diff options
-rwxr-xr-x | test/fs_chroot_asroot.exp | 2 | ||||
-rwxr-xr-x | test/servers.exp | 40 | ||||
-rwxr-xr-x | test/servers2.exp | 42 | ||||
-rwxr-xr-x | test/servers3.exp | 42 | ||||
-rwxr-xr-x | test/servers4.exp | 46 | ||||
-rwxr-xr-x | test/servers5.exp | 57 | ||||
-rwxr-xr-x | test/servers6.exp | 68 | ||||
-rwxr-xr-x | test/test-root.sh | 21 |
8 files changed, 243 insertions, 75 deletions
diff --git a/test/fs_chroot_asroot.exp b/test/fs_chroot_asroot.exp index 7e18153e0..6c27bf1db 100755 --- a/test/fs_chroot_asroot.exp +++ b/test/fs_chroot_asroot.exp | |||
@@ -76,7 +76,7 @@ sleep 1 | |||
76 | send -- "ps aux |wc -l; pwd\r" | 76 | send -- "ps aux |wc -l; pwd\r" |
77 | expect { | 77 | expect { |
78 | timeout {puts "TESTING ERROR 5\n";exit} | 78 | timeout {puts "TESTING ERROR 5\n";exit} |
79 | "5" | 79 | "6" |
80 | } | 80 | } |
81 | expect { | 81 | expect { |
82 | timeout {puts "TESTING ERROR 6\n";exit} | 82 | timeout {puts "TESTING ERROR 6\n";exit} |
diff --git a/test/servers.exp b/test/servers.exp deleted file mode 100755 index a36814a69..000000000 --- a/test/servers.exp +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 2 | ||
19 | |||
20 | |||
21 | send -- "/etc/init.d/rsyslog start;sleep 1;/etc/init.d/ssh start;sleep 1;/etc/init.d/nginx start\r" | ||
22 | sleep 3 | ||
23 | |||
24 | send -- "ps aux; pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "rsyslogd" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2\n";exit} | ||
31 | "sshd" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "nginx" | ||
36 | } | ||
37 | |||
38 | send -- "exit\r" | ||
39 | sleep 1 | ||
40 | puts "\n" | ||
diff --git a/test/servers2.exp b/test/servers2.exp index 28bcae207..90e34470f 100755 --- a/test/servers2.exp +++ b/test/servers2.exp | |||
@@ -1,6 +1,6 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 5 |
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
@@ -10,22 +10,48 @@ expect { | |||
10 | "root" | 10 | "root" |
11 | } | 11 | } |
12 | 12 | ||
13 | send -- "firejail --net=br0 --ip=10.10.20.5--seccomp\r" | 13 | send -- "pkill snmpd\r" |
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" | ||
14 | expect { | 18 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 19 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "Child process initialized" | 20 | "Child process initialized" |
17 | } | 21 | } |
18 | sleep 2 | 22 | sleep 2 |
19 | 23 | ||
20 | send -- "/etc/init.d/snmpd start" | 24 | spawn $env(SHELL) |
25 | send -- "firejail --tree\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "snmp:/usr/sbin/snmpd" | ||
29 | } | ||
21 | sleep 2 | 30 | sleep 2 |
22 | 31 | ||
23 | send -- "ps aux; pwd\r" | 32 | send -- "tail /var/log/syslog\r" |
24 | expect { | 33 | expect { |
25 | timeout {puts "TESTING ERROR 1\n";exit} | 34 | timeout {puts "TESTING ERROR 3\n";exit} |
26 | "snmpd" | 35 | "snmpd" |
27 | } | 36 | } |
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "NET-SNMP version" | ||
40 | } | ||
28 | 41 | ||
29 | send -- "exit\r" | 42 | send -- "firejail --join=snmpd\r" |
30 | sleep 1 | 43 | sleep 2 |
31 | puts "\n" | 44 | |
45 | send -- "ls /dev\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
49 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
50 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
51 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
52 | "log" | ||
53 | } | ||
54 | sleep 2 | ||
55 | |||
56 | sleep 2 | ||
57 | puts "\nall done\n" | ||
diff --git a/test/servers3.exp b/test/servers3.exp index da44a28ee..20a20a88d 100755 --- a/test/servers3.exp +++ b/test/servers3.exp | |||
@@ -1,6 +1,6 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 5 |
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
@@ -10,37 +10,59 @@ expect { | |||
10 | "root" | 10 | "root" |
11 | } | 11 | } |
12 | 12 | ||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | 13 | send -- "pkill apache\r" |
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=apache /etc/init.d/apache2 start\r" | ||
14 | expect { | 18 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 19 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "Child process initialized" | 20 | "Child process initialized" |
17 | } | 21 | } |
18 | sleep 2 | 22 | sleep 2 |
19 | 23 | ||
20 | send -- "/etc/init.d/apache2 start\r" | ||
21 | sleep 2 | ||
22 | 24 | ||
23 | send -- "ps aux; pwd\r" | 25 | spawn $env(SHELL) |
26 | send -- "firejail --tree\r" | ||
24 | expect { | 27 | expect { |
25 | timeout {puts "TESTING ERROR 1\n";exit} | 28 | timeout {puts "TESTING ERROR 1\n";exit} |
26 | "apache" | 29 | "root:/usr/sbin/apache2" |
27 | } | 30 | } |
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 2\n";exit} | ||
33 | "www-data:/usr/sbin/apache2" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
28 | 37 | ||
29 | send -- "rm index.html\r" | 38 | send -- "rm index.html\r" |
30 | sleep 1 | 39 | sleep 1 |
31 | send -- "wget 0\r" | 40 | send -- "wget 0\r" |
32 | expect { | 41 | expect { |
33 | timeout {puts "TESTING ERROR 2\n";exit} | 42 | timeout {puts "TESTING ERROR 3\n";exit} |
34 | "saved" | 43 | "saved" |
35 | } | 44 | } |
36 | send -- "cat index.html\r" | 45 | send -- "cat index.html\r" |
37 | expect { | 46 | expect { |
38 | timeout {puts "TESTING ERROR 3\n";exit} | 47 | timeout {puts "TESTING ERROR 4\n";exit} |
39 | "This is the default web page for this server" | 48 | "This is the default web page for this server" |
40 | } | 49 | } |
41 | 50 | ||
51 | sleep 1 | ||
52 | send -- "rm index.html\r" | ||
53 | |||
54 | send -- "firejail --join=apache\r" | ||
55 | sleep 2 | ||
42 | 56 | ||
57 | send -- "ls /dev\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 5\n";exit} | ||
60 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
61 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
62 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
63 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
64 | "log" | ||
65 | } | ||
66 | sleep 2 | ||
43 | 67 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | puts "\nall done\n" | 68 | puts "\nall done\n" |
diff --git a/test/servers4.exp b/test/servers4.exp index 9feeecf61..86500707a 100755 --- a/test/servers4.exp +++ b/test/servers4.exp | |||
@@ -1,6 +1,6 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 5 |
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
@@ -10,23 +10,49 @@ expect { | |||
10 | "root" | 10 | "root" |
11 | } | 11 | } |
12 | 12 | ||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | 13 | send -- "pkill dhcpd\r" |
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" | ||
14 | expect { | 17 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 18 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "Child process initialized" | 19 | "Child process initialized" |
17 | } | 20 | } |
18 | sleep 2 | 21 | sleep 2 |
19 | 22 | ||
20 | send -- "/etc/init.d/isc-dhcp-server start\r" | 23 | spawn $env(SHELL) |
21 | sleep 5 | 24 | send -- "firejail --tree\r" |
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "root:/usr/sbin/dhcpd" | ||
28 | } | ||
29 | sleep 2 | ||
30 | |||
31 | send -- "tail -n 200 /var/log/syslog\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "Internet Systems Consortium DHCP Server" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "Wrote 0 leases to leases file" | ||
39 | } | ||
40 | sleep 2 | ||
22 | 41 | ||
42 | send -- "firejail --join=dhcpd\r" | ||
43 | sleep 2 | ||
23 | 44 | ||
24 | send -- "ps aux; pwd\r" | 45 | send -- "ls /dev\r" |
25 | expect { | 46 | expect { |
26 | timeout {puts "TESTING ERROR 1\n";exit} | 47 | timeout {puts "TESTING ERROR 5\n";exit} |
27 | "dhcpd" | 48 | "tty0" {puts "TESTING ERROR 6\n";exit} |
49 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
50 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
51 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
52 | "log" | ||
28 | } | 53 | } |
54 | sleep 2 | ||
55 | |||
56 | |||
57 | puts "\nall done\n" | ||
29 | 58 | ||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | puts "\n" | ||
diff --git a/test/servers5.exp b/test/servers5.exp new file mode 100755 index 000000000..193e662ff --- /dev/null +++ b/test/servers5.exp | |||
@@ -0,0 +1,57 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill unbound\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=unbound unbound\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 2 | ||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --tree\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "unbound:unbound" | ||
28 | } | ||
29 | sleep 2 | ||
30 | |||
31 | send -- "tail /var/log/syslog\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "unbound" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "info: start of service" | ||
39 | } | ||
40 | sleep 2 | ||
41 | |||
42 | send -- "firejail --join=unbound\r" | ||
43 | sleep 2 | ||
44 | |||
45 | send -- "ls /dev\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
49 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
50 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
51 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
52 | "log" | ||
53 | } | ||
54 | sleep 2 | ||
55 | |||
56 | |||
57 | puts "\nall done\n" | ||
diff --git a/test/servers6.exp b/test/servers6.exp new file mode 100755 index 000000000..2179f6f98 --- /dev/null +++ b/test/servers6.exp | |||
@@ -0,0 +1,68 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill nginx\r" | ||
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=nginx /etc/init.d/nginx start\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 0\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | sleep 2 | ||
23 | |||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firejail --tree\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1\n";exit} | ||
29 | "root:nginx" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 2\n";exit} | ||
33 | "www-data:nginx" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | |||
38 | send -- "rm index.html\r" | ||
39 | sleep 1 | ||
40 | send -- "wget 0\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 3\n";exit} | ||
43 | "saved" | ||
44 | } | ||
45 | send -- "cat index.html\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 4\n";exit} | ||
48 | "Welcome to nginx" | ||
49 | } | ||
50 | |||
51 | sleep 1 | ||
52 | send -- "rm index.html\r" | ||
53 | |||
54 | send -- "firejail --join=nginx\r" | ||
55 | sleep 2 | ||
56 | |||
57 | send -- "ls /dev\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 5\n";exit} | ||
60 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
61 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
62 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
63 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
64 | "log" | ||
65 | } | ||
66 | sleep 2 | ||
67 | |||
68 | puts "\nall done\n" | ||
diff --git a/test/test-root.sh b/test/test-root.sh index 94ac3447d..ac6b2ef00 100755 --- a/test/test-root.sh +++ b/test/test-root.sh | |||
@@ -8,27 +8,36 @@ echo "TESTING: network interfaces" | |||
8 | echo "TESTING: chroot" | 8 | echo "TESTING: chroot" |
9 | ./fs_chroot_asroot.exp | 9 | ./fs_chroot_asroot.exp |
10 | 10 | ||
11 | echo "TESTING: servers rsyslogd, sshd, nginx" | ||
12 | ./servers.exp | ||
13 | |||
14 | if [ -f /etc/init.d/snmpd ] | 11 | if [ -f /etc/init.d/snmpd ] |
15 | then | 12 | then |
16 | echo "TESTING: servers snmpd" | 13 | echo "TESTING: servers snmpd, private-dev" |
17 | ./servers2.exp | 14 | ./servers2.exp |
18 | fi | 15 | fi |
19 | 16 | ||
20 | if [ -f /etc/init.d/apache2 ] | 17 | if [ -f /etc/init.d/apache2 ] |
21 | then | 18 | then |
22 | echo "TESTING: servers apache2" | 19 | echo "TESTING: servers apache2, private-dev" |
23 | ./servers3.exp | 20 | ./servers3.exp |
24 | fi | 21 | fi |
25 | 22 | ||
26 | if [ -f /etc/init.d/isc-dhcp-server ] | 23 | if [ -f /etc/init.d/isc-dhcp-server ] |
27 | then | 24 | then |
28 | echo "TESTING: servers isc dhcp server" | 25 | echo "TESTING: servers isc dhcp server, private-dev" |
29 | ./servers4.exp | 26 | ./servers4.exp |
30 | fi | 27 | fi |
31 | 28 | ||
29 | if [ -f /etc/init.d/unbound ] | ||
30 | then | ||
31 | echo "TESTING: servers unbound, private-dev" | ||
32 | ./servers5.exp | ||
33 | fi | ||
34 | |||
35 | if [ -f /etc/init.d/nginx ] | ||
36 | then | ||
37 | echo "TESTING: servers nginx, private-dev" | ||
38 | ./servers6.exp | ||
39 | fi | ||
40 | |||
32 | echo "TESTING: /proc/sysrq-trigger reset disabled" | 41 | echo "TESTING: /proc/sysrq-trigger reset disabled" |
33 | ./sysrq-trigger.exp | 42 | ./sysrq-trigger.exp |
34 | 43 | ||