From 56cc2df2c22d017e4acc5c5fbd659f4e20d9c2fa Mon Sep 17 00:00:00 2001 From: mboelen Date: Mon, 8 Sep 2014 23:51:27 +0200 Subject: Adjustments to allow non-privileged scan and reduce errors on screen --- include/tests_mac_frameworks | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) (limited to 'include/tests_mac_frameworks') diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 21a55907..a4ed8854 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -28,15 +28,15 @@ # Description : Check if AppArmor is installed Register --test-no MACF-6204 --weight L --network NO --description "Check AppArmor presence" if [ ${SKIPTEST} -eq 0 ]; then - if [ "${AASTATUSBINARY}" = "" ]; then - APPARMORFOUND=0 - logtext "Result: aa-status binary not found, AppArmor not installed" - Display --indent 2 --text "- Checking presence AppArmor" --result "NOT FOUND" --color WHITE - else - APPARMORFOUND=1 - logtext "Result: aa-status binary found, AppArmor is installed" - Display --indent 2 --text "- Checking presence AppArmor" --result FOUND --color GREEN - fi + if [ "${AASTATUSBINARY}" = "" ]; then + APPARMORFOUND=0 + logtext "Result: aa-status binary not found, AppArmor not installed" + Display --indent 2 --text "- Checking presence AppArmor" --result "NOT FOUND" --color WHITE + else + APPARMORFOUND=1 + logtext "Result: aa-status binary found, AppArmor is installed" + Display --indent 2 --text "- Checking presence AppArmor" --result FOUND --color GREEN + fi fi # ################################################################################# @@ -48,20 +48,32 @@ if [ ${SKIPTEST} -eq 0 ]; then if [ ! "${AASTATUSBINARY}" = "" ]; then # Checking AppArmor status - FIND=`${AASTATUSBINARY} > /dev/null; echo $?` #0 if apparmor is enabled and policy is loaded. #1 if apparmor is not enabled/loaded. #2 if apparmor is enabled but no policy is loaded. + #3 if control files are not available + #4 if apparmor status can't be read + FIND=`${AASTATUSBINARY} > /dev/null; echo $?` if [ ${FIND} -eq 0 ]; then MAC_FRAMEWORK_ACTIVE=1 logtext "Result: AppArmor is enabled and a policy is loaded" - Display --indent 4 --text "- Checking AppArmor status" --result "ENABLED" --color GREEN + Display --indent 4 --text "- Checking AppArmor status" --result "ENABLED" --color GREEN + elif [ ${FIND} -eq 4 ]; then + logtext "Result: Can not determine status, most likely due to lacking permissions" + Display --indent 4 --text "- Checking AppArmor status" --result "UNKNOWN" --color RED + elif [ ${FIND} -eq 3 ]; then + logtext "Result: Can not check control files" + Display --indent 4 --text "- Checking AppArmor status" --result "UNKNOWN" --color RED elif [ ${FIND} -eq 2 ]; then logtext "Result: AppArmor is enabled, but no policy is loaded" ReportSuggestion ${TEST_NO} "Disable AppArmor or load a policy" - Display --indent 4 --text "- Checking AppArmor status" --result "NON-ACTIVE" --color GREEN + Display --indent 4 --text "- Checking AppArmor status" --result "NON-ACTIVE" --color GREEN elif [ ${FIND} -eq 1 ]; then - Display --indent 4 --text "- Checking AppArmor status" --result "DISABLED" --color YELLOW + logtext "Result: AppArmor is disabled" + Display --indent 4 --text "- Checking AppArmor status" --result "DISABLED" --color YELLOW + else + Display --indent 4 --text "- Checking AppArmor status" --result "UNKNOWN" --color RED + ReportException "${TEST_NO}:1" "Invalid or unknown AppArmor status detected" fi fi fi -- cgit v1.2.3