From: <mva...@re...> - 2012-08-07 14:16:15
|
From: Miroslav Vadkerti <mva...@re...> This patch fixes issue on machines where tty1 is not available. The securetty test now detects usable TTY via ps. Signed-off-by: Miroslav Vadkerti <mva...@re...> --- audit/misc/tests/test_securetty.bash | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-) diff --git a/audit/misc/tests/test_securetty.bash b/audit/misc/tests/test_securetty.bash index 3c4024d..e8527fd 100755 --- a/audit/misc/tests/test_securetty.bash +++ b/audit/misc/tests/test_securetty.bash @@ -65,22 +65,25 @@ testlogin() { # 1. Verify user can not log in if tty is not in /etc/securetty. ( - # Add tty1 to /etc/securetty - grep -q "^tty1$" /etc/securetty || echo "tty1" >> /etc/securetty + # find a usable tty + TTY=$(ps ax | grep -o tty[0-9] | head -1) + + # Add $TTY to /etc/securetty + grep -q "^$TTY$" /etc/securetty || echo "$TTY" >> /etc/securetty # Verify that root login succeeds - testlogin /dev/tty1 root $PASSWD + testlogin /dev/$TTY root $PASSWD if [ "$?" -ne "0" ]; then echo "ERROR - login attempt failed when it should have succeeded." exit_fail fi - # Remove tty1 from /etc/securetty - grep -v "^tty1$" /etc/securetty > /etc/securetty.new + # Remove $TTY from /etc/securetty + grep -v "^$TTY$" /etc/securetty > /etc/securetty.new mv -f /etc/securetty.new /etc/securetty # Verify that root login fails - testlogin /dev/tty1 root $PASSWD + testlogin /dev/$TTY root $PASSWD if [ "$?" -eq "0" ]; then echo "ERROR - login attempt succeeded when it should have failed." exit_fail -- 1.7.6.5 |
From: <mva...@re...> - 2012-08-07 14:30:36
|
From: Miroslav Vadkerti <mva...@re...> This patch fixes issue on machines where tty1 is not available. The securetty test now detects usable TTY via ps. Signed-off-by: Miroslav Vadkerti <mva...@re...> --- audit/misc/tests/test_securetty.bash | 18 ++++++++++++------ 1 files changed, 12 insertions(+), 6 deletions(-) diff --git a/audit/misc/tests/test_securetty.bash b/audit/misc/tests/test_securetty.bash index 3c4024d..6a4c433 100755 --- a/audit/misc/tests/test_securetty.bash +++ b/audit/misc/tests/test_securetty.bash @@ -65,22 +65,28 @@ testlogin() { # 1. Verify user can not log in if tty is not in /etc/securetty. ( - # Add tty1 to /etc/securetty - grep -q "^tty1$" /etc/securetty || echo "tty1" >> /etc/securetty + # find a usable tty + TTY=$(ps ax | grep tty[0-9].*getty | grep -o tty[0-9] | head -1) + if [ "$TTY" = "" ]; then + exit_error "No suitable TTY found for test" + fi + + # Add $TTY to /etc/securetty + grep -q "^$TTY$" /etc/securetty || echo "$TTY" >> /etc/securetty # Verify that root login succeeds - testlogin /dev/tty1 root $PASSWD + testlogin /dev/$TTY root $PASSWD if [ "$?" -ne "0" ]; then echo "ERROR - login attempt failed when it should have succeeded." exit_fail fi - # Remove tty1 from /etc/securetty - grep -v "^tty1$" /etc/securetty > /etc/securetty.new + # Remove $TTY from /etc/securetty + grep -v "^$TTY$" /etc/securetty > /etc/securetty.new mv -f /etc/securetty.new /etc/securetty # Verify that root login fails - testlogin /dev/tty1 root $PASSWD + testlogin /dev/$TTY root $PASSWD if [ "$?" -eq "0" ]; then echo "ERROR - login attempt succeeded when it should have failed." exit_fail -- 1.7.6.5 |
From: Ondrej M. <om...@re...> - 2012-08-07 14:39:18
|
Thanks for this patch, it looks flawlessly, could you push it upstream? -- Ondrej On 08/07/2012 04:30 PM, mva...@re... wrote: > From: Miroslav Vadkerti <mva...@re...> > > This patch fixes issue on machines where tty1 is not > available. The securetty test now detects usable TTY > via ps. > > Signed-off-by: Miroslav Vadkerti <mva...@re...> > --- > audit/misc/tests/test_securetty.bash | 18 ++++++++++++------ > 1 files changed, 12 insertions(+), 6 deletions(-) > > diff --git a/audit/misc/tests/test_securetty.bash b/audit/misc/tests/test_securetty.bash > index 3c4024d..6a4c433 100755 > --- a/audit/misc/tests/test_securetty.bash > +++ b/audit/misc/tests/test_securetty.bash > @@ -65,22 +65,28 @@ testlogin() { > # 1. Verify user can not log in if tty is not in /etc/securetty. > > ( > - # Add tty1 to /etc/securetty > - grep -q "^tty1$" /etc/securetty || echo "tty1" >> /etc/securetty > + # find a usable tty > + TTY=$(ps ax | grep tty[0-9].*getty | grep -o tty[0-9] | head -1) > + if [ "$TTY" = "" ]; then > + exit_error "No suitable TTY found for test" > + fi > + > + # Add $TTY to /etc/securetty > + grep -q "^$TTY$" /etc/securetty || echo "$TTY" >> /etc/securetty > > # Verify that root login succeeds > - testlogin /dev/tty1 root $PASSWD > + testlogin /dev/$TTY root $PASSWD > if [ "$?" -ne "0" ]; then > echo "ERROR - login attempt failed when it should have succeeded." > exit_fail > fi > > - # Remove tty1 from /etc/securetty > - grep -v "^tty1$" /etc/securetty > /etc/securetty.new > + # Remove $TTY from /etc/securetty > + grep -v "^$TTY$" /etc/securetty > /etc/securetty.new > mv -f /etc/securetty.new /etc/securetty > > # Verify that root login fails > - testlogin /dev/tty1 root $PASSWD > + testlogin /dev/$TTY root $PASSWD > if [ "$?" -eq "0" ]; then > echo "ERROR - login attempt succeeded when it should have failed." > exit_fail |
