source: trunk/test/testrun_1c.sh@ 52

Last change on this file since 52 was 51, checked in by rainer, 18 years ago

Fix problems with linux kernel 2.6.17
  • Property svn:executable set to *
File size: 7.3 KB
Line 
1#! /bin/sh
2
3#
4# Copyright Rainer Wichmann (2006)
5#
6# License Information:
7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation; either version 2 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20#
21
22BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
23export BUILDOPTS
24
25MAXTEST=6; export MAXTEST
26
27## Quarantine SUID/SGID files if found
28#
29# SuidCheckQuarantineFiles = yes
30
31## Method for Quarantining files:
32# 0 - Delete or truncate the file.
33# 1 - Remove SUID/SGID permissions from file.
34# 2 - Move SUID/SGID file to quarantine dir.
35#
36# SuidCheckQuarantineMethod = 0
37
38## For method 0 and 2, really delete instead of truncating
39#
40# SuidCheckQuarantineDelete = yes
41
42SUIDPOLICY_6="
43[ReadOnly]
44file=${BASE}
45[SuidCheck]
46SuidCheckActive = yes
47SuidCheckInterval = 10
48SeveritySuidCheck = crit
49SuidCheckQuarantineFiles = no
50SuidCheckQuarantineMethod = 2
51SuidCheckQuarantineDelete = yes
52"
53
54mod_suiddata_6 () {
55 one_sec_sleep
56 chmod 4755 "${BASE}/a/a/y"
57}
58
59chk_suiddata_6 () {
60 one_sec_sleep
61 tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
62 if [ "x$tmp" = "x-rwsr-xr-x" ]; then
63 egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
64 if [ $? -ne 0 ]; then
65 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
66 return 1
67 fi
68 egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
69 if [ $? -ne 0 ]; then
70 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
71 return 1
72 fi
73 return 0;
74 else
75 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)";
76 return 1
77 fi
78}
79
80SUIDPOLICY_5="
81[ReadOnly]
82file=${BASE}
83[SuidCheck]
84SuidCheckActive = yes
85SuidCheckInterval = 10
86SeveritySuidCheck = crit
87SuidCheckQuarantineFiles = yes
88SuidCheckQuarantineMethod = 2
89SuidCheckQuarantineDelete = yes
90"
91
92mod_suiddata_5 () {
93 one_sec_sleep
94 chmod 4755 "${BASE}/a/a/y"
95}
96
97chk_suiddata_5 () {
98 one_sec_sleep
99 if [ -f "${BASE}/a/a/y" ]; then
100 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not deleted)";
101 return 1
102 fi
103 if [ -f .quarantine/y ]; then
104 if [ -f .quarantine/y.info ]; then
105 return 0;
106 else
107 [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)";
108 return 1
109 fi
110 else
111 [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)";
112 return 1
113 fi
114}
115
116SUIDPOLICY_4="
117[ReadOnly]
118file=${BASE}
119[SuidCheck]
120SuidCheckActive = yes
121SuidCheckInterval = 10
122SeveritySuidCheck = crit
123SuidCheckQuarantineFiles = yes
124SuidCheckQuarantineMethod = 2
125SuidCheckQuarantineDelete = no
126"
127
128mod_suiddata_4 () {
129 one_sec_sleep
130 chmod 4755 "${BASE}/a/a/y"
131}
132
133chk_suiddata_4 () {
134 one_sec_sleep
135 tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c`
136 if [ $tmp -ne 0 ]; then
137 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)";
138 return 1
139 fi
140 if [ -f .quarantine/y ]; then
141 if [ -f .quarantine/y.info ]; then
142 return 0;
143 else
144 [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)";
145 return 1
146 fi
147 else
148 [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)";
149 return 1
150 fi
151}
152
153SUIDPOLICY_3="
154[ReadOnly]
155file=${BASE}
156[SuidCheck]
157SuidCheckActive = yes
158SuidCheckInterval = 10
159SeveritySuidCheck = crit
160SuidCheckQuarantineFiles = yes
161SuidCheckQuarantineMethod = 1
162SuidCheckQuarantineDelete = no
163"
164
165mod_suiddata_3 () {
166 one_sec_sleep
167 chmod 4755 "${BASE}/a/a/y"
168}
169
