From 0a5730258623625e2acc316250c9e68ce60bba30 Mon Sep 17 00:00:00 2001 From: li-kaiyuan66666 Date: Mon, 12 Jul 2021 10:19:54 +0800 Subject: [PATCH 1/2] add audit testcases --- suite2cases/audit | 23 ++++ testcases/package-test/audit/common/comlib.sh | 35 ++++++ .../oe_test_audit_audit_logs_disk.sh | 43 ++++++++ .../oe_test_audit_available_disk_space.sh | 71 ++++++++++++ .../oe_test_audit_count_number_of_event.sh | 31 ++++++ .../oe_test_audit_count_time.sh | 30 ++++++ .../oe_test_audit_fetch_file_in_order.sh | 51 +++++++++ .../oe_test_audit_max_log_file_ignore.sh | 62 +++++++++++ .../oe_test_audit_max_log_file_keep_logs.sh | 60 +++++++++++ .../oe_test_audit_max_log_file_rotate.sh | 73 +++++++++++++ .../oe_test_audit_max_log_file_suspend.sh | 55 ++++++++++ .../oe_test_audit_max_log_file_syslog.sh | 66 ++++++++++++ ...oe_test_audit_monitor_dictionary_access.sh | 49 +++++++++ .../oe_test_audit_monitor_do_command.sh | 50 +++++++++ .../oe_test_audit_monitor_file_access.sh | 57 ++++++++++ .../oe_test_audit_monitor_network_visit.sh | 65 +++++++++++ .../oe_test_audit_monitor_security_event.sh | 64 +++++++++++ .../oe_test_audit_monitor_system_use.sh | 51 +++++++++ .../oe_test_audit_rule_conflict_strategy.sh | 55 ++++++++++ .../oe_test_audit_rule_contact_strategy.sh | 65 +++++++++++ .../oe_test_audit_rule_fetch_from_rule.sh | 51 +++++++++ .../oe_test_audit_show_event_list.sh | 31 ++++++ .../oe_test_audit_track_designated_access.sh | 36 +++++++ .../oe_test_audit_use_d_audit.sh | 41 +++++++ .../oe_test_audit_use_w_audit.sh | 43 ++++++++ .../oe_test_audit_user_build_connection/1.txt | 2 + .../audit_socket.c | 101 ++++++++++++++++++ .../oe_test_audit_user_build_connection.sh | 84 +++++++++++++++ .../wait_poll | 1 + 29 files changed, 1446 insertions(+) create mode 100644 suite2cases/audit create mode 100644 testcases/package-test/audit/common/comlib.sh create mode 100644 testcases/package-test/audit/oe_test_audit_audit_logs_disk/oe_test_audit_audit_logs_disk.sh create mode 100644 testcases/package-test/audit/oe_test_audit_available_disk_space/oe_test_audit_available_disk_space.sh create mode 100644 testcases/package-test/audit/oe_test_audit_count_number_of_event/oe_test_audit_count_number_of_event.sh create mode 100644 testcases/package-test/audit/oe_test_audit_count_time/oe_test_audit_count_time.sh create mode 100644 testcases/package-test/audit/oe_test_audit_fetch_file_in_order/oe_test_audit_fetch_file_in_order.sh create mode 100644 testcases/package-test/audit/oe_test_audit_max_log_file_ignore/oe_test_audit_max_log_file_ignore.sh create mode 100644 testcases/package-test/audit/oe_test_audit_max_log_file_keep_logs/oe_test_audit_max_log_file_keep_logs.sh create mode 100644 testcases/package-test/audit/oe_test_audit_max_log_file_rotate/oe_test_audit_max_log_file_rotate.sh create mode 100644 testcases/package-test/audit/oe_test_audit_max_log_file_suspend/oe_test_audit_max_log_file_suspend.sh create mode 100644 testcases/package-test/audit/oe_test_audit_max_log_file_syslog/oe_test_audit_max_log_file_syslog.sh create mode 100755 testcases/package-test/audit/oe_test_audit_monitor_dictionary_access/oe_test_audit_monitor_dictionary_access.sh create mode 100644 testcases/package-test/audit/oe_test_audit_monitor_do_command/oe_test_audit_monitor_do_command.sh create mode 100644 testcases/package-test/audit/oe_test_audit_monitor_file_access/oe_test_audit_monitor_file_access.sh create mode 100644 testcases/package-test/audit/oe_test_audit_monitor_network_visit/oe_test_audit_monitor_network_visit.sh create mode 100644 testcases/package-test/audit/oe_test_audit_monitor_security_event/oe_test_audit_monitor_security_event.sh create mode 100644 testcases/package-test/audit/oe_test_audit_monitor_system_use/oe_test_audit_monitor_system_use.sh create mode 100644 testcases/package-test/audit/oe_test_audit_rule_conflict_strategy/oe_test_audit_rule_conflict_strategy.sh create mode 100644 testcases/package-test/audit/oe_test_audit_rule_contact_strategy/oe_test_audit_rule_contact_strategy.sh create mode 100644 testcases/package-test/audit/oe_test_audit_rule_fetch_from_rule/oe_test_audit_rule_fetch_from_rule.sh create mode 100644 testcases/package-test/audit/oe_test_audit_show_event_list/oe_test_audit_show_event_list.sh create mode 100644 testcases/package-test/audit/oe_test_audit_track_designated_access/oe_test_audit_track_designated_access.sh create mode 100644 testcases/package-test/audit/oe_test_audit_use_d_audit/oe_test_audit_use_d_audit.sh create mode 100644 testcases/package-test/audit/oe_test_audit_use_w_audit/oe_test_audit_use_w_audit.sh create mode 100644 testcases/package-test/audit/oe_test_audit_user_build_connection/1.txt create mode 100644 testcases/package-test/audit/oe_test_audit_user_build_connection/audit_socket.c create mode 100644 testcases/package-test/audit/oe_test_audit_user_build_connection/oe_test_audit_user_build_connection.sh create mode 100644 testcases/package-test/audit/oe_test_audit_user_build_connection/wait_poll diff --git a/suite2cases/audit b/suite2cases/audit new file mode 100644 index 0000000..c67d6c5 --- /dev/null +++ b/suite2cases/audit @@ -0,0 +1,23 @@ +oe_test_audit_monitor_file_access +oe_test_audit_monitor_dictionary_access +oe_test_audit_monitor_system_use +oe_test_audit_monitor_do_command +oe_test_audit_monitor_security_event +oe_test_audit_monitor_network_visit +oe_test_audit_track_designated_access +oe_test_audit_use_d_audit +oe_test_audit_use_w_audit +oe_test_audit_rule_contact_strategy +oe_test_audit_rule_conflict_strategy +oe_test_audit_rule_fetch_from_rule +oe_test_audit_fetch_file_in_order +oe_test_audit_count_time +oe_test_audit_count_number_of_event +oe_test_audit_show_event_list +oe_test_audit_user_build_connection +oe_test_audit_max_log_file_rotate +oe_test_audit_max_log_file_ignore +oe_test_audit_max_log_file_syslog +oe_test_audit_max_log_file_suspend +oe_test_audit_max_log_file_keep_logs +oe_test_audit_available_disk_space diff --git a/testcases/package-test/audit/common/comlib.sh b/testcases/package-test/audit/common/comlib.sh new file mode 100644 index 0000000..091fb72 --- /dev/null +++ b/testcases/package-test/audit/common/comlib.sh @@ -0,0 +1,35 @@ +#!/bin/bash +source ${OET_PATH}/libs/locallibs/common_lib.sh +AUDIT_PATH=$(find /etc -name auditd.conf) + +function create_logfile(){ + auditctl -w /home/auditd_test -p rwxa + for((j=0;j<500;j++));do + touch /home/auditd_test > /dev/null + chmod 777 /home/auditd_test > /dev/null + rm -rf /home.auditd_test > /dev/null + done + auditctl -W /home/auditd_test -p rwxa +} +function search_log(){ + audit_key=$1 + auditctl -w /tmp/"${audit_key}" -p rwxa -k "${audit_key}" + CHECK_RESULT $? + starttime=$(date +%T) + touch /tmp/"${audit_key}" + rm -rf /tmp/"${audit_key}" + endtime=$(date +%T) + auditctl -W /tmp/"${audit_key}" -p rwxa -k "${audit_key}" + CHECK_RESULT $? + for((i=0;i<10;i++));do + ausearch -k "${audit_key}" -ts "${starttime}" -te "${endtime}" + if [[ $? -ne 0 ]];then + sleep 1 + else + break + fi + done + if [[ $i -eq 10 ]];then + return 1 + fi +} diff --git a/testcases/package-test/audit/oe_test_audit_audit_logs_disk/oe_test_audit_audit_logs_disk.sh b/testcases/package-test/audit/oe_test_audit_audit_logs_disk/oe_test_audit_audit_logs_disk.sh new file mode 100644 index 0000000..e382b27 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_audit_logs_disk/oe_test_audit_audit_logs_disk.sh @@ -0,0 +1,43 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-31 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : Take the test ls command as an example +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + mkdir -p /auditlog_test + dd if=dev/zero of=/auditlog_test.img count=5 bs=1G + mkfs.ext3 -F /auditlog_test.img + mount /auditlog_test.img /auditlog_test + cp -raf /var/log/ /auditlog_test/ + sed -i sed -i 's/log_file = \/var\/log\/audit\/audit.log/log_file = \/auditlog_test\/log\/audit\/audit.log/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_available_disk_space/oe_test_audit_available_disk_space.sh b/testcases/package-test/audit/oe_test_audit_available_disk_space/oe_test_audit_available_disk_space.sh new file mode 100644 index 0000000..d287441 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_available_disk_space/oe_test_audit_available_disk_space.sh @@ -0,0 +1,71 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-31 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : the available disk space is less than the configured space +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + cp -raf /var/log/ /tmp/ + cat ${AUDIT_PATH} + sed -i 's/log_file = \/var\/log\/audit\/audit.log/log_file = \/tmp\/log\/audit\/audit.log/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = ROTATE/max_log_file_action = KEEP_LOGS/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to prepare the test environment." +} + +function run_test() +{ + LOG_INFO "Start to run test." + count_size=$(df -m /tmp/log/audit/ | awk 'NR==2' | awk '{print $4-74}') + dd if=/dev/zero of=/tmp/log/audit/audit_log bs=1M count="${count_size}" + for ((j=0;j<10;j++));do + sleep 1 + search_log available_disk_space + CHECK_RESULT $? 0 0 "search first" + done + sleep 1 + grep -iE "Audit daemon is low on disk space for logging" /var/log/messages + CHECK_RESULT $? 0 0 "grep logging first failed" + count_size=$(df -m /tmp/log/audit/ | awk 'NR==2' | awk '{print $4-49}') + dd if=/dev/zero of=/tmp/log/audit/audit_log bs=1M count="${count_size}" + search_log available_disk_space + sleep 10 + service auditd status + service auditd status | grep "active (running)" + CHECK_RESULT $? 0 0 "grep active failed" + sleep 10 + service auditd status | grep "Audit daemon is low on disk space for logging" + CHECK_RESULT $? 0 0 "grep logging second failed" + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + sed -i 's/log_file = \/tmp\/log\/audit\/audit.log/log_file = \/var\/log\/audit\/audit.log/g' "${AUDIT_PATH}" + sed -i 's/max_log_file_action = KEEP_LOGS/max_log_file_action = ROTATE/g' "${AUDIT_PATH}" + service auditd restart + cat ${AUDIT_PATH} + rm -rf /tmp/log + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_count_number_of_event/oe_test_audit_count_number_of_event.sh b/testcases/package-test/audit/oe_test_audit_count_number_of_event/oe_test_audit_count_number_of_event.sh new file mode 100644 index 0000000..839b2b9 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_count_number_of_event/oe_test_audit_count_number_of_event.sh @@ -0,0 +1,31 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : count number of events +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 + aureport -e -i --summary | grep "Event Summary Report" + CHECK_RESULT $? 0 0 + LOG_INFO "End to run test." +} +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_count_time/oe_test_audit_count_time.sh b/testcases/package-test/audit/oe_test_audit_count_time/oe_test_audit_count_time.sh new file mode 100644 index 0000000..bc0c645 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_count_time/oe_test_audit_count_time.sh @@ -0,0 +1,30 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : collect overall user time statistics +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 + aureport -u -i --summary | grep "User Summary Report" + CHECK_RESULT $? 0 0 + LOG_INFO "End to run test." +} +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_fetch_file_in_order/oe_test_audit_fetch_file_in_order.sh b/testcases/package-test/audit/oe_test_audit_fetch_file_in_order/oe_test_audit_fetch_file_in_order.sh new file mode 100644 index 0000000..f7e0ad3 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_fetch_file_in_order/oe_test_audit_fetch_file_in_order.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : fetch files in order +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +function pre_test(){ + LOG_INFO "Start to run test" + DNF_INSTALL audit-help + sleep 1 + LOG_INFO "End to prepare the environment" +} +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 + auditctl -D + CHECK_RESULT $? 0 0 + cp -raf /usr/share/doc/audit-help/rules/30-ospp-v42.rules /etc/audit/rules.d + cp -raf /usr/share/doc/audit-help/rules/10-base-config.rules /etc/audit/rules.d + sleep 1 + augenrules --load + CHECK_RESULT $? 0 0 "load failed" + auditctl -l | grep -e "-a always,exit" + CHECK_RESULT $? 0 0 "add failed" + LOG_INFO "End to run test." +} +function post_test() +{ + LOG_INFO "Start to restore the test environment." + auditctl -D + rm -rf /etc/audit/rules.d/20-ospp-v42.rules + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_max_log_file_ignore/oe_test_audit_max_log_file_ignore.sh b/testcases/package-test/audit/oe_test_audit_max_log_file_ignore/oe_test_audit_max_log_file_ignore.sh new file mode 100644 index 0000000..2df693b --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_max_log_file_ignore/oe_test_audit_max_log_file_ignore.sh @@ -0,0 +1,62 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-31 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : set max log file action ignore +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + sed -i 's/max_log_file = 8/max_log_file = 1/g' "/etc/audit/auditd.conf" + sed -i 's/num_logs = 5/num_logs = 2/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = ROTATE/max_log_file_action = IGNORE/g' "/etc/audit/auditd.conf" + service auditd restart + old_time=$(stat /var/log/audit/audit.log |grep "Access" | tail -n 1 | awk '{print $2,$3}') + old_size=$(du -ks /var/log/audit/ | awk '{print $1}') + old_num=$(find /var/log/audit -name "audit.log*" | wc -l) + for ((i=0;i<10;i++));do + create_logfile + new_size=$(du -ks /var/log/audit/ | awk '{print $1}') + new_time=$(stat /var/log/audit/audit.log |grep "Access" | tail -n 1 | awk '{print $2,$3}') + new_num=$(find /var/log/audit -name "audit.log*" | wc -l) + log_size=$(du -ks /var/log/audit/audit.log | awk '{print $1}') + test "$log_size" -gt 1024 &&{ + test "$old_time" == "$new_time" && test "$old_size" -lt "$new_size" && test "$old_num" -eq "$new_num" &&{ + break + } + } + test "$i" -eq 9 &&{ + CHECK_RESULT 1 0 0 + } + done + + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + sed -i 's/max_log_file = 1/max_log_file = 8/g' "/etc/audit/auditd.conf" + sed -i 's/num_logs = 2/num_logs = 5/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = IGNORE/max_log_file_action = ROTATE/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_max_log_file_keep_logs/oe_test_audit_max_log_file_keep_logs.sh b/testcases/package-test/audit/oe_test_audit_max_log_file_keep_logs/oe_test_audit_max_log_file_keep_logs.sh new file mode 100644 index 0000000..eca455d --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_max_log_file_keep_logs/oe_test_audit_max_log_file_keep_logs.sh @@ -0,0 +1,60 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-31 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : set max log file keep logs +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + sed -i 's/max_log_file = 8/max_log_file = 1/g' "/etc/audit/auditd.conf" + sed -i 's/num_logs = 5/num_logs = 2/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = ROTATE/max_log_file_action = KEEP_LOGS/g' "/etc/audit/auditd.conf" + service auditd restart + for ((i=0;i<10;i++));do + old_time=$(stat /var/log/audit/audit.log |grep "Access" | tail -n 1 | awk '{print $2,$3}') + old_size=$(du -ks /var/log/audit/ | awk '{print $1}') + old_num=$(find /var/log/audit -maxdepth 1 -name "audit.log*" | wc -l) + create_logfile + new_time=$(stat /var/log/audit/audit.log |grep "Access" | tail -n 1 | awk '{print $2,$3}') + new_size=$(du -ks /var/log/audit/ | awk '{print $1}') + new_num=$(find /var/log/audit -maxdepth 1 -name "audit.log*" | wc -l) + test $(("$new_size" - "$old_size")) -gt 1024 &&{ + if [[ "$old_time" != "$new_time" && "$old_size" -lt "$new_size" && "$old_num" -le "$new_num" ]]; then + break + else + CHECK_RESULT 1 1 0 + fi + + } + done + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + sed -i 's/max_log_file = 1/max_log_file = 8/g' "/etc/audit/auditd.conf" + sed -i 's/num_logs = 2/num_logs = 5/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = KEEP_LOGS/max_log_file_action = ROTATE/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_max_log_file_rotate/oe_test_audit_max_log_file_rotate.sh b/testcases/package-test/audit/oe_test_audit_max_log_file_rotate/oe_test_audit_max_log_file_rotate.sh new file mode 100644 index 0000000..300d63c --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_max_log_file_rotate/oe_test_audit_max_log_file_rotate.sh @@ -0,0 +1,73 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-19 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : set max log file rotate +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + sed -i 's/max_log_file = 8/max_log_file = 1/g' "/etc/audit/auditd.conf" + sed -i 's/num_logs = 5/num_logs = 2/g' "/etc/audit/auditd.conf" + rm -rf /var/log/audit/audit.log* + service auditd restart + old_size=$(du -ks /var/log/audit/ | awk '{print $1}') + old_num=$(find /var/log/audit -name "audit.log*" | wc -l) + for ((i=0;i<10;i++));do + create_logfile + new_size=$(du -ks /var/log/audit/ | awk '{print $1}') + test $(("$new_size" - "$old_size")) -gt 1024 &&{ + new_num=$(find /var/log/audit -name "audit.log*" | wc -l) + if [ $(("$new_num" - "$old_num")) -ge 1 ]; then + break + else + CHECK_RESULT 1 0 0 + break + fi + } + test "$i" -eq 9 &&{ + CHECK_RESULT 1 0 0 + } + done + + for ((i=0;i<10;i++));do + old_time=$(stat /var/log/audit/audit.log |grep "Access" |tail -n 1 | awk '{print $2,$3}') + create_logfile + new_time=$(stat /var/log/audit/audit.log |grep "Access" |tail -n 1 | awk '{print $2,$3}') + log_num=$(find /var/log/audit/ -maxdepth 1 -name "audit.log*" |wc -l) + test "$old_time" = "$new_time" && test "$log_num" -eq 1 && { + break + } + test "$i" -eq 9 &&{ + CHECK_RESULT 1 1 0 + } + done + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + sed -i 's/max_log_file = 1/max_log_file = 8/g' "/etc/audit/auditd.conf" + sed -i 's/num_logs = 2/num_logs = 5/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_max_log_file_suspend/oe_test_audit_max_log_file_suspend.sh b/testcases/package-test/audit/oe_test_audit_max_log_file_suspend/oe_test_audit_max_log_file_suspend.sh new file mode 100644 index 0000000..ee9272a --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_max_log_file_suspend/oe_test_audit_max_log_file_suspend.sh @@ -0,0 +1,55 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-31 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : set max_log file suspend +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + sed -i 's/max_log_file = 8/max_log_file = 1/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = ROTATE/max_log_file_action = SUSPEND/g' "/etc/audit/auditd.conf" + service auditd restart + CHECK_RESULT $? + logsize=$(du -s /var/log/audit/audit.log | awk '{print $1}') + if [ "${logsize}" -gt 1024 ];then + service auditd status | grep "active" + CHECK_RESULT $? 0 0 "grep first failed" + search_log SCEN_004 + CHECK_RESULT $? 1 0 "grep first failed" + else + create_logfile + service auditd status | grep -e "active" + CHECK_RESULT $? 0 0 "grep second failed" + search_log SCEN_004 + CHECK_RESULT $? 1 0 "search second failed" + fi + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + sed -i 's/max_log_file = 1/max_log_file = 8/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = SUSPEND/max_log_file_action = ROTATE/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_max_log_file_syslog/oe_test_audit_max_log_file_syslog.sh b/testcases/package-test/audit/oe_test_audit_max_log_file_syslog/oe_test_audit_max_log_file_syslog.sh new file mode 100644 index 0000000..2e4e48c --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_max_log_file_syslog/oe_test_audit_max_log_file_syslog.sh @@ -0,0 +1,66 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-05-31 09:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : set max log file syslog +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +source ../common/comlib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + ls /var/log/audit/audit.log && rm -rf /var/log/audit/audit.log + return 0 + LOG_INFO "End to prepare the test environment." +} + +function run_test() +{ + LOG_INFO "Start to run test." + sed -i 's/max_log_file = 8/max_log_file = 1/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = ROTATE/max_log_file_action = SYSLOG/g' "/etc/audit/auditd.conf" + service auditd restart + CHECK_RESULT $? + logSize=$(du -s /var/log/audit/audit.log | awk '{print $1}') + if [ "${logSize}" -gt 1024 ];then + for (( j = 0;j < 50; j++));do + search_log SCEN_003 + sleep 1 + done + CHECK_RESULT $? 0 0 "search failed" + grep -iE "Audit daemon is low on disk space for logging" /var/log/messages + CHECK_RESULT $? 0 0 "grep first failed" + else + create_logfile + grep -iE "Audit daemon is low on disk space for logging" /var/log/messages + CHECK_RESULT $? 0 0 "grep second failed" + search_log SCEN_003 + CHECK_RESULT $? 