audit-test-developer Mailing List for Audit Test Project

Test suite for Linux audit and related security functionality

Status: Beta

Brought to you by: amygriffis, jjaburek, jonwallace, lindaknippers, and 2 others

audit-test-developer — Communicate about status of bugs, patches, and features

You can subscribe to this list here.

2008	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct (8)	Nov	Dec
2009	Jan (8)	Feb (23)	Mar (11)	Apr (8)	May (2)	Jun	Jul	Aug (5)	Sep	Oct	Nov	Dec
2011	Jan	Feb (23)	Mar (140)	Apr (35)	May (49)	Jun (176)	Jul (73)	Aug (50)	Sep (78)	Oct (102)	Nov (150)	Dec (94)
2012	Jan (120)	Feb (77)	Mar (29)	Apr (4)	May (19)	Jun	Jul (19)	Aug (9)	Sep	Oct (6)	Nov (3)	Dec
2013	Jan (4)	Feb (28)	Mar (5)	Apr (69)	May (34)	Jun (11)	Jul (13)	Aug (55)	Sep (5)	Oct (31)	Nov	Dec (25)
2014	Jan (1)	Feb	Mar	Apr	May	Jun	Jul (53)	Aug (17)	Sep (50)	Oct (15)	Nov	Dec
2015	Jan	Feb	Mar (3)	Apr (9)	May (1)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2018	Jan	Feb	Mar	Apr (1)	May (8)	Jun	Jul	Aug	Sep	Oct	Nov	Dec

Flat | Threaded

1 2 3 .. 71 > >> (Page 1 of 71)

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Paul M. <pa...@pa...> - 2018-05-18 15:18:44

On Thu, May 17, 2018 at 5:44 AM, Jiri Jaburek <jja...@re...> wrote:
> I unfortunately don't think I have the time needed to do upstream work
> for the project. I also don't think it's really worth putting the effort
> in - these days, you have things like
>
>   https://github.com/SELinuxProject/selinux-testsuite
>   https://github.com/linux-audit
>
> in addition to LTP and other projects.

On Fri, May 18, 2018 at 5:43 AM, Cyril Hrubis <ch...@su...> wrote:
> Given that there are upstream repositories for audit and selinux it
> would probably makes sense to reuse these for the certification purposes
> in the long term.

Granted my CC evaluation experience is quite old at this point, but I
don't believe the current selinux-testsuite and audit-testsuite are
sufficient, or even close to being sufficient, for CC evaluation.
While I think both of those test suites could benefit from addition
tests, the audit-testsuite is especially lacking, I believe that
adding the tests necessary for CC certification is out-of-scope for
those test suites.  There is a reason why I started maintaining those
test suites again and didn't attempt to use the audit-test suite.

Regardless, it looks like the larger problem is a lack of resources
needed to maintain the audit-test test suite.  That's unfortunate, but
I don't see any way to change that.

-- 
paul moore
www.paul-moore.com

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Cyril H. <ch...@su...> - 2018-05-18 09:46:36

Hi!
> >> It seems a shame that we can't combine efforts to maintain a common
> >> repository.  Personally I think moving away from a common repository,
> >> even if it is one with distro-specific branches, is a big step
> >> backwards.
> >>
> >> What would it take to get folks to start contributing again?  Is it as
> >> simple as moving to GH?
> >
> > I guess that it's too late for past releases, I doubt that anybody would
> > allocate resources for merging SLE12 related changes to upstream at this
> > point.
> 
> What if we simply created a SLE12 specific branch in the upstream repo?

I would have to confirm if it's okay to release the patches and locate
the git repository but I suppose that this would be doable at least.

> I admit that it is unlikely anyone will spend a significant portion of
> time towards merging the entire set of changes, but there is always
> the possibility that there could be some smaller changes which are
> easy to merge and generally applicable.  If nothing else it
> consolidates everything in one place which I think would be beneficial
> for everyone.

The biggest problem would be locating these in the pile of, quite often
unclean, patches.

> > For the record we tried to upstream at least some of the changes but we
> > have given up because there was no real upstream. What we need is a
> > someone who reviews and applies patches and maybe then we can get most
> > of the fixes upstream when we start working on next certification.
> 
> Ask not what you upstream can do for you, ask what you can do for upstream. ;)
> 
> Would you be willing to work with Jiri to help reinvigorate the
> upstream effort?  At the very least, what about distro/release
> specific branches?  Jiri, what do you think?

To be completely honest here, I do have enough on my plate with
maintaing LTP upstream. Hence unfortunately I do not have any resources
for doing patch review for another upstream project.

> I'm trying to avoid the situation we had in the early days of the
> Linux CC effort where test development was done in private and there
> was a *lot* of duplicated effort.

Given that there are upstream repositories for audit and selinux it
would probably makes sense to reuse these for the certification purposes
in the long term.

-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Jiri J. <jja...@re...> - 2018-05-17 09:44:13

On 05/16/18 23:48, Paul Moore wrote:
> On Tue, May 15, 2018 at 8:46 AM, Cyril Hrubis <ch...@su...> wrote:
>> Hi!
>>> It seems a shame that we can't combine efforts to maintain a common
>>> repository.  Personally I think moving away from a common repository,
>>> even if it is one with distro-specific branches, is a big step
>>> backwards.
>>>
>>> What would it take to get folks to start contributing again?  Is it as
>>> simple as moving to GH?
>>
>> I guess that it's too late for past releases, I doubt that anybody would
>> allocate resources for merging SLE12 related changes to upstream at this
>> point.
> 
> What if we simply created a SLE12 specific branch in the upstream repo?
> 
> I admit that it is unlikely anyone will spend a significant portion of
> time towards merging the entire set of changes, but there is always
> the possibility that there could be some smaller changes which are
> easy to merge and generally applicable.  If nothing else it
> consolidates everything in one place which I think would be beneficial
> for everyone.
> 
>> For the record we tried to upstream at least some of the changes but we
>> have given up because there was no real upstream. What we need is a
>> someone who reviews and applies patches and maybe then we can get most
>> of the fixes upstream when we start working on next certification.
> 
> Ask not what you upstream can do for you, ask what you can do for upstream. ;)
> 
> Would you be willing to work with Jiri to help reinvigorate the
> upstream effort?  At the very least, what about distro/release
> specific branches?  Jiri, what do you think?

