source: trunk/test/testrun_1.sh@ 416

Last change on this file since 416 was 371, checked in by katerina, 13 years ago

Patch for ticket #265 (inotify support).

File size: 34.0 KB
RevLine 
[1]1#! /bin/sh
2
[27]3#
4# Copyright Rainer Wichmann (2006)
5#
6# License Information:
7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation; either version 2 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20#
21
[19]22RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE
23LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
[1]24
[19]25# --enable-login-watch --enable-xml-log
26# --enable-debug --enable-suidcheck --with-prelude
[1]27
[19]28BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug"
29export BUILDOPTS
[1]30
[19]31BASE="${PW_DIR}/testrun_testdata"; export BASE
32TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS
33TFILES="x y z"; export TFILES
[1]34
[19]35###########################################################
36#
37# ---- [Define tests here] ----
38#
[1]39
[19]40# 1 for testing new tests
41testrun1_setup=0
42
[169]43MAXTEST=15; export MAXTEST
[19]44
45test_dirs () {
46 for ff in $CDIRS; do
47 #
48 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
49 if [ $? -ne 0 ]; then
50 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
51 return 1
[1]52 fi
[19]53 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
54 if [ $tmp -ne 1 ]; then
55 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
56 fi
57 #
58 done
59 for ff in $NDIRS; do
60 #
61 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
62 if [ $? -eq 0 ]; then
63 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
64 return 1
65 fi
66 done
67}
68
[169]69
70TESTPOLICY_15="
71[Misc]
72DigestAlgo=SHA1
73RedefReadOnly = +TXT
74[ReadOnly]
75dir=${BASE}
76"
77mod_testdata_15 () {
78 mod_testdata_1
79}
80chk_testdata_15 () {
81 chk_testdata_1
82}
83
84TESTPOLICY_14="
85[Misc]
86DigestAlgo=MD5
87RedefReadOnly = +TXT
88[ReadOnly]
89dir=${BASE}
90"
91mod_testdata_14 () {
92 mod_testdata_1
93}
94chk_testdata_14 () {
95 chk_testdata_1
96}
97
[25]98#
99# combine file check schedule with one-shot mode
100#
[68]101TESTPOLICY_13="
[25]102[ReadOnly]
103dir=99${BASE}
104"
105
[68]106mod_testdata_13 () {
[51]107 one_sec_sleep
[25]108 echo "foobar" >"${BASE}/c/x"; # bad
109 chmod 0555 "${BASE}/a/y"; # bad
110 ORIGINAL='SetFilecheckTime=60'
111 REPLACEMENT='FileCheckScheduleOne = 6 12 * * *'
[51]112 ex -s $RCFILE <<EOF
[30]113%s/${ORIGINAL}/${REPLACEMENT}/g
114wq
[25]115EOF
116}
117
[68]118chk_testdata_13 () {
[25]119 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
120 tmp=`grep CRIT $LOGFILE | wc -l`
121 if [ $tmp -ne 2 ]; then
122 [ -z "$verbose" ] || log_msg_fail "policy count";
123 return 1
124 fi
125 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
126 if [ $? -ne 0 ]; then
127 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
128 return 1
129 fi
130 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
131 if [ $? -ne 0 ]; then
132 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
133 return 1
134 fi
135 CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
136 NDIRS="";
137 test_dirs;
138 return $?
139}
140
[68]141TESTPOLICY_12="
[19]142[ReadOnly]
143dir=99${BASE}
144[IgnoreAll]
145dir=-1${BASE}/b
146[Attributes]
147dir=1${BASE}/a
148"
149
[68]150mod_testdata_12 () {
[51]151 one_sec_sleep
[19]152 echo "foobar" >"${BASE}/b/x"; # ok
153 echo "foobar" >"${BASE}/c/x"; # bad
154 echo "foobar" >"${BASE}/a/x"; # ok
155 chmod 0555 "${BASE}/a/a/x"; # bad
156 chmod 0555 "${BASE}/a/a/a/x";# ok
157 chmod 0555 "${BASE}/a/y"; # bad
158}
159
[68]160chk_testdata_12 () {
[19]161 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
162 tmp=`grep CRIT $LOGFILE | wc -l`
163 if [ $tmp -ne 3 ]; then
164 [ -z "$verbose" ] || log_msg_fail "policy count";
165 return 1
[1]166 fi
[19]167 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
168 if [ $? -ne 0 ]; then
169 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
170 return 1
171 fi
172 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
173 if [ $? -ne 0 ]; then
174 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
175 return 1
176 fi
177 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
178 if [ $? -ne 0 ]; then
179 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
180 return 1
181 fi
182 CDIRS="a a/a a/b a/c c";
183 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
184 test_dirs;
185 return $?