0 0 "search second failed" + fi + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + sed -i 's/max_log_file = 1/max_log_file = 8/g' "/etc/audit/auditd.conf" + sed -i 's/max_log_file_action = SYSLOG/max_log_file_action = ROTATE/g' "/etc/audit/auditd.conf" + service auditd restart + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_monitor_dictionary_access/oe_test_audit_monitor_dictionary_access.sh b/testcases/package-test/audit/oe_test_audit_monitor_dictionary_access/oe_test_audit_monitor_dictionary_access.sh new file mode 100755 index 0000000..6a9639f --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_monitor_dictionary_access/oe_test_audit_monitor_dictionary_access.sh @@ -0,0 +1,49 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-15 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : monitor dictionary access +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "start failed" + auditctl -D + CHECK_RESULT $? 0 0 "delete failed" + auditctl -w /opt -p wa -k opt_changes + CHECK_RESULT $? 0 0 "add failed" + auditctl -l | grep -e "-w /opt -p wa -k opt_changes" + CHECK_RESULT $? 0 0 "change failed" + starttime=$(date +%T) + mkdir -p /opt/test/ + CHECK_RESULT $? 0 0 "create failed" + endtime=$(date +%T) + sleep 1 + ausearch -ts "${starttime}" -te "${endtime}" -f /opt -k opt_changes + CHECK_RESULT $? + LOG_INFO "End to run test." +} +function post_test() +{ + LOG_INFO "Start to restore the test environment." + auditctl -D + rm -rf /opt/test + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_monitor_do_command/oe_test_audit_monitor_do_command.sh b/testcases/package-test/audit/oe_test_audit_monitor_do_command/oe_test_audit_monitor_do_command.sh new file mode 100644 index 0000000..c995790 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_monitor_do_command/oe_test_audit_monitor_do_command.sh @@ -0,0 +1,50 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-15 15:40:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : monitor do command +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "start failed" + auditctl -D + CHECK_RESULT $? 0 0 "clean failed" + useradd Jevons + uid=$(id -u Jevons) + auditctl -a always,exit -S execve -F uid="${uid}" -k command + CHECK_RESULT $? 0 0 "add rule failed" + auditctl -l | grep -e "-a always,exit -S execve -F uid=${uid}" + CHECK_RESULT $? 0 0 "grep failed" + starttime=$(date +%T) + su - Jevons -c "pwd" + CHECK_RESULT $? 0 0 "login failed" + endtime=$(date +%T) + ausearch -ts "${starttime}" -te "${endtime}" -k command |grep pwd + CHECK_RESULT $? + LOG_INFO "End to run test." +} +function post_test() +{ + fOG_INFO "Start to restore the test environment." + userdel -rf Jevons + auditctl -D + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_monitor_file_access/oe_test_audit_monitor_file_access.sh b/testcases/package-test/audit/oe_test_audit_monitor_file_access/oe_test_audit_monitor_file_access.sh new file mode 100644 index 0000000..0e458b7 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_monitor_file_access/oe_test_audit_monitor_file_access.sh @@ -0,0 +1,57 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-14 16:29:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : monitor file access +##################################### + +#source ${OET_PATH}/libs/locallibs/common_lib.sh +source /root/test-tools/mugen/libs/locallibs/common_lib.sh +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "service start failed" + auditctl -D + CHECK_RESULT $? 0 0 "delete rules failed" + auditctl -w /etc/passwd -p wa -k passwd_changes + auditctl -l | grep -e "-w /etc/passwd -p wa -k passwd_changes" + CHECK_RESULT $? 0 0 "catch failed" + starttime=$(date +%T) + useradd "Jevons" + CHECK_RESULT $? 0 0 "useradd failed" + endtime=$(date +%T) + for ((i=0;i,10;i++));do + ausearch -ts "${starttime}" -te "${endtime}" -k passwd_changes + if [[ $? -ne 0 ]];then + sleep 1 + else + break + fi + done + if [[ $i -eq 10 ]];then + return 1 + fi + LOG_INFO "End to run test." +} +function post_test() +{ + LOG_INFO "Start to restore the test environment." + userdel "Jevons" + auditctl -D + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_monitor_network_visit/oe_test_audit_monitor_network_visit.sh b/testcases/package-test/audit/oe_test_audit_monitor_network_visit/oe_test_audit_monitor_network_visit.sh new file mode 100644 index 0000000..d6ab6f5 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_monitor_network_visit/oe_test_audit_monitor_network_visit.sh @@ -0,0 +1,65 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : monitor network visit +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + SSH_CMD "useradd Jevons" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + SSH_CMD "echo HUAWEI666 | passwd Jevons --stdin" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + LOG_INFO "End to prepare the test environment." +} +function run_test() +{ + LOG_INFO "Start to run test." + SSH_CMD "systemctl start auditd" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + SSH_CMD "auditctl -D" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + starttime=$(SSH_CMD "date +%T" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER") + expect < /tmp/log.log 2>&1 & " "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + sleep 5 + SSH_SCP "$NODE1_USER"@"$NODE1_IPV4":/tmp/log.log /tmp/ "$NODE1_PAWWORD" + cat < /tmp/log.log |grep "" + CHECK_RESULT $? 