170chk_suiddata_3 () {
171 one_sec_sleep
172 tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
173 if [ "x$tmp" = "x-rwxr-xr-x" ]; then
174 return 0;
175 else
176 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not removed)";
177 return 1
178 fi
179}
180
181SUIDPOLICY_2="
182[ReadOnly]
183file=${BASE}
184[SuidCheck]
185SuidCheckActive = yes
186SuidCheckInterval = 10
187SeveritySuidCheck = crit
188SuidCheckQuarantineFiles = yes
189SuidCheckQuarantineMethod = 0
190SuidCheckQuarantineDelete = no
191"
192
193mod_suiddata_2 () {
194 one_sec_sleep
195 chmod 4755 "${BASE}/a/a/y"
196}
197
198chk_suiddata_2 () {
199 one_sec_sleep
200 tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c`
201 if [ $tmp -ne 0 ]; then
202 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)";
203 return 1
204 fi
205}
206
207SUIDPOLICY_1="
208[ReadOnly]
209file=${BASE}
210[SuidCheck]
211SuidCheckActive = yes
212SuidCheckInterval = 10
213SeveritySuidCheck = crit
214SuidCheckQuarantineFiles = yes
215SuidCheckQuarantineMethod = 0
216SuidCheckQuarantineDelete = yes
217"
218
219mod_suiddata_1 () {
220 one_sec_sleep
221 chmod 4755 "${BASE}/a/a/y"
222}
223
224chk_suiddata_1 () {
225 one_sec_sleep
226 if [ -f "${BASE}/a/a/y" ]; then
227 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not removed)";
228 return 1
229 fi
230}
231
232prep_suidpolicy ()
233{
234 test -f "${RCFILE}" || touch "${RCFILE}"
235 eval echo '"$'"SUIDPOLICY_$1"'"' >>"${RCFILE}"
236}
237
238testrun_internal_1c ()
239{
240 [ -z "$verbose" ] || echo Working directory: $PW_DIR
241 [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
242
243 #
244 # test standalone compilation
245 #
246 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
247
248 if test -r "Makefile"; then
249 $MAKE distclean >/dev/null
250 fi
251
252 ${TOP_SRCDIR}/configure ${BUILDOPTS}
253
254 #
255 if test x$? = x0; then
256 [ -z "$verbose" ] || log_msg_ok "configure...";
257 $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null 2>&1
258 if test x$? = x0; then
259 [ -z "$verbose" ] || log_msg_ok "make...";
260 else
261 [ -z "$quiet" ] && log_msg_fail "make...";
262 return 1
263 fi
264
265 else
266 [ -z "$quiet" ] && log_msg_fail "configure...";
267 return 1
268 fi
269
270 [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
271
272 tcount=1
273 POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'`
274
275 until [ -z "$POLICY" ]
276 do
277 prep_init
278 check_err $? ${tcount}; errval=$?
279 if [ $errval -eq 0 ]; then
280 prep_testdata
281 check_err $? ${tcount}; errval=$?
282 fi
283 if [ $errval -eq 0 ]; then
284 prep_suidpolicy ${tcount}
285 check_err $? ${tcount}; errval=$?
286 fi
287 if [ $errval -eq 0 ]; then
288 run_init
289 check_err $? ${tcount}; errval=$?
290 fi
291 if [ $errval -eq 0 ]; then
292 eval mod_suiddata_${tcount}
293 check_err $? ${tcount}; errval=$?
294 fi
295 if [ $errval -eq 0 ]; then
296 run_check
297 check_err $? ${tcount}; errval=$?
298 fi
299 if [ $errval -eq 0 ]; then
300 eval chk_suiddata_${tcount}
301 check_err $? ${tcount}; errval=$?
302 fi
303 if [ $testrun1_setup -eq 0 ]; then
304 if [ $errval -eq 0 ]; then
305 run_update
306 check_err $? ${tcount}; errval=$?
307 fi
308 if [ $errval -eq 0 ]; then
309 run_check_after_update
310 check_err $? ${tcount}; errval=$?
311 fi
312 fi
313 #
314 if [ $errval -eq 0 ]; then
315 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
316 fi
317 let "tcount = tcount + 1" >/dev/null
318 POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'`
319 done
320
321 return 0
322}
323
324testrun1c ()
325{
326 log_start "RUN STANDALONE W/SUIDCHK"
327 testrun_internal_1c
328 log_end "RUN STANDALONE W/SUIDCHK"
329 return 0
330}
331
Note: See TracBrowser for help on using the repository browser.