I unfortunately don't think I have the time needed to do upstream work
for the project. I also don't think it's really worth putting the effort
in - these days, you have things like

  https://github.com/SELinuxProject/selinux-testsuite
  https://github.com/linux-audit

in addition to LTP and other projects.

Keeping a project that exist as a blend of everything for the only and
sole purpose of doing EAL4 alive as upstream is IMHO not realistic.
Anyone who would like to help the overall Linux testing effort
in general will likely contribute to LTP instead.

That being said, the pushed RHEL-7.1 changes are only a very small
portion of the work I've done on the suite and I have about 260 commits
"sidestepping" it for generic Fedora testing.

In that branch, I rewrote the entire network-server logic using
a modular TCP server with proper locking logic everywhere in the suite,
re-did the syscall relevancy logic and generally updated the whole suite
to be more relevant to bleeding-edge distros.
I'll see if I can get that published somewhere (here or on my github
account), for posterity and code copy/pasting if nothing else.

Jiri

> 
> I'm trying to avoid the situation we had in the early days of the
> Linux CC effort where test development was done in private and there
> was a *lot* of duplicated effort.
>

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Paul M. <pa...@pa...> - 2018-05-16 21:56:20

On Tue, May 15, 2018 at 8:46 AM, Cyril Hrubis <ch...@su...> wrote:
> Hi!
>> It seems a shame that we can't combine efforts to maintain a common
>> repository.  Personally I think moving away from a common repository,
>> even if it is one with distro-specific branches, is a big step
>> backwards.
>>
>> What would it take to get folks to start contributing again?  Is it as
>> simple as moving to GH?
>
> I guess that it's too late for past releases, I doubt that anybody would
> allocate resources for merging SLE12 related changes to upstream at this
> point.

What if we simply created a SLE12 specific branch in the upstream repo?

I admit that it is unlikely anyone will spend a significant portion of
time towards merging the entire set of changes, but there is always
the possibility that there could be some smaller changes which are
easy to merge and generally applicable.  If nothing else it
consolidates everything in one place which I think would be beneficial
for everyone.

> For the record we tried to upstream at least some of the changes but we
> have given up because there was no real upstream. What we need is a
> someone who reviews and applies patches and maybe then we can get most
> of the fixes upstream when we start working on next certification.

Ask not what you upstream can do for you, ask what you can do for upstream. ;)

Would you be willing to work with Jiri to help reinvigorate the
upstream effort?  At the very least, what about distro/release
specific branches?  Jiri, what do you think?

I'm trying to avoid the situation we had in the early days of the
Linux CC effort where test development was done in private and there
was a *lot* of duplicated effort.

-- 
paul moore
www.paul-moore.com

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Cyril H. <ch...@su...> - 2018-05-15 12:49:19

Hi!
> It seems a shame that we can't combine efforts to maintain a common
> repository.  Personally I think moving away from a common repository,
> even if it is one with distro-specific branches, is a big step
> backwards.
> 
> What would it take to get folks to start contributing again?  Is it as
> simple as moving to GH?

I guess that it's too late for past releases, I doubt that anybody would
allocate resources for merging SLE12 related changes to upstream at this
point.

For the record we tried to upstream at least some of the changes but we
have given up because there was no real upstream. What we need is a
someone who reviews and applies patches and maybe then we can get most
of the fixes upstream when we start working on next certification.

-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Paul M. <pa...@pa...> - 2018-05-03 20:47:20

On Wed, May 2, 2018 at 10:31 AM, Cyril Hrubis <ch...@su...> wrote:
> Hi!
>> I'm not sure if anybody is still watching this as this project (at least
>> this upstream) seems dead these days, possibly due to the nature of the
>> project.
>>
>> Anyway, I've just pushed the audit-test suite version shipped with
>> RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch.
>> Maybe it'll be useful to somebody.
>>
>> Our plans were to move this project over to Github, but I'm not sure
>> it's worth it - it might be better to just let it die on sourceforge.
>>
>> I have left the 'master' branch untouched as the rhel7_1 changes
>> aren't 100% compatible and we don't have the resources dedicated to
>> a full review / comments / maintenance / etc. in case any issues arise.
>
> For what it's worth we do have a repo with SUSE specific patches here as
> well, but given the state of the project we have given up on upstreaming
> it and I doubt that this will change anytime soon.

It seems a shame that we can't combine efforts to maintain a common
repository.  Personally I think moving away from a common repository,
even if it is one with distro-specific branches, is a big step
backwards.

What would it take to get folks to start contributing again?  Is it as
simple as moving to GH?

-- 
paul moore
www.paul-moore.com

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Cyril H. <ch...@su...> - 2018-05-02 14:33:22

Hi!
> I'm not sure if anybody is still watching this as this project (at least
> this upstream) seems dead these days, possibly due to the nature of the
> project.
> 
> Anyway, I've just pushed the audit-test suite version shipped with
> RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch.
> Maybe it'll be useful to somebody.
> 
> Our plans were to move this project over to Github, but I'm not sure
> it's worth it - it might be better to just let it die on sourceforge.
> 
> I have left the 'master' branch untouched as the rhel7_1 changes
> aren't 100% compatible and we don't have the resources dedicated to
> a full review / comments / maintenance / etc. in case any issues arise.

For what it's worth we do have a repo with SUSE specific patches here as
well, but given the state of the project we have given up on upstreaming
it and I doubt that this will change anytime soon.

-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Paul M. <pa...@pa...> - 2018-05-01 15:30:52

On Mon, Apr 30, 2018 at 11:54 AM, Jiri Jaburek <jja...@re...> wrote:
> Hello,
> I'm not sure if anybody is still watching this as this project (at least
> this upstream) seems dead these days, possibly due to the nature of the
> project.
>
> Anyway, I've just pushed the audit-test suite version shipped with
> RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch.
> Maybe it'll be useful to somebody.
>
> Our plans were to move this project over to Github, but I'm not sure
> it's worth it - it might be better to just let it die on sourceforge.
>
> I have left the 'master' branch untouched as the rhel7_1 changes
> aren't 100% compatible and we don't have the resources dedicated to
> a full review / comments / maintenance / etc. in case any issues arise.
>
> Finally, if you would like to work further on this, please let us know.
>
> Thanks,
> Jiri
>
>
> PS: I have also made rhel5_6_testing into a tag instead of a branch.

I guess my question is do you expect to continue using this in the
future for CC certification efforts?  If the answer is "yes" then I
think it might make sense to eventually move the tests to GH, if the
answer is "no" then I think simply preserving the tests on SF.net is
fine.

-- 
paul moore
www.paul-moore.com

[Audit-test-developer] RHEL-7.1 audit-test suite pushed as rhel7_1

From: Jiri J. <jja...@re...> - 2018-04-30 15:54:53

Hello,
I'm not sure if anybody is still watching this as this project (at least
this upstream) seems dead these days, possibly due to the nature of the
project.

Anyway, I've just pushed the audit-test suite version shipped with
RHEL-7.1 (in the cc-config-rhel71 RPM) to the rhel7_1 branch.
Maybe it'll be useful to somebody.

Our plans were to move this project over to Github, but I'm not sure
it's worth it - it might be better to just let it die on sourceforge.

I have left the 'master' branch untouched as the rhel7_1 changes
aren't 100% compatible and we don't have the resources dedicated to
a full review / comments / maintenance / etc. in case any issues arise.

Finally, if you would like to work further on this, please let us know.

Thanks,
Jiri


PS: I have also made rhel5_6_testing into a tag instead of a branch.

[Audit-test-developer] [PATCH] Fix path to sshd sysconfig file on SUSE

From: Cyril H. <ch...@su...> - 2015-05-05 14:29:19

The correct path to sshd sysconfig file is /etc/sysconfig/ssh on SUSE.

Signed-off-by: Cyril Hrubis <ch...@su...>
---
 audit-test/utils/tp_ssh_functions.bash | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/audit-test/utils/tp_ssh_functions.bash b/audit-test/utils/tp_ssh_functions.bash
index 4b8280d..f4cafd0 100644
--- a/audit-test/utils/tp_ssh_functions.bash
+++ b/audit-test/utils/tp_ssh_functions.bash
@@ -363,7 +363,11 @@ function ssh_check_audit {
 
 function disable_ssh_strong_rng {
     MPROFILE="/etc/profile"
-    SSHDCONF="/etc/sysconfig/sshd"
+    if [ "$DISTRO" = "SUSE" ]; then
+        SSHDCONF="/etc/sysconfig/ssh"
+    else
+        SSHDCONF="/etc/sysconfig/sshd"
+    fi
     CCCONF="/etc/profile.d/cc-configuration.sh"
 
     # backup global profile and remove sleep
-- 
2.0.5


-- 
Cyril Hrubis
ch...@su...

[Audit-test-developer] [PATCH 2/2] run.bash: Use chpasswd when passwd does not support --stdin

From: Cyril H. <ch...@su...> - 2015-04-23 12:51:10

Signed-off-by: Cyril Hrubis <ch...@su...>
---
 audit-test/utils/run.bash | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
index f48b644..badce13 100755
--- a/audit-test/utils/run.bash
+++ b/audit-test/utils/run.bash
@@ -240,6 +240,10 @@ function startup {
         mkdir "$opt_logdir"
     fi
 
+    if passwd --help |grep -q -- --stdin; then
+        local PASSWD_HAS_STDIN=1
+    fi
+
     # Open the logs before running the tests
     open_log
 
@@ -270,7 +274,13 @@ function startup {
     groupadd "$TEST_USER" || die
     dmsg "Adding user $TEST_USER"
     useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
-    echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
+
+    if [ -n "$PASSWD_HAS_STDIN" ]; then
+        echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
+    else
+        echo "$TEST_USER:$TEST_USER_PASSWD" | chpasswd
+    fi
+
     if which faillock >/dev/null 2>&1; then
         faillock --user "$TEST_USER" --reset
     fi
@@ -287,7 +297,13 @@ function startup {
     else
         useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
     fi
-    echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
+
+    if [ -n "$PASSWD_HAS_STDIN" ]; then
+        echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
+    else
+        echo "$TEST_ADMIN:$TEST_ADMIN_PASSWD" | chpasswd
+    fi
+
     if which faillock >/dev/null 2>&1; then
         faillock --user "$TEST_ADMIN" --reset
     fi
-- 
2.0.5


-- 
Cyril Hrubis
ch...@su...

[Audit-test-developer] [PATCH 1/2] Fix "Fix nonexistent faillock on SUSE"

From: Cyril H. <ch...@su...> - 2015-04-23 12:50:34

Fixes commit 6703b3a5fe0809c65c9c03e289c82f93c7070b35

I've messed the order or redirection, when I hand edited the patch,
sorry.

Signed-off-by: Cyril Hrubis <ch...@su...>
---
 audit-test/utils/run.bash | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
index a1d99ff..f48b644 100755
--- a/audit-test/utils/run.bash
+++ b/audit-test/utils/run.bash
@@ -271,7 +271,7 @@ function startup {
     dmsg "Adding user $TEST_USER"
     useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
     echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
-    if which faillock 2>&1 >/dev/null; then
+    if which faillock >/dev/null 2>&1; then
         faillock --user "$TEST_USER" --reset
     fi
 
@@ -288,7 +288,7 @@ function startup {
         useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
     fi
     echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
-    if which faillock 2>&1 >/dev/null; then
+    if which faillock >/dev/null 2>&1; then
         faillock --user "$TEST_ADMIN" --reset
     fi
 
-- 
2.0.5


-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Linda K. <lin...@hp...> - 2015-04-07 16:06:51

Cyril, thanks for the patch.  It has been applied.

-- ljk

On 4/2/2015 11:37 AM, Cyril Hrubis wrote:
> Fixes harmless error messages caused by:
> 
> commit 744c093b6f538ac608962a752d8776341cc13174
> Author: Jiri Jaburek <jja...@re...>
> Date:   Mon Dec 10 14:20:04 2012 +0100
> 
> 	utils: make sure testuser/testadmin is not faillocked
> 
> Signed-off-by: Cyril Hrubis <ch...@su...>
> ---
>  audit-test/utils/run.bash | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
> index c3a709f..a1d99ff 100755
> --- a/audit-test/utils/run.bash
> +++ b/audit-test/utils/run.bash
> @@ -271,7 +271,9 @@ function startup {
>      dmsg "Adding user $TEST_USER"
>      useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
>      echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
> -    faillock --user "$TEST_USER" --reset
> +    if which faillock 2>&1 >/dev/null; then
> +        faillock --user "$TEST_USER" --reset
> +    fi
>  
>      # Add the test user which is in sysadm_r
>      killall -9 -u "$TEST_ADMIN" &>/dev/null
> @@ -286,7 +288,9 @@ function startup {
>          useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
>      fi
>      echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
> -    faillock --user "$TEST_ADMIN" --reset
> +    if which faillock 2>&1 >/dev/null; then
> +        faillock --user "$TEST_ADMIN" --reset
> +    fi
>  
>      startup_hook
>  }
>

Re: [Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Jiri J. <jja...@re...> - 2015-04-07 12:39:49

On 04/06/2015 06:37 PM, Linda Knippers wrote:
> This looks ok to me.  Miroslav, Jiri, any concern?

Seems fine to me.

> 
> -- ljk
> 
> On 4/2/2015 11:37 AM, Cyril Hrubis wrote:
>> Fixes harmless error messages caused by:
>>
>> commit 744c093b6f538ac608962a752d8776341cc13174
>> Author: Jiri Jaburek <jja...@re...>
>> Date:   Mon Dec 10 14:20:04 2012 +0100
>>
>> 	utils: make sure testuser/testadmin is not faillocked
>>
>> Signed-off-by: Cyril Hrubis <ch...@su...>
>> ---
>>  audit-test/utils/run.bash | 8 ++++++--
>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
>> index c3a709f..a1d99ff 100755
>> --- a/audit-test/utils/run.bash
>> +++ b/audit-test/utils/run.bash
>> @@ -271,7 +271,9 @@ function startup {
>>      dmsg "Adding user $TEST_USER"
>>      useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
>>      echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
>> -    faillock --user "$TEST_USER" --reset
>> +    if which faillock 2>&1 >/dev/null; then
>> +        faillock --user "$TEST_USER" --reset
>> +    fi
>>  
>>      # Add the test user which is in sysadm_r
>>      killall -9 -u "$TEST_ADMIN" &>/dev/null
>> @@ -286,7 +288,9 @@ function startup {
>>          useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
>>      fi
>>      echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
>> -    faillock --user "$TEST_ADMIN" --reset
>> +    if which faillock 2>&1 >/dev/null; then
>> +        faillock --user "$TEST_ADMIN" --reset
>> +    fi
>>  
>>      startup_hook
>>  }
>>
> 
> 
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Audit-test-developer mailing list
> Aud...@li...
> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
>

Re: [Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Linda K. <lin...@hp...> - 2015-04-06 16:37:39

This looks ok to me.  Miroslav, Jiri, any concern?

-- ljk

On 4/2/2015 11:37 AM, Cyril Hrubis wrote:
> Fixes harmless error messages caused by:
> 
> commit 744c093b6f538ac608962a752d8776341cc13174
> Author: Jiri Jaburek <jja...@re...>
> Date:   Mon Dec 10 14:20:04 2012 +0100
> 
> 	utils: make sure testuser/testadmin is not faillocked
> 
> Signed-off-by: Cyril Hrubis <ch...@su...>
> ---
>  audit-test/utils/run.bash | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
> index c3a709f..a1d99ff 100755
> --- a/audit-test/utils/run.bash
> +++ b/audit-test/utils/run.bash
> @@ -271,7 +271,9 @@ function startup {
>      dmsg "Adding user $TEST_USER"
>      useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
>      echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
> -    faillock --user "$TEST_USER" --reset
> +    if which faillock 2>&1 >/dev/null; then
> +        faillock --user "$TEST_USER" --reset
> +    fi
>  
>      # Add the test user which is in sysadm_r
>      killall -9 -u "$TEST_ADMIN" &>/dev/null
> @@ -286,7 +288,9 @@ function startup {
>          useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
>      fi
>      echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
> -    faillock --user "$TEST_ADMIN" --reset
> +    if which faillock 2>&1 >/dev/null; then
> +        faillock --user "$TEST_ADMIN" --reset
> +    fi
>  
>      startup_hook
>  }
>

Re: [Audit-test-developer] [RFC] passwd --stdin does not work with shadow utils

From: Linda K. <lin...@hp...> - 2015-04-03 19:34:28

On 4/2/2015 11:45 AM, Cyril Hrubis wrote:
> Hi!
> Since SLES12 switched to shadow utils the option --stdin for passwd is
> no longer recognized. I've did a bit research and it looks like
> 
> echo "$USER:$PASSWORD" | chpasswd
> 
> is a suitable replacement. Can we replace the the occurences of
> passwd --stdin in utils/run.bash with chpasswd or do we need to switch
> between passwd --stdin and chpasswd depending on distro/version we run
> on?

That seems to work with RHEL6.x, which is probably the oldest distro
release that the test suite currently supports, so I don't think we'd
need to special case it.  I assume it works with SLES11 too?

-- ljk

>

[Audit-test-developer] [RFC] passwd --stdin does not work with shadow utils

From: Cyril H. <ch...@su...> - 2015-04-02 15:45:42

Hi!
Since SLES12 switched to shadow utils the option --stdin for passwd is
no longer recognized. I've did a bit research and it looks like

echo "$USER:$PASSWORD" | chpasswd

is a suitable replacement. Can we replace the the occurences of
passwd --stdin in utils/run.bash with chpasswd or do we need to switch
between passwd --stdin and chpasswd depending on distro/version we run
on?

-- 
Cyril Hrubis
ch...@su...

[Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Cyril H. <ch...@su...> - 2015-04-02 15:38:08

Fixes harmless error messages caused by:

commit 744c093b6f538ac608962a752d8776341cc13174
Author: Jiri Jaburek <jja...@re...>
Date:   Mon Dec 10 14:20:04 2012 +0100

	utils: make sure testuser/testadmin is not faillocked

Signed-off-by: Cyril Hrubis <ch...@su...>
---
 audit-test/utils/run.bash | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
index c3a709f..a1d99ff 100755
--- a/audit-test/utils/run.bash
+++ b/audit-test/utils/run.bash
@@ -271,7 +271,9 @@ function startup {
     dmsg "Adding user $TEST_USER"
     useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
     echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
-    faillock --user "$TEST_USER" --reset
+    if which faillock 2>&1 >/dev/null; then
+        faillock --user "$TEST_USER" --reset
+    fi
 
     # Add the test user which is in sysadm_r
     killall -9 -u "$TEST_ADMIN" &>/dev/null
@@ -286,7 +288,9 @@ function startup {
         useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
     fi
     echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
-    faillock --user "$TEST_ADMIN" --reset
+    if which faillock 2>&1 >/dev/null; then
+        faillock --user "$TEST_ADMIN" --reset
+    fi
 
     startup_hook
 }
-- 
2.0.5


-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Cyril H. <me...@uc...> - 2015-04-02 14:34:11

Hi!
> There will be more places in the suite where you will hit faillock [1]. Would it be possible to
> follow up with this patch and fix the remaining stuff also please?

I will deal with these once I get to them. I've just starte to work on
the testsuite...

> Also we prefer sticking to sh compatibility if possible, would you mind replacing command for
> which?

Will send updated patch soon.

BTW for some strange reason mutt mixed up my SUSE email with my personal
one. I guess that may have been because the patch was signed with my
personal mail by mistake. I will send subsequent patches from my SUSE
email account.

-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Jiri J. <jja...@re...> - 2015-03-26 10:12:27

On 03/26/2015 10:26 AM, Miroslav Vadkerti wrote:
> 
> There will be more places in the suite where you will hit faillock [1]. Would it be possible to
> follow up with this patch and fix the remaining stuff also please?
> 
> Also we prefer sticking to sh compatibility if possible, would you mind replacing command for
> which?

Also if the syntax of if/fi seems too stretched out, feel free to use
ie.
    which faillock >/dev/null && faillock --user "$TEST_USER" --reset

> 
> [1] $ grep -R faillock .
> ./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock at cleanup
> ./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_USER"
> ./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_ADMIN"
> ./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock for $TEST_USER
> ./audit-test/crypto/tests/test_ssh_multi.bash:faillock --reset --user $TEST_USER
> ./audit-test/libpam/run.conf:    + pamfaillock_lock
> ./audit-test/libpam/run.conf:    + pamfaillock_unlock
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Verify pam_faillock will lock an account
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# make sure faillock is reset for TEST_USER
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset >
> /dev/null || exit_error
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:grep -q pam_faillock /etc/pam.d/sshd || grep
> -q pam_faillock /etc/pam.d/password-auth || exit_error
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Unlike pam_tally2, faillock doesn't have a
> --reset=n option that lets us
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:msg_1="pam_faillock
> uid=$tuid.*exe=./usr/sbin/sshd.*res=success.*"
> ./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset >
> /dev/null || exit_error
> ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Verify pam_faillock will unlock an account
> ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:grep -q pam_faillock /etc/pam.d/sshd ||
> grep -q pam_faillock /etc/pam.d/password-auth || exit_error
> ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Unlike pam_tally2, faillock doesn't have
> a --reset=n option that lets us
> ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:/sbin/faillock --user $TEST_USER --reset >
> /dev/null || exit_error
> ./audit-test/libpam/tests/test_pamfaillock_unlock.bash:msg_1="faillock reset
> uid=$tuid.*exe=./sbin/faillock.*res=success.*"

The faillock tests probably don't need command-level disablement, if
the tests are not suitable for SuSE, please exclude them in run.conf
of the given bucket (libpam) based on $DISTRO (see rules.mk).

> ./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
> ./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
> ./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
> ./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
> ./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
> ./audit-test/utils/envcheck:    check "[ -z \"$(faillock | grep -v '^\([^ ]*:\|When\)')\" ]" 0 \
> ./audit-test/utils/run.bash:    faillock --user "$TEST_USER" --reset
> ./audit-test/utils/run.bash:    faillock --user "$TEST_ADMIN" --reset
> 

Thanks,
Jiri

Re: [Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Miroslav V. <mva...@re...> - 2015-03-26 09:26:39

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Cyril,

On 03/25/2015 01:00 PM, Cyril Hrubis wrote:
> Fixes harmless error messages caused by:

Thanks for your patch!

