Index: trunk/test/gnupg/public-key.asc
===================================================================
--- trunk/test/gnupg/public-key.asc	(revision 550)
+++ trunk/test/gnupg/public-key.asc	(revision 550)
@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mI0EVY1+9AEEAMgqIppswdch0ErLLXbRnDgCMwhwaTydnu4NwvyDGSpy+32ODwSC
+lDC+SdiU/tx/gHTqFaVS3WJo9KcEgFNzkypdI2WYx5/ZCUNKZXIibJLcwE89mhf5
+Y4Gv6vVSZgW3nh+PJCumZG/ljb0X1ZDakHO03BEQJ9UfKo8akLhTnSWbABEBAAG0
+OFRlc3RzdWl0ZSBTYW1oYWluICh0ZXN0aW5nIG9ubHkpIDxuby1yZXBseUBsYS1z
+YW1obmEuZGU+iLgEEwECACIFAlWNfvQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
+AheAAAoJEE7Znk6KCzN68b0D/A+ykm13KWjqMGNOf6SF6girei2nvxIMkN2AVks0
+SXQxIbcu/Wzue+fhdHc2BzJTnlC6h9l/5RUNK5+D6+NRfFfCy6d1bESoUMlGK69u
+QnZSb9qepomJos3K9CQasKAsR1uE1mwzT4S7LPcqj1MWKwTnhLEKfG7I5o9MKyE9
+4AvHuI0EVY1+9AEEAL37L+v5AKOrFspzgpKj450XIelkLdkKlqqR7yrQZ+nZKZ9+
+4nWjxs/f+tJLwR9/XeK8YMktpvJkvGHzMz21Wz54iq8EfsTy6fRawfVkePxNAAZT
+cwf4DfCCVTpfEtJnVqoWWzy6elqbkgViLB346jLTUenm6cy8OhBfd5DAibfJABEB
+AAGInwQYAQIACQUCVY1+9AIbDAAKCRBO2Z5Oigszek1JA/94Nkn3UdzNiEogp0hn
+Z6Baabkok/mxULymZ+XWLrDDl2pi84msITxO1tiicZ3nP8zohdFrftFrH1zdoU5h
+n+GgGhsk9Frhj0gXYeBRbZ4NE1EUVoeY/xfe8T+uRAxa6Y0dvlzVsBUH0EAd0L6E
+GUU+G9Edi2T82HPsjeYOg+UI6Q==
+=C5Xk
+-----END PGP PUBLIC KEY BLOCK-----
Index: trunk/test/gnupg/secret-key.asc
===================================================================
--- trunk/test/gnupg/secret-key.asc	(revision 550)
+++ trunk/test/gnupg/secret-key.asc	(revision 550)
@@ -0,0 +1,34 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1
+
+lQHYBFWNfvQBBADIKiKabMHXIdBKyy120Zw4AjMIcGk8nZ7uDcL8gxkqcvt9jg8E
+gpQwvknYlP7cf4B06hWlUt1iaPSnBIBTc5MqXSNlmMef2QlDSmVyImyS3MBPPZoX
++WOBr+r1UmYFt54fjyQrpmRv5Y29F9WQ2pBztNwRECfVHyqPGpC4U50lmwARAQAB
+AAP+MLRD8DRXZCvnnVNb0CYHr38lgL+tc6Dcu4rgr4WMuY350J6g29WUDlo26Lq0
+Wt2xWYFd2/jSQnBMW1lWije8jmuc58sx/Gi3uuNWtSXPQlIK7aa3K6nlX+sXN24C
+w0VAIpNfpXYPPkHUq8YKyPV+9a32LxxE2gG+ZDzQfzrlLPUCANtU22P0IYtDSyaW
+7WCB5rjU7aAywDTC3gXuCVntaZLySpnBcjPlO3n4z6rD/qvsnPqPceKsqLaydrY2
+4s/YcscCAOmg9PpOVZ7Zpj+7BYgkGCcT+lrzzGWhFXHtJhCxa10qZuDZc7kKoDo/
+/FpAtm9WbuLBu3LuEsC1taiXYhUcoo0CAIcVVYHpw6yGcNpf+NegQDLAudYiCLzK
+Lvt4KKns7gIQse3PBzGKuNc98X+MQVf2iL/35XIF/eGZtoObrPLSi8axnbQ4VGVz
+dHN1aXRlIFNhbWhhaW4gKHRlc3Rpbmcgb25seSkgPG5vLXJlcGx5QGxhLXNhbWhu
+YS5kZT6IuAQTAQIAIgUCVY1+9AIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
+CgkQTtmeTooLM3rxvQP8D7KSbXcpaOowY05/pIXqCKt6Lae/EgyQ3YBWSzRJdDEh
+ty79bO575+F0dzYHMlOeULqH2X/lFQ0rn4Pr41F8V8LLp3VsRKhQyUYrr25CdlJv
+2p6miYmizcr0JBqwoCxHW4TWbDNPhLss9yqPUxYrBOeEsQp8bsjmj0wrIT3gC8ed
+AdgEVY1+9AEEAL37L+v5AKOrFspzgpKj450XIelkLdkKlqqR7yrQZ+nZKZ9+4nWj
+xs/f+tJLwR9/XeK8YMktpvJkvGHzMz21Wz54iq8EfsTy6fRawfVkePxNAAZTcwf4
+DfCCVTpfEtJnVqoWWzy6elqbkgViLB346jLTUenm6cy8OhBfd5DAibfJABEBAAEA
+A/sE2qaqTlXsWKI/8Pycl5Bowp8MshET0xfvasQkIWgOSwyrtRe/LryVMiFb/zCD
+iAMTmIGWklKKLfW8QPUFth0LK8c02jIRvCRAc8lr3V+CGmTqxWCPsYWnHxIINc03
+wECMbFHLCAUlKelN/DJIKoI0LJJVvzYEy5xt9SvNBJiW6wIAzKgYNJNAgRvQOeb5
+MxKjCybYoUjFKOfdAaJkTwE0xuSaxap5ZUUfIADXT/C6SpbAfywIBFj8gYrwyPPo
+a4eGcwIA7aSTYyglPlzXc9AbfRh1jiIT4/QhUL1BBvtCVAkfbX1/x5llHCf64bJe
+/j15bBJeGzLAjMIxcSblP4/IYGG90wIA44bpOk4G8Smt3NfDYviixhHSVXXc+GUq
+woCV09mbSwpHNBek7Nec+c53MTRuoj2XPMWrYyeX3LIVDShlbaWWopiziJ8EGAEC
+AAkFAlWNfvQCGwwACgkQTtmeTooLM3pNSQP/eDZJ91HczYhKIKdIZ2egWmm5KJP5
+sVC8pmfl1i6ww5dqYvOJrCE8TtbYonGd5z/M6IXRa37Rax9c3aFOYZ/hoBobJPRa
+4Y9IF2HgUW2eDRNRFFaHmP8X3vE/rkQMWumNHb5c1bAVB9BAHdC+hBlFPhvRHYtk
+/Nhz7I3mDoPlCOk=
+=5aNq
+-----END PGP PRIVATE KEY BLOCK-----
Index: trunk/test/test.sh
===================================================================
--- trunk/test/test.sh	(revision 539)
+++ trunk/test/test.sh	(revision 550)
@@ -154,4 +154,5 @@
     echo "  ${S}test.sh 12${E}  -- CL create DeltaDB" 
     echo "  ${S}test.sh 13${E}  -- CL create/verify partial DB" 
+    echo "  ${S}test.sh 14${E}  -- Signify signed files" 
 
     echo "  ${S}test.sh 20${E}  -- Test c/s init/check      (testrc_2.in)"
@@ -171,5 +172,5 @@
     echo "  (5) testext.sh     (6) testtimesrv.sh  (7) testrun_1b.sh  (8) testrun_1c.sh" 
     echo "  (9) testrun_1d.sh (10) testrun_1e.sh  (11) testrun_1f.sh (12) testrun_1g.sh" 
-    echo " (13) testrun_1h.sh"
+    echo " (13) testrun_1h.sh (14) testrun_1i.sh"
     echo " (20) testrun_2.sh  (21) testrun_2a.sh  (22) testrun_2b.sh (23) testrun_2c.sh"
     echo " (24) testrun_2d.sh (25) testrun_2e.sh  (26) testrun_2f.sh (27) testrun_2g.sh"
@@ -657,4 +658,10 @@
     exit $?
 fi
+if test x$1 = x14; then
+    . ${SCRIPTDIR}/testrun_1i.sh
+    testrun1i
+    print_summary
+    exit $?
