Changeset 68 for trunk/test

Timestamp:

Oct 30, 2006, 12:03:44 AM (18 years ago)

Author:

rainer

Message:

Update trunk to samhain 2.3

Location:

trunk/test

Files:

• test.sh (modified) (13 diffs)
• testcompile.sh (modified) (3 diffs)
• testrun_1.sh (modified) (10 diffs)

trunk/test/test.sh

@@ -138 +138 @@
 usage() {
     echo "test.sh [options] <test_number> [hostname]"
-    echo "        [-q|--quiet|-v|--verbose] [-s|--stoponerr] [--no-cleanup]"
+    echo "        [-q|--quiet|-v|--verbose] [-s|--stoponerr] [-n|--no-cleanup]"
     echo "        [--srcdir=top_srcdir] [--color=always|never|auto]"
     echo
@@ -149 +149 @@
     echo "  ${S}test.sh  7${E}  -- GnuPG signed files / prelude log"
     echo "  ${S}test.sh  8${E}  -- Suidcheck"
-
-    echo "  ${S}test.sh 10${E}  -- Test c/s init/check      (testrc_2.in)"
-    echo "  ${S}test.sh 11${E}  -- Test full c/s init/check (testrc_2.in)"
-    echo "  ${S}test.sh 12${E}  -- Test full c/s w/gpg      (testrc_2.in)"
-    echo "  ${S}test.sh 13${E}  -- Test full c/s w/mysql    (testrc_2.in)"
-    echo "  ${S}test.sh 14${E}  -- Test full c/s w/postgres (testrc_2.in)"
+    echo "  ${S}test.sh  9${E}  -- Process check"
+    echo "  ${S}test.sh 10${E}  -- Port check"
+
+    echo "  ${S}test.sh 20${E}  -- Test c/s init/check      (testrc_2.in)"
+    echo "  ${S}test.sh 21${E}  -- Test full c/s init/check (testrc_2.in)"
+    echo "  ${S}test.sh 22${E}  -- Test full c/s w/gpg      (testrc_2.in)"
+    echo "  ${S}test.sh 23${E}  -- Test full c/s w/mysql    (testrc_2.in)"
+    echo "  ${S}test.sh 24${E}  -- Test full c/s w/postgres (testrc_2.in)"
     echo "  ${S}test.sh all${E} -- All tests"
 }
@@ -162 +164 @@
     echo "  (1) testcompile.sh (2) testhash.sh     (3) testrun_1.sh   (4) testrun_1a.sh"
     echo "  (5) testext.sh     (6) testtimesrv.sh  (7) testrun_1b.sh  (8) testrun_1c.sh" 
-    echo " (10) testrun_2.sh  (11) testrun_2a.sh  (12) testrun_2b.sh (13) testrun_2c.sh"
-    echo " (14) testrun_2d.sh"
+    echo "  (9) testrun_1d.sh" 
+    echo " (20) testrun_2.sh  (21) testrun_2a.sh  (22) testrun_2b.sh (23) testrun_2c.sh"
+    echo " (24) testrun_2d.sh"
 }
 
@@ -185 +188 @@
         -q|--quiet)    quiet=on; verbose= ;;
         -s|--stoponerr)     stoponerr=on;;
-        --no-cleanup) cleanup= ;;
+        -n|--no-cleanup) cleanup= ;;
         --really-all) doall=on;;
         --valgrind) usevalgrind=on;;
@@ -366 +369 @@
 
