You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(8) |
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
(8) |
Feb
(23) |
Mar
(11) |
Apr
(8) |
May
(2) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
(23) |
Mar
(140) |
Apr
(35) |
May
(49) |
Jun
(176) |
Jul
(73) |
Aug
(50) |
Sep
(78) |
Oct
(102) |
Nov
(150) |
Dec
(94) |
2012 |
Jan
(120) |
Feb
(77) |
Mar
(29) |
Apr
(4) |
May
(19) |
Jun
|
Jul
(19) |
Aug
(9) |
Sep
|
Oct
(6) |
Nov
(3) |
Dec
|
2013 |
Jan
(4) |
Feb
(28) |
Mar
(5) |
Apr
(69) |
May
(34) |
Jun
(11) |
Jul
(13) |
Aug
(55) |
Sep
(5) |
Oct
(31) |
Nov
|
Dec
(25) |
2014 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(53) |
Aug
(17) |
Sep
(50) |
Oct
(15) |
Nov
|
Dec
|
2015 |
Jan
|
Feb
|
Mar
(3) |
Apr
(9) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2018 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(8) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Paul M. <pa...@pa...> - 2018-05-18 15:18:44
|
On Thu, May 17, 2018 at 5:44 AM, Jiri Jaburek <jja...@re...> wrote: > I unfortunately don't think I have the time needed to do upstream work > for the project. I also don't think it's really worth putting the effort > in - these days, you have things like > > https://github.com/SELinuxProject/selinux-testsuite > https://github.com/linux-audit > > in addition to LTP and other projects. On Fri, May 18, 2018 at 5:43 AM, Cyril Hrubis <ch...@su...> wrote: > Given that there are upstream repositories for audit and selinux it > would probably makes sense to reuse these for the certification purposes > in the long term. Granted my CC evaluation experience is quite old at this point, but I don't believe the current selinux-testsuite and audit-testsuite are sufficient, or even close to being sufficient, for CC evaluation. While I think both of those test suites could benefit from addition tests, the audit-testsuite is especially lacking, I believe that adding the tests necessary for CC certification is out-of-scope for those test suites. There is a reason why I started maintaining those test suites again and didn't attempt to use the audit-test suite. Regardless, it looks like the larger problem is a lack of resources needed to maintain the audit-test test suite. That's unfortunate, but I don't see any way to change that. -- paul moore www.paul-moore.com |
From: Cyril H. <ch...@su...> - 2018-05-18 09:46:36
|
Hi! > >> It seems a shame that we can't combine efforts to maintain a common > >> repository. Personally I think moving away from a common repository, > >> even if it is one with distro-specific branches, is a big step > >> backwards. > >> > >> What would it take to get folks to start contributing again? Is it as > >> simple as moving to GH? > > > > I guess that it's too late for past releases, I doubt that anybody would > > allocate resources for merging SLE12 related changes to upstream at this > > point. > > What if we simply created a SLE12 specific branch in the upstream repo? I would have to confirm if it's okay to release the patches and locate the git repository but I suppose that this would be doable at least. > I admit that it is unlikely anyone will spend a significant portion of > time towards merging the entire set of changes, but there is always > the possibility that there could be some smaller changes which are > easy to merge and generally applicable. If nothing else it > consolidates everything in one place which I think would be beneficial > for everyone. The biggest problem would be locating these in the pile of, quite often unclean, patches. > > For the record we tried to upstream at least some of the changes but we > > have given up because there was no real upstream. What we need is a > > someone who reviews and applies patches and maybe then we can get most > > of the fixes upstream when we start working on next certification. > > Ask not what you upstream can do for you, ask what you can do for upstream. ;) > > Would you be willing to work with Jiri to help reinvigorate the > upstream effort? At the very least, what about distro/release > specific branches? Jiri, what do you think? To be completely honest here, I do have enough on my plate with maintaing LTP upstream. Hence unfortunately I do not have any resources for doing patch review for another upstream project. > I'm trying to avoid the situation we had in the early days of the > Linux CC effort where test development was done in private and there > was a *lot* of duplicated effort. Given that there are upstream repositories for audit and selinux it would probably makes sense to reuse these for the certification purposes in the long term. -- Cyril Hrubis ch...@su... |
From: Jiri J. <jja...@re...> - 2018-05-17 09:44:13
|
