commit eefb69361ba55eb04d111c0068bc6d8aa03ba548 Author: nazunalika Date: Sun Jul 4 23:50:25 2021 -0700 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..8cdb63a --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +sig-core-toolkit +================ + +Release Engineering toolkit for repeatable operations or functionality testing. + +There may be some things that will be moved to its own repository in the near +future. This repository may be mirrored. diff --git a/func/.gitignore b/func/.gitignore new file mode 100644 index 0000000..494301a --- /dev/null +++ b/func/.gitignore @@ -0,0 +1,2 @@ +log/*.log +log/*.log.* diff --git a/func/README.md b/func/README.md new file mode 100644 index 0000000..1d007a9 --- /dev/null +++ b/func/README.md @@ -0,0 +1,466 @@ +Release Engineering Core Functionality Testing +============================================== + +These are a set of scripts that are designed to test the core functionality +of a Rocky Linux system. They are designed to work on current versions of +Rocky and are used to test a system as a Release Engineering self-QA but +can be used by others for their own personal testing (under the assumption +that you just want to see what happens, we don't judge :). + +These tests *must* pass for a release to be considered "Core Validated" +Checking against the upstream repositories for package matches are not enough +and are/will be addressed by other tools. + +* common -> Functions that our scripts and tests may or may not use. Templates + and other files should come here too under common/files and + scripts that use them should reference them as `./common/files/...` +* core -> Core functionality and testing. For example, packages and service + functionality. +* lib -> Library tests (these may be done elsewhere) +* log -> Log output. This repository has example logs of running on Rocky + Linux. +* modules -> Tests for module streams and their basic tests +* stacks -> Software stacks, think like LAMP. + +How to Run +---------- + +There are two ways to run through the tests: + +* By running `/bin/bash runtests.sh` + * Runs all tests +* By running `/bin/bash monotests.sh` + * Runs all tests one by one to help identify failures as they happen + +Adding Tests +------------ + +So you want to add a few tests. Great! Before you add them, I want you to ask +yourself the following questions: + +* Are my test(s) brand new? +* Are my test(s) actually for the "core" functionality of the system? +* Will my test(s) be going through a shellcheck? +* Were my tests running with SELinux enforcing? + +If you've answered no to any of the above, the test may not be valid for this +project. If you are planning on changing a test or fixing a test to look or +work better, then a PR is more than welcome. Some things could definitely +use some touching up or improvements. + +When creating tests, the below should be followed (at a minimum): + +* Use functions from `./common/imports.sh` +* Global variables should be in `./common/exports.sh` +* Reusable files should be in `./common/files` +* Logging is enforced; use `r_log` where ever necessary +* Exits and status checks should be against `r_checkExitStatus` +* Place comments where `r_log` won't be descriptive enough +* With some exceptions, keep lines to a maximum of 80 characters +* Use fullpath to binaries when necessary +* Use shellcheck to verify the scripts are valid and compliant (some stuff that + shellcheck reports could be false - Just use a comment to turn off that test + for that particular line, but you need to ensure it's a false positive.) +* All filenames should start with a number and end with `.sh` (eg `00-foo.sh`) +* The executable bit should be set (except for scripts that are sourced) + +**Note**: that if tests should be skipped, they should be placed into the +`skip.list` file so that way they won't run during the test phase. The file will +get a -x placed on it. Note that this is generally OK, since this repo will just +be cloned when being used anyway and won't be committed back. It is just +expected that all scripts are +x to begin with unless there's a valid reason. +There are a few tests we already have disabled because they're either not done +or they are acting strangely. + +**Note**: If a package required additional modification (eg, dotnet) and it +it has a `.rocky` on the release tag, then it should be noted in the mods.list. +The same thing goes for the debrand list. Additionally, if certain patches +can change the output, it would be good to test for this (see `core/pkg_httpd`) +for an example. + +Core Functionality +------------------ + +Everyone has their own idea of "core functionality." In the case of Release +Engineering, core functionality is simply us saying that with a basic +installation of Rocky Linux, we can run basic commands that any system admin, +developer, or casual user would run and expect to work on a regular basis. + +Think about the software you probably use fairly regularly on any Linux system +that you've installed, ran, or are currently running. Now think about the +commands that you run day in, and day out. Now consider that what you're +running isn't niche and it's highly likely others use them too. If something +goes wrong with the build of your distribution, your tools might not work as +expected. Which is why the idea of doing basic testing of most, if not all of +the common stuff is a good thing to do. + +While writing this, the things that come to mind are: + +* archiving: zip, tar, gzip, etc +* file: head, tail, less, cat, diff, find, grep, vim, git +* network: ping, ip, ssh, wget, curl +* packaging: rpm, dnf +* system utilities: systemctl, top, sudo, ps +* web (packaging): httpd + +Those are just off the top of my head. There's obviously a lot more, but with +that in mind, you now have the idea of what we're trying to accomplish with +this set of tests. + +With that being said, there are obviously other tests being employed for things +that people may or may not use (LAMP stacks for example). It's not a core +function by any means, but it at least validates that a common thing or set of +things works as intended without extending the system or fixing the baseline +set of packages. + +FAQ +--- + +### How do I know what some of these scripts do? +You can view the script and look at the various `r_log` lines or the comments +if they happen to be there. If you don't see a comment, look for an `r_log`. + +### How do I disable a test? +A test can be disabled by running `chmod -x` on any given test. It's also +recommended to add it to `skip.list` + +### Won't some of the tests have to change on (insert major release here)? +Yes and no. There are some tests will have to be altered to deal with it, but +the only way to really find out is to run the tests on a new major release +and see what happens. + +### A test failed, what do I do? +Run a test manually to get the error. (Most) errors are not sent to the logs +as the logs are mainly to say if something was "PASSED", "FAILED", or "SKIPPED". + +### A test isn't descriptive enough on r_log or comments, can I PR for that? +Absolutely - If you feel there is a gap, please fork and change what you feel +needs more information! + +### Do I really need SELinux enforcing to run/add tests? +Yes. + +### Why though? +Ensuring the tests work and operate under default conditions (firewall and +selinux are up) helps those who use our distribution in environments where +security is important, actually work and function correctly. + +With that said, There is no reason to disable integral security layers on your +system. + +Current Tree +------------ +``` +. +├── common +│   ├── exports.sh +│   ├── files +│   │   ├── correct-passwd +│   │   ├── correct-shadow +│   │   ├── dovecot-test-sasl +│   │   ├── hello.c +│   │   ├── hello.cpp +│   │   ├── incorrect-passwd +│   │   ├── incorrect-shadow +│   │   ├── lamp-sql +│   │   ├── lamp-sql-php +│   │   ├── malform-group +│   │   ├── malform-gshadow +│   │   ├── openssl-answers +│   │   ├── postfix-test-sasl +│   │   ├── postfix-test-tls +│   │   └── smb.conf +│   └── imports.sh +├── core +│   ├── pkg_acl +│   │   ├── 00-install-acl.sh +│   │   ├── 10-test-acl-functions.sh +│   │   └── README.md +│   ├── pkg_archive +│   │   ├── 00-install-formats.sh +│   │   ├── 10-bzip.sh +│   │   ├── 20-gzip-bin-test.sh +│   │   ├── 21-gzip-test.sh +│   │   ├── 22-gzexe.sh +│   │   ├── 23-zcmp-zdiff.sh +│   │   ├── 24-zforce.sh +│   │   ├── 25-zgrep.sh +│   │   ├── 25-zless.sh +│   │   ├── 26-zmore.sh +│   │   ├── 27-znew.sh +│   │   ├── 30-tar.sh +│   │   ├── 40-xzcmp-xzdiff.sh +│   │   ├── 40-zip.sh +│   │   ├── 50-lzop.sh +│   │   └── README.md +│   ├── pkg_attr +│   │   ├── 00-install-attr.sh +│   │   ├── 10-check-attr.sh +│   │   └── README.md +│   ├── pkg_auditd +│   │   ├── 00-install-auditd.sh +│   │   ├── 10-auditd-logs.sh +│   │   ├── 11-generate-events.sh +│   │   └── README.md +│   ├── pkg_bash +│   │   ├── 00-bash-version.sh +│   │   └── README.md +│   ├── pkg_bc +│   │   ├── 00-install-bc.sh +│   │   ├── 10-test-calculation.sh +│   │   └── README.md +│   ├── pkg_bind +│   │   ├── 00-install-bind.sh +│   │   ├── 10-test-lookup.sh +│   │   └── README.md +│   ├── pkg_coreutils +│   │   ├── 00-install-coreutils.sh +│   │   ├── 10-arch.sh +│   │   ├── 11-basename.sh +│   │   ├── 12-cat.sh +│   │   ├── 13-cut.sh +│   │   ├── 14-bool.sh +│   │   ├── 15-heads-tails.sh +│   │   ├── 16-pathchk.sh +│   │   ├── 17-readlink.sh +│   │   ├── 18-seq.sh +│   │   ├── 19-timeout.sh +│   │   ├── 20-hash.sh +│   │   ├── 21-touch-ls.sh +│   │   ├── 22-uniq.sh +│   │   ├── 23-wc.sh +│   │   ├── 24-yes.sh +│   │   └── README.md +│   ├── pkg_cpio +│   │   ├── 00-install-cpio.sh +│   │   ├── 10-cpio.sh +│   │   └── README.md +│   ├── pkg_cracklib +│   │   ├── 00-install-cracklib.sh +│   │   ├── 10-test-passwords.sh +│   │   └── README.md +│   ├── pkg_cron +│   │   ├── 00-install-cron.sh +│   │   ├── 10-dot-cron.sh +│   │   └── README.md +│   ├── pkg_curl +│   │   ├── 00-install-curl.sh +│   │   ├── 10-test-curl.sh +│   │   └── README.md +│   ├── pkg_diffutils +│   │   ├── 00-install-diff.sh +│   │   └── README.md +│   ├── pkg_dnf +│   │   ├── 10-remove-package.sh +│   │   └── README.md +│   ├── pkg_dovecot +│   │   ├── 00-install-dovecot.sh +│   │   ├── 01-configure-dovecot.sh +│   │   ├── 10-pop3-test.sh +│   │   ├── 11-imap-test.sh +│   │   ├── 12-dovecot-clean.sh +│   │   └── README.md +│   ├── pkg_file +│   │   ├── 00-install-file.sh +│   │   ├── 10-mime-check.sh +│   │   ├── 20-mime-image.sh +│   │   ├── 30-mime-symlink.sh +│   │   └── README.md +│   ├── pkg_findutils +│   │   ├── 00-install-findutils.sh +│   │   ├── 10-find.sh +│   │   └── README.md +│   ├── pkg_firefox +│   │   ├── 00-install-firefox.sh +│   │   ├── 10-check-firefox-start-page.sh +│   │   └── README.md +│   ├── pkg_firewalld +│   │   ├── 00-install-firewalld.sh +│   │   ├── 10-firewalld-check-rule.sh +│   │   └── README.md +│   ├── pkg_freeradius +│   │   ├── 00-install-freeradius.sh +│   │   ├── 10-test-freeradius.sh +│   │   └── README.md +│   ├── pkg_gcc +│   │   ├── 00-install-gcc.sh +│   │   ├── 10-gcc-build-simple.sh +│   │   ├── 11-gcc-build-cpp.sh +│   │   ├── 20-annobin-test-gcc.sh +│   │   ├── 21-annobin-test-gplusplus.sh +│   │   └── README.md +│   ├── pkg_git +│   │   ├── 00-install-git.sh +│   │   ├── 10-test-git.sh +│   │   ├── 11-test-clone-log.sh +│   │   └── README.md +│   ├── pkg_httpd +│   │   ├── 00-install-httpd.sh +│   │   ├── 10-httpd-branding.sh +│   │   ├── 20-test-basic-http.sh +│   │   ├── 21-test-basic-https.sh +│   │   ├── 30-test-basic-auth.sh +│   │   ├── 40-test-basic-vhost.sh +│   │   ├── 50-test-basic-php.sh +│   │   └── README.md +│   ├── pkg_kernel +│   │   ├── 10-test-kernel-keyring.sh +│   │   ├── 11-test-secure-boot.sh +│   │   ├── 12-test-debrand.sh +│   │   └── README.md +│   ├── pkg_lsb +│   │   ├── 00-install-lsb.sh +│   │   ├── 10-test-branding.sh +│   │   └── README.md +│   ├── pkg_lsof +│   │   ├── 00-install-lsof.sh +│   │   ├── 10-test-lsof.sh +│   │   └── README.md +│   ├── pkg_network +│   │   ├── 00-install-packages.sh +│   │   ├── 10-tracepath.sh +│   │   ├── 11-traceroute.sh +│   │   ├── 12-mtr.sh +│   │   ├── 13-iptraf.sh +│   │   ├── 20-configure-bridge.sh +│   │   ├── 30-test-arpwatch.sh +│   │   ├── imports.sh +│   │   └── README.md +│   ├── pkg_nfs +│   │   ├── 00-install-nfs.sh +│   │   ├── 10-prepare-nfs-ro.sh +│   │   ├── 11-prepare-nfs-rw.sh +│   │   ├── 12-prepare-autofs.sh +│   │   └── README.md +│   ├── pkg_openssl +│   │   ├── 00-install-openssl.sh +│   │   ├── 10-test-openssl.sh +│   │   └── README.md +│   ├── pkg_perl +│   │   ├── 00-install-perl.sh +│   │   ├── 10-test-perl.sh +│   │   ├── 11-test-perl-script.sh +│   │   └── README.md +│   ├── pkg_postfix +│   │   ├── 00-install-postfix.sh +│   │   ├── 10-test-helo.sh +│   │   ├── 20-mta.sh +│   │   ├── 30-postfix-sasl.sh +│   │   ├── 40-postfix-tls.sh +│   │   └── README.md +│   ├── pkg_python +│   │   ├── 00-install-python.sh +│   │   ├── 10-test-python3.sh +│   │   └── README.md +│   ├── pkg_release +│   │   ├── 00-install-file.sh +│   │   ├── 10-name-sanity-check.sh +│   │   ├── 20-check-gpg-keys.sh +│   │   ├── 30-os-release.sh +│   │   ├── 40-system-release.sh +│   │   └── README.md +│   ├── pkg_rootfiles +│   │   ├── 00-install-rootfiles.sh +│   │   └── 10-test-rootfiles.sh +│   ├── pkg_rsyslog +│   │   ├── 00-install-rsyslog.sh +│   │   ├── 10-test-syslog.sh +│   │   └── README.md +│   ├── pkg_samba +│   │   ├── 00-install-samba.sh +│   │   ├── 10-test-samba.sh +│   │   └── README.md +│   ├── pkg_secureboot +│   │   ├── 10-test-grub-secureboot.sh +│   │   ├── 11-test-shim-certs.sh +│   │   └── README.md +│   ├── pkg_selinux +│   │   ├── 00-install-selinux-tools.sh +│   │   ├── 10-check-alerts.sh +│   │   └── 20-check-policy-mismatch.sh +│   ├── pkg_setup +│   │   ├── 00-test-shells.sh +│   │   ├── 10-test-group-file.sh +│   │   ├── 20-test-passwd-file.sh +│   │   └── README.md +│   ├── pkg_shadow-utils +│   │   ├── 00-install.sh +│   │   ├── 10-files-verify.sh +│   │   ├── 20-user-tests.sh +│   │   ├── 30-group-tests.sh +│   │   ├── 40-pw.sh +│   │   ├── 90-clean.sh +│   │   └── README.md +│   ├── pkg_snmp +│   │   ├── 00-install-snmp.sh +│   │   ├── 10-test-snmp-1.sh +│   │   ├── 11-test-snmp-2.sh +│   │   ├── 12-test-snmp-3.sh +│   │   └── README.md +│   ├── pkg_sqlite +│   │   ├── 00-install-sqlite.sh +│   │   ├── 10-sqlite-tables.sh +│   │   ├── 20-sqlite-dump.sh +│   │   └── README.md +│   ├── pkg_strace +│   │   ├── 00-install-strace.sh +│   │   ├── 10-test-strace.sh +│   │   └── README.md +│   ├── pkg_sysstat +│   │   ├── 00-install-sysstat.sh +│   │   ├── 10-iostat.sh +│   │   ├── 11-cpu.sh +│   │   ├── 12-cpu-io.sh +│   │   └── README.md +│   ├── pkg_systemd +│   │   ├── 00-systemd-list-services.sh +│   │   ├── 10-systemd-list-non-native-sevices.sh +│   │   ├── 11-systemd-service-status.sh +│   │   ├── 20-systemd-journald.sh +│   │   └── README.md +│   ├── pkg_tcpdump +│   │   └── README.md +│   ├── pkg_telnet +│   │   ├── 00-install-telnet.sh +│   │   └── 10-test-telnet.sh +│   ├── pkg_vsftpd +│   │   ├── 00-install-vsftpd.sh +│   │   ├── 10-anonymous-vsftpd.sh +│   │   ├── 20-local-login.sh +│   │   ├── 30-cleanup.sh +│   │   └── README.md +│   ├── pkg_wget +│   │   ├── 00-install-wget.sh +│   │   ├── 10-test-wget.sh +│   │   └── README.md +│   └── pkg_which +│   ├── 00-install-which.sh +│   ├── 10-test-which.sh +│   └── README.md +├── debrand.list +├── lib +├── log +│   └── README.md +├── mods.list +├── modules +├── monotests.sh +├── README.md +├── runtests.sh +├── skip.list +└── stacks + ├── ipa + │   ├── 00-ipa-pregame.sh + │   ├── 10-install-ipa.sh + │   ├── 11-configure-ipa.sh + │   ├── 12-verify-ipa.sh + │   ├── 20-ipa-user.sh + │   ├── 21-ipa-service.sh + │   ├── 22-ipa-dns.sh + │   ├── 23-ipa-sudo.sh + │   ├── 50-cleanup-ipa.sh + │   └── README.md + └── lamp + ├── 00-install-lamp.sh + ├── 01-verification.sh + └── 10-test-lamp.sh +``` diff --git a/func/common/exports.sh b/func/common/exports.sh new file mode 100644 index 0000000..4ed75bc --- /dev/null +++ b/func/common/exports.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Common Variables +export DNFDEBUG=0 +export readonly PASS=0 +export readonly FAIL=1 +RL_VER=$(rpm --eval %rhel) +export readonly RL_VER +export readonly PRE_RELEASE=0 +# This should be either: rocky, redhat, centos +export readonly RELEASE_NAME=rocky +# A 0 means it was successful. It can be changed to 1 on failure. +export IPAINSTALLED=0 + +LOGFILE="./log/$(date +'%m-%d-%Y')-tests.log" +export LOGFILE diff --git a/func/common/files/correct-passwd b/func/common/files/correct-passwd new file mode 100644 index 0000000..35ad268 --- /dev/null +++ b/func/common/files/correct-passwd @@ -0,0 +1 @@ +obsidian:x:9999:9999::/home/obsidian:/bin/bash diff --git a/func/common/files/correct-shadow b/func/common/files/correct-shadow new file mode 100644 index 0000000..23e861a --- /dev/null +++ b/func/common/files/correct-shadow @@ -0,0 +1 @@ +obsidian:$6$p/uYvJM34LitE94s$gQsL3.ytkx5MpU0jGOH8XaymvvqxuuUEiZPyazju3vH34tslLjRqUlKebGx8X2lx2nTJdvcC/H4BdUZvLUyGF1:18780:0:99999:7::: diff --git a/func/common/files/dovecot-test-sasl b/func/common/files/dovecot-test-sasl new file mode 100644 index 0000000..ceb24ea --- /dev/null +++ b/func/common/files/dovecot-test-sasl @@ -0,0 +1,7 @@ +service auth { + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} diff --git a/func/common/files/hello.c b/func/common/files/hello.c new file mode 100644 index 0000000..2e0e0e4 --- /dev/null +++ b/func/common/files/hello.c @@ -0,0 +1,5 @@ +#include +int main() { + printf("Hello!\n"); + return 0; +} diff --git a/func/common/files/hello.cpp b/func/common/files/hello.cpp new file mode 100644 index 0000000..08c19cf --- /dev/null +++ b/func/common/files/hello.cpp @@ -0,0 +1,5 @@ +#include +int main() { + std::cout << "Hello!\n"; + return 0; +} diff --git a/func/common/files/incorrect-passwd b/func/common/files/incorrect-passwd new file mode 100644 index 0000000..f138abf --- /dev/null +++ b/func/common/files/incorrect-passwd @@ -0,0 +1 @@ +:obsidian:x:9999:9999:::/home/obsidian:/bin/bash: diff --git a/func/common/files/incorrect-shadow b/func/common/files/incorrect-shadow new file mode 100644 index 0000000..23e861a --- /dev/null +++ b/func/common/files/incorrect-shadow @@ -0,0 +1 @@ +obsidian:$6$p/uYvJM34LitE94s$gQsL3.ytkx5MpU0jGOH8XaymvvqxuuUEiZPyazju3vH34tslLjRqUlKebGx8X2lx2nTJdvcC/H4BdUZvLUyGF1:18780:0:99999:7::: diff --git a/func/common/files/lamp-sql b/func/common/files/lamp-sql new file mode 100644 index 0000000..f1ba732 --- /dev/null +++ b/func/common/files/lamp-sql @@ -0,0 +1,5 @@ +create database obsidiancore; +use obsidiancore; +create table tests (name varchar(20)) ; +grant all on obsidiancore.* to 'rocky'@'localhost' identified by 'onyx'; +flush privileges; diff --git a/func/common/files/lamp-sql-php b/func/common/files/lamp-sql-php new file mode 100644 index 0000000..b632fb5 --- /dev/null +++ b/func/common/files/lamp-sql-php @@ -0,0 +1,11 @@ + diff --git a/func/common/files/malform-group b/func/common/files/malform-group new file mode 100644 index 0000000..588928f --- /dev/null +++ b/func/common/files/malform-group @@ -0,0 +1 @@ +:test:x:9999:: diff --git a/func/common/files/malform-gshadow b/func/common/files/malform-gshadow new file mode 100644 index 0000000..46f7ee1 --- /dev/null +++ b/func/common/files/malform-gshadow @@ -0,0 +1 @@ +test:x:: diff --git a/func/common/files/openssl-answers b/func/common/files/openssl-answers new file mode 100644 index 0000000..490fcbd --- /dev/null +++ b/func/common/files/openssl-answers @@ -0,0 +1,15 @@ +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +string_mask = nombstr +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Arizona +localityName = Locality Name (eg, city) +localityName_default = Phoenix +0.organizationName = Organization Name (eg, company) +0.organizationName_default = RESF +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Rocky diff --git a/func/common/files/postfix-test-sasl b/func/common/files/postfix-test-sasl new file mode 100644 index 0000000..2b0bd83 --- /dev/null +++ b/func/common/files/postfix-test-sasl @@ -0,0 +1,6 @@ +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_security_options = noanonymous +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +broken_sasl_auth_clients = yes diff --git a/func/common/files/postfix-test-tls b/func/common/files/postfix-test-tls new file mode 100644 index 0000000..32f0abe --- /dev/null +++ b/func/common/files/postfix-test-tls @@ -0,0 +1,15 @@ +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_security_options = noanonymous +smtpd_tls_security_level = may +smtpd_tls_key_file = /etc/pki/tls/private/mail.key +smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt +# smtpd_tls_CAfile = /etc/pki/tls/root.crt +smtpd_tls_loglevel = 1 +smtpd_tls_session_cache_timeout = 3600s +smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache +tls_random_source = dev:/dev/urandom +smtpd_tls_auth_only = yes +broken_sasl_auth_clients = yes +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination diff --git a/func/common/files/smb.conf b/func/common/files/smb.conf new file mode 100644 index 0000000..ac17107 --- /dev/null +++ b/func/common/files/smb.conf @@ -0,0 +1,11 @@ +[global] +workgroup = wrkgrp +netbios name = smbsrv +security = user +map to guest = Bad User + +[rocky] +comment = Rocky Share +path = /srv/smb +read only = yes +guest only = yes diff --git a/func/common/imports.sh b/func/common/imports.sh new file mode 100644 index 0000000..f5cfc02 --- /dev/null +++ b/func/common/imports.sh @@ -0,0 +1,219 @@ +#!/bin/bash +# Common functions and imports to use across all scripts +# Louis Abel @nazunalika + +################################################################################ +# Functions that (r)eturn things +function r_log() { + SCR=$1 + MESSAGE=$2 + printf "[-] %s %s: %s\n" "$(date +'%m-%d-%Y %T')" "$SCR" "$MESSAGE" >> "$LOGFILE" +} + +# Always call this at the end of scripts to check for exit status. This will +# report "PASS" or "FAIL" depending on the exit and it will show up in the log. +# Args: $1 will be whatever you want checked +function r_checkExitStatus() { + [ "$1" -eq 0 ] && r_log "result" "PASSED" && return "$PASS" + r_log "status" "FAILED" + exit "$FAIL" +} + +# Processes a list of folders containing the tests. This ignores files that +# start with a dot (.), an underscore (_) or contain README in the name. +# This is done because we cannot guarantee that whoever adds in tests or +# writes additional "find" commands won't negate these lookups. + +# Additionally, we should look at the file's executable status. I considered +# just having the files named differently, but that seemed more annoying than +# just setting +x +function r_processor() { + exec 8< $@ + while read -u 8 file; do + if [[ "$(basename ${file})" =~ README|^\.|^_ ]]; then + continue + fi + [ -x ${file} ] && ${file} + done + return 0 +} + +################################################################################ +# Functions that deal with (p)ackages + +# Installs packages normally (including weak dependencies) +# Args: Any number of $1..X +function p_installPackageNormal() { + r_log "internal" "Attempting install: $*" + /usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} install "$@" + r_checkExitStatus $? +} + +# Installs packages excluding weak dependencies - There are some cases where +# you would need to do this. +# Args: Any number of $1..X +function p_installPackageNoWeaks() { + r_log "internal" "Attempting install: $*" + /usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} --setopt install_weak_deps=0 install "$@" + r_checkExitStatus $? +} + +# Removes packages +# Args: Any number of $1..X +function p_removePackage() { + r_log "internal" "Attempting uninstall: $*" + /usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} remove "$@" + r_checkExitStatus $? +} + +# Enables dnf modules +# Args: Any number of $1..X +function p_enableModule() { + r_log "internal" "Enabling module: $*" + /usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} module enable "$@" + r_checkExitStatus $? +} + +# Resets modules (since you can't "disable" technically) +# Args: Any number of $1..X +function p_resetModule() { + r_log "internal" "Resetting module: $*" + /usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} module reset "$@" + r_checkExitStatus $? +} + +function p_getPackageRelease() { + rpm -q --queryformat '%{RELEASE}' $1 +} + +function p_getPackageArch() { + rpm -q --queryformat '%{ARCH}' $1 +} + +function p_getDist() { + rpm -q $(rpm -qf /etc/redhat-release) --queryformat '%{version}\n' | cut -d'.' -f1 +} + +################################################################################ +# Functions that that are considered (m)isc + +# Service cycler, basically a way of handling services and also being able to +# prevent potential race conditions. +function m_serviceCycler() { + if [ "$2" = "cycle" ]; then + /bin/systemctl stop $1 + sleep 3 + /bin/systemctl start $1 + else + /bin/systemctl $2 $1 + fi + sleep 3 +} + +function m_checkForPort() { + while true; do + sleep 1 + if echo > /dev/tcp/localhost/$1 >/dev/null 2>&1; then + r_log "internal" "Waiting for TCP port $1 to start listening" + break + fi + done +} + +function m_assertCleanExit() { + "$@" > /dev/null 2>&1 + r_checkExitStatus $? +} + +function m_assertEquals() { + [ "$1" -eq "$2" ] + r_checkExitStatus $? +} + +function m_skipReleaseEqual() { + if [ "$(rpm --eval %rhel)" -eq "$1" ]; then + r_log "$2" "Skipped test for $1 release" + exit 0 + fi +} + +function m_skipReleaseNotEqual() { + if [ "$(rpm --eval %rhel)" -ne "$1" ]; then + r_log "$2" "Skipped test" + exit 0 + fi +} + +function m_skipReleaseGreaterThan() { + if [ "$(rpm --eval %rhel)" -gt "$1" ]; then + r_log "$2" "Skipped test" + exit 0 + fi +} + +function m_skipReleaseLessThan() { + if [ "$(rpm --eval %rhel)" -lt "$1" ]; then + r_log "$2" "Skipped test" + exit 0 + fi +} + +function m_selectAlternative() { + primaryName=$1 + searchRegex=$2 + option=$(/bin/echo | /usr/sbin/alternatives --config "$primaryName" | /bin/grep -E "$searchRegex" | /usr/bin/head -n1 | sed 's/ .*//g;s/[^0-9]//g') + if [ -z "$option" ]; then + r_log "alternatives" "Option not found for alternative $searchRegex of $primaryName" + r_checkExitStatus 1 + fi + r_log "alternatives" "Selecting alternative $option for $primaryName $searchRegex" + /bin/echo "$option" | /usr/sbin/alternatives --config "$primaryName" > /dev/null 2>&1 +} + +function m_getArch() { + /usr/bin/uname -m +} + +function m_recycleLog() { + num=0 + rotFile="${LOGFILE}.$num" + while [ -e "$rotFile" ]; do + num=$(( num + 1 )) + rotFile="${LOGFILE}.$num" + done + mv "$LOGFILE" "$rotFile" +} + +################################################################################ +# export all functions below + +# When this is sourced, the functions are typically already available and ready +# to be used. But it does not hurt to have them below. + +rl_ver=$(p_getDist) +rl_arch=$(m_getArch) +export rl_ver +export rl_arch + +export -f r_log +export -f r_checkExitStatus +export -f r_processor +export -f p_installPackageNormal +export -f p_installPackageNoWeaks +export -f p_removePackage +export -f p_enableModule +export -f p_resetModule +export -f p_getPackageRelease +export -f p_getPackageArch +export -f p_getDist +export -f m_serviceCycler +export -f m_checkForPort +export -f m_assertCleanExit +export -f m_assertEquals +export -f m_skipReleaseEqual +export -f m_skipReleaseNotEqual +export -f m_skipReleaseGreaterThan +export -f m_skipReleaseLessThan +export -f m_selectAlternative +export -f m_getArch +export -f m_recycleLog diff --git a/func/core/pkg_acl/00-install-acl.sh b/func/core/pkg_acl/00-install-acl.sh new file mode 100755 index 0000000..4394fd7 --- /dev/null +++ b/func/core/pkg_acl/00-install-acl.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "acl" "Install the acl package" +p_installPackageNormal acl +r_log "acl" "Remount filesystems with ACL support (this normally should not be needed)" +mount -o remount,acl / +sleep 3 diff --git a/func/core/pkg_acl/10-test-acl-functions.sh b/func/core/pkg_acl/10-test-acl-functions.sh new file mode 100755 index 0000000..e4c1783 --- /dev/null +++ b/func/core/pkg_acl/10-test-acl-functions.sh @@ -0,0 +1,15 @@ +#!/bin/bash +ACLFILE=/tmp/testfile_acl +r_log "acl" "Test that the acl get and set functions work" +touch "${ACLFILE}" + +# Use setfacl for readonly +r_log "acl" "Set readonly ACL for the user nobody" +setfacl -m user:nobody:r "${ACLFILE}" + +# Use getfacl to verify readonly +r_log "acl" "Verifying that the nobody user is set to read only" +getfacl "${ACLFILE}" | grep -q 'user:nobody:r--' + +r_checkExitStatus $? +/bin/rm -f "${ACLFILE}" diff --git a/func/core/pkg_acl/README.md b/func/core/pkg_acl/README.md new file mode 100644 index 0000000..a994a81 --- /dev/null +++ b/func/core/pkg_acl/README.md @@ -0,0 +1 @@ +Test the acl packge diff --git a/func/core/pkg_archive/00-install-formats.sh b/func/core/pkg_archive/00-install-formats.sh new file mode 100755 index 0000000..6525314 --- /dev/null +++ b/func/core/pkg_archive/00-install-formats.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "archive" "Installing appropriate archive formats" + +# We might need expect for zmore - does anyone actually use zmore? +p_installPackageNormal bzip2 diffutils gzip less ncompress tar unzip util-linux-ng zip lzop diff --git a/func/core/pkg_archive/10-bzip.sh b/func/core/pkg_archive/10-bzip.sh new file mode 100755 index 0000000..9e7b90d --- /dev/null +++ b/func/core/pkg_archive/10-bzip.sh @@ -0,0 +1,27 @@ +#!/bin/bash +r_log "archive" "Test bzip/bzcat/bunzip" +FILE=/var/tmp/bziptest.txt + +cat > "$FILE" < /dev/null || r_checkExitStatus 1 +done + +echo + +r_checkExitStatus 0 diff --git a/func/core/pkg_archive/21-gzip-test.sh b/func/core/pkg_archive/21-gzip-test.sh new file mode 100755 index 0000000..c7f8c8d --- /dev/null +++ b/func/core/pkg_archive/21-gzip-test.sh @@ -0,0 +1,109 @@ +#!/bin/bash +r_log "archive" "Test gzip/zcat/gunzip" + +FILE=/var/tmp/gzip-test.txt +MD5HASH=e6331c582fbad6653832860f469f7d1b + +# Double check that stuff is cleared out +/bin/rm $FILE* &> /dev/null +/bin/rm -rf /var/tmp/gziptest &> /dev/null + +# Make our test file +cat > $FILE < /dev/null +[ $? -ne 2 ] && r_checkExitStatus 1 + +echo | gzip $FILE &> /dev/null +[ $? -ne 2 ] && r_checkExitStatus 1 + +# force overwrite +r_log "archive" "Check that files can be forcefully overwritten" +gunzip -f $FILE.gz || r_checkExitStatus 1 +touch $FILE.gz +gzip -f $FILE || r_checkExitStatus 1 + +# -a should be ignored +# Hopefully this behavior does NOT change in 9 +r_log "archive" "Check that -a is ignored" +gunzip -a $FILE.gz 2>&1 | head -n 1 | grep -q 'gzip: option --ascii ignored on this system' || r_checkExitStatus 1 + +# -c should write to stdout +r_log "archive" "Check that -c outputs to stdout" +gzip -c $FILE | gunzip | grep -q 'Green Obsidian' || r_checkExitStatus 1 + +# Expected hash is: e6331c582fbad6653832860f469f7d1b +# check -l +r_log "archive" "Check that the md5 matches" +gzip $FILE +md5check=$(gzip -l $FILE.gz | md5sum | cut -d' ' -f1) +[ "$md5check" == "$MD5HASH" ] || r_checkExitStatus 1 + +# Check that -v gives us some good info +r_log "archive" "Check that -v increases verbosity" +gzip -lv $FILE.gz | grep -q "e0e1ed1a" || r_checkExitStatus 1 +gunzip $FILE.gz + +# custom suffix +r_log "archive" "Check that a custom suffix can be used" +gzip -S .rl $FILE +[ -e $FILE.rl ] || r_checkExitStatus 1 +gunzip -S .rl $FILE || r_checkExitStatus 1 + +# check -r +r_log "archive" "Check that -r functions" +mkdir /var/tmp/gziptest +touch /var/tmp/gziptest/{a,b} +gzip -r /var/tmp/gziptest +[ "$(ls /var/tmp/gziptest/*.gz | wc -l)" -eq "2" ] || r_checkExitStatus 1 + +# check different compression levels +r_log "archive" "Check compression levels" +cp $FILE $FILE.1 +gzip -1 $FILE +gzip -9 $FILE.1 +[ "$(stat -c %s $FILE.gz)" -ne "$(stat -c %s $FILE.1.gz)" ] || r_checkExitStatus 1 + +# check multiple input files +r_log "archive" "Check multiple input files" +gunzip $FILE.gz $FILE.1.gz || r_checkExitStatus 1 + +# don't specify an extension +r_log "archive" "Don't specify file extensions" +gzip $FILE $FILE.1 || r_checkExitStatus 1 + +# check that .Z can be handled +r_log "archive" "Verify that .Z files can be handled" +gunzip $FILE.gz +ls -l /var/tmp >> $FILE +compress $FILE || r_checkExitStatus 1 +gunzip $FILE.Z || r_checkExitStatus 1 + +# handle some zip files +r_log "archive" "Verify that .zip files can be handled" +zip $FILE.zip $FILE &> /dev/null || r_checkExitStatus 1 +gunzip -f -S .zip $FILE.zip || r_checkExitStatus 1 + +# handle some tgz files +r_log "archive" "Verify that .tgz files can be handled" +tar -czf $FILE.tgz $FILE &> /dev/null +gunzip $FILE.tgz +[ -e $FILE.tar ] +r_checkExitStatus $? + +# clean up +/bin/rm $FILE* &> /dev/null +/bin/rm -rf /var/tmp/gziptest &> /dev/null diff --git a/func/core/pkg_archive/22-gzexe.sh b/func/core/pkg_archive/22-gzexe.sh new file mode 100755 index 0000000..9aa1b77 --- /dev/null +++ b/func/core/pkg_archive/22-gzexe.sh @@ -0,0 +1,22 @@ +#!/bin/bash +r_log "archive" "Checking gzexe" +r_log "archive" "Creating archive" +FILE=/var/tmp/gzexe-test-script +/bin/rm -f $FILE* &>/dev/null + +cat > $FILE </dev/null || r_checkExitStatus 1 + +r_log "archive" "Check that it actually runs" +$FILE | grep -q "Hello!" +r_checkExitStatus $? + +/bin/rm -f $FILE* 2>/dev/null diff --git a/func/core/pkg_archive/23-zcmp-zdiff.sh b/func/core/pkg_archive/23-zcmp-zdiff.sh new file mode 100755 index 0000000..d176a58 --- /dev/null +++ b/func/core/pkg_archive/23-zcmp-zdiff.sh @@ -0,0 +1,19 @@ +#!/bin/bash +r_log "archive" "Check zcmp and zdiff" +BASEFILE="/var/tmp/gziptest" +/bin/rm -f ${BASEFILE} + +cat > ${BASEFILE}.1 </dev/null + +cat > $BASEFILE < /dev/null + +cat > $BASEFILE < /var/tmp/gziptest.gz +zless -F /var/tmp/gziptest.gz | grep -q 'Rocky Linux' +r_checkExitStatus $? diff --git a/func/core/pkg_archive/26-zmore.sh b/func/core/pkg_archive/26-zmore.sh new file mode 100644 index 0000000..a9bf588 --- /dev/null +++ b/func/core/pkg_archive/26-zmore.sh @@ -0,0 +1 @@ +#!/bin/bash diff --git a/func/core/pkg_archive/27-znew.sh b/func/core/pkg_archive/27-znew.sh new file mode 100755 index 0000000..a4ed246 --- /dev/null +++ b/func/core/pkg_archive/27-znew.sh @@ -0,0 +1,11 @@ +#!/bin/bash +r_log "archive" "Testing znew" + +TESTFILE=/var/tmp/znew.txt +/bin/rm $TESTFILE* &>/dev/null + +ls -l /usr/bin > $TESTFILE +compress $TESTFILE + +znew $TESTFILE.Z +r_checkExitStatus $? diff --git a/func/core/pkg_archive/30-tar.sh b/func/core/pkg_archive/30-tar.sh new file mode 100755 index 0000000..8e09420 --- /dev/null +++ b/func/core/pkg_archive/30-tar.sh @@ -0,0 +1,36 @@ +#!/bin/bash +r_log "archive" "Test tar create and extract" + +TARDIR="/var/tmp/tartest" +FILE1="$TARDIR/test.1.txt" +FILE2="$TARDIR/test.2.txt" + +mkdir -p $TARDIR +cat > $FILE1 < $FILE2 < /dev/null 2>&1 +/bin/rm -rf $TARDIR +if [ -e "$TARDIR" ]; then + r_log "archive" "We couldn't delete $TARDIR" + exit +fi + +tar -C / -xf /var/tmp/tarfile.tar +grep -q 'First file' $FILE1 +RES1=$? +grep -q 'Second file' $FILE2 +RES2=$? + +if [ $RES1 == 0 ] && [ $RES2 == 0 ]; then + ret_val=0 +fi + +r_checkExitStatus $ret_val + +/bin/rm -rf /var/tmp/tarfile.tar $TARDIR diff --git a/func/core/pkg_archive/40-xzcmp-xzdiff.sh b/func/core/pkg_archive/40-xzcmp-xzdiff.sh new file mode 100755 index 0000000..bf357ef --- /dev/null +++ b/func/core/pkg_archive/40-xzcmp-xzdiff.sh @@ -0,0 +1,19 @@ +#!/bin/bash +r_log "archive" "Check xzcmp and xzdiff" +BASEFILE="/var/tmp/xztest" +/bin/rm -f ${BASEFILE} + +cat > ${BASEFILE}.1 < $FILE1 < $FILE2 < ${LZOFILE} + +# running compression +lzop -9 ${LZOFILE} -o ${LZOFILE}.lzo +/bin/rm ${LZOFILE} + +lzop -d ${LZOFILE}.lzo -o ${LZOFILE} +/bin/rm ${LZOFILE}.lzo + +grep -q 'Green Obsidian' ${LZOFILE} + +/bin/rm ${LZOFILE} diff --git a/func/core/pkg_archive/README.md b/func/core/pkg_archive/README.md new file mode 100644 index 0000000..677e4e4 --- /dev/null +++ b/func/core/pkg_archive/README.md @@ -0,0 +1,3 @@ +Tests archive formats and archive accessories + +TODO: Add xz diff --git a/func/core/pkg_attr/00-install-attr.sh b/func/core/pkg_attr/00-install-attr.sh new file mode 100755 index 0000000..f762e84 --- /dev/null +++ b/func/core/pkg_attr/00-install-attr.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "attr" "Installing the attr package" +p_installPackageNormal attr diff --git a/func/core/pkg_attr/10-check-attr.sh b/func/core/pkg_attr/10-check-attr.sh new file mode 100755 index 0000000..9f24ab2 --- /dev/null +++ b/func/core/pkg_attr/10-check-attr.sh @@ -0,0 +1,21 @@ +#!/bin/bash +ATTRTEST="/var/tmp/attrtest.img" +ATTRMNT="/mnt/attrtest" + +r_log "attr" "Checking that *attr works" +dd if=/dev/zero of="${ATTRTEST}" bs=1024000 count=100 &>/dev/null +r_checkExitStatus $? + +mkdir "${ATTRMNT}" +echo -e 'y\n' | mkfs.ext3 "${ATTRTEST}" > /dev/null 2>&1 +mount -t ext3 -o loop,user_xattr "${ATTRTEST}" "${ATTRMNT}" +touch "${ATTRMNT}/testfile" +setfattr -n user.test "${ATTRMNT}/testfile" +getfattr "${ATTRMNT}/testfile" | grep -oq "user.test" + +r_checkExitStatus $? + +# Cleanup +umount /mnt/attrtest +/bin/rm -f "${ATTRTEST}" +/bin/rm -rf "${ATTRMNT}" diff --git a/func/core/pkg_attr/README.md b/func/core/pkg_attr/README.md new file mode 100644 index 0000000..df46daf --- /dev/null +++ b/func/core/pkg_attr/README.md @@ -0,0 +1 @@ +Test attr diff --git a/func/core/pkg_auditd/00-install-auditd.sh b/func/core/pkg_auditd/00-install-auditd.sh new file mode 100755 index 0000000..f78c5df --- /dev/null +++ b/func/core/pkg_auditd/00-install-auditd.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "auditd" "Install auditd (this should be available during minimal)" +p_installPackageNormal audit +r_log "auditd" "Ensure auditd is running and enabled" +# Ignore service cycler, auditd refuses manual stop +/usr/sbin/service auditd restart +sleep 2 +/usr/bin/systemctl status auditd.service | grep -q "active" +r_checkExitStatus $? diff --git a/func/core/pkg_auditd/10-auditd-logs.sh b/func/core/pkg_auditd/10-auditd-logs.sh new file mode 100755 index 0000000..716133a --- /dev/null +++ b/func/core/pkg_auditd/10-auditd-logs.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "auditd" "Check if the audit logs are not empty" +[[ -s /var/log/audit/audit.log ]] +r_checkExitStatus $? diff --git a/func/core/pkg_auditd/11-generate-events.sh b/func/core/pkg_auditd/11-generate-events.sh new file mode 100755 index 0000000..132bea1 --- /dev/null +++ b/func/core/pkg_auditd/11-generate-events.sh @@ -0,0 +1,12 @@ +#!/bin/bash +r_log "auditd" "Generate events for audit log" + +r_log "auditd" "Add test user" +useradd relengauditd +grep "ADD_USER" /var/log/audit/audit.log | grep -q 'acct="relengauditd"' +r_checkExitStatus $? + +r_log "auditd" "Delete test user" +userdel relengauditd +grep "DEL_USER" /var/log/audit/audit.log | grep -q 'ID="relengauditd"' +r_checkExitStatus $? diff --git a/func/core/pkg_auditd/README.md b/func/core/pkg_auditd/README.md new file mode 100644 index 0000000..6cf013e --- /dev/null +++ b/func/core/pkg_auditd/README.md @@ -0,0 +1 @@ +Test auditd diff --git a/func/core/pkg_bash/00-bash-version.sh b/func/core/pkg_bash/00-bash-version.sh new file mode 100755 index 0000000..4d0332f --- /dev/null +++ b/func/core/pkg_bash/00-bash-version.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bash is default installed on minimal +r_log "bash" "Check that the bash version is valid" + +bash --version | grep -qE "(x86_64|aarch64|powerpc64le)-redhat-linux-gnu" + +r_checkExitStatus $? diff --git a/func/core/pkg_bash/README.md b/func/core/pkg_bash/README.md new file mode 100644 index 0000000..da34936 --- /dev/null +++ b/func/core/pkg_bash/README.md @@ -0,0 +1 @@ +Test bash diff --git a/func/core/pkg_bc/00-install-bc.sh b/func/core/pkg_bc/00-install-bc.sh new file mode 100755 index 0000000..24caec9 --- /dev/null +++ b/func/core/pkg_bc/00-install-bc.sh @@ -0,0 +1,8 @@ +#!/bin/bash +r_log "bc" "Install bc" +p_installPackageNormal bc +r_checkExitStatus $? + +r_log "bc" "Check bc version" +bc --version +r_checkExitStatus $? diff --git a/func/core/pkg_bc/10-test-calculation.sh b/func/core/pkg_bc/10-test-calculation.sh new file mode 100755 index 0000000..83489a5 --- /dev/null +++ b/func/core/pkg_bc/10-test-calculation.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "bc" "Testing simple calculations" +test $(echo "8 + 5 * 2 / 10 - 1" | bc) -eq "8" +r_checkExitStatus $? diff --git a/func/core/pkg_bc/README.md b/func/core/pkg_bc/README.md new file mode 100644 index 0000000..ada1326 --- /dev/null +++ b/func/core/pkg_bc/README.md @@ -0,0 +1 @@ +Test bc. diff --git a/func/core/pkg_bind/00-install-bind.sh b/func/core/pkg_bind/00-install-bind.sh new file mode 100755 index 0000000..a2f3f09 --- /dev/null +++ b/func/core/pkg_bind/00-install-bind.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "bind" "Installing bind" +p_installPackageNormal bind bind-utils +m_serviceCycler named start diff --git a/func/core/pkg_bind/10-test-lookup.sh b/func/core/pkg_bind/10-test-lookup.sh new file mode 100755 index 0000000..1e5a0b2 --- /dev/null +++ b/func/core/pkg_bind/10-test-lookup.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "bind" "Testing bind lookups work" +dig +timeout=5 +short @127.0.0.1 localhost | grep -q "127.0.0.1" +r_checkExitStatus $? diff --git a/func/core/pkg_bind/README.md b/func/core/pkg_bind/README.md new file mode 100644 index 0000000..30f7981 --- /dev/null +++ b/func/core/pkg_bind/README.md @@ -0,0 +1 @@ +Test the bind package diff --git a/func/core/pkg_coreutils/00-install-coreutils.sh b/func/core/pkg_coreutils/00-install-coreutils.sh new file mode 100755 index 0000000..9ee642b --- /dev/null +++ b/func/core/pkg_coreutils/00-install-coreutils.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# coreutils should already be there, but just in case I guess. +r_log "coreutils" "Install coreutils" +p_installPackageNormal coreutils diff --git a/func/core/pkg_coreutils/10-arch.sh b/func/core/pkg_coreutils/10-arch.sh new file mode 100755 index 0000000..d051157 --- /dev/null +++ b/func/core/pkg_coreutils/10-arch.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "coreutils" "Check that the architecture matches" +uname -a | grep -q "$(arch)" +r_checkExitStatus $? diff --git a/func/core/pkg_coreutils/11-basename.sh b/func/core/pkg_coreutils/11-basename.sh new file mode 100755 index 0000000..66d70ac --- /dev/null +++ b/func/core/pkg_coreutils/11-basename.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "coreutils" "Testing basename" + +# Doing two tests for validation +basename ./core/pkg_coreutils/11-basename.sh | grep -q 11-basename.sh +r_checkExitStatus $? + +basename /etc/hosts | grep -q hosts +r_checkExitStatus $? diff --git a/func/core/pkg_coreutils/12-cat.sh b/func/core/pkg_coreutils/12-cat.sh new file mode 100755 index 0000000..c4c5929 --- /dev/null +++ b/func/core/pkg_coreutils/12-cat.sh @@ -0,0 +1,11 @@ +#!/bin/bash +r_log "coreutils" "Testing cat" + +cat > /var/tmp/cattest <" 2> /dev/null +[ $? -eq 1 ] && pathchk /var/tmp/fakePathAndFile +[ $? -eq 0 ] && pathchk /var/tmp +r_checkExitStatus $? diff --git a/func/core/pkg_coreutils/17-readlink.sh b/func/core/pkg_coreutils/17-readlink.sh new file mode 100755 index 0000000..a06183b --- /dev/null +++ b/func/core/pkg_coreutils/17-readlink.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "coreutils" "Testing readlink" +ln -s /var/tmp/talk /var/tmp/listen +readlink /var/tmp/listen | grep -q "/var/tmp/talk" +r_checkExitStatus $? +/bin/rm /var/tmp/listen diff --git a/func/core/pkg_coreutils/18-seq.sh b/func/core/pkg_coreutils/18-seq.sh new file mode 100755 index 0000000..91db3f0 --- /dev/null +++ b/func/core/pkg_coreutils/18-seq.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "coreutils" "Testing seq" +seq -s " " 6 | grep -q "1 2 3 4 5 6" && \ +seq -s " " 3 5 | grep -q "3 4 5" && \ +seq -s " " 3 3 9 | grep -q "3 6 9" +r_checkExitStatus $? diff --git a/func/core/pkg_coreutils/19-timeout.sh b/func/core/pkg_coreutils/19-timeout.sh new file mode 100755 index 0000000..a82eec7 --- /dev/null +++ b/func/core/pkg_coreutils/19-timeout.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "coreutils" "Testing timeout and sleep" +timeout 1 sleep 1 +[ $? -eq 124 ] && timeout 2 sleep 2 +[ $? -eq 124 ] && r_checkExitStatus $? diff --git a/func/core/pkg_coreutils/20-hash.sh b/func/core/pkg_coreutils/20-hash.sh new file mode 100755 index 0000000..d31b603 --- /dev/null +++ b/func/core/pkg_coreutils/20-hash.sh @@ -0,0 +1,26 @@ +#!/bin/bash +r_log "coreutils" "Test hash sum tools" + +HASHFILE=/var/tmp/obsidian +echo "Green Obsidian is our release name" > ${HASHFILE} + +r_log "coreutils" "Test md5sum" +/usr/bin/md5sum ${HASHFILE} | grep -q 7ee0df0c24cd8fbf747bbeaec2afb935 +r_checkExitStatus $? +r_log "coreutils" "Test sha1sum" +/usr/bin/sha1sum ${HASHFILE} | grep -q d9dc0c244c60e6488ebca1733d8072217a2e53d9 +r_checkExitStatus $? +r_log "coreutils" "Test sha224sum" +/usr/bin/sha224sum ${HASHFILE} | grep -q 5b7a29dcee3d895e21877d08da1e1408bbd6b09426887cdbfb583753 +r_checkExitStatus $? +r_log "coreutils" "Test sha256sum" +/usr/bin/sha256sum ${HASHFILE} | grep -q 38ee9bbdd83f1f1dd4506b061141d956496ab01dd187e24db35e024b37f47110 +r_checkExitStatus $? +r_log "coreutils" "Test sha384sum" +/usr/bin/sha384sum ${HASHFILE} | grep -q 5002b880f8b05ab66ead70ea828e3869114fe6a85bffc84fc2199c7d10fee39a69c0b523562e7bb208e7922b0d291916 +r_checkExitStatus $? +r_log "coreutils" "Test sha512sum" +/usr/bin/sha512sum ${HASHFILE} | grep -q e50554c29a5cb7bd04279d3c0918e486024c79c4b305a2e360a97d4021dacf56ce0d17fa6e6a0e81ad03d5fb74fbe2d50cce6081c2c277f22b958cdae978a2f5 +r_checkExitStatus $? + +/bin/rm ${HASHFILE} diff --git a/func/core/pkg_coreutils/21-touch-ls.sh b/func/core/pkg_coreutils/21-touch-ls.sh new file mode 100755 index 0000000..563ee4a --- /dev/null +++ b/func/core/pkg_coreutils/21-touch-ls.sh @@ -0,0 +1,13 @@ +#!/bin/bash +r_log "coreutils" "Testing touch and ls" + +r_log "coreutils" "Touch files with specific dates" +touch -t 199104230420 /tmp/touch-1 +touch -t 199104240420 /tmp/touch-2 + +r_log "coreutils" "Verify that the oldest file is last" +ls -lt /tmp/touch-? | tail -n 1 | grep -q 'touch-1' + +r_checkExitStatus $? + +/bin/rm /tmp/touch-? diff --git a/func/core/pkg_coreutils/22-uniq.sh b/func/core/pkg_coreutils/22-uniq.sh new file mode 100755 index 0000000..042554d --- /dev/null +++ b/func/core/pkg_coreutils/22-uniq.sh @@ -0,0 +1,17 @@ +#!/bin/bash +r_log "coreutils" "Ensure uniq works as expected" + +cat > /var/tmp/uniq < /var/tmp/wc < "$OUTTER"/cpio.out +r_checkExitStatus $? + +r_log "cpio" "Test basic copy in" +pushd "$INNER" || exit 1 + cpio -i < "$OUTTER"/cpio.out + r_checkExitStatus $? +popd || exit 1 + +r_log "cpio" "Test basic passthrough" +pushd "$INNER" || exit 1 +find /tmp | cpio -pd "$PASSER" +r_checkExitStatus $? +popd || exit 1 + +r_log "cpio" "Checking that the directories (pass and in) are the same" +diff "$PASSER" "$INNER" &> /dev/null +r_checkExitStatus $? diff --git a/func/core/pkg_cpio/README.md b/func/core/pkg_cpio/README.md new file mode 100644 index 0000000..30b755a --- /dev/null +++ b/func/core/pkg_cpio/README.md @@ -0,0 +1 @@ +Test cpio diff --git a/func/core/pkg_cracklib/00-install-cracklib.sh b/func/core/pkg_cracklib/00-install-cracklib.sh new file mode 100755 index 0000000..0b2c38d --- /dev/null +++ b/func/core/pkg_cracklib/00-install-cracklib.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "cracklib" "Install the cracklib package" +p_installPackageNormal cracklib diff --git a/func/core/pkg_cracklib/10-test-passwords.sh b/func/core/pkg_cracklib/10-test-passwords.sh new file mode 100755 index 0000000..d87f33a --- /dev/null +++ b/func/core/pkg_cracklib/10-test-passwords.sh @@ -0,0 +1,17 @@ +#!/bin/bash +r_log "cracklib" "Test that cracklib can check passwords" + +r_log "cracklib" "Test a very simple password" +echo -e "test" | cracklib-check | grep -q "too short" +r_checkExitStatus $? + +r_log "cracklib" "Test a simple/dictionary password" +echo -e "testing" | cracklib-check | grep -q "dictionary" +r_checkExitStatus $? + +r_log "cracklib" "Testing simplistic password" +echo -e "1234_abc" | cracklib-check | grep -q 'simplistic' +r_checkExitStatus $? + +r_log "cracklib" "Testing a complicated password" +echo -e "2948_Obaym-" | cracklib-check | grep -q "OK" diff --git a/func/core/pkg_cracklib/README.md b/func/core/pkg_cracklib/README.md new file mode 100644 index 0000000..3eb5629 --- /dev/null +++ b/func/core/pkg_cracklib/README.md @@ -0,0 +1 @@ +Testing cracklib and cracklib accessories diff --git a/func/core/pkg_cron/00-install-cron.sh b/func/core/pkg_cron/00-install-cron.sh new file mode 100755 index 0000000..b7b1517 --- /dev/null +++ b/func/core/pkg_cron/00-install-cron.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "cron" "Installing crond" +p_installPackageNormal cronie +m_serviceCycler crond cycle diff --git a/func/core/pkg_cron/10-dot-cron.sh b/func/core/pkg_cron/10-dot-cron.sh new file mode 100755 index 0000000..96244e7 --- /dev/null +++ b/func/core/pkg_cron/10-dot-cron.sh @@ -0,0 +1,38 @@ +#!/bin/bash +r_log "cron" "Testing hourly cron jobs" + +cat > /etc/cron.hourly/rocky.sh < /etc/cron.daily/rocky.sh < /etc/cron.weekly/rocky.sh < /etc/dovecot/conf.d/11-rocky.conf << EOF +mail_location = mbox:~/mail:INBOX=/var/mail/%u +mail_privileged_group = mail +EOF + +m_serviceCycler dovecot restart diff --git a/func/core/pkg_dovecot/10-pop3-test.sh b/func/core/pkg_dovecot/10-pop3-test.sh new file mode 100755 index 0000000..0df043f --- /dev/null +++ b/func/core/pkg_dovecot/10-pop3-test.sh @@ -0,0 +1,31 @@ +#!/bin/bash +r_log "dovecot" "Testing basic POP3 (does anyone still use this?)" + +# Note that nmap-nc appears to be the default, even in fedora +NC_OPTS="-w 5 -d 3" + +r_log "dovecot" "Add poptest user and maildir" +if ! id poptest > /dev/null 2>&1; then + useradd poptest + echo pop3test | passwd --stdin poptest +fi + +# shellcheck disable=SC2174 +mkdir -m 700 -p /home/poptest/mail/.imap/INBOX +chown -R poptest:poptest /home/poptest/mail + +r_log "dovecot" "Test basic POP3 login" + + +# shellcheck disable=SC2086 +echo -e "user poptest\npass pop3test\n" | nc ${NC_OPTS} localhost 110 | grep -q "+OK Logged in." +ret_val=$? + +if [ "$ret_val" -ne 0 ]; then + tail /var/log/secure + tail /var/log/maillog +fi + +r_checkExitStatus $ret_val + +userdel -rf poptest diff --git a/func/core/pkg_dovecot/11-imap-test.sh b/func/core/pkg_dovecot/11-imap-test.sh new file mode 100755 index 0000000..ee09929 --- /dev/null +++ b/func/core/pkg_dovecot/11-imap-test.sh @@ -0,0 +1,31 @@ +#!/bin/bash +r_log "dovecot" "Testing basic IMAP" + +# Note that nmap-nc appears to be the default, even in fedora +NC_OPTS="-w 5 -d 3" + +r_log "dovecot" "Add imapper user and maildir" +if ! id imapper > /dev/null 2>&1; then + useradd imapper + echo imaptest | passwd --stdin imapper +fi + +# shellcheck disable=SC2174 +mkdir -m 700 -p /home/imapper/mail/.imap/INBOX +chown -R imapper:imapper /home/imapper/mail + +r_log "dovecot" "Test basic IMAP login" + + +# shellcheck disable=SC2086 +echo -e "01 LOGIN imapper imaptest\n" | nc ${NC_OPTS} localhost 143 | grep -q "Logged in." +ret_val=$? + +if [ "$ret_val" -ne 0 ]; then + tail /var/log/secure + tail /var/log/maillog +fi + +r_checkExitStatus $ret_val + +userdel -rf imapper diff --git a/func/core/pkg_dovecot/12-dovecot-clean.sh b/func/core/pkg_dovecot/12-dovecot-clean.sh new file mode 100755 index 0000000..c47c647 --- /dev/null +++ b/func/core/pkg_dovecot/12-dovecot-clean.sh @@ -0,0 +1,3 @@ +#!/bin/bash +rm -f /etc/dovecot/conf.d/11-rocky.conf +m_serviceCycler dovecot restart diff --git a/func/core/pkg_dovecot/README.md b/func/core/pkg_dovecot/README.md new file mode 100644 index 0000000..d9be8b6 --- /dev/null +++ b/func/core/pkg_dovecot/README.md @@ -0,0 +1 @@ +Testing dovecot diff --git a/func/core/pkg_file/00-install-file.sh b/func/core/pkg_file/00-install-file.sh new file mode 100755 index 0000000..3fff0f1 --- /dev/null +++ b/func/core/pkg_file/00-install-file.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "file" "Install the file package" +# At one point it was installed in an earlier test (or it's default) +m_assertCleanExit rpm -q file diff --git a/func/core/pkg_file/10-mime-check.sh b/func/core/pkg_file/10-mime-check.sh new file mode 100755 index 0000000..f3e57a6 --- /dev/null +++ b/func/core/pkg_file/10-mime-check.sh @@ -0,0 +1,16 @@ +#!/bin/bash +r_log "file" "Check mimetype of bash" + +# Add additional versions here when ready +case "$RL_VER" in + 8) + MIME="application/x-sharedlib" + ;; + *) + # This is from fedora, 9 may or may not be this + MIME="application/x-pie-executable" + ;; +esac + +file -i /bin/bash | grep -q "${MIME}" +r_checkExitStatus $? diff --git a/func/core/pkg_file/20-mime-image.sh b/func/core/pkg_file/20-mime-image.sh new file mode 100755 index 0000000..24deaa8 --- /dev/null +++ b/func/core/pkg_file/20-mime-image.sh @@ -0,0 +1,11 @@ +#!