diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2018-10-18 12:01:30 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-10-18 12:01:30 +0300 |
commit | 532c1a9bb6b850122c34678545b14c73db931e45 (patch) | |
tree | 12ecc2ed5d574682c6d69eeb70cdd87857834f9c | |
parent | 631853a924e9794dd89b6efc638c6c8204af780b (diff) |
Add TOMOYO tests
-rw-r--r-- | db/tests.db | 2 | ||||
-rw-r--r-- | include/tests_mac_frameworks | 72 |
2 files changed, 38 insertions, 36 deletions
diff --git a/db/tests.db b/db/tests.db index 79c211b9..a8198566 100644 --- a/db/tests.db +++ b/db/tests.db @@ -210,6 +210,8 @@ MACF-6204:test:security:mac_frameworks::Check AppArmor presence: MACF-6208:test:security:mac_frameworks::Check if AppArmor is enabled: MACF-6232:test:security:mac_frameworks::Check SELINUX presence: MACF-6234:test:security:mac_frameworks::Check SELINUX status: +MACF-6240:test:security:mac_frameworks::Detection of TOMOYO binary: +MACF-6242:test:security:mac_frameworks::Status of TOMOYO MAC framework: MACF-6290:test:security:mac_frameworks::Check for implemented MAC framework: MAIL-8802:test:security:mail_messaging::Check Exim status: MAIL-8804:test:security:mail_messaging::Exim configuration: diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 03d25666..ac1333bc 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -160,40 +160,9 @@ # ################################################################################# # - # Test : RBAC-6272 - # Description : Check if grsecurity is installed - # Notes : We already checked grsecurity in osdetection - Register --test-no RBAC-6272 --weight L --network NO --category security --description "Check grsecurity presence" - if [ ${SKIPTEST} -eq 0 ]; then - # Check Linux kernel configuration - if [ ! -z "${LINUXCONFIGFILE}" -a -f "${LINUXCONFIGFILE}" ]; then - FIND=$(${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}) - if [ ! "${FIND}" = "" ]; then - LogText "Result: grsecurity available (in kernel config)" - GRSEC_FOUND=1 - else - LogText "Result: no grsecurity found in kernel config" - fi - fi - if [ ${GRSEC_FOUND} -eq 1 ]; then - Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_FOUND}" --color GREEN - AddHP 3 3 - else - Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_NOT_FOUND}" --color WHITE - fi - if HasData "${GRADMBINARY}"; then - FIND=$(${GRADMBINARY} --status) - if [ "${FIND}" = "The RBAC system is currently enabled." ]; then - MAC_FRAMEWORK_ACTIVE=1 - fi - fi - fi -# -################################################################################# -# - # Test : CUST-0001 - # Description : Check if TOMOYO Linux is installed - Register --test-no CUST-0001 --weight L --network NO --category security --description "Check TOMOYO Linux presence" + # Test : MACF-6240 + # Description : Check if the tomoyo-init binary is available on the system + Register --test-no MACF-6240 --weight L --network NO --category security --description "Check TOMOYO Linux presence" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: checking if we have tomoyo-init binary" if [ -z "${TOMOYOINITBINARY}" ]; then @@ -209,10 +178,10 @@ # ################################################################################# # - # Test : CUST-0002 + # Test : MACF-6242 # Description : Check TOMOYO Linux status if [ ${TOMOYOFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status" + Register --test-no MACF-6242 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status" if [ ${SKIPTEST} -eq 0 ]; then FILE="/sys/kernel/security/tomoyo/stat" if [ -f ${FILE} ]; then @@ -231,6 +200,37 @@ # ################################################################################# # + # Test : RBAC-6272 + # Description : Check if grsecurity is installed + # Notes : We already checked grsecurity in osdetection + Register --test-no RBAC-6272 --weight L --network NO --category security --description "Check grsecurity presence" + if [ ${SKIPTEST} -eq 0 ]; then + # Check Linux kernel configuration + if [ ! -z "${LINUXCONFIGFILE}" -a -f "${LINUXCONFIGFILE}" ]; then + FIND=$(${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}) + if [ ! "${FIND}" = "" ]; then + LogText "Result: grsecurity available (in kernel config)" + GRSEC_FOUND=1 + else + LogText "Result: no grsecurity found in kernel config" + fi + fi + if [ ${GRSEC_FOUND} -eq 1 ]; then + Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_FOUND}" --color GREEN + AddHP 3 3 + else + Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_NOT_FOUND}" --color WHITE + fi + if HasData "${GRADMBINARY}"; then + FIND=$(${GRADMBINARY} --status) + if [ "${FIND}" = "The RBAC system is currently enabled." ]; then + MAC_FRAMEWORK_ACTIVE=1 + fi + fi + fi +# +################################################################################# +# # Test : MACF-6290 # Description : Check if at least one MAC framework is implemented Register --test-no MACF-6290 --weight L --network NO --category security --description "Check for implemented MAC framework" |