def test_stack_consumption_CVE_2010_4352(self):
'''Test stack consumption (CVE-2010-4352)'''
source_dist = './dbus/CVE-2010-4352.c'
source = os.path.join(self.tempdir, "CVE-2010-4352.c")
binary = os.path.join(self.tempdir, "CVE-2010-4352")
shutil.copy(source_dist, source)
rc, report = testlib.cmd(['gcc', '-o', binary, '-std=gnu99', source])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
pidfile = "/var/run/dbus/pid"
exe = "dbus-daemon"
rc, report = testlib.cmd([binary])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
if self.lsb_release['Release'] < 15.10 and not testlib.check_pidfile(
exe, pidfile):
# Let's try to leave the system in a usable state
os.unlink(pidfile)
testlib.cmd(['stop', 'dbus'])
testlib.cmd(['start', 'dbus'])
time.sleep(2)
if not testlib.check_pidfile(exe, pidfile):
print >> sys.stderr, "\nWARNING: could not restart dbus"
self.assertEquals(expected, rc, result + report)
def test_aa_xfs_daemon(self):
'''Test xfs daemon'''
self._stop_daemon()
time.sleep(1)
self.assertFalse(
testlib.check_pidfile(os.path.basename(self.exe), self.pidfile))
self._start_daemon()
time.sleep(1)
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.exe), self.pidfile))
self._restart_daemon()
time.sleep(1)
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.exe), self.pidfile))
def test_daemon(self):
'''Test iscsid'''
self.assertTrue(self.daemon.stop())
time.sleep(2)
self.assertFalse(testlib.check_pidfile(self.exe, self.pidfile))
self.assertTrue(self.daemon.start())
time.sleep(2)
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.exe), self.pidfile))
self.assertTrue(self.daemon.restart())
time.sleep(2)
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.exe), self.pidfile))
def test_daemon(self):
'''Test dhcpd'''
contents = '''
ddns-update-style none;
default-lease-time 60;
max-lease-time 720;
allow bootp;
authoritative;
log-facility local7;
subnet 192.168.122.0 netmask 255.255.255.0 {
range 192.168.122.50 192.168.122.60;
}
'''
testlib.create_fill(self.server_config, contents)
self.start_daemon()
time.sleep(2)
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.server_binary),
self.server_pidfile))
rc, report = testlib.check_apparmor(self.server_binary,
9.04,
is_running=True)
if rc < 0:
return self._skipped(report)
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
def test_apache_daemon(self):
'''Test Apache daemon'''
if self.lsb_release['Release'] >= 13.10:
pidfile = "/var/run/apache2/apache2.pid"
else:
pidfile = "/var/run/apache2.pid"
self.assertTrue(testlib.check_pidfile("apache2", pidfile))
def test_CVE_2012_2944(self):
'''Test CVE-2012-2944'''
self.tmpdir = tempfile.mkdtemp(dir='/tmp', prefix="testlib-")
# First send bad input. We need to do this in a script because python
# functions don't like our embedded NULs
script = os.path.join(self.tmpdir, 'script.sh')
contents = '''#!/bin/sh
printf '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\n' | nc -q 1 127.0.0.1 3493
sleep 1
dd if=/dev/urandom count=64 | nc -q 1 127.0.0.1 3493
'''
testlib.create_fill(script, contents, mode=0755)
rc, report = testlib.cmd([script])
# It should not have crashed. Let's see if it did
self._testDaemons(['upsd'])
self.assertTrue(
'ERR UNKNOWN-COMMAND' in report,
"Could not find 'ERR UNKNOWN-COMMAND' in:\n%s" % report)
# This CVE may also result in a hung upsd. Try to kill it, if it is
# still around, it is hung
testlib.cmd(['killall', 'upsd'])
pidfile = os.path.join(self.rundir, 'upsd.pid')
self.assertFalse(os.path.exists(pidfile), "Found %s" % pidfile)
