diff options
author | Deon Spengler <deonspengler@users.noreply.github.com> | 2018-10-17 15:20:52 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-10-17 15:20:52 +0300 |
commit | 72796f57574bfc0e31051bd2e3602fd9531bbae9 (patch) | |
tree | 6037d6bd4111c57932e369ef356ddba2692b66e8 /include/tests_mac_frameworks | |
parent | 823ebd8268ea603a00b4c582b95eb43449948b3c (diff) |
Added support for TOMOYO Linux Mandatory Access Control (#589)
* Added binary for TOMOYO Linux
* Added support for TOMOYO Linux Mandatory Access Control
Diffstat (limited to 'include/tests_mac_frameworks')
-rw-r--r-- | include/tests_mac_frameworks | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 16971c22..03d25666 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -22,6 +22,7 @@ MAC_FRAMEWORK_ACTIVE=0 # Default no MAC framework active RBAC_FRAMEWORK_ACTIVE=0 # Default no RBAC framework active SELINUXFOUND=0 + TOMOYOFOUND=0 InsertSection "Security frameworks" # @@ -190,6 +191,46 @@ # ################################################################################# # + # Test : CUST-0001 + # Description : Check if TOMOYO Linux is installed + Register --test-no CUST-0001 --weight L --network NO --category security --description "Check TOMOYO Linux presence" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: checking if we have tomoyo-init binary" + if [ -z "${TOMOYOINITBINARY}" ]; then + TOMOYOFOUND=0 + LogText "Result: tomoyo-init binary not found" + Display --indent 2 --text "- Checking presence TOMOYO Linux" --result "${STATUS_NOT_FOUND}" --color WHITE + else + TOMOYOFOUND=1 + LogText "Result: tomoyo-init binary found" + Display --indent 2 --text "- Checking presence TOMOYO Linux" --result "${STATUS_FOUND}" --color GREEN + fi + fi +# +################################################################################# +# + # Test : CUST-0002 + # Description : Check TOMOYO Linux status + if [ ${TOMOYOFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status" + if [ ${SKIPTEST} -eq 0 ]; then + FILE="/sys/kernel/security/tomoyo/stat" + if [ -f ${FILE} ]; then + MAC_FRAMEWORK_ACTIVE=1 + LogText "Result: TOMOYO Linux is enabled" + Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN + Report "tomoyo_enabled=1" + AddHP 3 3 + else + LogText "Result: TOMOYO Linux is disabled" + Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_DISABLED}" --color YELLOW + Report "tomoyo_enabled=0" + AddHP 0 3 + fi + fi +# +################################################################################# +# # Test : MACF-6290 # Description : Check if at least one MAC framework is implemented Register --test-no MACF-6290 --weight L --network NO --category security --description "Check for implemented MAC framework" |