diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-11 20:57:45 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-11 20:57:45 +0300 |
commit | 38e6ff18d45081ef6d9185802a6db8656779a412 (patch) | |
tree | f0050ff89f4d7487569b0061180deac3dfa6560a | |
parent | 9a5647f66ce699c9a9d93e7c1b2ccec6d87703a4 (diff) |
Merge and initial changes for new tests FILE-6344 and FILE-6430
-rw-r--r-- | include/tests_filesystems | 68 |
1 files changed, 40 insertions, 28 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index 5c943a61..f5f1fc09 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -291,17 +291,24 @@ # ################################################################################# # - # Test : FILE-6337 - # Description : Check proc mount options (Linux >=3.3 only) + # Test : FILE-6344 + # Description : Check proc mount options (Linux >=3.3 only) # Examples : proc /proc proc defaults,hidepid=2 0 0 # Goal : Users should not be able to see processes of other users - - if [ -f /proc/version ] && [ "$(cat /proc/version | cut -d" " -f3)" \> "3.2" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FILE-6337 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Checking proc mount options" + if [ "${OS}" = "Linux" -a -f /proc/version ]; then + LINUX_KERNEL_MAJOR=$(echo $OS_KERNELVERSION | awk -F. '{print $1}') + LINUX_KERNEL_MINOR=$(echo $OS_KERNELVERSION | awk -F. '{print $2}') + if [ ! -z "${LINUX_KERNEL_MAJOR}" -a ! -z "${LINUX_KERNEL_MINOR}" ]; then + if [ ${LINUX_KERNEL_MAJOR} -ge 3 -a ${LINUX_KERNEL_MINOR} -ge 3 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + else + PREQS_MET="NO"; + fi + fi + Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking proc mount options" if [ ${SKIPTEST} -eq 0 ]; then # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least LogText "Test: check proc mount with incorrect mount options" - FIND=`mount | grep proc | egrep -o "hidepid=[0-9]"` + FIND=$(mount | ${EGREPBINARY} "^proc" | ${EGREPBINARY} -o "hidepid=[0-9]") if [ "${FIND}" = "hidepid=2" ]; then Display --indent 2 --text "- Testing proc mount" --result "${STATUS_OK}" --color GREEN LogText "Result: proc mount mounted with hidepid=2" @@ -310,8 +317,8 @@ HIDEPID1_SUGGESTION=" (or at least hidepid=1)" fi Display --indent 2 --text "- Testing proc mount" --result "${STATUS_SUGGESTION}" --color YELLOW - LogText "Result: proc file system not mounted with option hidepid=2$HIDEPID1_SUGGESTION" - ReportSuggestion ${TEST_NO} "Consider mounting /proc via /etc/fstab with mount option hidepid=2$HIDEPID1_SUGGESTION" + LogText "Result: /proc filesystem is not mounted with option hidepid=2" + #ReportSuggestion ${TEST_NO} "Consider mounting /proc via /etc/fstab with mount option hidepid=2" fi fi # @@ -677,34 +684,39 @@ Register --test-no FILE-6430 --weight L --network NO --description "Disable mounting of some filesystems" if [ ${SKIPTEST} -eq 0 ]; then if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then - Display --indent 2 --text "- Disable mounting of some filesystems" + Display --indent 2 --text "- Disable kernel support of some filesystems" LIST_FS_NOT_SUPPORTED="cramfs freevxfs hfs hfsplus jffs2 squashfs udf" + FOUND=0 + AVAILABLE_FS="" for FS in ${LIST_FS_NOT_SUPPORTED}; do - Display --indent 4 --text "- Disable mounting of ${FS} filesystem" - LogText "Test: Checking if ${FS} is not present in loaded modules" - # Check if FS is present in lsmod output - FIND=`${LSMODBINARY} | ${EGREPBINARY} "^${FS}"` - if [ -z "${FIND}" ]; then - LogText "Result: module ${FS} not loaded in the kernel" - Display --indent 6 --text "- Module ${FS} not loaded in the kernel" --result OK --color GREEN - AddHP 2 2 - else - LogText "Result: module ${FS} loaded in the kernel" - Display --indent 6 --text "- Module $FS loaded in the kernel" --result "FOUND" --color YELLOW - AddHP 2 5 - fi - # Check if FS is present in modprobe output + # Check if filesystem is present in modprobe output FIND=`${MODPROBEBINARY} -v -n $FS 2>/dev/null | ${EGREPBINARY} "/${FS}.ko" | tail -1` if [ ! -z "${FIND}" ]; then LogText "Result: found module support in kernel: ${FIND}" - Display --indent 6 --text "- Module ${FS} present in the kernel" --result "FOUND" --color YELLOW - AddHP 2 3 + Debug "Module ${FS} present in the kernel" + LogText "Test: Checking if ${FS} is active" + # Check if FS is present in lsmod output + FIND=`${LSMODBINARY} | ${EGREPBINARY} "^${FS}"` + if [ -z "${FIND}" ]; then + LogText "Result: module ${FS} is not loaded in the kernel" + AddHP 2 3 + #Display --indent 6 --text "- Module ${FS} not loaded (lsmod)" --result OK --color GREEN + # Tip to disable a particular module if it is not loaded + #ReportSuggestion ${TEST_NO} "The modprobe.d directory should contain a file with the entry 'install ${FS} /bin/true'" + FOUND=1 + AVAILABLE_MODPROBE_FS="${AVAILABLE_MODPROBE_FS}${FS} " + else + LogText "Result: module ${FS} is loaded in the kernel" + Display --indent 4 --text "- Module $FS loaded in the kernel (lsmod)" --result "FOUND" --color WHITE + fi else - AddHP 2 2 - Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN - #ReportSuggestion ${TEST_NO} "The modprobe.d directory should contain a file with the entry 'install ${FS} /bin/true'" + AddHP 3 3 + #Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN fi done + if [ ${FOUND} -eq 1 ]; then + Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" + fi else LogText "Test skipped lsmod binary not found or /proc/modules can not be opened" fi |