From: Stephan Mueller <stephan.mueller@at...> - 2013-09-04 18:30:58
Am Mittwoch, 4. September 2013, 09:59:00 schrieb Steve Grubb:
Hi Steve, Jiri,
(I just registered on the ML)
>I would like to ask whether the following change doesn't break any
>requirements that were originally imposed upon the tests. The full
>story behind the change can be found on an audit-test sourceforge
>In short - it turns out that the two RST tests are implemented
>in a possibly unnecessarily complex way, one of them using very
>weird and likely unintentional logic to test the scenario.
>If the only thing that needs to be tested is the ability to log
>(via netfilter LOG target into /var/log/messages and via audit
>into audit log) TCP RST packets, the current test cases are overly
>complex with high potential of breaking in the future due to
>involvement of many variables.
>My patch (posted above) simplifies the cases by simply trying to
>connect to a known closed (unused) port, which generates TCP RST as a
>To be more specific here, the current "implementation" currently blocks
>other optimization-related changes, which save nearly an hour during
>execution of the suite, which is a significant help not only for RHEL7
>development of the suite, but also for RHEL6 CC retention testing.
>Applying the referenced patch would "unblock" those changes.
>With the patch applied, the related tests PASS, the RST packet
>is successfully logged into /var/log/messages and into the audit log,
>without changing original grep or augrok commands.
After looking into the tests, I fully concur with Jiri that the test is
strange. Yet, the goal is the validation that RSTs are logged in the
audit trail. The syslog is an addition that we would not really care
Hence, please apply the patch.
atsec information security GmbH, Steinstraße 70, 81667 München, Germany
P: +49 89 442 49 830 - F: +49 89 442 49 831
M: +49 172 216 55 78 - HRB: 129439 (Amtsgericht München)
GF: Salvatore la Pietra, Staffan Persson
atsec it security news blog - atsec-information-security.blogspot.com
Please join us at the International Cryptographic Module Conference