update changelog; change param names in some test-harness tests for consistency
This commit is contained in:
Brian Cox
parent
55b6e78584
commit
29efce4805
|
|
@ -8,6 +8,8 @@
|
|||
* Fix email reporting on Syllable
|
||||
* Update copyright dates to 2018
|
||||
* Clean up code style with clang-format, & add a custom style that approximates existing OST usage.
|
||||
* Add -t / --output-level option to print-db mode, for consistency w/ print-report mode.
|
||||
* Add object list support to print-report mode, for consistency w/ print-db mode.
|
||||
|
||||
2017-10-01 Brian Cox <bcox@tripwire.com>
|
||||
* Update version to 2.4.3.6
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ sub test_policy_dir
|
|||
|
||||
twtools::logStatus "Trying policy text $policydir/$current_file\n";
|
||||
|
||||
twtools::CreatePolicy({policy-text => "$policydir/$current_file"});
|
||||
twtools::CreatePolicy({policy_text => "$policydir/$current_file"});
|
||||
if ( $? != $expected ) {
|
||||
twtools::logStatus ("*** create-polfile with $policydir/$current_file failed, error = $?\n");
|
||||
$twpassed = 0;
|
||||
|
|
|
|||
|
|
@ -195,12 +195,12 @@ sub RunBasicTest
|
|||
}
|
||||
|
||||
######################################################################
|
||||
# RunSecureModeTest -- test that secure-mode high and low are working
|
||||
# RunSecureModeTest -- test that secure_mode high and low are working
|
||||
#
|
||||
sub RunSecureModeTest
|
||||
{
|
||||
twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
|
||||
printf("%-30s", "-- dbupdate.secure-mode test");
|
||||
twtools::logStatus("*** Beginning dbupdate.secure_mode test\n");
|
||||
printf("%-30s", "-- dbupdate.secure_mode test");
|
||||
|
||||
PrepareForTest();
|
||||
|
||||
|
|
@ -230,22 +230,22 @@ sub RunSecureModeTest
|
|||
twtools::UpdateDatabase( { report => $report1 } );
|
||||
|
||||
# Try to update the database with report 1 again ... this should fail
|
||||
# in secure-mode == high because the db can't accept same changes again.
|
||||
# in secure_mode == high because the db can't accept same changes again.
|
||||
#
|
||||
if( 0 == twtools::UpdateDatabase(
|
||||
{ report => $report1, secure-mode => "high" } ) )
|
||||
{ report => $report1, secure_mode => "high" } ) )
|
||||
{
|
||||
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
|
||||
twtools::logStatus("FAILED ... secure_mode high didn't catch a bad update\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Try to update the database with report 2 ... this should fail
|
||||
# in secure-mode == high because the "old" values don't match.
|
||||
# in secure_mode == high because the "old" values don't match.
|
||||
#
|
||||
if( 0 == twtools::UpdateDatabase(
|
||||
{ report => $report2, secure-mode => "high" } ) )
|
||||
{ report => $report2, secure_mode => "high" } ) )
|
||||
{
|
||||
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
|
||||
twtools::logStatus("FAILED ... secure_mode high didn't catch a bad update\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -253,7 +253,7 @@ sub RunSecureModeTest
|
|||
# succeed
|
||||
#
|
||||
if( 0 != twtools::UpdateDatabase(
|
||||
{ report => $report3, secure-mode => "high" } ) )
|
||||
{ report => $report3, secure_mode => "high" } ) )
|
||||
{
|
||||
twtools::logStatus("FAILED ... Update with report 3 failed\n");
|
||||
return 0;
|
||||
|
|
@ -264,14 +264,14 @@ sub RunSecureModeTest
|
|||
# succeed in low but fail in high.
|
||||
#
|
||||
if( 0 == twtools::UpdateDatabase(
|
||||
{ report => $report2, secure-mode => "high" } ) )
|
||||
{ report => $report2, secure_mode => "high" } ) )
|
||||
{
|
||||
twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if( 0 != twtools::UpdateDatabase(
|
||||
{ report => $report2, secure-mode => "low" } ) )
|
||||
{ report => $report2, secure_mode => "low" } ) )
|
||||
{
|
||||
twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ sub run
|
|||
#######################################################
|
||||
# Do it again, but sign it this time.
|
||||
#
|
||||
#twtools::RunIntegrityCheck({trailing-opts => "-E -P $twtools::twlocalpass"});
|
||||
#twtools::RunIntegrityCheck({trailing_opts => "-E -P $twtools::twlocalpass"});
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
|
|
@ -217,7 +217,7 @@ sub run
|
|||
# Now run 'just' the FS section, aka the whole policy
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck(trailing-opts => "-x FS");
|
||||
twtools::RunIntegrityCheck(trailing_opts => "-x FS");
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
|
|
@ -235,7 +235,7 @@ sub run
|
|||
# Now run a check ignoring the SHA attribute, should still return same changes
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck(trailing-opts => "-i S");
|
||||
twtools::RunIntegrityCheck(trailing_opts => "-i S");
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
|
|
@ -253,7 +253,7 @@ sub run
|
|||
# Now just run RuleA
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-R RuleA"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-R RuleA"});