186}
[1]187
[68]188#
189# --- ACL/SELinux test case
190#
191TESTPOLICY_11="
[207]192[Misc]
193UseAclCheck=yes
194UseSelinuxCheck=yes
[68]195[ReadOnly]
196dir=99${BASE}
197[IgnoreAll]
198dir=-1${BASE}/b
199[Attributes]
200dir=1${BASE}/a
201[Misc]
202UseSelinuxCheck = no
203UseAclCheck = no
204"
205
206mod_testdata_11 () {
207 one_sec_sleep
208 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
209 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
210 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
211 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign)
212 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
213 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad
214 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad
215}
216
217chk_testdata_11 () {
218 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
219 tmp=`grep CRIT $LOGFILE | wc -l`
220 if [ $tmp -ne 1 ]; then
221 [ -z "$verbose" ] || log_msg_fail "policy count";
222 return 1
223 fi
224 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
225 if [ $? -ne 0 ]; then
226 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
227 return 1
228 fi
229 CDIRS="a a/a a/b a/c c";
230 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
231 test_dirs;
232 return $?
233}
234
235TESTPOLICY_10="
[207]236[Misc]
237UseAclCheck=yes
238UseSelinuxCheck=yes
[68]239[ReadOnly]
240dir=99${BASE}
241[IgnoreAll]
242dir=-1${BASE}/b
243[Attributes]
244dir=1${BASE}/a
245"
246
247mod_testdata_10 () {
248 one_sec_sleep
249 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
250 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
251 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
252 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign)
253 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
254 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad
255 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad
256}
257
258chk_testdata_10 () {
259 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
260 tmp=`grep CRIT $LOGFILE | wc -l`
[207]261 if [ $tmp -ne 5 ]; then
[68]262 [ -z "$verbose" ] || log_msg_fail "policy count";
263 return 1
264 fi
265 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
266 if [ $? -ne 0 ]; then
267 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
268 return 1
269 fi
270 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
271 if [ $? -ne 0 ]; then
272 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
273 return 1
274 fi
275 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
276 if [ $? -ne 0 ]; then
277 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
278 return 1
279 fi
280 CDIRS="a a/a a/b a/c c";
281 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
282 test_dirs;
283 return $?
284}
285
[19]286TESTPOLICY_9="
287[ReadOnly]
288dir=0${BASE}/b
289[Attributes]
290dir=2${BASE}/a/a
291"
[1]292
[19]293mod_testdata_9 () {
294 echo "foobar" >"${BASE}/b/x";
295 echo "foobar" >"${BASE}/a/x";
296 echo "foobar" >"${BASE}/x";
297}
298
299chk_testdata_9 () {
300 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
301 tmp=`grep CRIT $LOGFILE | wc -l`
302 if [ $tmp -ne 1 ]; then
303 [ -z "$verbose" ] || log_msg_fail "policy count";
304 return 1
305 fi
306 CDIRS="b a/a a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
307 NDIRS="a c a/b a/c";
308 test_dirs;
309 return $?
310}
311
312TESTPOLICY_8="
313[ReadOnly]
314dir=1${BASE}
315[Attributes]
316dir=1${BASE}/a/a
317"
318
319mod_testdata_8 () {
320 echo "foobar" >"${BASE}/a/x";
321 chmod 0555 "${BASE}/a/a/a/b/x";
322}
323
324chk_testdata_8 () {
325 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
326 tmp=`grep CRIT $LOGFILE | wc -l`
327 if [ $tmp -ne 1 ]; then
328 [ -z "$verbose" ] || log_msg_fail "policy count";
329 return 1
330 fi
331 CDIRS="a b c a/a a/a/a a/a/b a/a/c";
332 NDIRS="a/b a/c a/a/a/a a/a/a/b a/a/a/c";
333 test_dirs;
334 return $?
