Tests: local software modules (chkrootkit / nmap)

2026-02-21 19:28:02 +00:00 · 2019-02-05 11:46:14 +00:00
parent 4c67181466
commit 9574ba5601
6 changed files with 66 additions and 11 deletions
--- a/lib/objects/post_provision_test.rb
+++ b/lib/objects/post_provision_test.rb
@@ -7,10 +7,11 @@

 require 'json'
 require 'base64'
-
 require 'socket'
 require 'timeout'

+require_relative '../../../lib/helpers/gem_exec'
+
 class PostProvisionTest
  attr_accessor :project_path
  attr_accessor :system_ip
@@ -71,10 +72,28 @@ class PostProvisionTest
    end
  end

+  def test_local_command(test_output, local_command, match_string)
+    Dir.chdir(get_project_path) do
+      output = run_vagrant_ssh(local_command)
+      if output[:stdout].include? match_string or output[:stderr].include? match_string
+        self.outputs << "PASSED: #{test_output} local command (#{local_command}) matches with output (#{match_string}) on #{get_system_name}!"
+      else
+        self.outputs << "FAILED: #{test_output} local command (#{local_command}) matches with output (#{match_string}) on #{get_system_name}!"
+        self.outputs << output[:stderr]
+        self.all_tests_passed = false
+      end
+    end
+  end
+
  ##################
  # Misc Functions #
  ##################

+  def run_vagrant_ssh(args)
+    stdout, stderr, status = Open3.capture3("/usr/bin/vagrant ssh -c '#{args}'")
+    {:stdout => stdout, :stderr => stderr, :exit_status => status}
+  end
+
  def get_system_ip
    vagrant_file_path = "#{get_project_path}/Vagrantfile"
    vagrantfile = File.read(vagrant_file_path)
--- a/lib/templates/Vagrantfile.erb
+++ b/lib/templates/Vagrantfile.erb
@@ -136,7 +136,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 <%       else %>
    <%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, type: "dhcp", auto_config: false
 <%       end %>
-       # ip_address_for_<%= system.name %>=DHCP
+       <% # Below string is used within testing, do not delete. -%>
+     # ip_address_for_<%= system.name %>=DHCP
 <%     # Static networking -%>
 <%     else -%>
 <%      # Static oVirt networking -%>
@@ -151,7 +152,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 <%       # Static Virtualbox networking -%>
 <%       else -%>
  <%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, ip: "<%= resolve_network(selected_module)%>"
-       # ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
+       <% # Below string is used within testing, do not delete. -%>
+     # ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
 <%       end -%>
 <%     end -%>
 <%   when 'vulnerability', 'service', 'utility', 'build' -%>
--- a/modules/vulnerabilities/unix/local/chkrootkit/secgen_test/chkrootkit.rb
+++ b/modules/vulnerabilities/unix/local/chkrootkit/secgen_test/chkrootkit.rb
@@ -0,0 +1,17 @@
+require_relative '../../../../../lib/post_provision_test'
+
+class ChkrootkitVulnTest < PostProvisionTest
+  def initialize
+    self.module_name = 'chkrootkit'
+    self.module_path = get_module_path(__FILE__)
+    super
+  end
+
+  def test_module
+    super
+    test_local_command('Chkrootkit binary exists?', 'sudo ls -la /usr/sbin/chkrootkit', 'chkrootkit-0.49')
+    test_local_command('Chkrootkit runs?', 'sudo /usr/sbin/chkrootkit -V', 'chkrootkit version 0.49')
+  end
+
+end
+ChkrootkitVulnTest.new.run
--- a/modules/vulnerabilities/unix/local/setuid_nmap/secgen_test/setuid_nmap.rb
+++ b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_test/setuid_nmap.rb
@@ -0,0 +1,19 @@
+require_relative '../../../../../lib/post_provision_test'
+
+
+class SetUIDNmapTest < PostProvisionTest
+  def initialize
+    self.module_name = 'setuid_nmap'
+    self.module_path = get_module_path(__FILE__)
+    super
+  end
+
+  def test_module
+    super
+    test_local_command('nmap has setuid flag?', 'sudo ls -la /usr/bin/nmap', '-rwsr-xr-x')
+    test_local_command('nmap runs?', 'sudo /usr/bin/nmap --version', 'Nmap version')
+  end
+
+end
+
+SetUIDNmapTest.new.run
--- a/scenarios/tests/test_scenario.xml
+++ b/scenarios/tests/test_scenario.xml
@@ -7,11 +7,10 @@
    <system_name>testing</system_name>
    <base platform="linux" distro="Debian 9" type="server"/>

-    <service type="ftp"/>
-    <service module_path=".*ntp.*"/>
+    <vulnerability module_path=".*setuid_nmap" />

    <input into_datastore="IP_addresses">
-      <value>172.16.0.13</value>
+      <value>172.16.0.12</value>
    </input>

    <network type="private_network">
--- a/secgen.rb
+++ b/secgen.rb
@@ -117,10 +117,9 @@ def build_vms(scenario, project_dir, options)
  successful_creation = false

  while retry_count >= 0 and !successful_creation
-    # vagrant_output = GemExec.exe('vagrant', project_dir, "#{command} #{system}")
-    # if vagrant_output[:status] == 0
-    if true
-      # reboot_cycle(project_dir)
+    vagrant_output = GemExec.exe('vagrant', project_dir, "#{command} #{system}")
+    if vagrant_output[:status] == 0
+      reboot_cycle(project_dir)
      if post_provision_tests(project_dir)
        Print.info 'VMs created.'
        successful_creation = true
@@ -358,7 +357,7 @@ def post_provision_tests(project_dir)
      tests_passed = false
      Print.err test_output[:stdout].join("\n")
      Print.err "Post provision tests contained failures!"
-      Print.err test_output[:stderr].join("\n") if test_output[:stderr].length > 0
+      Print.err test_output[:stderr]
    else
      Print.info test_output[:stdout].join("\n")
    end