Fix dbupdate secure-mode test, add a case for updating db twice w/ same report, clean up twtools methods a bit more.
This commit is contained in:
parent
01e25eb493
commit
fafa681bce
|
@ -143,48 +143,52 @@ sub PrepareForTest
|
||||||
sub RunBasicTest
|
sub RunBasicTest
|
||||||
{
|
{
|
||||||
twtools::logStatus("*** Beginning dbupdate.basic test\n");
|
twtools::logStatus("*** Beginning dbupdate.basic test\n");
|
||||||
printf("%-30s", "-- dbupdate.basic test");
|
printf("%-30s", "-- dbupdate.basic test");
|
||||||
|
|
||||||
PrepareForTest();
|
PrepareForTest();
|
||||||
|
|
||||||
# make some violations...
|
# make some violations...
|
||||||
#
|
#
|
||||||
MoveFile ( "meow.txt", "cat.txt" );
|
MoveFile ( "meow.txt", "cat.txt" );
|
||||||
CreateFile( "dog/bark.txt", "bark bark bark" );
|
CreateFile( "dog/bark.txt", "bark bark bark" );
|
||||||
|
|
||||||
# run the integrity check...
|
|
||||||
#
|
|
||||||
twtools::RunIntegrityCheck();
|
|
||||||
|
|
||||||
# Make sure we got 4 violations: 2 mod, 1 add, 1 rm.
|
# run the integrity check...
|
||||||
#
|
#
|
||||||
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
twtools::RunIntegrityCheck();
|
||||||
|
|
||||||
if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) )
|
# Make sure we got 4 violations: 2 mod, 1 add, 1 rm.
|
||||||
{
|
#
|
||||||
twtools::logStatus("FAILED -- initial integrity check had unexpected results\n");
|
my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# do the database update...
|
if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) )
|
||||||
#
|
{
|
||||||
twtools::UpdateDatabase();
|
twtools::logStatus("FAILED -- initial integrity check had unexpected results\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
# do another IC and make sure there are no violations
|
# do the database update...
|
||||||
#
|
#
|
||||||
twtools::RunIntegrityCheck();
|
if (0 != twtools::UpdateDatabase())
|
||||||
|
{
|
||||||
|
twtools::logStatus("FAILED -- db update did not succeed\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
# do another IC and make sure there are no violations
|
||||||
|
#
|
||||||
if( $n != 0 )
|
twtools::RunIntegrityCheck();
|
||||||
{
|
|
||||||
twtools::logStatus("FAILED -- violations after update\n");
|
($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
|
||||||
return 0;
|
|
||||||
}
|
if( $n != 0 )
|
||||||
|
{
|
||||||
++$twtools::twpassedtests;
|
twtools::logStatus("FAILED -- violations after update\n");
|
||||||
print "PASSED\n";
|
return 0;
|
||||||
return 1;
|
}
|
||||||
|
|
||||||
|
++$twtools::twpassedtests;
|
||||||
|
print "PASSED\n";
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -192,81 +196,87 @@ sub RunBasicTest
|
||||||
#
|
#
|
||||||
sub RunSecureModeTest
|
sub RunSecureModeTest
|
||||||
{
|
{
|
||||||
twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
|
twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
|
||||||
printf("%-30s", "-- dbupdate.secure-mode test");
|
printf("%-30s", "-- dbupdate.secure-mode test");
|
||||||
|
|
||||||
++$twtools::twskippedtests;
|
PrepareForTest();
|
||||||
print "SKIPPED - this test needs further investigation\n";
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
PrepareForTest();
|
# make a violation and generate a report
|
||||||
|
#
|
||||||
|
CreateFile( "dog/bark.txt", "bark bark bark" );
|
||||||
|
twtools::RunIntegrityCheck( { report => $report1 } );
|
||||||
|
|
||||||
# make a violation and generate a report
|
# change the same file in a slightly different way and generate
|
||||||
#
|
# another report
|
||||||
CreateFile( "dog/bark.txt", "bark bark bark" );
|
#
|
||||||
twtools::RunIntegrityCheck( { report => $report1 } );
|
CreateFile( "dog/bark.txt", "bark bark bark woof" );
|
||||||
|
twtools::RunIntegrityCheck( { report => $report2 } );
|
||||||
|
|
||||||
# change the same file in a slightly different way and generate
|
# Remove a file and generate a third report
|
||||||
# another report
|
#
|
||||||
#
|
RemoveFile( "dog/bark.txt" );
|
||||||
CreateFile( "dog/bark.txt", "bark bark bark woof" );
|
twtools::RunIntegrityCheck( { report => $report3 } );
|
||||||
twtools::RunIntegrityCheck( { report => $report2 } );
|
|
||||||
|
|
||||||
# Remove a file and generate a third report
|
# Add a file and generate the fourth report
|
||||||
#
|
#
|
||||||
RemoveFile( "dog/bark.txt" );
|
CreateFile( "dog/cow.txt", "moo moo" );
|
||||||
twtools::RunIntegrityCheck( { report => $report3 } );
|
twtools::RunIntegrityCheck( { report => $report4 } );
|
||||||
|
|
||||||
# Add a file and generate the fourth report
|
|
||||||
#
|
|
||||||
CreateFile( "dog/cow.txt", "moo moo" );
|
|
||||||
twtools::RunIntegrityCheck( { report => $report4 } );
|
|
||||||
|
|
||||||
# Update the database with report 1.
|
|
||||||
#
|
|
||||||
twtools::UpdateDatabase( { report => $report1 } );
|
|
||||||
|
|
||||||
# Try to update the database with report 2 ... this should fail
|
# Update the database with report 1.
|
||||||
# in secure-mode == high because the "old" values don't match.
|
#
|
||||||
#
|
twtools::UpdateDatabase( { report => $report1 } );
|
||||||
if( twtools::UpdateDatabase(
|
|
||||||
{ report => $report2, secure-mode => "high" } ) )
|
|
||||||
{
|
|
||||||
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# do a high severity update with report3 -- this should
|
# Try to update the database with report 1 again ... this should fail
|
||||||
# succeed
|
# in secure-mode == high because the db can't accept same changes again.
|
||||||
#
|
#
|
||||||
if( ! twtools::UpdateDatabase(
|
if( 0 == twtools::UpdateDatabase(
|
||||||
{ report => $report3, secure-mode => "high" } ) )
|
{ report => $report1, secure-mode => "high" } ) )
|
||||||
{
|
{
|
||||||
twtools::logStatus("FAILED ... Update with report 3 failed\n");
|
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Try 2 again ... now we are trying to update an object that
|
|
||||||
# doesn't exist in the database at all. This should
|
|
||||||
# succeed in low but fail in high.
|
|
||||||
#
|
|
||||||
if( twtools::UpdateDatabase(
|
|
||||||
{ report => $report2, secure-mode => "high" } ) )
|
|
||||||
{
|
|
||||||
twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ! twtools::UpdateDatabase(
|
# Try to update the database with report 2 ... this should fail
|
||||||
{ report => $report2, secure-mode => "low" } ) )
|
# in secure-mode == high because the "old" values don't match.
|
||||||
{
|
#
|
||||||
twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
|
if( 0 == twtools::UpdateDatabase(
|
||||||
return 0;
|
{ report => $report2, secure-mode => "high" } ) )
|
||||||
}
|
{
|
||||||
|
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
++$twtools::twpassedtests;
|
# do a high severity update with report3 -- this should
|
||||||
print "PASSED\n";
|
# succeed
|
||||||
return 1;
|
#
|
||||||
|
if( 0 != twtools::UpdateDatabase(
|
||||||
|
{ report => $report3, secure-mode => "high" } ) )
|
||||||
|
{
|
||||||
|
twtools::logStatus("FAILED ... Update with report 3 failed\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Try 2 again ... now we are trying to update an object that
|
||||||
|
# doesn't exist in the database at all. This should
|
||||||
|
# succeed in low but fail in high.
|
||||||
|
#
|
||||||
|
if( 0 == twtools::UpdateDatabase(
|
||||||
|
{ report => $report2, secure-mode => "high" } ) )
|
||||||
|
{
|
||||||
|
twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( 0 != twtools::UpdateDatabase(
|
||||||
|
{ report => $report2, secure-mode => "low" } ) )
|
||||||
|
{
|
||||||
|
twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
++$twtools::twpassedtests;
|
||||||
|
print "PASSED\n";
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -273,9 +273,13 @@ sub GeneratePolicyFile {
|
||||||
|
|
||||||
print "generating policy file...\n" if $verbose;
|
print "generating policy file...\n" if $verbose;
|
||||||
|
|
||||||
logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`);
|
my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`;
|
||||||
|
|
||||||
return ($? == 0);
|
my ($result) = ${^CHILD_ERROR_NATIVE};
|
||||||
|
|
||||||
|
logStatus(@out);
|
||||||
|
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -291,9 +295,13 @@ sub CreatePolicy {
|
||||||
|
|
||||||
print "generating policy file...\n" if $verbose;
|
print "generating policy file...\n" if $verbose;
|
||||||
|
|
||||||
logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`);
|
my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`;
|
||||||
|
|
||||||
return ($? == 0);
|
my ($result) = ${^CHILD_ERROR_NATIVE};
|
||||||
|
|
||||||
|
logStatus(@out);
|
||||||
|
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -305,9 +313,13 @@ sub InitializeDatabase {
|
||||||
my ($twmsg) = @_;
|
my ($twmsg) = @_;
|
||||||
|
|
||||||
print "initializing database for '$twmsg' test...\n" if $verbose;
|
print "initializing database for '$twmsg' test...\n" if $verbose;
|
||||||
logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`);
|
my (@out) = `$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`;
|
||||||
|
|
||||||
return ($? == 0);
|
my ($result) = ${^CHILD_ERROR_NATIVE};
|
||||||
|
|
||||||
|
logStatus(@out);
|
||||||
|
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -317,13 +329,17 @@ sub InitializeDatabase {
|
||||||
sub UpdateDatabase {
|
sub UpdateDatabase {
|
||||||
|
|
||||||
my (%params) = %{$_[0]};
|
my (%params) = %{$_[0]};
|
||||||
$params{'report'} = $reportloc if( ! defined($params{'report'}) );
|
$params{report} = $reportloc if( ! defined($params{report}) );
|
||||||
$params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
|
$params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
|
||||||
|
|
||||||
print "updating database for '$twmsg' test...\n" if $verbose;
|
print "updating database for '$twmsg' test...\n" if $verbose;
|
||||||
logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{'report'} 2>&1`);
|
my (@out) = `$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{report} 2>&1`;
|
||||||
|
|
||||||
return ($? == 0);
|
my ($result) = ${^CHILD_ERROR_NATIVE};
|
||||||
|
|
||||||
|
logStatus(@out);
|
||||||
|
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -332,10 +348,10 @@ sub UpdateDatabase {
|
||||||
sub UpdatePolicy {
|
sub UpdatePolicy {
|
||||||
|
|
||||||
my (%params) = %{$_[0]};
|
my (%params) = %{$_[0]};
|
||||||
$params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
|
$params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
|
||||||
|
|
||||||
print "updating policy for '$twmsg' test...\n" if $verbose;
|
print "updating policy for '$twmsg' test...\n" if $verbose;
|
||||||
logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
|
logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
|
||||||
|
|
||||||
return ($? == 0);
|
return ($? == 0);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue