#!/bin/sh ################################################################################ ## ## ## Copyright (C) 2009 IBM Corporation ## ## ## ## This program is free software; you can redistribute it and#or modify ## ## it under the terms of the GNU General Public License as published by ## ## the Free Software Foundation; either version 2 of the License, or ## ## (at your option) any later version. ## ## ## ## This program is distributed in the hope that it will be useful, but ## ## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## ## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## ## for more details. ## ## ## ## You should have received a copy of the GNU General Public License ## ## along with this program; if not, write to the Free Software ## ## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ## ## ## ################################################################################ # # File : ima_violations.sh # # Description: This file tests ToMToU and open_writer violations invalidate # the PCR and are logged. # # Author: Mimi Zohar, zohar@ibm.vnet.ibm.com # # Return - zero on success # - non zero on failure. return value from commands ($RC) ################################################################################ export TST_TOTAL=3 export TCID="ima_violations" open_file_read() { exec 3< $1 if [ $? -ne 0 ]; then exit 1 fi } close_file_read() { exec 3>&- } open_file_write() { exec 4> $1 if [ $? -ne 0 ]; then exit 1 echo 'testing, testing, ' >&4 fi } close_file_write() { exec 4>&- } init() { service auditd status > /dev/null 2>&1 if [ $? -ne 0 ]; then log=/var/log/messages else log=/var/log/audit/audit.log tst_resm TINFO "requires integrity auditd patch" fi ima_violations=$SECURITYFS/ima/violations } # Function: test01 # Description - Verify open writers violation test01() { read num_violations < $ima_violations TMPFN=test.txt open_file_write $TMPFN open_file_read $TMPFN close_file_read close_file_write read num_violations_new < $ima_violations num=$(($(expr $num_violations_new - $num_violations))) if [ $num -gt 0 ]; then tail $log | grep test.txt | grep -q 'open_writers' if [ $? -eq 0 ]; then tst_resm TPASS "open_writers violation added(test.txt)" else tst_resm TFAIL "(message ratelimiting?)" fi else tst_resm TFAIL "open_writers violation not added(test.txt)" fi } # Function: test02 # Description - Verify ToMToU violation test02() { read num_violations < $ima_violations TMPFN=test.txt open_file_read $TMPFN open_file_write $TMPFN close_file_write close_file_read read num_violations_new < $ima_violations num=$(($(expr $num_violations_new - $num_violations))) if [ $num -gt 0 ]; then tail $log | grep test.txt | grep -q 'ToMToU' if [ $? -eq 0 ]; then tst_resm TPASS "ToMToU violation added(test.txt)" else tst_resm TFAIL "(message ratelimiting?)" fi else tst_resm TFAIL "ToMToU violation not added(test.txt)" fi } # Function: test03 # Description - verify open_writers using mmapped files test03() { read num_violations < $ima_violations TMPFN=test.txtb echo 'testing testing ' > $TMPFN ima_mmap $TMPFN & p1=$! sleep 1 # got to wait for ima_mmap to mmap the file open_file_read $TMPFN read num_violations_new < $ima_violations num=$(($(expr $num_violations_new - $num_violations))) if [ $num -gt 0 ]; then tail $log | grep test.txtb | grep -q 'open_writers' if [ $? -eq 0 ]; then tst_resm TPASS "mmapped open_writers violation added(test.txtb)" else tst_resm TFAIL "(message ratelimiting?)" fi else tst_resm TFAIL "mmapped open_writers violation not added(test.txtb)" fi close_file_read } . ima_setup.sh setup TST_CLEANUP=cleanup init test01 test02 test03 tst_exit