Add tests for rule_rsyslog_files_permissions

Signed-off-by: Ilya Okomin <ilya.okomin@oracle.com>
ComplianceAsCode · Aug 19, 2019 · 4793431 · 4793431
1 parent 36803e3
commit 4793431
Show file tree

Hide file tree

Showing 9 changed files with 451 additions and 0 deletions.
diff --git a/...og_log_file_configuration/rule_rsyslog_files_permissions/IncludeConfig_perms_0600.pass.sh b/...og_log_file_configuration/rule_rsyslog_files_permissions/IncludeConfig_perms_0600.pass.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
+
+# Check rsyslog.conf with log file permissions 0600 from rules and
+# log file permissions 0600 from $IncludeConfig passes.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS=0600
+
+test_file=test1.log
+test_file_2=test2.log
+test_conf=test_conf.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS ${test_dir}/${test_file_2}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file}
+
+#### MODULES ####
+
+\$IncludeConfig ${test_dir}/${test_conf}
+EOF
diff --git a/...og_log_file_configuration/rule_rsyslog_files_permissions/IncludeConfig_perms_0601.fail.sh b/...og_log_file_configuration/rule_rsyslog_files_permissions/IncludeConfig_perms_0601.fail.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
+
+# Check rsyslog.conf with log file permissions 0600 from rules and
+# log file permissions 0601 from $IncludeConfig fails.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS_PASS=0600
+
+PERMS_FAIL=0601
+
+test_file=test1.log
+test_file_2=test2.log
+test_conf=test_conf.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS_PASS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS_FAIL ${test_dir}/${test_file_2}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*      ${test_dir}/${test_file}
+
+#### MODULES ####
+
+\$IncludeConfig ${test_dir}/${test_conf}
+EOF
diff --git a/...og_file_configuration/rule_rsyslog_files_permissions/include_multiline_perms_0600.pass.sh b/...og_file_configuration/rule_rsyslog_files_permissions/include_multiline_perms_0600.pass.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+
+# Check rsyslog.conf with log file permissions 0600 from rules and
+# log file permissions 0600 from multiline include() passes.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS=0600
+
+test_file=test1.log
+test_file_2=test2.log
+test_conf=test_conf.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS ${test_dir}/${test_file_2}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file}
+
+#### MODULES ####
+
+include(
+   file="${test_dir}/${test_conf}"
+)
+EOF
diff --git a/..._rsyslog_log_file_configuration/rule_rsyslog_files_permissions/include_perms_0600.pass.sh b/..._rsyslog_log_file_configuration/rule_rsyslog_files_permissions/include_perms_0600.pass.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+
+# Check rsyslog.conf with log file permissions 0600 from rules and
+# log file permissions 0600 from include() passes.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS=0600
+
+test_file=test1.log
+test_file_2=test2.log
+test_conf=test_conf.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS ${test_dir}/${test_file_2}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file}
+
+#### MODULES ####
+
+include(file="${test_dir}/${test_conf}")
+EOF
diff --git a/...ration/rule_rsyslog_files_permissions/include_perms_0600_IncludeConfig_perms_0600.pass.sh b/...ration/rule_rsyslog_files_permissions/include_perms_0600_IncludeConfig_perms_0600.pass.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+
+# Check rsyslog.conf with log file permisssions 0600 from rules and
+# log file permissions 0600 from include() passes.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS_PASS=0600
+
+test_file=test1.log
+test_file_2=test2.log
+test_file_3=test3.log
+test_conf=test_conf.conf
+test_conf_2=test_conf2.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS_PASS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS_PASS ${test_dir}/${test_file_2}
+
+touch ${test_dir}/${test_file_3}
+chmod $PERMS_PASS ${test_dir}/${test_file_3}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create test2 configuration file
+cat << EOF > ${test_dir}/${test_conf_2}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_3}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file}
+
+#### MODULES ####
+
+include(file="${test_dir}/${test_conf}")
+
+\$IncludeConfig ${test_dir}/${test_conf_2}
+EOF
diff --git a/...ration/rule_rsyslog_files_permissions/include_perms_0600_IncludeConfig_perms_0601.fail.sh b/...ration/rule_rsyslog_files_permissions/include_perms_0600_IncludeConfig_perms_0601.fail.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+
+# Check rsyslog.conf with log file permisssions 0600 from rules and
+# log file permissions 0601 from include() fails.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS_PASS=0600
+
+PERMS_FAIL=0601
+
+test_file=test1.log
+test_file_2=test2.log
+test_file_3=test3.log
+test_conf=test_conf.conf
+test_conf_2=test_conf2.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS_PASS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS_PASS ${test_dir}/${test_file_2}
+
+touch ${test_dir}/${test_file_3}
+chmod $PERMS_FAIL ${test_dir}/${test_file_3}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create test2 configuration file
+cat << EOF > ${test_dir}/${test_conf_2}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_3}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file}
+
+#### MODULES ####
+
+include(file="${test_dir}/${test_conf}")
+
+\$IncludeConfig ${test_dir}/${test_conf_2}
+EOF
diff --git a/..._rsyslog_log_file_configuration/rule_rsyslog_files_permissions/include_perms_0601.fail.sh b/..._rsyslog_log_file_configuration/rule_rsyslog_files_permissions/include_perms_0601.fail.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# profiles = xccdf_org.ssgproject.content_profile_pci-dss
+# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+
+# Check rsyslog.conf with log file permissions 0600 from rules and
+# log file permissions 0601 from include() fails.
+
+RSYSLOG_CONF='/etc/rsyslog.conf'
+
+PERMS_FAIL=0601
+
+PERMS_PASS=0600
+
+test_file=test1.log
+test_file_2=test2.log
+test_conf=test_conf.conf
+test_dir=/tmp/${0%.*}
+
+# setup test log files and permissions
+mkdir ${test_dir}
+
+touch ${test_dir}/${test_file}
+chmod $PERMS_PASS ${test_dir}/${test_file}
+
+touch ${test_dir}/${test_file_2}
+chmod $PERMS_FAIL ${test_dir}/${test_file_2}
+
+# backup default RSYSLOG_CONF file
+mv ${RSYSLOG_CONF} ${RSYSLOG_CONF}.bak
+
+# create test configuration file
+cat << EOF > ${test_dir}/${test_conf}
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*     ${test_dir}/${test_file_2}
+EOF
+
+# create rsyslog.conf configuration file
+cat << EOF > $RSYSLOG_CONF
+# rsyslog configuration file
+
+#### RULES ####
+
+*.*      ${test_dir}/${test_file}
+
+#### MODULES ####
+
+include(file="${test_dir}/${test_conf}")
+EOF