Menu
▾
▴
Re: [Audit-test-developer] [PATCH] Update trustedprograms for base mode
|
From: Linda K. <lin...@hp...> - 2011-04-17 17:35:05
|
Hi Eduard,
Thanks for the patches. Just a few comments below.
Eduard Benes wrote:
> This patch is to update failing trustedprograms tests in Base/CAPP mode.
> They were failing mostly due to new types of records and 6.1 improvements.
> It respects the old format of tests which are passing on RHEL 5.6,
> this could be removed if it is not desired for some reason.
While at one point this test suite ran on RHEL5.x, SLES11, and Fedora 9,
now it is primarily only working on RHEL6. I created a git branch
at the point where it ran well on RHEL5.6 in case we need to maintain
that version and since then we've taken in RHEL6-specific changes without
conditionalizing them. From our history with RHEL5 where the audit records
changed between updates, I think it will be difficult to maintain backward
compatibility.
Another couple of comments in the code.
> Signed-off-by: Eduard Benes <eb...@re...>
> ---
> test_gpasswd_change.bash | 19 ++++++++++---------
> test_gpasswd_perms.bash | 19 ++++++++++---------
> test_gpasswd_remove.bash | 18 +++++++++---------
> test_groupadd.bash | 19 +++++++++++++++----
> test_groupdel.bash | 17 +++++++++++++----
> test_groupmod.bash | 18 ++++++++++++++----
> test_passwd_change.bash | 26 ++++++++++++++++++++------
> test_passwd_fail.bash | 21 ++++++++++++++++-----
> test_useradd.bash | 13 ++++++++-----
> test_useradd_D.bash | 21 ++++++++++++---------
> test_userdel.bash | 5 ++++-
> 11 files changed, 131 insertions(+), 65 deletions(-)
>
> diff -up trustedprograms/tests/test_gpasswd_change.bash.orig trustedprograms/tests/test_gpasswd_change.bash
> --- trustedprograms/tests/test_gpasswd_change.bash.orig 2011-02-21 09:09:22.945824865 -0600
> +++ trustedprograms/tests/test_gpasswd_change.bash 2011-02-21 09:41:56.898844866 -0600
> @@ -35,14 +35,15 @@ expect -c "
> puts \$pidfile [exp_pid]"
> pid=$(<$tmp1)
>
> -for msg_1 in \
> - "op=changing password acct=\"*$group\"* exe=./usr/bin/gpasswd.*res=success.*"
> -do
> - augrok -q type=USER_CHAUTHTOK \
> - user_pid=$pid \
> - uid=$EUID \
> - auid=$(</proc/self/loginuid) \
> - msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +op="changing password"
> +grep "release 6" /etc/redhat-release && \
On a Fedora system where there is no /etc/redhat-release, these
checks may or may not result in the right messages being used, depending
on whether the right code is in the if or the else part. Its not a
problem for SLES because we don't run the trusted programs tests for
SLES - last time I looked their audit approach was very different.
There is already an environment variable for DISTRO that is set in the
rules.mk file to SUSE, FEDORA or RHEL so in the future, if we want
to maintain common source, we could add a DISTRO_REL variable that could
be set to 60, 61, 62, etc, for RHEL and 14, 15, etc for Fedora and
110, 111, 112, etc. for SLES. Then we could replace these checks with
checks for the distro and distro release.
Probably the right way to do things is to treat these audit strings
like messages catalogs where the test suite could just load up all
the right strings for whatever release its running and the tests
themselves don't need to change. Someday.
Anyway, this is mostly an FYI. We can keep your code the way it
is for this evaluation and if someone wants to fix it up for another
OS or release, we can deal with that later.
> + op="password of group testuser1 changed by root"
> +msg_1="op=$op acct=\"*$group\"* exe=./usr/bin/gpasswd.*res=success.*"
> +
> +augrok -q type=USER_CHAUTHTOK \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
>
> exit_pass
> diff -up trustedprograms/tests/test_gpasswd_perms.bash.orig trustedprograms/tests/test_gpasswd_perms.bash
> --- trustedprograms/tests/test_gpasswd_perms.bash.orig 2011-02-21 09:09:22.943823988 -0600
> +++ trustedprograms/tests/test_gpasswd_perms.bash 2011-02-21 09:43:25.491773364 -0600
> @@ -37,14 +37,15 @@ su $TEST_USER -c "
> puts \$pidfile [exp_pid]'"
> pid=$(<$tmp1)
>
> -for msg_1 in \
> - "op=modify group acct=\"*$group\"* exe=\"*\.*/usr/bin/gpasswd\"*.*res=failed.*"
> -do
> - augrok -q type=USER_CHAUTHTOK \
> - user_pid=$pid \
> - uid=$(id -u $TEST_USER) \
> - auid=$(</proc/self/loginuid) \
> - msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +op="password of group testuser1 changed by root"
> +grep "release 6" /etc/redhat-release && \
> + op="testuser failed to change password of group testuser1: Permission denied"
> +msg_1="op=$op acct=\"$group\" exe=\"/usr/bin/gpasswd.*res=failed"
> +
> +augrok -q type=USER_CHAUTHTOK \
> + user_pid=$pid \
> + uid=$(id -u $TEST_USER) \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
>
> exit_pass
> diff -up trustedprograms/tests/test_gpasswd_remove.bash.orig trustedprograms/tests/test_gpasswd_remove.bash
> --- trustedprograms/tests/test_gpasswd_remove.bash.orig 2011-02-21 09:09:22.944823971 -0600
> +++ trustedprograms/tests/test_gpasswd_remove.bash 2011-02-21 09:43:38.655830252 -0600
> @@ -26,14 +26,14 @@ groupadd -g $gid $group || exit_error "g
> # test
> setpid gpasswd -r $group || exit_error "gpasswd failed"
>
> -for msg_1 in \
> - "op=deleting group password acct=\"*$group\"* exe=\"*\.*/usr/bin/gpasswd*\".*res=success.*"
> -do
> - augrok -q type=USER_CHAUTHTOK \
> - user_pid=$pid \
> - uid=$EUID \
> - auid=$(</proc/self/loginuid) \
> - msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +op="deleting group password"
> +grep "release 6" /etc/redhat-release && \
> + op="password of group testuser1 removed by root"
> +msg_1="op=$op acct=\"$group\" exe=\"/usr/bin/gpasswd.*res=success"
> +augrok -q type=USER_CHAUTHTOK \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
>
> exit_pass
> diff -up trustedprograms/tests/test_groupadd.bash.orig trustedprograms/tests/test_groupadd.bash
> --- trustedprograms/tests/test_groupadd.bash.orig 2011-02-21 09:09:22.946778410 -0600
> +++ trustedprograms/tests/test_groupadd.bash 2011-02-21 11:08:18.479842180 -0600
> @@ -23,12 +23,23 @@ source tp_auth_functions.bash || exit 2
> # test
> setpid groupadd -g $gid $group || exit_error "groupadd failed"
>
> -if ! augrok -q type=USER_CHAUTHTOK \
> +if grep "release 5" /etc/redhat-release ; then
> + augrok -q type=USER_CHAUTHTOK \
> user_pid=$pid \
> uid=$EUID \
> auid=$(</proc/self/loginuid) \
> - msg_1=~"op=adding group id=$gid exe=\"*\.*/usr/sbin/groupadd\"*.*res=success.*"; then
> - exit_fail "failed to find audit.log entry"
> -fi
> + msg_1=~"op=adding group id=$gid exe=./usr/sbin/groupadd.*res=success.*" || \
> + exit_fail "failed to find audit.log entry"
> +else
> + for msg in "op=adding group to /etc/group id=$gid exe=\"/usr/sbin/groupadd\".*res=success" \
> + "op=adding group to /etc/gshadow id=$gid exe=\"/usr/sbin/groupadd\".*res=success" \
> + "op= id=$gid exe=\"/usr/sbin/groupadd\".*res=success" ; do
> + augrok -q type=ADD_GROUP \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg" || exit_fail "failed to find audit.log entry"
This test used to only look for one audit record so now that its looking for
more than one, it might be nice for the exit_fail to say which one it couldn't find.
You do that in some of the tests but not this one.
> + done
> +fi
>
> exit_pass
> diff -up trustedprograms/tests/test_groupdel.bash.orig trustedprograms/tests/test_groupdel.bash
> --- trustedprograms/tests/test_groupdel.bash.orig 2011-02-21 09:09:22.947776834 -0600
> +++ trustedprograms/tests/test_groupdel.bash 2011-02-21 11:08:02.425047554 -0600
> @@ -26,14 +26,23 @@ groupadd -g $gid $group || exit_error "g
> # test
> setpid groupdel $group || exit_error "groupdel failed"
>
> -for msg_1 in \
> - "op=deleting group id=$gid exe=\"*\.*/usr/sbin/groupdel\"*.*res=success.*"
> -do
> +if grep "release 5" /etc/redhat-release ; then
> + msg_1="op=deleting group id=$gid exe=./usr/sbin/groupdel.*res=success.*"
> augrok -q type=USER_CHAUTHTOK \
> user_pid=$pid \
> uid=$EUID \
> auid=$(</proc/self/loginuid) \
> msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +else
> + for msg in "op=removing group from /etc/group id=$gid exe=\"/usr/sbin/groupdel\".*res=success" \
> + "op=removing group from /etc/gshadow id=$gid exe=\"/usr/sbin/groupdel\".*res=success" \
> + "op= id=$gid exe=\"/usr/sbin/groupdel\".*res=success" ; do
> + augrok -q type=DEL_GROUP \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg" || exit_fail "failed to find audit.log entry"
Same here.
> + done
> +fi
>
> exit_pass
> diff -up trustedprograms/tests/test_groupmod.bash.orig trustedprograms/tests/test_groupmod.bash
> --- trustedprograms/tests/test_groupmod.bash.orig 2011-02-21 09:09:22.948772592 -0600
> +++ trustedprograms/tests/test_groupmod.bash 2011-02-22 11:33:55.427845276 -0600
> @@ -27,14 +27,24 @@ read group2 gid2 <<<"$(generate_unique_g
> # test
> setpid groupmod -g $gid2 $group || exit_error "groupmod failed"
>
> -for msg_1 in \
> - "op=modifing group id=$gid exe=\"*\.*/usr/sbin/groupmod\"*.*res=success.*"
> -do
> +if grep "release 5" /etc/redhat-release ; then
> + msg_1="op=modifing group id=$gid exe=./usr/sbin/groupmod.*res=success.*"
> augrok -q type=USER_CHAUTHTOK \
> user_pid=$pid \
> uid=$EUID \
> auid=$(</proc/self/loginuid) \
> msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +else
> +# TODO check we are using the acct= field correctly
What's the question about the acct field?
> + for msg in "op=changing /etc/group; group $group/$gid, new gid: $gid2 acct=\"$group\" exe=\"/usr/sbin/groupmod\".*res=success" \
> + "op=changing /etc/passwd; group $group/$gid, new gid: $gid2 acct=\"$group\" exe=\"/usr/sbin/groupmod\".*res=success" \
> + "op=modifying group acct=\"$group\" exe=\"/usr/sbin/groupmod\".*res=success" ; do
> + augrok -q type=USER_ACCT \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg" || exit_fail "failed to find audit.log entry"
> + done
> +fi
>
> exit_pass
> diff -up trustedprograms/tests/test_passwd_change.bash.orig trustedprograms/tests/test_passwd_change.bash
> --- trustedprograms/tests/test_passwd_change.bash.orig 2011-02-21 09:09:22.949772528 -0600
> +++ trustedprograms/tests/test_passwd_change.bash 2011-03-24 09:18:52.737280816 -0500
> @@ -21,28 +21,42 @@
> source tp_auth_functions.bash || exit 2
>
> # setup
> -useradd -n -u $uid $user || exit_error "useradd failed"
> +uaddopts="-n"
> +grep "release 6" /etc/redhat-release && uaddopts="-N"
> +useradd $uaddopts -u $uid $user || exit_error "useradd failed"
>
> # test
> newpass=$(date +OsLO\!%sMo)
> +# On RHEL 5 systems the prompts are different
> +# -nocase \"Enter new UNIX password:\" {send \"$newpass\\r\"; exp_continue}
> +# -nocase \"Re-type new UNIX password:\" {send \"$newpass\\r\"; exp_continue}
> expect -c "
> spawn passwd $user
> expect {
> - -nocase \"new password:\" {send \"$newpass\\r\"; exp_continue}
> + -nocase -re \"New\.\*password:\" {send \"$newpass\\r\"; exp_continue}
> + -nocase -re \"Retype new\.\*password:\" {send \"$newpass\\r\"; exp_continue}
Another way to go is to make the prompt strings more generic. We just need
enough text for 'expect' to find it so we could just look for "password" in both
cases.
