From 2cc3f889c827edc48530f42dce41719d387f5e28 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Fri, 10 Feb 2017 13:07:30 +0100 Subject: [DBS-1818] MongoDB status --- include/tests_databases | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/include/tests_databases b/include/tests_databases index fe55c58d..2a7d0da2 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -92,13 +92,26 @@ # ################################################################################# # + # Test : DBS-1818 + # Description : Check MongoDB status + Register --test-no DBS-1818 --weight L --network NO --category security --description "Check status of MongoDB server" + if [ ${SKIPTEST} -eq 0 ]; then + if IsRunning "mongod"; then + MONGODB_RUNNING=1 + DATABASE_ENGINE_RUNNING=1 + Report "mongodb_running=1" + Display --indent 2 --text "- MongoDB status" --result "${STATUS_FOUND}" --color GREEN + fi + fi + # Test : DBS-1820 # Description : Check empty MongoDB authentication # Notes : Authentication can be set via command line or configuration file Register --test-no DBS-1820 --weight L --network NO --category security --description "Check for authentication in MongoDB" if [ ${SKIPTEST} -eq 0 ]; then - MONGOD_AUTHENTICATION_ENABLED=0 - if IsRunning "mongod"; then + MONGODB_AUTHENTICATION_ENABLED=0 + if [ ${MONGODB_RUNNING} -eq 1 ]; then + MONGO_CONF_FILES="${ROOTDIR}etc/mongod.conf ${ROOTDIR}etc/mongodb.conf" for FILE in ${MONGO_CONF_FILES}; do if [ -f ${FILE} ]; then @@ -107,7 +120,7 @@ AUTH_IN_CONFIG=$(${GREPBINARY} "authentication: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") if [ ! -z "${AUTH_IN_CONFIG}" ]; then LogText "Result: GOOD, found authentication enabled in configuration file (YAML format)" - MONGOD_AUTHENTICATION_ENABLED=1 + MONGODB_AUTHENTICATION_ENABLED=1 else LogText "Result: did NOT find authentication enabled in configuration file (with YAML format)" LogText "Test: now searching for old style configuration (auth = true) in configuration file" @@ -116,7 +129,7 @@ LogText "Result: did NOT find auth = true in configuration file" else LogText "Result: GOOD, found authentication enabled in configuration file (old format)" - MONGOD_AUTHENTICATION_ENABLED=1 + MONGODB_AUTHENTICATION_ENABLED=1 fi fi else @@ -125,13 +138,17 @@ done # Now check authentication on the command line - if [ ${MONGOD_AUTHENTICATION_ENABLED} -eq 0 ]; then - AUTH_ON_CMDLINE=$(for I in $(${PGREPBINARY} mongo); do cat /proc/${I}/cmdline | xargs -0 echo | ${GREPBINARY} -E "\-\-auth( |$)"; done) - if [ ! -z "${AUTH_ON_CMDLINE}" ]; then LogText "Result: found authentication enabled via mongod parameter"; MONGOD_AUTHENTICATION_ENABLED=1; fi + if [ ${MONGODB_AUTHENTICATION_ENABLED} -eq 0 ]; then + if [ ! -z "${PGREPBINARY}" ]; then + AUTH_ON_CMDLINE=$(for I in $(${PGREPBINARY} mongo); do cat /proc/${I}/cmdline | xargs -0 echo | ${GREPBINARY} -E "\-\-auth( |$)"; done) + if [ ! -z "${AUTH_ON_CMDLINE}" ]; then LogText "Result: found authentication enabled via mongod parameter"; MONGODB_AUTHENTICATION_ENABLED=1; fi + else + LogText "Result: skipped this part of the test, as pgrep is not available" + fi fi - if [ ${MONGOD_AUTHENTICATION_ENABLED} -eq 0 ]; then + if [ ${MONGODB_AUTHENTICATION_ENABLED} -eq 0 ]; then LogText "Result: no authentication enabled via parameter or configuration file" - Report "mongod_authentication_disabled=1" + Report "mongodb_authentication_disabled=1" ReportWarning ${TEST_NO} "MongoDB instance allows unauthenticated access" Display --indent 4 --text "- Checking MongoDB authentication" --result "${STATUS_DISABLED}" --color RED else -- cgit v1.2.3