diff --git a/lib/objects/post_provision_test.rb b/lib/objects/post_provision_test.rb
index e4659a2f6..533f9b08b 100644
--- a/lib/objects/post_provision_test.rb
+++ b/lib/objects/post_provision_test.rb
@@ -7,10 +7,11 @@
require 'json'
require 'base64'
-
require 'socket'
require 'timeout'
+require_relative '../../../lib/helpers/gem_exec'
+
class PostProvisionTest
attr_accessor :project_path
attr_accessor :system_ip
@@ -71,10 +72,28 @@ class PostProvisionTest
end
end
+ def test_local_command(test_output, local_command, match_string)
+ Dir.chdir(get_project_path) do
+ output = run_vagrant_ssh(local_command)
+ if output[:stdout].include? match_string or output[:stderr].include? match_string
+ self.outputs << "PASSED: #{test_output} local command (#{local_command}) matches with output (#{match_string}) on #{get_system_name}!"
+ else
+ self.outputs << "FAILED: #{test_output} local command (#{local_command}) matches with output (#{match_string}) on #{get_system_name}!"
+ self.outputs << output[:stderr]
+ self.all_tests_passed = false
+ end
+ end
+ end
+
##################
# Misc Functions #
##################
+ def run_vagrant_ssh(args)
+ stdout, stderr, status = Open3.capture3("/usr/bin/vagrant ssh -c '#{args}'")
+ {:stdout => stdout, :stderr => stderr, :exit_status => status}
+ end
+
def get_system_ip
vagrant_file_path = "#{get_project_path}/Vagrantfile"
vagrantfile = File.read(vagrant_file_path)
diff --git a/lib/templates/Vagrantfile.erb b/lib/templates/Vagrantfile.erb
index 1001829a0..fe2d02346 100644
--- a/lib/templates/Vagrantfile.erb
+++ b/lib/templates/Vagrantfile.erb
@@ -136,7 +136,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
<% else %>
<%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, type: "dhcp", auto_config: false
<% end %>
- # ip_address_for_<%= system.name %>=DHCP
+ <% # Below string is used within testing, do not delete. -%>
+ # ip_address_for_<%= system.name %>=DHCP
<% # Static networking -%>
<% else -%>
<% # Static oVirt networking -%>
@@ -151,7 +152,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
<% # Static Virtualbox networking -%>
<% else -%>
<%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, ip: "<%= resolve_network(selected_module)%>"
- # ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
+ <% # Below string is used within testing, do not delete. -%>
+ # ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
<% end -%>
<% end -%>
<% when 'vulnerability', 'service', 'utility', 'build' -%>
diff --git a/modules/vulnerabilities/unix/local/chkrootkit/secgen_test/chkrootkit.rb b/modules/vulnerabilities/unix/local/chkrootkit/secgen_test/chkrootkit.rb
new file mode 100644
index 000000000..452d4aa6b
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/chkrootkit/secgen_test/chkrootkit.rb
@@ -0,0 +1,17 @@
+require_relative '../../../../../lib/post_provision_test'
+
+class ChkrootkitVulnTest < PostProvisionTest
+ def initialize
+ self.module_name = 'chkrootkit'
+ self.module_path = get_module_path(__FILE__)
+ super
+ end
+
+ def test_module
+ super
+ test_local_command('Chkrootkit binary exists?', 'sudo ls -la /usr/sbin/chkrootkit', 'chkrootkit-0.49')
+ test_local_command('Chkrootkit runs?', 'sudo /usr/sbin/chkrootkit -V', 'chkrootkit version 0.49')
+ end
+
+end
+ChkrootkitVulnTest.new.run
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/setuid_nmap/secgen_test/setuid_nmap.rb b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_test/setuid_nmap.rb
new file mode 100644
index 000000000..78e9506f0
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_test/setuid_nmap.rb
@@ -0,0 +1,19 @@
+require_relative '../../../../../lib/post_provision_test'
+
+
+class SetUIDNmapTest < PostProvisionTest
+ def initialize
+ self.module_name = 'setuid_nmap'
+ self.module_path = get_module_path(__FILE__)
+ super
+ end
+
+ def test_module
+ super
+ test_local_command('nmap has setuid flag?', 'sudo ls -la /usr/bin/nmap', '-rwsr-xr-x')
+ test_local_command('nmap runs?', 'sudo /usr/bin/nmap --version', 'Nmap version')
+ end
+
+end
+
+SetUIDNmapTest.new.run
\ No newline at end of file
diff --git a/scenarios/tests/test_scenario.xml b/scenarios/tests/test_scenario.xml
index 5d39e3819..0368e177e 100644
--- a/scenarios/tests/test_scenario.xml
+++ b/scenarios/tests/test_scenario.xml
@@ -7,11 +7,10 @@
testing
-
-
+
- 172.16.0.13
+ 172.16.0.12
diff --git a/secgen.rb b/secgen.rb
index 085c156fa..9a4d97575 100644
--- a/secgen.rb
+++ b/secgen.rb
@@ -117,10 +117,9 @@ def build_vms(scenario, project_dir, options)
successful_creation = false
while retry_count >= 0 and !successful_creation
- # vagrant_output = GemExec.exe('vagrant', project_dir, "#{command} #{system}")
- # if vagrant_output[:status] == 0
- if true
- # reboot_cycle(project_dir)
+ vagrant_output = GemExec.exe('vagrant', project_dir, "#{command} #{system}")
+ if vagrant_output[:status] == 0
+ reboot_cycle(project_dir)
if post_provision_tests(project_dir)
Print.info 'VMs created.'
successful_creation = true
@@ -358,7 +357,7 @@ def post_provision_tests(project_dir)
tests_passed = false
Print.err test_output[:stdout].join("\n")
Print.err "Post provision tests contained failures!"
- Print.err test_output[:stderr].join("\n") if test_output[:stderr].length > 0
+ Print.err test_output[:stderr]
else
Print.info test_output[:stdout].join("\n")
end