diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/test.sh | 32 | ||||
-rw-r--r-- | test/test1i_file.sig | bin | 0 -> 811 bytes | |||
-rw-r--r-- | test/test1i_samhain.pub | 2 | ||||
-rwxr-xr-x | test/testcompile.sh | 16 | ||||
-rwxr-xr-x | test/testit.sh | 48 | ||||
-rw-r--r-- | test/testrc_1i.dyn | 40 | ||||
-rwxr-xr-x | test/testrun_1b.sh | 37 | ||||
-rwxr-xr-x | test/testrun_1e.sh | 12 | ||||
-rwxr-xr-x | test/testrun_1i.sh | 322 | ||||
-rwxr-xr-x | test/testrun_2d.sh | 13 | ||||
-rwxr-xr-x | test/testrun_2g.sh | 95 | ||||
-rw-r--r-- | test/testrun_2h.sh | 233 |
12 files changed, 749 insertions, 101 deletions
diff --git a/test/test.sh b/test/test.sh index 701a114..2a37a35 100755 --- a/test/test.sh +++ b/test/test.sh @@ -153,6 +153,7 @@ usage() { echo " ${S}test.sh 11${E} -- CL verify option" echo " ${S}test.sh 12${E} -- CL create DeltaDB" echo " ${S}test.sh 13${E} -- CL create/verify partial DB" + echo " ${S}test.sh 14${E} -- Signify signed files" echo " ${S}test.sh 20${E} -- Test c/s init/check (testrc_2.in)" echo " ${S}test.sh 21${E} -- Test full c/s init/check (testrc_2.in)" @@ -162,6 +163,7 @@ usage() { echo " ${S}test.sh 25${E} -- Test server w/yulectl (testrc_2.in)" echo " ${S}test.sh 26${E} -- Test c/s case one (testrc_2.in)" echo " ${S}test.sh 27${E} -- Test c/s case two (testrc_2.in)" + echo " ${S}test.sh 28${E} -- Test full c/s w/signify (testrc_2.in)" echo " ${S}test.sh all${E} -- All tests" } scripts () { @@ -170,10 +172,11 @@ scripts () { echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" echo " (9) testrun_1d.sh (10) testrun_1e.sh (11) testrun_1f.sh (12) testrun_1g.sh" - echo " (13) testrun_1h.sh" + echo " (13) testrun_1h.sh (14) testrun_1i.sh" echo " (20) testrun_2.sh (21) testrun_2a.sh (22) testrun_2b.sh (23) testrun_2c.sh" echo " (24) testrun_2d.sh (25) testrun_2e.sh (26) testrun_2f.sh (27) testrun_2g.sh" -} + echo " (28) testrun_2h.sh" + } # # Option parsing @@ -656,6 +659,12 @@ if test x$1 = x13; then print_summary exit $? fi +if test x$1 = x14; then + . ${SCRIPTDIR}/testrun_1i.sh + testrun1i + print_summary + exit $? +fi if test x$1 = x20; then . ${SCRIPTDIR}/testrun_2.sh testrun2 $hostname @@ -707,6 +716,13 @@ if test x$1 = x27; then print_summary exit $? fi +if test x$1 = x28; then + . ${SCRIPTDIR}/testrun_2a.sh + . ${SCRIPTDIR}/testrun_2h.sh + testrun2h $hostname + print_summary + exit $? +fi if test x$1 = xall; then TEST_MAX=0 . ${SCRIPTDIR}/testcompile.sh @@ -735,6 +751,8 @@ if test x$1 = xall; then let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1h.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1i.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2a.sh @@ -751,6 +769,8 @@ if test x$1 = xall; then let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2g.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2h.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null # # ${SCRIPTDIR}/testtimesrv.sh # ${SCRIPTDIR}/testrun_1b.sh @@ -809,6 +829,10 @@ if test x$1 = xall; then MAXTEST=${TEST_MAX}; export MAXTEST testrun1h # + . ${SCRIPTDIR}/testrun_1i.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1i + # . ${SCRIPTDIR}/testrun_2.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2 $hostname @@ -841,6 +865,10 @@ if test x$1 = xall; then MAXTEST=${TEST_MAX}; export MAXTEST testrun2g $hostname # + . ${SCRIPTDIR}/testrun_2h.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2h $hostname + # print_summary exit 0 fi diff --git a/test/test1i_file.sig b/test/test1i_file.sig Binary files differnew file mode 100644 index 0000000..d21c6f1 --- /dev/null +++ b/test/test1i_file.sig diff --git a/test/test1i_samhain.pub b/test/test1i_samhain.pub new file mode 100644 index 0000000..bd8ca3e --- /dev/null +++ b/test/test1i_samhain.pub @@ -0,0 +1,2 @@ +untrusted comment: signify public key +RWRGHbBcvfnUvBA0DUrvkt5OIZzdOgD0X8mTn6wKd4UNOHp8mVL2pCKP diff --git a/test/testcompile.sh b/test/testcompile.sh index d7b2ed2..98ff269 100755 --- a/test/testcompile.sh +++ b/test/testcompile.sh @@ -24,6 +24,17 @@ MAXTEST=79; export MAXTEST run_dnmalloc () { + uname -a | grep -i openbsd >/dev/null + if test