335}
336
337
338TESTPOLICY_7="
339[ReadOnly]
340dir=${BASE}
341[Attributes]
342dir=${BASE}/a/a
343[GrowingLogFiles]
344dir=${BASE}/a/a/a
345[IgnoreAll]
346file=${BASE}/a/a/a/z
347dir=${BASE}/b
[122]348[Misc]
349IgnoreMissing=${BASE}/a/[[:alnum:]]+/[[:alnum:]]+\$
350IgnoreAdded=${BASE}/a/(b|c)/[[:alnum:]]+\$
[19]351"
352
353mod_testdata_7 () {
[51]354 one_sec_sleep
[19]355 echo "foobar" >"${BASE}/a/a/a/z" # ok
356 echo "foobar" >"${BASE}/a/a/a/x" # bad
357 echo "foobar" >"${BASE}/a/a/x" # ok
358 echo "foobar" >"${BASE}/a/x" # bad
359 chmod 0555 "${BASE}/a" # bad
360 chmod 0555 "${BASE}/b" # ok
[122]361
362 rm "${BASE}/a/c/z"
363 touch "${BASE}/a/c/zz2"
[19]364}
365
366
367chk_testdata_7 () {
368 tmp=`grep CRIT $LOGFILE | wc -l`
[122]369 if [ $tmp -ne 4 ]; then
[19]370 [ -z "$verbose" ] || log_msg_fail "policy count";
371 return 1
372 fi
[122]373 egrep "ERROR.*POLICY MISSING.*${BASE}/a/c/z" $LOGFILE >/dev/null 2>&1
374 if [ $? -eq 0 ]; then
375 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/z";
376 return 1
377 fi
378 egrep "CRIT.*POLICY ADDED.*${BASE}/a/c/zz2" $LOGFILE >/dev/null 2>&1
379 if [ $? -eq 0 ]; then
380 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/zz2";
381 return 1
382 fi
[19]383 egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/a/a/x" $LOGFILE >/dev/null 2>&1
384 if [ $? -ne 0 ]; then
385 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/x";
386 return 1
387 fi
388 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a" $LOGFILE >/dev/null 2>&1
389 if [ $? -ne 0 ]; then
390 [ -z "$verbose" ] || log_msg_fail "${BASE}/a";
391 return 1
392 fi
393 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
394 if [ $? -ne 0 ]; then
395 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
396 return 1
397 fi
398}
399
400
401TESTPOLICY_6="
402[ReadOnly]
403dir=${BASE}
404[Attributes]
405file=${BASE}/a/y
406file=${BASE}/b/y
407file=${BASE}/c/y
408file=${BASE}/a/a/y
409file=${BASE}/a/b/y
410file=${BASE}/a/c/y
411file=${BASE}/a/a/a/y
412file=${BASE}/a/a/b/y
413file=${BASE}/a/a/c/y
414file=${BASE}/a/a/a/a/y
415file=${BASE}/a/a/a/b/y
416file=${BASE}/a/a/a/c/y
417"
418
419mod_testdata_6 () {
[51]420 one_sec_sleep
[19]421 for ff in $TDIRS; do
422 echo "foobar" >"${BASE}/${ff}/x"
423 chmod 0555 "${BASE}/${ff}/y"
424 echo "foobar" >"${BASE}/${ff}/z"
425 done
426}
427
428chk_testdata_6 () {
429 count6=0
430 for ff in $TDIRS; do
[1]431 #
[19]432 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
433 if [ $? -ne 0 ]; then
434 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
435 return 1
436 fi
437 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
438 if [ $tmp -ne 1 ]; then
439 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
440 fi
[1]441 #
[19]442 for gg in $TFILES; do
443 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
444 if [ $? -ne 0 ]; then
445 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
446 fi
447 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
448 if [ $tmp -ne 1 ]; then
449 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
450 fi
451 done
452 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/x" $LOGFILE >/dev/null 2>&1
453 if [ $? -ne 0 ]; then
454 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/x";
455 return 1
456 fi
457 let "count6 = count6 + 1" >/dev/null
458 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/z" $LOGFILE >/dev/null 2>&1
459 if [ $? -ne 0 ]; then
460 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/z";
461 return 1
462 fi
463 let "count6 = count6 + 1" >/dev/null
464 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/${ff}/y" $LOGFILE >/dev/null 2>&1
465 if [ $? -ne 0 ]; then
466 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/y";
467 return 1
468 fi
469 let "count6 = count6 + 1" >/dev/null
470 done
471 tmp=`grep CRIT $LOGFILE | wc -l`
472 if [ $tmp -ne $count6 ]; then
473 [ -z "$verbose" ] || log_msg_fail "policy count";
474 return 1
475 fi
476}
477
478TESTPOLICY_5="
479[Attributes]
480dir=${BASE}
481file=${BASE}/a/a/c/x
482[ReadOnly]
483file=${BASE}/a/a/c/y
484[GrowingLogFiles]
485dir=${BASE}/a/a/c
486dir=${BASE}/a/a/b
487dir=${BASE}/a/b
488"
489
490mod_testdata_5 () {
491 mod_testdata_4
[169]492 echo "1 This is a xxxx file" > "${BASE}/a/a/b/x" # GrowingLogFiles
493 echo "1 This is a test file" > "${BASE}/a/a/b/y" # GrowingLogFiles
494 echo "2 This is a test file" >> "${BASE}/a/a/b/y" # GrowingLogFiles
495 echo "1 This is a xxxx file bad" > "${BASE}/a/a/b/z" # GrowingLogFiles