+fi
 if test x$1 = x20; then
     . ${SCRIPTDIR}/testrun_2.sh 
@@ -736,4 +743,6 @@
     . ${SCRIPTDIR}/testrun_1h.sh
     let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
+    . ${SCRIPTDIR}/testrun_1i.sh
+    let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
     . ${SCRIPTDIR}/testrun_2.sh
     let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
@@ -809,4 +818,8 @@
     MAXTEST=${TEST_MAX}; export MAXTEST
     testrun1h
+    #
+    . ${SCRIPTDIR}/testrun_1i.sh
+    MAXTEST=${TEST_MAX}; export MAXTEST
+    testrun1i
     #
     . ${SCRIPTDIR}/testrun_2.sh
Index: trunk/test/test1i_samhain.pub
===================================================================
--- trunk/test/test1i_samhain.pub	(revision 550)
+++ trunk/test/test1i_samhain.pub	(revision 550)
@@ -0,0 +1,2 @@
+untrusted comment: signify public key
+RWRGHbBcvfnUvBA0DUrvkt5OIZzdOgD0X8mTn6wKd4UNOHp8mVL2pCKP
Index: trunk/test/testrc_1i.dyn
===================================================================
--- trunk/test/testrc_1i.dyn	(revision 550)
+++ trunk/test/testrc_1i.dyn	(revision 550)
@@ -0,0 +1,40 @@
+untrusted comment: verify with samhain.pub
+RWRGHbBcvfnUvI+f5wRdzGBIpcVr3e3YJoB9f7ltII+sWwTpKBjfh60VkC0e/svAHFR03LIwALRz8CB70EokYYa3FVnmPgWv5Qg=
+
+[Attributes]
+file=/etc
+
+# not really logfiles, but almost guaranteed to exist
+[GrowingLogFiles]
+file=/etc/services
+file=/etc/hosts
+file=/etc/motd
+
+[EventSeverity]
+SeverityUser0=crit
+SeverityUser1=crit
+SeverityReadOnly=crit
+SeverityLogFiles=crit
+SeverityGrowingLogs=crit
+SeverityIgnoreNone=crit
+SeverityAttributes=crit
+SeverityIgnoreAll=warn
+SeverityFiles=notice
+SeverityDirs=info
+SeverityNames=warn
+
+[Log]
+MailSeverity=none
+LogSeverity=warn
+SyslogSeverity=none
+PrintSeverity=info
+
+[Misc]
+Daemon=no
+SetFilecheckTime=120
+SetRecursionLevel=10
+SetLoopTime=60
+ReportFullDetail = no
+ChecksumTest=check
+
+[EOF]
Index: trunk/test/testrc_2.in.asc
===================================================================
--- trunk/test/testrc_2.in.asc	(revision 550)
+++ trunk/test/testrc_2.in.asc	(revision 550)
@@ -0,0 +1,216 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+NotDashEscaped: You need GnuPG to verify this message
+
+#####################################################################
+#
+# Configuration file template for samhain.
+#
+#####################################################################
+# 
+# -- empty lines and lines starting with '#' are ignored 
+# -- you can PGP clearsign this file -- samhain will check (if compiled
+#    with support) or otherwise ignore the signature
+# -- CHECK mail address
+#
+# To each log facility, you can assign a threshold severity. Only
+# reports with at least the threshold severity will be logged
+# to the respective facility (even further below).
+#
+#####################################################################
+#
+# SETUP for file system checking:
+# 
+# (i)   There are several policies, each has its own section. Put files
+#       into the section for the appropriate policy (see below).
+# (ii)  To each policy, you can assign a severity (further below).
+# (iii) To each log facility, you can assign a threshold severity. Only
+#       reports with at least the threshold severity will be logged
+#       to the respective facility (even further below).
+#
+#####################################################################
+
+
+[ReadOnly]
+#
+# for these files, only access time is ignored
+#
+# dir=/usr/bin
+# dir=/bin
+
+file = /var
+file = /bin
+file = /usr
+file = /tmp
+file = /etc
+
+# hopefully does not exist
+file=/etc/toodleedoo
+
+dir=1/usr
+
+[EventSeverity]
+#
+# Here you can assign severities to policy violations.
+# If this severity exceeds the treshold of a log facility (see below),
+# a policy violation will be logged to that facility.
+#
+# Severity for verification failures.
+#
+SeverityReadOnly=crit
+SeverityLogFiles=crit
+SeverityGrowingLogs=crit
+SeverityIgnoreNone=crit
+SeverityAttributes=crit
+#
+# We have a file in IgnoreAll that might or might not be present.
+# Setting the severity to 'info' prevents messages about deleted/new file.
+#
+SeverityIgnoreAll=info
+
+#
+# Files : file access problems
+# Dirs  : directory access problems
+# Names : suspect (non-printable) characters in a pathname
+#
+SeverityFiles=crit
+SeverityDirs=crit
+SeverityNames=warn
+
+[Log]
+#
+# Set threshold severity for log facilities
+# Values: debug, info, notice, warn, mark, err, crit, alert, none.
+# 'mark' is used for timestamps.
+#
+# By default, everything equal to and above the threshold is logged.
+# The specifiers '*', '!', and '=' are interpreted as  
+# 'all', 'all but', and 'only', respectively (like syslogd(8) does, 
+# at least on Linux). 
+# 
+# MailSeverity=*
+# MailSeverity=!warn
+# MailSeverity==crit
+#
+MailSeverity=none
+PrintSeverity=info
+#PRINTClass = "RUN FIL STAMP"
+LogSeverity=none
+SyslogSeverity=none
+ExportSeverity=none
+DatabaseSeverity=none
+
+#databaseseverity=info
+
+[Database]
+# setdbname=samhain
+# setdbtable=log
+setdbuser=samhain
+setdbpassword=samhain
+#AddToDBHash=log_msg
+# AddToDBHash=log_host
+UsePersistent = True
+
+[Utmp]
+#
+# 0 to switch off, 1 to activate
+#
+LoginCheckActive=1
+
+# Severity for logins, multiple logins, logouts
+# 
+SeverityLogin=info
+SeverityLoginMulti=warn
+SeverityLogout=info
+
+# interval for login/logout checks
+#
+LoginCheckInterval=60
+
+[Misc]
+#
+# whether to become a daemon process
+Daemon=no
+
+SetOutgoingIP = 127.0.0.1
+SetServerInterface = 127.0.0.1
+
+UseSeparateLogs=no
+
+SetUseSocket = yes
+SetSocketAllowUid=0
+SetSocketPassword=samhain
+
+SetClientFromAccept = yes
+
+SetUdpActive=no
+
+# the maximum time between client messages (seconds)
+# (this is a log server-only option; the default is 86400 sec = 1 day
+#
+# SetClientTimeLimit=1800
+
+UseClientSeverity = yes
+UseClientClass    = yes
+
+# Format for message headers
+#
+# MessageHeader="%S %T %F %L  "
+
+# priority for peer != address as notified by client
+# (lookup may fail on firewalled client)
+#
+# SeverityLookup = warn
+
+# time till next file check (seconds)
+SetFilecheckTime=600
+
+# Only highest-level (alert) reports will be mailed immediately,
+# others will be queued. Here you can define, when the queue will
+# be flushed (Note: the queue is automatically flushed after
+# completing a file check).
+#
+# maximum time till next mail (seconds)
+SetMailTime=86400
+
+# maximum number of queued mails
+SetMailNum=10
+
+# where to send mail to
+SetMailAddress=root@localhost
+
+# mail relay host
+# SetMailRelay=relay.yourdomain.de
+
+# The binary. Setting the path will allow
+# samhain to check for modifications between
+# startup and exit.
+#
+# SamhainPath=/usr/local/bin/samhain
+
+# where to get time from
+# SetTimeServer=www.yourdomain.de
+
+# where to export logs to
+SetLogServer=localhost
+
+# timer for time stamps
+SetLoopTime=10
+
+# trusted users (root and the effective user are always trusted)
+# TrustedUser=bin
+
+# whether to test signature of files (init/check/none)
+# - if 'none', then we have to decide this on the command line -
+#
+ChecksumTest=check
+
+
+[Clients]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEARECAAYFAlUTGCcACgkQGq0myA9XH2zINACfQb/Wfa19OBbHVkw9uBNMB+lF
+cwUAnR0Geb+sFDcv7JsrrTjY8htjPHd2
+=7wXO
+-----END PGP SIGNATURE-----
Index: trunk/test/testrun_1f.sh
===================================================================
--- trunk/test/testrun_1f.sh	(revision 550)
+++ trunk/test/testrun_1f.sh	(revision 550)
@@ -0,0 +1,292 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+RCFILE="$PW_DIR/testrc_1.dyn";  export RCFILE
+LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
+
+# --enable-login-watch --enable-xml-log 
+# --enable-debug --enable-suidcheck --with-prelude
+
+BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug --with-gpg=/usr/bin/gpg --with-keyid=0x8A0B337A  --with-fp=DCCBBB6625591ECE2B8F3AC94ED99E4E8A0B337A"
+export BUILDOPTS
+
+BASE="${PW_DIR}/testrun_testdata"; export BASE
+TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS
+TFILES="x y z"; export TFILES
+
+###########################################################
+#
+# ---- [Define tests here] ----
+#
+
+# 1 for testing new tests
+testrun1_setup=0
+
+MAXTEST=17; export MAXTEST
+
+TESTPOLICY_17="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_17 () {
+    one_sec_sleep
+    rm "${BASE}/a/a/c/x"   # delete 
+}
+
+TESTPOLICY_16="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_16 () {
+    one_sec_sleep
+    echo "foobar" > "${BASE}/foo"   # new 
+}
+
+prep_sign_file ()
+{
+    scripts/samhainadmin.pl -s ./test/gnupg/ -m R $1 >/dev/null
+    scripts/samhainadmin.pl -s ./test/gnupg/ -k 8A0B337A -m E $1 >/dev/null
+}
+
+
+run_check_CLverify ()
+{
+    if [ "x$1" = "x"  ]; then
+	logsev=debug
+    else
+	logsev=$1
+    fi
+    if test -f ./.samhain_file; then
+	mv ./.samhain_file ./.samhain_file_clverify
+	if [ $? -ne 0 ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "mv ./.samhain_file ...";
+	    return 1
+	fi
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "test -f ./.samhain_file ...";
+	return 1
+    fi
+
+    rm -f test_log_valgrind
+
+    ${VALGRIND} ./samhain -p =err --verify-database ./.samhain_file_clverify 2>>test_log_valgrind
+ 
+    if test x$? = x0; then
+	if [ "x$2" != "xnullok"  ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "check (1)...";
+	    return 1
+	fi
+    else
+	if [ "x$2" = "xnullok"  ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "check (1)...";
+	    return 1
+	fi
+    fi
+
+    LL=`wc -l test_log_valgrind | awk '{ print $1; }'`
+    if ! test x$LL = x0; then
+	[ -z "$quiet" ]   && log_msg_fail  "check (2)...";
+	[ -z "$quiet" ]   && cat test_log_valgrind
+	return 1
+    fi
+    
+    [ -z "$verbose" ] || log_msg_ok    "check...";
+}
+
+run_update_CLverify ()
+{
+    if test -f ./.samhain_file_clverify; then
+	mv ./.samhain_file_clverify ./.samhain_file
+	if [ $? -ne 0 ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "mv ./.samhain_file_clverify ...";
+	    return 1
+	fi
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "test -f ./.samhain_file_clverify ...";
+	return 1
+    fi
+
+    ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind
+
+    if test x$? = x0; then
+	[ -z "$verbose" ] || log_msg_ok    "update...";
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "update...";
+	return 1
+    fi
+}
+
+run_check_after_update_CLverify ()
+{
+    rm -rf $LOGFILE
+
+    run_check_CLverify debug nullok
+}
+
+testrun_internal_CLverify ()
+{
+	[ -z "$verbose" ] || echo Working directory: $PW_DIR
+	[ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
+
+	#
+	# test standalone compilation
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
+
+	if test -r "Makefile"; then
+		$MAKE distclean >/dev/null 
+	fi
+
+	${TOP_SRCDIR}/configure ${BUILDOPTS} 
+
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  >/dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	[ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
+
+	tcount=1
+	POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
+
+	until [ -z "$POLICY" ]
+	do
+	  prep_init
+	  check_err $? ${tcount}; errval=$?