 log_fail () { 
-    log_msg "$1" "$2" failure "$3"; 
+    [ -z "$quiet" ] && log_msg "$1" "$2" failure "$3"; 
     let "failcount = failcount + 1" >/dev/null; 
     test -z "$stoponerr" || exit 1; 
 }
 log_ok ()   { 
-    log_msg "$1" "$2" success "$3"; 
+    [ -z "$quiet" ] && log_msg "$1" "$2" success "$3"; 
     let "okcount = okcount + 1" >/dev/null; 
 }
 log_skip () { 
-    log_msg "$1" "$2" skipped "$3"; 
+    [ -z "$quiet" ] && log_msg "$1" "$2" skipped "$3"; 
     let "skipcount = skipcount + 1" >/dev/null; 
 }
@@ -441 +444 @@
 print_summary ()
 {
-    let "gcount = okcount + skipcount + failcount" >/dev/null;
+    # let "gcount = okcount + skipcount + failcount" >/dev/null;
+    gcount=$MAXTEST;
+    let "failcount = gcount - okcount - skipcount" >/dev/null;
+
     [ -z "$quiet" ] && { 
         echo
@@ -594 +600 @@
     exit $?
 fi
+if test x$1 = x9; then
+    . ${SCRIPTDIR}/testrun_1.sh
+    . ${SCRIPTDIR}/testrun_1d.sh
+    testrun1d
+    print_summary
+    exit $?
+fi
 if test x$1 = x10; then
+    . ${SCRIPTDIR}/testrun_1.sh
+    . ${SCRIPTDIR}/testrun_1e.sh
+    testrun1e
+    print_summary
+    exit $?
+fi
+if test x$1 = x20; then
     . ${SCRIPTDIR}/testrun_2.sh 
     testrun2 $hostname
@@ -600 +620 @@
     exit $?
 fi
-if test x$1 = x11; then
+if test x$1 = x21; then
     . ${SCRIPTDIR}/testrun_2a.sh
     testrun2a $hostname
@@ -606 +626 @@
     exit $?
 fi
-if test x$1 = x12; then
+if test x$1 = x22; then
     . ${SCRIPTDIR}/testrun_2a.sh
     . ${SCRIPTDIR}/testrun_2b.sh
@@ -613 +633 @@
     exit $?
 fi
-if test x$1 = x13; then
+if test x$1 = x23; then
     . ${SCRIPTDIR}/testrun_2a.sh
     . ${SCRIPTDIR}/testrun_2c.sh 
@@ -620 +640 @@
     exit $?
 fi
-if test x$1 = x14; then
+if test x$1 = x24; then
     . ${SCRIPTDIR}/testrun_2a.sh
     . ${SCRIPTDIR}/testrun_2d.sh
@@ -644 +664 @@
     let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
     . ${SCRIPTDIR}/testrun_1c.sh
+    let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
+    . ${SCRIPTDIR}/testrun_1d.sh
+    let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
+    . ${SCRIPTDIR}/testrun_1e.sh
     let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
     . ${SCRIPTDIR}/testrun_2.sh
@@ -687 +711 @@
     MAXTEST=${TEST_MAX}; export MAXTEST
     testrun1c
+    #
+    . ${SCRIPTDIR}/testrun_1.sh
+    . ${SCRIPTDIR}/testrun_1d.sh
+    MAXTEST=${TEST_MAX}; export MAXTEST
+    testrun1d
+    #
+    . ${SCRIPTDIR}/testrun_1.sh
+    . ${SCRIPTDIR}/testrun_1e.sh
+    MAXTEST=${TEST_MAX}; export MAXTEST
+    testrun1e
     #
     . ${SCRIPTDIR}/testrun_2.sh

trunk/test/testcompile.sh

@@ -20 +20 @@
 #
 
-MAXTEST=61; export MAXTEST
+MAXTEST=63; export MAXTEST
 
 run_flawfinder ()
@@ -164 +164 @@
         # test standalone compilation
         #
-        TEST="${S}standalone w/suidcheck${E}"
+        TEST="${S}standalone w/suidcheck w/processcheck${E}"
         #
         if test -r "Makefile"; then
@@ -170 +170 @@
         fi
         #
-        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  --enable-suidcheck > /dev/null 2>> test_log
+        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  --enable-suidcheck --enable-process-check > /dev/null 2>> test_log
+        #
+        let "num = num + 1" >/dev/null
+        testmake $? $num || let "numfail = numfail + 1"  >/dev/null
+        let "num = num + 1" >/dev/null
+        run_smatch $? $num || let "numfail = numfail + 1"  >/dev/null
+
+        #
+        # test standalone compilation
+        #
+        TEST="${S}standalone w/processcheck w/portcheck${E}"
+        #
+        if test -r "Makefile"; then
+                $MAKE distclean 
+        fi
+        #
+        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  --enable-process-check --enable-port-check > /dev/null 2>> test_log
         #
         let "num = num + 1" >/dev/null

trunk/test/testrun_1.sh

@@ -41 +41 @@
 testrun1_setup=0
 
-MAXTEST=11; export MAXTEST
+MAXTEST=13; export MAXTEST
 
 test_dirs () {
@@ -70 +70 @@
 # combine file check schedule with one-shot mode 
 # 
-TESTPOLICY_11="
+TESTPOLICY_13="
 [ReadOnly]
 dir=99${BASE}
 "
 
-mod_testdata_11 () {
+mod_testdata_13 () {
     one_sec_sleep 
     echo "foobar" >"${BASE}/c/x"; # bad
@@ -87 +87 @@
 }
 
-chk_testdata_11 () {
+chk_testdata_13 () {
     # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
     tmp=`grep CRIT $LOGFILE | wc -l`
@@ -110 +110 @@
 }
 
-TESTPOLICY_10="
+TESTPOLICY_12="
 [ReadOnly]
 dir=99${BASE}
@@ -119 +119 @@
 "
 
-mod_testdata_10 () {
+mod_testdata_12 () {
     one_sec_sleep
     echo "foobar" >"${BASE}/b/x"; # ok
@@ -129 +129 @@
 }
 
+chk_testdata_12 () {
+    # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    tmp=`grep CRIT $LOGFILE | wc -l`
+    if [ $tmp -ne 3 ]; then
+        [ -z "$verbose" ] || log_msg_fail "policy count";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
+        return 1
+    fi
+    CDIRS="a a/a a/b a/c c";
+    NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    test_dirs;
+    return $?
+}
+
+#
+# --- ACL/SELinux test case
+#
+TESTPOLICY_11="
+[ReadOnly]
+dir=99${BASE}
+[IgnoreAll]
+dir=-1${BASE}/b
+[Attributes]
+dir=1${BASE}/a
+[Misc]
+UseSelinuxCheck = no
+UseAclCheck = no
+"
+
+mod_testdata_11 () {
+    one_sec_sleep
+    setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
+    setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
+    setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y";    # ok (ign)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x";    # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y";    # bad
+}
+
+chk_testdata_11 () {
+    # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    tmp=`grep CRIT $LOGFILE | wc -l`
+    if [ $tmp -ne 1 ]; then
+        [ -z "$verbose" ] || log_msg_fail "policy count";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
+        return 1
+    fi
+    CDIRS="a a/a a/b a/c c";
+    NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    test_dirs;
+    return $?
+}
+
+TESTPOLICY_10="
+[ReadOnly]
+dir=99${BASE}
+[IgnoreAll]
+dir=-1${BASE}/b
+[Attributes]
+dir=1${BASE}/a
+"
+
+mod_testdata_10 () {
+    one_sec_sleep
+    setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
+    setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
+    setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y";    # ok (ign)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x";    # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y";    # bad
+}
+
 chk_testdata_10 () {
     # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
@@ -136 +228 @@
         return 1
     fi
-    egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
         return 1
     fi
-    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
+    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
         return 1
     fi
@@ -825 +917 @@
 run_check ()
 {
-    ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
-
+     ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
+ 
     if test x$? = x0; then
+
         ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
+
         if [ $? -ne 0 ]; then
             [ -z "$quiet" ]   && log_msg_fail  "mv logfile...";
@@ -927 +1021 @@
 {
     if [ $1 -ne 0 ]; then
-        [ -z "$quiet" ] && log_fail ${2} ${MAXTEST};
+        log_fail ${2} ${MAXTEST};
         return 1
     fi
@@ -1012 +1106 @@
               [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
           fi
+          #
           let "tcount = tcount + 1" >/dev/null
+          #
+          if [ -z "$doall" -a $tcount -eq 10 ]; then
+              log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+              let "tcount = tcount + 1" >/dev/null
+          fi
+          #
+          if [ -z "$doall" -a $tcount -eq 11 ]; then
+              log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+              let "tcount = tcount + 1" >/dev/null
+          fi
+          #
           POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
         done