From: James C. <cz...@li...> - 2011-02-28 16:58:20
|
On 2/25/2011 5:31 PM, Paul Moore wrote: > On Thursday, February 24, 2011 6:58:09 PM James Czyzak wrote: >> This patch file is for the files in audit-test/trustedprograms/tests >> that changed due to different content in the audit log messages. I >> believe there will be couple more coming for some a couple filter test >> cases where the audit log message is different. > These changes all look reasonable to me. Jim, can you add your sign-off as > described in the submission guidelines? You don't need to resend the patch, > just add it in a reply. signed off by James Czyzak <cz...@li...> <mailto:cz...@li...>_ _ >> diff -uprN trustedprograms/tests/test_gpasswd_perms.bash >> ../../current/audit-test/trustedprograms/tests/test_gpasswd_perms.bash >> --- trustedprograms/tests/test_gpasswd_perms.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ >> ../../current/audit-test/trustedprograms/tests/test_gpasswd_perms.bash >> 2010-07-29 09:55:03.000000000 -0700 >> @@ -38,7 +38,7 @@ su $TEST_USER -c " >> pid=$(<$tmp1) >> >> for msg_1 in \ >> - "op=modify group acct=$group exe=./usr/bin/gpasswd.*res=failed.*" >> + "op=modify group acct=\"$group\" exe=\"/usr/bin/gpasswd.*res=failed" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> diff -uprN trustedprograms/tests/test_gpasswd_remove.bash >> ../../current/audit-test/trustedprograms/tests/test_gpasswd_remove.bash >> --- trustedprograms/tests/test_gpasswd_remove.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ >> ../../current/audit-test/trustedprograms/tests/test_gpasswd_remove.bash >> 2010-07-29 10:48:05.000000000 -0700 >> @@ -27,7 +27,7 @@ groupadd -g $gid $group || exit_error "g >> setpid gpasswd -r $group || exit_error "gpasswd failed" >> >> for msg_1 in \ >> - "op=deleting group password acct=$group >> exe=./usr/bin/gpasswd.*res=success.*" >> + "op=deleting group password acct=\"$group\" >> exe=\"/usr/bin/gpasswd.*res=success" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> diff -uprN trustedprograms/tests/test_groupadd.bash >> ../../current/audit-test/trustedprograms/tests/test_groupadd.bash >> --- trustedprograms/tests/test_groupadd.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_groupadd.bash >> 2010-07-29 10:57:05.000000000 -0700 >> @@ -27,7 +27,7 @@ if ! augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> uid=$EUID \ >> auid=$(</proc/self/loginuid) \ >> - msg_1=~"op=adding group acct=$group >> exe=./usr/sbin/groupadd.*res=success.*"; then >> + msg_1=~"op=adding group id=$gid >> exe=./usr/sbin/groupadd.*res=success.*"; then >> exit_fail "failed to find audit.log entry" >> fi >> >> diff -uprN trustedprograms/tests/test_groupdel.bash >> ../../current/audit-test/trustedprograms/tests/test_groupdel.bash >> --- trustedprograms/tests/test_groupdel.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_groupdel.bash >> 2010-07-29 11:00:38.000000000 -0700 >> @@ -27,7 +27,7 @@ groupadd -g $gid $group || exit_error "g >> setpid groupdel $group || exit_error "groupdel failed" >> >> for msg_1 in \ >> - "op=deleting group acct=$group exe=./usr/sbin/groupdel.*res=success.*" >> + "op=deleting group id=$gid exe=./usr/sbin/groupdel.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> diff -uprN trustedprograms/tests/test_groupmod.bash >> ../../current/audit-test/trustedprograms/tests/test_groupmod.bash >> --- trustedprograms/tests/test_groupmod.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_groupmod.bash >> 2010-07-29 11:03:24.000000000 -0700 >> @@ -28,7 +28,7 @@ read group2 gid2<<<"$(generate_unique_g >> setpid groupmod -g $gid2 $group || exit_error "groupmod failed" >> >> for msg_1 in \ >> - "op=modifing group acct=$group exe=./usr/sbin/groupmod.*res=success.*" >> + "op=modifing group id=$gid exe=./usr/sbin/groupmod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> diff -uprN trustedprograms/tests/test_useradd.bash >> ../../current/audit-test/trustedprograms/tests/test_useradd.bash >> --- trustedprograms/tests/test_useradd.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_useradd.bash >> 2010-07-29 11:16:36.000000000 -0700 >> @@ -26,10 +26,10 @@ setpid useradd -n -m -G games -u $uid -d >> >> || exit_error "useradd failed" >> >> for msg_1 in \ >> - "op=adding user acct=$user exe=./usr/sbin/useradd.*res=success.*" \ >> - "op=adding user to group acct=$user >> exe=./usr/sbin/useradd.*res=success.*" \ >> - "op=adding user to shadow group acct=$user >> exe=./usr/sbin/useradd.*res=success.*" \ >> - "op=adding home directory acct=$user >> exe=./usr/sbin/useradd.*res=success.*" >> + "op=adding user id=$uid exe=./usr/sbin/useradd.*res=success.*" \ >> + "op=adding user to group acct=\"$user\" >> exe=./usr/sbin/useradd.*res=success.*" \ >> + "op=adding user to shadow group acct=\"$user\" >> exe=./usr/sbin/useradd.