source: trunk/test/testrun_1.sh@ 578

Last change on this file since 578 was 481, checked in by katerina, 9 years ago

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

File size: 34.2 KB
RevLine 
[1]1#! /bin/sh
2
[27]3#
4# Copyright Rainer Wichmann (2006)
5#
6# License Information:
7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation; either version 2 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20#
21
[19]22RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE
23LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
[1]24
[19]25# --enable-login-watch --enable-xml-log
26# --enable-debug --enable-suidcheck --with-prelude
[1]27
[19]28BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug"
29export BUILDOPTS
[1]30
[19]31BASE="${PW_DIR}/testrun_testdata"; export BASE
32TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS
33TFILES="x y z"; export TFILES
[1]34
[19]35###########################################################
36#
37# ---- [Define tests here] ----
38#
[1]39
[19]40# 1 for testing new tests
41testrun1_setup=0
42
[169]43MAXTEST=15; export MAXTEST
[481]44MAXTEST_3=15; export MAXTEST_3
[19]45
46test_dirs () {
47 for ff in $CDIRS; do
48 #
49 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
50 if [ $? -ne 0 ]; then
51 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
52 return 1
[1]53 fi
[19]54 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
55 if [ $tmp -ne 1 ]; then
56 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
57 fi
58 #
59 done
60 for ff in $NDIRS; do
61 #
62 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
63 if [ $? -eq 0 ]; then
64 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
65 return 1
66 fi
67 done
68}
69
[169]70
71TESTPOLICY_15="
72[Misc]
73DigestAlgo=SHA1
74RedefReadOnly = +TXT
75[ReadOnly]
76dir=${BASE}
77"
78mod_testdata_15 () {
79 mod_testdata_1
80}
81chk_testdata_15 () {
82 chk_testdata_1
83}
84
85TESTPOLICY_14="
86[Misc]
87DigestAlgo=MD5
88RedefReadOnly = +TXT
89[ReadOnly]
90dir=${BASE}
91"
92mod_testdata_14 () {
93 mod_testdata_1
94}
95chk_testdata_14 () {
96 chk_testdata_1
97}
98
[25]99#
100# combine file check schedule with one-shot mode
101#
[68]102TESTPOLICY_13="
[25]103[ReadOnly]
104dir=99${BASE}
105"
106
[68]107mod_testdata_13 () {
[51]108 one_sec_sleep
[25]109 echo "foobar" >"${BASE}/c/x"; # bad
110 chmod 0555 "${BASE}/a/y"; # bad
111 ORIGINAL='SetFilecheckTime=60'
112 REPLACEMENT='FileCheckScheduleOne = 6 12 * * *'
[51]113 ex -s $RCFILE <<EOF
[30]114%s/${ORIGINAL}/${REPLACEMENT}/g
115wq
[25]116EOF
117}
118
[68]119chk_testdata_13 () {
[25]120 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
121 tmp=`grep CRIT $LOGFILE | wc -l`
122 if [ $tmp -ne 2 ]; then
123 [ -z "$verbose" ] || log_msg_fail "policy count";
124 return 1
125 fi
126 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
127 if [ $? -ne 0 ]; then
128 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
129 return 1
130 fi
131 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
132 if [ $? -ne 0 ]; then
133 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
134 return 1
135 fi
136 CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
137 NDIRS="";
138 test_dirs;
139 return $?
140}
141
[68]142TESTPOLICY_12="
[19]143[ReadOnly]
144dir=99${BASE}
145[IgnoreAll]
146dir=-1${BASE}/b
147[Attributes]
148dir=1${BASE}/a
149"
150
[68]151mod_testdata_12 () {
[51]152 one_sec_sleep
[19]153 echo "foobar" >"${BASE}/b/x"; # ok
154 echo "foobar" >"${BASE}/c/x"; # bad
155 echo "foobar" >"${BASE}/a/x"; # ok
156 chmod 0555 "${BASE}/a/a/x"; # bad
157 chmod 0555 "${BASE}/a/a/a/x";# ok
158 chmod 0555 "${BASE}/a/y"; # bad
159}
160
[68]161chk_testdata_12 () {
[19]162 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
163 tmp=`grep CRIT $LOGFILE | wc -l`
164 if [ $tmp -ne 3 ]; then
165 [ -z "$verbose" ] || log_msg_fail "policy count";
166 return 1
[1]167 fi
[19]168 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
169 if [ $? -ne 0 ]; then
170 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
171 return 1
172 fi
173 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
174 if [ $? -ne 0 ]; then
175 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
176 return 1
177 fi
178 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
179 if [ $? -ne 0 ]; then
180 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
181 return 1
182 fi
183 CDIRS="a a/a a/b a/c c";
184 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
185 test_dirs;
186 return $?