+	  if [ $errval -eq 0 ]; then
+	      prep_testdata
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      prep_testpolicy   ${tcount}
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      prep_sign_file  "${RCFILE}"
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      run_init
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      prep_sign_file  ./.samhain_file
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      eval mod_testdata_${tcount}
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      run_check_CLverify
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $testrun1_setup -eq 0 ]; then
+	      if [ $errval -eq 0 ]; then
+		  prep_sign_file  "${RCFILE}"
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	      if [ $errval -eq 0 ]; then
+		  run_update_CLverify
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	      if [ $errval -eq 0 ]; then
+		  prep_sign_file  ./.samhain_file
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	      if [ $errval -eq 0 ]; then
+		  run_check_after_update_CLverify
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	  fi
+	  #
+	  if [ $errval -eq 0 ]; then
+	      [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
+	  fi
+	  #
+	  let "tcount = tcount + 1" >/dev/null
+	  #
+	  if [ $tcount -eq 10 ]; then
+	      if [ -z "$doall" ]; then
+		  log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+		  log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+		  let "tcount = tcount + 2" >/dev/null
+	      else
+		  # 'id -u' is posix
+		  #
+		  if test -f /usr/xpg4/bin/id
+		  then
+		      my_uid=`/usr/xpg4/bin/id -u`
+		  else
+		      my_uid=`id -u`
+		  fi
+		  #
+		  if [ ${my_uid} -ne 0 ]; then
+		      log_skip 10 $MAXTEST 'ACL/SELinux test (you are not root)'
+		      log_skip 11 $MAXTEST 'ACL/SELinux test (you are not root)'
+		      let "tcount = tcount + 2" >/dev/null
+		  else
+
+		      SETFATTR=`find_path setfattr`
+		      if [ -z "$SETFATTR" ]; then
+			  log_skip 10 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
+			  log_skip 11 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
+			  let "tcount = tcount + 2" >/dev/null
+		      fi
+		  fi
+	      fi
+	  fi
+	  #
+	  POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
+	done
+	    
+	return 0
+}
+
+testrun1f ()
+{
+    log_start "RUN CL Verify"
+    gpg --list-keys | grep 8A0B337A >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+	echo "You need to do 'gpg --import test/gnupg/public-key.asc' first"
+	for ff in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17; do
+	    log_skip $ff $MAXTEST 'CL verify'
+	done
+    else
+	testrun_internal_CLverify
+    fi
+    log_end "RUN CL Verify"
+    return 0
+}
+
+
+
Index: trunk/test/testrun_1g.sh
===================================================================
--- trunk/test/testrun_1g.sh	(revision 550)
+++ trunk/test/testrun_1g.sh	(revision 550)
@@ -0,0 +1,114 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+BUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
+export BUILDOPTS
+
+MAXTEST=1; export MAXTEST
+
+testrun_deltadb ()
+{
+    tcount=1
+
+    if test -r "Makefile"; then
+	$MAKE distclean >/dev/null 
+    fi
+    
+    ${TOP_SRCDIR}/configure ${BUILDOPTS} 
+    
+    if test x$? = x0; then
+	[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+	$MAKE  >/dev/null 2>>test_log
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok "make..."; 
+	else
+	    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+	    return 1
+	fi
+	
+    else
+	[ -z "$quiet" ] &&       log_msg_fail "configure...";
+	return 1
+    fi
+
+    prep_init
+    check_err $? ${tcount}; errval=$?
+
+    if [ $errval -eq 0 ]; then
+	prep_testdata
+	check_err $? ${tcount}; errval=$?
+    fi
+    if [ $errval -eq 0 ]; then
+	prep_testpolicy   1
+	check_err $? ${tcount}; errval=$?
+    fi
+
+    rm "${BASE}/a/a/b/x"
+    rm -f file.*.*-*-*-*-*
+
+    ./samhain --create-database=./tmp_list_file
+
+    check_err $? ${tcount}; errval=$?
+    if [ $errval -eq 0 ]; then
+	num=$( ./samhain -a -d file.*.*-*-*-*-* | grep "1970-01-01T00:00:00" >/dev/null | wc -l )
+	if [ $num -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_ok "list...";
+	else
+	    [ -z "$quiet" ] &&       log_msg_fail "list...";
+	    log_fail ${tcount} ${MAXTEST};
+	fi
+    else
+	[ -z "$quiet" ] &&       log_msg_fail "create...";
+	log_fail ${tcount} ${MAXTEST};
+    fi
+
+    if [ $errval -eq 0 ]; then
+	./samhain --verify-database file.*.*-*-*-*-*
+    fi
+
+    check_err $? ${tcount}; errval=$?
+    if [ $errval -eq 0 ]; then
+	echo "o_O" > "${BASE}/a/a/b/y"
+	./samhain --verify-database file.*.*-*-*-*-*
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$quiet" ] &&       log_msg_fail "detect modify...";
+	check_err 1 ${tcount}; errval=1
+    fi
+
+    if [ $errval -eq 0 ]; then
+	[ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
+    fi
+
+    [ -z "$cleanup" ] || rm -f file.*.*-*-*-*-*
+    return 0
+}
+
+testrun1g ()
+{
+    log_start "RUN CL Create DeltaDB"
+
+    testrun_deltadb
+
+    log_end "RUN CL Create DeltaDB"
+    return 0
+}
+
Index: trunk/test/testrun_1h.sh
===================================================================
--- trunk/test/testrun_1h.sh	(revision 550)
+++ trunk/test/testrun_1h.sh	(revision 550)
@@ -0,0 +1,305 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+RCFILE="$PW_DIR/testrc_1.dyn";  export RCFILE
+LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
+
+# --enable-login-watch --enable-xml-log 
+# --enable-debug --enable-suidcheck --with-prelude
+
+BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug"
+export BUILDOPTS
+
+BASE="${PW_DIR}/testrun_testdata"; export BASE
+TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS
+TFILES="x y z"; export TFILES
+TFILES_PART="c/miss c/add c/change c/leave"; export TFILES_PART
+
+###########################################################
+#
+# ---- [Define tests here] ----
+#
+
+# 1 for testing new tests
+testrun1_setup=0
+
+MAXTEST=5; export MAXTEST
+
+PARTIAL_OUTFILE=".samhain_file_partial"; export PARTIAL_OUTFILE
+PARTIAL_FILTER="c/create c/miss c/change c/leave"; export PARTIAL_FILTER
+
+TEST_PART_POLICY_1="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_partial_1 () {
+    one_sec_sleep
+    rm "${BASE}/a/a/c/x"   # delete 
+}
+EXPECT_1="nullok"
+
+TEST_PART_POLICY_2="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_partial_2 () {
+    one_sec_sleep
+    echo "foobar" > "${BASE}/foo"   # new 
+}
+EXPECT_2="nullok"
+
+TEST_PART_POLICY_3="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_partial_3 () {
+    one_sec_sleep
+    rm -f "${BASE}/c/miss"
+}
+EXPECT_3=""
+
+TEST_PART_POLICY_4="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_partial_4 () {
+    one_sec_sleep
+    echo foo >"${BASE}/c/create"
+}
+EXPECT_4=""
+
+TEST_PART_POLICY_5="
+[ReadOnly]
+dir=${BASE}
+"
+mod_testdata_partial_5 () {
+    one_sec_sleep
+    echo toodledoo >"${BASE}/c/change"
+}
+EXPECT_5=""
+
+#
+# $2 == "nullok" means no mods should be detected,
+# else it is an error to detect no mods
+#
+run_check_partial_verify ()
+{
+    if [ "x$1" = "x"  ]; then
+	logsev=debug
+    else
+	logsev=$1
+    fi
+    if ! test -f ${PARTIAL_OUTFILE}; then
+	[ -z "$quiet" ]   && log_msg_fail  "missing ${PARTIAL_OUTFILE} ...";
+	return 1
+    fi
+
+    rm -f test_log_valgrind
+
+    ${VALGRIND} ./samhain -p =err --verify-database ${PARTIAL_OUTFILE} 2>>test_log_valgrind
+ 
+    if test x$? = x0; then
+	if [ "x$2" != "xnullok"  ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "check (1a)...";
+	    return 1
+	fi
+    else
+	if [ "x$2" = "xnullok"  ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "check (1b)...";
+	    return 1
+	fi
+    fi
+
+    LL=`wc -l test_log_valgrind | awk '{ print $1; }'`
+    if ! test x$LL = x0; then
+	[ -z "$quiet" ]   && log_msg_fail  "check (2)...";
+	[ -z "$quiet" ]   && cat test_log_valgrind
+	return 1
+    fi
+    
+    [ -z "$verbose" ] || log_msg_ok    "check...";
+}
+
+run_update_partial_verify ()
+{
+    ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind
+
+    if test x$? = x0; then
+	[ -z "$verbose" ] || log_msg_ok    "update...";
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "update...";
+	return 1
+    fi
+}
+
+run_check_after_update_partial ()
+{
+    rm -rf $LOGFILE
+
+    run_check_partial_verify debug nullok
+}
+
+create_partial ()
+{
+    echo "${BASE}/c" > test_filter.txt
+    for ff in ${TFILES_PART}; do
+	echo "${BASE}/${ff}" >> test_filter.txt
+    done
+
+    ./samhain -o "${PARTIAL_OUTFILE}" --binary --list-filter=test_filter.txt --list-database=./.samhain_file
+
+    if test x$? = x0; then
+	[ -z "$verbose" ] || log_msg_ok    "create partial DB...";
