diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2018-10-18 12:01:30 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-10-18 12:01:30 +0300 |
| commit | 532c1a9bb6b850122c34678545b14c73db931e45 (patch) | |
| tree | 12ecc2ed5d574682c6d69eeb70cdd87857834f9c /include/tests_mac_frameworks | |
| parent | 631853a924e9794dd89b6efc638c6c8204af780b (diff) | |
Add TOMOYO tests
Diffstat (limited to 'include/tests_mac_frameworks')
| -rw-r--r-- | include/tests_mac_frameworks | 72 |
1 files changed, 36 insertions, 36 deletions
diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 03d25666..ac1333bc 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -160,40 +160,9 @@ # ################################################################################# # - # Test : RBAC-6272 - # Description : Check if grsecurity is installed - # Notes : We already checked grsecurity in osdetection - Register --test-no RBAC-6272 --weight L --network NO --category security --description "Check grsecurity presence" - if [ ${SKIPTEST} -eq 0 ]; then - # Check Linux kernel configuration - if [ ! -z "${LINUXCONFIGFILE}" -a -f "${LINUXCONFIGFILE}" ]; then - FIND=$(${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}) - if [ ! "${FIND}" = "" ]; then - LogText "Result: grsecurity available (in kernel config)" - GRSEC_FOUND=1 - else - LogText "Result: no grsecurity found in kernel config" - fi - fi - if [ ${GRSEC_FOUND} -eq 1 ]; then - Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_FOUND}" --color GREEN - AddHP 3 3 - else - Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_NOT_FOUND}" --color WHITE - fi - if HasData "${GRADMBINARY}"; then - FIND=$(${GRADMBINARY} --status) - if [ "${FIND}" = "The RBAC system is currently enabled." ]; then - MAC_FRAMEWORK_ACTIVE=1 - fi - fi - fi -# -################################################################################# -# - # Test : CUST-0001 - # Description : Check if TOMOYO Linux is installed - Register --test-no CUST-0001 --weight L --network NO --category security --description "Check TOMOYO Linux presence" + # Test : MACF-6240 + # Description : Check if the tomoyo-init binary is available on the system + Register --test-no MACF-6240 --weight L --network NO --category security --description "Check TOMOYO Linux presence" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: checking if we have tomoyo-init binary" if [ -z "${TOMOYOINITBINARY}" ]; then @@ -209,10 +178,10 @@ # ################################################################################# # - # Test : CUST-0002 + # Test : MACF-6242 # Description : Check TOMOYO Linux status if [ ${TOMOYOFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status" + Register --test-no MACF-6242 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status" if [ ${SKIPTEST} -eq 0 ]; then FILE="/sys/kernel/security/tomoyo/stat" if [ -f ${FILE} ]; then @@ -231,6 +200,37 @@ # ################################################################################# # + # Test : RBAC-6272 + # Description : Check if grsecurity is installed + # Notes : We already checked grsecurity in osdetection + Register --test-no RBAC-6272 --weight L --network NO --category security --description "Check grsecurity presence" + if [ ${SKIPTEST} -eq 0 ]; then + # Check Linux kernel configuration + if [ ! -z "${LINUXCONFIGFILE}" -a -f "${LINUXCONFIGFILE}" ]; then + FIND=$(${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}) + if [ ! "${FIND}" = "" ]; then + LogText "Result: grsecurity available (in kernel config)" + GRSEC_FOUND=1 + else + LogText "Result: no grsecurity found in kernel config" + fi + fi + if [ ${GRSEC_FOUND} -eq 1 ]; then + Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_FOUND}" --color GREEN + AddHP 3 3 + else + Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_NOT_FOUND}" --color WHITE + fi + if HasData "${GRADMBINARY}"; then + FIND=$(${GRADMBINARY} --status) + if [ "${FIND}" = "The RBAC system is currently enabled." ]; then + MAC_FRAMEWORK_ACTIVE=1 + fi + fi + fi +# +################################################################################# +# # Test : MACF-6290 # Description : Check if at least one MAC framework is implemented Register --test-no MACF-6290 --weight L --network NO --category security --description "Check for implemented MAC framework" |