mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
aa-log: add tests.
This commit is contained in:
parent
a3f452452a
commit
53c4d119d6
129
cmd/aa-log/main_test.go
Normal file
129
cmd/aa-log/main_test.go
Normal file
@ -0,0 +1,129 @@
|
||||
// aa-log - Review AppArmor generated messages
|
||||
// Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
|
||||
var refDnsmasq = AppArmorLogs{
|
||||
{
|
||||
"apparmor": "DENIED",
|
||||
"profile": "dnsmasq",
|
||||
"operation": "open",
|
||||
"name": "/proc/sys/kernel/osrelease",
|
||||
"comm": "dnsmasq",
|
||||
"requested_mask": "r",
|
||||
"denied_mask": "r",
|
||||
},
|
||||
{
|
||||
"apparmor": "DENIED",
|
||||
"profile": "dnsmasq",
|
||||
"operation": "open",
|
||||
"name": "/proc/1/environ",
|
||||
"comm": "dnsmasq",
|
||||
"requested_mask": "r",
|
||||
"denied_mask": "r",
|
||||
},
|
||||
{
|
||||
"apparmor": "DENIED",
|
||||
"profile": "dnsmasq",
|
||||
"operation": "open",
|
||||
"name": "/proc/cmdline",
|
||||
"comm": "dnsmasq",
|
||||
"requested_mask": "r",
|
||||
"denied_mask": "r",
|
||||
},
|
||||
}
|
||||
|
||||
var refKmod = AppArmorLogs{
|
||||
{
|
||||
"apparmor": "ALLOWED",
|
||||
"profile": "kmod",
|
||||
"operation": "file_inherit",
|
||||
"comm": "modprobe",
|
||||
"family": "unix",
|
||||
"sock_type": "stream",
|
||||
"protocol": "0",
|
||||
"requested_mask": "send receive",
|
||||
},
|
||||
}
|
||||
|
||||
var refMan = AppArmorLogs{
|
||||
{
|
||||
"apparmor": "ALLOWED",
|
||||
"profile": "man",
|
||||
"operation": "exec",
|
||||
"name": "/usr/bin/preconv",
|
||||
"info": "no new privs",
|
||||
"comm": "man",
|
||||
"requested_mask": "x",
|
||||
"denied_mask": "x",
|
||||
"error": "-1",
|
||||
},
|
||||
}
|
||||
|
||||
var refStringKmod = "\033[1;32mALLOWED\033[0m \033[34mkmod\033[0m \033[33mfile_inherit\033[0m comm=modprobe family=unix sock_type=stream protocol=0 requested_mask=\033[1;31m\"send receive\"\033[0m\n"
|
||||
var refStringMan = "\033[1;32mALLOWED\033[0m \033[34mman\033[0m \033[33mexec\033[0m \033[35m/usr/bin/preconv\033[0m info=\"no new privs\" comm=man requested_mask=\033[1;31mx\033[0m denied_mask=\033[1;31mx\033[0m error=-1\n"
|
||||
|
||||
func TestNewApparmorLogs(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
path string
|
||||
want AppArmorLogs
|
||||
}{
|
||||
{
|
||||
name: "dnsmasq",
|
||||
path: "../../tests/audit.log",
|
||||
want: refDnsmasq,
|
||||
},
|
||||
{
|
||||
name: "kmod",
|
||||
path: "../../tests/audit.log",
|
||||
want: refKmod,
|
||||
},
|
||||
{
|
||||
name: "man",
|
||||
path: "../../tests/audit.log",
|
||||
want: refMan,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
file, _ := os.Open(tt.path)
|
||||
if got := NewApparmorLogs(file, tt.name); !reflect.DeepEqual(got, tt.want) {
|
||||
t.Errorf("NewApparmorLogs() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppArmorLogs_String(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
aaLogs AppArmorLogs
|
||||
want string
|
||||
}{
|
||||
{
|
||||
name: "kmod",
|
||||
aaLogs: refKmod,
|
||||
want: refStringKmod,
|
||||
},
|
||||
{
|
||||
name: "man",
|
||||
aaLogs: refMan,
|
||||
want: refStringMan,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if got := tt.aaLogs.String(); got != tt.want {
|
||||
t.Errorf("AppArmorLogs.String() = %v, want %v len: %d - %d", got, tt.want, len(got), len(tt.want))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
28
tests/audit.log
Normal file
28
tests/audit.log
Normal file
@ -0,0 +1,28 @@
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=60 op=LOAD
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="kmod" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="mkinitcpio" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman-hook-mkinitcpio-install" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509201 comm="apparmor_parser"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509200 comm="apparmor_parser"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="aa-log" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=509286 comm="remove-system.m" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="user"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="sysctl" name="/proc/sys/kernel/panic_on_oops" pid=509859 comm="sysctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=75 op=LOAD
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="signal" profile="dbus-daemon" pid=2466 comm="at-spi-bus-laun" requested_mask="receive" denied_mask="receive" signal=term peer="at-spi-bus-launcher"
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=16 op=LOAD
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=17 op=LOAD
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/sys/kernel/osrelease" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/1/environ" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/cmdline" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_load" profile="apparmor_parser" name="docker-default" pid=1775 comm="apparmor_parser"
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=18 op=LOAD
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=22 op=LOAD
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/home/user/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/etc/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=23 op=LOAD
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root-aaabbbc0.log" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="fusermount" name="/run/user/1000/doc/" pid=8703 comm="fusermount" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000FSUID="root" OUID="user"
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="chrome-gnome-shell" name="/home/user/.netrc" pid=9119 comm="chrome-gnome-sh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
|
||||
type=BPF msg=audit(1111111111.111:1111): prog-id=26 op=LOAD
|
||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="man" name="/usr/bin/preconv" pid=60755 comm="man" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="man_groff"FSUID="user" OUID="root"
|
Loading…
Reference in New Issue
Block a user