On 05/16/18 23:48, Paul Moore wrote: > On Tue, May 15, 2018 at 8:46 AM, Cyril Hrubis <ch...@su...> wrote: >> Hi! >>> It seems a shame that we can't combine efforts to maintain a common >>> repository. Personally I think moving away from a common repository, >>> even if it is one with distro-specific branches, is a big step >>> backwards. >>> >>> What would it take to get folks to start contributing again? Is it as >>> simple as moving to GH? >> >> I guess that it's too late for past releases, I doubt that anybody would >> allocate resources for merging SLE12 related changes to upstream at this >> point. > > What if we simply created a SLE12 specific branch in the upstream repo? > > I admit that it is unlikely anyone will spend a significant portion of > time towards merging the entire set of changes, but there is always > the possibility that there could be some smaller changes which are > easy to merge and generally applicable. If nothing else it > consolidates everything in one place which I think would be beneficial > for everyone. > >> For the record we tried to upstream at least some of the changes but we >> have given up because there was no real upstream. What we need is a >> someone who reviews and applies patches and maybe then we can get most >> of the fixes upstream when we start working on next certification. > > Ask not what you upstream can do for you, ask what you can do for upstream. ;) > > Would you be willing to work with Jiri to help reinvigorate the > upstream effort? At the very least, what about distro/release > specific branches? Jiri, what do you think? I unfortunately don't think I have the time needed to do upstream work for the project. I also don't think it's really worth putting the effort in - these days, you have things like https://github.com/SELinuxProject/selinux-testsuite https://github.com/linux-audit in addition to LTP and other projects. Keeping a project that exist as a blend of everything for the only and sole purpose of doing EAL4 alive as upstream is IMHO not realistic. Anyone who would like to help the overall Linux testing effort in general will likely contribute to LTP instead. That being said, the pushed RHEL-7.1 changes are only a very small portion of the work I've done on the suite and I have about 260 commits "sidestepping" it for generic Fedora testing. In that branch, I rewrote the entire network-server logic using a modular TCP server with proper locking logic everywhere in the suite, re-did the syscall relevancy logic and generally updated the whole suite to be more relevant to bleeding-edge distros. I'll see if I can get that published somewhere (here or on my github account), for posterity and code copy/pasting if nothing else. Jiri > > I'm trying to avoid the situation we had in the early days of the > Linux CC effort where test development was done in private and there > was a *lot* of duplicated effort. > |
From: Paul M. <pa...@pa...> - 2018-05-16 21:56:20
|
On Tue, May 15, 2018 at 8:46 AM, Cyril Hrubis <ch...@su...> wrote: > Hi! >> It seems a shame that we can't combine efforts to maintain a common >> repository. Personally I think moving away from a common repository, >> even if it is one with distro-specific branches, is a big step >> backwards. >> >> What would it take to get folks to start contributing again? Is it as >> simple as moving to GH? > > I guess that it's too late for past releases, I doubt that anybody would > allocate resources for merging SLE12 related changes to upstream at this > point. What if we simply created a SLE12 specific branch in the upstream repo? I admit that it is unlikely anyone will spend a significant portion of time towards merging the entire set of changes, but there is always the possibility that there could be some smaller changes which are easy to merge and generally applicable. If nothing else it consolidates everything in one place which I think would be beneficial for everyone. > For the record we tried to upstream at least some of the changes but we > have given up because there was no real upstream. What we need is a > someone who reviews and applies patches and maybe then we can get most > of the fixes upstream when we start working on next certification. Ask not what you upstream can do for you, ask what you can do for upstream. ;) Would you be willing to work with Jiri to help reinvigorate the upstream effort? At the very least, what about distro/release specific branches? Jiri, what do you think? I'm trying to avoid the situation we had in the early days of the Linux CC effort where test development was done in private and there was a *lot* of duplicated effort. -- paul moore www.paul-moore.com |
From: Cyril H. <ch...@su...> - 2018-05-15 12:49:19
|
Hi! > It seems a shame that we can't combine efforts to maintain a common > repository. Personally I think moving away from a common repository, > even if it is one with distro-specific branches, is a big step > backwards. > > What would it take to get folks to start contributing again? Is it as > simple as moving to GH? I guess that it's too late for past releases, I doubt that anybody would allocate resources for merging SLE12 related changes to upstream at this point. For the record we tried to upstream at least some of the changes but we have given up because there was no real upstream. What we need is a someone who reviews and applies patches and maybe then we can get most of the fixes upstream when we start working on next certification. -- Cyril Hrubis ch...@su... |
From: Paul M. <pa...@pa...> - 2018-05-03 20:47:20
|
On Wed, May 2, 2018 at 10:31 AM, Cyril Hrubis <ch...@su...> wrote: > Hi! >> I'm not sure if anybody is still watching this as this project (at least >> this upstream) seems dead these days, possibly due to the nature of the >> project. >> >> Anyway, I've just pushed the audit-test suite version shipped with >> RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch. >> Maybe it'll be useful to somebody. >> >> Our plans were to move this project over to Github, but I'm not sure >> it's worth it - it might be better to just let it die on sourceforge. >> >> I have left the 'master' branch untouched as the rhel7_1 changes >> aren't 100% compatible and we don't have the resources dedicated to >> a full review / comments / maintenance / etc. in case any issues arise. > > For what it's worth we do have a repo with SUSE specific patches here as > well, but given the state of the project we have given up on upstreaming > it and I doubt that this will change anytime soon. It seems a shame that we can't combine efforts to maintain a common repository. Personally I think moving away from a common repository, even if it is one with distro-specific branches, is a big step backwards. What would it take to get folks to start contributing again? Is it as simple as moving to GH? -- paul moore www.paul-moore.com |
From: Cyril H. <ch...@su...> - 2018-05-02 14:33:22
|
Hi! > I'm not sure if anybody is still watching this as this project (at least > this upstream) seems dead these days, possibly due to the nature of the > project. > > Anyway, I've just pushed the audit-test suite version shipped with > RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch. > Maybe it'll be useful to somebody. > > Our plans were to move this project over to Github, but I'm not sure > it's worth it - it might be better to just let it die on sourceforge. > > I have left the 'master' branch untouched as the rhel7_1 changes > aren't 100% compatible and we don't have the resources dedicated to > a full review / comments / maintenance / etc. in case any issues arise. For what it's worth we do have a repo with SUSE specific patches here as well, but given the state of the project we have given up on upstreaming it and I doubt that this will change anytime soon. -- Cyril Hrubis ch...@su... |
From: Paul M. <pa...@pa...> - 2018-05-01 15:30:52
|
On Mon, Apr 30, 2018 at 11:54 AM, Jiri Jaburek <jja...@re...> wrote: > Hello, > I'm not sure if anybody is still watching this as this project (at least > this upstream) seems dead these days, possibly due to the nature of the > project. > > Anyway, I've just pushed the audit-test suite version shipped with > RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch. > Maybe it'll be useful to somebody. > > Our plans were to move this project over to Github, but I'm not sure > it's worth it - it might be better to just let it die on sourceforge. > > I have left the 'master' branch untouched as the rhel7_1 changes > aren't 100% compatible and we don't have the resources dedicated to > a full review / comments / maintenance / etc. in case any issues arise. > > Finally, if you would like to work further on this, please let us know. > > Thanks, > Jiri > > > PS: I have also made rhel5_6_testing into a tag instead of a branch. I guess my question is do you expect to continue using this in the future for CC certification efforts? If the answer is "yes" then I think it might make sense to eventually move the tests to GH, if the answer is "no" then I think simply preserving the tests on SF.net is fine. -- paul moore www.paul-moore.com |
From: Jiri J. <jja...@re...> - 2018-04-30 15:54:53
|
Hello, I'm not sure if anybody is still watching this as this project (at least this upstream) seems dead these days, possibly due to the nature of the project. Anyway, I've just pushed the audit-test suite version shipped with RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch. Maybe it'll be useful to somebody. Our plans were to move this project over to Github, but I'm not sure it's worth it - it might be better to just let it die on sourceforge. I have left the 'master' branch untouched as the rhel7_1 changes aren't 100% compatible and we don't have the resources dedicated to a full review / comments / maintenance / etc. in case any issues arise. Finally, if you would like to work further on this, please let us know. Thanks, Jiri PS: I have also made rhel5_6_testing into a tag instead of a branch. |
From: Cyril H. <ch...@su...> - 2015-05-05 14:29:19
|
The correct path to sshd sysconfig file is /etc/sysconfig/ssh on SUSE. Signed-off-by: Cyril Hrubis <ch...@su...> --- audit-test/utils/tp_ssh_functions.bash | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/audit-test/utils/tp_ssh_functions.bash b/audit-test/utils/tp_ssh_functions.bash index 4b8280d..f4cafd0 100644 --- a/audit-test/utils/tp_ssh_functions.bash +++ b/audit-test/utils/tp_ssh_functions.bash @@ -363,7 +363,11 @@ function ssh_check_audit { function disable_ssh_strong_rng { MPROFILE="/etc/profile" - SSHDCONF="/etc/sysconfig/sshd" + if [ "$DISTRO" = "SUSE" ]; then + SSHDCONF="/etc/sysconfig/ssh" + else + SSHDCONF="/etc/sysconfig/sshd" + fi CCCONF="/etc/profile.d/cc-configuration.sh" # backup global profile and remove sleep -- 2.0.5 -- Cyril Hrubis ch...@su... |
From: Cyril H. <ch...@su...> - 2015-04-23 12:51:10
|
Signed-off-by: Cyril Hrubis <ch...@su...> --- audit-test/utils/run.bash | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index f48b644..badce13 100755 --- a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -240,6 +240,10 @@ function startup { mkdir "$opt_logdir" fi + if passwd --help |grep -q -- --stdin; then + local PASSWD_HAS_STDIN=1 + fi + # Open the logs before running the tests open_log @@ -270,7 +274,13 @@ function startup { groupadd "$TEST_USER" || die dmsg "Adding user $TEST_USER" useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die - echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null + + if [ -n "$PASSWD_HAS_STDIN" ]; then + echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null + else + echo "$TEST_USER:$TEST_USER_PASSWD" | chpasswd + fi + if which faillock >/dev/null 2>&1; then faillock --user "$TEST_USER" --reset fi @@ -287,7 +297,13 @@ function startup { else useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die fi - echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null + + if [ -n "$PASSWD_HAS_STDIN" ]; then + echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null + else + echo "$TEST_ADMIN:$TEST_ADMIN_PASSWD" | chpasswd + fi + if which faillock >/dev/null 2>&1; then faillock --user "$TEST_ADMIN" --reset fi -- 2.0.5 -- Cyril Hrubis ch...@su... |
From: Cyril H. <ch...@su...> - 2015-04-23 12:50:34
|
Fixes commit 6703b3a5fe0809c65c9c03e289c82f93c7070b35 I've messed the order or redirection, when I hand edited the patch, sorry. Signed-off-by: Cyril Hrubis <ch...@su...> --- audit-test/utils/run.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index a1d99ff..f48b644 100755 --- a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -271,7 +271,7 @@ function startup { dmsg "Adding user $TEST_USER" useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null - if which faillock 2>&1 >/dev/null; then + if which faillock >/dev/null 2>&1; then faillock --user "$TEST_USER" --reset fi @@ -288,7 +288,7 @@ function startup { useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die fi echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null - if which faillock 2>&1 >/dev/null; then + if which faillock >/dev/null 2>&1; then faillock --user "$TEST_ADMIN" --reset fi -- 2.0.5 -- Cyril Hrubis ch...@su... |
From: Linda K. <lin...@hp...> - 2015-04-07 16:06:51
|
Cyril, thanks for the patch. It has been applied. -- ljk On 4/2/2015 11:37 AM, Cyril Hrubis wrote: > Fixes harmless error messages caused by: > > commit 744c093b6f538ac608962a752d8776341cc13174 > Author: Jiri Jaburek <jja...@re...> > Date: Mon Dec 10 14:20:04 2012 +0100 > > utils: make sure testuser/testadmin is not faillocked > > Signed-off-by: Cyril Hrubis <ch...@su...> > --- > audit-test/utils/run.bash | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash > index c3a709f..a1d99ff 100755 > --- a/audit-test/utils/run.bash > +++ b/audit-test/utils/run.bash > @@ -271,7 +271,9 @@ function startup { > dmsg "Adding user $TEST_USER" > useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die > echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null > - faillock --user "$TEST_USER" --reset > + if which faillock 2>&1 >/dev/null; then > + faillock --user "$TEST_USER" --reset > + fi > > # Add the test user which is in sysadm_r > killall -9 -u "$TEST_ADMIN" &>/dev/null > @@ -286,7 +288,9 @@ function startup { > useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die > fi > echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null > - faillock --user "$TEST_ADMIN" --reset > + if which faillock 2>&1 >/dev/null; then > + faillock --user "$TEST_ADMIN" --reset > + fi > > startup_hook > } > |
From: Jiri J. <jja...@re...> - 2015-04-07 12:39:49
|
On 04/06/2015 06:37 PM, Linda Knippers wrote: > This looks ok to me. Miroslav, Jiri, any concern? Seems fine to me. > > -- ljk > > On 4/2/2015 11:37 AM, Cyril Hrubis wrote: >> Fixes harmless error messages caused by: >> >> commit 744c093b6f538ac608962a752d8776341cc13174 >> Author: Jiri Jaburek <jja...@re...> >> Date: Mon Dec 10 14:20:04 2012 +0100 >> >> utils: make sure testuser/testadmin is not faillocked >> >> Signed-off-by: Cyril Hrubis <ch...@su...> >> --- >> audit-test/utils/run.bash | 8 ++++++-- >> 1 file changed, 6 insertions(+), 2 deletions(-) >> >> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash >> index c3a709f..a1d99ff 100755 >> --- a/audit-test/utils/run.bash >> +++ b/audit-test/utils/run.bash >> @@ -271,7 +271,9 @@ function startup { >> dmsg "Adding user $TEST_USER" >> useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die >> echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null >> - faillock --user "$TEST_USER" --reset >> + if which faillock 2>&1 >/dev/null; then >> + faillock --user "$TEST_USER" --reset >> + fi >> >> # Add the test user which is in sysadm_r >> killall -9 -u "$TEST_ADMIN" &>/dev/null >> @@ -286,7 +288,9 @@ function startup { >> useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die >> fi >> echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null >> - faillock --user "$TEST_ADMIN" --reset >> + if which faillock 2>&1 >/dev/null; then >> + faillock --user "$TEST_ADMIN" --reset >> + fi >> >> startup_hook >> } >> > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer > |
From: Linda K. <lin...@hp...> - 2015-04-06 16:37:39
|
This looks ok to me. Miroslav, Jiri, any concern? -- ljk On 4/2/2015 11:37 AM, Cyril Hrubis wrote: > Fixes harmless error messages caused by: > > commit 744c093b6f538ac608962a752d8776341cc13174 > Author: Jiri Jaburek <jja...@re...> > Date: Mon Dec 10 14:20:04 2012 +0100 > > utils: make sure testuser/testadmin is not faillocked > > Signed-off-by: Cyril Hrubis <ch...@su...> > --- > audit-test/utils/run.bash | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash > index c3a709f..a1d99ff 100755 > --- a/audit-test/utils/run.bash > +++ b/audit-test/utils/run.bash > @@ -271,7 +271,9 @@ function startup { > dmsg "Adding user $TEST_USER" > useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die > echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null > - faillock --user "$TEST_USER" --reset > + if which faillock 2>&1 >/dev/null; then > + faillock --user "$TEST_USER" --reset > + fi > > # Add the test user which is in sysadm_r > killall -9 -u "$TEST_ADMIN" &>/dev/null > @@ -286,7 +288,9 @@ function startup { > useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die > fi > echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null > - faillock --user "$TEST_ADMIN" --reset > + if which faillock 2>&1 >/dev/null; then > + faillock --user "$TEST_ADMIN" --reset > + fi > > startup_hook > } > |
From: Linda K. <lin...@hp...> - 2015-04-03 19:34:28
|
On 4/2/2015 11:45 AM, Cyril Hrubis wrote: > Hi! > Since SLES12 switched to shadow utils the option --stdin for passwd is > no longer recognized. I've did a bit research and it looks like > > echo "$USER:$PASSWORD" | chpasswd > > is a suitable replacement. Can we replace the the occurences of > passwd --stdin in utils/run.bash with chpasswd or do we need to switch > between passwd --stdin and chpasswd depending on distro/version we run > on? That seems to work with RHEL6.x, which is probably the oldest distro release that the test suite currently supports, so I don't think we'd need to special case it. I assume it works with SLES11 too? -- ljk > |
From: Cyril H. <ch...@su...> - 2015-04-02 15:45:42
|
Hi! Since SLES12 switched to shadow utils the option --stdin for passwd is no longer recognized. I've did a bit research and it looks like echo "$USER:$PASSWORD" | chpasswd is a suitable replacement. Can we replace the the occurences of passwd --stdin in utils/run.bash with chpasswd or do we need to switch between passwd --stdin and chpasswd depending on distro/version we run on? -- Cyril Hrubis ch...@su... |
From: Cyril H. <ch...@su...> - 2015-04-02 15:38:08
|
Fixes harmless error messages caused by: commit 744c093b6f538ac608962a752d8776341cc13174 Author: Jiri Jaburek <jja...@re...> Date: Mon Dec 10 14:20:04 2012 +0100 utils: make sure testuser/testadmin is not faillocked Signed-off-by: Cyril Hrubis <ch...@su...> --- audit-test/utils/run.bash | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index c3a709f..a1d99ff 100755 --- a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -271,7 +271,9 @@ function startup { dmsg "Adding user $TEST_USER" useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null - faillock --user "$TEST_USER" --reset + if which faillock 2>&1 >/dev/null; then + faillock --user "$TEST_USER" --reset + fi # Add the test user which is in sysadm_r killall -9 -u "$TEST_ADMIN" &>/dev/null @@ -286,7 +288,9 @@ function startup { useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die fi echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null - faillock --user "$TEST_ADMIN" --reset + if which faillock 2>&1 >/dev/null; then + faillock --user "$TEST_ADMIN" --reset + fi startup_hook } -- 2.0.5 -- Cyril Hrubis ch...@su... |
From: Cyril H. <me...@uc...> - 2015-04-02 14:34:11
|
Hi! > There will be more places in the suite where you will hit faillock [1]. Would it be possible to > follow up with this patch and fix the remaining stuff also please? I will deal with these once I get to them. I've just starte to work on the testsuite... > Also we prefer sticking to sh compatibility if possible, would you mind replacing command for > which? Will send updated patch soon. BTW for some strange reason mutt mixed up my SUSE email with my personal one. I guess that may have been because the patch was signed with my personal mail by mistake. I will send subsequent patches from my SUSE email account. -- Cyril Hrubis ch...@su... |
From: Jiri J. <jja...@re...> - 2015-03-26 10:12:27
|
On 03/26/2015 10:26 AM, Miroslav Vadkerti wrote: > > There will be more places in the suite where you will hit faillock [1]. Would it be possible to > follow up with this patch and fix the remaining stuff also please? > > Also we prefer sticking to sh compatibility if possible, would you mind replacing command for > which? Also if the syntax of if/fi seems too stretched out, feel free to use ie. which faillock >/dev/null && faillock --user "$TEST_USER" --reset > > [1] $ grep -R faillock . > ./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock at cleanup > ./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_USER" > ./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_ADMIN" > ./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock for $TEST_USER > ./audit-test/crypto/tests/test_ssh_multi.bash:faillock --reset --user $TEST_USER > ./audit-test/libpam/run.conf: + pamfaillock_lock > ./audit-test/libpam/run.conf: + pamfaillock_unlock > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Verify pam_faillock will lock an account > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# make sure faillock is reset for TEST_USER > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset > > /dev/null || exit_error > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:grep -q pam_faillock /etc/pam.d/sshd || grep > -q pam_faillock /etc/pam.d/password-auth || exit_error > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Unlike pam_tally2, faillock doesn't have a > --reset=n option that lets us > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:msg_1="pam_faillock > uid=$tuid.*exe=./usr/sbin/sshd.*res=success.*" > ./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset > > /dev/null || exit_error > ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Verify pam_faillock will unlock an account > ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:grep -q pam_faillock /etc/pam.d/sshd || > grep -q pam_faillock /etc/pam.d/password-auth || exit_error > ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Unlike pam_tally2, faillock doesn't have > a --reset=n option that lets us > ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:/sbin/faillock --user $TEST_USER --reset > > /dev/null || exit_error > ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:msg_1="faillock reset > uid=$tuid.