*res=success.*" \ >> + "op=adding home directory id=$uid >> exe=./usr/sbin/useradd.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> diff -uprN trustedprograms/tests/test_userdel.bash >> ../../current/audit-test/trustedprograms/tests/test_userdel.bash >> --- trustedprograms/tests/test_userdel.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_userdel.bash >> 2010-07-29 11:21:06.000000000 -0700 >> @@ -28,9 +28,9 @@ useradd -n -m -u $uid $user || exit_erro >> setpid userdel -r $user || exit_error "userdel failed" >> >> for msg_1 in \ >> - "op=deleting user entries acct=$user >> exe=./usr/sbin/userdel.*res=success.*" \ >> - "op=deleting mail file acct=$user >> exe=./usr/sbin/userdel.*res=success.*" \ >> - "op=deleting home directory acct=$user >> exe=./usr/sbin/userdel.*res=success.*" >> + "op=deleting user entries id=$uid >> exe=./usr/sbin/userdel.*res=success.*" \ >> + "op=deleting mail file id=$uid exe=./usr/sbin/userdel.*res=success.*" >> \ + "op=deleting home directory id=$uid >> exe=./usr/sbin/userdel.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_c.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_c.bash >> --- trustedprograms/tests/test_usermod_c.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_c.bash >> 2010-07-29 11:40:45.000000000 -0700 >> @@ -27,7 +27,7 @@ useradd -n -u $uid $user || exit_error " >> setpid usermod -c "luser luser" $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing comment acct=$user exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing comment id=$uid exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_d.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_d.bash >> --- trustedprograms/tests/test_usermod_d.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_d.bash >> 2011-01-25 09:36:27.000000000 -0800 >> @@ -28,8 +28,8 @@ read user2 uid2<<<"$(generate_unique_us >> setpid usermod -d /home/$user2 -m $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing home directory acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=moving home directory acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing home directory id=$uid >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=moving home directory id=$uid >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_e.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_e.bash >> --- trustedprograms/tests/test_usermod_e.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_e.bash >> 2010-07-29 11:43:42.000000000 -0700 >> @@ -27,7 +27,7 @@ useradd -n -u $uid $user || exit_error " >> setpid usermod -e 20 $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing expiration date acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing expiration date id=$uid >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_f.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_f.bash >> --- trustedprograms/tests/test_usermod_f.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_f.bash >> 2010-07-29 11:46:13.000000000 -0700 >> @@ -27,7 +27,7 @@ useradd -n -u $uid $user || exit_error " >> setpid usermod -f 10 $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing inactive days acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing inactive days id=$uid >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_G_add.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_G_add.bash >> --- trustedprograms/tests/test_usermod_G_add.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ >> ../../current/audit-test/trustedprograms/tests/test_usermod_G_add.bash >> 2010-07-29 11:50:04.000000000 -0700 >> @@ -27,8 +27,8 @@ useradd -n -G users -u $uid $user || exi >> setpid usermod -G users,games $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=adding user to group acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=adding user to shadow group acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=adding user to group acct=\"$user\" >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=adding user to shadow group acct=\"$user\" >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_g.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_g.bash >> --- trustedprograms/tests/test_usermod_g.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_g.bash >> 2010-07-29 12:00:16.000000000 -0700 >> @@ -31,7 +31,7 @@ prepend_cleanup "grep -q '^$group2:' /et >> setpid usermod -g $gid2 $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing primary group acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing primary group id=$uid >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_G_remove.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_G_remove.bash >> --- trustedprograms/tests/test_usermod_G_remove.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ >> ../../current/audit-test/trustedprograms/tests/test_usermod_G_remove.bash >> 2010-07-29 11:56:17.000000000 -0700 >> @@ -27,8 +27,8 @@ useradd -n -G users,games -u $uid $user >> setpid usermod -G users $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=removing group member acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=removing user from shadow group acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=removing group member acct=\"$user\" >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=removing user from shadow group acct=\"$user\" >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_l.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_l.bash >> --- trustedprograms/tests/test_usermod_l.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_l.bash >> 2010-07-29 12:05:19.000000000 -0700 >> @@ -31,10 +31,10 @@ setpid usermod -l $user2 $user || exit_e >> # these messages are very inconsistent, sometimes reporting the new user, >> # sometimes reporting the old. >> for msg_1 in \ >> - "op=changing name acct=$user2 exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=changing group member acct=$user2 >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=changing member in shadow group acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=changing mail file name acct=$user2 >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing name id=$uid exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=changing group member acct=\"$user2\" >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=changing member in shadow group acct=\"$user\" >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=changing mail file name id=$uid >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_p.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_p.bash >> --- trustedprograms/tests/test_usermod_p.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_p.bash >> 2010-07-29 12:07:59.000000000 -0700 >> @@ -28,7 +28,7 @@ password=$(perl -le 'print crypt "drowss >> setpid usermod -p "$password" $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing password acct=$user >> exe=./usr/sbin/usermod.*res=success.*" + "op=changing password id=$uid >> exe=./usr/sbin/usermod.*res=success.*" do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_s.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_s.bash >> --- trustedprograms/tests/test_usermod_s.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_s.bash >> 2010-07-29 12:10:32.000000000 -0700 >> @@ -27,7 +27,7 @@ useradd -n -u $uid $user || exit_error " >> setpid usermod -s /bin/true $user || exit_error "usermod failed" >> >> for msg_1 in \ >> - "op=changing user shell acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing user shell id=$uid exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> >> >> diff -uprN trustedprograms/tests/test_usermod_u.bash >> ../../current/audit-test/trustedprograms/tests/test_usermod_u.bash >> --- trustedprograms/tests/test_usermod_u.bash 2008-03-12 >> 07:20:35.000000000 -0700 >> +++ ../../current/audit-test/trustedprograms/tests/test_usermod_u.bash >> 2010-07-29 12:14:16.000000000 -0700 >> @@ -31,11 +31,11 @@ read user2 uid2<<<"$(generate_unique_us >> setpid usermod -d /home/$user2 -m -u $uid2 $user || exit_error >> "usermod failed" >> >> for msg_1 in \ >> - "op=changing uid acct=$user exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=changing home directory acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=moving home directory acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=changing home directory owner acct=$user >> exe=./usr/sbin/usermod.*res=success.*" \ >> - "op=changing mail file owner acct=$user >> exe=./usr/sbin/usermod.*res=success.*" >> + "op=changing uid id=$uid2 exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=changing home directory id=$uid2 >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=moving home directory id=$uid2 >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=changing home directory owner id=$uid2 >> exe=./usr/sbin/usermod.*res=success.*" \ >> + "op=changing mail file owner id=$uid2 >> exe=./usr/sbin/usermod.*res=success.*" >> do >> augrok -q type=USER_CHAUTHTOK \ >> user_pid=$pid \ >> >> >> Jim >> >> >> --------------------------------------------------------------------------- >> --- Free Software Download: Index, Search& Analyze Logs and other IT data >> in Real-Time with Splunk. Collect, index and harness all the fast moving >> IT data generated by your applications, servers and devices whether >> physical, virtual or in the cloud. Deliver compliance at lower cost and >> gain new business insights. http://p.sf.net/sfu/splunk-dev2dev >> _______________________________________________ >> Audit-test-developer mailing list >> Aud...@li... >> https://lists.sourceforge.net/lists/listinfo/audit-test-developer > > -- > paul moore > linux @ hp |