Index: trunk/test/test.sh =================================================================== --- trunk/test/test.sh (revision 67) +++ trunk/test/test.sh (revision 68) @@ -138,5 +138,5 @@ usage() { echo "test.sh [options] [hostname]" - echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [--no-cleanup]" + echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [-n|--no-cleanup]" echo " [--srcdir=top_srcdir] [--color=always|never|auto]" echo @@ -149,10 +149,12 @@ echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" echo " ${S}test.sh 8${E} -- Suidcheck" - - echo " ${S}test.sh 10${E} -- Test c/s init/check (testrc_2.in)" - echo " ${S}test.sh 11${E} -- Test full c/s init/check (testrc_2.in)" - echo " ${S}test.sh 12${E} -- Test full c/s w/gpg (testrc_2.in)" - echo " ${S}test.sh 13${E} -- Test full c/s w/mysql (testrc_2.in)" - echo " ${S}test.sh 14${E} -- Test full c/s w/postgres (testrc_2.in)" + echo " ${S}test.sh 9${E} -- Process check" + echo " ${S}test.sh 10${E} -- Port check" + + echo " ${S}test.sh 20${E} -- Test c/s init/check (testrc_2.in)" + echo " ${S}test.sh 21${E} -- Test full c/s init/check (testrc_2.in)" + echo " ${S}test.sh 22${E} -- Test full c/s w/gpg (testrc_2.in)" + echo " ${S}test.sh 23${E} -- Test full c/s w/mysql (testrc_2.in)" + echo " ${S}test.sh 24${E} -- Test full c/s w/postgres (testrc_2.in)" echo " ${S}test.sh all${E} -- All tests" } @@ -162,6 +164,7 @@ echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" - echo " (10) testrun_2.sh (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh" - echo " (14) testrun_2d.sh" + echo " (9) testrun_1d.sh" + echo " (20) testrun_2.sh (21) testrun_2a.sh (22) testrun_2b.sh (23) testrun_2c.sh" + echo " (24) testrun_2d.sh" } @@ -185,5 +188,5 @@ -q|--quiet) quiet=on; verbose= ;; -s|--stoponerr) stoponerr=on;; - --no-cleanup) cleanup= ;; + -n|--no-cleanup) cleanup= ;; --really-all) doall=on;; --valgrind) usevalgrind=on;; @@ -366,14 +369,14 @@ log_fail () { - log_msg "$1" "$2" failure "$3"; + [ -z "$quiet" ] && log_msg "$1" "$2" failure "$3"; let "failcount = failcount + 1" >/dev/null; test -z "$stoponerr" || exit 1; } log_ok () { - log_msg "$1" "$2" success "$3"; + [ -z "$quiet" ] && log_msg "$1" "$2" success "$3"; let "okcount = okcount + 1" >/dev/null; } log_skip () { - log_msg "$1" "$2" skipped "$3"; + [ -z "$quiet" ] && log_msg "$1" "$2" skipped "$3"; let "skipcount = skipcount + 1" >/dev/null; } @@ -441,5 +444,8 @@ print_summary () { - let "gcount = okcount + skipcount + failcount" >/dev/null; + # let "gcount = okcount + skipcount + failcount" >/dev/null; + gcount=$MAXTEST; + let "failcount = gcount - okcount - skipcount" >/dev/null; + [ -z "$quiet" ] && { echo @@ -594,5 +600,19 @@ exit $? fi +if test x$1 = x9; then + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1d.sh + testrun1d + print_summary + exit $? +fi if test x$1 = x10; then + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1e.sh + testrun1e + print_summary + exit $? +fi +if test x$1 = x20; then . ${SCRIPTDIR}/testrun_2.sh testrun2 $hostname @@ -600,5 +620,5 @@ exit $? fi -if test x$1 = x11; then +if test x$1 = x21; then . ${SCRIPTDIR}/testrun_2a.sh testrun2a $hostname @@ -606,5 +626,5 @@ exit $? fi -if test x$1 = x12; then +if test x$1 = x22; then . ${SCRIPTDIR}/testrun_2a.sh . ${SCRIPTDIR}/testrun_2b.sh @@ -613,5 +633,5 @@ exit $? fi -if test x$1 = x13; then +if test x$1 = x23; then . ${SCRIPTDIR}/testrun_2a.sh . ${SCRIPTDIR}/testrun_2c.sh @@ -620,5 +640,5 @@ exit $? fi -if test x$1 = x14; then +if test x$1 = x24; then . ${SCRIPTDIR}/testrun_2a.sh . ${SCRIPTDIR}/testrun_2d.sh @@ -644,4 +664,8 @@ let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1c.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1d.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1e.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2.sh @@ -687,4 +711,14 @@ MAXTEST=${TEST_MAX}; export MAXTEST testrun1c + # + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1d.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1d + # + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1e.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1e # . ${SCRIPTDIR}/testrun_2.sh Index: trunk/test/testcompile.sh =================================================================== --- trunk/test/testcompile.sh (revision 67) +++ trunk/test/testcompile.sh (revision 68) @@ -20,5 +20,5 @@ # -MAXTEST=61; export MAXTEST +MAXTEST=63; export MAXTEST run_flawfinder () @@ -164,5 +164,5 @@ # test standalone compilation # - TEST="${S}standalone w/suidcheck${E}" + TEST="${S}standalone w/suidcheck w/processcheck${E}" # if test -r "Makefile"; then @@ -170,5 +170,21 @@ fi # - ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck > /dev/null 2>> test_log + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck --enable-process-check > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/processcheck w/portcheck${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-process-check --enable-port-check > /dev/null 2>> test_log # let "num = num + 1" >/dev/null Index: trunk/test/testrun_1.sh =================================================================== --- trunk/test/testrun_1.sh (revision 67) +++ trunk/test/testrun_1.sh (revision 68) @@ -41,5 +41,5 @@ testrun1_setup=0 -MAXTEST=11; export MAXTEST +MAXTEST=13; export MAXTEST test_dirs () { @@ -70,10 +70,10 @@ # combine file check schedule with one-shot mode # -TESTPOLICY_11=" +TESTPOLICY_13=" [ReadOnly] dir=99${BASE} " -mod_testdata_11 () { +mod_testdata_13 () { one_sec_sleep echo "foobar" >"${BASE}/c/x"; # bad @@ -87,5 +87,5 @@ } -chk_testdata_11 () { +chk_testdata_13 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; tmp=`grep CRIT $LOGFILE | wc -l` @@ -110,5 +110,5 @@ } -TESTPOLICY_10=" +TESTPOLICY_12=" [ReadOnly] dir=99${BASE} @@ -119,5 +119,5 @@ " -mod_testdata_10 () { +mod_testdata_12 () { one_sec_sleep echo "foobar" >"${BASE}/b/x"; # ok @@ -129,4 +129,96 @@ } +chk_testdata_12 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 3 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; + return 1 + fi + CDIRS="a a/a a/b a/c c"; + NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + +# +# --- ACL/SELinux test case +# +TESTPOLICY_11=" +[ReadOnly] +dir=99${BASE} +[IgnoreAll] +dir=-1${BASE}/b +[Attributes] +dir=1${BASE}/a +[Misc] +UseSelinuxCheck = no +UseAclCheck = no +" + +mod_testdata_11 () { + one_sec_sleep + setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) + setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad + setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad +} + +chk_testdata_11 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + CDIRS="a a/a a/b a/c c"; + NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + +TESTPOLICY_10=" +[ReadOnly] +dir=99${BASE} +[IgnoreAll] +dir=-1${BASE}/b +[Attributes] +dir=1${BASE}/a +" + +mod_testdata_10 () { + one_sec_sleep + setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) + setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad + setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad +} + chk_testdata_10 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; @@ -136,12 +228,12 @@ return 1 fi - egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; return 1 fi - egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 - if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; return 1 fi @@ -825,8 +917,10 @@ run_check () { - ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind - + ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "mv logfile..."; @@ -927,5 +1021,5 @@ { if [ $1 -ne 0 ]; then - [ -z "$quiet" ] && log_fail ${2} ${MAXTEST}; + log_fail ${2} ${MAXTEST}; return 1 fi @@ -1012,5 +1106,17 @@ [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; fi + # let "tcount = tcount + 1" >/dev/null + # + if [ -z "$doall" -a $tcount -eq 10 ]; then + log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)' + let "tcount = tcount + 1" >/dev/null + fi + # + if [ -z "$doall" -a $tcount -eq 11 ]; then + log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)' + let "tcount = tcount + 1" >/dev/null + fi + # POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` done