1 #!/bin/sh 2 ################################################################################ 3 ## ## 4 ## Copyright (C) 2009 IBM Corporation ## 5 ## ## 6 ## This program is free software; you can redistribute it and#or modify ## 7 ## it under the terms of the GNU General Public License as published by ## 8 ## the Free Software Foundation; either version 2 of the License, or ## 9 ## (at your option) any later version. ## 10 ## ## 11 ## This program is distributed in the hope that it will be useful, but ## 12 ## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## 13 ## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## 14 ## for more details. ## 15 ## ## 16 ## You should have received a copy of the GNU General Public License ## 17 ## along with this program; if not, write to the Free Software ## 18 ## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ## 19 ## ## 20 ################################################################################ 21 # 22 # File : ima_violations.sh 23 # 24 # Description: This file tests ToMToU and open_writer violations invalidate 25 # the PCR and are logged. 26 # 27 # Author: Mimi Zohar, zohar (at] ibm.vnet.ibm.com 28 # 29 # Return - zero on success 30 # - non zero on failure. return value from commands ($RC) 31 ################################################################################ 32 33 export TST_TOTAL=3 34 export TCID="ima_violations" 35 36 open_file_read() 37 { 38 exec 3< $1 39 if [ $? -ne 0 ]; then 40 exit 1 41 fi 42 } 43 44 close_file_read() 45 { 46 exec 3>&- 47 } 48 49 open_file_write() 50 { 51 exec 4> $1 52 if [ $? -ne 0 ]; then 53 exit 1 54 echo 'testing, testing, ' >&4 55 fi 56 } 57 58 close_file_write() 59 { 60 exec 4>&- 61 } 62 63 init() 64 { 65 service auditd status > /dev/null 2>&1 66 if [ $? -ne 0 ]; then 67 log=/var/log/messages 68 else 69 log=/var/log/audit/audit.log 70 tst_resm TINFO "requires integrity auditd patch" 71 fi 72 73 ima_violations=$SECURITYFS/ima/violations 74 } 75 76 # Function: test01 77 # Description - Verify open writers violation 78 test01() 79 { 80 read num_violations < $ima_violations 81 82 TMPFN=test.txt 83 open_file_write $TMPFN 84 open_file_read $TMPFN 85 close_file_read 86 close_file_write 87 read num_violations_new < $ima_violations 88 num=$(($(expr $num_violations_new - $num_violations))) 89 if [ $num -gt 0 ]; then 90 tail $log | grep test.txt | grep -q 'open_writers' 91 if [ $? -eq 0 ]; then 92 tst_resm TPASS "open_writers violation added(test.txt)" 93 else 94 tst_resm TFAIL "(message ratelimiting?)" 95 fi 96 else 97 tst_resm TFAIL "open_writers violation not added(test.txt)" 98 fi 99 } 100 101 # Function: test02 102 # Description - Verify ToMToU violation 103 test02() 104 { 105 read num_violations < $ima_violations 106 107 TMPFN=test.txt 108 open_file_read $TMPFN 109 open_file_write $TMPFN 110 close_file_write 111 close_file_read 112 read num_violations_new < $ima_violations 113 num=$(($(expr $num_violations_new - $num_violations))) 114 if [ $num -gt 0 ]; then 115 tail $log | grep test.txt | grep -q 'ToMToU' 116 if [ $? -eq 0 ]; then 117 tst_resm TPASS "ToMToU violation added(test.txt)" 118 else 119 tst_resm TFAIL "(message ratelimiting?)" 120 fi 121 else 122 tst_resm TFAIL "ToMToU violation not added(test.txt)" 123 fi 124 } 125 126 # Function: test03 127 # Description - verify open_writers using mmapped files 128 test03() 129 { 130 read num_violations < $ima_violations 131 132 TMPFN=test.txtb 133 echo 'testing testing ' > $TMPFN 134 ima_mmap $TMPFN & p1=$! 135 sleep 1 # got to wait for ima_mmap to mmap the file 136 open_file_read $TMPFN 137 read num_violations_new < $ima_violations 138 num=$(($(expr $num_violations_new - $num_violations))) 139 if [ $num -gt 0 ]; then 140 tail $log | grep test.txtb | grep -q 'open_writers' 141 if [ $? -eq 0 ]; then 142 tst_resm TPASS "mmapped open_writers violation added(test.txtb)" 143 else 144 tst_resm TFAIL "(message ratelimiting?)" 145 fi 146 else 147 tst_resm TFAIL "mmapped open_writers violation not added(test.txtb)" 148 fi 149 close_file_read 150 } 151 152 . ima_setup.sh 153 154 setup 155 TST_CLEANUP=cleanup 156 157 init 158 test01 159 test02 160 test03 161 162 tst_exit 163