> eof
> }
> set pidfile [open \"$tmp1\" w]
> puts \$pidfile [exp_pid]"
> pid=$(<$tmp1)
>
> -for msg_1 in \
> - "PAM: chauthtok acct=\"*$user\"* : exe=./usr/bin/passwd.*res=success.*"
> -do
> +if grep "release 5" /etc/redhat-release ; then
> + msg_1="PAM:chauthtok acct=\"*$user\"* : exe=./usr/bin/passwd.*res=success.*"
> augrok -q type=USER_CHAUTHTOK \
> user_pid=$pid \
> uid=$EUID \
> auid=$(</proc/self/loginuid) \
> msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +else
> + for msg in "op=PAM:chauthtok acct=\"$user\" exe=\"/usr/bin/passwd\".*res=success" \
> + "op=change password id=$uid exe=\"/usr/bin/passwd\".*res=success" ; do
> + augrok -q type=USER_CHAUTHTOK \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg" || exit_fail "missing: \"$msg\""
> + done
> +fi
>
> exit_pass
> diff -up trustedprograms/tests/test_passwd_fail.bash.orig trustedprograms/tests/test_passwd_fail.bash
> --- trustedprograms/tests/test_passwd_fail.bash.orig 2011-02-21 09:09:22.950772589 -0600
> +++ trustedprograms/tests/test_passwd_fail.bash 2011-03-24 09:32:16.250728952 -0500
> @@ -22,6 +22,8 @@ source tp_auth_functions.bash || exit 2
>
> # test
> newpass=123
> +test_user_uid=$(id -u $TEST_USER)
> +
> chown $TEST_USER "$tmp1"
> su $TEST_USER -c "
> expect -c '
> @@ -34,14 +36,23 @@ su $TEST_USER -c "
> puts \$pidfile [exp_pid]'"
> pid=$(<$tmp1)
>
> -for msg_1 in \
> - "PAM: chauthtok acct=\"*$TEST_USER\"* : exe=./usr/bin/passwd.*res=failed.*"
> -do
> +if grep "release 5" /etc/redhat-release ; then
> + msg_1="PAM: chauthtok acct=\"*$TEST_USER\"* : exe=./usr/bin/passwd.*res=failed.*"
> augrok -q type=USER_CHAUTHTOK \
> user_pid=$pid \
> - uid=$(id -u $TEST_USER) \
> + uid=$test_user_uid \
> auid=$(</proc/self/loginuid) \
> msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +else
> +
> + for msg in "op=PAM:chauthtok acct=\"$TEST_USER\" exe=\"/usr/bin/passwd\".*res=failed" \
> + "op=change password id=$test_user_uid exe=\"/usr/bin/passwd\".*res=failed" ; do
> + augrok -q type=USER_CHAUTHTOK \
> + user_pid=$pid \
> + uid=$test_user_uid \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg" || exit_fail "missing: \"$msg\""
> + done
> +fi
>
> exit_pass
> diff -up trustedprograms/tests/test_useradd.bash.orig trustedprograms/tests/test_useradd.bash
> --- trustedprograms/tests/test_useradd.bash.orig 2011-02-21 09:09:22.951816843 -0600
> +++ trustedprograms/tests/test_useradd.bash 2011-03-24 09:46:07.438205674 -0500
> @@ -25,17 +25,20 @@ source tp_auth_functions.bash || exit 2
> setpid useradd -n -m -G games -u $uid -d /home/$user $user \
> || exit_error "useradd failed"
>
> +
> +msg_type=ADD_USER
> +grep "release 5" /etc/redhat-release && msg_type=USER_CHAUTHTOK
> for msg_1 in \
> "op=adding user id=$uid exe=\"*\.*/usr/sbin/useradd\"*.*res=success.*" \
> "op=adding user to group acct=\"*$user\"* exe=\"*\.*/usr/sbin/useradd\"*.*res=success.*" \
> "op=adding user to shadow group acct=\"*$user\"* exe=\"*\.*/usr/sbin/useradd\"*.*res=success.*" \
