source: trunk/test/testrun_1c.sh@ 21

Last change on this file since 21 was 21, checked in by katerina, 19 years ago

Add some test files.
  • Property svn:executable set to *
File size: 6.5 KB
Line 
1#! /bin/sh
2
3BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
4export BUILDOPTS
5
6MAXTEST=6; export MAXTEST
7
8## Quarantine SUID/SGID files if found
9#
10# SuidCheckQuarantineFiles = yes
11
12## Method for Quarantining files:
13# 0 - Delete or truncate the file.
14# 1 - Remove SUID/SGID permissions from file.
15# 2 - Move SUID/SGID file to quarantine dir.
16#
17# SuidCheckQuarantineMethod = 0
18
19## For method 0 and 2, really delete instead of truncating
20#
21# SuidCheckQuarantineDelete = yes
22
23SUIDPOLICY_6="
24[ReadOnly]
25file=${BASE}
26[SuidCheck]
27SuidCheckActive = yes
28SuidCheckInterval = 10
29SeveritySuidCheck = crit
30SuidCheckQuarantineFiles = no
31SuidCheckQuarantineMethod = 2
32SuidCheckQuarantineDelete = yes
33"
34
35mod_suiddata_6 () {
36 sleep 1
37 chmod 4755 "${BASE}/a/a/y"
38}
39
40chk_suiddata_6 () {
41 sleep 1
42 tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
43 if [ "x$tmp" = "x-rwsr-xr-x" ]; then
44 egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
45 if [ $? -ne 0 ]; then
46 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
47 return 1
48 fi
49 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
50 if [ $? -ne 0 ]; then
51 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
52 return 1
53 fi
54 return 0;
55 else
56 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)";
57 return 1
58 fi
59}
60
61SUIDPOLICY_5="
62[ReadOnly]
63file=${BASE}
64[SuidCheck]
65SuidCheckActive = yes
66SuidCheckInterval = 10
67SeveritySuidCheck = crit
68SuidCheckQuarantineFiles = yes
69SuidCheckQuarantineMethod = 2
70SuidCheckQuarantineDelete = yes
71"
72
73mod_suiddata_5 () {
74 sleep 1
75 chmod 4755 "${BASE}/a/a/y"
76}
77
78chk_suiddata_5 () {
79 sleep 1
80 if [ -f "${BASE}/a/a/y" ]; then
81 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not deleted)";
82 return 1
83 fi
84 if [ -f .quarantine/y ]; then
85 if [ -f .quarantine/y.info ]; then
86 return 0;
87 else
88 [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)";
89 return 1
90 fi
91 else
92 [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)";
93 return 1
94 fi
95}
96
97SUIDPOLICY_4="
98[ReadOnly]
99file=${BASE}
100[SuidCheck]
101SuidCheckActive = yes
102SuidCheckInterval = 10
103SeveritySuidCheck = crit
104SuidCheckQuarantineFiles = yes
105SuidCheckQuarantineMethod = 2
106SuidCheckQuarantineDelete = no
107"
108
109mod_suiddata_4 () {
110 sleep 1
111 chmod 4755 "${BASE}/a/a/y"
112}
113
114chk_suiddata_4 () {
115 sleep 1
116 tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c`
117 if [ $tmp -ne 0 ]; then
118 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)";
119 return 1
120 fi
121 if [ -f .quarantine/y ]; then
122 if [ -f .quarantine/y.info ]; then
123 return 0;
124 else
125 [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)";
126 return 1
127 fi
128 else
129 [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)";
130 return 1
131 fi
132}
133
134SUIDPOLICY_3="
135[ReadOnly]
136file=${BASE}
137[SuidCheck]
138SuidCheckActive = yes
139SuidCheckInterval = 10
140SeveritySuidCheck = crit
141SuidCheckQuarantineFiles = yes
142SuidCheckQuarantineMethod = 1
143SuidCheckQuarantineDelete = no
144"
145
146mod_suiddata_3 () {
147 sleep 1
148 chmod 4755 "${BASE}/a/a/y"
149}
150
151chk_suiddata_3 () {
152 sleep 1
153 tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
154 if [ "x$tmp" = "x-rwxr-xr-x" ]; then
155 return 0;
156 else
157 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not removed)";
158 return 1
159 fi
160}
161
162SUIDPOLICY_2="
163[ReadOnly]
164file=${BASE}
165[SuidCheck]
166SuidCheckActive = yes
167SuidCheckInterval = 10
168SeveritySuidCheck = crit
169SuidCheckQuarantineFiles = yes
170SuidCheckQuarantineMethod = 0
171SuidCheckQuarantineDelete = no
172"
173
174mod_suiddata_2 () {
175 sleep 1
176 chmod 4755 "${BASE}/a/a/y"
177}
178
179chk_suiddata_2 () {
180 sleep 1
181 tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c`
182 if [ $tmp -ne 0 ]; then
183 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)";
184 return 1
185 fi
186}
187
188SUIDPOLICY_1="
189[ReadOnly]
190file=${BASE}
191[SuidCheck]
192SuidCheckActive = yes
193SuidCheckInterval = 10
194SeveritySuidCheck = crit
195SuidCheckQuarantineFiles = yes
196SuidCheckQuarantineMethod = 0
197SuidCheckQuarantineDelete = yes
198"
199
200mod_suiddata_1 () {
201 sleep 1
202 chmod 4755 "${BASE}/a/a/y"
203}
204
205chk_suiddata_1 () {
206 sleep 1
207 if [ -f "${BASE}/a/a/y" ]; then
208 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not removed)";
209 return 1
210 fi
211}
212
213prep_suidpolicy ()
214{
215 test -f "${RCFILE}" || touch "${RCFILE}"
216 eval echo '"$'"SUIDPOLICY_$1"'"' >>"${RCFILE}"
217}
218
219testrun_internal_1c ()
220{
221 [ -z "$verbose" ] || echo Working directory: $PW_DIR
222 [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
223
224 #
225 # test standalone compilation
226 #
227 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
228
229 if test -r "Makefile"; then
230 $MAKE distclean >/dev/null
231 fi
232
233 ${TOP_SRCDIR}/configure ${BUILDOPTS}
234
235 #
236 if test x$? = x0; then
237 [ -z "$verbose" ] || log_msg_ok "configure...";
238 $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null
239 if test x$? = x0; then
240 [ -z "$verbose" ] || log_msg_ok "make...";
241 else
242 [ -z "$quiet" ] && log_msg_fail "make...";
243 return 1
244 fi
245
246 else
247 [ -z "$quiet" ] && log_msg_fail "configure...";
248 return 1
249 fi
250
251 [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
252
253 tcount=1
254 POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'`
255
256 until [ -z "$POLICY" ]
257 do
258 prep_init
259 check_err $? ${tcount}; errval=$?
260 if [ $errval -eq 0 ]; then
261 prep_testdata
262 check_err $? ${tcount}; errval=$?
263 fi
264 if [ $errval -eq 0 ]; then
265 prep_suidpolicy ${tcount}
266 check_err $? ${tcount}; errval=$?
267 fi
268 if [ $errval -eq 0 ]; then
269 run_init
270 check_err $? ${tcount}; errval=$?
271 fi
272 if [ $errval -eq 0 ]; then
273 eval mod_suiddata_${tcount}
274 check_err $? ${tcount}; errval=$?
275 fi
276 if [ $errval -eq 0 ]; then
277 run_check
278 check_err $? ${tcount}; errval=$?
279 fi
280 if [ $errval -eq 0 ]; then
281 eval chk_suiddata_${tcount}
282 check_err $? ${tcount}; errval=$?
283 fi
284 if [ $testrun1_setup -eq 0 ]; then
285 if [ $errval -eq 0 ]; then
286 run_update
287 check_err $? ${tcount}; errval=$?
288 fi
289 if [ $errval -eq 0 ]; then
290 run_check_after_update
291 check_err $? ${tcount}; errval=$?
292 fi
293 fi
294 #
295 if [ $errval -eq 0 ]; then
296 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
297 fi
298 let "tcount = tcount + 1" >/dev/null
299 POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'`
300 done
301
302 return 0
303}
304
305testrun1c ()
306{
307 log_start "RUN STANDALONE W/SUIDCHK"
308 testrun_internal_1c
309 log_end "RUN STANDALONE W/SUIDCHK"
310 return 0
311}
312
Note: See TracBrowser for help on using the repository browser.