source: trunk/test/testrun_1c.sh @ 321

Last change on this file since 321 was 321, checked in by katerina, 11 years ago

Fix for ticket #240: The samhain_kmem kernel module should be loaded earlier

  • Property svn:executable set to *
File size: 9.6 KB
Line 
1#! /bin/sh
2
3#
4# Copyright Rainer Wichmann (2006)
5#
6# License Information:
7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation; either version 2 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20#
21
22BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
23export BUILDOPTS
24
25MAXTEST=7; export MAXTEST
26
27## Quarantine SUID/SGID files if found
28#
29# SuidCheckQuarantineFiles = yes
30
31## Method for Quarantining files:
32#  0 - Delete or truncate the file.
33#  1 - Remove SUID/SGID permissions from file.
34#  2 - Move SUID/SGID file to quarantine dir.
35#
36# SuidCheckQuarantineMethod = 0
37
38## For method 0 and 2, really delete instead of truncating
39#
40# SuidCheckQuarantineDelete = yes
41
42SUIDPOLICY_7="
43[ReadOnly]
44file=${BASE}
45[SuidCheck]
46SuidCheckActive = yes
47SuidCheckExclude = ${BASE}/a/a
48SuidCheckInterval = 10
49SeveritySuidCheck = crit
50SuidCheckQuarantineFiles = no
51SuidCheckQuarantineMethod = 2
52SuidCheckQuarantineDelete = yes
53"
54
55mod_suiddata_7 () {
56    one_sec_sleep
57    chmod 4444 "${BASE}/a/a/y"
58    chmod 4444 "${BASE}/a/a/a/y"
59    mkdir "${BASE}/a/abc"
60    touch "${BASE}/a/abc/y"
61    chmod 4444 "${BASE}/a/abc/y"
62}
63
64chk_suiddata_7 () {
65    one_sec_sleep
66    tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
67    if [ "x$tmp" = "x-r-Sr--r--" ]; then
68        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
69        if [ $? -eq 0 ]; then
70            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
71            return 1
72        fi
73        egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
74        if [ $? -eq 0 ]; then
75            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
76            return 1
77        fi
78    else
79        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)";
80        return 1
81    fi
82    tmp=`ls -l "${BASE}/a/a/a/y" 2>/dev/null | awk '{ print $1}'`
83    if [ "x$tmp" = "x-r-Sr--r--" ]; then
84        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1
85        if [ $? -eq 0 ]; then
86            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y";
87            return 1
88        fi
89        egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1
90        if [ $? -eq 0 ]; then
91            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y";
92            return 1
93        fi
94    else
95        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y (suid not kept)";
96        return 1
97    fi
98    tmp=`ls -l "${BASE}/a/abc/y" 2>/dev/null | awk '{ print $1}'`
99    if [ "x$tmp" = "x-r-Sr--r--" ]; then
100        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1
101        if [ $? -ne 0 ]; then
102            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y";
103            return 1
104        fi
105        egrep "CRIT.*POLICY ADDED.*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1
106        if [ $? -ne 0 ]; then
107            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y";
108            return 1
109        fi
110        return 0;
111    else
112        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y (suid not kept)";
113        return 1
114    fi
115}
116
117
118SUIDPOLICY_6="
119[ReadOnly]
120file=${BASE}
121[SuidCheck]
122SuidCheckActive = yes
123SuidCheckInterval = 10
124SeveritySuidCheck = crit
125SuidCheckQuarantineFiles = no
126SuidCheckQuarantineMethod = 2
127SuidCheckQuarantineDelete = yes
128"
129
130mod_suiddata_6 () {
131    one_sec_sleep
132    chmod 4755 "${BASE}/a/a/y"
133}
134
135chk_suiddata_6 () {
136    one_sec_sleep
137    tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
138    if [ "x$tmp" = "x-rwsr-xr-x" ]; then
139        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
140        if [ $? -ne 0 ]; then
141            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
142            return 1
143        fi
144        egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
145        if [ $? -ne 0 ]; then
146            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
147            return 1
148        fi
149        return 0;
150    else
151        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)";
152        return 1
153    fi
154}
155
156SUIDPOLICY_5="
157[ReadOnly]
158file=${BASE}
159[SuidCheck]
160SuidCheckActive = yes
161SuidCheckInterval = 10
162SeveritySuidCheck = crit
163SuidCheckQuarantineFiles = yes
164SuidCheckQuarantineMethod = 2
165SuidCheckQuarantineDelete = yes
166"
167
168mod_suiddata_5 () {
169    one_sec_sleep
170    chmod 4755 "${BASE}/a/a/y"
171}
172
173chk_suiddata_5 () {
174    one_sec_sleep
175    if [ ! -f "${BASE}/a/a/x" ]; then
176        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x (erroneously deleted)";
177        return 1
178    fi
179    if [ -f "${BASE}/a/a/y" ]; then
180        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not deleted)";
181        return 1
182    fi
183    if [ -f .quarantine/y ]; then
184        if [ -f .quarantine/y.info ]; then
185            return 0;
186        else
187            [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)";
188            return 1
189        fi
190    else
191        [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)";
192        return 1
193    fi
194}
195
196SUIDPOLICY_4="
197[ReadOnly]
198file=${BASE}
199[SuidCheck]
200SuidCheckActive = yes
201SuidCheckInterval = 10
202SeveritySuidCheck = crit
203SuidCheckQuarantineFiles = yes
204SuidCheckQuarantineMethod = 2
205SuidCheckQuarantineDelete = no
206"
207
208mod_suiddata_4 () {
209    one_sec_sleep
210    chmod 4755 "${BASE}/a/a/y"
211}
212
213chk_suiddata_4 () {
214    one_sec_sleep
215    tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c`
216    if [ $tmp -ne 0 ]; then
217        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)";
218        return 1
219    fi
220    if [ -f .quarantine/y ]; then
221        if [ -f .quarantine/y.info ]; then
222            return 0;
223        else
224            [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)";
225            return 1
226        fi
227    else
228        [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)";
229        return 1
230    fi
231}
232
233SUIDPOLICY_3="
234[ReadOnly]
235file=${BASE}
236[SuidCheck]
237SuidCheckActive = yes
238SuidCheckInterval = 10
239SeveritySuidCheck = crit
240SuidCheckQuarantineFiles = yes
241SuidCheckQuarantineMethod = 1
242SuidCheckQuarantineDelete = no
243"
244
245mod_suiddata_3 () {
246    one_sec_sleep
247    chmod 4755 "${BASE}/a/a/y"
248}
249
250chk_suiddata_3 () {
251    one_sec_sleep
252    tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
253    if [ "x$tmp" = "x-rwxr-xr-x" ]; then
254        return 0;
255    else
256        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not removed)";
257        return 1
258    fi
259}
260
261SUIDPOLICY_2="
262[ReadOnly]
263file=${BASE}
264[SuidCheck]
265SuidCheckActive = yes
266SuidCheckInterval = 10
267SeveritySuidCheck = crit
268SuidCheckQuarantineFiles = yes
269SuidCheckQuarantineMethod = 0
270SuidCheckQuarantineDelete = no
271"
272
273mod_suiddata_2 () {
274    one_sec_sleep
275    chmod 4755 "${BASE}/a/a/y"
276}
277
278chk_suiddata_2 () {
279    one_sec_sleep
280    tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c`
281    if [ $tmp -ne 0 ]; then
282        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)";
283        return 1
284    fi
285}
286
287SUIDPOLICY_1="
288[ReadOnly]
289file=${BASE}
290[SuidCheck]
291SuidCheckActive = yes
292SuidCheckInterval = 10
293SeveritySuidCheck = crit
294SuidCheckQuarantineFiles = yes
295SuidCheckQuarantineMethod = 0
296SuidCheckQuarantineDelete = yes
297"
298
299mod_suiddata_1 () {
300    one_sec_sleep
301    chmod 4755 "${BASE}/a/a/y"
302}
303
304chk_suiddata_1 () {
305    one_sec_sleep
306    if [ -f "${BASE}/a/a/y" ]; then
307        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not removed)";
308        return 1
309    fi
310}
311
312prep_suidpolicy ()
313{
314    test -f "${RCFILE}" || touch "${RCFILE}"
315    eval echo '"$'"SUIDPOLICY_$1"'"' >>"${RCFILE}"
316    if [ "x$1" = "x5" ]; then
317        chmod 4755 "${BASE}/a/a/x"
318    fi
319}
320
321testrun_internal_1c ()
322{
323        [ -z "$verbose" ] || echo Working directory: $PW_DIR
324        [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
325
326        #
327        # test standalone compilation
328        #
329        [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
330
331        if test -r "Makefile"; then
332                $MAKE distclean >/dev/null
333        fi
334
335        ${TOP_SRCDIR}/configure ${BUILDOPTS} 
336
337        #
338        if test x$? = x0; then
339                [ -z "$verbose" ] ||     log_msg_ok "configure..."; 
340                $MAKE  'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null 2>&1
341                if test x$? = x0; then
342                    [ -z "$verbose" ] || log_msg_ok "make DBGDEF=-DSH_SUIDTESTDIR=${BASE} ..."; 
343                else
344                    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
345                    return 1
346                fi
347
348        else
349                [ -z "$quiet" ] &&       log_msg_fail "configure...";
350                return 1
351        fi
352
353        [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
354
355        tcount=1
356        POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'`
357
358        until [ -z "$POLICY" ]
359        do
360          prep_init
361          check_err $? ${tcount}; errval=$?
362          if [ $errval -eq 0 ]; then
363              prep_testdata
364              check_err $? ${tcount}; errval=$?
365          fi
366          if [ $errval -eq 0 ]; then
367              prep_suidpolicy   ${tcount}
368              check_err $? ${tcount}; errval=$?
369          fi
370          if [ $errval -eq 0 ]; then
371              run_init
372              check_err $? ${tcount}; errval=$?
373          fi
374          if [ $errval -eq 0 ]; then
375              eval mod_suiddata_${tcount}
376              check_err $? ${tcount}; errval=$?
377          fi
378          if [ $errval -eq 0 ]; then
379              run_check
380              check_err $? ${tcount}; errval=$?
381          fi
382          if [ $errval -eq 0 ]; then
383              eval chk_suiddata_${tcount}
384              check_err $? ${tcount}; errval=$?
385          fi
386          if [ $testrun1_setup -eq 0 ]; then
387              if [ $errval -eq 0 ]; then
388                  run_update
389                  check_err $? ${tcount}; errval=$?
390              fi
391              if [ $errval -eq 0 ]; then
392                  run_check_after_update
393                  check_err $? ${tcount}; errval=$?
394              fi
395          fi
396          #
397          if [ $errval -eq 0 ]; then
398              [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
399          fi
400          let "tcount = tcount + 1" >/dev/null
401          POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'`
402        done
403           
404        return 0
405}
406
407testrun1c ()
408{
409    log_start "RUN STANDALONE W/SUIDCHK"
410    testrun_internal_1c
411    log_end "RUN STANDALONE W/SUIDCHK"
412    return 0
413}
414
Note: See TracBrowser for help on using the repository browser.