1 0 + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + SSH_CMD "userdel Jevons" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + SSH_CMD "rm -rf /tmp/log.log" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + rm -rf /tmp/log.log + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_monitor_security_event/oe_test_audit_monitor_security_event.sh b/testcases/package-test/audit/oe_test_audit_monitor_security_event/oe_test_audit_monitor_security_event.sh new file mode 100644 index 0000000..2b8ffb2 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_monitor_security_event/oe_test_audit_monitor_security_event.sh @@ -0,0 +1,64 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : monitor security event +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + SSH_CMD "useradd Jevonsfirst" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + SSH_CMD "echo HUAWEI666 | passwd Jevons --stdin" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + LOG_INFO "End to prepare the test environment." +} +function run_test() +{ + LOG_INFO "Start to run test." + SSH_CMD "systemctl start auditd" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + SSH_CMD "auditctl -D" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + starttime=$(SSH_CMD "date +%T" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER") + expect < /tmp/log.log 2>&1 & " "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + sleep 5 + SSH_SCP "$NODE1_USER"@"$NODE1_IPV4":/tmp/log.log /tmp/ "$NODE1_PAWWORD" + cat < /tmp/log.log |grep "" + CHECK_RESULT $? 1 0 + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + SSH_CMD "userdel Jevons" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + SSH_CMD "rm -rf /tmp/log.log" "$NODE1_IPV4" "$NODE1_PASSWORD" "$NODE1_USER" + rm -rf /tmp/log.log + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_monitor_system_use/oe_test_audit_monitor_system_use.sh b/testcases/package-test/audit/oe_test_audit_monitor_system_use/oe_test_audit_monitor_system_use.sh new file mode 100644 index 0000000..29008b7 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_monitor_system_use/oe_test_audit_monitor_system_use.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-15 15:40:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : monitor system use +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "start failed" + auditctl -D + CHECK_RESULT $? 0 0 "clean failed" + useradd Jevons + uid=$(id -u Jevons) + auditctl -a always,exit -S all -F uid="${uid}" -k syscall + CHECK_RESULT $? 0 0 "add rule failed" + auditctl -l | grep -e "-a always,exit -S all -F uid=${uid}" + CHECK_RESULT $? 0 0 "grep failed" + starttime=$(date +%T) + su - Jevons -c "pwd" + CHECK_RESULT $? 0 0 "login failed" + endtime=$(date +%T) + ausearch -ts "${starttime}" -te "${endtime}" -k syscall | grep pwd + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + userdel -rf Jevons + auditctl -D + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_rule_conflict_strategy/oe_test_audit_rule_conflict_strategy.sh b/testcases/package-test/audit/oe_test_audit_rule_conflict_strategy/oe_test_audit_rule_conflict_strategy.sh new file mode 100644 index 0000000..bcfd217 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_rule_conflict_strategy/oe_test_audit_rule_conflict_strategy.sh @@ -0,0 +1,55 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : rule conflict strategy +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "failed" + auditctl -D + CHECK_RESULT $? 0 0 "failed" + useradd Jevons + uid=$(id -u Jevons) + auditctl -a always,exit -S all -F uid="${uid}" -k syscall + CHECK_RESULT $? 0 0 "failed" + auditctl -l | grep -e "-a always,exit -S all -F uid=${uid}" + CHECK_RESULT $? 0 0 "failed" + auditctl -A never,task + CHECK_RESULT $? 0 0 "failed" + auditctl -l | grep -e "-a never,task" + CHECK_RESULT $? 0 0 "failed" + starttime=$(date +%T) + su - Jevons -c "pwd" + CHECK_RESULT $? 0 0 "failed" + endtime=$(date +%T) + ausearch -k syscall -ts ${starttime} -te ${endtime} -x pwd + CHECK_RESULT $? 1 0 "failed" + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + auditctl -D + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_rule_contact_strategy/oe_test_audit_rule_contact_strategy.sh b/testcases/package-test/audit/oe_test_audit_rule_contact_strategy/oe_test_audit_rule_contact_strategy.sh new file mode 100644 index 0000000..126ed2e --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_rule_contact_strategy/oe_test_audit_rule_contact_strategy.sh @@ -0,0 +1,65 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : rule contact strategy +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "start failed" + service auditd status | grep running + CHECK_RESULT $? 0 0 "grep failed" + auditctl -D + CHECK_RESULT $? 0 0 "delete failed" + auditctl -w /etc/passwd -p ra -k tail + auditctl -l | grep -e "-w /etc/passwd -p ra -k tail" + auditctl -A always,exit -F path=/etc/passwd -F perm=ra -k head + CHECK_RESULT $? 0 0 "add rules failed" + auditctl -l | grep -e "-w /etc/passwd -p ra -k head" + CHECK_RESULT $? 0 0 "grep failed" + for ((i=0;i<10;i++)); do + starttime=$(date +%T) + cat /etc/passwd + CHECK_RESULT $? + endtime=$(date +%T) + ausearch -k head -ts "${starttime}" -te "${endtime}" -x cat + head_ret=$? + ausearch -k tail -ts "${starttime}" -te "${endtime}" -x cat + tail_ret=$? + if [ $head_ret -eq 0 ] && [ $tail_ret -ne 0 ]; then + break + else + sleep 1 + fi + done + if [ $i -eq 10 ]; then + CHECK_RESULT 1 0 0 + fi + LOG_INFO "End to run test." +} +function post_test() +{ + LOG_INFO "Start to restore the test environment." + auditctl -D + + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_rule_fetch_from_rule/oe_test_audit_rule_fetch_from_rule.sh b/testcases/package-test/audit/oe_test_audit_rule_fetch_from_rule/oe_test_audit_rule_fetch_from_rule.sh new file mode 100644 index 0000000..93b0993 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_rule_fetch_from_rule/oe_test_audit_rule_fetch_from_rule.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : rule fetch from file +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + echo "-w /etc/passwd -p wa -k passwd_changes" >>/opt/test.rules + CHECK_RESULT $? 0 0 + LOG_INFO "End to prepare the test environment." +} + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 + auditctl -D + CHECK_RESULT $? 0 0 + auditctl -R /opt/test.rules + auditctl -l | grep -e "-w /etc/passwd -p wa -k passwd_changes" + CHECK_RESULT $? 0 0 + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + auditctl -D + rm -rf /opt/test.rules + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_show_event_list/oe_test_audit_show_event_list.sh b/testcases/package-test/audit/oe_test_audit_show_event_list/oe_test_audit_show_event_list.sh new file mode 100644 index 0000000..679c135 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_show_event_list/oe_test_audit_show_event_list.sh @@ -0,0 +1,31 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : show event list +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 + aureport -e -ts today -te today + CHECK_RESULT $? 0 0 + LOG_INFO "End to run test." +} +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_track_designated_access/oe_test_audit_track_designated_access.sh b/testcases/package-test/audit/oe_test_audit_track_designated_access/oe_test_audit_track_designated_access.sh new file mode 100644 index 0000000..022dfce --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_track_designated_access/oe_test_audit_track_designated_access.sh @@ -0,0 +1,36 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : track designated proc +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "start failed" + auditctl -D + CHECK_RESULT $? 0 0 "delete failed" + record=$(autrace /usr/bin/ls | grep ausearch | awk -F "'" '{print $2}' ) + CHECK_RESULT $? 0 0 "awk failed" + $record + CHECK_RESULT $? 0 0 "search failed" + LOG_INFO "End to run test." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_use_d_audit/oe_test_audit_use_d_audit.sh b/testcases/package-test/audit/oe_test_audit_use_d_audit/oe_test_audit_use_d_audit.sh new file mode 100644 index 0000000..7e44977 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_use_d_audit/oe_test_audit_use_d_audit.sh @@ -0,0 +1,41 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : use -d to audit +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECH_RESULT $? 0 0 "start failed" + auditctl -D + CHECK_RESULT $? 0 0 "delete failed" + auditctl -a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time_change + CHECK_RESULT $? 0 0 "add failed" + auditctl -l | grep -e "-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time_change" + sleep 1 + CHECK_RESULT $? 0 0 "grep failed" + auditctl -d always,exit -F arch=b64 -S adjtimex -S settimeofday -k time_change + CHECK_RESULT $? 0 0 "delete failed" + auditctl -l | grep -e "-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time_change" + CHECH_RESULT $? 1 0 "grep delete failed" + LOG_INFO "End to run test." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_use_w_audit/oe_test_audit_use_w_audit.sh b/testcases/package-test/audit/oe_test_audit_use_w_audit/oe_test_audit_use_w_audit.sh new file mode 100644 index 0000000..24143cc --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_use_w_audit/oe_test_audit_use_w_audit.sh @@ -0,0 +1,43 @@ +#!/usr/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : use -w to audit +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + auditctl -w /home -p wa -k home_changes + CHECK_RESULT $? 0 0 + auditctl -l | grep -e "-w /home -p wa -k home_changes" + CHECK_RESULT $? 0 0 "grep failed" + LOG_INFO "End to prepare the test environment." +} + +function run_test() +{ + LOG_INFO "Start to run test." + systemctl start auditd + CHECK_RESULT $? 0 0 "start failed" + auditctl -W /home -p wa -k home_changes + CHECK_RESULT $? 0 0 "delete failed" + auditctl -l | grep -e "-w /home -p wa -k home_changes" + CHECK_RESULT $? 1 0 "grep failed" + LOG_INFO "End to run test." +} +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_user_build_connection/1.txt b/testcases/package-test/audit/oe_test_audit_user_build_connection/1.txt new file mode 100644 index 0000000..efe2b7d --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_user_build_connection/1.txt @@ -0,0 +1,2 @@ +node=localhost.localdomain type=DAEMON_END msg=audit(1626055160.479:1349): op=terminate auid=0 pid=130324 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=success + diff --git a/testcases/package-test/audit/oe_test_audit_user_build_connection/audit_socket.c b/testcases/package-test/audit/oe_test_audit_user_build_connection/audit_socket.c new file mode 100644 index 0000000..360ec65 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_user_build_connection/audit_socket.c @@ -0,0 +1,101 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define SOCK_PATH "/usr/local/audit_sock" + +void writeLogLine(const char *fileName,const char *content) +{ + FILE *fp; + if((fp=fopen(fileName,"a"))==NULL) + { + printf("Open Failed.