Add IC test cases for named severity, ignored props, & email reporting
This commit is contained in:
Brian Cox
parent
4cdb384445
commit
85fcbb1371
|
|
@ -33,12 +33,12 @@ sub PolicyFileString
|
||||||
return <<POLICY_END;
|
return <<POLICY_END;
|
||||||
# Policy file generated by integrity checks test
|
# Policy file generated by integrity checks test
|
||||||
#
|
#
|
||||||
(rulename="RuleA", severity=100)
|
(rulename="RuleA", severity=30, emailto="elvis@mars")
|
||||||
{
|
{
|
||||||
$root -> \$(ReadOnly)+S; #read only plus SHA-1
|
$root -> \$(ReadOnly)+S; #read only plus SHA-1
|
||||||
}
|
}
|
||||||
|
|
||||||
(rulename="RuleB", severity=300)
|
(rulename="RuleB", severity=200, emailto="elvis@mars")
|
||||||
{
|
{
|
||||||
$root2 -> \$(ReadOnly)+S; #read only plus SHA-1
|
$root2 -> \$(ReadOnly)+S; #read only plus SHA-1
|
||||||
}
|
}
|
||||||
|
|
@ -207,6 +207,7 @@ sub run
|
||||||
#######################################################
|
#######################################################
|
||||||
# Now run 'just' the FS section, aka the whole policy
|
# Now run 'just' the FS section, aka the whole policy
|
||||||
#
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
twtools::RunIntegrityCheck(trailing-opts => "-x FS");
|
twtools::RunIntegrityCheck(trailing-opts => "-x FS");
|
||||||
|
|
||||||
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||||
|
|
@ -219,9 +220,26 @@ sub run
|
||||||
$twpassed = 0;
|
$twpassed = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#######################################################
|
||||||
|
# Now run a check ignoring the SHA attribute, should still return same changes
|
||||||
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
|
twtools::RunIntegrityCheck(trailing-opts => "-i S");
|
||||||
|
|
||||||
|
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||||
|
#
|
||||||
|
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||||
|
|
||||||
|
if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
|
||||||
|
{
|
||||||
|
twtools::logStatus("IC with FS section failed: $n $a $r $c\n");
|
||||||
|
$twpassed = 0;
|
||||||
|
}
|
||||||
|
|
||||||
#######################################################
|
#######################################################
|
||||||
# Now just run RuleA
|
# Now just run RuleA
|
||||||
#
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
twtools::RunIntegrityCheck({trailing-opts => "-R RuleA"});
|
twtools::RunIntegrityCheck({trailing-opts => "-R RuleA"});
|
||||||
|
|
||||||
# Make sure we got 4 violations this time: 2 mod, 1 add, 1 rm.
|
# Make sure we got 4 violations this time: 2 mod, 1 add, 1 rm.
|
||||||
|
|
@ -235,9 +253,10 @@ sub run
|
||||||
}
|
}
|
||||||
|
|
||||||
#######################################################
|
#######################################################
|
||||||
# Now run severity level 300, meaning RuleB
|
# Now run severity level 200, meaning RuleB
|
||||||
#
|
#
|
||||||
twtools::RunIntegrityCheck({trailing-opts => "-l 300"});
|
RemoveFile("$reportloc");
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-l 200"});
|
||||||
|
|
||||||
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
||||||
#
|
#
|
||||||
|
|
@ -245,13 +264,30 @@ sub run
|
||||||
|
|
||||||
if( ($n != 2) || ($a != 0) || ($r != 1) || ($c != 1) )
|
if( ($n != 2) || ($a != 0) || ($r != 1) || ($c != 1) )
|
||||||
{
|
{
|
||||||
twtools::logStatus("IC of severity 300+ failed: $n $a $r $c\n");
|
twtools::logStatus("IC of severity 200+ failed: $n $a $r $c\n");
|
||||||
|
$twpassed = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################################
|
||||||
|
# Now run severity level "high", also meaning RuleB
|
||||||
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-l high"});
|
||||||
|
|
||||||
|
# Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
|
||||||
|
#
|
||||||
|
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||||
|
|
||||||
|
if( ($n != 2) || ($a != 0) || ($r != 1) || ($c != 1) )
|
||||||
|
{
|
||||||
|
twtools::logStatus("IC of severity 'high' failed: $n $a $r $c\n");
|
||||||
$twpassed = 0;
|
$twpassed = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#######################################################
|
#######################################################
|
||||||
# Now run against one object, modify.txt
|
# Now run against one object, modify.txt
|
||||||
#
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
twtools::RunIntegrityCheck({trailing-opts => "$root/subdir/modify.txt"});
|
twtools::RunIntegrityCheck({trailing-opts => "$root/subdir/modify.txt"});
|
||||||
|
|
||||||
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
||||||
|
|
@ -264,10 +300,32 @@ sub run
|
||||||
$twpassed = 0;
|
$twpassed = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#######################################################
|
||||||
|
# Run a few full check w/ email reporting, all the valid levels
|
||||||
|
# (we're configured to pipe to cat as a fake mailprogram)
|
||||||
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-M -t 0"});
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-M -t 1"});
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-M -t 2"});
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-M -t 3"});
|
||||||
|
twtools::RunIntegrityCheck({trailing-opts => "-M -t 4"});
|
||||||
|
|
||||||
|
# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
|
||||||
|
#
|
||||||
|
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||||
|
|
||||||
|
if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
|
||||||
|
{
|
||||||
|
twtools::logStatus("Full IC failed: $n $a $r $c\n");
|
||||||
|
$twpassed = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#######################################################
|
#######################################################
|
||||||
# Now run an interactive IC with cat as a fake editor, so DB gets auto updated.
|
# Now run an interactive IC with cat as a fake editor, so DB gets auto updated.
|
||||||
#
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
twtools::RunIntegrityCheck({trailing-opts => "-I -V cat -P $twtools::twlocalpass"});
|
twtools::RunIntegrityCheck({trailing-opts => "-I -V cat -P $twtools::twlocalpass"});
|
||||||
|
|
||||||
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
# Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
|
||||||
|
|
@ -284,6 +342,7 @@ sub run
|
||||||
# Finally run another full IC to verify db was updated
|
# Finally run another full IC to verify db was updated
|
||||||
# + also exercise the verbose & hex output options since we don't elsewhere.
|
# + also exercise the verbose & hex output options since we don't elsewhere.
|
||||||
#
|
#
|
||||||
|
RemoveFile("$reportloc");
|
||||||
twtools::RunIntegrityCheck({trailing-opts => "-v -h"});
|
twtools::RunIntegrityCheck({trailing-opts => "-v -h"});
|
||||||
|
|
||||||
# Make sure we got no violations this time
|
# Make sure we got no violations this time
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue