diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-30 18:59:35 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-30 18:59:35 +0300 |
commit | 4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 (patch) | |
tree | 282f5a4e9e3530ada04d00bda3e8ac118cf70bbd /include/tests_networking | |
parent | 5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (diff) |
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests
Diffstat (limited to 'include/tests_networking')
-rw-r--r-- | include/tests_networking | 85 |
1 files changed, 40 insertions, 45 deletions
diff --git a/include/tests_networking b/include/tests_networking index d5a93d8e..ddb846d2 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -216,7 +216,6 @@ Register --test-no NETW-3004 --weight L --network NO --category security --description "Search for available network interfaces" if [ ${SKIPTEST} -eq 0 ]; then FIND="" - N=0 case ${OS} in AIX) FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${GREPBINARY} "flags=" | ${AWKBINARY} -F ":" '{ print $1 }') @@ -239,12 +238,11 @@ ReportException "${TEST_NO}:1" "No support for this OS (${OS}) to find available network interfaces" ;; esac - if [ ! -z "${FIND}" ]; then - for I in ${FIND}; do - NETWORK_INTERFACES="${NETWORK_INTERFACES}|${I}" - LogText "Found network interface: ${I}" - N=$((N + 1)) - Report "network_interface[]=${I}" + if HasData "${FIND}"; then + for ITEM in ${FIND}; do + NETWORK_INTERFACES="${NETWORK_INTERFACES}|${ITEM}" + LogText "Found network interface: ${ITEM}" + Report "network_interface[]=${ITEM}" done else ReportException "${TEST_NO}:1" "No interfaces found on this system (OS=${OS})" @@ -272,7 +270,7 @@ if [ ! -z "${IPBINARY}" ]; then LogText "Test: Using ip binary to gather hardware addresses" FIND=$(${IPBINARY} link 2> /dev/null | ${GREPBINARY} "link/ether" | ${AWKBINARY} '{ print $2 }') - else + else ReportException "${TEST_NO}:2" "Missing ifconfig or ip command to collect hardware address (MAC)" fi fi @@ -294,11 +292,9 @@ ReportException "${TEST_NO}:1" "No support for this OS (${OS}) to find MAC information" ;; esac - N=0 - for I in ${FIND}; do - LogText "Found MAC address: ${I}" - N=$((N + 1)) - Report "network_mac_address[]=${I}" + for ITEM in ${FIND}; do + LogText "Found MAC address: ${ITEM}" + Report "network_mac_address[]=${ITEM}" done fi # @@ -350,20 +346,17 @@ ReportException "${TEST_NO}:1" "IP address information test not implemented for this operating system" ;; esac - N=0 + # IPv4 - for I in ${FIND}; do - LogText "Found IPv4 address: ${I}" - N=$((N + 1)) - Report "network_ipv4_address[]=${I}" + for ITEM in ${FIND}; do + LogText "Found IPv4 address: ${ITEM}" + Report "network_ipv4_address[]=${ITEM}" done # IPv6 - for I in ${FIND2}; do - LogText "Found IPv6 address: ${I}" - N=$((N + 1)) - Report "network_ipv6_address[]=${I}" + for ITEM in ${FIND2}; do + LogText "Found IPv6 address: ${ITEM}" + Report "network_ipv6_address[]=${ITEM}" done - fi # ################################################################################# @@ -373,7 +366,7 @@ Register --test-no NETW-3012 --weight L --network NO --category security --description "Check listening ports" if [ ${SKIPTEST} -eq 0 ]; then FIND=""; FIND2="" - N=0 + COUNT=0 case ${OS} in DragonFly|FreeBSD) if [ ! -z "${SOCKSTATBINARY}" ]; then @@ -390,13 +383,13 @@ FIND=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | ${SEDBINARY} 's:|[0-9]*/:|:') # TCP FIND2=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | ${SEDBINARY} 's:|[0-9]*/:|:') - else + else if [ ! "${SSBINARY}" = "" ]; then # UDP FIND=$(${SSBINARY} -u -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local) # TCP FIND2=$(${SSBINARY} -t -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local) - else + else ReportException "${TEST_NO}:1" "netstat and ss binary missing to gather listening ports" fi fi @@ -440,26 +433,26 @@ # Retrieve information from sockstat, when available LogText "Test: Retrieving sockstat information to find listening ports" - if [ ! "${FIND}" = "" ]; then - for I in ${FIND}; do - N=$((N + 1)) - LogText "Found listening info: ${I}" - Report "network_listen_port[]=${I}" + if HasData "${FIND}"; then + for ITEM in ${FIND}; do + COUNT=$((COUNT + 1)) + LogText "Found listening info: ${ITEM}" + Report "network_listen_port[]=${ITEM}" done fi if [ ! "${FIND2}" = "" ]; then - for I in ${FIND2}; do - N=$((N + 1)) - LogText "Found listening info: ${I}" - Report "network_listen_port[]=${I}" + for ITEM in ${FIND2}; do + COUNT=$((COUNT + 1)) + LogText "Found listening info: ${ITEM}" + Report "network_listen_port[]=${ITEM}" done fi if [ "${FIND}" = "" -a "${FIND2}" = "" ]; then Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result "${STATUS_SKIPPED}" --color YELLOW else Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result "${STATUS_DONE}" --color GREEN - Display --indent 6 --text "* Found ${N} ports" + Display --indent 6 --text "* Found ${COUNT} ports" fi fi # @@ -473,14 +466,14 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking promiscuous interfaces (FreeBSD)" FIND=$(${IFCONFIGBINARY} 2> /dev/null | ${GREPBINARY} PROMISC | ${CUTBINARY} -d ':' -f1) - if [ ! "${FIND}" = "" ]; then + if HasData "${FIND}"; then LogText "Result: Promiscuous interfaces: ${FIND}" - for I in ${FIND}; do + for ITEM in ${FIND}; do WHITELISTED=0 for PROFILE in ${PROFILES}; do - Debug "Checking if interface ${I} is whitelisted in profile ${PROFILE}" - ISWHITELISTED=$(${GREPBINARY} "^if_promisc:${I}:" ${PROFILE}) - if [ ! "${ISWHITELISTED}" = "" ]; then + Debug "Checking if interface ${ITEM} is whitelisted in profile ${PROFILE}" + ISWHITELISTED=$(${GREPBINARY} "^if_promisc:${ITEM}:" ${PROFILE}) + if HasData "${ISWHITELISTED}"; then WHITELISTED=1 LogText "Result: this interface was whitelisted in profile (${PROFILE})" fi @@ -536,15 +529,17 @@ if [ ${FOUNDPROMISC} -eq 0 ]; then Display --indent 2 --text "- Checking promiscuous interfaces" --result "${STATUS_OK}" --color GREEN LogText "Result: No promiscuous interfaces found" - else + else Display --indent 2 --text "- Checking promiscuous interfaces" --result "${STATUS_WARNING}" --color RED fi fi # ################################################################################# # - # Test : NETW-3020 - # Description : Checking multipath configuration (Solaris) + # Do you have a multipath configuration on Linux or other OS? Create a related test and send in a pull request on GitHub + + # Test : NETW-3020 TODO + # Description : Checking multipath configuration # ################################################################################# # @@ -557,7 +552,7 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Using netstat for check for connections in WAIT state" FIND=$(${NETSTATBINARY} -an | ${GREPBINARY} WAIT | ${WCBINARY} -l | ${AWKBINARY} '{ print $1 }') - if [ -z "${OPTIONS_CONN_MAX_WAIT_STATE}" ]; then OPTIONS_CONN_MAX_WAIT_STATE="5000"; fi + if IsEmpty "${OPTIONS_CONN_MAX_WAIT_STATE}"; then OPTIONS_CONN_MAX_WAIT_STATE="5000"; fi LogText "Result: currently ${FIND} connections are in a waiting state (max configured: ${OPTIONS_CONN_MAX_WAIT_STATE})." if [ ${FIND} -gt ${OPTIONS_CONN_MAX_WAIT_STATE} ]; then Display --indent 2 --text "- Checking waiting connections" --result "${STATUS_WARNING}" --color YELLOW |