> 
> commit 744c093b6f538ac608962a752d8776341cc13174 Author: Jiri Jaburek <jja...@re...> 
> Date:   Mon Dec 10 14:20:04 2012 +0100
> 
> utils: make sure testuser/testadmin is not faillocked
> 
> Signed-off-by: Cyril Hrubis <me...@uc...> --- audit-test/utils/run.bash | 8 ++++++-- 1 file 
> changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index c3a709f..998040a 
> 100755 --- a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -271,7 +271,9 @@ 
> function startup { dmsg "Adding user $TEST_USER" useradd -g "$TEST_USER" -G wheel -m 
> "$TEST_USER" || die echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null - faillock
> --user "$TEST_USER" --reset +    if command -v faillock > /dev/null; then + faillock --user
> "$TEST_USER" --reset +    fi

There will be more places in the suite where you will hit faillock [1]. Would it be possible to
follow up with this patch and fix the remaining stuff also please?

Also we prefer sticking to sh compatibility if possible, would you mind replacing command for
which?

Thanks very much!
Looking forward for additional SUSE patches :)

Best regards,
/M

> 
> # Add the test user which is in sysadm_r killall -9 -u "$TEST_ADMIN" &>/dev/null @@ -286,7 
> +288,9 @@ function startup { useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die fi echo 
> "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null -    faillock --user
> "$TEST_ADMIN" --reset +    if command -v faillock > /dev/null; then +        faillock --user
> "$TEST_ADMIN" --reset +    fi
> 
> startup_hook }
> 

[1] $ grep -R faillock .
./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock at cleanup
./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_USER"
./audit-test/crypto/tests/test_ssh_multi.bash:prepend_cleanup "faillock --reset --user $TEST_ADMIN"
./audit-test/crypto/tests/test_ssh_multi.bash:# clear faillock for $TEST_USER
./audit-test/crypto/tests/test_ssh_multi.bash:faillock --reset --user $TEST_USER
./audit-test/libpam/run.conf:    + pamfaillock_lock
./audit-test/libpam/run.conf:    + pamfaillock_unlock
./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Verify pam_faillock will lock an account
./audit-test/libpam/tests/test_pamfaillock_lock.bash:# make sure faillock is reset for TEST_USER
./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset >
/dev/null || exit_error
./audit-test/libpam/tests/test_pamfaillock_lock.bash:grep -q pam_faillock /etc/pam.d/sshd || grep
- -q pam_faillock /etc/pam.d/password-auth || exit_error
./audit-test/libpam/tests/test_pamfaillock_lock.bash:# Unlike pam_tally2, faillock doesn't have a
- --reset=n option that lets us
./audit-test/libpam/tests/test_pamfaillock_lock.bash:msg_1="pam_faillock
uid=$tuid.*exe=./usr/sbin/sshd.*res=success.*"
./audit-test/libpam/tests/test_pamfaillock_lock.bash:/sbin/faillock --user $TEST_USER --reset >
/dev/null || exit_error
./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Verify pam_faillock will unlock an account
./audit-test/libpam/tests/test_pamfaillock_unlock.bash:grep -q pam_faillock /etc/pam.d/sshd ||
grep -q pam_faillock /etc/pam.d/password-auth || exit_error
./audit-test/libpam/tests/test_pamfaillock_unlock.bash:# Unlike pam_tally2, faillock doesn't have
a --reset=n option that lets us
./audit-test/libpam/tests/test_pamfaillock_unlock.bash:/sbin/faillock --user $TEST_USER --reset >
/dev/null || exit_error
./audit-test/libpam/tests/test_pamfaillock_unlock.bash:msg_1="faillock reset
uid=$tuid.*exe=./sbin/faillock.*res=success.*"
./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
./audit-test/trustedprograms/tests/utils.plib:  `faillock --user '$username' --reset`;
./audit-test/utils/envcheck:    check "[ -z \"$(faillock | grep -v '^\([^ ]*:\|When\)')\" ]" 0 \
./audit-test/utils/run.bash:    faillock --user "$TEST_USER" --reset
./audit-test/utils/run.bash:    faillock --user "$TEST_ADMIN" --reset


- -- 
Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security
Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440
IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu
Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJVE9DDAAoJEBliWhMliBCH0soH/3oH24bkEyAPUnQgymfYQVM6
q7SdTLE9QJi7gt1vP6TFL82UUt7MsTOJElCOove6mtCTVEqnDkhzACs6CQ8Ye9LV
EDRohlZlycD2Al0ZdMJndNlrFaXZJedEX2kuSMW+O6g/WynIx+7HtggErSFp6uMU
Ah5GtwCUE+GWdlsNILcuuj+B3wWPt3oSdEZMk4CrtvLAhiatB3uf/NTxHHKkNCWd
lauDhS7wd/qV42/1jkZmcbQt/g+pUOgdvBY9g3cDmwFxroqBn+bVftdSTAqpaNyU
NnUy8L9ysMRNNUaWlpI5PMkrX6r2JWAg+0cPEzzNUeQ+oDdfiunIlohwSRHYilk=
=MIuf
-----END PGP SIGNATURE-----

[Audit-test-developer] [PATCH] Fix nonexistent faillock on SUSE

From: Cyril H. <me...@uc...> - 2015-03-25 12:01:15

Fixes harmless error messages caused by:

commit 744c093b6f538ac608962a752d8776341cc13174
Author: Jiri Jaburek <jja...@re...>
Date:   Mon Dec 10 14:20:04 2012 +0100

	utils: make sure testuser/testadmin is not faillocked

Signed-off-by: Cyril Hrubis <me...@uc...>
---
 audit-test/utils/run.bash | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
index c3a709f..998040a 100755
--- a/audit-test/utils/run.bash
+++ b/audit-test/utils/run.bash
@@ -271,7 +271,9 @@ function startup {
     dmsg "Adding user $TEST_USER"
     useradd -g "$TEST_USER" -G wheel -m "$TEST_USER" || die
     echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER >/dev/null
-    faillock --user "$TEST_USER" --reset
+    if command -v faillock > /dev/null; then
+        faillock --user "$TEST_USER" --reset
+    fi
 
     # Add the test user which is in sysadm_r
     killall -9 -u "$TEST_ADMIN" &>/dev/null
@@ -286,7 +288,9 @@ function startup {
         useradd -g "$TEST_ADMIN" -G wheel -m "$TEST_ADMIN" || die
     fi
     echo "$TEST_ADMIN_PASSWD" | passwd --stdin $TEST_ADMIN >/dev/null
-    faillock --user "$TEST_ADMIN" --reset
+    if command -v faillock > /dev/null; then
+        faillock --user "$TEST_ADMIN" --reset
+    fi
 
     startup_hook
 }
-- 
2.0.5


-- 
Cyril Hrubis
ch...@su...

Re: [Audit-test-developer] various backwards (rhel6) compatible fixes, 2014/09

From: Miroslav V. <mva...@re...> - 2014-10-27 13:45:38

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The 46 patches are now upstream.

Best regards,
/M

On 10/20/2014 02:35 PM, Miroslav Vadkerti wrote:
> Hi everyone,
> 
> As there were no comments on this patchset, we will push it to upstream after 7 days from now.
> The patchset is tested by RH and we already use it for testing.
> 
> Thanks and best regards, /M
> 
> On 09/23/2014 11:43 AM, Jiri Jaburek wrote:
>> Hello all, another batch of fixes and small improvements we've made during the last 10
>> months (or so), all of them should be fully backwards compatible.
> 
>> Brief description (with patch numbers):
> 
>> - forgotten augrok fix for recent upstream code (01) - documentation improvements (02-04) - 
>> stronger passwords for testing (05-08) - various audit-* fixes for later rhel6+ releases 
>> (09-11) - proper test user cleanup / suite resilience (12-14) - various syscall wrapper 
>> improvements (15-34) - make system related changes (35-40) - other uncategorized fixes
>> (41-46)
> 
>> As you can see, most of the patches are related to syscall wrapper improvements - those are 
>> mostly scope-limited functionality enhancements for existing wrappers.
> 
>> 2.4% audit-test/misc/tests/ 2.3% audit-test/syscalls/ 12.5% audit-test/trustedprograms/tests/
>>  65.9% audit-test/utils/bin/ 5.3% audit-test/utils/ 10.2% audit-test/
> 
>> The patches have been tested on RHEL6.5 without any major issues. Attached via 
>> In-Reply-To/References to this mail.
> 
>> Thanks for the review, Jiri
> 
>> ------------------------------------------------------------------------------ Meet PCI DSS
>> 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with 
>> Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download
>> White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer 
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk 
>> _______________________________________________ Audit-test-developer mailing list 
>> Aud...@li... 
>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
> 
> 
> 
> ------------------------------------------------------------------------------ Comprehensive
> Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email,
> SMS, voice calls or mobile push notifications. Take corrective actions from your mobile
> device. http://p.sf.net/sfu/Zoho _______________________________________________ 
> Audit-test-developer mailing list Aud...@li... 
> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
> 

- -- 
Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security
Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440
IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu
Red Hat s.r.o, Purky?ova 99/71, 612 45, Brno, Czech Republic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUTkx3AAoJEBliWhMliBCHXVcH/2YDn/OXwXpfoWw1u4ckW5gv
C2KBOCdeEk32Eb6HkZX89ttjrYnSVANjqg21oDrQomJFBgL4nWb/xeKq8wcrZxHQ
P+u5kg6lk9zh0EMTEb0XKrt1rCI5fee3xrqL3c87eSnjnDPMmHbdnMxmaOYS6iWW
m9YikezxxszyZsRcsH5t7SKW7qsn5LYl7jFAWuvvKV2nn69pKI9RZ4JWsPAADs54
OcKc2+T3+NbI/ZUxgn/NylCy7ysCfr6HQ696uAWt/4tvOx22HlWpmSD1fNE+ppvV
HkpR/Nm4XPTJlRknCxYd2awZiXQ892ArO9mzPlW2nCgUPn7Z6gzMOpicmy3lAjM=
=iZ87
-----END PGP SIGNATURE-----