187}
[1]188
[68]189#
190# --- ACL/SELinux test case
191#
192TESTPOLICY_11="
[207]193[Misc]
194UseAclCheck=yes
195UseSelinuxCheck=yes
[68]196[ReadOnly]
197dir=99${BASE}
198[IgnoreAll]
199dir=-1${BASE}/b
200[Attributes]
201dir=1${BASE}/a
202[Misc]
203UseSelinuxCheck = no
204UseAclCheck = no
205"
206
207mod_testdata_11 () {
208 one_sec_sleep
209 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
210 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
211 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
212 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign)
213 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
214 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad
215 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad
216}
217
218chk_testdata_11 () {
219 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
220 tmp=`grep CRIT $LOGFILE | wc -l`
221 if [ $tmp -ne 1 ]; then
222 [ -z "$verbose" ] || log_msg_fail "policy count";
223 return 1
224 fi
225 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
226 if [ $? -ne 0 ]; then
227 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
228 return 1
229 fi
230 CDIRS="a a/a a/b a/c c";
231 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
232 test_dirs;
233 return $?
234}
235
236TESTPOLICY_10="
[207]237[Misc]
238UseAclCheck=yes
239UseSelinuxCheck=yes
[68]240[ReadOnly]
241dir=99${BASE}
242[IgnoreAll]
243dir=-1${BASE}/b
244[Attributes]
245dir=1${BASE}/a
246"
247
248mod_testdata_10 () {
249 one_sec_sleep
250 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
251 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
252 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
253 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign)
254 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
255 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad
256 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad
257}
258
259chk_testdata_10 () {
260 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
261 tmp=`grep CRIT $LOGFILE | wc -l`
[207]262 if [ $tmp -ne 5 ]; then
[68]263 [ -z "$verbose" ] || log_msg_fail "policy count";
264 return 1
265 fi
266 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
267 if [ $? -ne 0 ]; then
268 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
269 return 1
270 fi
271 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
272 if [ $? -ne 0 ]; then
273 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
274 return 1
275 fi
276 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
277 if [ $? -ne 0 ]; then
278 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
279 return 1
280 fi
281 CDIRS="a a/a a/b a/c c";
282 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
283 test_dirs;
284 return $?
285}
286
[19]287TESTPOLICY_9="
288[ReadOnly]
289dir=0${BASE}/b
290[Attributes]
291dir=2${BASE}/a/a
292"
[1]293
[19]294mod_testdata_9 () {
295 echo "foobar" >"${BASE}/b/x";
296 echo "foobar" >"${BASE}/a/x";
297 echo "foobar" >"${BASE}/x";
298}
299
300chk_testdata_9 () {
301 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
302 tmp=`grep CRIT $LOGFILE | wc -l`
303 if [ $tmp -ne 1 ]; then
304 [ -z "$verbose" ] || log_msg_fail "policy count";
305 return 1
306 fi
307 CDIRS="b a/a a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
308 NDIRS="a c a/b a/c";
309 test_dirs;
310 return $?
311}
312
313TESTPOLICY_8="
314[ReadOnly]
315dir=1${BASE}
316[Attributes]
317dir=1${BASE}/a/a
318"
319
320mod_testdata_8 () {
321 echo "foobar" >"${BASE}/a/x";
322 chmod 0555 "${BASE}/a/a/a/b/x";
323}
324
325chk_testdata_8 () {
326 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
327 tmp=`grep CRIT $LOGFILE | wc -l`
328 if [ $tmp -ne 1 ]; then
329 [ -z "$verbose" ] || log_msg_fail "policy count";
330 return 1
331 fi
332 CDIRS="a b c a/a a/a/a a/a/b a/a/c";
333 NDIRS="a/b a/c a/a/a/a a/a/a/b a/a/a/c";
334 test_dirs;
335 return $?
336}
337
338
339TESTPOLICY_7="
340[ReadOnly]
341dir=${BASE}
342[Attributes]
343dir=${BASE}/a/a
344[GrowingLogFiles]
345dir=${BASE}/a/a/a
346[IgnoreAll]
347file=${BASE}/a/a/a/z
348dir=${BASE}/b
[122]349[Misc]
350IgnoreMissing=${BASE}/a/[[:alnum:]]+/[[:alnum:]]+\$
351IgnoreAdded=${BASE}/a/(b|c)/[[:alnum:]]+\$
[19]352"
353
354mod_testdata_7 () {
[51]355 one_sec_sleep
[19]356 echo "foobar" >"${BASE}/a/a/a/z" # ok
357 echo "foobar" >"${BASE}/a/a/a/x" # bad
358 echo "foobar" >"${BASE}/a/a/x" # ok
359 echo "foobar" >"${BASE}/a/x" # bad
360 chmod 0555 "${BASE}/a" # bad
361 chmod 0555 "${BASE}/b" # ok
[122]362
363 rm "${BASE}/a/c/z"
364 touch "${BASE}/a/c/zz2"
[19]365}
366
367
368chk_testdata_7 () {
369 tmp=`grep CRIT $LOGFILE | wc -l`
[122]370 if [ $tmp -ne 4 ]; then
[19]371 [ -z "$verbose" ] || log_msg_fail "policy count";
372 return 1
373 fi
[122]374 egrep "ERROR.*POLICY MISSING.*${BASE}/a/c/z" $LOGFILE >/dev/null 2>&1
375 if [ $? -eq 0 ]; then
376 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/z";
377 return 1
378 fi
379 egrep "CRIT.*POLICY ADDED.*${BASE}/a/c/zz2" $LOGFILE >/dev/null 2>&1
380 if [ $? -eq 0 ]; then
381 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/zz2";
382 return 1
383 fi
[19]384 egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/a/a/x" $LOGFILE >/dev/null 2>&1
385 if [ $? -ne 0 ]; then
386 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/x";
387 return 1
388 fi
389 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a" $LOGFILE >/dev/null 2>&1
390 if [ $? -ne 0 ]; then
391 [ -z "$verbose" ] || log_msg_fail "${BASE}/a";
392 return 1
393 fi
394 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
395 if [ $? -ne 0 ]; then
396 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
397 return 1
398 fi
399}
400
401
402TESTPOLICY_6="
403[ReadOnly]
404dir=${BASE}
405[Attributes]
406file=${BASE}/a/y
407file=${BASE}/b/y
408file=${BASE}/c/y
409file=${BASE}/a/a/y
410file=${BASE}/a/b/y
411file=${BASE}/a/c/y
412file=${BASE}/a/a/a/y
413file=${BASE}/a/a/b/y
414file=${BASE}/a/a/c/y
415file=${BASE}/a/a/a/a/y
416file=${BASE}/a/a/a/b/y
417file=${BASE}/a/a/a/c/y
418"
419
420mod_testdata_6 () {
[51]421 one_sec_sleep
[19]422 for ff in $TDIRS; do
423 echo "foobar" >"${BASE}/${ff}/x"
424 chmod 0555 "${BASE}/${ff}/y"
425 echo "foobar" >"${BASE}/${ff}/z"
426 done
427}
428
429chk_testdata_6 () {
430 count6=0
431 for ff in $TDIRS; do
[1]432 #
[19]433 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
434 if [ $? -ne 0 ]; then
435 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
436 return 1
437 fi
438 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
439 if [ $tmp -ne 1 ]; then
440 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
441 fi
[1]442 #
[19]443 for gg in $TFILES; do
444 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
445 if [ $? -ne 0 ]; then
446 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
447 fi
448 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
449 if [ $tmp -ne 1 ]; then
450 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
451 fi
452 done
453 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/x" $LOGFILE >/dev/null 2>&1
454 if [ $? -ne 0 ]; then
455 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/x";
456 return 1
457 fi
458 let "count6 = count6 + 1" >/dev/null
459 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/z" $LOGFILE >/dev/null 2>&1
460 if [ $? -ne 0 ]; then
461 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/z";
462 return 1
463 fi
464 let "count6 = count6 + 1" >/dev/null
465 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/${ff}/y" $LOGFILE >/dev/null 2>&1
466 if [ $? -ne 0 ]; then
467 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/y";
468 return 1
469 fi
470 let "count6 = count6 + 1" >/dev/null
471 done
472 tmp=`grep CRIT $LOGFILE | wc -l`
473 if [ $tmp -ne $count6 ]; then
474 [ -z "$verbose" ] || log_msg_fail "policy count";
475 return 1
476 fi
477}
478
479TESTPOLICY_5="
480[Attributes]
481dir=${BASE}
482file=${BASE}/a/a/c/x
483[ReadOnly]
484file=${BASE}/a/a/c/y
485[GrowingLogFiles]
486dir=${BASE}/a/a/c
487dir=${BASE}/a/a/b
488dir=${BASE}/a/b
489"
490
491mod_testdata_5 () {
492 mod_testdata_4
[169]493 echo "1 This is a xxxx file" > "${BASE}/a/a/b/x" # GrowingLogFiles
494 echo "1 This is a test file" > "${BASE}/a/a/b/y" # GrowingLogFiles
495 echo "2 This is a test file" >> "${BASE}/a/a/b/y" # GrowingLogFiles
496 echo "1 This is a xxxx file bad" > "${BASE}/a/a/b/z" # GrowingLogFiles
497 echo "2 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles
498 echo "3 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles
[19]499}
500
501chk_testdata_5 () {
502 for ff in $TDIRS; do
[1]503 #
[19]504 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
505 if [ $? -ne 0 ]; then
506 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
507 return 1
[1]508 fi
[19]509 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
510 if [ $tmp -ne 1 ]; then
511 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
512 fi
[1]513 #
[19]514 for gg in $TFILES; do
515 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
516 if [ $? -ne 0 ]; then
517 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
518 fi
519 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
520 if [ $tmp -ne 1 ]; then
521 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
522 fi
523 done
524 done
525 egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/x" $LOGFILE >/dev/null 2>&1
526 if [ $? -ne 0 ]; then
527 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/x";
528 return 1
529 fi
530 egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/z" $LOGFILE >/dev/null 2>&1
531 if [ $? -ne 0 ]; then
532 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/z";
533 return 1
534 fi
535 egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
536 if [ $? -ne 0 ]; then
537 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
538 return 1
539 fi
540 egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1
541 if [ $? -ne 0 ]; then
542 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z";
543 return 1
544 fi
545 egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1
546 if [ $? -ne 0 ]; then
547 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y";
548 return 1
549 fi
550 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
551 if [ $? -ne 0 ]; then
552 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
553 return 1
554 fi
555 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
556 if [ $? -ne 0 ]; then
557 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
558 return 1
559 fi
560 egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1
561 if [ $? -ne 0 ]; then
562 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
563 return 1
564 fi
565 egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1
566 if [ $? -ne 0 ]; then
567 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
568 return 1
569 fi
570 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
571 if [ $? -ne 0 ]; then
572 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
573 return 1
574 fi
575 tmp=`grep CRIT $LOGFILE | wc -l`
576 if [ $tmp -ne 9 ]; then
577 [ -z "$verbose" ] || log_msg_fail "policy count";
578 return 1
579 fi
580}
[1]581
582
[19]583TESTPOLICY_4="
584[Attributes]
585dir=${BASE}
586file=${BASE}/a/a/c/x
587[ReadOnly]
588file=${BASE}/a/a/c/y
589[LogFiles]
590dir=${BASE}/a/a/c
591dir=${BASE}/a/b
592"
[1]593
[19]594mod_testdata_4 () {
[51]595 one_sec_sleep
[19]596 echo "foobar" >> "${BASE}/a/a/x" # Attributes
597 echo "foobar" > "${BASE}/a/a/c/foo" # new within LogFiles
598 echo "foobar" >> "${BASE}/a/a/c/y" # ReadOnly
599 echo "foobar" >> "${BASE}/a/a/c/x" # Attributes
600 chmod 0555 "${BASE}/a/a/c/x" # Attributes
601 chmod 0555 "${BASE}/a/a/c/z" # LogFiles
602 echo "foobar" >> "${BASE}/a/b/x" # LogFiles
603 echo "" > "${BASE}/a/b/y" # LogFiles
604 chmod 0555 "${BASE}/a/b/z" # LogFiles
605 touch "${BASE}/a/a/[1;30m" # non-printable character in filename
606}
[1]607
[19]608chk_testdata_4 () {
609 for ff in $TDIRS; do
610 #
611 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
612 if [ $? -ne 0 ]; then
613 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
614 return 1
615 fi
616 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
617 if [ $tmp -ne 1 ]; then
618 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
619 fi
620 #
621 for gg in $TFILES; do
622 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
623 if [ $? -ne 0 ]; then
624 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
625 fi
626 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
627 if [ $tmp -ne 1 ]; then
628 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
629 fi
630 done
631 done
632 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
633 if [ $? -ne 0 ]; then
634 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
635 return 1
636 fi
637 egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
638 if [ $? -ne 0 ]; then
639 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
640 return 1
641 fi
642 egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1
643 if [ $? -ne 0 ]; then
644 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z";
645 return 1
646 fi
647 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
648 if [ $? -ne 0 ]; then
649 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
650 return 1
651 fi
652 egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1
653 if [ $? -ne 0 ]; then
654 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
655 return 1
656 fi
657 egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1
658 if [ $? -ne 0 ]; then
659 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m";
660 return 1
661 fi
662 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
663 if [ $? -ne 0 ]; then
664 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
665 return 1
666 fi
667 tmp=`grep CRIT $LOGFILE | wc -l`
668 if [ $tmp -ne 6 ]; then
669 [ -z "$verbose" ] || log_msg_fail "policy count";
670 return 1
671 fi
672}
[1]673
[19]674TESTPOLICY_3="
675[Attributes]
676dir=${BASE}
677file=${BASE}/a/a/c/x
678[ReadOnly]
679file=${BASE}/a/a/c/y
680[IgnoreAll]
681dir=${BASE}/a/a/c
682"
683mod_testdata_3 () {
[51]684 one_sec_sleep
[19]685 echo "foobar" > "${BASE}/a/b/foo" # new within Attributes
686 chmod 0555 "${BASE}/a/b"
687 echo "foobar" > "${BASE}/a/a/c/foo" # new within IgnoreAll
688 echo "foobar" > "${BASE}/a/a/c/y" # ReadOnly
689 chmod 0555 "${BASE}/a/a/c/x" # Attributes
690 chmod 0555 "${BASE}/a/a/c/z" # IgnoreAll
691}
[1]692
[19]693chk_testdata_3 () {
694 for ff in $TDIRS; do
[1]695 #
[19]696 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
697 if [ $? -ne 0 ]; then
698 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
699 return 1
700 fi
701 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
702 if [ $tmp -ne 1 ]; then
703 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
704 fi
705 #
706 for gg in $TFILES; do
707 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
708 if [ $? -ne 0 ]; then
709 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
710 fi
711 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
712 if [ $tmp -ne 1 ]; then
713 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
714 fi
715 done
716 done
717 egrep "CRIT.*POLICY ADDED.*${BASE}/a/b/foo" $LOGFILE >/dev/null 2>&1
718 if [ $? -ne 0 ]; then
719 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/foo";
720 return 1
721 fi
722 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
723 if [ $? -ne 0 ]; then
724 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
725 return 1
726 fi
727 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1
728 if [ $? -ne 0 ]; then
729 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b";
730 return 1
731 fi
732 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
733 if [ $? -ne 0 ]; then
734 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
735 return 1
736 fi
737 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
738 if [ $? -ne 0 ]; then
739 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
740 return 1
741 fi
742 tmp=`grep CRIT $LOGFILE | wc -l`
743 if [ $tmp -ne 5 ]; then
744 [ -z "$verbose" ] || log_msg_fail "policy count";
745 return 1
746 fi
747}
748
749TESTPOLICY_2="
750[ReadOnly]
751dir=${BASE}
752file=${BASE}/a/a/c/x
753[IgnoreAll]
754dir=${BASE}/a/a/c
755"
756mod_testdata_2 () {
[169]757 # mod_testdata_1;
758 one_sec_sleep
759 touch "${BASE}/a/a/x"
760 chmod 0555 "${BASE}/a/a/y"
761 mv "${BASE}/a/b/y" "${BASE}/a/b/yy";
762 echo "1 This is a test file" > "${BASE}/a/b/y";
763 echo "2 This is a test file" >> "${BASE}/a/b/y";
764 echo "4 This is a test file" >> "${BASE}/a/b/z";
765 rm "${BASE}/a/b/yy"; # mv/rm to force new inode
766 rm "${BASE}/a/b/l_y";
767 ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y";
768 echo "foobar" > "${BASE}/a/c/y"
[19]769 rm "${BASE}/a/a/c/y"
770 echo "foobar" > "${BASE}/a/a/c/foo"
771 chmod 0555 "${BASE}/a/a/c/x"
772 chmod 0555 "${BASE}/a/a/c/z"
773}
774
775chk_testdata_2 () {
776 for ff in $TDIRS; do
777 #
778 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
779 if [ $? -ne 0 ]; then
780 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
781 return 1
782 fi
783 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
784 if [ $tmp -ne 1 ]; then
785 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
786 fi
787 #
788 for gg in $TFILES; do
789 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
790 if [ $? -ne 0 ]; then
791 if [ x"${ff}/${gg}" = x"a/a/c/y" ]; then :; else
792 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)";
793 return 1
[1]794 fi
[19]795 fi
796 done
797 done
798 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1
799 if [ $? -ne 0 ]; then
800 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo";
801 return 1
802 fi
803 egrep "CRIT.*POLICY MISSING.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1
804 if [ $? -ne 0 ]; then
805 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y";
806 return 1
807 fi
808 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1
809 if [ $? -ne 0 ]; then
810 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x";
811 return 1
812 fi
813 tmp=`grep CRIT $LOGFILE | wc -l`
[169]814 if [ $tmp -ne 10 ]; then
[19]815 [ -z "$verbose" ] || log_msg_fail "policy count";
816 return 1
817 fi
818}
[1]819
[19]820TESTPOLICY_1="
[169]821[Misc]
822RedefReadOnly = +TXT
[19]823[ReadOnly]
824dir=${BASE}
825"
826
827mod_testdata_1 () {
[51]828 one_sec_sleep
[19]829 touch "${BASE}/a/a/x"
830 chmod 0555 "${BASE}/a/a/y"
[169]831 mv "${BASE}/a/b/y" "${BASE}/a/b/yy";
832 echo "1 This is a test file" > "${BASE}/a/b/y";
833 echo "2 This is a test file" >> "${BASE}/a/b/y";
834 echo "4 This is a test file" >> "${BASE}/a/b/z";
835 rm "${BASE}/a/b/yy"; # mv/rm to force new inode
836 rm "${BASE}/a/b/l_y";
837 ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y";
[19]838 echo "foobar" > "${BASE}/a/c/y"
[169]839 #
840 mv "${BASE}/b/x" "${BASE}/b/xx"; # mv/rm to force new inode
841 mkdir "${BASE}/b/x"
842 rm "${BASE}/b/xx";
843 #
844 mv "${BASE}/b/y" "${BASE}/b/yy"; # mv/rm to force new inode
845 ln -s "${BASE}/b/z" "${BASE}/b/y"
846 rm "${BASE}/b/yy";
847 #
848 rm "${BASE}/b/l_x"; echo "1 This is a test file" > "${BASE}/b/l_x";
[19]849}
850
851chk_testdata_1 () {
852 for ff in $TDIRS; do
853 #
854 egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1
855 if [ $? -ne 0 ]; then
856 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)";
857 return 1
[1]858 fi
[19]859 tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l`
860 if [ $tmp -ne 1 ]; then
861 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)";
[169]862 return 1
[19]863 fi
864 #
865 for gg in $TFILES; do
866 egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1
867 if [ $? -ne 0 ]; then
[169]868 if [ "${BASE}/${ff}" != "${BASE}/b" ]; then
869 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checksum)";
870 return 1
871 fi
[19]872 fi
873 tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l`
874 if [ $tmp -ne 1 ]; then
[169]875 if [ "${BASE}/${ff}" != "${BASE}/b" ]; then
876 [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)";
877 return 1
878 fi
[19]879 fi
880 done
881 done
[169]882 #
883 #
884 #
885 egrep "CRIT.*POLICY \[ReadOnly\] ----H---T-.*${BASE}/b" $LOGFILE >/dev/null 2>&1
886 if [ $? -ne 0 ]; then
887 [ -z "$verbose" ] || log_msg_fail "${BASE}/b";
888 return 1
889 fi
890 egrep "CRIT.*POLICY \[ReadOnly\] CL-I-M--TS.*${BASE}/b/y" $LOGFILE >/dev/null 2>&1
891 if [ $? -ne 0 ]; then
892 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/y";
893 return 1
894 fi
[257]895 egrep "CRIT.*POLICY \[ReadOnly\] CL-.-M--TS.*${BASE}/b/l_x" $LOGFILE >/dev/null 2>&1
[169]896 if [ $? -ne 0 ]; then
897 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/l_x";
898 return 1
899 fi
900 egrep "CRIT.*POLICY \[ReadOnly\] C--IHM--TS.*${BASE}/b/x" $LOGFILE >/dev/null 2>&1
901 if [ $? -ne 0 ]; then
902 [ -z "$verbose" ] || log_msg_fail "${BASE}/b/x";
903 return 1
904 fi
905 #
906 #
907 #
[19]908 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
909 if [ $? -ne 0 ]; then
910 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
911 return 1
912 fi
913 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
914 if [ $? -ne 0 ]; then
915 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
916 return 1
917 fi
918 egrep "CRIT.*POLICY \[ReadOnly\] ---I----T-.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1
919 if [ $? -ne 0 ]; then
920 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y";
921 return 1
922 fi
[169]923 egrep "CRIT.*POLICY \[ReadOnly\] -L-I----T-.*${BASE}/a/b/l_y" $LOGFILE >/dev/null 2>&1
924 if [ $? -ne 0 ]; then
925 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/l_y";
926 return 1
927 fi
[19]928 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1
929 if [ $? -ne 0 ]; then
930 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b";
931 return 1
932 fi
[169]933 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1
934 if [ $? -ne 0 ]; then
935 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z";
936 return 1
937 fi
[19]938 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/c/y" $LOGFILE >/dev/null 2>&1
939 if [ $? -ne 0 ]; then
940 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/y";
941 return 1
942 fi
943 tmp=`grep CRIT $LOGFILE | wc -l`
[169]944 if [ $tmp -ne 11 ]; then
[19]945 [ -z "$verbose" ] || log_msg_fail "policy count";
946 return 1
947 fi
[169]948 for ff in x y z; do
949 ./samhain --list-file "${BASE}/a/a/${ff}" -d "$PW_DIR/.samhain_file" > "$PW_DIR/.samhain_tmp"
950 diff "$PW_DIR/.samhain_tmp" "${BASE}/a/a/${ff}" >/dev/null
951 if [ $? -ne 0 ]; then
952 [ -z "$verbose" ] || log_msg_fail "diff $PW_DIR/.samhain_tmp ${BASE}/a/a/${ff}"
953 return 1
954 fi
955 done
956
[19]957 return 0
958}
[1]959
960
[19]961##############################################################
962#
963# Common subroutines
964#
[1]965
[19]966mkconfig_misc ()
967{
968 test -f "${RCFILE}" || touch "${RCFILE}"
969 cat >> "${RCFILE}" <<End-of-data
970[Misc]
971Daemon=no
972SetFilecheckTime=60
973TrustedUser=uucp,fax,fnet
974SetRecursionLevel=10
975SetLoopTime=30
976ReportFullDetail = no
977ChecksumTest=check
978
979End-of-data
980}
981
982mkconfig_log ()
983{
984 test -f "${RCFILE}" || touch "${RCFILE}"
985 cat >> "${RCFILE}" <<End-of-data
986[Log]
987MailSeverity=none
988LogSeverity=warn
989SyslogSeverity=none
990PrintSeverity=info
991MailSeverity=none
992#Restrict to certain classes of messages
993#LogClass=RUN
994#PreludeSeverity=err
995#ExportSeverity=none
996
997End-of-data
998}
999
1000mkconfig_sev ()
1001{
1002 test -f "${RCFILE}" || touch "${RCFILE}"
1003 cat >> "${RCFILE}" <<End-of-data
1004[EventSeverity]
1005SeverityUser0=crit
1006SeverityUser1=crit
1007SeverityReadOnly=crit
1008SeverityLogFiles=crit
1009SeverityGrowingLogs=crit
1010SeverityIgnoreNone=crit
1011SeverityAttributes=crit
1012SeverityIgnoreAll=crit
1013SeverityFiles=err
1014SeverityDirs=err
1015SeverityNames=warn
1016
1017End-of-data
1018}
1019
1020prep_testpolicy ()
1021{
1022 test -f "${RCFILE}" || touch "${RCFILE}"
1023 eval echo '"$'"TESTPOLICY_$1"'"' >>"${RCFILE}"
1024}
1025
1026prep_init ()
1027{
1028 rm -f ./.samhain_file
1029 rm -f "${LOGFILE}"
1030 rm -f ./.samhain_lock
1031
1032 rm -f "${RCFILE}"
1033 mkconfig_sev
1034 mkconfig_log
1035 mkconfig_misc
1036}
1037
1038run_init ()
1039{
[22]1040 rm -f test_log_valgrind
[19]1041
[22]1042 ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind
1043
[19]1044 if test x$? = x0; then
1045 [ -z "$verbose" ] || log_msg_ok "init...";
1046 else
1047 [ -z "$quiet" ] && log_msg_fail "init...";
1048 return 1
1049 fi
1050}
1051
1052run_check ()
1053{
[371]1054 if [ "x$1" = "x" ]; then
1055 logsev=debug
1056 else
1057 logsev=$1
1058 fi
1059 ${VALGRIND} ./samhain -t check -p none -l $logsev 2>>test_log_valgrind
[68]1060
1061 if test x$? = x0; then
[19]1062
1063 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
[68]1064
[19]1065 if [ $? -ne 0 ]; then
1066 [ -z "$quiet" ] && log_msg_fail "mv logfile...";
1067 return 1
1068 fi
1069 [ -z "$verbose" ] || log_msg_ok "check...";
1070 else
1071 [ -z "$quiet" ] && log_msg_fail "check...";
1072 return 1
1073 fi
1074}
1075
1076run_update ()
1077{
[22]1078 ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind
[19]1079
1080 if test x$? = x0; then
1081 [ -z "$verbose" ] || log_msg_ok "update...";
1082 else
1083 [ -z "$quiet" ] && log_msg_fail "update...";
1084 return 1
1085 fi
1086}
1087
1088run_check_after_update ()
1089{
1090 rm -rf $LOGFILE
1091
[22]1092 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
[19]1093
1094 if test x$? = x0; then
1095 #
1096 tmp=`./samhain -j -L $LOGFILE | grep CRIT | wc -l`
1097 if [ $tmp -ne 0 ]; then
1098 [ -z "$verbose" ] || log_msg_fail "update not successful(?)";
1099 return 1
1100 fi
[30]1101 #
1102 # wtmp may not be readable
1103 #
1104 tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l`
[19]1105 if [ $tmp -ne 0 ]; then
[30]1106 [ -z "$verbose" ] || log_msg_fail "errors during check";
[19]1107 return 1
1108 fi
1109 #
[22]1110 [ -z "$VALGRIND" ] || {
1111 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;
1112 if [ $tmp -ne 0 ]; then
1113 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";
1114 cat test_log_valgrind
1115 return 1;
1116 fi;
1117 }
1118 #
[19]1119 [ -z "$verbose" ] || log_msg_ok "check(2)...";
1120 else
1121 [ -z "$quiet" ] && log_msg_fail "check(2)...";
1122 return 1
1123 fi
1124}
1125
1126prep_testdata ()
1127{
[30]1128 if test -d "$BASE"; then
1129 if [ -d "${BASE}" ]; then
[172]1130 chmod -f -R 0700 "${BASE}" || {
1131 [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}";
[30]1132 return 1;
1133 }
1134 fi
