From 24b1e14e26b1bc6cf98663c2964a3637c56944eb Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 15 Apr 2024 18:28:21 +0200
Subject: Adding debian version 8.2402.0-1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/tests/logcheck | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100755 debian/tests/logcheck

(limited to 'debian/tests/logcheck')

diff --git a/debian/tests/logcheck b/debian/tests/logcheck
new file mode 100755
index 0000000..913b870
--- /dev/null
+++ b/debian/tests/logcheck
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+set -eu
+
+echo "* Checking logcheck rules"
+# tell rsyslog to output to a file other than /var/log/syslog to isolate
+# rsyslog messages. nb that rsyslog.service is hardened so this file
+# cannot be in /tmp (#1053898)
+cat > /etc/rsyslog.d/rsyslog-logcheck.conf <<EOF
+:programname, contains, "rsyslog" /var/log/test-rsyslog-syslog.log
+EOF
+
+: > /var/log/test-rsyslog-syslog.log
+
+echo "** Starting and stopping rsyslog"
+# if rsyslog is already running then merely doing 'start+stop'
+# will not reload the new config
+systemctl stop rsyslog 2>&1 #(redirect stderr becuase systemd tells us that syslog.socket will restart rsyslog)
+systemctl start rsyslog
+systemctl stop rsyslog 2>&1
+echo "** rsyslog generated the following lines in syslog:"
+cat /var/log/test-rsyslog-syslog.log
+if [ ! -s /var/log/test-rsyslog-syslog.log ]; then
+	echo >&2 "ERROR: rsyslog produced no syslog entries (in /var/log/test-rsyslog-syslog.log) at all"
+	echo "/var/log/syslog contained:"
+	cat /var/log/syslog
+fi
+
+echo "** rsyslog generated the following lines in the systemd journal:"
+journalctl --since=-5min _COMM=rsyslogd \
+	| tee /tmp/test-rsyslog-journal.log
+if [ ! -s /tmp/test-rsyslog-journal.log ]; then
+	echo >&2 "ERROR: rsyslog produced no journal entries at all"
+fi
+
+
+echo "** Running logcheck"
+# check both syslog and journal lines with logcheck
+# no need to change config, but set -o and hide state and logfiles-list-directory
+cat > /tmp/logcheck.logfiles <<EOF
+/tmp/test-rsyslog-journal.log
+/var/log/test-rsyslog-syslog.log
+EOF
+
+mkdir /tmp/logcheck.state
+chown logcheck:logcheck /tmp/logcheck.state
+chmod 0750 /tmp/logcheck.state
+# nb: su is used because logcheck refuses to run as root
+# nb: add '-d' option to logcheck if you need to debug
+su -s /bin/bash -c "/usr/sbin/logcheck -L /tmp/logcheck.logfiles -S /tmp/logcheck.state -D /dev/null -o" logcheck \
+	| tee  /tmp/test-rsyslog-unmatched
+
+# result should be empty
+if [ -s /tmp/test-rsyslog-unmatched ]; then
+	echo >&2 "* FAIL: unmatched lines - logcheck rules may need updating"
+else
+	echo "* OK: no unmatched lines"
+fi
+cat /tmp/test-rsyslog-unmatched
+
+rm -rf \
+	/etc/rsyslog.d/rsyslog-logcheck.conf \
+	/tmp/logcheck.state /tmp/logcheck.logfiles \
+	/tmp/test-rsyslog-journal.log \
+	/var/log/test-rsyslog-syslog.log \
+	/tmp/test-rsyslog-unmatched
-- 
cgit v1.2.3