Re: [Audit-test-developer] various backwards (rhel6) compatible fixes, 2014/09

From: Linda K. <lin...@hp...> - 2014-10-27 13:39:45

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks Miroslav,

- -- ljk

On 10/27/2014 9:36 AM, Miroslav Vadkerti wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> 
> Hi,
> 
> The 46 patches are now upstream.
> 
> Best regards, /M
> 
> On 10/20/2014 02:35 PM, Miroslav Vadkerti wrote:
>> Hi everyone,
>> 
>> As there were no comments on this patchset, we will push it to
>> upstream after 7 days from now. The patchset is tested by RH and
>> we already use it for testing.
>> 
>> Thanks and best regards, /M
>> 
>> On 09/23/2014 11:43 AM, Jiri Jaburek wrote:
>>> Hello all, another batch of fixes and small improvements we've
>>> made during the last 10 months (or so), all of them should be
>>> fully backwards compatible.
>> 
>>> Brief description (with patch numbers):
>> 
>>> - forgotten augrok fix for recent upstream code (01) -
>>> documentation improvements (02-04) - stronger passwords for
>>> testing (05-08) - various audit-* fixes for later rhel6+
>>> releases (09-11) - proper test user cleanup / suite resilience
>>> (12-14) - various syscall wrapper improvements (15-34) - make
>>> system related changes (35-40) - other uncategorized fixes 
>>> (41-46)
>> 
>>> As you can see, most of the patches are related to syscall
>>> wrapper improvements - those are mostly scope-limited
>>> functionality enhancements for existing wrappers.
>> 
>>> 2.4% audit-test/misc/tests/ 2.3% audit-test/syscalls/ 12.5%
>>> audit-test/trustedprograms/tests/ 65.9% audit-test/utils/bin/
>>> 5.3% audit-test/utils/ 10.2% audit-test/
>> 
>>> The patches have been tested on RHEL6.5 without any major
>>> issues. Attached via In-Reply-To/References to this mail.
>> 
>>> Thanks for the review, Jiri
>> 
>>> ------------------------------------------------------------------------------
>>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI
>>> DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance?
>>> Download White paper Comply to PCI DSS 3.0 Requirement 10 and
>>> 11.5 with EventLog Analyzer 
>>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>>>  _______________________________________________
>>> Audit-test-developer mailing list 
>>> Aud...@li... 
>>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
>>
>>
>>
>>
>>> 
-
------------------------------------------------------------------------------
Comprehensive
>> Server Monitoring with Site24x7. Monitor 10 servers for $9/Month.
>> Get alerted through email, SMS, voice calls or mobile push
>> notifications. Take corrective actions from your mobile device.
>> http://p.sf.net/sfu/Zoho
>> _______________________________________________ 
>> Audit-test-developer mailing list
>> Aud...@li... 
>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
>>
>
>> 
> - -- Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS
> :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 776
> 864 252 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno
> #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o,
> Purky?ova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP
> SIGNATURE----- Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJUTkpNAAoJEBliWhMliBCHQ8cIALb+h5h7FuoQxyZZcG3GzSlV 
> bfPVhfWBjWtgkQRrNUE+8jVxpjJ8knKMhWn0f29/k3Ew7MMc/9ppGsOSzftEyUnD 
> 9LM+YuPAvQ9YBAkrKexHezZA8bL81fKpkt29uKAP89iUy3r6NXJozWS/FJAyyBuj 
> NN3AumdkUHgeasPgx/E7Dk0+zuhbruOxjqqt6JPEv8HjXRTBM8kREhdNmMR10dSV 
> SegZ1zKXNNjP3i4WLwIzl+GleXnmg3CyoHcQzeKmy0SKgHs6ROmVFlGEWAwDujsm 
> xToBch3D3I8EvrDq6yoJ3YAuMwLZnreZz7umbRqei9Sbfo9u7d7IWG1lwxE//Gw= 
> =pjBd -----END PGP SIGNATURE-----
> 
> ------------------------------------------------------------------------------
>
> 
_______________________________________________
> Audit-test-developer mailing list 
> Aud...@li... 
> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iEYEARECAAYFAlROSxkACgkQNGBeuemHzRvo/ACfVerDaYl+wCAFfjKBIGcZtGKT
w2sAniLmFAp2eJL8urN4LiA1CtFYXbuX
=mLt1
-----END PGP SIGNATURE-----

Re: [Audit-test-developer] various backwards (rhel6) compatible fixes, 2014/09

From: Miroslav V. <mva...@re...> - 2014-10-27 13:36:26

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The 46 patches are now upstream.

Best regards,
/M

On 10/20/2014 02:35 PM, Miroslav Vadkerti wrote:
> Hi everyone,
> 
> As there were no comments on this patchset, we will push it to upstream after 7 days from now.
> The patchset is tested by RH and we already use it for testing.
> 
> Thanks and best regards, /M
> 
> On 09/23/2014 11:43 AM, Jiri Jaburek wrote:
>> Hello all, another batch of fixes and small improvements we've made during the last 10
>> months (or so), all of them should be fully backwards compatible.
> 
>> Brief description (with patch numbers):
> 
>> - forgotten augrok fix for recent upstream code (01) - documentation improvements (02-04) - 
>> stronger passwords for testing (05-08) - various audit-* fixes for later rhel6+ releases 
>> (09-11) - proper test user cleanup / suite resilience (12-14) - various syscall wrapper 
>> improvements (15-34) - make system related changes (35-40) - other uncategorized fixes
>> (41-46)
> 
>> As you can see, most of the patches are related to syscall wrapper improvements - those are 
>> mostly scope-limited functionality enhancements for existing wrappers.
> 
>> 2.4% audit-test/misc/tests/ 2.3% audit-test/syscalls/ 12.5% audit-test/trustedprograms/tests/
>>  65.9% audit-test/utils/bin/ 5.3% audit-test/utils/ 10.2% audit-test/
> 
>> The patches have been tested on RHEL6.5 without any major issues. Attached via 
>> In-Reply-To/References to this mail.
> 
>> Thanks for the review, Jiri
> 
>> ------------------------------------------------------------------------------ Meet PCI DSS
>> 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with 
>> Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download
>> White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer 
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk 
>> _______________________________________________ Audit-test-developer mailing list 
>> Aud...@li... 
>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
> 
> 
> 
> ------------------------------------------------------------------------------ Comprehensive
> Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email,
> SMS, voice calls or mobile push notifications. Take corrective actions from your mobile
> device. http://p.sf.net/sfu/Zoho _______________________________________________ 
> Audit-test-developer mailing list Aud...@li... 
> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
> 

- -- 
Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security
Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440
IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu
Red Hat s.r.o, Purky?ova 99/71, 612 45, Brno, Czech Republic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUTkpNAAoJEBliWhMliBCHQ8cIALb+h5h7FuoQxyZZcG3GzSlV
bfPVhfWBjWtgkQRrNUE+8jVxpjJ8knKMhWn0f29/k3Ew7MMc/9ppGsOSzftEyUnD
9LM+YuPAvQ9YBAkrKexHezZA8bL81fKpkt29uKAP89iUy3r6NXJozWS/FJAyyBuj
NN3AumdkUHgeasPgx/E7Dk0+zuhbruOxjqqt6JPEv8HjXRTBM8kREhdNmMR10dSV
SegZ1zKXNNjP3i4WLwIzl+GleXnmg3CyoHcQzeKmy0SKgHs6ROmVFlGEWAwDujsm
xToBch3D3I8EvrDq6yoJ3YAuMwLZnreZz7umbRqei9Sbfo9u7d7IWG1lwxE//Gw=
=pjBd
-----END PGP SIGNATURE-----

5 messages has been excluded from this view by a project administrator.

Flat | Threaded

1 2 3 .. 71 > >> (Page 1 of 71)