This repository has been archived by the owner on Jul 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 37
/
libaudit_test.go
143 lines (134 loc) · 3.45 KB
/
libaudit_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package libaudit
import (
"bufio"
"bytes"
"math/rand"
"os"
"os/exec"
"strconv"
"strings"
"syscall"
"testing"
"time"
)
func TestWireFormat(t *testing.T) {
rr := NetlinkMessage{}
rr.Header.Len = uint32(syscall.NLMSG_HDRLEN + 4)
rr.Header.Type = syscall.AF_NETLINK
rr.Header.Flags = syscall.NLM_F_REQUEST | syscall.NLM_F_ACK
rr.Header.Seq = 2
data := make([]byte, 4)
hostEndian.PutUint32(data, 12)
rr.Data = append(rr.Data[:], data[:]...)
expected := []byte{20, 0, 0, 0, 16, 0, 5, 0, 2, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0}
result := rr.ToWireFormat()
if bytes.Compare(expected, result) != 0 {
t.Fatalf("ToWireFormat: resulting bytes unexpected")
}
}
func TestNetlinkConnection(t *testing.T) {
if os.Getuid() != 0 {
t.Skipf("skipping test, not root user")
}
s, err := NewNetlinkConnection()
if err != nil {
t.Fatalf("NewNetlinkConnection: %v", err)
}
defer s.Close()
wb := newNetlinkAuditRequest(uint16(AUDIT_GET), syscall.AF_NETLINK, 0)
if err = s.Send(wb); err != nil {
t.Errorf("Send: %v", err)
}
_, err = auditGetReply(s, wb.Header.Seq, true)
if err != nil {
t.Errorf("TestNetlinkConnection: test failed %v", err)
}
}
func TestSetters(t *testing.T) {
rand.Seed(time.Now().Unix())
var (
s *NetlinkConnection
pid = os.Getpid()
ratelimit = 20 + rand.Intn(480)
backlog = 20 + rand.Intn(480)
)
if os.Getuid() != 0 {
t.Skipf("skipping test, not root user")
}
s, err := NewNetlinkConnection()
if err != nil {
t.Fatalf("NewNetlinkConnection: %v", err)
}
defer s.Close()
err = AuditSetEnabled(s, true)
if err != nil {
t.Fatalf("AuditSetEnabled: %v", err)
}
auditstatus, err := AuditIsEnabled(s)
if err != nil {
t.Fatalf("AuditIsEnabled: %v", err)
}
if !auditstatus {
t.Fatalf("AuditIsEnabled returned false")
}
err = AuditSetRateLimit(s, ratelimit)
if err != nil {
t.Fatalf("AuditSetRateLimit: %v", err)
}
err = AuditSetBacklogLimit(s, backlog)
if err != nil {
t.Fatalf("AuditSetBacklogLimit: %v", err)
}
err = AuditSetPID(s, pid)
if err != nil {
t.Fatalf("AuditSetPID: %v", err)
}
// Use the external auditctl program to obtain the set values, and compare to what we
// expect
cmd := exec.Command("auditctl", "-s")
cmdOutput := &bytes.Buffer{}
cmd.Stdout = cmdOutput
if err := cmd.Run(); err != nil {
t.Fatalf("exec auditctl: %v", err)
}
scanner := bufio.NewScanner(cmdOutput)
for scanner.Scan() {
args := strings.Split(scanner.Text(), " ")
if len(args) < 2 {
t.Fatalf("auditctl: malformed output %q", scanner.Text())
}
switch args[0] {
case "enabled":
if args[1] != "1" {
t.Fatalf("enabled should have been 1")
}
case "pid":
v, err := strconv.Atoi(args[1])
if err != nil {
t.Fatalf("pid argument was not an integer")
}
if v != pid {
t.Fatalf("pid should have been %v, was %v", pid, v)
}
case "rate_limit":
v, err := strconv.Atoi(args[1])
if err != nil {
t.Fatalf("rate_limit argument was not an integer")
}
if v != ratelimit {
t.Fatalf("ratelimit should have been %v, was %v", ratelimit, v)
}
case "backlog_limit":
v, err := strconv.Atoi(args[1])
if err != nil {
t.Fatalf("backlog_limit argument was not an integer")
}
if v != backlog {
t.Fatalf("backlog_limit should have been %v, was %v", backlog, v)
}
}
}
}