[22]1135 fi
[19]1136
1137 rm -rf "${BASE}" || {
1138 [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}";
1139 return 1;
1140 }
1141
1142 mkdir "${BASE}" || {
1143 [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}";
1144 return 1;
1145 }
1146
[481]1147 echo "${BASE}" > ./tmp_list_file
1148
[19]1149 for ff in $TDIRS; do
1150 mkdir "${BASE}/${ff}" || {
1151 [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}";
1152 return 1;
1153 }
[481]1154 echo "${BASE}/${ff}" >> ./tmp_list_file
[19]1155 chmod 0755 "${BASE}/${ff}"
1156 for gg in $TFILES; do
[169]1157 echo "1 This is a test file" > "${BASE}/${ff}/${gg}"
[19]1158 chmod 0644 "${BASE}/${ff}/${gg}"
[481]1159 echo "${BASE}/${ff}/${gg}" >> ./tmp_list_file
[169]1160 ln -s "${BASE}/${ff}/${gg}" "${BASE}/${ff}/l_${gg}"
[481]1161 echo "${BASE}/${ff}/l_${gg}" >> ./tmp_list_file
[19]1162 done
[169]1163 echo "2 This is a test file" >> "${BASE}/${ff}/y"
1164 echo "2 This is a test file" >> "${BASE}/${ff}/z"
1165 echo "3 This is a test file" >> "${BASE}/${ff}/z"
[19]1166 done
1167}
1168
1169check_err ()
1170{
1171 if [ $1 -ne 0 ]; then
[68]1172 log_fail ${2} ${MAXTEST};
[19]1173 return 1
1174 fi
1175 return 0
1176}
1177
1178testrun_internal ()
1179{
1180 [ -z "$verbose" ] || echo Working directory: $PW_DIR
1181 [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
1182
1183 #
1184 # test standalone compilation
1185 #
1186 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
1187
1188 if test -r "Makefile"; then
1189 $MAKE distclean >/dev/null
1190 fi
1191
1192 ${TOP_SRCDIR}/configure ${BUILDOPTS}
1193
1194 #
[1]1195 if test x$? = x0; then
[19]1196 [ -z "$verbose" ] || log_msg_ok "configure...";
[30]1197 $MAKE >/dev/null 2>>test_log
[1]1198 if test x$? = x0; then
[19]1199 [ -z "$verbose" ] || log_msg_ok "make...";
[1]1200 else
[19]1201 [ -z "$quiet" ] && log_msg_fail "make...";
1202 return 1
[1]1203 fi
[19]1204
[1]1205 else
[19]1206 [ -z "$quiet" ] && log_msg_fail "configure...";
1207 return 1
[1]1208 fi
1209
[19]1210 [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
[1]1211
[19]1212 tcount=1
1213 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
[1]1214
[481]1215 until [ ${tcount} -gt ${MAXTEST_3} ]
[19]1216 do
1217 prep_init
1218 check_err $? ${tcount}; errval=$?
1219 if [ $errval -eq 0 ]; then
1220 prep_testdata
1221 check_err $? ${tcount}; errval=$?
1222 fi
1223 if [ $errval -eq 0 ]; then
1224 prep_testpolicy ${tcount}
1225 check_err $? ${tcount}; errval=$?
1226 fi
1227 if [ $errval -eq 0 ]; then
1228 run_init
1229 check_err $? ${tcount}; errval=$?
1230 fi
1231 if [ $errval -eq 0 ]; then
1232 eval mod_testdata_${tcount}
1233 check_err $? ${tcount}; errval=$?
1234 fi
1235 if [ $errval -eq 0 ]; then
1236 run_check
1237 check_err $? ${tcount}; errval=$?
1238 fi
1239 if [ $errval -eq 0 ]; then
1240 eval chk_testdata_${tcount}
1241 check_err $? ${tcount}; errval=$?
1242 fi
1243 if [ $testrun1_setup -eq 0 ]; then
1244 if [ $errval -eq 0 ]; then
1245 run_update
1246 check_err $? ${tcount}; errval=$?
1247 fi
1248 if [ $errval -eq 0 ]; then
1249 run_check_after_update
1250 check_err $? ${tcount}; errval=$?
1251 fi
1252 fi
1253 #
1254 if [ $errval -eq 0 ]; then
1255 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
1256 fi
[68]1257 #
[19]1258 let "tcount = tcount + 1" >/dev/null
[68]1259 #
[207]1260 if [ $tcount -eq 10 ]; then
1261 if [ -z "$doall" ]; then
1262 log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
1263 log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
1264 let "tcount = tcount + 2" >/dev/null
1265 else
1266 # 'id -u' is posix
1267 #
1268 if test -f /usr/xpg4/bin/id
1269 then
1270 my_uid=`/usr/xpg4/bin/id -u`
1271 else
1272 my_uid=`id -u`
1273 fi
1274 #
1275 if [ ${my_uid} -ne 0 ]; then
1276 log_skip 10 $MAXTEST 'ACL/SELinux test (you are not root)'
1277 log_skip 11 $MAXTEST 'ACL/SELinux test (you are not root)'
1278 let "tcount = tcount + 2" >/dev/null
1279 else
1280
1281 SETFATTR=`find_path setfattr`
1282 if [ -z "$SETFATTR" ]; then
1283 log_skip 10 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
1284 log_skip 11 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
1285 let "tcount = tcount + 2" >/dev/null
1286 fi
1287 fi
1288 fi
[68]1289 fi
1290 #
[19]1291 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
1292 done
1293
1294 return 0
1295}
[1]1296
[19]1297testrun1 ()
1298{
1299 log_start "RUN STANDALONE"
1300 testrun_internal
1301 log_end "RUN STANDALONE"
1302 return 0
1303}
[1]1304
1305
1306
Note: See TracBrowser for help on using the repository browser.