From 73485c2038aafa589f3a1a8efd26805db1083ad3 Mon Sep 17 00:00:00 2001 From: Dalibor Pospisil Date: Tue, 5 Dec 2023 20:30:32 +0100 Subject: [PATCH 1/6] Regression/io-log-escapes: first version --- Regression/io-log-escapes/main.fmf | 11 +++ Regression/io-log-escapes/runtest.sh | 107 +++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 Regression/io-log-escapes/main.fmf create mode 100755 Regression/io-log-escapes/runtest.sh diff --git a/Regression/io-log-escapes/main.fmf b/Regression/io-log-escapes/main.fmf new file mode 100644 index 0000000..72394ef --- /dev/null +++ b/Regression/io-log-escapes/main.fmf @@ -0,0 +1,11 @@ +description: test loggin of the terminal control characters +contact: Dalibor Pospíšil +test: ./runtest.sh +require+: + - library(sudo/common) + - library(distribution/tcf) + - library(distribution/Cleanup) + - library(distribution/testUser) + - url: https://github.com/RedHat-SP-Security/rsyslog-tests.git + name: /Library/basic + type: library diff --git a/Regression/io-log-escapes/runtest.sh b/Regression/io-log-escapes/runtest.sh new file mode 100755 index 0000000..d72e742 --- /dev/null +++ b/Regression/io-log-escapes/runtest.sh @@ -0,0 +1,107 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/sudo/Sanity/io-logging +# Description: Test tries several sudoers options stored in ldap. It tries both ways howto get them - native sudo-ldap and sssd. +# Author: David Spurek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2014 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || : +. /usr/share/beakerlib/beakerlib.sh || exit 1 + + +rlJournalStart && { + rlPhaseStartSetup && { + rlRun "rlImport --all" || rlDie 'cannot continue' + # Check reqiured packages. + rlRun "rlCheckMakefileRequires" || rlDie "cannot continue" + + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'" + CleanupRegister 'rlRun "popd"' + rlRun "pushd $TmpDir" + CleanupRegister 'rlRun "rsyslogCleanup"' + rlRun "rsyslogSetup" + CleanupRegister 'rlRun "sudoCleanup"' + rlRun "sudoSetup" + CleanupRegister 'rlRun "rlFileRestore"' + rlRun "rlFileBackup --clean /var/log/sudo.log /var/log/sudo-io/ /etc/nslcd.conf" + + rm -f /var/log/sudo.log + rm -rf /var/log/sudo-io + + CleanupRegister 'rlRun "testUserCleanup"' + rlRun "testUserSetup" + + rlRun "sudoSwitchProvider files" + rlRun "cat /etc/nsswitch.conf" + rlRun "sudoAddSudoRule --nowait 'defaults'" + exclam='!' + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' '${exclam}authenticate'" + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' '${exclam}requiretty'" + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_output'" + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_input'" + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'iolog_dir=/var/log/sudo-io'" + #rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_format=json'" + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'logfile=/var/log/sudo.log'" + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'syslog=authpriv'" + + rlRun "sudoAddSudoRule --nowait 'rule_allow'" + rlRun "sudoAddOptionToSudoRule --nowait 'rule_allow' 'sudoHost' 'ALL'" + rlRun "sudoAddOptionToSudoRule --nowait 'rule_allow' 'sudoUser' '$testUser'" + rlRun "sudoAddOptionToSudoRule --nowait 'rule_allow' 'sudoCommand' 'ALL'" + rlRun "cat /etc/sudoers" + rsyslogResetLogFilePointer /var/log/secure + rlPhaseEnd; } + + rlPhaseStartTest 'sudo format' && { + rm -f /var/log/sudo.log + rlRun "su - $testUser -c 'cp /bin/ls \"./my ls\"'" 0 + rlRun "su - $testUser -c 'sudo \"./my ls\"'" 0 + sleep 3 + rlRun -s "rsyslogCatLogFileFromPointer /var/log/secure" + rlAssertGrep 'my#040ls' $rlRun_LOG + rlRun -s "cat /var/log/sudo.log" + rlAssertGrep 'my#040ls' $rlRun_LOG + rlRun -s "sudoreplay -l" + rlAssertGrep 'my#040ls' $rlRun_LOG + rlPhaseEnd; } + + rlPhaseStartTest 'json format' && { + rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_format=json'" + rm -f /var/log/sudo.log + rlRun "su - $testUser -c 'cp /bin/ls \"./my ls\"'" 0 + rlRun "su - $testUser -c 'sudo \"./my ls\"'" 0 + sleep 3 + rlRun -s "cat /var/log/sudo.log" + rlAssertGrep 'my ls' $rlRun_LOG + rlRun -s "sudoreplay -l" + rlAssertGrep 'my#040ls' $rlRun_LOG + rlPhaseEnd; } + + rlPhaseStartCleanup && { + CleanupDo + rlPhaseEnd; } + rlJournalPrintText +rlJournalEnd; } From e11e6689a32e2b8af6d87cb4d40b5c922a6a7a4f Mon Sep 17 00:00:00 2001 From: Dalibor Pospisil Date: Tue, 5 Dec 2023 20:31:04 +0100 Subject: [PATCH 2/6] define a testing library dependency as a default for all tests --- main.fmf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.fmf b/main.fmf index 0d615d7..833ef58 100644 --- a/main.fmf +++ b/main.fmf @@ -2,4 +2,7 @@ component: - sudo require: - sudo + - url: https://github.com/RedHat-SP-Security/sudo-tests.git + name: /Library/common + type: library framework: beakerlib From 75c7923b5a1a556b786fd02e9c0132ccd51202fb Mon Sep 17 00:00:00 2001 From: Dalibor Pospisil Date: Thu, 25 Jan 2024 13:56:34 +0100 Subject: [PATCH 3/6] Regression/io-log-escapes: removed unnecessary library reference --- Regression/io-log-escapes/main.fmf | 1 - 1 file changed, 1 deletion(-) diff --git a/Regression/io-log-escapes/main.fmf b/Regression/io-log-escapes/main.fmf index 72394ef..d3a6924 100644 --- a/Regression/io-log-escapes/main.fmf +++ b/Regression/io-log-escapes/main.fmf @@ -2,7 +2,6 @@ description: test loggin of the terminal control characters contact: Dalibor Pospíšil test: ./runtest.sh require+: - - library(sudo/common) - library(distribution/tcf) - library(distribution/Cleanup) - library(distribution/testUser) From 1717395e828c47b03a8eb87492d6965aaa3559f1 Mon Sep 17 00:00:00 2001 From: Dalibor Pospisil Date: Thu, 25 Jan 2024 13:57:54 +0100 Subject: [PATCH 4/6] Regression/io-log-escapes: added tickets references --- Regression/io-log-escapes/main.fmf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Regression/io-log-escapes/main.fmf b/Regression/io-log-escapes/main.fmf index d3a6924..de3f615 100644 --- a/Regression/io-log-escapes/main.fmf +++ b/Regression/io-log-escapes/main.fmf @@ -8,3 +8,21 @@ require+: - url: https://github.com/RedHat-SP-Security/rsyslog-tests.git name: /Library/basic type: library +link: + - verifies: https://issues.redhat.com/browse/RHEL-1505 + - verifies: https://issues.redhat.com/browse/RHEL-9717 + - verifies: https://issues.redhat.com/browse/RHEL-21827 + - verifies: https://issues.redhat.com/browse/RHEL-21829 + - verifies: https://issues.redhat.com/browse/RHEL-21830 + - verifies: https://issues.redhat.com/browse/RHEL-21831 + - verifies: https://issues.redhat.com/browse/RHEL-21832 + - verifies: https://issues.redhat.com/browse/RHEL-21833 + - verifies: https://issues.redhat.com/browse/RHEL-21834 + - verifies: https://issues.redhat.com/browse/RHEL-1506 + - verifies: https://issues.redhat.com/browse/RHEL-9716 + - verifies: https://issues.redhat.com/browse/RHEL-21823 + - verifies: https://issues.redhat.com/browse/RHEL-21824 + - verifies: https://issues.redhat.com/browse/RHEL-21825 + - verifies: https://issues.redhat.com/browse/RHEL-21826 + - verifies: https://issues.redhat.com/browse/RHEL-21827 + - verifies: https://issues.redhat.com/browse/RHEL-21828 From ebd375c37c4d6b002249a0be0628f2bd369195be Mon Sep 17 00:00:00 2001 From: Dalibor Pospisil Date: Thu, 25 Jan 2024 14:00:10 +0100 Subject: [PATCH 5/6] Regression/io-log-escapes: removed commented out line --- Regression/io-log-escapes/runtest.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/Regression/io-log-escapes/runtest.sh b/Regression/io-log-escapes/runtest.sh index d72e742..ee96fe8 100755 --- a/Regression/io-log-escapes/runtest.sh +++ b/Regression/io-log-escapes/runtest.sh @@ -63,7 +63,6 @@ rlJournalStart && { rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_output'" rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_input'" rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'iolog_dir=/var/log/sudo-io'" - #rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_format=json'" rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'logfile=/var/log/sudo.log'" rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'syslog=authpriv'" From df4c712ce334010181b4c4f677ac008a074f4805 Mon Sep 17 00:00:00 2001 From: Dalibor Pospisil Date: Thu, 25 Jan 2024 14:00:49 +0100 Subject: [PATCH 6/6] Regression/io-log-escapes: fixed year --- Regression/io-log-escapes/runtest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Regression/io-log-escapes/runtest.sh b/Regression/io-log-escapes/runtest.sh index ee96fe8..943e44c 100755 --- a/Regression/io-log-escapes/runtest.sh +++ b/Regression/io-log-escapes/runtest.sh @@ -8,7 +8,7 @@ # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2014 Red Hat, Inc. +# Copyright (c) 2024 Red Hat, Inc. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms