diff options
| author | Deon Spengler <deonspengler@users.noreply.github.com> | 2018-10-17 15:20:52 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-10-17 15:20:52 +0300 |
| commit | 72796f57574bfc0e31051bd2e3602fd9531bbae9 (patch) | |
| tree | 6037d6bd4111c57932e369ef356ddba2692b66e8 | |
| parent | 823ebd8268ea603a00b4c582b95eb43449948b3c (diff) | |
Added support for TOMOYO Linux Mandatory Access Control (#589)
* Added binary for TOMOYO Linux
* Added support for TOMOYO Linux Mandatory Access Control
| -rw-r--r-- | include/binaries | 1 | ||||
| -rw-r--r-- | include/tests_mac_frameworks | 41 |
2 files changed, 42 insertions, 0 deletions
diff --git a/include/binaries b/include/binaries index cfa2f5fd..a33e610f 100644 --- a/include/binaries +++ b/include/binaries @@ -225,6 +225,7 @@ syslog-ng) SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;; systemctl) SYSTEMCTLBINARY="${BINARY}"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;; timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;; + tomoyo-init) TOMOYOINITBINARY=${BINARY}; LogText " Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;; tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;; tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;; tune2fs) TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;; diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 16971c22..03d25666 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -22,6 +22,7 @@ MAC_FRAMEWORK_ACTIVE=0 # Default no MAC framework active RBAC_FRAMEWORK_ACTIVE=0 # Default no RBAC framework active SELINUXFOUND=0 + TOMOYOFOUND=0 InsertSection "Security frameworks" # @@ -190,6 +191,46 @@ # ################################################################################# # + # Test : CUST-0001 + # Description : Check if TOMOYO Linux is installed + Register --test-no CUST-0001 --weight L --network NO --category security --description "Check TOMOYO Linux presence" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: checking if we have tomoyo-init binary" + if [ -z "${TOMOYOINITBINARY}" ]; then + TOMOYOFOUND=0 + LogText "Result: tomoyo-init binary not found" + Display --indent 2 --text "- Checking presence TOMOYO Linux" --result "${STATUS_NOT_FOUND}" --color WHITE + else + TOMOYOFOUND=1 + LogText "Result: tomoyo-init binary found" + Display --indent 2 --text "- Checking presence TOMOYO Linux" --result "${STATUS_FOUND}" --color GREEN + fi + fi +# +################################################################################# +# + # Test : CUST-0002 + # Description : Check TOMOYO Linux status + if [ ${TOMOYOFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status" + if [ ${SKIPTEST} -eq 0 ]; then + FILE="/sys/kernel/security/tomoyo/stat" + if [ -f ${FILE} ]; then + MAC_FRAMEWORK_ACTIVE=1 + LogText "Result: TOMOYO Linux is enabled" + Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN + Report "tomoyo_enabled=1" + AddHP 3 3 + else + LogText "Result: TOMOYO Linux is disabled" + Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_DISABLED}" --color YELLOW + Report "tomoyo_enabled=0" + AddHP 0 3 + fi + fi +# +################################################################################# +# # Test : MACF-6290 # Description : Check if at least one MAC framework is implemented Register --test-no MACF-6290 --weight L --network NO --category security --description "Check for implemented MAC framework" |