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "create partial DB...";
+	return 1
+    fi
+
+    if test -f "${PARTIAL_OUTFILE}"; then
+	[ -z "$verbose" ] || log_msg_ok    "partial DB exists...";
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "partial DB exists...";
+	return 1
+    fi
+    rm -f test_filter.txt
+}
+
+prep_partial_testpolicy ()
+{
+    test -f "${RCFILE}" || touch "${RCFILE}"
+    eval echo '"$'"TEST_PART_POLICY_$1"'"' >>"${RCFILE}"
+}
+
+prep_testdata_partial ()
+{
+    prep_testdata
+    if test x$? = x0; then
+	touch "${BASE}/c/miss"
+	touch "${BASE}/c/change"
+	touch "${BASE}/c/leave"
+    else
+	return 1
+    fi
+}
+
+testrun_internal_partial_verify ()
+{
+	[ -z "$verbose" ] || echo Working directory: $PW_DIR
+	[ -z "$verbose" ] || { echo MAKE is $MAKE; echo; }
+
+	#
+	# test standalone compilation
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
+
+	if test -r "Makefile"; then
+		$MAKE distclean >/dev/null 
+	fi
+
+	${TOP_SRCDIR}/configure ${BUILDOPTS} 
+
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  >/dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	[ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; }
+
+	tcount=1
+	POLICY=`eval echo '"$'"TEST_PART_POLICY_$tcount"'"'`
+
+	until [ -z "$POLICY" ]
+	do
+	  prep_init
+	  check_err $? ${tcount}; errval=$?
+	  if [ $errval -eq 0 ]; then
+	      prep_testdata_partial
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      prep_partial_testpolicy   ${tcount}
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      run_init
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      create_partial
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      eval mod_testdata_partial_${tcount}
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $errval -eq 0 ]; then
+	      arg2=`eval echo '"$'"EXPECT_$tcount"'"'`
+	      run_check_partial_verify debug $arg2
+	      check_err $? ${tcount}; errval=$?
+	  fi
+	  if [ $testrun1_setup -eq 0 ]; then
+	      if [ $errval -eq 0 ]; then
+		  run_update_partial_verify
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	      if [ $errval -eq 0 ]; then
+		  create_partial
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	      if [ $errval -eq 0 ]; then
+		  run_check_after_update_partial
+		  check_err $? ${tcount}; errval=$?
+	      fi
+	  fi
+	  #
+	  if [ $errval -eq 0 ]; then
+	      [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
+	  fi
+	  #
+	  let "tcount = tcount + 1" >/dev/null
+	  #
+	  POLICY=`eval echo '"$'"TEST_PART_POLICY_$tcount"'"'`
+	done
+	    
+	return 0
+}
+
+testrun1h ()
+{
+    log_start "RUN CL Partial DB Verify"
+    testrun_internal_partial_verify
+    log_end "RUN CL Partial DB Verify"
+    return 0
+}
+
+
+
Index: trunk/test/testrun_1i.sh
===================================================================
--- trunk/test/testrun_1i.sh	(revision 550)
+++ trunk/test/testrun_1i.sh	(revision 550)
@@ -0,0 +1,322 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+MAXTEST=4; export MAXTEST
+LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
+RCFILE="$PW_DIR/testrc_1.dyn";  export RCFILE
+
+testrun1b_modrc ()
+{
+        ORIGINAL="\[EOF\]"
+        REPLACEMENT="\[PortCheck\]"
+        ex -s $RCFILE <<EOF
+%s/$ORIGINAL/$REPLACEMENT/g
+wq
+EOF
+
+        echo "PortCheckActive = yes" >>"$RCFILE"
+        echo "PortCheckInterface = 127.0.0.1" >>"$RCFILE"
+}
+
+testrun1b_internal ()
+{
+	BUILDOPTS="$1"
+	#
+	# test standalone compilation
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
+	#
+	if test -r "Makefile"; then
+		$MAKE distclean >/dev/null >&1
+	fi
+	#
+	# Bootstrapping
+	#
+	${TOP_SRCDIR}/configure >/dev/null 2>/dev/null
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure (bootstrap)..."; 
+		$MAKE  > /dev/null 2>&1
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make (bootstrap)..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure (bootstrap)...";
+		return 1
+	fi
+	#
+	#
+	${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null
+	#
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  > /dev/null 2>&1
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	cp ${SCRIPTDIR}/testrc_1i.dyn "$RCFILE"
+	
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "copy signed config file...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "copy signed config file...";
+	    return 1
+	fi
+
+	if test "x$2" = "x"; then
+	    :
+	else
+	    CONVERT="$2"
+	    if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then
+		[ -z "$verbose" ] || log_msg_ok "convert..."
+		"${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null
+	    else
+		[ -z "$quiet" ]   && log_msg_fail  "cannot find file stealth_template.jpg"
+		return 1
+	    fi
+	    if [ $? -ne 0 ]; then
+		[ -z "$quiet" ]   && log_msg_fail  "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps";
+		return 1
+	    fi
+
+	    [ -z "$verbose" ] || log_msg_ok "hide..."
+	    ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null
+	    if [ $? -ne 0 ]; then
+		[ -z "$quiet" ]   && log_msg_fail  "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps";
+		return 1
+	    fi
+
+	    mv -f stealth_template.ps "$RCFILE"
+	    if [ $? -ne 0 ]; then
+		[ -z "$quiet" ]   && log_msg_fail  "mv -f stealth_template.ps $RCFILE";
+		return 1
+	    fi
+
+	fi
+
+	rm -f ./.samhain_file
+	rm -f ./.samhain_log
+	rm -f ./.samhain_lock
+
+	./samhain -t init -p none -l info
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "init...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "init...";
+	    return 1
+	fi
+
+	cp ${SCRIPTDIR}/test1i_file.sig $PW_DIR/.samhain_file
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "copy signed database file...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "copy signed database file...";
+	    return 1
+	fi
+}
+
+testrun1b_nogpg ()
+{
+	BUILDOPTS="$1"
+	#
+	# test standalone compilation
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; }
+	#
+	if test -r "Makefile"; then
+		$MAKE distclean >/dev/null >&1
+	fi
+
+	${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null 
+        #
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  > /dev/null 2>&1
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	rm -f ./.samhain_file
+	rm -f ./.samhain_log
+	rm -f ./.samhain_lock
+
+	cp "${SCRIPTDIR}/testrc_1" "${RCFILE}"
+
+	if test "x$2" = "xmodrc"; then
+	    [ -z "$verbose" ] || log_msg_ok    "mod rc...";
+	    testrun1b_modrc
+	fi
+
+	./samhain -t init -p none -l info
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "init...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "init...";
+	    return 1
+	fi
+
+}
+
+do_test_1b () {
+
+    ./samhain -t check -p none -l info
+    
+    if test x$? = x0; then
+	./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
+	if [ $? -ne 0 ]; then
+	    [ -z "$quiet" ]   && log_msg_fail  "mv logfile...";
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "check...";
+    else
+	[ -z "$quiet" ]   && log_msg_fail  "check...";
+	return 1
+    fi
+    #
+    tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l`
+    if [ $tmp -ne 2 ]; then
+	[ -z "$verbose" ] || log_msg_fail "/etc";
+	return 1
+    fi
+    tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l`
+    if [ $tmp -ne 10 ]; then
+	[ -z "$verbose" ] || log_msg_fail "checking";
+	return 1
+    fi
+    egrep "ADDED" $LOGFILE >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_fail "init was incomplete";
+	return 1
+    fi
+    #
+    return 0
+}
+
+testrun1i ()
+{
+    log_start "RUN STANDALONE W/STEALTH W/SIGNIFY"
+    SIGNIFY=`find_path signify-openbsd`
+    if [ -z "$SIGNIFY" ]; then
+	SIGNIFY=`find_path signify`
+    fi
+    if [ -z "$SIGNIFY" ]; then
+	log_skip 1 $MAXTEST 'gpg not found in $PATH'
+	log_skip 2 $MAXTEST 'gpg not found in $PATH'
+	log_skip 3 $MAXTEST 'gpg not found in $PATH'
+	log_skip 4 $MAXTEST 'gpg not found in $PATH'
+    else
+	eval "ls ~/.signify/samhain.pub >/dev/null 2>/dev/null"
+	if [ $? -ne 0 ]; then
+	    log_skip 1 $MAXTEST 'public key ~/.signify/samhain.pub not present'
+	    log_skip 2 $MAXTEST 'public key ~/.signify/samhain.pub not present'
+	    log_skip 3 $MAXTEST 'public key ~/.signify/samhain.pub not present'
+	    log_skip 4 $MAXTEST 'public key ~/.signify/samhain.pub not present'
+	else
+	    #
+	    # -------------  first test -------------
+	    #
+	    BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
+	    testrun1b_internal "${BUILDOPTS}" 
+	    do_test_1b
+	    if [ $? -eq 0 ]; then
+		log_ok   1 $MAXTEST 'signify signed config/database files'
+	    else
+		log_fail 1 $MAXTEST 'signify signed config/database files'
+	    fi
+
+
+	    #
+	    # -------------  second test -------------
+	    #
+	    BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
+	    testrun1b_internal "${BUILDOPTS}" 
+	    do_test_1b
+	    if [ $? -eq 0 ]; then
+		log_ok   2 $MAXTEST 'signify signed config/database files'
+	    else
+		log_fail 2 $MAXTEST 'signify signed config/database files'
+	    fi
+
+
+	    #
+	    # -------------  third test -------------
+	    #
+	    BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --with-pubkey-checksum=62F3EAE3CD9BA8849015060750908790B6326015A20AC0DA --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
+	    testrun1b_internal "${BUILDOPTS}" 
+	    do_test_1b
+	    if [ $? -eq 0 ]; then
+		log_ok   3 $MAXTEST 'signify signed config/database files'
+	    else
+		log_fail 3 $MAXTEST 'signify signed config/database files'
+	    fi
+
+
+	    #
+	    # -------------  fourth test -------------
+	    #
+	    PRECONV=`find_path convert`
+	    "${PRECONV}" --help | grep  ImageMagick >/dev/null 2>&1 && \
+ 		CONVERT="${PRECONV}"
+
+	    if [ -z "$CONVERT" ]; then
+		log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH'
+	    else
+		BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
+		testrun1b_internal "${BUILDOPTS}" "$CONVERT"
+		do_test_1b
+		if [ $? -eq 0 ]; then
+		    log_ok   4 $MAXTEST 'signify signed config/database files'
+		else
+		    log_fail 4 $MAXTEST 'signify signed config/database files'
+		fi
+	    fi
+
+	fi
+    fi
+    log_end "RUN STANDALONE W/STEALTH W/SIGNIFY"
+    return 0
+}
+
Index: trunk/test/testrun_2e.sh
===================================================================
--- trunk/test/testrun_2e.sh	(revision 550)
+++ trunk/test/testrun_2e.sh	(revision 550)
@@ -0,0 +1,299 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
+RCFILE="$PW_DIR/testrc_2";  export RCFILE
+
+SERVER_BUILDOPTS="--quiet  $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST}  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --enable-debug=gdb"; export SERVER_BUILDOPTS
+
+CLIENT_BUILDOPTS="--quiet  $TRUST --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file  --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --enable-debug"; export CLIENT_BUILDOPTS
+
+do_test_2_e () {
+
+	[ -z "$verbose" ] || { 
+	    echo; 
+	    echo "${S}Start Server${E}: ./yule -l info -p none &"; 
+	    echo; 
+	}
+	rm -f test_log_valgrind
+
+ 	# SetSocketAllowUid=$(id -u)
+	#
+	if test -f /usr/xpg4/bin/id; then
+	    MY_ID=$(/usr/xpg4/bin/id -u)
+	else
+	    MY_ID=$(id -u)
+	fi
+	#
+	sed -i -e "s/SetSocketAllowUid=0/SetSocketAllowUid=${MY_ID}/g" $RCFILE
+
+	# Start server
+	#
+	${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind &
+	PROC_Y=$!
+	five_sec_sleep
+
+	./yulectl -c LIST >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (1)";
+	    kill $PROC_Y
+	    return 1
+	fi	
+	NR=$( ./yulectl -c LIST | wc -l )
+	if [ $NR -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (2)";
+	    kill $PROC_Y
+	    return 1
+	fi
+
+	./yulectl -c SCAN localhost.localdomain
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c SCAN";
+	    kill $PROC_Y
+	    return 1
+	fi
+
+	UUID=$(uuidgen)
+	./yulectl -c DELTA:$UUID localhost.localdomain
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c DELTA:$UUID";
+	    kill $PROC_Y
+	    return 1
+	fi
+
+	./yulectl -c RELOAD localhost.localdomain
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c RELOAD";
+	    kill $PROC_Y
+	    return 1
+	fi
+
+	./yulectl -c LIST >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (3)";
+	    kill $PROC_Y
+	    return 1
+	fi	
+	NR=$( ./yulectl -c LIST | wc -l )
+	if [ $NR -ne 3 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (4)";
+	    kill $PROC_Y
+	    return 1
+	fi
+	
+	{ ./yulectl -c LIST | head -n 1 | grep SCAN; } >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (5)";
+	    kill $PROC_Y
+	    return 1
+	fi	
+	{ ./yulectl -c LIST | tail -n 1 | grep RELOAD; } >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (6)";
+	    kill $PROC_Y
+	    return 1
+	fi	
+	{ ./yulectl -c LIST | tail -n 2 | head -n 1| grep "DELTA:$UUID"; } >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (7)";
+	    kill $PROC_Y
+	    return 1
+	fi
+
+	./yulectl -c CANCEL localhost.localdomain
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c CANCEL";
+	    kill $PROC_Y
+	    return 1
+	fi
+	
+	./yulectl -c LIST >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (8)";
+	    kill $PROC_Y
+	    return 1
+	fi	
+	NR=$( ./yulectl -c LIST | wc -l )
+	if [ $NR -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "./yulectl -c LIST (9)";
+	    kill $PROC_Y
+	    return 1
+	fi
+
+	kill $PROC_Y
+	return 0
+}
+
+testrun2e_internal ()
+{
+        [ -z "$verbose" ] || { 
+	    echo; 
+	    echo Working directory: $PW_DIR; echo MAKE is $MAKE; 
+	    echo; 
+	}
+	#
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; }
+	#
+	if test -r "Makefile"; then
+		$MAKE distclean
+	fi
+	#
+	${TOP_SRCDIR}/configure ${CLIENT_BUILDOPTS}
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE > /dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	# save binary and build server
+	#
+	cp samhain samhain.build || return 1
+	$MAKE clean >/dev/null || return 1
+
+	${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS}
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  > /dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+
+	#####################################################################
+	#
+	#
+	rm -f ./.samhain_file
+	rm -f ./.samhain_log
+	rm -f ./.samhain_lock
+	rm -f ./rc.${SH_LOCALHOST}
+	rm -f ./file.${SH_LOCALHOST}
+	rm -f  "./rc.${ALTHOST}"
+	rm -f  "./file.${ALTHOST}"
+
+	cp ${SCRIPTDIR}/testrc_2.in testrc_2
+
+	./samhain.build -t init -p none
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "init...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "init...";
+	    return 1
+	fi
+
+	# Create a password
+
+	SHPW=`./yule -G`
+	if test x"$SHPW" = x; then
+	    [ -z "$quiet" ]   && log_msg_fail  "password not generated -- aborting"
+	    return 1
+	fi
+
+	# Set in client
+
+	./samhain_setpwd samhain.build new $SHPW >/dev/null
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "./samhain_setpwd samhain.build new $SHPW";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "./samhain_setpwd samhain.build new $SHPW";
+	    return 1
+	fi
+
+	mv samhain.build.new  samhain.new || return 1
+
+	rm -f ./.samhain_log*
+	rm -f ./.samhain_lock
+
+	SHCLT=`./yule -P $SHPW`
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "yule -P $SHPW";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "yule -P $SHPW";
+	    return 1
+	fi
+
+	SHCLT1=`echo "${SHCLT}"  | sed s%HOSTNAME%${SH_LOCALHOST}%`
+	AHOST=`find_hostname`
+	SHCLT2=`echo "${SHCLT}"  | sed s%HOSTNAME%${AHOST}%`
+	
+ 	echo $SHCLT1 >> testrc_2
+ 	echo $SHCLT2 >> testrc_2
+
+	cp    ./testrc_2       ./rc.${SH_LOCALHOST}
+	mv    ./.samhain_file  ./file.${SH_LOCALHOST}
+	chmod 644 ./rc.${SH_LOCALHOST}
+	chmod 644 ./file.${SH_LOCALHOST}
+
+	ALTHOST=`find_hostname`
+	cp    ./testrc_2       "./rc.${ALTHOST}"
+	cp    ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null
+	chmod 644 ./rc.${ALTHOST}
+	chmod 644 ./file.${ALTHOST}
+
+	echo $SHPW > ./testpw
+}
+
+MAXTEST=1; export MAXTEST
+
+testrun2e ()
+{
+    log_start "RUN SERVER W/YULECTL";
+    #
+    if [ x"$1" = x ]; then
+	[ -z "$quiet" ] && log_msg_fail "Missing hostname"
+    fi
+    #
+    SH_LOCALHOST=$1; export SH_LOCALHOST
+    #
+    testrun2e_internal
+    do_test_2_e
+    if [ $? -eq 0 ]; then
+	[ -z "$quiet" ] && log_ok   1 ${MAXTEST} "Server w/yulectl";
+    else
+	[ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Server w/yulectl";
+    fi
+    ####### EXIT HERE FOR TESTING ######
+    #
+    #
+    log_end "RUN SERVER W/YULECTL"
+}
Index: trunk/test/testrun_2f.sh
===================================================================
--- trunk/test/testrun_2f.sh	(revision 550)
+++ trunk/test/testrun_2f.sh	(revision 550)
@@ -0,0 +1,390 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
+RCFILE="$PW_DIR/testrc_2";  export RCFILE
+
+SERVER_BUILDOPTS="--quiet  $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST}  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --enable-debug=gdb"; export SERVER_BUILDOPTS
+
+CLIENT_BUILDOPTS="--quiet  $TRUST --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file  --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --enable-debug"; export CLIENT_BUILDOPTS
+
+do_test_2_f () {
+
+	[ -z "$verbose" ] || { 
+	    echo; 
+	    echo "${S}Start Server${E}: ./yule -l info -p none &"; 
+	    echo; 
+	}
+	rm -f test_log_valgrind
+
+ 	# SetSocketAllowUid=$(id -u)
+	#
+	if test -f /usr/xpg4/bin/id; then
+	    MY_ID=$(/usr/xpg4/bin/id -u)
+	else
+	    MY_ID=$(id -u)
+	fi
+	#
+	sed -i -e "s/SetSocketAllowUid=0/SetSocketAllowUid=${MY_ID}/g" $RCFILE
+
+	# Start server
+	#
+	${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind &
+	PROC_Y=$!
