Add IC test cases for named severity, ignored props, & email reporting
This commit is contained in:
Brian Cox
parent
4cdb384445
commit
85fcbb1371
|
|
@ -33,12 +33,12 @@ sub PolicyFileString
|
|||
return <<POLICY_END;
|
||||
# Policy file generated by integrity checks test
|
||||
#
|
||||
(rulename="RuleA", severity=100)
|
||||
(rulename="RuleA", severity=30, emailto="elvis@mars")
|
||||
{
|
||||
$root -> \$(ReadOnly)+S; #read only plus SHA-1
|
||||
}
|
||||
|
||||
(rulename="RuleB", severity=300)
|
||||
(rulename="RuleB", severity=200, emailto="elvis@mars")
|
||||
{
|
||||
$root2 -> \$(ReadOnly)+S; #read only plus SHA-1
|
||||
}
|
||||
|
|
@ -207,6 +207,7 @@ sub run
|
|||
#######################################################
|
||||
# Now run 'just' the FS section, aka the whole policy
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck(trailing-opts => "-x FS");
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
|
|
@ -219,9 +220,26 @@ sub run
|
|||
$twpassed = 0;
|
||||
}
|
||||
|
||||
#######################################################
|
||||
# Now run a check ignoring the SHA attribute, should still return same changes
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck(trailing-opts => "-i S");
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||
|
||||
if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
|
||||
{
|
||||
twtools::logStatus("IC with FS section failed: $n $a $r $c\n");
|
||||
$twpassed = 0;
|
||||
}
|
||||
|
||||
#######################################################
|
||||
# Now just run RuleA
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-R RuleA"});
|
||||
|
||||
# Make sure we got 4 violations this time: 2 mod, 1 add, 1 rm.
|
||||
|
|
@ -235,9 +253,10 @@ sub run
|
|||
}
|
||||
|
||||
#######################################################
|
||||
# Now run severity level 300, meaning RuleB
|
||||
# Now run severity level 200, meaning RuleB
|
||||
#
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-l 300"});
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-l 200"});
|
||||
|
||||
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
||||
#
|
||||
|
|
@ -245,13 +264,30 @@ sub run
|
|||
|
||||
if( ($n != 2) || ($a != 0) || ($r != 1) || ($c != 1) )
|
||||
{
|
||||
twtools::logStatus("IC of severity 300+ failed: $n $a $r $c\n");
|
||||
twtools::logStatus("IC of severity 200+ failed: $n $a $r $c\n");
|
||||
$twpassed = 0;
|
||||
}
|
||||
|
||||
#######################################################
|
||||
# Now run severity level "high", also meaning RuleB
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-l high"});
|
||||
|
||||
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
||||
#
|
||||
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||
|
||||
if( ($n != 2) || ($a != 0) || ($r != 1) || ($c != 1) )
|
||||
{
|
||||
twtools::logStatus("IC of severity 'high' failed: $n $a $r $c\n");
|
||||
$twpassed = 0;
|
||||
}
|
||||
|
||||
#######################################################
|
||||
# Now run against one object, modify.txt
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "$root/subdir/modify.txt"});
|
||||
|
||||
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
||||
|
|
@ -264,10 +300,32 @@ sub run
|
|||
$twpassed = 0;
|
||||
}
|
||||
|
||||
#######################################################
|
||||
# Run a few full check w/ email reporting, all the valid levels
|
||||
# (we're configured to pipe to cat as a fake mailprogram)
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 0"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 1"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 2"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 3"});
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-M -t 4"});
|
||||
|
||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||
#
|
||||
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||
|
||||
if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
|
||||
{
|
||||
twtools::logStatus("Full IC failed: $n $a $r $c\n");
|
||||
$twpassed = 0;
|
||||
}
|
||||
|
||||
|
||||
#######################################################
|
||||
# Now run an interactive IC with cat as a fake editor, so DB gets auto updated.
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-I -V cat -P $twtools::twlocalpass"});
|
||||
|
||||
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
||||
|
|
@ -284,6 +342,7 @@ sub run
|
|||
# Finally run another full IC to verify db was updated
|
||||
# + also exercise the verbose & hex output options since we don't elsewhere.
|
||||
#
|
||||
RemoveFile("$reportloc");
|
||||
twtools::RunIntegrityCheck({trailing-opts => "-v -h"});
|
||||
|
||||
# Make sure we got no violations this time
|
||||
|
|
|
|||
Loading…
Reference in New Issue