*exe=./sbin/faillock.*res=success.*" The faillock tests probably don't need command-level disablement, if the tests are not suitable for SuSE, please exclude them in run.conf of the given bucket (libpam) based on $DISTRO (see rules.mk). > ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; > ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; > ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; > ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; > ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; > ./audit-test/utils/envcheck: check "[ -z \"$(faillock | grep -v '^\([^ ]*:\|When\)')\" ]" 0 \ > ./audit-test/utils/run.bash: faillock --user "$TEST_USER" --reset > ./audit-test/utils/run.bash: faillock --user "$TEST_ADMIN" --reset > Thanks, Jiri |
From: Miroslav V. <mva...@re...> - 2015-03-26 09:26:39
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Cyril, On 03/25/2015 01:00 PM, Cyril Hrubis wrote: > Fixes harmless error messages caused by: Thanks for your patch! > > commit 744c093b6f538ac608962a752d8776341cc13174 Author: Jiri Jaburek <jja...@re...> > Date: Mon Dec 10 14:20:04 2012 +0100 > > utils: make sure testuser/testadmin is not faillocked > > Signed-off-by: Cyril Hrubis <me...@uc...> --- audit-test/utils/run.bash | 8 ++++++-- 1 file > changed, 6 insertions(+), 2 deletions(-) > > diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index c3a709f..998040a > 100755 --- a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -271,7 +271,9 @@ > function startup { dmsg "Adding user $TEST_USER" useradd -g "$TEST_USER" -G wheel -m > "$TEST_USER" || die echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null - faillock > --user "$TEST_USER" --reset + if command -v faillock > /dev/null; then + faillock --user > "$TEST_USER" --reset + fi There will be more places in the suite where you will hit faillock [1]. Would it be possible to follow up with this patch and fix the remaining stuff also please? Also we prefer sticking to sh compatibility if possible, would you mind replacing command for which? Thanks very much! Looking forward for additional SUSE patches :) Best regards, /M > > # Add the test user which is in sysadm_r killall -9 -u "$TEST_ADMIN" &>/dev/null @@ -286,7 > +288,9 @@ function startup { useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die fi echo > "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null - faillock --user > "$TEST_ADMIN" --reset + if command -v faillock > /dev/null; then + faillock --user > "$TEST_ADMIN" --reset + fi > > startup_hook } > [1] $ grep -R faillock . ./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock at cleanup ./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_USER" ./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_ADMIN" ./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock for $TEST_USER ./audit-test/crypto/tests/test_ssh_multi.bash:faillock --reset --user $TEST_USER ./audit-test/libpam/run.conf: + pamfaillock_lock ./audit-test/libpam/run.conf: + pamfaillock_unlock ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Verify pam_faillock will lock an account ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# make sure faillock is reset for TEST_USER ./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset > /dev/null || exit_error ./audit-test/libpam/tests/test_pamfaillock_lock.bash:grep -q pam_faillock /etc/pam.d/sshd || grep - -q pam_faillock /etc/pam.d/password-auth || exit_error ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Unlike pam_tally2, faillock doesn't have a - --reset=n option that lets us ./audit-test/libpam/tests/test_pamfaillock_lock.bash:msg_1="pam_faillock uid=$tuid.*exe=./usr/sbin/sshd.*res=success.*" ./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset > /dev/null || exit_error ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Verify pam_faillock will unlock an account ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:grep -q pam_faillock /etc/pam.d/sshd || grep -q pam_faillock /etc/pam.d/password-auth || exit_error ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Unlike pam_tally2, faillock doesn't have a --reset=n option that lets us ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:/sbin/faillock --user $TEST_USER --reset > /dev/null || exit_error ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:msg_1="faillock reset uid=$tuid.*exe=./sbin/faillock.*res=success.*" ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; ./audit-test/trustedprograms/tests/utils.plib: `faillock --user '$username' --reset`; ./audit-test/utils/envcheck: check "[ -z \"$(faillock | grep -v '^\([^ ]*:\|When\)')\" ]" 0 \ ./audit-test/utils/run.bash: faillock --user "$TEST_USER" --reset ./audit-test/utils/run.bash: faillock --user "$TEST_ADMIN" --reset - -- Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVE9DDAAoJEBliWhMliBCH0soH/3oH24bkEyAPUnQgymfYQVM6 q7SdTLE9QJi7gt1vP6TFL82UUt7MsTOJElCOove6mtCTVEqnDkhzACs6CQ8Ye9LV EDRohlZlycD2Al0ZdMJndNlrFaXZJedEX2kuSMW+O6g/WynIx+7HtggErSFp6uMU Ah5GtwCUE+GWdlsNILcuuj+B3wWPt3oSdEZMk4CrtvLAhiatB3uf/NTxHHKkNCWd lauDhS7wd/qV42/1jkZmcbQt/g+pUOgdvBY9g3cDmwFxroqBn+bVftdSTAqpaNyU NnUy8L9ysMRNNUaWlpI5PMkrX6r2JWAg+0cPEzzNUeQ+oDdfiunIlohwSRHYilk= =MIuf -----END PGP SIGNATURE----- |
From: Cyril H. <me...@uc...> - 2015-03-25 12:01:15
|
Fixes harmless error messages caused by: commit 744c093b6f538ac608962a752d8776341cc13174 Author: Jiri Jaburek <jja...@re...> Date: Mon Dec 10 14:20:04 2012 +0100 utils: make sure testuser/testadmin is not faillocked Signed-off-by: Cyril Hrubis <me...@uc...> --- audit-test/utils/run.bash | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index c3a709f..998040a 100755 --- a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -271,7 +271,9 @@ function startup { dmsg "Adding user $TEST_USER" useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null - faillock --user "$TEST_USER" --reset + if command -v faillock > /dev/null; then + faillock --user "$TEST_USER" --reset + fi # Add the test user which is in sysadm_r killall -9 -u "$TEST_ADMIN" &>/dev/null @@ -286,7 +288,9 @@ function startup { useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die fi echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null - faillock --user "$TEST_ADMIN" --reset + if command -v faillock > /dev/null; then + faillock --user "$TEST_ADMIN" --reset + fi startup_hook } -- 2.0.5 -- Cyril Hrubis ch...@su... |
From: Miroslav V. <mva...@re...> - 2014-10-27 13:45:38
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The 46 patches are now upstream. Best regards, /M On 10/20/2014 02:35 PM, Miroslav Vadkerti wrote: > Hi everyone, > > As there were no comments on this patchset, we will push it to upstream after 7 days from now. > The patchset is tested by RH and we already use it for testing. > > Thanks and best regards, /M > > On 09/23/2014 11:43 AM, Jiri Jaburek wrote: >> Hello all, another batch of fixes and small improvements we've made during the last 10 >> months (or so), all of them should be fully backwards compatible. > >> Brief description (with patch numbers): > >> - forgotten augrok fix for recent upstream code (01) - documentation improvements (02-04) - >> stronger passwords for testing (05-08) - various audit-* fixes for later rhel6+ releases >> (09-11) - proper test user cleanup / suite resilience (12-14) - various syscall wrapper >> improvements (15-34) - make system related changes (35-40) - other uncategorized fixes >> (41-46) > >> As you can see, most of the patches are related to syscall wrapper improvements - those are >> mostly scope-limited functionality enhancements for existing wrappers. > >> 2.4% audit-test/misc/tests/ 2.3% audit-test/syscalls/ 12.5% audit-test/trustedprograms/tests/ >> 65.9% audit-test/utils/bin/ 5.3% audit-test/utils/ 10.2% audit-test/ > >> The patches have been tested on RHEL6.5 without any major issues. Attached via >> In-Reply-To/References to this mail. > >> Thanks for the review, Jiri > >> ------------------------------------------------------------------------------ Meet PCI DSS >> 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with >> Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download >> White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer >> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk >> _______________________________________________ Audit-test-developer mailing list >> Aud...@li... >> https://lists.sourceforge.net/lists/listinfo/audit-test-developer > > > > ------------------------------------------------------------------------------ Comprehensive > Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, > SMS, voice calls or mobile push notifications. Take corrective actions from your mobile > device. http://p.sf.net/sfu/Zoho _______________________________________________ > Audit-test-developer mailing list Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer > - -- Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, Purky?ova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUTkx3AAoJEBliWhMliBCHXVcH/2YDn/OXwXpfoWw1u4ckW5gv C2KBOCdeEk32Eb6HkZX89ttjrYnSVANjqg21oDrQomJFBgL4nWb/xeKq8wcrZxHQ P+u5kg6lk9zh0EMTEb0XKrt1rCI5fee3xrqL3c87eSnjnDPMmHbdnMxmaOYS6iWW m9YikezxxszyZsRcsH5t7SKW7qsn5LYl7jFAWuvvKV2nn69pKI9RZ4JWsPAADs54 OcKc2+T3+NbI/ZUxgn/NylCy7ysCfr6HQ696uAWt/4tvOx22HlWpmSD1fNE+ppvV HkpR/Nm4XPTJlRknCxYd2awZiXQ892ArO9mzPlW2nCgUPn7Z6gzMOpicmy3lAjM= =iZ87 -----END PGP SIGNATURE----- |
From: Linda K. <lin...@hp...> - 2014-10-27 13:39:45
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Miroslav, - -- ljk On 10/27/2014 9:36 AM, Miroslav Vadkerti wrote: > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Hi, > > The 46 patches are now upstream. > > Best regards, /M > > On 10/20/2014 02:35 PM, Miroslav Vadkerti wrote: >> Hi everyone, >> >> As there were no comments on this patchset, we will push it to >> upstream after 7 days from now. The patchset is tested by RH and >> we already use it for testing. >> >> Thanks and best regards, /M >> >> On 09/23/2014 11:43 AM, Jiri Jaburek wrote: >>> Hello all, another batch of fixes and small improvements we've >>> made during the last 10 months (or so), all of them should be >>> fully backwards compatible. >> >>> Brief description (with patch numbers): >> >>> - forgotten augrok fix for recent upstream code (01) - >>> documentation improvements (02-04) - stronger passwords for >>> testing (05-08) - various audit-* fixes for later rhel6+ >>> releases (09-11) - proper test user cleanup / suite resilience >>> (12-14) - various syscall wrapper improvements (15-34) - make >>> system related changes (35-40) - other uncategorized fixes >>> (41-46) >> >>> As you can see, most of the patches are related to syscall >>> wrapper improvements - those are mostly scope-limited >>> functionality enhancements for existing wrappers. >> >>> 2.4% audit-test/misc/tests/ 2.3% audit-test/syscalls/ 12.5% >>> audit-test/trustedprograms/tests/ 65.9% audit-test/utils/bin/ >>> 5.3% audit-test/utils/ 10.2% audit-test/ >> >>> The patches have been tested on RHEL6.5 without any major >>> issues. Attached via In-Reply-To/References to this mail. >> >>> Thanks for the review, Jiri >> >>> ------------------------------------------------------------------------------ >>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer >>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI >>> DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? >>> Download White paper Comply to PCI DSS 3.0 Requirement 10 and >>> 11.5 with EventLog Analyzer >>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Audit-test-developer mailing list >>> Aud...@li... >>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer >> >> >> >> >>> - ------------------------------------------------------------------------------ Comprehensive >> Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. >> Get alerted through email, SMS, voice calls or mobile push >> notifications. Take corrective actions from your mobile device. >> http://p.sf.net/sfu/Zoho >> _______________________________________________ >> Audit-test-developer mailing list >> Aud...@li... >> https://lists.sourceforge.net/lists/listinfo/audit-test-developer >> > >> > - -- Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS > :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 776 > 864 252 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno > #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, > Purky?ova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP > SIGNATURE----- Version: GnuPG v1 > > iQEcBAEBAgAGBQJUTkpNAAoJEBliWhMliBCHQ8cIALb+h5h7FuoQxyZZcG3GzSlV > bfPVhfWBjWtgkQRrNUE+8jVxpjJ8knKMhWn0f29/k3Ew7MMc/9ppGsOSzftEyUnD > 9LM+YuPAvQ9YBAkrKexHezZA8bL81fKpkt29uKAP89iUy3r6NXJozWS/FJAyyBuj > NN3AumdkUHgeasPgx/E7Dk0+zuhbruOxjqqt6JPEv8HjXRTBM8kREhdNmMR10dSV > SegZ1zKXNNjP3i4WLwIzl+GleXnmg3CyoHcQzeKmy0SKgHs6ROmVFlGEWAwDujsm > xToBch3D3I8EvrDq6yoJ3YAuMwLZnreZz7umbRqei9Sbfo9u7d7IWG1lwxE//Gw= > =pjBd -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iEYEARECAAYFAlROSxkACgkQNGBeuemHzRvo/ACfVerDaYl+wCAFfjKBIGcZtGKT w2sAniLmFAp2eJL8urN4LiA1CtFYXbuX =mLt1 -----END PGP SIGNATURE----- |
From: Miroslav V. <mva...@re...> - 2014-10-27 13:36:26
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The 46 patches are now upstream. Best regards, /M On 10/20/2014 02:35 PM, Miroslav Vadkerti wrote: > Hi everyone, > > As there were no comments on this patchset, we will push it to upstream after 7 days from now. > The patchset is tested by RH and we already use it for testing. > > Thanks and best regards, /M > > On 09/23/2014 11:43 AM, Jiri Jaburek wrote: >> Hello all, another batch of fixes and small improvements we've made during the last 10 >> months (or so), all of them should be fully backwards compatible. > >> Brief description (with patch numbers): > >> - forgotten augrok fix for recent upstream code (01) - documentation improvements (02-04) - >> stronger passwords for testing (05-08) - various audit-* fixes for later rhel6+ releases >> (09-11) - proper test user cleanup / suite resilience (12-14) - various syscall wrapper >> improvements (15-34) - make system related changes (35-40) - other uncategorized fixes >> (41-46) > >> As you can see, most of the patches are related to syscall wrapper improvements - those are >> mostly scope-limited functionality enhancements for existing wrappers. > >> 2.4% audit-test/misc/tests/ 2.3% audit-test/syscalls/ 12.5% audit-test/trustedprograms/tests/ >> 65.9% audit-test/utils/bin/ 5.3% audit-test/utils/ 10.2% audit-test/ > >> The patches have been tested on RHEL6.5 without any major issues. Attached via >> In-Reply-To/References to this mail. > >> Thanks for the review, Jiri > >> ------------------------------------------------------------------------------ Meet PCI DSS >> 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with >> Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download >> White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer >> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk >> _______________________________________________ Audit-test-developer mailing list >> Aud...@li... >> https://lists.sourceforge.net/lists/listinfo/audit-test-developer > > > > ------------------------------------------------------------------------------ Comprehensive > Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, > SMS, voice calls or mobile push notifications. Take corrective actions from your mobile > device. http://p.sf.net/sfu/Zoho _______________________________________________ > Audit-test-developer mailing list Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer > - -- Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, Purky?ova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUTkpNAAoJEBliWhMliBCHQ8cIALb+h5h7FuoQxyZZcG3GzSlV bfPVhfWBjWtgkQRrNUE+8jVxpjJ8knKMhWn0f29/k3Ew7MMc/9ppGsOSzftEyUnD 9LM+YuPAvQ9YBAkrKexHezZA8bL81fKpkt29uKAP89iUy3r6NXJozWS/FJAyyBuj NN3AumdkUHgeasPgx/E7Dk0+zuhbruOxjqqt6JPEv8HjXRTBM8kREhdNmMR10dSV SegZ1zKXNNjP3i4WLwIzl+GleXnmg3CyoHcQzeKmy0SKgHs6ROmVFlGEWAwDujsm xToBch3D3I8EvrDq6yoJ3YAuMwLZnreZz7umbRqei9Sbfo9u7d7IWG1lwxE//Gw= =pjBd -----END PGP SIGNATURE----- |