+	five_sec_sleep
+
+
+	[ -z "$verbose" ] || { 
+	    echo; 
+	    echo "${S}Start Client${E}: ./samhain.new -t check --foreground --forever .. &"; 
+	    echo; 
+	}
+	${VALGRIND} ./samhain.new -t check -D -p none -l none -e info --bind-address=127.0.0.1 --server-host=localhost >/dev/null 2>>test_log_valgrind 
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "starting samhain.new";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "starting samhain.new";
+	    kill $PROC_Y
+	    return 1
+	fi
+	five_sec_sleep
+	PROC_S=$(  ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' )
+
+	for ff in 1 2; do
+	    five_sec_sleep
+	done
+	egrep "File check completed" $LOGFILE >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (1)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	#
+	# >>> (1) Send SIGTTOU to force a second scan, 
+	# >>>      and verify that it was done
+	#
+	kill -TTOU $PROC_S
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Kill -TTOU";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	for ff in 1 2; do
+	    five_sec_sleep
+	done
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 2 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "sigttou";
+
+	NR=$( egrep "POLICY" $LOGFILE | wc -l )
+	if [ $NR -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (3)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	#
+	# >>> (2) Modify the file system
+	#
+
+	UUID=$(uuidgen)
+	mkdir /tmp/testrun_samhain/$UUID
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "mkdir";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	kill -TTOU $PROC_S
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Kill -TTOU (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	for ff in 1 2; do
+	    five_sec_sleep
+	done
+	NR=$( egrep "POLICY" $LOGFILE | wc -l )
+	if [ $NR -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (4)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "/tmp/testrun_samhain modified";
+
+	kill $PROC_S; 
+	five_sec_sleep
+
+	rm -f ./.samhain_file
+	rm -f ./file.${SH_LOCALHOST} 
+	rm -f "./file.${ALTHOST}"
+
+	rm ./.samhain_log 
+	rm -f ./.samhain_lock
+
+	#
+	# >>> (3) Re-init the database 
+	#
+	./samhain.new -t init -p none
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "init (2) ..";
+	    kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "init (2) ..";
+
+	#
+	# >>> (4) Re-start Samhain with delay
+	#
+
+	sed --in-place -e 's/SetUdpActive=no/StartupLoadDelay=10/g' ./rc.${SH_LOCALHOST}
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "sed (1) ..";
+	    kill $PROC_Y;
+	    return 1
+	fi
+	sed --in-place -e 's/SetUdpActive=no/StartupLoadDelay=10/g' "./rc.${ALTHOST}"
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "sed (2) ..";
+	    kill $PROC_Y;
+	    return 1
+	fi
+
+	${VALGRIND} ./samhain.new -t check -D -p none -l none -e info --bind-address=127.0.0.1 --server-host=localhost >/dev/null 2>>test_log_valgrind 
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "starting samhain.new (2)";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "starting samhain.new (2)";
+	    kill $PROC_Y
+	    return 1
+	fi
+	five_sec_sleep
+	PROC_S=$(  ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' )
+
+	#
+	# >>> (5) Copy database to server after Samhain startup
+	# >>>     verifies that StartupLoadDelay works
+	#
+
+	if test -f ./.samhain_file; then
+	    mv ./.samhain_file ./file.${SH_LOCALHOST}
+	    chmod 644 ./file.${SH_LOCALHOST}
+
+	    ALTHOST=`find_hostname`
+	    cp    ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null
+	    chmod 644 ./file.${ALTHOST}
+	else
+	    [ -z "$verbose" ] || log_msg_fail "baseline file ..";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	for ff in 1 2 3; do
+	    five_sec_sleep
+	done
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (5)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "file check after delay";
+
+	NR=$( egrep "POLICY" $LOGFILE | wc -l )
+	if [ $NR -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (6)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	kill $PROC_S; 
+	kill $PROC_Y
+	return 0
+}
+
+testrun2f_internal ()
+{
+        [ -z "$verbose" ] || { 
+	    echo; 
+	    echo Working directory: $PW_DIR; echo MAKE is $MAKE; 
+	    echo; 
+	}
+	#
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; }
+	#
+	if test -r "Makefile"; then
+		$MAKE distclean
+	fi
+	#
+	${TOP_SRCDIR}/configure ${CLIENT_BUILDOPTS}
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE > /dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	# save binary and build server
+	#
+	cp samhain samhain.build || return 1
+	$MAKE clean >/dev/null || return 1
+
+	${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS}
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  > /dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+
+	#####################################################################
+	#
+	#
+	rm -f ./.samhain_file
+	rm -f ./.samhain_log
+	rm -f ./.samhain_lock
+	rm -f ./rc.${SH_LOCALHOST}
+	rm -f ./file.${SH_LOCALHOST}
+	rm -f  "./rc.${ALTHOST}"
+	rm -f  "./file.${ALTHOST}"
+
+	cp ${SCRIPTDIR}/testrc_2.in testrc_2
+
+	sed --in-place -e 's,file = /tmp,file = /tmp/testrun_samhain,g'  testrc_2
+	mkdir /tmp/testrun_samhain 2>/dev/null
+
+	./samhain.build -t init -p none
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "init...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "init...";
+	    return 1
+	fi
+
+	# Create a password
+
+	SHPW=`./yule -G`
+	if test x"$SHPW" = x; then
+	    [ -z "$quiet" ]   && log_msg_fail  "password not generated -- aborting"
+	    return 1
+	fi
+
+	# Set in client
+
+	./samhain_setpwd samhain.build new $SHPW >/dev/null
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "./samhain_setpwd samhain.build new $SHPW";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "./samhain_setpwd samhain.build new $SHPW";
+	    return 1
+	fi
+
+	mv samhain.build.new  samhain.new || return 1
+
+	rm -f ./.samhain_log*
+	rm -f ./.samhain_lock
+
+	SHCLT=`./yule -P $SHPW`
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "yule -P $SHPW";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "yule -P $SHPW";
+	    return 1
+	fi
+
+	SHCLT1=`echo "${SHCLT}"  | sed s%HOSTNAME%${SH_LOCALHOST}%`
+	AHOST=`find_hostname`
+	SHCLT2=`echo "${SHCLT}"  | sed s%HOSTNAME%${AHOST}%`
+	
+ 	echo $SHCLT1 >> testrc_2
+ 	echo $SHCLT2 >> testrc_2
+
+	cp    ./testrc_2       ./rc.${SH_LOCALHOST}
+	mv    ./.samhain_file  ./file.${SH_LOCALHOST}
+	chmod 644 ./rc.${SH_LOCALHOST}
+	chmod 644 ./file.${SH_LOCALHOST}
+
+	ALTHOST=`find_hostname`
+	cp    ./testrc_2       "./rc.${ALTHOST}"
+	cp    ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null
+	chmod 644 ./rc.${ALTHOST}
+	chmod 644 ./file.${ALTHOST}
+
+	echo $SHPW > ./testpw
+}
+
+MAXTEST=1; export MAXTEST
+
+testrun2f ()
+{
+    log_start "RUN CLIENT/SERVER CASE ONE";
+    #
+    if [ x"$1" = x ]; then
+	[ -z "$quiet" ] && log_msg_fail "Missing hostname"
+    fi
+    #
+    SH_LOCALHOST=$1; export SH_LOCALHOST
+    #
+    testrun2f_internal
+    do_test_2_f
+    if [ $? -eq 0 ]; then
+	[ -z "$quiet" ] && log_ok   1 ${MAXTEST} "Case One Change Management Integration";
+    else
+	[ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Case One Change Management Integration";
+    fi
+    #
+    log_end "RUN CLIENT/SERVER CASE ONE"
+}
Index: trunk/test/testrun_2g.sh
===================================================================
--- trunk/test/testrun_2g.sh	(revision 550)
+++ trunk/test/testrun_2g.sh	(revision 550)
@@ -0,0 +1,826 @@
+#! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2015)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
+RCFILE="$PW_DIR/testrc_2";  export RCFILE
+
+SERVER_BUILDOPTS="--quiet  $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST}  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --enable-debug=gdb --enable-static"; export SERVER_BUILDOPTS
+
+CLIENT_BUILDOPTS="--quiet  $TRUST --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file  --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --enable-static"; export CLIENT_BUILDOPTS
+
+TEST_DIRS="one two three four"
+TEST_FILES="change leave rmthis"
+BASE="/tmp/testrun_samhain"
+
+TEST_LIST="./tmp_list_file"
+
+ALTHOST=`find_hostname`
+
+PROC_S=0; export PROC_S
+PROC_Y=0; export PROC_Y
+
+mod_files ()
+{
+    rm -f "${TEST_LIST}"
+    touch "${TEST_LIST}"
+    #
+    for dd in ${TEST_DIRS}; do
+	echo "changed" > "${BASE}/$dd/change"
+	rm -f "${BASE}/$dd/rmthis"
+	echo "added" > "${BASE}/$dd/addedthis"
+	echo "${BASE}/$dd"           >> "${TEST_LIST}"
+	echo "${BASE}/$dd/change"    >> "${TEST_LIST}"
+	echo "${BASE}/$dd/rmthis"    >> "${TEST_LIST}"
+	echo "${BASE}/$dd/addedthis" >> "${TEST_LIST}"
+    done
+}
+
+do_test_2_g_yule_start () {
+
+	[ -z "$verbose" ] || { 
+	    echo; 
+	    echo "${S}Start Server${E}: ./yule -l info -p none &"; 
+	    echo; 
+	}
+	rm -f test_log_valgrind
+
+ 	# SetSocketAllowUid=$(id -u)
+	#
+	if test -f /usr/xpg4/bin/id; then
+	    MY_ID=$(/usr/xpg4/bin/id -u)
+	else
+	    MY_ID=$(id -u)
+	fi
+	#
+	sed -i -e "s/SetSocketAllowUid=0/SetSocketAllowUid=${MY_ID}/g" $RCFILE
+
+	# Start server
+	#
+	${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind &
+	PROC_Y=$!
+	five_sec_sleep
+
+
+	[ -z "$verbose" ] || { 
+	    echo; 
+	    echo "${S}Start Client${E}: ./samhain.new -t check -D .. &"; 
+	    echo; 
+	}
+	${VALGRIND} ./samhain.new -t check -D -p none -l none -e info --bind-address=127.0.0.1 --server-host=localhost >/dev/null 2>>test_log_valgrind 
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "starting samhain.new";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "starting samhain.new";
+	    kill $PROC_Y
+	    return 1
+	fi
+	five_sec_sleep
+	PROC_S=$(  ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' | sort | head -n 1 )
+
+	for ff in 1 2; do
+	    five_sec_sleep
+	done
+	egrep "File check completed" $LOGFILE >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (1)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	return 0
+}
+
+do_test_2_g_two () {
+
+	#
+	# >>> Modify files
+	#
+	mod_files
+	#
+	if ! test -f ${TEST_LIST}; then
+	    [ -z "$verbose" ] || log_msg_fail "No file list created";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	#
+	#
+	# >>> Trigger a scan
+	#
+	kill -TTOU $PROC_S
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Kill -TTOU";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	for ff in 1 2 3; do
+	    five_sec_sleep
+	done
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 2 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "sigttou";
+
+	NR=$( egrep "POLICY" $LOGFILE | grep ReadOnly | wc -l )
+	if [ $NR -ne 8 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (ReadOnly)";  
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	NR=$( egrep "POLICY" $LOGFILE | grep ADDED | wc -l )
+	if [ $NR -ne 4 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (added)";  
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	NR=$( egrep "POLICY" $LOGFILE | grep MISSING | wc -l )
+	if [ $NR -ne 4 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (removed)";  
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	kill $PROC_S; 
+	kill $PROC_Y;
+	return 0
+}
+
+do_test_2_g_one () {
+
+	#
+	# >>> (1) Modify files, create DeltaDB from file list in ${TEST_LIST}
+	#
+	mod_files
+	#
+	if ! test -f ${TEST_LIST}; then
+	    [ -z "$verbose" ] || log_msg_fail "No file list created";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	#
+	./samhain.new --outfile ./file.delta --create-database "${TEST_LIST}"
+	#
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Create DeltaDB";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	if ! test -f ./file.delta; then
+	    [ -z "$verbose" ] || log_msg_fail "No DeltaDB created";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	#
+	# >>> (2) Copy to server and tag with a UUID
+	#
+	UUID=$(uuidgen)
+	mv ./file.delta file.${SH_LOCALHOST}.${UUID}
+	cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}"
+	
+	#
+	# >>> (3) Tell client to load delta database.
+	# >>>     testrc_2: timestamps every 10 sec
+	#
+	grep '^SetLoopTime=10$' rc.${SH_LOCALHOST} >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "SetLoopTime != 10 in rc.${SH_LOCALHOST}";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	grep '^SetLoopTime=10$' rc.${ALTHOST} >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "SetLoopTime != 10 in rc.${ALTHOST}";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	./yulectl -c "DELTA:${UUID}" ${SH_LOCALHOST}
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (1)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	./yulectl -c "DELTA:${UUID}" ${ALTHOST}
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l )
+	if [ $NR -ne 2 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (3)";
+	    [ -z "$verbose" ] || ./yulectl -c LIST
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	# Wait and verify that command has been sent
+	#
+	for tt in 1 2 3 4; do
+	    five_sec_sleep
+	done
+	#
+	NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l )
+	if [ $NR -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (4)";
+	    [ -z "$verbose" ] || ./yulectl -c LISTALL
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	#
+	# >>> (4) Trigger a scan
+	#
+	kill -TTOU $PROC_S
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Kill -TTOU";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	for ff in 1 2; do
+	    five_sec_sleep
+	done
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 2 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "sigttou";
+
+	NR=$( egrep "POLICY" $LOGFILE | wc -l )
+	if [ $NR -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (3)";  
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	# --- The End ---
+
+	kill $PROC_S; 
+	kill $PROC_Y
+	return 0
+}
+
+do_test_2_g_three () {
+
+	#
+	# >>> (1) Modify files, create DeltaDB from file list in ${TEST_LIST}
+	#
+	mod_files
+	#
+	if ! test -f ${TEST_LIST}; then
+	    [ -z "$verbose" ] || log_msg_fail "No file list created";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	#
+	./samhain.new --outfile ./file.delta --create-database "${TEST_LIST}"
+	#
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Create DeltaDB";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	if ! test -f ./file.delta; then
+	    [ -z "$verbose" ] || log_msg_fail "No DeltaDB created";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "... DeltaDB created ...";
+	
+	#
+	# >>> (2) Copy to server and tag with a UUID
+	#
+	UUID=$(uuidgen)
+	if [ x"$1" != "xnosig" ]; then
+	    scripts/samhainadmin.pl -s ./test/gnupg/ -k 8A0B337A -m E ./file.delta >/dev/null
+	fi
+	if [ x"$1" == "xnodelta" ]; then
+	    rm -f ./file.*
+	else
+	    mv ./file.delta file.${SH_LOCALHOST}.${UUID}
+	    cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}"
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "... DeltaDB copied as file.${SH_LOCALHOST}.${UUID} ...";
+	
+	#
+	# >>> (3) Tell client to load delta database.
+	# >>>     testrc_2: timestamps every 10 sec
+	#
+	grep '^SetLoopTime=10$' rc.${SH_LOCALHOST} >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "SetLoopTime != 10 in rc.${SH_LOCALHOST}";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	grep '^SetLoopTime=10$' rc.${ALTHOST} >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "SetLoopTime != 10 in rc.${ALTHOST}";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	./yulectl -c "DELTA:${UUID}" ${SH_LOCALHOST}
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (1)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	./yulectl -c "DELTA:${UUID}" ${ALTHOST}
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l )
+	if [ $NR -ne 2 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (3)";
+	    [ -z "$verbose" ] || ./yulectl -c LIST
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "... command sent to client ...";
+
+	# Wait and verify that command has been sent
+	#
+	for tt in 1 2 3 4; do
+	    five_sec_sleep
+	done
+	#
+	NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l )
+	if [ $NR -ne 1 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "yulectl (4)";
+	    [ -z "$verbose" ] || ./yulectl -c LISTALL
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || OLINE=$( ./yulectl -c LIST | grep ${UUID} )
+	[ -z "$verbose" ] || echo "${OLINE}"
+
+	#
+	# >>> (4) Trigger a scan
+	#
+	kill -TTOU $PROC_S
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Kill -TTOU";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || echo    " ... TTOU sent to /${PROC_S}/ ...";
+	
+	for ff in 1 2; do
+	    five_sec_sleep
+	done
+	if [ x"$1" != x ]; then
+	    if [ x"$1" = xnodelta ]; then
+		NR=$( egrep "File download failed" $LOGFILE | wc -l )
+	    else
+		NR=$( egrep "No good signature" $LOGFILE | wc -l )
+	    fi
+	    if [ $NR -ne 1 ]; then
+		[ -z "$verbose" ] || log_msg_fail "Client file check (expected fail)";
+		kill $PROC_S; kill $PROC_Y;
+		return 1
+	    else
+		[ -z "$verbose" ] || log_msg_ok "Client file check (expected fail)";
+		kill $PROC_S; kill $PROC_Y;
+		return 0
+	    fi
+	fi
+
+	NR=$( egrep "File check completed" $LOGFILE | wc -l )
+	if [ $NR -ne 2 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (2)";
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+	[ -z "$verbose" ] || log_msg_ok    "sigttou";
+
+	NR=$( egrep "POLICY" $LOGFILE | wc -l )
+	if [ $NR -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "Client file check (3)";  
+	    kill $PROC_S; kill $PROC_Y;
+	    return 1
+	fi
+
+	# --- The End ---
+
+	kill $PROC_S; 
+	kill $PROC_Y
+	return 0
+}
+
+testrun2g_prepare ()
+{
+	#####################################################################
+	#
+	# Create test area and initialize database
+	#
+	rm -f ./.samhain_file
+	rm -f ./.samhain_log
+	rm -f ./.samhain_lock
+	rm -f ./rc.${SH_LOCALHOST}
+	rm -f ./rc.${ALTHOST}
+	rm -f ./file.*
+	#
+	rm -rf ${BASE}
+	#
+	mkdir ${BASE} 2>/dev/null
+	for dd in ${TEST_DIRS}; do
+	    mkdir ${BASE}/$dd
+	    for ff in ${TEST_FILES}; do
+		echo "foobar" > ${BASE}/$dd/$ff
+	    done
+	done
+	#
+	./samhain.build -t init -p none
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "init...";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "init...";
+	    return 1
+	fi
+}
+
+testrun2g_build ()
+{
+        [ -z "$verbose" ] || { 
+	    echo; 
+	    echo Working directory: $PW_DIR; echo MAKE is $MAKE; 
+	    echo; 
+	}
+	#
+	#
+	[ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; }
+	#
+	if test -r "Makefile"; then
+		$MAKE distclean
+	fi
+	#
+	${TOP_SRCDIR}/configure ${CLIENT_BUILDOPTS} $1 $2 >/dev/null 2>&1
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE > /dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	# save binary and build server
+	#
+	cp samhain samhain.build || return 1
+	$MAKE clean >/dev/null || return 1
+
+	${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS}
+	#
+	if test x$? = x0; then
+		[ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+		$MAKE  > /dev/null 2>>test_log
+		if test x$? = x0; then
+		    [ -z "$verbose" ] || log_msg_ok "make..."; 
+		else
+		    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+		    return 1
+		fi
+
+	else
+		[ -z "$quiet" ] &&       log_msg_fail "configure...";
+		return 1
+	fi
+
+	# Create a password
+
+	SHPW=`./yule -G`
+	if test x"$SHPW" = x; then
+	    [ -z "$quiet" ]   && log_msg_fail  "password not generated -- aborting"
+	    return 1
+	fi
+
+	# Set in client
+
+	./samhain_setpwd samhain.build new $SHPW >/dev/null
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "./samhain_setpwd samhain.build new $SHPW";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "./samhain_setpwd samhain.build new $SHPW";
+	    return 1
+	fi
+
+	mv samhain.build.new  samhain.new || return 1
+
+	rm -f ./.samhain_log*
+	rm -f ./.samhain_lock
+
+	SHCLT=`./yule -P $SHPW`
+
+	if test x$? = x0; then
+	    [ -z "$verbose" ] || log_msg_ok    "yule -P $SHPW";
+	else
+	    [ -z "$quiet" ]   && log_msg_fail  "yule -P $SHPW";
+	    return 1
+	fi
+
+	SHCLT1=`echo "${SHCLT}"  | sed s%HOSTNAME%${SH_LOCALHOST}%`
+	AHOST=`find_hostname`
+	SHCLT2=`echo "${SHCLT}"  | sed s%HOSTNAME%${AHOST}%`
+	
+	cp ${SCRIPTDIR}/testrc_2.in testrc_2
+	#
+	sed --in-place -e 's,file = /tmp,dir = 99/tmp/testrun_samhain,g' testrc_2
+	# 
+	sed --in-place -e 's,SetUdpActive=no,ReportCheckflags=yes,g' testrc_2
+	#
+ 	echo $SHCLT1 >> testrc_2
+ 	echo $SHCLT2 >> testrc_2
+
+	echo $SHPW > ./testpw
+}
+
+testrun2g_signrc ()
+{
+    scripts/samhainadmin.pl -s ./test/gnupg/ -m R $1 >/dev/null
+    scripts/samhainadmin.pl -s ./test/gnupg/ -k 8A0B337A -m E $1 >/dev/null
+}
+
+testrun2g_signdb ()
+{
+    scripts/samhainadmin.pl -s ./test/gnupg/ -k 8A0B337A -m E ./.samhain_file >/dev/null
+}
+
+copy_rc_db_files ()
+{
+	cp    ./testrc_2       ./rc.${SH_LOCALHOST}
+	mv    ./.samhain_file  ./file.${SH_LOCALHOST}
+	if [ $? -ne 0 ]; then
+	    [ -z "$verbose" ] || log_msg_fail "No .samhain_file";
+	    return 1
+	fi
+	chmod 644 ./rc.${SH_LOCALHOST}
+	chmod 644 ./file.${SH_LOCALHOST}
+
+	cp    ./testrc_2       "./rc.${ALTHOST}"
+	cp    ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null
+	chmod 644 ./rc.${ALTHOST}
+	chmod 644 ./file.${ALTHOST}
+}
+
+MAXTEST=6; export MAXTEST
+
+testrun2g ()
+{
+    log_start "RUN CLIENT/SERVER CASE TWO";
+    #
+    if [ x"$1" = x ]; then
+	[ -z "$quiet" ] && log_msg_fail "Missing hostname"
+    fi
+    #
+    SH_LOCALHOST=$1; export SH_LOCALHOST
+    #
+
+
+    # Test with missing delta
+    #
+    gpg --list-keys | grep 8A0B337A >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+	echo "You need to do 'gpg --import test/gnupg/public-key.asc' first"
+	log_skip 1 $MAXTEST 'Case Two w/signed files'
+    else
+	testrun2g_build "--with-gpg=/usr/bin/gpg" "--with-keyid=0x8A0B337A"
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "build..";
+	    testrun2g_signrc ./testrc_2
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign rc..";
+	    testrun2g_prepare
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "prepare..";
+	    testrun2g_signdb
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign db..";
+	    copy_rc_db_files
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "copy..";
+	    do_test_2_g_yule_start
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "start yule..";
+	    do_test_2_g_three nodelta
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$quiet" ] && log_ok   1 ${MAXTEST} "Case Two w/missing delta";
+	else
+	    [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Case Two w/missing delta";
+	fi
+    fi
+
+    # Test with unsigned delta
+    #
+    gpg --list-keys | grep 8A0B337A >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+	echo "You need to do 'gpg --import test/gnupg/public-key.asc' first"
+	log_skip 1 $MAXTEST 'Case Two w/signed files'
+    else
+	testrun2g_build "--with-gpg=/usr/bin/gpg" "--with-keyid=0x8A0B337A"
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "build..";
+	    testrun2g_signrc ./testrc_2
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign rc..";
+	    testrun2g_prepare
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "prepare..";
+	    testrun2g_signdb
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign db..";
+	    copy_rc_db_files
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "copy..";
+	    do_test_2_g_yule_start
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "start yule..";
+	    do_test_2_g_three nosig
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$quiet" ] && log_ok   1 ${MAXTEST} "Case Two w/unsigned delta";
+	else
+	    [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Case Two w/unsigned delta";
+	fi
+    fi
+
+    # Test with signed files, no sig client
+    #
+    gpg --list-keys | grep 8A0B337A >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+	echo "You need to do 'gpg --import test/gnupg/public-key.asc' first"
+	log_skip 1 $MAXTEST 'Case Two w/signed files'
+    else
+	testrun2g_build
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "build..";
+	    testrun2g_signrc ./testrc_2
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign rc..";
+	    testrun2g_prepare
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "prepare..";
+	    testrun2g_signdb
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign db..";
+	    copy_rc_db_files
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "copy..";
+	    do_test_2_g_yule_start
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "start yule..";
+	    do_test_2_g_three
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$quiet" ] && log_ok   1 ${MAXTEST} "Case Two w/signed files+nosig client";
+	else
+	    [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Case Two w/signed files+nosig client";
+	fi
+    fi
+
+    # Test with signed files
+    #
+    gpg --list-keys | grep 8A0B337A >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+	echo "You need to do 'gpg --import test/gnupg/public-key.asc' first"
+	log_skip 1 $MAXTEST 'Case Two w/signed files'
+    else
+	testrun2g_build "--with-gpg=/usr/bin/gpg" "--with-keyid=0x8A0B337A"
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "build..";
+	    testrun2g_signrc ./testrc_2
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign rc..";
+	    testrun2g_prepare
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "prepare..";
+	    testrun2g_signdb
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "sign db..";
+	    copy_rc_db_files
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "copy..";
+	    do_test_2_g_yule_start
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$verbose" ] || log_msg_ok    "start yule..";
+	    do_test_2_g_three
+	fi
+	if [ $? -eq 0 ]; then
+	    [ -z "$quiet" ] && log_ok   1 ${MAXTEST} "Case Two w/signed files";
+	else
+	    [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Case Two w/signed files";
+	fi
+    fi
+
+    # Test with non-signed files
+    #
+    testrun2g_build
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "build..";
+	testrun2g_prepare
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "prepare..";
+	copy_rc_db_files
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "copy..";
+	do_test_2_g_yule_start
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "start yule..";
+	do_test_2_g_one
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$quiet" ] && log_ok   2 ${MAXTEST} "Case Two w/unsigned files";
+    else
+	[ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Case Two w/unsigned files";
+    fi
+
+
+
+    #
+    testrun2g_prepare
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "prepare..";
+	copy_rc_db_files
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "copy..";
+	do_test_2_g_yule_start
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$verbose" ] || log_msg_ok    "start yule..";
+	do_test_2_g_two
+    fi
+    if [ $? -eq 0 ]; then
+	[ -z "$quiet" ] && log_ok   3 ${MAXTEST} "Case Two w/o delta";
+    else
+	[ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Case Two w/o delta";
+    fi
+
+
+    log_end "RUN CLIENT/SERVER CASE TWO"
+}