diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2020-04-12 17:22:22 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-12 17:22:22 +0300 |
| commit | ce3c80b44f418e28503e1aecaeb87c170d0c811c (patch) | |
| tree | 7dd41120c967c6db48d757484f230e8baf5a4893 /include/tests_crypto | |
| parent | a16669119979927cda4317889d94bf744ec1cc4f (diff) | |
| parent | 5c5cc43c6f7effe83adc8eeb65e7202e5ce10a73 (diff) | |
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices
Check if system uses encrypted swap devices
Diffstat (limited to 'include/tests_crypto')
| -rw-r--r-- | include/tests_crypto | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/include/tests_crypto b/include/tests_crypto index e449f195..02fa0a80 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -174,6 +174,31 @@ # ################################################################################# # + # Test : CRYP-7931 + # Description : Determine if system uses encrypted swap + if [ -e "${SWAPONBINARY}" -a -e "${CRYPTSETUPBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no CRYP-7931 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Determine if system uses encrypted swap" + if [ ${SKIPTEST} -eq 0 ]; then + ENCRYPTED_SWAPS=0 + UNENCRYPTED_SWAPS=0 + SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings) + for BLOCK_DEV in ${SWAPS}; do + if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then + LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" + ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1)) + elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" | ${GREPBINARY} --quiet "cipher:"; then + LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" + ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1)) + else + LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}" + UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1)) + fi + done + Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE + fi +# +################################################################################# +# # Test : CRYP-8002 # Description : Gather available kernel entropy Register --test-no CRYP-8002 --os Linux --weight L --network NO --root-only NO --category security --description "Gather available kernel entropy" |