/bin/bash +r_log "file" "Check image mimetype" +pngFile="$(find /usr/share -type f -name '*.png' -print -quit)" + +if [ -z "$pngFile" ]; then + r_log "file" "No png files were found. SKIP" + exit 0 +fi + +file -i $pngFile | grep -q 'image/png' +r_checkExitStatus $? diff --git a/func/core/pkg_file/30-mime-symlink.sh b/func/core/pkg_file/30-mime-symlink.sh new file mode 100755 index 0000000..74550cb --- /dev/null +++ b/func/core/pkg_file/30-mime-symlink.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "file" "Check that we can see a symlink" +FILE_PATH=/var/tmp/linktest +MIME="inode/symlink" +ln -s /etc/issue $FILE_PATH +file -i $FILE_PATH | grep -q "${MIME}" +r_checkExitStatus $? + +/bin/rm /var/tmp/linktest diff --git a/func/core/pkg_file/README.md b/func/core/pkg_file/README.md new file mode 100644 index 0000000..ad86735 --- /dev/null +++ b/func/core/pkg_file/README.md @@ -0,0 +1 @@ +File tests diff --git a/func/core/pkg_findutils/00-install-findutils.sh b/func/core/pkg_findutils/00-install-findutils.sh new file mode 100755 index 0000000..cf8c3ce --- /dev/null +++ b/func/core/pkg_findutils/00-install-findutils.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "findutils" "Install findutils" +p_installPackageNormal findutils diff --git a/func/core/pkg_findutils/10-find.sh b/func/core/pkg_findutils/10-find.sh new file mode 100755 index 0000000..fd23ced --- /dev/null +++ b/func/core/pkg_findutils/10-find.sh @@ -0,0 +1,42 @@ +#!/bin/bash +r_log "findutils" "Testing basic find stuff" + +TMPDIR=/var/tmp/find + +[ -e $TMPDIR ] && rm -rf "$TMPDIR" + +mkdir -p "$TMPDIR" || { r_log "findutils" "Can't create $TMPDIR"; exit $FAIL; } +touch "$TMPDIR/file1" +touch "$TMPDIR/file with a space" +r_log "findutils" "Check that find just works(tm)" +find "$TMPDIR" &> /dev/null +r_checkExitStatus $? + +r_log "findutils" "Check that find fails for something that doesn't exist" +find "$TMPDIR/doesntexit" &> /dev/null +if [ $? -ne 1 ]; then + r_log "findutils" "Something wrong happened. Was the file there?" +else + r_checkExitStatus 0 +fi + +r_log "findutils" "Prepare for xargs test" +LINES=$(find "$TMPDIR" -print0 | wc -l) + +if [ $LINES -eq 0 ]; then + r_checkExitStatus 0 +else + r_checkExitStatus 1 +fi + +r_log "findutils" "Perform for xargs test" +find "$TMPDIR" -type f -print0 | xargs -0 ls &> /dev/null +r_checkExitStatus $? + +r_log "findutils" "Perform for xargs test: fails with spaces in the name" +find "$TMPDIR" -type f | xargs ls &> /dev/null && { r_log "findutils" "Why did this get a 0 exit?"; exit $FAIL; } +if [ $? -ne 0 ]; then + r_checkExitStatus $? +fi + +rm -rf "$TMPDIR" diff --git a/func/core/pkg_findutils/README.md b/func/core/pkg_findutils/README.md new file mode 100644 index 0000000..831dcc3 --- /dev/null +++ b/func/core/pkg_findutils/README.md @@ -0,0 +1 @@ +Test the find utility diff --git a/func/core/pkg_firefox/00-install-firefox.sh b/func/core/pkg_firefox/00-install-firefox.sh new file mode 100755 index 0000000..53565d3 --- /dev/null +++ b/func/core/pkg_firefox/00-install-firefox.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "firefox" "Install firefox" +p_installPackageNormal firefox diff --git a/func/core/pkg_firefox/10-check-firefox-start-page.sh b/func/core/pkg_firefox/10-check-firefox-start-page.sh new file mode 100755 index 0000000..33c59eb --- /dev/null +++ b/func/core/pkg_firefox/10-check-firefox-start-page.sh @@ -0,0 +1,16 @@ +#!/bin/bash +r_log "firefox" "Check that the firefox startup page is correct" + +if p_getPackageArch firefox | grep -q x86_64; then + FIREPATH='/usr/lib64/firefox/defaults/preferences/all-redhat.js' +else + FIREPATH='/usr/lib/firefox/defaults/preferences/all-redhat.js' +fi + +COUNTS="$(grep -c rockylinux.org $FIREPATH)" + +if [ "$COUNTS" -eq 2 ]; then + r_checkExitStatus 0 +else + r_checkExitStatus 1 +fi diff --git a/func/core/pkg_firefox/README.md b/func/core/pkg_firefox/README.md new file mode 100644 index 0000000..aeb7090 --- /dev/null +++ b/func/core/pkg_firefox/README.md @@ -0,0 +1 @@ +Test firefox diff --git a/func/core/pkg_firewalld/00-install-firewalld.sh b/func/core/pkg_firewalld/00-install-firewalld.sh new file mode 100755 index 0000000..bb29440 --- /dev/null +++ b/func/core/pkg_firewalld/00-install-firewalld.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "firewalld" "Install firewalld (should already be installed)" +p_installPackageNormal firewalld diff --git a/func/core/pkg_firewalld/10-firewalld-check-rule.sh b/func/core/pkg_firewalld/10-firewalld-check-rule.sh new file mode 100755 index 0000000..a4bc9c4 --- /dev/null +++ b/func/core/pkg_firewalld/10-firewalld-check-rule.sh @@ -0,0 +1,8 @@ +#!/bin/bash +r_log "firewalld" "Check that the default zone is public" +firewall-cmd --get-active-zones | grep -q public +r_checkExitStatus $? + +r_log "firewalld" "Check that a default service is open" +firewall-cmd --list-services | grep -q ssh +r_checkExitStatus $? diff --git a/func/core/pkg_firewalld/README.md b/func/core/pkg_firewalld/README.md new file mode 100644 index 0000000..b5dd52e --- /dev/null +++ b/func/core/pkg_firewalld/README.md @@ -0,0 +1,3 @@ +Tests firewalld + +TODO: Add some more tests perhaps. diff --git a/func/core/pkg_freeradius/00-install-freeradius.sh b/func/core/pkg_freeradius/00-install-freeradius.sh new file mode 100755 index 0000000..10e5a54 --- /dev/null +++ b/func/core/pkg_freeradius/00-install-freeradius.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "freeradius" "Install freeradius" +p_installPackageNormal freeradius freeradius-utils diff --git a/func/core/pkg_freeradius/10-test-freeradius.sh b/func/core/pkg_freeradius/10-test-freeradius.sh new file mode 100755 index 0000000..3e99e9b --- /dev/null +++ b/func/core/pkg_freeradius/10-test-freeradius.sh @@ -0,0 +1,17 @@ +#!/bin/bash +r_log "freeradius" "Test basic freeradius functionality" + +r_log "freeradius" "Configure freeradius" +cp /etc/raddb/users /etc/raddb/users.backup +cat >> /etc/raddb/users << EOF +rocky Cleartext-Password := "rocky" + Service-Type = Framed-User +EOF + +r_log "freeradius" "Testing..." +echo "User-Name=rocky,User-Password=rocky " | radclient -x localhost:1812 auth testing123 | grep -q 'Access-Accept' +r_checkExitStatus $? + +cp /etc/raddb/users.backup /etc/raddb/users +rm -rf /etc/raddb/users.backup +service radiusd stop diff --git a/func/core/pkg_freeradius/README.md b/func/core/pkg_freeradius/README.md new file mode 100644 index 0000000..eb056d2 --- /dev/null +++ b/func/core/pkg_freeradius/README.md @@ -0,0 +1 @@ +Test freeradius diff --git a/func/core/pkg_gcc/00-install-gcc.sh b/func/core/pkg_gcc/00-install-gcc.sh new file mode 100755 index 0000000..bc6b57c --- /dev/null +++ b/func/core/pkg_gcc/00-install-gcc.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "annobin" "Install gcc/annobin packages and accessories" +p_installPackageNormal gcc gcc-c++ annobin redhat-rpm-config diff --git a/func/core/pkg_gcc/10-gcc-build-simple.sh b/func/core/pkg_gcc/10-gcc-build-simple.sh new file mode 100755 index 0000000..6c7344e --- /dev/null +++ b/func/core/pkg_gcc/10-gcc-build-simple.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "gcc" "Ensure gcc can build a simple program" +OUTPUTPROG=$(mktemp) + +gcc ./common/files/hello.c -o $OUTPUTPROG +$OUTPUTPROG | grep -q "Hello!" +r_checkExitStatus $? + +rm $OUTPUTPROG diff --git a/func/core/pkg_gcc/11-gcc-build-cpp.sh b/func/core/pkg_gcc/11-gcc-build-cpp.sh new file mode 100755 index 0000000..6b92845 --- /dev/null +++ b/func/core/pkg_gcc/11-gcc-build-cpp.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "gcc" "Ensure g++ can build a simple program" +OUTPUTPROG=$(mktemp) + +g++ -x c++ ./common/files/hello.cpp -o $OUTPUTPROG +$OUTPUTPROG | grep -q "Hello!" +r_checkExitStatus $? + +rm $OUTPUTPROG diff --git a/func/core/pkg_gcc/20-annobin-test-gcc.sh b/func/core/pkg_gcc/20-annobin-test-gcc.sh new file mode 100755 index 0000000..e66df37 --- /dev/null +++ b/func/core/pkg_gcc/20-annobin-test-gcc.sh @@ -0,0 +1,15 @@ +#!/bin/bash +r_log "annobin" "Ensure a simple program builds with gcc annobin" +OUTPUTPROG=$(mktemp) + +r_log "annobin" "Build program with gcc" +gcc -x c -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 \ + -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 \ + -o "${OUTPUTPROG}" ./common/files/hello.c + +# Must match exactly +r_log "annobin" "Verify the program works" +"${OUTPUTPROG}" | grep -q "Hello!" +r_checkExitStatus $? + +/bin/rm -f "${OUTPUTPROG}" diff --git a/func/core/pkg_gcc/21-annobin-test-gplusplus.sh b/func/core/pkg_gcc/21-annobin-test-gplusplus.sh new file mode 100755 index 0000000..1ad3c71 --- /dev/null +++ b/func/core/pkg_gcc/21-annobin-test-gplusplus.sh @@ -0,0 +1,15 @@ +#!/bin/bash +r_log "annobin" "Ensure a simple program builds with g++ annobin" +OUTPUTPROG=$(mktemp) + +r_log "annobin" "Build program with g++" +g++ -x c++ -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 \ + -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 \ + -o "${OUTPUTPROG}" ./common/files/hello.cpp + +# Must match exactly +r_log "annobin" "Verify the program works" +"${OUTPUTPROG}" | grep -q "Hello!" +r_checkExitStatus $? + +/bin/rm -f "${OUTPUTPROG}" diff --git a/func/core/pkg_gcc/README.md b/func/core/pkg_gcc/README.md new file mode 100644 index 0000000..a5015a8 --- /dev/null +++ b/func/core/pkg_gcc/README.md @@ -0,0 +1 @@ +Test annobin and annobin accessories diff --git a/func/core/pkg_git/00-install-git.sh b/func/core/pkg_git/00-install-git.sh new file mode 100755 index 0000000..b1e594e --- /dev/null +++ b/func/core/pkg_git/00-install-git.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "git" "Install git" +p_installPackageNormal git diff --git a/func/core/pkg_git/10-test-git.sh b/func/core/pkg_git/10-test-git.sh new file mode 100755 index 0000000..029c59d --- /dev/null +++ b/func/core/pkg_git/10-test-git.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "git" "Check git installation" +git --version +r_checkExitStatus $? diff --git a/func/core/pkg_git/11-test-clone-log.sh b/func/core/pkg_git/11-test-clone-log.sh new file mode 100755 index 0000000..6d00343 --- /dev/null +++ b/func/core/pkg_git/11-test-clone-log.sh @@ -0,0 +1,48 @@ +#!/bin/bash +r_log "git" "Test basic git clones" + +WORKDIR=$(pwd) +TMPREPO=/var/tmp/repo +SHA1=$(echo "Obsidian" | git hash-object --stdin) + +r_log "git" "Create bare git repo" +mkdir -p $TMPREPO +# shellcheck disable=SC2164 +pushd $TMPREPO +git init . --bare +# shellcheck disable=SC2164 +popd + +r_log "git" "Clone out" +git clone $TMPREPO cloned + +r_log "git" "Configure git user" +# shellcheck disable=SC2164 +pushd cloned +git config user.email "obsidian.club@rockylinux.org" +git config user.name "Obsidian Club" + +r_log "git" "Add a file and push" +echo "Obsidian" > obsidian +git add obsidian +git commit -m "Obsidian Commit" +git push origin master +# shellcheck disable=SC2164 +popd + +r_log "git" "Clone out again" +git clone $TMPREPO clone_again +# shellcheck disable=SC2164 +pushd clone_again +# shellcheck disable=SC2002 +SHA2=$(cat obsidian | git hash-object --stdin) +[ "$SHA1" == "$SHA2" ] +r_checkExitStatus $? + +git log --grep="Obsidian Commit" 2>&1 +r_checkExitStatus $? + +# shellcheck disable=SC2164 +popd +# shellcheck disable=SC2086,SC2164 +cd $WORKDIR diff --git a/func/core/pkg_git/README.md b/func/core/pkg_git/README.md new file mode 100644 index 0000000..568a4cf --- /dev/null +++ b/func/core/pkg_git/README.md @@ -0,0 +1 @@ +Git tests diff --git a/func/core/pkg_httpd/00-install-httpd.sh b/func/core/pkg_httpd/00-install-httpd.sh new file mode 100755 index 0000000..edfbc46 --- /dev/null +++ b/func/core/pkg_httpd/00-install-httpd.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "httpd" "Install httpd" + +p_installPackageNormal curl httpd mod_ssl php-mysqlnd php +m_serviceCycler httpd cycle diff --git a/func/core/pkg_httpd/10-httpd-branding.sh b/func/core/pkg_httpd/10-httpd-branding.sh new file mode 100755 index 0000000..7508411 --- /dev/null +++ b/func/core/pkg_httpd/10-httpd-branding.sh @@ -0,0 +1,10 @@ +#!/bin/bash +r_log "httpd" "Verify httpd branding" + +r_log "httpd" "Token" +curl -sI http://localhost/ | grep -i "Server:\ Apache.*\ (Rocky)" > /dev/null 2>&1 +r_checkExitStatus $? + +r_log "httpd" "index" +curl -sI http://localhost/ | grep -i "Rocky" > /dev/null 2>&1 +r_checkExitStatus $? diff --git a/func/core/pkg_httpd/20-test-basic-http.sh b/func/core/pkg_httpd/20-test-basic-http.sh new file mode 100755 index 0000000..aaca1f6 --- /dev/null +++ b/func/core/pkg_httpd/20-test-basic-http.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "httpd" "Test basic http functionality" +curl -H 'Accept-Language: en' -s http://localhost/ | grep "Test Page" > /dev/null 2>&1 +r_checkExitStatus $? diff --git a/func/core/pkg_httpd/21-test-basic-https.sh b/func/core/pkg_httpd/21-test-basic-https.sh new file mode 100755 index 0000000..cce602d --- /dev/null +++ b/func/core/pkg_httpd/21-test-basic-https.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "httpd" "Test basic https functionality" +curl -H 'Accept-Language: en' -ks https://localhost/ | grep "Test Page" > /dev/null 2>&1 +r_checkExitStatus $? diff --git a/func/core/pkg_httpd/30-test-basic-auth.sh b/func/core/pkg_httpd/30-test-basic-auth.sh new file mode 100755 index 0000000..ca88b2a --- /dev/null +++ b/func/core/pkg_httpd/30-test-basic-auth.sh @@ -0,0 +1,23 @@ +#!/bin/bash +r_log "httpd" "Test basic authentication functionality" + +cat > /etc/httpd/conf.d/test-basic-auth.conf < + AuthType Basic + AuthName "Test" + AuthUserFile /etc/httpd/htpasswd + require user tester + +EOF + +htpasswd -c -b /etc/httpd/htpasswd tester tester +mkdir -p /var/www/html/basic_auth +echo "Basic Auth Test" > /var/www/html/basic_auth/index.html +m_serviceCycler httpd cycle +curl -s -u tester:tester http://localhost/basic_auth/ | grep -q 'Basic Auth Test' > /dev/null 2>&1 +r_checkExitStatus $? + +rm /etc/httpd/conf.d/test-basic-auth.conf +m_serviceCycler httpd reload diff --git a/func/core/pkg_httpd/40-test-basic-vhost.sh b/func/core/pkg_httpd/40-test-basic-vhost.sh new file mode 100755 index 0000000..d011963 --- /dev/null +++ b/func/core/pkg_httpd/40-test-basic-vhost.sh @@ -0,0 +1,25 @@ +#!/bin/bash +r_log "httpd" "Test basic vhost functionality" + +echo "127.0.0.1 coretest" >> /etc/hosts +cat > /etc/httpd/conf.d/vhost.conf << EOF +## Core vhost test +NameVirtualHost *:80 + + ServerName coretest + ServerAdmin root@localhost + DocumentRoot /var/www/vhost/coretest + +EOF + +mkdir -p /var/www/vhost/coretest +echo "core vhost test page" > /var/www/vhost/coretest/index.html +m_serviceCycler httpd cycle + +curl -s http://coretest/ | grep -q 'core vhost test page' > /dev/null 2>&1 + +r_checkExitStatus $? + +rm /etc/httpd/conf.d/vhost.conf +sed -i '/127.0.0.1 coretest/d' /etc/hosts +m_serviceCycler httpd reload diff --git a/func/core/pkg_httpd/50-test-basic-php.sh b/func/core/pkg_httpd/50-test-basic-php.sh new file mode 100755 index 0000000..d0f1d72 --- /dev/null +++ b/func/core/pkg_httpd/50-test-basic-php.sh @@ -0,0 +1,7 @@ +#!/bin/bash +r_log "httpd" "Test basic php" + +echo "" > /var/www/html/test.php +curl -s http://localhost/test.php | grep -q 'PHP Version' > /dev/null 2>&1 + +r_checkExitStatus $? diff --git a/func/core/pkg_httpd/README.md b/func/core/pkg_httpd/README.md new file mode 100644 index 0000000..0f3356c --- /dev/null +++ b/func/core/pkg_httpd/README.md @@ -0,0 +1 @@ +Test httpd diff --git a/func/core/pkg_kernel/10-test-kernel-keyring.sh b/func/core/pkg_kernel/10-test-kernel-keyring.sh new file mode 100644 index 0000000..41c19bb --- /dev/null +++ b/func/core/pkg_kernel/10-test-kernel-keyring.sh @@ -0,0 +1,19 @@ +#!/bin/bash +r_log "kernel" "Testing the kernel keyring (GPG)" + +ARCH=$(uname -m) +KERNEL=$(uname -r | cut -d'-' -f1) + +if [ "${ARCH}" == "aarch64" ]; then + r_log "kernel" "Architecture not tested: $ARCH" + exit 0 +fi + +if [ "$RL_VER" -ge 8 ]; then + ring=.builtin_trusted_keys + for id in kpatch "Driver update" kernel; do + r_log "kernel" "Verifying x.509 Rocky ${id}" + keyctl list %:$ring | grep -i "REPLACE_ME" > /dev/null 2>&1 + r_checkExitStatus $? + done +fi diff --git a/func/core/pkg_kernel/11-test-secure-boot.sh b/func/core/pkg_kernel/11-test-secure-boot.sh new file mode 100644 index 0000000..9852f33 --- /dev/null +++ b/func/core/pkg_kernel/11-test-secure-boot.sh @@ -0,0 +1,12 @@ +#!/bin/bash +r_log "kernel" "Install pesign" +p_installPackageNormal pesign +ARCH=$(uname -m) + +if [ "$ARCH" == "x86_64" ]; then + for k in $(rpm -q kernel --qf "%{version}-%{release}.%{arch}\n"); do + r_log "kernel" "Validating kernel $k" + pesign --show-signature --in "/boot/vmlinuz-${k}" | grep -Eq 'Rocky Linux Secure Boot Signing' + r_checkExitStatus $? + done +fi diff --git a/func/core/pkg_kernel/12-test-debrand.sh b/func/core/pkg_kernel/12-test-debrand.sh new file mode 100755 index 0000000..727b930 --- /dev/null +++ b/func/core/pkg_kernel/12-test-debrand.sh @@ -0,0 +1,13 @@ +#!/bin/bash +r_log "kernel" "Testing debrand" +kernver=$(uname -r) + +strings /boot/vmlinuz-$(uname -r) | grep -qi rhel +ret_val=$? + +if [ "$ret_val" -eq "0" ]; then + r_log "kernel" "Kernel does not appear to be debranded" + r_checkExitStatus 1 +else + r_checkExitStatus 0 +fi diff --git a/func/core/pkg_kernel/README.md b/func/core/pkg_kernel/README.md new file mode 100644 index 0000000..64d2cf4 --- /dev/null +++ b/func/core/pkg_kernel/README.md @@ -0,0 +1 @@ +Testing kernel stuff diff --git a/func/core/pkg_lsb/00-install-lsb.sh b/func/core/pkg_lsb/00-install-lsb.sh new file mode 100755 index 0000000..452dd70 --- /dev/null +++ b/func/core/pkg_lsb/00-install-lsb.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "lsb" "Install LSB package" +p_installPackageNormal redhat-lsb diff --git a/func/core/pkg_lsb/10-test-branding.sh b/func/core/pkg_lsb/10-test-branding.sh new file mode 100755 index 0000000..9be22cb --- /dev/null +++ b/func/core/pkg_lsb/10-test-branding.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "lsb" "Test LSB branding" +lsb_release -i | grep -q "Rocky" +r_checkExitStatus $? +lsb_release -d | grep -q "Rocky" +r_checkExitStatus $? diff --git a/func/core/pkg_lsb/README.md b/func/core/pkg_lsb/README.md new file mode 100644 index 0000000..a3810a5 --- /dev/null +++ b/func/core/pkg_lsb/README.md @@ -0,0 +1 @@ +Basic LSB tests diff --git a/func/core/pkg_lsof/00-install-lsof.sh b/func/core/pkg_lsof/00-install-lsof.sh new file mode 100755 index 0000000..ca5f9e9 --- /dev/null +++ b/func/core/pkg_lsof/00-install-lsof.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "lsof" "Install lsof" +p_installPackageNormal lsof diff --git a/func/core/pkg_lsof/10-test-lsof.sh b/func/core/pkg_lsof/10-test-lsof.sh new file mode 100755 index 0000000..9d64e9f --- /dev/null +++ b/func/core/pkg_lsof/10-test-lsof.sh @@ -0,0 +1,14 @@ +#!/bin/bash +r_log "lsof" "Test basic lsof functions" + +r_log "lsof" "lsof against sshd" +sshd_port_listen=$(lsof -i:22 | grep LISTEN) +if [ "$sshd_port_listen" ]; then + r_log "lsof" "SSH is listening." + ret_val=0 +else + r_log "lsof" "SSH is NOT listening." + ret_val=1 +fi + +r_checkExitStatus $ret_val diff --git a/func/core/pkg_lsof/README.md b/func/core/pkg_lsof/README.md new file mode 100644 index 0000000..4d11e8f --- /dev/null +++ b/func/core/pkg_lsof/README.md @@ -0,0 +1 @@ +Test lsof diff --git a/func/core/pkg_network/00-install-packages.sh b/func/core/pkg_network/00-install-packages.sh new file mode 100755 index 0000000..964c071 --- /dev/null +++ b/func/core/pkg_network/00-install-packages.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "network" "Install necessary network packages and utilities" +p_installPackageNormal traceroute iputils iproute mtr arpwatch psmisc net-tools which iptraf diff --git a/func/core/pkg_network/10-tracepath.sh b/func/core/pkg_network/10-tracepath.sh new file mode 100644 index 0000000..e9d7e84 --- /dev/null +++ b/func/core/pkg_network/10-tracepath.sh @@ -0,0 +1,2 @@ +#!/bin/bash +r_log "network" "Test tracepath" diff --git a/func/core/pkg_network/11-traceroute.sh b/func/core/pkg_network/11-traceroute.sh new file mode 100644 index 0000000..e7320b6 --- /dev/null +++ b/func/core/pkg_network/11-traceroute.sh @@ -0,0 +1,2 @@ +#!/bin/bash +r_log "network" "Test traceroute" diff --git a/func/core/pkg_network/12-mtr.sh b/func/core/pkg_network/12-mtr.sh new file mode 100644 index 0000000..b0581d4 --- /dev/null +++ b/func/core/pkg_network/12-mtr.sh @@ -0,0 +1,2 @@ +#!/bin/bash +r_log "network" "Test mtr" diff --git a/func/core/pkg_network/13-iptraf.sh b/func/core/pkg_network/13-iptraf.sh new file mode 100755 index 0000000..b8b5f17 --- /dev/null +++ b/func/core/pkg_network/13-iptraf.sh @@ -0,0 +1,35 @@ +#!/bin/bash +r_log "network" "Checking that iptraf runs and returns non-zero" + +TMPFILE=/var/tmp/iptraf + +[ -e ${TMPFILE} ] && rm ${TMPFILE} +[ ${EUID} -eq 0 ] || { r_log "network" "SKIP: Not running as root."; exit $PASS; } + +mkdir -p ${TMPFILE} + +IPTRAF=$(which iptraf-ng) +PING=$(which iptraf-ng) +KILL=$(which iptraf-ng) +STAT=$(which iptraf-ng) + +for x in $IPTRAF $PING $KILL $STAT; do + [ ! -f "$x" ] && { r_log "network" "$x not found. This is likely a problem."; exit $FAIL; } +done + +r_log "network" "Run iptraf on all available interfaces" +${IPTRAF} -i all -B -t 1 -L ${TMPFILE} &> /dev/null + +r_log "network" "Do a simple ping for iptraf" +${PING} -c 6 127.0.0.12 &> /dev/null + +LOGSIZE=$(stat -c '%s' ${TMPFILE}) +kill -USR2 "$(pidof $IPTRAF)" + +r_log "network" "Verifying that iptraf log has data" +if [ "${LOGSIZE}" -gt 0 ]; then + r_checkExitStatus 0 +else + r_log "network" "Network traffic wasn't logged. Verify your builds." + r_checkExitStatus 1 +fi diff --git a/func/core/pkg_network/20-configure-bridge.sh b/func/core/pkg_network/20-configure-bridge.sh new file mode 100755 index 0000000..0f69b32 --- /dev/null +++ b/func/core/pkg_network/20-configure-bridge.sh @@ -0,0 +1,13 @@ +#!