496 echo "2 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles
497 echo "3 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles
[19]498}
499
500chk_testdata_5 () {
501 for ff in $TDIRS; do
[1]502 #
[19]503 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
504 if [ $? -ne 0 ]; then
505 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
506 return 1
[1]507 fi
[19]508 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
509 if [ $tmp -ne 1 ]; then
510 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
511 fi
[1]512 #
[19]513 for gg in $TFILES; do
514 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
515 if [ $? -ne 0 ]; then
516 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
517 fi
518 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
519 if [ $tmp -ne 1 ]; then
520 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
521 fi
522 done
523 done
524 egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/x" $LOGFILE >/dev/null 2>&1
525 if [ $? -ne 0 ]; then
526 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/x";
527 return 1
528 fi
529 egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/z" $LOGFILE >/dev/null 2>&1
530 if [ $? -ne 0 ]; then
531 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/z";
532 return 1
533 fi
534 egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
535 if [ $? -ne 0 ]; then
536 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
537 return 1
538 fi
539 egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1
540 if [ $? -ne 0 ]; then
541 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z";
542 return 1
543 fi
544 egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1
545 if [ $? -ne 0 ]; then
546 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y";
547 return 1
548 fi
549 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
550 if [ $? -ne 0 ]; then
551 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
552 return 1
553 fi
554 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
555 if [ $? -ne 0 ]; then
556 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
557 return 1
558 fi
559 egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1
560 if [ $? -ne 0 ]; then
561 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
562 return 1
563 fi
564 egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1
565 if [ $? -ne 0 ]; then
566 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
567 return 1
568 fi
569 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
570 if [ $? -ne 0 ]; then
571 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
572 return 1
573 fi
574 tmp=`grep CRIT $LOGFILE | wc -l`
575 if [ $tmp -ne 9 ]; then
576 [ -z "$verbose" ] || log_msg_fail "policy count";
577 return 1
578 fi
579}
[1]580
581
[19]582TESTPOLICY_4="
583[Attributes]
584dir=${BASE}
585file=${BASE}/a/a/c/x
586[ReadOnly]
587file=${BASE}/a/a/c/y
588[LogFiles]
589dir=${BASE}/a/a/c
590dir=${BASE}/a/b
591"
[1]592
[19]593mod_testdata_4 () {
[51]594 one_sec_sleep
[19]595 echo "foobar" >> "${BASE}/a/a/x" # Attributes
596 echo "foobar" > "${BASE}/a/a/c/foo" # new within LogFiles
597 echo "foobar" >> "${BASE}/a/a/c/y" # ReadOnly
598 echo "foobar" >> "${BASE}/a/a/c/x" # Attributes
599 chmod 0555 "${BASE}/a/a/c/x" # Attributes
600 chmod 0555 "${BASE}/a/a/c/z" # LogFiles
601 echo "foobar" >> "${BASE}/a/b/x" # LogFiles
602 echo "" > "${BASE}/a/b/y" # LogFiles
603 chmod 0555 "${BASE}/a/b/z" # LogFiles
604 touch "${BASE}/a/a/[1;30m" # non-printable character in filename
605}
[1]606
[19]607chk_testdata_4 () {
608 for ff in $TDIRS; do
609 #
610 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
611 if [ $? -ne 0 ]; then
612 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
613 return 1
614 fi
615 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
616 if [ $tmp -ne 1 ]; then
617 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
618 fi
619 #
620 for gg in $TFILES; do
621 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
622 if [ $? -ne 0 ]; then
623 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
624 fi
625 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
626 if [ $tmp -ne 1 ]; then
627 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
628 fi
629 done
630 done
631 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
632 if [ $? -ne 0 ]; then
633 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
634 return 1
635 fi
636 egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
637 if [ $? -ne 0 ]; then
638 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
639 return 1
640 fi
641 egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1
642 if [ $? -ne 0 ]; then
643 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z";
644 return 1
645 fi
646 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
647 if [ $? -ne 0 ]; then
648 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
649 return 1
650 fi
651 egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1
652 if [ $? -ne 0 ]; then
653 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
654 return 1
655 fi
656 egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1
657 if [ $? -ne 0 ]; then
658 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
659 return 1
660 fi
661 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
662 if [ $? -ne 0 ]; then
663 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
664 return 1
665 fi
666 tmp=`grep CRIT $LOGFILE | wc -l`
667 if [ $tmp -ne 6 ]; then
668 [ -z "$verbose" ] || log_msg_fail "policy count";
669 return 1
670 fi
671}
[1]672
[19]673TESTPOLICY_3="
674[Attributes]
675dir=${BASE}
676file=${BASE}/a/a/c/x
677[ReadOnly]
678file=${BASE}/a/a/c/y
679[IgnoreAll]
680dir=${BASE}/a/a/c
681"
682mod_testdata_3 () {
[51]683 one_sec_sleep
[19]684 echo "foobar" > "${BASE}/a/b/foo" # new within Attributes
685 chmod 0555 "${BASE}/a/b"
686 echo "foobar" > "${BASE}/a/a/c/foo" # new within IgnoreAll
687 echo "foobar" > "${BASE}/a/a/c/y" # ReadOnly
688 chmod 0555 "${BASE}/a/a/c/x" # Attributes
689 chmod 0555 "${BASE}/a/a/c/z" # IgnoreAll
690}
[1]691
[19]692chk_testdata_3 () {
693 for ff in $TDIRS; do
[1]694 #
[19]695 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
696 if [ $? -ne 0 ]; then
697 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
698 return 1
699 fi
700 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
701 if [ $tmp -ne 1 ]; then
702 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
703 fi
704 #
705 for gg in $TFILES; do
706 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
707 if [ $? -ne 0 ]; then
708 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
709 fi
710 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
711 if [ $tmp -ne 1 ]; then
712 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
713 fi
714 done
715 done
716 egrep "CRIT.*POLICY ADDED.*${BASE}/a/b/foo" $LOGFILE >/dev/null 2>&1
717 if [ $? -ne 0 ]; then
718 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/foo";
719 return 1
720 fi
721 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
722 if [ $? -ne 0 ]; then
723 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
724 return 1
725 fi
726 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1
727 if [ $? -ne 0 ]; then
728 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b";
729 return 1
730 fi
731 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
732 if [ $? -ne 0 ]; then
733 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
734 return 1
735 fi
736 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
737 if [ $? -ne 0 ]; then
738 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
739 return 1
740 fi
741 tmp=`grep CRIT $LOGFILE | wc -l`
742 if [ $tmp -ne 5 ]; then
743 [ -z "$verbose" ] || log_msg_fail "policy count";
744 return 1
745 fi
746}
747
748TESTPOLICY_2="
749[ReadOnly]
750dir=${BASE}
751file=${BASE}/a/a/c/x
752[IgnoreAll]
753dir=${BASE}/a/a/c
754"
755mod_testdata_2 () {
[169]756 # mod_testdata_1;
757 one_sec_sleep
758 touch "${BASE}/a/a/x"
759 chmod 0555 "${BASE}/a/a/y"
760 mv "${BASE}/a/b/y" "${BASE}/a/b/yy";
761 echo "1 This is a test file" > "${BASE}/a/b/y";
762 echo "2 This is a test file" >> "${BASE}/a/b/y";
763 echo "4 This is a test file" >> "${BASE}/a/b/z";
764 rm "${BASE}/a/b/yy"; # mv/rm to force new inode
765 rm "${BASE}/a/b/l_y";
766 ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y";
767 echo "foobar" > "${BASE}/a/c/y"
[19]768 rm "${BASE}/a/a/c/y"
769 echo "foobar" > "${BASE}/a/a/c/foo"
770 chmod 0555 "${BASE}/a/a/c/x"
771 chmod 0555 "${BASE}/a/a/c/z"
772}
773
774chk_testdata_2 () {
775 for ff in $TDIRS; do
776 #
777 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
778 if [ $? -ne 0 ]; then
779 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
780 return 1
781 fi
782 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
783 if [ $tmp -ne 1 ]; then
784 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
785 fi
786 #
787 for gg in $TFILES; do
788 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
789 if [ $? -ne 0 ]; then
790 if [ x"${ff}/${gg}" = x"a/a/c/y" ]; then :; else
791 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
792 return 1
[1]793 fi
[19]794 fi
795 done
796 done
797 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
798 if [ $? -ne 0 ]; then
799 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
800 return 1
801 fi
802 egrep "CRIT.*POLICY MISSING.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
803 if [ $? -ne 0 ]; then
804 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
805 return 1
806 fi
807 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
808 if [ $? -ne 0 ]; then
809 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
810 return 1
811 fi
812 tmp=`grep CRIT $LOGFILE | wc -l`
[169]813 if [ $tmp -ne 10 ]; then
[19]814 [ -z "$verbose" ] || log_msg_fail "policy count";
815 return 1
816 fi
817}
[1]818
[19]819TESTPOLICY_1="
[169]820[Misc]
821RedefReadOnly = +TXT
[19]822[ReadOnly]
823dir=${BASE}
824"
825
826mod_testdata_1 () {
[51]827 one_sec_sleep
[19]828 touch "${BASE}/a/a/x"
829 chmod 0555 "${BASE}/a/a/y"
[169]830 mv "${BASE}/a/b/y" "${BASE}/a/b/yy";
831 echo "1 This is a test file" > "${BASE}/a/b/y";
832 echo "2 This is a test file" >> "${BASE}/a/b/y";
833 echo "4 This is a test file" >> "${BASE}/a/b/z";
834 rm "${BASE}/a/b/yy"; # mv/rm to force new inode
835 rm "${BASE}/a/b/l_y";
836 ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y";
[19]837 echo "foobar" > "${BASE}/a/c/y"
[169]838 #
839 mv "${BASE}/b/x" "${BASE}/b/xx"; # mv/rm to force new inode
840 mkdir "${BASE}/b/x"
841 rm "${BASE}/b/xx";
842 #
843 mv "${BASE}/b/y" "${BASE}/b/yy"; # mv/rm to force new inode
844 ln -s "${BASE}/b/z" "${BASE}/b/y"
845 rm "${BASE}/b/yy";
846 #
847 rm "${BASE}/b/l_x"; echo "1 This is a test file" > "${BASE}/b/l_x";
[19]848}
849
850chk_testdata_1 () {
851 for ff in $TDIRS; do
852 #
853 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
854 if [ $? -ne 0 ]; then
855 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
856 return 1
[1]857 fi
[19]858 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
859 if [ $tmp -ne 1 ]; then
860 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
[169]861 return 1
[19]862 fi
863 #
864 for gg in $TFILES; do
865 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
866 if [ $? -ne 0 ]; then
[169]867 if [ "${BASE}/${ff}" != "${BASE}/b" ]; then
868 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checksum)";
869 return 1
870 fi
[19]871 fi
872 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
873 if [ $tmp -ne 1 ]; then
[169]874 if [ "${BASE}/${ff}" != "${BASE}/b" ]; then
875 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
876 return 1
877 fi
[19]878 fi
879 done
880 done
[169]881 #
882 #
883 #
884 egrep "CRIT.*POLICY \[ReadOnly\] ----H---T-.*${BASE}/b" $LOGFILE >/dev/null 2>&1
885 if [ $? -ne 0 ]; then
886 [ -z "$verbose" ] || log_msg_fail "${BASE}/b";
887 return 1
888 fi
889 egrep "CRIT.*POLICY \[ReadOnly\] CL-I-M--TS.*${BASE}/b/y" $LOGFILE >/dev/null 2>&1
890 if [ $? -ne 0 ]; then
891 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/y";
892 return 1
893 fi
[257]894 egrep "CRIT.*POLICY \[ReadOnly\] CL-.-M--TS.*${BASE}/b/l_x" $LOGFILE >/dev/null 2>&1
[169]895 if [ $? -ne 0 ]; then
896 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/l_x";
897 return 1
898 fi
899 egrep "CRIT.*POLICY \[ReadOnly\] C--IHM--TS.*${BASE}/b/x" $LOGFILE >/dev/null 2>&1
900 if [ $? -ne 0 ]; then
901 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/x";
902 return 1
903 fi
904 #
905 #
906 #
[19]907 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
908 if [ $? -ne 0 ]; then
909 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
910 return 1
911 fi
912 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
913 if [ $? -ne 0 ]; then
914 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
915 return 1
916 fi
917 egrep "CRIT.*POLICY \[ReadOnly\] ---I----T-.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1
918 if [ $? -ne 0 ]; then
919 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y";
920 return 1
921 fi
[169]922 egrep "CRIT.*POLICY \[ReadOnly\] -L-I----T-.*${BASE}/a/b/l_y" $LOGFILE >/dev/null 2>&1
923 if [ $? -ne 0 ]; then
924 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/l_y";
925 return 1
926 fi
[19]927 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1
928 if [ $? -ne 0 ]; then
929 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b";
930 return 1
931 fi
[169]932 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
933 if [ $? -ne 0 ]; then
934 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
935 return 1
936 fi
[19]937 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/c/y" $LOGFILE >/dev/null 2>&1
938 if [ $? -ne 0 ]; then
939 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/y";
940 return 1
941 fi
942 tmp=`grep CRIT $LOGFILE | wc -l`
[169]943 if [ $tmp -ne 11 ]; then
[19]944 [ -z "$verbose" ] || log_msg_fail "policy count";
945 return 1
946 fi
[169]947 for ff in x y z; do
948 ./samhain --list-file "${BASE}/a/a/${ff}" -d "$PW_DIR/.samhain_file" > "$PW_DIR/.samhain_tmp"
949 diff "$PW_DIR/.samhain_tmp" "${BASE}/a/a/${ff}" >/dev/null
950 if [ $? -ne 0 ]; then
951 [ -z "$verbose" ] || log_msg_fail "diff $PW_DIR/.samhain_tmp ${BASE}/a/a/${ff}"
952 return 1
953 fi
954 done
955
[19]956 return 0
957}
[1]958
959
[19]960##############################################################
961#
962# Common subroutines
963#
[1]964
[19]965mkconfig_misc ()
966{
967 test -f "${RCFILE}" || touch "${RCFILE}"
968 cat >> "${RCFILE}" <<End-of-data
969[Misc]
970Daemon=no
971SetFilecheckTime=60
972TrustedUser=uucp,fax,fnet
973SetRecursionLevel=10
974SetLoopTime=30
975ReportFullDetail = no
976ChecksumTest=check
977
978End-of-data
979}
980
981mkconfig_log ()
982{
983 test -f "${RCFILE}" || touch "${RCFILE}"
984 cat >> "${RCFILE}" <<End-of-data
985[Log]
986MailSeverity=none
987LogSeverity=warn
988SyslogSeverity=none
989PrintSeverity=info
990MailSeverity=none
991#Restrict to certain classes of messages
992#LogClass=RUN
993#PreludeSeverity=err
994#ExportSeverity=none
995
996End-of-data
997}
998
999mkconfig_sev ()
1000{
1001 test -f "${RCFILE}" || touch "${RCFILE}"
1002 cat >> "${RCFILE}" <<End-of-data
1003[EventSeverity]
1004SeverityUser0=crit
1005SeverityUser1=crit
1006SeverityReadOnly=crit
1007SeverityLogFiles=crit
1008SeverityGrowingLogs=crit
1009SeverityIgnoreNone=crit
1010SeverityAttributes=crit
1011SeverityIgnoreAll=crit
1012SeverityFiles=err
1013SeverityDirs=err
1014SeverityNames=warn
1015
1016End-of-data
1017}
1018
1019prep_testpolicy ()
1020{
1021 test -f "${RCFILE}" || touch "${RCFILE}"
1022 eval echo '"$'"TESTPOLICY_$1"'"' >>"${RCFILE}"
1023}
1024
1025prep_init ()
1026{
1027 rm -f ./.samhain_file
1028 rm -f "${LOGFILE}"
1029 rm -f ./.samhain_lock
1030
1031 rm -f "${RCFILE}"
1032 mkconfig_sev
1033 mkconfig_log
1034 mkconfig_misc
1035}
1036
1037run_init ()
1038{
[22]1039 rm -f test_log_valgrind
[19]1040
[22]1041 ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind
1042
[19]1043 if test x$? = x0; then
1044 [ -z "$verbose" ] || log_msg_ok "init...";
1045 else
1046 [ -z "$quiet" ] && log_msg_fail "init...";
1047 return 1
1048 fi
1049}
1050
1051run_check ()
1052{
[371]1053 if [ "x$1" = "x" ]; then
1054 logsev=debug
1055 else
1056 logsev=$1
1057 fi
1058 ${VALGRIND} ./samhain -t check -p none -l $logsev 2>>test_log_valgrind
[68]1059
1060 if test x$? = x0; then
[19]1061
1062 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
[68]1063
[19]1064 if [ $? -ne 0 ]; then
1065 [ -z "$quiet" ] && log_msg_fail "mv logfile...";
1066 return 1
1067 fi
1068 [ -z "$verbose" ] || log_msg_ok "check...";
1069 else
1070 [ -z "$quiet" ] && log_msg_fail "check...";
1071 return 1
1072 fi
1073}
1074
1075run_update ()
1076{
[22]1077 ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind
[19]1078
1079 if test x$? = x0; then
1080 [ -z "$verbose" ] || log_msg_ok "update...";
1081 else
1082 [ -z "$quiet" ] && log_msg_fail "update...";
1083 return 1
1084 fi
1085}
1086
1087run_check_after_update ()
1088{
1089 rm -rf $LOGFILE
1090
[22]1091 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
[19]1092
1093 if test x$? = x0; then
1094 #
1095 tmp=`./samhain -j -L $LOGFILE | grep CRIT | wc -l`
1096 if [ $tmp -ne 0 ]; then
1097 [ -z "$verbose" ] || log_msg_fail "update not successful(?)";
1098 return 1
1099 fi
[30]1100 #
1101 # wtmp may not be readable
1102 #
1103 tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l`
[19]1104 if [ $tmp -ne 0 ]; then
[30]1105 [ -z "$verbose" ] || log_msg_fail "errors during check";
[19]1106 return 1
1107 fi
1108 #
[22]1109 [ -z "$VALGRIND" ] || {
1110 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;
1111 if [ $tmp -ne 0 ]; then
1112 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";
1113 cat test_log_valgrind
1114 return 1;
1115 fi;
1116 }
1117 #
[19]1118 [ -z "$verbose" ] || log_msg_ok "check(2)...";
1119 else
1120 [ -z "$quiet" ] && log_msg_fail "check(2)...";
1121 return 1
1122 fi
1123}
1124
1125prep_testdata ()
1126{