From: Miroslav V. <mva...@re...> - 2012-08-07 14:41:16
|
Thanks Ondrej for the review. It is now upstream. ----- Original Message ----- > Thanks for this patch, it looks flawlessly, could you push it > upstream? > > -- > Ondrej > > On 08/07/2012 04:30 PM, mva...@re... wrote: > > From: Miroslav Vadkerti <mva...@re...> > > > > This patch fixes issue on machines where tty1 is not > > available. The securetty test now detects usable TTY > > via ps. > > > > Signed-off-by: Miroslav Vadkerti <mva...@re...> > > --- > > audit/misc/tests/test_securetty.bash | 18 ++++++++++++------ > > 1 files changed, 12 insertions(+), 6 deletions(-) > > > > diff --git a/audit/misc/tests/test_securetty.bash > > b/audit/misc/tests/test_securetty.bash > > index 3c4024d..6a4c433 100755 > > --- a/audit/misc/tests/test_securetty.bash > > +++ b/audit/misc/tests/test_securetty.bash > > @@ -65,22 +65,28 @@ testlogin() { > > # 1. Verify user can not log in if tty is not in > > /etc/securetty. > > > > ( > > - # Add tty1 to /etc/securetty > > - grep -q "^tty1$" /etc/securetty || echo "tty1" >> /etc/securetty > > + # find a usable tty > > + TTY=$(ps ax | grep tty[0-9].*getty | grep -o tty[0-9] | head -1) > > + if [ "$TTY" = "" ]; then > > + exit_error "No suitable TTY found for test" > > + fi > > + > > + # Add $TTY to /etc/securetty > > + grep -q "^$TTY$" /etc/securetty || echo "$TTY" >> /etc/securetty > > > > # Verify that root login succeeds > > - testlogin /dev/tty1 root $PASSWD > > + testlogin /dev/$TTY root $PASSWD > > if [ "$?" -ne "0" ]; then > > echo "ERROR - login attempt failed when it should have > > succeeded." > > exit_fail > > fi > > > > - # Remove tty1 from /etc/securetty > > - grep -v "^tty1$" /etc/securetty > /etc/securetty.new > > + # Remove $TTY from /etc/securetty > > + grep -v "^$TTY$" /etc/securetty > /etc/securetty.new > > mv -f /etc/securetty.new /etc/securetty > > > > # Verify that root login fails > > - testlogin /dev/tty1 root $PASSWD > > + testlogin /dev/$TTY root $PASSWD > > if [ "$?" -eq "0" ]; then > > echo "ERROR - login attempt succeeded when it should have > > failed." > > exit_fail > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer > -- Miroslav Vadkerti :: Quality Assurance Engineer / RHCE :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 775 039 842 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic |
From: Miroslav V. <mva...@re...> - 2012-08-07 14:31:02
|
I made another small enhancement to this patch. PLease ignore this one ----- Original Message ----- > From: Miroslav Vadkerti <mva...@re...> > > This patch fixes issue on machines where tty1 is not > available. The securetty test now detects usable TTY > via ps. > > Signed-off-by: Miroslav Vadkerti <mva...@re...> > --- > audit/misc/tests/test_securetty.bash | 15 +++++++++------ > 1 files changed, 9 insertions(+), 6 deletions(-) > > diff --git a/audit/misc/tests/test_securetty.bash > b/audit/misc/tests/test_securetty.bash > index 3c4024d..e8527fd 100755 > --- a/audit/misc/tests/test_securetty.bash > +++ b/audit/misc/tests/test_securetty.bash > @@ -65,22 +65,25 @@ testlogin() { > # 1. Verify user can not log in if tty is not in > /etc/securetty. > > ( > - # Add tty1 to /etc/securetty > - grep -q "^tty1$" /etc/securetty || echo "tty1" >> /etc/securetty > + # find a usable tty > + TTY=$(ps ax | grep -o tty[0-9] | head -1) > + > + # Add $TTY to /etc/securetty > + grep -q "^$TTY$" /etc/securetty || echo "$TTY" >> /etc/securetty > > # Verify that root login succeeds > - testlogin /dev/tty1 root $PASSWD > + testlogin /dev/$TTY root $PASSWD > if [ "$?" -ne "0" ]; then > echo "ERROR - login attempt failed when it should have succeeded." > exit_fail > fi > > - # Remove tty1 from /etc/securetty > - grep -v "^tty1$" /etc/securetty > /etc/securetty.new > + # Remove $TTY from /etc/securetty > + grep -v "^$TTY$" /etc/securetty > /etc/securetty.new > mv -f /etc/securetty.new /etc/securetty > > # Verify that root login fails > - testlogin /dev/tty1 root $PASSWD > + testlogin /dev/$TTY root $PASSWD > if [ "$?" -eq "0" ]; then > echo "ERROR - login attempt succeeded when it should have failed." > exit_fail > -- > 1.7.6.5 > > -- Miroslav Vadkerti :: Quality Assurance Engineer / RHCE :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 775 039 842 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic |