testdata ()
1115{
[30]1116 if test -d "$BASE"; then
1117 if [ -d "${BASE}" ]; then
[172]1118 chmod -f -R 0700 "${BASE}" || {
1119 [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}";
[30]1120 return 1;
1121 }
1122 fi
[22]1123 fi
[19]1124
1125 rm -rf "${BASE}" || {
1126 [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}";
1127 return 1;
1128 }
1129
1130 mkdir "${BASE}" || {
1131 [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}";
1132 return 1;
1133 }
1134
1135 for ff in $TDIRS; do
1136 mkdir "${BASE}/${ff}" || {
1137 [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}";
1138 return 1;
1139 }
1140 chmod 0755 "${BASE}/${ff}"
1141 for gg in $TFILES; do
[169]1142 echo "1 This is a test file" > "${BASE}/${ff}/${gg}"
[19]1143 chmod 0644 "${BASE}/${ff}/${gg}"
[169]1144 ln -s "${BASE}/${ff}/${gg}" "${BASE}/${ff}/l_${gg}"
[19]1145 done
[169]1146 echo "2 This is a test file" >> "${BASE}/${ff}/y"
1147 echo "2 This is a test file" >> "${BASE}/${ff}/z"
1148 echo "3 This is a test file" >> "${BASE}/${ff}/z"
[19]1149 done
1150}
1151
1152check_err ()
1153{
1154 if [ $1 -ne 0 ]; then
[68]1155 log_fail ${2} ${MAXTEST};
[19]1156 return 1
1157 fi
1158 return 0
1159}
1160
1161testrun_internal ()
1162{
1163 [ -z "$verbose" ] || echo Working directory: $PW_DIR
1164 [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
1165
1166 #
1167 # test standalone compilation
1168 #
1169 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
1170
1171 if test -r "Makefile"; then
1172 $MAKE distclean >/dev/null
1173 fi
1174
1175 ${TOP_SRCDIR}/configure ${BUILDOPTS}
1176
1177 #
[1]1178 if test x$? = x0; then
[19]1179 [ -z "$verbose" ] || log_msg_ok "configure...";
[30]1180 $MAKE >/dev/null 2>>test_log
[1]1181 if test x$? = x0; then
[19]1182 [ -z "$verbose" ] || log_msg_ok "make...";
[1]1183 else
[19]1184 [ -z "$quiet" ] && log_msg_fail "make...";
1185 return 1
[1]1186 fi
[19]1187
[1]1188 else
[19]1189 [ -z "$quiet" ] && log_msg_fail "configure...";
1190 return 1
[1]1191 fi
1192
[19]1193 [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
[1]1194
[19]1195 tcount=1
1196 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
[1]1197
[19]1198 until [ -z "$POLICY" ]
1199 do
1200 prep_init
1201 check_err $? ${tcount}; errval=$?
1202 if [ $errval -eq 0 ]; then
1203 prep_testdata
1204 check_err $? ${tcount}; errval=$?
1205 fi
1206 if [ $errval -eq 0 ]; then
1207 prep_testpolicy ${tcount}
1208 check_err $? ${tcount}; errval=$?
1209 fi
1210 if [ $errval -eq 0 ]; then
1211 run_init
1212 check_err $? ${tcount}; errval=$?
1213 fi
1214 if [ $errval -eq 0 ]; then
1215 eval mod_testdata_${tcount}
1216 check_err $? ${tcount}; errval=$?
1217 fi
1218 if [ $errval -eq 0 ]; then
1219 run_check
1220 check_err $? ${tcount}; errval=$?
1221 fi
1222 if [ $errval -eq 0 ]; then
1223 eval chk_testdata_${tcount}
1224 check_err $? ${tcount}; errval=$?
1225 fi
1226 if [ $testrun1_setup -eq 0 ]; then
1227 if [ $errval -eq 0 ]; then
1228 run_update
1229 check_err $? ${tcount}; errval=$?
1230 fi
1231 if [ $errval -eq 0 ]; then
1232 run_check_after_update
1233 check_err $? ${tcount}; errval=$?
1234 fi
1235 fi
1236 #
1237 if [ $errval -eq 0 ]; then
1238 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
1239 fi
[68]1240 #
[19]1241 let "tcount = tcount + 1" >/dev/null
[68]1242 #
1243 if [ -z "$doall" -a $tcount -eq 10 ]; then
1244 log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
1245 let "tcount = tcount + 1" >/dev/null
1246 fi
1247 #
1248 if [ -z "$doall" -a $tcount -eq 11 ]; then
1249 log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
1250 let "tcount = tcount + 1" >/dev/null
1251 fi
1252 #
[19]1253 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
1254 done
1255
1256 return 0
1257}
[1]1258
[19]1259testrun1 ()
1260{
1261 log_start "RUN STANDALONE"
1262 testrun_internal
1263 log_end "RUN STANDALONE"
1264 return 0
1265}
[1]1266
1267
1268
Note: See TracBrowser for help on using the repository browser.