source: trunk/test/testrun_1b.sh@ 225

Last change on this file since 225 was 206, checked in by katerina, 16 years ago

Fix for ticket #133 (improve port checking and its reporting to prelude).
File size: 14.5 KB
RevLine 
[1]1#! /bin/sh
2
[27]3#
4# Copyright Rainer Wichmann (2006)
5#
6# License Information:
7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation; either version 2 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20#
[1]21
[170]22MAXTEST=7; export MAXTEST
[19]23LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
24RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE
[1]25
[170]26testrun1b_modrc ()
27{
28 ORIGINAL="\[EOF\]"
29 REPLACEMENT="\[PortCheck\]"
30 ex -s $RCFILE <<EOF
31%s/$ORIGINAL/$REPLACEMENT/g
32wq
33EOF
34
35 echo "PortCheckActive = yes" >>"$RCFILE"
36 echo "PortCheckInterface = 127.0.0.1" >>"$RCFILE"
37}
38
[19]39testrun1b_internal ()
[1]40{
[19]41 BUILDOPTS="$1"
[1]42 #
43 # test standalone compilation
44 #
[19]45 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
[1]46 #
47 if test -r "Makefile"; then
[22]48 $MAKE distclean >/dev/null >&1
[1]49 fi
50 #
[159]51 # Bootstrapping
[1]52 #
[159]53 ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null
54 if test x$? = x0; then
55 [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)...";
56 $MAKE > /dev/null 2>&1
57 if test x$? = x0; then
58 [ -z "$verbose" ] || log_msg_ok "make (bootstrap)...";
59 else
60 [ -z "$quiet" ] && log_msg_fail "make (bootstrap)...";
61 return 1
62 fi
63
64 else
65 [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)...";
66 return 1
67 fi
[1]68 #
69 #
[159]70 ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null | \
71 egrep 'use existing [./[:alnum:]]+ for gpg checksum' >/dev/null
72 #
73 #
[1]74 if test x$? = x0; then
[19]75 [ -z "$verbose" ] || log_msg_ok "configure...";
[22]76 $MAKE > /dev/null 2>&1
[1]77 if test x$? = x0; then
[19]78 [ -z "$verbose" ] || log_msg_ok "make...";
[1]79 else
[19]80 [ -z "$quiet" ] && log_msg_fail "make...";
81 return 1
[1]82 fi
83
84 else
[19]85 [ -z "$quiet" ] && log_msg_fail "configure...";
86 return 1
[1]87 fi
88
[19]89 SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh`
[1]90
[19]91 tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1
92 if [ $? -eq 0 ]; then
[159]93 tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \
[19]94 mv "./testrc.gpg.asc" "$RCFILE"
95 else
[159]96 tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \
[19]97 mv "./testrc.gpg.asc" "$RCFILE"
98 fi
99 if test x$? = x0; then
100 [ -z "$verbose" ] || log_msg_ok "extract gpg signed files...";
101 else
102 [ -z "$quiet" ] && log_msg_fail "extract gpg signed files...";
103 return 1
104 fi
105
[52]106 if test "x$2" = "x"; then
107 :
108 else
109 CONVERT="$2"
110 if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then
111 [ -z "$verbose" ] || log_msg_ok "convert..."
112 "${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null
113 else
114 [ -z "$quiet" ] && log_msg_fail "cannot find file stealth_template.jpg"
115 return 1
116 fi
117 if [ $? -ne 0 ]; then
118 [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps";
119 return 1
120 fi
121
122 [ -z "$verbose" ] || log_msg_ok "hide..."
123 ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null
124 if [ $? -ne 0 ]; then
125 [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps";
126 return 1
127 fi
128
129 mv -f stealth_template.ps "$RCFILE"
130 if [ $? -ne 0 ]; then
131 [ -z "$quiet" ] && log_msg_fail "mv -f stealth_template.ps $RCFILE";
132 return 1
133 fi
134
135 fi
136
[1]137 rm -f ./.samhain_file
138 rm -f ./.samhain_log
139 rm -f ./.samhain_lock
140
[19]141 ./samhain -t init -p none -l info
[1]142
143 if test x$? = x0; then
[19]144 [ -z "$verbose" ] || log_msg_ok "init...";
145 else
146 [ -z "$quiet" ] && log_msg_fail "init...";
147 return 1
148 fi
[1]149
[19]150 mv $PW_DIR/.samhain_file.asc $PW_DIR/.samhain_file
151}
[1]152
[169]153testrun1b_nogpg ()
154{
155 BUILDOPTS="$1"
156 #
157 # test standalone compilation
158 #
159 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
160 #
161 if test -r "Makefile"; then
162 $MAKE distclean >/dev/null >&1
163 fi
164
165 ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null
166 #
167 #
168 if test x$? = x0; then
169 [ -z "$verbose" ] || log_msg_ok "configure...";
170 $MAKE > /dev/null 2>&1
171 if test x$? = x0; then
172 [ -z "$verbose" ] || log_msg_ok "make...";
173 else
174 [ -z "$quiet" ] && log_msg_fail "make...";
175 return 1
176 fi
177
178 else
179 [ -z "$quiet" ] && log_msg_fail "configure...";
180 return 1
181 fi
182
183 rm -f ./.samhain_file
184 rm -f ./.samhain_log
185 rm -f ./.samhain_lock
186
187 cp "${SCRIPTDIR}/testrc_1" "${RCFILE}"
188
[170]189 if test "x$2" = "xmodrc"; then
190 [ -z "$verbose" ] || log_msg_ok "mod rc...";
191 testrun1b_modrc
192 fi
193
[169]194 ./samhain -t init -p none -l info
195
196 if test x$? = x0; then
197 [ -z "$verbose" ] || log_msg_ok "init...";
198 else
199 [ -z "$quiet" ] && log_msg_fail "init...";
200 return 1
201 fi
202
203}
204
[19]205do_test_1b () {
206
207 ./samhain -t check -p none -l info
208
209 if test x$? = x0; then
210 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
211 if [ $? -ne 0 ]; then
212 [ -z "$quiet" ] && log_msg_fail "mv logfile...";
213 return 1
[1]214 fi
[19]215 [ -z "$verbose" ] || log_msg_ok "check...";
216 else
217 [ -z "$quiet" ] && log_msg_fail "check...";
218 return 1
219 fi
220 #
221 tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l`
222 if [ $tmp -ne 2 ]; then
223 [ -z "$verbose" ] || log_msg_fail "/etc";
[60]224 return 1
[19]225 fi
226 tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l`
[60]227 if [ $tmp -ne 8 ]; then
[19]228 [ -z "$verbose" ] || log_msg_fail "checking";
[60]229 return 1
[19]230 fi
[60]231 egrep "ADDED" $LOGFILE >/dev/null 2>&1
232 if [ $? -eq 0 ]; then
233 [ -z "$verbose" ] || log_msg_fail "init was incomplete";
234 return 1
235 fi
[19]236 #
237 return 0
[1]238}
239
[19]240do_test_1b_2 () {
[1]241
[19]242 rm -f $PW_DIR/test_log_prelude
[1]243
[206]244 [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; }
[20]245 "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &
[19]246 PID=$!
[1]247
[51]248 five_sec_sleep
[20]249
250 ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null
[19]251
252 if test x$? = x0; then
253 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
254 if [ $? -ne 0 ]; then
255 [ -z "$quiet" ] && log_msg_fail "mv logfile...";
256 kill $PID
257 return 1
258 fi
259 [ -z "$verbose" ] || log_msg_ok "check...";
260 else
261 [ -z "$quiet" ] && log_msg_fail "check...";
262 kill $PID
263 return 1
264 fi
265 #
266 tmp=`egrep 'File original:.*name=etc.*path=/etc' test_log_prelude 2>/dev/null | wc -l`
[81]267 if [ $tmp -lt 1 ]; then
[19]268 [ -z "$verbose" ] || log_msg_fail "/etc";
[206]269 kill $PID
270 return 1
[19]271 fi
272 tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l`
[81]273 if [ $tmp -lt 1 ]; then
[19]274 [ -z "$verbose" ] || log_msg_fail "checking";
[206]275 kill $PID
276 return 1
[19]277 fi
[170]278 #
279 if test "x$2" = "xmodrc"; then
280 tmp=`egrep 'Classification text: Service opened' test_log_prelude 2>/dev/null | wc -l`
281 if [ $tmp -lt 1 ]; then
282 [ -z "$verbose" ] || log_msg_fail "service";
[206]283 kill $PID
284 return 1
[170]285 fi
286 tmp=`egrep 'Service: port=5500' test_log_prelude 2>/dev/null | wc -l`
287 if [ $tmp -lt 1 ]; then
288 [ -z "$verbose" ] || log_msg_fail "port 5500";
[206]289 kill $PID
290 return 1
[170]291 fi
[19]292 fi
293 #
294 kill $PID
295 return 0
296}
[1]297
[19]298testrun1b ()
299{
300 log_start "RUN STANDALONE W/STEALTH W/GPG"
301 GPG=`find_path gpg`
302 if [ -z "$GPG" ]; then
303 log_skip 1 $MAXTEST 'gpg not found in $PATH'
304 log_skip 2 $MAXTEST 'gpg not found in $PATH'
[100]305 log_skip 3 $MAXTEST 'gpg not found in $PATH'
[170]306 log_skip 4 $MAXTEST 'gpg not found in $PATH'
307 log_skip 5 $MAXTEST 'gpg not found in $PATH'
308 log_skip 6 $MAXTEST 'gpg not found in $PATH'
309 log_skip 7 $MAXTEST 'gpg not found in $PATH'
[19]310 else
311 eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null
312 if [ $? -ne 0 ]; then
313 log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present'
314 log_skip 2 $MAXTEST 'public PGP key 0x0F571F6C not present'
[100]315 log_skip 3 $MAXTEST 'public PGP key 0x0F571F6C not present'
[163]316 log_skip 4 $MAXTEST 'public PGP key 0x0F571F6C not present'
317 log_skip 5 $MAXTEST 'public PGP key 0x0F571F6C not present'
[170]318 log_skip 6 $MAXTEST 'public PGP key 0x0F571F6C not present'
319 log_skip 7 $MAXTEST 'public PGP key 0x0F571F6C not present'
[19]320 else
[52]321 #
322 # ------------- first test -------------
323 #
[163]324 BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
[52]325 testrun1b_internal "${BUILDOPTS}"
[19]326 do_test_1b
327 if [ $? -eq 0 ]; then
328 log_ok 1 $MAXTEST 'gpg signed config/database files'
329 else
330 log_fail 1 $MAXTEST 'gpg signed config/database files'
331 fi
[52]332
333
334 #
335 # ------------- second test -------------
336 #
[163]337 BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
338 testrun1b_internal "${BUILDOPTS}"
339 do_test_1b
340 if [ $? -eq 0 ]; then
341 log_ok 2 $MAXTEST 'gpg signed config/database files'
342 else
343 log_fail 2 $MAXTEST 'gpg signed config/database files'
344 fi
345
346
347 #
348 # ------------- third test -------------
349 #
350 BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --with-fp=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
351 testrun1b_internal "${BUILDOPTS}"
352 do_test_1b
353 if [ $? -eq 0 ]; then
354 log_ok 3 $MAXTEST 'gpg signed config/database files'
355 else
356 log_fail 3 $MAXTEST 'gpg signed config/database files'
357 fi
358
359
360 #
361 # ------------- fourth test -------------
362 #
[52]363 PRECONV=`find_path convert`
364 "${PRECONV}" --help | grep ImageMagick >/dev/null 2>&1 && \
365 CONVERT="${PRECONV}"
366
367 if [ -z "$CONVERT" ]; then
368 log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH'
369 else
[159]370 BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
[52]371 testrun1b_internal "${BUILDOPTS}" "$CONVERT"
372 do_test_1b
373 if [ $? -eq 0 ]; then
[163]374 log_ok 4 $MAXTEST 'gpg signed config/database files'
[52]375 else
[163]376 log_fail 4 $MAXTEST 'gpg signed config/database files'
[52]377 fi
378 fi
379
380
381 #
[163]382 # ------------- fifth test -------------
[52]383 #
[170]384 if ! test -d /var/run/prelude-manager
[96]385 then
[170]386 [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager...";
387 sudo mkdir /var/run/prelude-manager
388 sudo chown prelude:rainer /var/run/prelude-manager
389 sudo chmod 770 /var/run/prelude-manager
[96]390 fi
391 #
[19]392 PM=`find_path prelude-manager`
393 if [ -z "$PM" ]; then
[163]394 log_skip 5 $MAXTEST 'prelude-manager not found in $PATH'
[19]395 elif [ -z "$doall" ]; then
[163]396 log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)'
[19]397 else
[159]398 BUILDOPTS="--quiet $TRUST --enable-debug --with-prelude --with-gpg=${GPG} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
[20]399 testrun1b_internal "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1"
[19]400 do_test_1b_2
401 if [ $? -eq 0 ]; then
[163]402 log_ok 5 $MAXTEST 'logging to prelude'
[19]403 else
[163]404 log_fail 5 $MAXTEST 'logging to prelude'
[19]405 fi
406 fi
[169]407
408 #
409 # ------------- sixth test -------------
410 #
[170]411 if ! test -d /var/run/prelude-manager
[169]412 then
[170]413 [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager...";
414 sudo mkdir /var/run/prelude-manager
415 sudo chown prelude:rainer /var/run/prelude-manager
416 sudo chmod 770 /var/run/prelude-manager
[169]417 fi
418 #
419 PM=`find_path prelude-manager`
420 if [ -z "$PM" ]; then
421 log_skip 6 $MAXTEST 'prelude-manager not found in $PATH'
422 elif [ -z "$doall" ]; then
423 log_skip 6 $MAXTEST 'logging to prelude (or use --really-all)'
424 else
425 BUILDOPTS="--quiet $TRUST --with-prelude --enable-login-watch --enable-mounts-check --enable-process-check --enable-port-check --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
426 testrun1b_nogpg "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1"
427 do_test_1b_2
428 if [ $? -eq 0 ]; then
429 log_ok 6 $MAXTEST 'logging to prelude'
430 else
431 log_fail 6 $MAXTEST 'logging to prelude'
432 fi
433 fi
434
[170]435 #
436 # ------------- seventh test -----------
437 #
438 if ! test -d /var/run/prelude-manager
439 then
440 [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager...";
441 sudo mkdir /var/run/prelude-manager
442 sudo chown prelude:rainer /var/run/prelude-manager
443 sudo chmod 770 /var/run/prelude-manager
444 fi
445 #
446 PM=`find_path prelude-manager`
447 if [ -z "$PM" ]; then
448 log_skip 7 $MAXTEST 'prelude-manager not found in $PATH'
449 elif [ -z "$doall" ]; then
450 log_skip 7 $MAXTEST 'logging to prelude (or use --really-all)'
451 else
452 BUILDOPTS="--quiet $TRUST --with-prelude --enable-login-watch --enable-mounts-check --enable-process-check --enable-port-check --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
453 testrun1b_nogpg "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" "modrc"
454 do_test_1b_2
455 if [ $? -eq 0 ]; then
456 log_ok 7 $MAXTEST 'logging to prelude'
457 else
458 log_fail 7 $MAXTEST 'logging to prelude'
459 fi
460 fi
461
[19]462 fi
463 fi
464 log_end "RUN STANDALONE W/STEALTH W/GPG"
465 return 0
466}
[1]467
Note: See TracBrowser for help on using the repository browser.