test: new test, verifies .conf option secure_mode

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This commit is contained in:
Joachim Wiberg 2022-05-22 22:01:42 +02:00
parent 075815eeb8
commit 477bb40c44
2 changed files with 72 additions and 1 deletions

View File

@ -1,6 +1,6 @@
EXTRA_DIST = lib.sh opts.sh
EXTRA_DIST += api.sh local.sh unicode.sh remote.sh fwd.sh mark.sh \
facility.sh notify.sh rotate_all.sh
facility.sh notify.sh rotate_all.sh secure.sh
CLEANFILES = *~ *.trs *.log
TEST_EXTENSIONS = .sh
TESTS_ENVIRONMENT= unshare -mrun
@ -21,5 +21,6 @@ TESTS += fwd.sh
TESTS += mark.sh
TESTS += notify.sh
TESTS += rotate_all.sh
TESTS += secure.sh
programs: $(check_PROGRAMS)

70
test/secure.sh Executable file
View File

@ -0,0 +1,70 @@
#!/bin/sh
# Verify secure_mode changes at runtime w/o having to restart syslogd.
# We want to ensure goint from most secure, to no security, and back,
# works as intended.
#
# shellcheck disable=SC1090
if [ x"${srcdir}" = x ]; then
srcdir=.
fi
. ${srcdir}/lib.sh
MSG="Kilroy was here"
set_secure_mode()
{
cat <<-EOF > "${CONF}"
*.* @127.0.0.2
secure_mode=$1
EOF
if is_running; then
reload
else
setup -m0
fi
sleep 1
}
do_port_check()
{
netstat -atnup | grep "$PORT\|PORT2"
}
check_no_port_open()
{
do_port_check && FAIL "$@"
}
check_port_open()
{
do_port_check || FAIL "$@"
}
check_remote_logging()
{
cap_start
logger "$MSG"
cap_stop
cap_find "$MSG" || FAIL "Cannot find: $MSG"
}
print "Secure mode 2 - no remote no ports"
set_secure_mode 2
check_no_port_open "Secure mode 2, yet ports are opened!"
print "Secure mode 1 - remote but no ports"
set_secure_mode 1
check_no_port_open "Secure mode 1, yet ports are opened!"
check_remote_logging
print "Secure mode 0 - remote and open ports"
set_secure_mode 0
check_remote_logging "Secure mode 0, but no ports open!"
check_port_open
print "Secure mode 1 - remote but no ports"
set_secure_mode 1
check_no_port_open "Secure mode 1, yet ports are opened!"
check_remote_logging
OK