added --test-mode so that fw check emails are not sent, debug is enab…

…led, and is_local() always returns false

fwcheck_psad.pl

@@ -46,6 +46,7 @@
 my @fw_search = ();
 
 my $help = 0;
+my $test_mode = 0;
 my $fw_analyze = 0;
 my $fw_file    = '';
 my $fw_search_all = 1;
@@ -64,6 +65,7 @@
     'no-fw-search-all' => \$no_fw_search_all, # looking for specific log
                                               # prefixes
     'Lib-dir=s'   => \$psad_lib_dir,# Specify path to psad lib directory.
+    'test-mode'   => \$test_mode,   # Used by the test suite.
     'help'        => \$help,        # Display help.
 ));
 &usage(0) if $help;
@@ -155,14 +157,14 @@ ()
 "    it is possible your firewall config is compatible with psad anyway.\n";
         }
 
-        unless ($config{'ALERTING_METHODS'} =~ /no.?e?mail/i) {
+        unless ($config{'ALERTING_METHODS'} =~ /no.?e?mail/i or $test_mode) {
             &send_mail("[psad-status] firewall setup warning on " .
                 "$config{'HOSTNAME'}!", $config{'FW_CHECK_FILE'},
                 $config{'EMAIL_ADDRESSES'},
                 $cmds{'mail'}
             );
         }
-        if ($fw_analyze) {
+        if ($fw_analyze and not $test_mode) {
             print "[-] Errors found in firewall config.\n";
             print "    emailed to ",
                 "$config{'EMAIL_ADDRESSES'}\n";
@@ -602,7 +604,10 @@ ()
     --fw-analyze                      - Analyze the local iptables
                                         ruleset and exit.
     --no-fw-search-all                - looking for specific log
-                                        prefixes
+                                        prefixes.
+    --Lib-dir <dir>                   - Path to the psad lib directory.
+    --test-mode                       - Enable test mode (used by the
+                                        test suite).
     --help                            - Display help.
 
 _HELP_

psad

@@ -338,6 +338,7 @@ my $analysis_fields  = '';
 my $analysis_tokens_ar = [];
 my $analysis_match_criteria_ar = [];
 my $get_next_rule_id = 0;
+my $test_mode        = 0;
 my $syslog_server    = 0;
 my $kill             = 0;
 my $restart          = 0;
@@ -3096,7 +3097,9 @@ sub psad_init() {
     ### turn off buffering
     $| = 1;
 
-    $no_syslog_alerts = 1 if $analyze_mode or $status_mode;
+    $no_syslog_alerts = 1 if $analyze_mode or $status_mode or $test_mode;
+    $no_email_alerts = 1 if $test_mode;
+    $debug = 1 if $test_mode;
 
     ### import any override config files first
     &import_override_configs() if $override_config_str;
@@ -3497,6 +3500,11 @@ sub is_local() {
 
     print STDERR "[+] is_local(): $ip..." if $debug;
 
+    if ($test_mode) {
+        print STDERR "(test mode enabled) no\n";
+        return 0;
+    }
+
     my $found = 0;
     for my $net (@local_nets) {
         if ($ip_obj->within($net)) {
@@ -8214,6 +8222,7 @@ sub fw_analyze_mode() {
         $opts .= " --fw-analyze" if $fw_analyze;
         $opts .= " --fw-file $fw_file" if $fw_file;
         $opts .= " -L $lib_dir" if $lib_dir;
+        $opts .= " --test-mode" if $test_mode;
         $opts .= " --no-fw-search-all" if $config{'FW_SEARCH_ALL'} eq 'N';
         $exit_status = (system "$cmds{'fwcheck_psad'} $opts") >> 8;
     }
@@ -10476,6 +10485,8 @@ sub getopt_wrapper() {
                                                   #   messages to error log.
         'no-kmsgsd'         => \$no_kmsgsd,       # Do not start kmsgsd (used for
                                                   #   debugging).
+        'test-mode'         => \$test_mode,       # Enable test mode (used by the
+                                                  #   test suite).
         'verbose'           => \$verbose,         # Verbose output (for both alerts
                                                   #   and debug info).
         'Version'           => \$print_ver,       # Print the psad version and exit.