x$? = x0; then + log_skip $num ${MAXTEST} 'test dnmalloc' + return 0 + fi + uname -a | grep -i darwin >/dev/null + if test x$? = x0; then + log_skip $num ${MAXTEST} 'test dnmalloc' + return 0 + fi + fail=0 if test x$1 = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; @@ -93,9 +104,9 @@ run_cppcheck () fi # cd src/ - stat=`cppcheck --quiet --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c 2>&1 | wc -l` + stat=`cppcheck --quiet --library=posix.cfg --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c 2>&1 | wc -l` if [ $stat -ne 0 ]; then - cppcheck --quiet --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c >>../test_log 2>&1 + cppcheck --quiet --library=posix.cfg --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c >>../test_log 2>&1 retval=1 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "check w/cppcheck"; else @@ -167,6 +178,7 @@ testmake () else sed --in-place 's/-Wno-empty-body/-Wno-empty-body -Wno-invalid-source-encoding/g' Makefile sed --in-place 's/-fno-strength-reduce//g' Makefile + sed --in-place 's/-fstack-clash-protection//g' Makefile $MAKE -e CC=$CLANG_CC -e BUILD_CC=$CLANG_CC cutest > /dev/null 2>> test_log fi if test x$? = x0; then diff --git a/test/testit.sh b/test/testit.sh deleted file mode 100755 index 3f8ab76..0000000 --- a/test/testit.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# -if test x$UID != x -a x$UID != x0; then - TRUST="--with-trusted=0,2,$UID" -else - TRUST="--with-trusted=0,2,1000" -fi -export TRUST -# -PW_DIR=`pwd`; export PW_DIR -RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE -LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE -# -OPTIONS="\ ---enable-db-reload \ ---enable-suidcheck \ ---enable-login-watch \ ---enable-mounts-check \ ---enable-logfile-monitor \ ---enable-process-check \ ---enable-port-check \ ---enable-xml-log \ ---enable-userfiles \ ---disable-shellexpand \ ---disable-ipv6 \ -" - -./configure --quiet $TRUST \ - --prefix=$PW_DIR \ - --localstatedir=$PW_DIR \ - --with-config-file=$RCFILE \ - --with-log-file=$LOGFILE \ - --with-pid-file=$PW_DIR/.samhain_lock \ - --with-data-file=$PW_DIR/.samhain_file $OPTIONS - -if [ $? -ne 0 ]; -then - echo "Configure failed" - exit 1 -fi - -make samhain - -if [ $? -ne 0 ]; -then - echo "Make failed" - exit 1 -fi diff --git a/test/testrc_1i.dyn b/test/testrc_1i.dyn new file mode 100644 index 0000000..408f79b --- /dev/null +++ b/test/testrc_1i.dyn @@ -0,0 +1,40 @@ +untrusted comment: verify with samhain.pub +RWRGHbBcvfnUvI+f5wRdzGBIpcVr3e3YJoB9f7ltII+sWwTpKBjfh60VkC0e/svAHFR03LIwALRz8CB70EokYYa3FVnmPgWv5Qg= + +[Attributes] +file=/etc + +# not really logfiles, but almost guaranteed to exist +[GrowingLogFiles] +file=/etc/services +file=/etc/hosts +file=/etc/motd + +[EventSeverity] +SeverityUser0=crit +SeverityUser1=crit +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=crit +SeverityIgnoreNone=crit +SeverityAttributes=crit +SeverityIgnoreAll=warn +SeverityFiles=notice +SeverityDirs=info +SeverityNames=warn + +[Log] +MailSeverity=none +LogSeverity=warn +SyslogSeverity=none +PrintSeverity=info + +[Misc] +Daemon=no +SetFilecheckTime=120 +SetRecursionLevel=10 +SetLoopTime=60 +ReportFullDetail = no +ChecksumTest=check + +[EOF] diff --git a/test/testrun_1b.sh b/test/testrun_1b.sh index eda3ebf..c194821 100755 --- a/test/testrun_1b.sh +++ b/test/testrun_1b.sh @@ -67,8 +67,7 @@ testrun1b_internal () fi # # - ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null | \ - egrep 'use existing [./[:alnum:]]+ for gpg checksum' >/dev/null + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null # # if test x$? = x0; then @@ -239,13 +238,15 @@ do_test_1b () { do_test_1b_2 () { - rm -f $PW_DIR/test_log_prelude - - [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } - "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & - PID=$! + #rm -f $PW_DIR/test_log_prelude + test_log_prelude="/var/log/prelude/prelude-text.log" + echo -n >"${test_log_prelude}" + + #[ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } + #"$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & + #PID=$! - five_sec_sleep + #five_sec_sleep ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null @@ -259,39 +260,39 @@ do_test_1b_2 () { [ -z "$verbose" ] || log_msg_ok "check..."; else [ -z "$quiet" ] && log_msg_fail "check..."; - kill $PID + #kill $PID return 1 fi # - tmp=`egrep 'File original:.