[30]1127 if test -d "$BASE"; then
1128 if [ -d "${BASE}" ]; then
[172]1129 chmod -f -R 0700 "${BASE}" || {
1130 [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}";
[30]1131 return 1;
1132 }
1133 fi
[22]1134 fi
[19]1135
1136 rm -rf "${BASE}" || {
1137 [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}";
1138 return 1;
1139 }
1140
1141 mkdir "${BASE}" || {
1142 [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}";
1143 return 1;
1144 }
1145
1146 for ff in $TDIRS; do
1147 mkdir "${BASE}/${ff}" || {
1148 [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}";
1149 return 1;
1150 }
1151 chmod 0755 "${BASE}/${ff}"
1152 for gg in $TFILES; do
[169]1153 echo "1 This is a test file" > "${BASE}/${ff}/${gg}"
[19]1154 chmod 0644 "${BASE}/${ff}/${gg}"
[169]1155 ln -s "${BASE}/${ff}/${gg}" "${BASE}/${ff}/l_${gg}"
[19]1156 done
[169]1157 echo "2 This is a test file" >> "${BASE}/${ff}/y"
1158 echo "2 This is a test file" >> "${BASE}/${ff}/z"
1159 echo "3 This is a test file" >> "${BASE}/${ff}/z"
[19]1160 done
1161}
1162
1163check_err ()
1164{
1165 if [ $1 -ne 0 ]; then
[68]1166 log_fail ${2} ${MAXTEST};
[19]1167 return 1
1168 fi
1169 return 0
1170}
1171
1172testrun_internal ()
1173{
1174 [ -z "$verbose" ] || echo Working directory: $PW_DIR
1175 [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
1176
1177 #
1178 # test standalone compilation
1179 #
1180 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
1181
1182 if test -r "Makefile"; then
1183 $MAKE distclean >/dev/null
1184 fi
1185
1186 ${TOP_SRCDIR}/configure ${BUILDOPTS}
1187
1188 #
[1]1189 if test x$? = x0; then
[19]1190 [ -z "$verbose" ] || log_msg_ok "configure...";
[30]1191 $MAKE >/dev/null 2>>test_log
[1]1192 if test x$? = x0; then
[19]1193 [ -z "$verbose" ] || log_msg_ok "make...";
[1]1194 else
[19]1195 [ -z "$quiet" ] && log_msg_fail "make...";
1196 return 1
[1]1197 fi
[19]1198
[1]1199 else
[19]1200 [ -z "$quiet" ] && log_msg_fail "configure...";
1201 return 1
[1]1202 fi
1203
[19]1204 [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
[1]1205
[19]1206 tcount=1
1207 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
[1]1208
[19]1209 until [ -z "$POLICY" ]
1210 do
1211 prep_init
1212 check_err $? ${tcount}; errval=$?
1213 if [ $errval -eq 0 ]; then
1214 prep_testdata
1215 check_err $? ${tcount}; errval=$?
1216 fi
1217 if [ $errval -eq 0 ]; then
1218 prep_testpolicy ${tcount}
1219 check_err $? ${tcount}; errval=$?
1220 fi
1221 if [ $errval -eq 0 ]; then
1222 run_init
1223 check_err $? ${tcount}; errval=$?
1224 fi
1225 if [ $errval -eq 0 ]; then
1226 eval mod_testdata_${tcount}
1227 check_err $? ${tcount}; errval=$?
1228 fi
1229 if [ $errval -eq 0 ]; then
1230 run_check
1231 check_err $? ${tcount}; errval=$?
1232 fi
1233 if [ $errval -eq 0 ]; then
1234 eval chk_testdata_${tcount}
1235 check_err $? ${tcount}; errval=$?
1236 fi
1237 if [ $testrun1_setup -eq 0 ]; then
1238 if [ $errval -eq 0 ]; then
1239 run_update
1240 check_err $? ${tcount}; errval=$?
1241 fi
1242 if [ $errval -eq 0 ]; then
1243 run_check_after_update
1244 check_err $? ${tcount}; errval=$?
1245 fi
1246 fi
1247 #
1248 if [ $errval -eq 0 ]; then
1249 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
1250 fi
[68]1251 #
[19]1252 let "tcount = tcount + 1" >/dev/null
[68]1253 #
[207]1254 if [ $tcount -eq 10 ]; then
1255 if [ -z "$doall" ]; then
1256 log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
1257 log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
1258 let "tcount = tcount + 2" >/dev/null
1259 else
1260 # 'id -u' is posix
1261 #
1262 if test -f /usr/xpg4/bin/id
1263 then
1264 my_uid=`/usr/xpg4/bin/id -u`
1265 else
1266 my_uid=`id -u`
1267 fi
1268 #
1269 if [ ${my_uid} -ne 0 ]; then
1270 log_skip 10 $MAXTEST 'ACL/SELinux test (you are not root)'
1271 log_skip 11 $MAXTEST 'ACL/SELinux test (you are not root)'
1272 let "tcount = tcount + 2" >/dev/null
1273 else
1274
1275 SETFATTR=`find_path setfattr`
1276 if [ -z "$SETFATTR" ]; then
1277 log_skip 10 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
1278 log_skip 11 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
1279 let "tcount = tcount + 2" >/dev/null
1280 fi
1281 fi
1282 fi
[68]1283 fi
1284 #
[19]1285 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
1286 done
1287
1288 return 0
1289}
[1]1290
[19]1291testrun1 ()
1292{
1293 log_start "RUN STANDALONE"
1294 testrun_internal
1295 log_end "RUN STANDALONE"
1296 return 0
1297}
[1]1298
1299
1300
Note: See TracBrowser for help on using the repository browser.