self.assertFalse(testlib.check_pidfile('upsd', pidfile),
'upsd is hung')
def _testDaemons(self, daemons):
'''Daemons running'''
for d in self.daemons:
pidfile = os.path.join(self.rundir, d + ".pid")
warning = "Could not find pidfile '" + pidfile + "'"
self.assertTrue(os.path.exists(pidfile), warning)
self.assertTrue(testlib.check_pidfile(d, pidfile))
def test_daemons(self):
'''Test daemon is running'''
if self.lsb_release['Release'] <= 9.04:
pidfile = "/var/run/bind/run/named.pid"
else:
pidfile = "/var/run/named/named.pid"
warning = "Could not find pidfile '" + pidfile + "'"
self.assertTrue(os.path.exists(pidfile), warning)
self.assertTrue(testlib.check_pidfile("named", pidfile))
def test_aa_start_daemon(self):
'''Start up the daemon'''
self.daemon.stop()
time.sleep(1)
rc, result = self.daemon.start()
self.assertTrue(rc, result)
self.assertTrue(testlib.check_pidfile('mono', self.xsp2_pid),
'mono-xsp2 is not running')
def test_00_daemons(self):
'''Test daemon'''
if self.lsb_release['Release'] >= 14.04:
pidfile = "/var/run/apache2/apache2.pid"
else:
pidfile = "/var/run/apache2.pid"
self.assertTrue(testlib.check_pidfile("apache2", pidfile))
def test_daemons(self):
'''Test daemon'''
pidfile = "/run/squid3.pid"
exe = "squid3"
if self.lsb_release['Release'] < 12.04:
pidfile = "/var/run/squid.pid"
exe = "squid"
self.assertTrue(testlib.check_pidfile(exe, pidfile))
def _start(self):
'''Startup with each test'''
rc, result = self.nagiosdaemon.start()
self.assertTrue(rc, result)
rc, result = self.nagiosdaemon.status()
self.assertTrue(rc, result)
rc, result = self.apachedaemon.start()
self.assertTrue(rc, result)
self.assertTrue(testlib.check_pidfile('apache2', self.apache_pid), 'Apache is not running')
def test_discovery_with_server(self):
'''Test iscsi_discovery to remote server'''
global remote_server
global username
global password
global username_in
global password_in
global initiatorname
if remote_server == '':
return self._skipped("--remote-server not specified")
contents = '''
InitiatorName=%s
InitiatorAlias=ubuntu
''' % (initiatorname)
testlib.config_replace(self.initiatorname_iscsi, contents, True)
contents = '''
node.session.auth.authmethod = CHAP
node.session.auth.username = %s
node.session.auth.password = %s
node.session.auth.username_in = %s
node.session.auth.password_in = %s
discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.username = %s
discovery.sendtargets.auth.password = %s
discovery.sendtargets.auth.username_in = %s
discovery.sendtargets.auth.password_in = %s
''' % (username, password, username_in, password_in, username, password,
username_in, password_in)
testlib.config_replace(self.iscsid_conf, contents, True)
self.assertTrue(self.daemon.restart())
time.sleep(2)
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.exe), self.pidfile))
rc, report = testlib.cmd(["/sbin/iscsi_discovery", remote_server])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
for i in [
'starting discovery to %s' % remote_server,
'Testing iser-login to target %s portal %s' %
(initiatorname, remote_server),
'starting to test tcp-login to target %s portal %s' %
(initiatorname, remote_server),
'discovered 1 targets at %s, connected to 1' % remote_server
]:
result = "Could not find '%s' in report:\n" % i
self.assertTrue(i in report, result + report)
def test_privileges(self):
'''Test daemon'''
testlib.check_pidfile(self.exe, self.pidfile)
fd = open(self.pidfile, 'r')
pid = fd.readline().rstrip('\n')
fd.close()
status = "/proc/%d/status" % int(pid)
self.assertTrue(os.path.exists(status), "could not find '%s'" % status)
uid = pwd.getpwnam(self.user)[2]
lines = open(status).read()
dropped = False
for line in lines.splitlines():
if re.search(r'^Uid:\s+%d\s+' % uid, line):
dropped = True
self.assertTrue(
dropped, "did not drop privileges to '%s (%d)':\n%s" %
(self.user, uid, lines))
def _testDaemons(self, daemons):
'''Daemons running'''
for d in daemons:
# A note on the driver pid file: its name is
# <ups.conf section name>-<driver name>.pid
# ex: dummy-dev1-dummy-ups.pid
if d == 'dummy-ups':
pidfile = os.path.join(self.rundir, 'dummy-ups-dummy-dev1.pid')
else:
pidfile = os.path.join(self.rundir, d + '.pid')
warning = "Could not find pidfile '" + pidfile + "'"
self.assertTrue(os.path.exists(pidfile), warning)
self.assertTrue(testlib.check_pidfile(d, pidfile),
d + ' is not running')
def test_daemons(self):
'''Test daemon'''
if self.lsb_release['Release'] >= 16.04:
pidfile = "/run/squid.pid"
else:
pidfile = "/run/squid3.pid"
if self.lsb_release['Release'] >= 15.10:
exe = "(squid-1)"
else:
exe = "squid3"
self.assertTrue(testlib.check_pidfile(exe, pidfile))
def test_dhclient(self):
'''Test dhclient (requires reachable dhcpd)'''
self.stop_daemon(self.server_pidfile)
time.sleep(2)
contents = '''
send host-name "%s";
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, ntp-servers;
''' % (socket.gethostname())
testlib.create_fill(self.client_config, contents)
rc, report = testlib.cmd([os.path.basename(self.client_binary)] +
self.client_args)
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
time.sleep(5)
if not os.path.exists(self.client_pidfile):
time.sleep(25)
self.assertTrue(
os.path.exists(self.client_lease),
"%s does not exist after 30 seconds" % (self.client_lease))
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.client_binary),
self.client_pidfile))
rc, report = testlib.check_apparmor(self.client_binary,
9.04,
is_running=True)
if rc < 0:
return self._skipped(report)
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
def test_daemon(self):
'''Test Avahi daemon running'''
warning = "Could not find pidfile '%s'" % (self.pidfile)
self.assertTrue(os.path.exists(self.pidfile), warning)
self.assertTrue(testlib.check_pidfile("avahi-daemon", self.pidfile))
def test_aaa_daemons(self):
'''Test daemon'''
self.assertTrue(testlib.check_pidfile("apache2", self.apache_pid))
self.assertTrue(testlib.check_pidfile("python", self.mailman_pid))
def _check_pid(self):
return os.path.exists(self.pidfile) and testlib.check_pidfile("dovecot", self.pidfile)
def test_aaa_daemons(self):
'''Test daemon'''
self.assertTrue(testlib.check_pidfile("apache2", self.apache_pid))
self.assertTrue(testlib.check_pidfile("python", self.mailman_pid))
def _check_daemons(self):
'''Check for pidfile and if running'''
pidfile = "/var/run/ntpd.pid"
warning = "Could not find pidfile '%s'" % (pidfile)
self.assertTrue(os.path.exists(pidfile), warning)
self.assertTrue(testlib.check_pidfile("ntpd", pidfile))
def test_daemons(self):
'''Test daemon'''
self.assertTrue(testlib.check_pidfile("nginx", self.pidfile))
def test_daemon(self):
'''Test if slpd daemon is running'''
self.assertTrue(
testlib.check_pidfile(os.path.basename(self.server_binary),
self.server_pidfile))
def test_daemon(self):
'''Test daemon'''
testlib.check_pidfile(self.exe, self.pidfile)
def test_daemons(self):
'''Test daemon'''
pidfile = "/var/run/lighttpd.pid"
self.assertTrue(testlib.check_pidfile("lighttpd", pidfile))
def test_apache_daemon(self):
'''Test Apache daemon'''
pidfile = "/var/run/apache2.pid"
self.assertTrue(testlib.check_pidfile("apache2", pidfile))