\n"); + return; + } + fprintf(fp,"%s\n",content); + fclose(fp); +} + + +int main(void) +{ + int fd,len; + struct sockaddr_un un; + + if((fd=socket(AF_UNIX,SOCK_STREAM,0))<0){ + printf("create unix sock error :%d\r\n",errno); + return -1; + } + + (void)memset(&un,0,sizeof(un)); + un.sun_family=AF_UNIX; + (void)strcpy(un.sun_path,SOCK_PATH); + + len=offsetof(struct sockaddr_un,sun_path)+strlen(un.sun_path); + (void)unlink(SOCK_PATH); + + if(bind(fd,(struct sockaddr *)&un,len)<0){ + printf("bind unix sock error : %d\r\n",errno); + close(fd); + return -1; + } + + if(chmod(SOCK_PATH,S_IRWXU)!=0){ + printf("chmod sock %s error : %d\r\n",SOCK_PATH,errno); + close(fd); + return -1; + } + + + (void)memset(&un,0,sizeof(un)); + un.sun_family=AF_UNIX; + (void)strcpy(un.sun_path,"/var/run/audispd_events"); + + len=offsetof(struct sockaddr_un,sun_path)+strlen(un.sun_path); + if(connect(fd,(struct sockaddr *)&un,len)<0){ + printf("connect sock error :%d\r\n",errno); + close(fd); + return -1; + } + + + + + + printf("start audisp plugin ok! fd=%d\r\n",fd); + + struct pollfd fds; + fds.fd=fd; + fds.events=POLLIN; + printf("start audit thread now!\r\n"); + int ind=0; + for(ind=0;ind<20;ind++){ + + + if(poll(&fds,1,1000)>0){ + int len=0; + sleep(2); + system("date"); + unsigned char buf[2048]={0}; + while(len=recv(fd,buf,sizeof(buf)-1,MSG_DONTWAIT)){ + if(len<0) + break; + writeLogLine("./1.txt",buf); + printf("%s\r\n",buf); + } + } + + system("echo OK >./wait_poll"); + + + } + return 0; +} diff --git a/testcases/package-test/audit/oe_test_audit_user_build_connection/oe_test_audit_user_build_connection.sh b/testcases/package-test/audit/oe_test_audit_user_build_connection/oe_test_audit_user_build_connection.sh new file mode 100644 index 0000000..b0ee682 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_user_build_connection/oe_test_audit_user_build_connection.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +# Copyright (c) 2021. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +#################################### +#@Author : Jevons +#@Contact : 1557927445@qq.com +#@Date : 2021-04-16 11:39:43 +#@License : Mulan PSL v2 +#@Version : 1.0 +#@Desc : user build connection +##################################### + +source ${OET_PATH}/libs/locallibs/common_lib.sh + +function pre_test() +{ + LOG_INFO "Start to prepare the test environment." + path=$(find / -name af_unix.conf) + sed -i 's/active = no/active = yes/g' "${path}" + service auditd restart + DNF_INSTALL gcc + gcc -o audit_socket audit_socket.c + LOG_INFO "End to prepare the test environment." +} + +function run_test() +{ + LOG_INFO "Start to run test." + nohup unbuffer ./audit_socket >log 2>&1 & + sleep 1 + cat log | grep "start audit thread now!" + CHECK_RESULT $? 0 0 "grep failed" + touch /home/test + auditctl -w /home/test -p a + { + chmod 777 /home/test + } + for ((i=0;i<15;i++));do + if [ -f 1.txt ]; then + break + fi + sleep 1 + done + if [ $i -eq 15 ];then + CHECK_RESULT 1 0 0 "i failed" + fi + if [ -f 1.txt ];then + grep "/home/test" 1.txt + if [ $? -ne 0 ];then + for ((j=0;j<30;j++));do + grep "/home/test" 1.txt + if [ $? -eq 0 ];then + break + fi + sleep 1 + done + if [ $j -eq 30 ];then + CHECK_RESULT 1 0 0 "grep j failed" + fi + fi + fi + LOG_INFO "End to run test." +} + +function post_test() +{ + LOG_INFO "Start to restore the test environment." + kill ${pid} + rm -rf log 1.txt audit_socket /home/test wait_poll + CHECK_RESULT $? 0 0 "failed to rm" + sed -i 's/active = yes/active = no/g' "${path}" + service auditd restart + auditctl -D + LOG_INFO "End to restore the test environment." +} + +main "$@" diff --git a/testcases/package-test/audit/oe_test_audit_user_build_connection/wait_poll b/testcases/package-test/audit/oe_test_audit_user_build_connection/wait_poll new file mode 100644 index 0000000..d86bac9 --- /dev/null +++ b/testcases/package-test/audit/oe_test_audit_user_build_connection/wait_poll @@ -0,0 +1 @@ +OK -- Gitee From f56f09a000ca38fab3e50d1dd30f6e51a0b60e6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=89=E9=93=A0=E6=BA=90?= Date: Wed, 14 Jul 2021 08:10:31 +0000 Subject: [PATCH 2/2] update testcases/package-test/audit/common/comlib.sh. --- testcases/package-test/audit/common/comlib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testcases/package-test/audit/common/comlib.sh b/testcases/package-test/audit/common/comlib.sh index 091fb72..02f85ad 100644 --- a/testcases/package-test/audit/common/comlib.sh +++ b/testcases/package-test/audit/common/comlib.sh @@ -7,7 +7,7 @@ function create_logfile(){ for((j=0;j<500;j++));do touch /home/auditd_test > /dev/null chmod 777 /home/auditd_test > /dev/null - rm -rf /home.auditd_test > /dev/null + rm -rf /home/auditd_test > /dev/null done auditctl -W /home/auditd_test -p rwxa } -- Gitee