*name=etc.*path=/etc' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'File original:.*name=etc.*path=/etc' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "/etc"; - kill $PID + #kill $PID return 1 fi - tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Classification text: Checking' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "checking"; - kill $PID + #kill $PID return 1 fi # if test "x$2" = "xmodrc"; then - tmp=`egrep 'Classification text: Service opened' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Classification text: Service opened' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "service"; - kill $PID + #kill $PID return 1 fi - tmp=`egrep 'Service: port=5500' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Service: port=5500' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "port 5500"; - kill $PID + #kill $PID return 1 fi fi # - kill $PID + #kill $PID return 0 } diff --git a/test/testrun_1e.sh b/test/testrun_1e.sh index 3cdd4cd..c2d874b 100755 --- a/test/testrun_1e.sh +++ b/test/testrun_1e.sh @@ -24,6 +24,8 @@ export BUILDOPTS MAXTEST=5; export MAXTEST +test_log_prelude="/var/log/prelude/prelude-text.log"; export test_log_prelude + PORTPOLICY_5=" [ReadOnly] file=${BASE} @@ -41,7 +43,7 @@ chk_portdata_5 () { elif [ -z "$doall" ]; then log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)' else - tmp=`egrep 'Service: port=5500 .unknown. protocol=tcp' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Service: port=5500 .unknown. protocol=tcp' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "port 5500"; [ -z "$quiet" ] && log_fail 5 ${MAXTEST}; @@ -186,6 +188,8 @@ prep_portpolicy () run_check_prelude() { + echo -n >"${test_log_prelude}" + ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null if test x$? = x0; then @@ -321,9 +325,9 @@ testrun_internal_1e () # # - [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } - "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & - PRELUDEPID=$! + #[ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } + #"$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & + #PRELUDEPID=$! # # five_sec_sleep diff --git a/test/testrun_1i.sh b/test/testrun_1i.sh new file mode 100755 index 0000000..2eb3bd5 --- /dev/null +++ b/test/testrun_1i.sh @@ -0,0 +1,322 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=4; export MAXTEST +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE + +testrun1b_modrc () +{ + ORIGINAL="\[EOF\]" + REPLACEMENT="\[PortCheck\]" + ex -s $RCFILE <<EOF +%s/$ORIGINAL/$REPLACEMENT/g +wq +EOF + + echo "PortCheckActive = yes" >>"$RCFILE" + echo "PortCheckInterface = 127.0.0.1" >>"$RCFILE" +} + +testrun1b_internal () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + # + # Bootstrapping + # + ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; + else + [ -z "$quiet" ] && log_msg_fail "make (bootstrap)..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)..."; + return 1 + fi + # + # + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + cp ${SCRIPTDIR}/testrc_1i.dyn "$RCFILE" + + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signed config file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signed config file..."; + return 1 + fi + + if test "x$2" = "x"; then + : + else + CONVERT="$2" + if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then + [ -z "$verbose" ] || log_msg_ok "convert..." + "${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null + else + [ -z "$quiet" ] && log_msg_fail "cannot find file stealth_template.jpg" + return 1 + fi + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + [ -z "$verbose" ] || log_msg_ok "hide..." + ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + mv -f stealth_template.ps "$RCFILE" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv -f stealth_template.ps $RCFILE"; + return 1 + fi + + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + cp ${SCRIPTDIR}/test1i_file.sig $PW_DIR/.samhain_file + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signed database file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signed database file..."; + return 1 + fi +} + +testrun1b_nogpg () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + cp "${SCRIPTDIR}/testrc_1" "${RCFILE}" + + if test "x$2" = "xmodrc"; then + [ -z "$verbose" ] || log_msg_ok "mod rc..."; + testrun1b_modrc + fi + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + +} + +do_test_1b () { + + ./samhain -t check -p none -l info + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + return 1 + fi + # + tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 2 ]; then + [ -z "$verbose" ] || log_msg_fail "/etc"; + return 1 + fi + tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 10 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + return 1 + fi + egrep "ADDED" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "init was incomplete"; + return 1 + fi + # + return 0 +} + +testrun1i () +{ + log_start "RUN STANDALONE W/STEALTH W/SIGNIFY" + SIGNIFY=`find_path signify-openbsd` + if [ -z "$SIGNIFY" ]; then + SIGNIFY=`find_path signify` + fi + if [ -z "$SIGNIFY" ]; then + log_skip 1 $MAXTEST 'signify not found in $PATH' + log_skip 2 $MAXTEST 'signify not found in $PATH' + log_skip 3 $MAXTEST 'signify not found in $PATH' + log_skip 4 $MAXTEST 'signify not found in $PATH' + else + eval "ls ~/.signify/samhain.pub >/dev/null 2>/dev/null" + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public key ~/.signify/samhain.pub not present' + log_skip 2 $MAXTEST 'public key ~/.signify/samhain.pub not present' + log_skip 3 $MAXTEST 'public key ~/.signify/samhain.pub not present' + log_skip 4 $MAXTEST 'public key ~/.signify/samhain.pub not present' + else + # + # ------------- first test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 1 $MAXTEST 'signify signed config/database files' + else + log_fail 1 $MAXTEST 'signify signed config/database files' + fi + + + # + # ------------- second test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 2 $MAXTEST 'signify signed config/database files' + else + log_fail 2 $MAXTEST 'signify signed config/database files' + fi + + + # + # ------------- third test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --with-pubkey-checksum=62F3EAE3CD9BA8849015060750908790B6326015A20AC0DA --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 3 $MAXTEST 'signify signed config/database files' + else + log_fail 3 $MAXTEST 'signify signed config/database files' + fi + + + # + # ------------- fourth test ------------- + # + PRECONV=`find_path convert` + "${PRECONV}" --help | grep ImageMagick >/dev/null 2>&1 && \ + CONVERT="${PRECONV}" + + if [ -z "$CONVERT" ]; then + log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH' + else + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" "$CONVERT" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 4 $MAXTEST 'signify signed config/database files' + else + log_fail 4 $MAXTEST 'signify signed config/database files' + fi + fi + + fi + fi + log_end "RUN STANDALONE W/STEALTH W/SIGNIFY" + return 0 +} + diff --git a/test/testrun_2d.sh b/test/testrun_2d.sh index bfdcb1a..b457753 100755 --- a/test/testrun_2d.sh +++ b/test/testrun_2d.sh @@ -37,11 +37,11 @@ check_psql_log () { rm -f test_log_db # PGPASSWORD=samhain; export PGPASSWORD create_pgpass - psql -o test_log_db -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" + psql -h localhost -o test_log_db -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" # egrep "START.