> "op=adding home directory id=$uid exe=\"*\.*/usr/sbin/useradd\"*.*res=success.*"
> do
> - augrok -q type=USER_CHAUTHTOK \
> - user_pid=$pid \
> - uid=$EUID \
> - auid=$(</proc/self/loginuid) \
> - msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> + augrok -q type=$msg_type\
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> done
>
> exit_pass
> diff -up trustedprograms/tests/test_useradd_D.bash.orig trustedprograms/tests/test_useradd_D.bash
> --- trustedprograms/tests/test_useradd_D.bash.orig 2011-02-21 09:09:22.952774646 -0600
> +++ trustedprograms/tests/test_useradd_D.bash 2011-03-24 10:32:50.702689144 -0500
> @@ -28,14 +28,17 @@ backup "$useradd_conf"
> setpid useradd -D -g games -b /tmp -e 2038-01-18 -f 42 -s /bin/true \
> || exit_error "useradd failed"
>
> -for msg_1 in \
> - '^op=changing user defaults id=.* exe=./usr/sbin/useradd.*res=success.*'
> -do
> - augrok -q type=USER_CHAUTHTOK \
> - user_pid=$pid \
> - uid=$EUID \
> - auid=$(</proc/self/loginuid) \
> - msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
> -done
> +
> +msg_type=USYS_CONFIG
> +msg_1='op=changing useradd defaults id=.* exe=\"/usr/sbin/useradd\".*res=success'
> +if grep "release 5" /etc/redhat-release ; then
> + msg_type=USER_CHAUTHTOK
> + msg_1='^op=changing user defaults id=.* exe=./usr/sbin/useradd.*res=success.*'
> +fi
> +augrok -q type=$msg_type \
> + user_pid=$pid \
> + uid=$EUID \
> + auid=$(</proc/self/loginuid) \
> + msg_1=~"$msg_1" || exit_fail "missing: \"$msg_1\""
>
> exit_pass
> diff -up trustedprograms/tests/test_userdel.bash.orig trustedprograms/tests/test_userdel.bash
> --- trustedprograms/tests/test_userdel.bash.orig 2011-02-21 09:09:22.953773583 -0600
> +++ trustedprograms/tests/test_userdel.bash 2011-03-24 10:36:10.882186100 -0500
> @@ -27,12 +27,15 @@ useradd -n -m -u $uid $user || exit_erro
> # test
> setpid userdel -r $user || exit_error "userdel failed"
>
> +msg_type=DEL_USER
> +grep "release 5" /etc/redhat-release && msg_type=USER_CHAUTHTOK
> +
> for msg_1 in \
> "op=deleting user entries id=$uid exe=\"*\.*/usr/sbin/userdel\"*.*res=success.*" \
> "op=deleting mail file id=$uid exe=\"*\.*/usr/sbin/userdel\"*.*res=success.*" \
> "op=deleting home directory id=$uid exe=\"*\.*/usr/sbin/userdel\"*.*res=success.*"
> do
> - augrok -q type=USER_CHAUTHTOK \
> + augrok -q type=$msg_type \
> user_pid=$pid \
> uid=$EUID \
> auid=$(</proc/self/loginuid) \
>
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Benefiting from Server Virtualization: Beyond Initial Workload
> Consolidation -- Increasing the use of server virtualization is a top
> priority.Virtualization can reduce costs, simplify management, and improve
> application availability and disaster protection. Learn more about boosting
> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Audit-test-developer mailing list
> Aud...@li...
> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
|