|
||||
|
||||
# Make sure we got 4 violations this time: 2 mod, 1 add, 1 rm.
|
||||
#
|
||||
|
|
@ -271,7 +271,7 @@ sub run
|
|||
# Now run severity level 200, meaning RuleB
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-l 200"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-l 200"});
|
||||
|
||||
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
||||
#
|
||||
|
|
@ -289,7 +289,7 @@ sub run
|
|||
# Now run severity level "high", also meaning RuleB
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-l high"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-l high"});
|
||||
|
||||
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
||||
#
|
||||
|
|
@ -307,7 +307,7 @@ sub run
|
|||
# Now run against one object, modify.txt
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "$root/subdir/modify.txt"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "$root/subdir/modify.txt"});
|
||||
|
||||
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
||||
#
|
||||
|
|
@ -324,11 +324,11 @@ sub run
|
|||
# (we're configured to pipe to cat as a fake mailprogram)
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 0"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 1"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 2"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 3"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 4"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-M -t 0"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-M -t 1"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-M -t 2"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-M -t 3"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-M -t 4"});
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
|
|
@ -347,7 +347,7 @@ sub run
|
|||
# Now run an interactive IC with cat as a fake editor, so DB gets auto updated.
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-I -V cat -P $twtools::twlocalpass"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-I -V cat -P $twtools::twlocalpass"});
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
|
|
@ -366,7 +366,7 @@ sub run
|
|||
# + also exercise the verbose & hex output options since we don't elsewhere.
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-v -h"});
|
||||
twtools::RunIntegrityCheck({trailing_opts => "-v -h"});
|
||||
|
||||
# Make sure we got no violations this time
|
||||
#
|
||||
|
|
|
|||
|
|
@ -199,13 +199,13 @@ sub RunBasicTest
|
|||
#
|
||||
sub RunSecureModeTest
|
||||
{
|
||||
twtools::logStatus("*** Beginning polupdate.secure-mode test\n");
|
||||
printf("%-30s", "-- polupdate.secure-mode test");
|
||||
twtools::logStatus("*** Beginning polupdate.secure_mode test\n");
|
||||
printf("%-30s", "-- polupdate.secure_mode test");
|
||||
|
||||
PrepareForTest();
|
||||
|
||||
twtools::WritePolicyFile( PolicyFileStringNew() );
|
||||
if( ! twtools::UpdatePolicy({ secure-mode => "high" } ))
|
||||
if( ! twtools::UpdatePolicy({ secure_mode => "high" } ))
|
||||
{
|
||||
twtools::logStatus("FAILED -- update policy returned nonzero\n");
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -290,11 +290,11 @@ sub CreatePolicy {
|
|||
|
||||
my (%params) = %{$_[0]};
|
||||
|
||||
$params{policy-text} = "$twrootdir/$twpolicyloc" if( ! defined($params{policy-text}) );
|
||||
$params{policy_text} = "$twrootdir/$twpolicyloc" if( ! defined($params{policy_text}) );
|
||||
|
||||
print "generating policy file...\n" if $verbose;
|
||||
|
||||
my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`;
|
||||
my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy_text} 2>&1`;
|
||||
|
||||
my ($result) = $?;
|
||||
|
||||
|
|
@ -329,10 +329,10 @@ sub UpdateDatabase {
|
|||
|
||||
my (%params) = %{$_[0]};
|
||||
$params{report} = $reportloc if( ! defined($params{report}) );
|
||||
$params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
|
||||
$params{secure_mode} = "low" if( ! defined($params{secure_mode}) );
|
||||
|
||||
print "updating database for '$twmsg' test...\n" if $verbose;
|
||||
my (@out) = `$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{report} 2>&1`;
|
||||
my (@out) = `$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{secure_mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{report} 2>&1`;
|
||||
|
||||
my ($result) = $?;
|
||||
|
||||
|
|
@ -347,10 +347,10 @@ sub UpdateDatabase {
|
|||
sub UpdatePolicy {
|
||||
|
||||
my (%params) = %{$_[0]};
|
||||
$params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
|
||||
$params{secure_mode} = "low" if( ! defined($params{secure_mode}) );
|
||||
|
||||
print "updating policy for '$twmsg' test...\n" if $verbose;
|
||||
logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
|
||||
logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{secure_mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
|
||||
|
||||
return ($? == 0);
|
||||
}
|
||||
|
|
@ -417,10 +417,10 @@ sub RunIntegrityCheck {
|
|||
|
||||
my (%params) = %{$_[0]};
|
||||
$params{report} = $reportloc if( ! defined($params{report}) );
|
||||
$params{trailing-opts} = "" if( ! defined($params{trailing-opts}) );
|
||||
$params{trailing_opts} = "" if( ! defined($params{trailing_opts}) );
|
||||
|
||||
print("running integrity check for test '$twmsg'...\n") if $verbose;
|
||||
logStatus(`$twrootdir/bin/tripwire -m c -r $params{report} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $params{trailing-opts} 2>&1`);
|
||||
logStatus(`$twrootdir/bin/tripwire -m c -r $params{report} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $params{trailing_opts} 2>&1`);
|
||||
|
||||
return ($? & 8);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue