Ignore:
Timestamp:
Aug 17, 2006, 10:31:24 PM (18 years ago)
Author:
rainer
Message:

Fix for bug with SuidCheckExclude (ticket #30)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/test/testrun_1c.sh

    r51 r55  
    2323export BUILDOPTS
    2424
    25 MAXTEST=6; export MAXTEST
     25MAXTEST=7; export MAXTEST
    2626
    2727## Quarantine SUID/SGID files if found
     
    3939#
    4040# SuidCheckQuarantineDelete = yes
     41
     42SUIDPOLICY_7="
     43[ReadOnly]
     44file=${BASE}
     45[SuidCheck]
     46SuidCheckActive = yes
     47SuidCheckExclude = ${BASE}/a/a
     48SuidCheckInterval = 10
     49SeveritySuidCheck = crit
     50SuidCheckQuarantineFiles = no
     51SuidCheckQuarantineMethod = 2
     52SuidCheckQuarantineDelete = yes
     53"
     54
     55mod_suiddata_7 () {
     56    one_sec_sleep
     57    chmod 4444 "${BASE}/a/a/y"
     58    chmod 4444 "${BASE}/a/a/a/y"
     59    mkdir "${BASE}/a/abc"
     60    touch "${BASE}/a/abc/y"
     61    chmod 4444 "${BASE}/a/abc/y"
     62}
     63
     64chk_suiddata_7 () {
     65    one_sec_sleep
     66    tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'`
     67    if [ "x$tmp" = "x-r-Sr--r--" ]; then
     68        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
     69        if [ $? -eq 0 ]; then
     70            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
     71            return 1
     72        fi
     73        egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1
     74        if [ $? -eq 0 ]; then
     75            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y";
     76            return 1
     77        fi
     78    else
     79        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)";
     80        return 1
     81    fi
     82    tmp=`ls -l "${BASE}/a/a/a/y" 2>/dev/null | awk '{ print $1}'`
     83    if [ "x$tmp" = "x-r-Sr--r--" ]; then
     84        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1
     85        if [ $? -eq 0 ]; then
     86            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y";
     87            return 1
     88        fi
     89        egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1
     90        if [ $? -eq 0 ]; then
     91            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y";
     92            return 1
     93        fi
     94    else
     95        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y (suid not kept)";
     96        return 1
     97    fi
     98    tmp=`ls -l "${BASE}/a/abc/y" 2>/dev/null | awk '{ print $1}'`
     99    if [ "x$tmp" = "x-r-Sr--r--" ]; then
     100        egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1
     101        if [ $? -ne 0 ]; then
     102            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y";
     103            return 1
     104        fi
     105        egrep "CRIT.*POLICY ADDED.*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1
     106        if [ $? -ne 0 ]; then
     107            [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y";
     108            return 1
     109        fi
     110        return 0;
     111    else
     112        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y (suid not kept)";
     113        return 1
     114    fi
     115}
     116
    41117
    42118SUIDPOLICY_6="
Note: See TracChangeset for help on using the changeset viewer.