Fix dbupdate secure-mode test, add a case for updating db twice w/ same report, clean up twtools methods a bit more.

This commit is contained in:
Brian Cox 2017-08-23 17:58:12 -07:00
parent 01e25eb493
commit fafa681bce
2 changed files with 140 additions and 114 deletions

View File

@ -168,7 +168,11 @@ sub RunBasicTest
# do the database update...
#
twtools::UpdateDatabase();
if (0 != twtools::UpdateDatabase())
{
twtools::logStatus("FAILED -- db update did not succeed\n");
return 0;
}
# do another IC and make sure there are no violations
#
@ -195,10 +199,6 @@ sub RunSecureModeTest
twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
printf("%-30s", "-- dbupdate.secure-mode test");
++$twtools::twskippedtests;
print "SKIPPED - this test needs further investigation\n";
return 1;
PrepareForTest();
# make a violation and generate a report
@ -226,10 +226,20 @@ sub RunSecureModeTest
#
twtools::UpdateDatabase( { report => $report1 } );
# Try to update the database with report 1 again ... this should fail
# in secure-mode == high because the db can't accept same changes again.
#
if( 0 == twtools::UpdateDatabase(
{ report => $report1, secure-mode => "high" } ) )
{
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
return 0;
}
# Try to update the database with report 2 ... this should fail
# in secure-mode == high because the "old" values don't match.
#
if( twtools::UpdateDatabase(
if( 0 == twtools::UpdateDatabase(
{ report => $report2, secure-mode => "high" } ) )
{
twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
@ -239,7 +249,7 @@ sub RunSecureModeTest
# do a high severity update with report3 -- this should
# succeed
#
if( ! twtools::UpdateDatabase(
if( 0 != twtools::UpdateDatabase(
{ report => $report3, secure-mode => "high" } ) )
{
twtools::logStatus("FAILED ... Update with report 3 failed\n");
@ -250,14 +260,14 @@ sub RunSecureModeTest
# doesn't exist in the database at all. This should
# succeed in low but fail in high.
#
if( twtools::UpdateDatabase(
if( 0 == twtools::UpdateDatabase(
{ report => $report2, secure-mode => "high" } ) )
{
twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
return 0;
}
if( ! twtools::UpdateDatabase(
if( 0 != twtools::UpdateDatabase(
{ report => $report2, secure-mode => "low" } ) )
{
twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");

View File

@ -273,9 +273,13 @@ sub GeneratePolicyFile {
print "generating policy file...\n" if $verbose;
logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`);
my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`;
return ($? == 0);
my ($result) = ${^CHILD_ERROR_NATIVE};
logStatus(@out);
return $result;
}
@ -291,9 +295,13 @@ sub CreatePolicy {
print "generating policy file...\n" if $verbose;
logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`);
my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`;
return ($? == 0);
my ($result) = ${^CHILD_ERROR_NATIVE};
logStatus(@out);
return $result;
}
@ -305,9 +313,13 @@ sub InitializeDatabase {
my ($twmsg) = @_;
print "initializing database for '$twmsg' test...\n" if $verbose;
logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`);
my (@out) = `$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`;
return ($? == 0);
my ($result) = ${^CHILD_ERROR_NATIVE};
logStatus(@out);
return $result;
}
@ -317,13 +329,17 @@ sub InitializeDatabase {
sub UpdateDatabase {
my (%params) = %{$_[0]};
$params{'report'} = $reportloc if( ! defined($params{'report'}) );
$params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
$params{report} = $reportloc if( ! defined($params{report}) );
$params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
print "updating database for '$twmsg' test...\n" if $verbose;
logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{'report'} 2>&1`);
my (@out) = `$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{report} 2>&1`;
return ($? == 0);
my ($result) = ${^CHILD_ERROR_NATIVE};
logStatus(@out);
return $result;
}
######################################################################
@ -332,10 +348,10 @@ sub UpdateDatabase {
sub UpdatePolicy {
my (%params) = %{$_[0]};
$params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
$params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
print "updating policy for '$twmsg' test...\n" if $verbose;
logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
return ($? == 0);
}