-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: add support for tty field in LOGIN message
test: RFE: add a tty field to the AUDIT_LOGIN event #2 linux-audit/audit-kernel#2 v4: use a new filehandle for tty and test PID of LOGIN test command. v3: escape "$" in LOGIN record provoking system command. v2: provoke a LOGIN record if one wasn't triggered since the last boot by login Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
- Loading branch information
Showing
2 changed files
with
76 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| TARGETS=$(patsubst %.c,%,$(wildcard *.c)) | ||
|
|
||
| LDLIBS += -lpthread | ||
|
|
||
| all: $(TARGETS) | ||
| clean: | ||
| rm -f $(TARGETS) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| #!/usr/bin/perl | ||
|
|
||
| use strict; | ||
|
|
||
| use Test; | ||
| BEGIN { plan tests => 2 } | ||
|
|
||
| use File::Temp qw/ tempdir tempfile /; | ||
|
|
||
| ### | ||
| # functions | ||
|
|
||
| ### | ||
| # setup | ||
|
|
||
| # reset audit | ||
| system("auditctl -D >& /dev/null"); | ||
|
|
||
| # create stdout/stderr sinks | ||
| (my $fh_out, my $stdout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-out-XXXX', | ||
| UNLINK => 1); | ||
| (my $fh_err, my $stderr) = tempfile(TEMPLATE => '/tmp/audit-testsuite-err-XXXX', | ||
| UNLINK => 1); | ||
| (my $fh_tty, my $ttyout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-tmp-XXXX', | ||
| UNLINK => 1); | ||
| (my $fh_tmp, my $tmpout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-tmp-XXXX', | ||
| UNLINK => 1); | ||
|
|
||
| ### | ||
| # tests | ||
|
|
||
| # get the tty of this test shell | ||
| system("tty | sed 's_/dev/__' > $ttyout"); | ||
| my $tty = <$fh_tty>; | ||
| chomp($tty); | ||
|
|
||
| # provoke a LOGIN record if one doesn't already exist since the last | ||
| # boot at login time. | ||
| system("echo \$\$ > $tmpout; exec echo \$(id -u) > /proc/self/loginuid"); | ||
|
|
||
| # get the PID of the login process from the test session shell | ||
| # try to grab PID from the environment (NOTE: requires bash) | ||
| my $pid = <$fh_tmp>; | ||
| chomp($pid); | ||
|
|
||
| # test for the LOGIN message | ||
| my $result = system("ausearch -m LOGIN -p $pid -ts recent > $stdout 2> $stderr"); | ||
| ok($result, 0); | ||
|
|
||
| # test if the LOGIN record was generated correctly for this test shell | ||
| my $line; | ||
| my $found_msg = 0; | ||
| while ($line = <$fh_out>) { | ||
| # test if we generate a LOGIN record with the correct pid and tty | ||
| if ($line =~ /^type=LOGIN /) { | ||
| if ($line =~ / pid=$pid / and | ||
| $line =~ / tty=$tty /) { | ||
| $found_msg = 1; | ||
| } | ||
| } | ||
| } | ||
| ok($found_msg); | ||
|
|
||
| ### | ||
| # cleanup | ||
|
|
||
| system("auditctl -D >& /dev/null"); | ||
|
|