*Yule" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "Server start (psql)"; + [ -z "$verbose" ] || log_msg_fail "Server start (psql) DATE ${DATE}"; return 1 fi egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 @@ -87,7 +87,7 @@ testrun2d () else # PGPASSWORD="samhain"; export PGPASSWORD create_pgpass - TEST=`psql -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` + TEST=`psql -h localhost -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` if [ $? -ne 0 -o -z "$TEST" ]; then log_skip 1 $MAXTEST "psql not default setup" return 1 @@ -116,6 +116,13 @@ EOF wq EOF # + ORIGINAL="# setdbname=samhain" + REPLACEMENT="setdbhost=127.0.0.1" + ex -s $RCFILE <<EOF +%s/$ORIGINAL/$REPLACEMENT/g +wq +EOF + # do_test_1_a # if [ $? -ne 0 ]; then diff --git a/test/testrun_2g.sh b/test/testrun_2g.sh index dadbba6..2440f52 100755 --- a/test/testrun_2g.sh +++ b/test/testrun_2g.sh @@ -93,7 +93,7 @@ do_test_2_g_yule_start () { return 1 fi five_sec_sleep - PROC_S=$( ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' ) + PROC_S=$( ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' | sort | head -n 1 ) for ff in 1 2; do five_sec_sleep @@ -203,7 +203,10 @@ do_test_2_g_one () { # UUID=$(uuidgen) mv ./file.delta file.${SH_LOCALHOST}.${UUID} - cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + fi # # >>> (3) Tell client to load delta database. @@ -222,20 +225,28 @@ do_test_2_g_one () { return 1 fi + NHOSTS=1 + ./yulectl -c "DELTA:${UUID}" ${SH_LOCALHOST} if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (1)"; kill $PROC_S; kill $PROC_Y; return 1 fi - ./yulectl -c "DELTA:${UUID}" ${ALTHOST} - if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; - kill $PROC_S; kill $PROC_Y; - return 1 + + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + ./yulectl -c "DELTA:${UUID}" ${ALTHOST} + NHOSTS=2 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; + kill $PROC_S; kill $PROC_Y; + return 1 + fi fi + NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) - if [ $NR -ne 2 ]; then + if [ $NR -ne $NHOSTS ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (3)"; [ -z "$verbose" ] || ./yulectl -c LIST kill $PROC_S; kill $PROC_Y; @@ -248,7 +259,8 @@ do_test_2_g_one () { five_sec_sleep done # - NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) + NR=$( ./yulectl -c LISTALL | grep ${UUID} | grep SENT | grep -v grep | wc -l ) + # NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) if [ $NR -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (4)"; [ -z "$verbose" ] || ./yulectl -c LISTALL @@ -316,7 +328,8 @@ do_test_2_g_three () { kill $PROC_S; kill $PROC_Y; return 1 fi - + [ -z "$verbose" ] || log_msg_ok "... DeltaDB created ..."; + # # >>> (2) Copy to server and tag with a UUID # @@ -328,8 +341,12 @@ do_test_2_g_three () { rm -f ./file.* else mv ./file.delta file.${SH_LOCALHOST}.${UUID} - cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + fi fi + [ -z "$verbose" ] || log_msg_ok "... DeltaDB copied as file.${SH_LOCALHOST}.${UUID} ..."; # # >>> (3) Tell client to load delta database. @@ -348,25 +365,34 @@ do_test_2_g_three () { return 1 fi + NHOSTS=1 + ./yulectl -c "DELTA:${UUID}" ${SH_LOCALHOST} if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (1)"; kill $PROC_S; kill $PROC_Y; return 1 fi - ./yulectl -c "DELTA:${UUID}" ${ALTHOST} - if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; - kill $PROC_S; kill $PROC_Y; - return 1 + + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + ./yulectl -c "DELTA:${UUID}" ${ALTHOST} + NHOSTS=2 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; + kill $PROC_S; kill $PROC_Y; + return 1 + fi fi + NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) - if [ $NR -ne 2 ]; then + if [ $NR -ne $NHOSTS ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (3)"; [ -z "$verbose" ] || ./yulectl -c LIST kill $PROC_S; kill $PROC_Y; return 1 fi + [ -z "$verbose" ] || log_msg_ok "... command sent to client ..."; # Wait and verify that command has been sent # @@ -374,13 +400,17 @@ do_test_2_g_three () { five_sec_sleep done # - NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) + NR=$( ./yulectl -c LISTALL | grep ${UUID} | grep SENT | grep -v grep | wc -l ) if [ $NR -ne 1 ]; then - [ -z "$verbose" ] || log_msg_fail "yulectl (4)"; + [ -z "$verbose" ] || log_msg_fail "yulectl (4): ${UUID}"; [ -z "$verbose" ] || ./yulectl -c LISTALL + [ -z "$verbose" ] || echo "(now just LIST)" + [ -z "$verbose" ] || ./yulectl -c LIST kill $PROC_S; kill $PROC_Y; return 1 fi + [ -z "$verbose" ] || OLINE=$( ./yulectl -c LISTALL | grep ${UUID} ) + [ -z "$verbose" ] || echo "${OLINE}" # # >>> (4) Trigger a scan @@ -391,7 +421,8 @@ do_test_2_g_three () { kill $PROC_S; kill $PROC_Y; return 1 fi - + [ -z "$verbose" ] || echo " ... TTOU sent to /${PROC_S}/ ..."; + for ff in 1 2; do five_sec_sleep done @@ -502,6 +533,10 @@ testrun2g_build () # save binary and build server # cp samhain samhain.build || return 1 + if test -f scripts/samhainadmin.pl + then + cp scripts/samhainadmin.pl scripts/xxx_samhainadmin.pl + fi $MAKE clean >/dev/null || return 1 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} @@ -541,6 +576,10 @@ testrun2g_build () fi mv samhain.build.new samhain.new || return 1 + if test -f scripts/xxx_samhainadmin.pl + then + cp scripts/xxx_samhainadmin.pl scripts/samhainadmin.pl + fi rm -f ./.samhain_log* rm -f ./.samhain_lock @@ -592,10 +631,13 @@ copy_rc_db_files () chmod 644 ./rc.${SH_LOCALHOST} chmod 644 ./file.${SH_LOCALHOST} - cp ./testrc_2 "./rc.${ALTHOST}" - cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null - chmod 644 ./rc.${ALTHOST} - chmod 644 ./file.${ALTHOST} + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + cp ./testrc_2 "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null + chmod 644 ./rc.${ALTHOST} + chmod 644 ./file.${ALTHOST} + fi } MAXTEST=6; export MAXTEST @@ -815,6 +857,11 @@ testrun2g () [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Case Two w/o delta"; fi + if test -f scripts/xxx_samhainadmin.pl + then + rm -f scripts/xxx_samhainadmin.pl + fi + log_end "RUN CLIENT/SERVER CASE TWO" } diff --git a/test/testrun_2h.sh b/test/testrun_2h.sh new file mode 100644 index 0000000..4d84f61 --- /dev/null +++ b/test/testrun_2h.sh @@ -0,0 +1,233 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE +RCFILE_C="$PW_DIR/testrc_1.dyn"; export RCFILE_C + +SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +testrun2h_internal () +{ + SIGNIFY="$1" + + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo SIGNIFY is $SIGNIFY; + echo; + } + + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean + fi + + # + # Bootstrapping + # + ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; + else + [ -z "$quiet" ] && log_msg_fail "make (bootstrap)..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)..."; + return 1 + fi + + ${TOP_SRCDIR}/configure --with-signify=${SIGNIFY} --with-checksum=yes ${CLIENT_BUILDOPTS} >/dev/null 2>&1 + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + cp ${SCRIPTDIR}/testrc_1i.dyn "$RCFILE_C" + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signify signed config file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signify signed config file..."; + return 1 + fi + + # save binary and build server + + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + cp ${SCRIPTDIR}/test1i_file.sig $PW_DIR/.samhain_file + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signed database file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signed database file..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + rm -f ./.samhain_log* + rm -f ./.samhain_lock + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + + + cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} + mv $PW_DIR/.samhain_file ./file.${SH_LOCALHOST} + + ALTHOST=`find_hostname` + cp "${RCFILE_C}" "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null +} + +MAXTEST=1; export MAXTEST + +testrun2h () +{ + log_start "RUN FULL CLIENT/SERVER W/SIGNIFY"; + # + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + SIGNIFY=`find_path signify-openbsd` + if [ -z "$SIGNIFY" ]; then + SIGNIFY=`find_path signify` + fi + if [ -z "$SIGNIFY" ]; then + log_skip 1 $MAXTEST 'signify not found in $PATH' + fi + + SH_LOCALHOST=$1; export SH_LOCALHOST + + testrun2h_internal "${SIGNIFY}" + + SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND + do_test_1_a + out=$? + VALGRIND="${SAVE_VALGRIND}"; export VALGRIND + + if [ $out -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/signify"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging w/signify"; + fi + + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + + log_end "RUN FULL CLIENT/SERVER W/SIGNIFY" +} + |