/bin/bash +r_log "network" "Test bridging functionality (non-network manager)" + +bridge=dummybr0 +. "$(dirname "$0")"/imports.sh + +r_log "network" "Add a dummy bridge $bridge" +ret_val=$(iproute_add_bridge $bridge) +r_checkExitStatus $ret_val + +r_log "network" "Clean up/Remove bridge" +ret_val=$(iproute_del_bridge $bridge) +r_checkExitStatus $ret_val diff --git a/func/core/pkg_network/30-test-arpwatch.sh b/func/core/pkg_network/30-test-arpwatch.sh new file mode 100755 index 0000000..56a6906 --- /dev/null +++ b/func/core/pkg_network/30-test-arpwatch.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# defaults +defaultGW=$(ip route | awk '/^default via/ { print $3 }') +arpdat="/var/lib/arpwatch/arp.dat" + +if [ -z "${defaultGW}" ]; then + r_log "arpwatch" "There is no default gateway set." + exit +fi + +arpwatch +sleep 5 +arp -d "${defaultGW}" +sleep 5 +ping -i 1 -q -c 5 "${defaultGW}" +killall arpwatch +sleep 3 +grep -q "${defaultGW}" "${arpdat}" + +r_checkExitStatus $? + +cat /dev/null > "${arpdat}" diff --git a/func/core/pkg_network/README.md b/func/core/pkg_network/README.md new file mode 100644 index 0000000..86f31d7 --- /dev/null +++ b/func/core/pkg_network/README.md @@ -0,0 +1 @@ +All tests that are network utility related diff --git a/func/core/pkg_network/imports.sh b/func/core/pkg_network/imports.sh new file mode 100644 index 0000000..d4638b8 --- /dev/null +++ b/func/core/pkg_network/imports.sh @@ -0,0 +1,37 @@ +#!/bin/bash +function iproute_add_bridge() { + BRIDGE=$1 + PRESENCE=$(grep "$BRIDGE" /proc/net/dev) + if ! [ "${PRESENCE}" ]; then + ip link add name "$BRIDGE" type bridge + PRESENCE=$(grep "$BRIDGE" /proc/net/dev) + if [ "${PRESENCE}" ]; then + ret_val=0 + else + echo "$BRIDGE was not created" + ret_val=1 + fi + else + ret_val=0 + fi + echo "$ret_val" +} + +function iproute_del_bridge() { + BRIDGE=$1 + PRESENCE=$(grep "$BRIDGE" /proc/net/dev) + if ! [ "${PRESENCE}" ]; then + echo "$BRIDGE doesn't exist" + ret_val=1 + else + ip link del "$BRIDGE" type bridge + PRESENCE=$(grep "$BRIDGE" /proc/net/dev) + if [ "${PRESENCE}" ]; then + echo "Bridge was not be deleted" + ret_val=1 + else + ret_val=0 + fi + fi + echo "$ret_val" +} diff --git a/func/core/pkg_nfs/00-install-nfs.sh b/func/core/pkg_nfs/00-install-nfs.sh new file mode 100755 index 0000000..a6c3ea0 --- /dev/null +++ b/func/core/pkg_nfs/00-install-nfs.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "nfs" "Install nfs and autofs utilities" +p_installPackageNormal autofs nfs-utils rpcbind diff --git a/func/core/pkg_nfs/10-prepare-nfs-ro.sh b/func/core/pkg_nfs/10-prepare-nfs-ro.sh new file mode 100755 index 0000000..9575d4e --- /dev/null +++ b/func/core/pkg_nfs/10-prepare-nfs-ro.sh @@ -0,0 +1,16 @@ +#!/bin/bash +r_log "nfs" "Setup (ro) NFS share" +mkdir -p /export/rotest +touch /export/rotest/nfsfile +echo '/export/rotest/ 127.0.0.1(ro)' >> /etc/exports +/usr/sbin/exportfs -ar +m_serviceCycler rpcbind restart +m_serviceCycler nfs-server restart + +r_log "nfs" "Mount NFS share" +mount -t nfs 127.0.0.1:/export/rotest /mnt +ls -la /mnt | grep -q "nfsfile" +r_checkExitStatus $? + +umount /mnt +/usr/bin/sed -i '/rotest/d' /etc/exports diff --git a/func/core/pkg_nfs/11-prepare-nfs-rw.sh b/func/core/pkg_nfs/11-prepare-nfs-rw.sh new file mode 100755 index 0000000..5f1eb4e --- /dev/null +++ b/func/core/pkg_nfs/11-prepare-nfs-rw.sh @@ -0,0 +1,25 @@ +#!/bin/bash +r_log "nfs" "Setup (rw) NFS share" +mkdir -p /export/rwtest +touch /export/rwtest/nfsfile +echo '/export/rwtest/ 127.0.0.1(rw,sync,no_root_squash)' >> /etc/exports +/usr/sbin/exportfs -ar + +m_serviceCycler rpcbind restart +m_serviceCycler nfs-server restart + +r_log "nfs" "Mount NFS share" +mount -t nfs 127.0.0.1:/export/rwtest /mnt +ls -la /mnt | grep -q "nfsfile" +r_checkExitStatus $? + +r_log "nfs" "Test that the NFS share is writeable" +echo 'releng test file' > /mnt/nfsfile + +(grep -q 'releng test file' /mnt/nfsfile) && \ +(grep -q 'releng test file' /export/rwtest/nfsfile) +ret_val=$? +r_checkExitStatus $ret_val + +umount /mnt +/usr/bin/sed -i '/rwtest/d' /etc/exports diff --git a/func/core/pkg_nfs/12-prepare-autofs.sh b/func/core/pkg_nfs/12-prepare-autofs.sh new file mode 100644 index 0000000..114113b --- /dev/null +++ b/func/core/pkg_nfs/12-prepare-autofs.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# autofs acts like it mounts but then it doesn't. this is disabled. + +r_log "nfs" "Prepare autofs configuration" + +mkdir -p /export/autotest +touch /export/autotest/autofile +echo '/export/autotest/ 127.0.0.1(ro)' >> /etc/exports +/usr/sbin/exportfs -ar + +echo '/mnt/autofs /etc/auto.export' > /etc/auto.master.d/export.autofs +echo 'nfs -fstype=nfs 127.0.0.1:/export/autotest' > /etc/auto.export + +m_serviceCycler nfs-server restart +m_serviceCycler rpcbind restart +m_serviceCycler autofs restart +r_log "nfs" "Attempt to access /export/autotest via autofs" +ls -la /mnt/autofs | grep -q autofile +r_checkExitStatus $? + +# Remove unneeded configuration +/bin/rm /etc/auto.master.d/export.autofs /etc/auto.export +/usr/bin/sed -i '/autotest/d' /etc/exports +m_serviceCycler autofs stop +m_serviceCycler nfs-server stop +m_serviceCycler rpcbind stop diff --git a/func/core/pkg_nfs/README.md b/func/core/pkg_nfs/README.md new file mode 100644 index 0000000..33b7f5c --- /dev/null +++ b/func/core/pkg_nfs/README.md @@ -0,0 +1 @@ +Test autofs diff --git a/func/core/pkg_openssl/00-install-openssl.sh b/func/core/pkg_openssl/00-install-openssl.sh new file mode 100755 index 0000000..ab718a7 --- /dev/null +++ b/func/core/pkg_openssl/00-install-openssl.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "openssl" "Install openssl" +p_installPackageNormal openssl diff --git a/func/core/pkg_openssl/10-test-openssl.sh b/func/core/pkg_openssl/10-test-openssl.sh new file mode 100755 index 0000000..7cc3a77 --- /dev/null +++ b/func/core/pkg_openssl/10-test-openssl.sh @@ -0,0 +1,66 @@ +#!/bin/bash +r_log "openssl" "Create openssl certificates and verify" +DROPDIR=/var/tmp/openssl +mkdir -p $DROPDIR + +openssl genrsa -passout pass:obsidian -des3 -out $DROPDIR/openssl.key.secure 4096 > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "openssl" "Failed creating private key" + r_checkExitStatus 1 +fi + +openssl rsa -passin pass:obsidian -in "$DROPDIR/openssl.key.secure" -out "$DROPDIR/openssl.key" > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "openssl" "Could not create openssl private key from secure key" + r_checkExitStatus 1 +fi + +if [ ! -f ./common/files/openssl-answers ]; then + r_log "openssl" "We do not have our openssl answers file" + r_checkExitStatus 1 +fi + +openssl req -batch -config ./common/files/openssl-answers -new -key "$DROPDIR/openssl.key" -out "$DROPDIR/openssl.csr" > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "openssl" "Could not create openssl csr" + r_checkExitStatus 1 +fi + +openssl x509 -req -days 365 -in "$DROPDIR/openssl.csr" -signkey "$DROPDIR/openssl.key" -out "$DROPDIR/openssl.crt" > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "openssl" "Could not create self-signed certificate" + r_checkExitStatus 1 +fi + +SSLVAR=$(openssl version -d) +SSLREGEX='OPENSSLDIR\:\ \"(.*)\"' +if [[ "$SSLVAR" =~ $SSLREGEX ]]; then + SSLPATH=${BASH_REMATCH[1]} +else + r_log "openssl" "Could not find the openssl config directory" + r_checkExitStatus 1 +fi + +cp "$DROPDIR/openssl.crt" "$SSLPATH/certs/" +HASH=$(openssl x509 -noout -hash -in $SSLPATH/certs/openssl.crt) +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "openssl" "Could not create hash" +fi + +ln -s "$SSLPATH/certs/openssl.crt" "$SSLPATH/certs/${HASH}.0" + +openssl verify $DROPDIR/openssl.crt | grep -cq OK +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "openssl" "Self signed certificate verification failed" + r_checkExitStatus 1 +fi + +r_checkExitStatus 0 + +rm -rf $DROPDIR/certs "$SSLPATH/certs/${HASH}.0" "$SSLPATH/certs/openssl.crt" diff --git a/func/core/pkg_openssl/README.md b/func/core/pkg_openssl/README.md new file mode 100644 index 0000000..1887e26 --- /dev/null +++ b/func/core/pkg_openssl/README.md @@ -0,0 +1 @@ +Test openssl diff --git a/func/core/pkg_perl/00-install-perl.sh b/func/core/pkg_perl/00-install-perl.sh new file mode 100755 index 0000000..0b87333 --- /dev/null +++ b/func/core/pkg_perl/00-install-perl.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "perl" "Install perl" +p_installPackageNormal perl diff --git a/func/core/pkg_perl/10-test-perl.sh b/func/core/pkg_perl/10-test-perl.sh new file mode 100755 index 0000000..f7d62ef --- /dev/null +++ b/func/core/pkg_perl/10-test-perl.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "perl" "Verify that perl is installed" +perl --version &> /dev/null +r_checkExitStatus $? diff --git a/func/core/pkg_perl/11-test-perl-script.sh b/func/core/pkg_perl/11-test-perl-script.sh new file mode 100755 index 0000000..4f87ae5 --- /dev/null +++ b/func/core/pkg_perl/11-test-perl-script.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "perl" "Test perl script" +echo 'print "Hello!"' > /var/tmp/perltest +perl /var/tmp/perltest | grep -q "Hello!" +r_checkExitStatus $? diff --git a/func/core/pkg_perl/README.md b/func/core/pkg_perl/README.md new file mode 100644 index 0000000..2967e73 --- /dev/null +++ b/func/core/pkg_perl/README.md @@ -0,0 +1 @@ +Basic perl tests diff --git a/func/core/pkg_postfix/00-install-postfix.sh b/func/core/pkg_postfix/00-install-postfix.sh new file mode 100755 index 0000000..7e8e49b --- /dev/null +++ b/func/core/pkg_postfix/00-install-postfix.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "postfix" "Install postfix (requires stop of other pieces)" +m_serviceCycler sendmail stop +p_installPackageNormal postfix nc dovecot openssl +m_serviceCycler postfix enable +m_serviceCycler postfix start diff --git a/func/core/pkg_postfix/10-test-helo.sh b/func/core/pkg_postfix/10-test-helo.sh new file mode 100755 index 0000000..bb2235e --- /dev/null +++ b/func/core/pkg_postfix/10-test-helo.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "postfix" "Test helo request" +echo "helo test" | nc -w 3 127.0.0.1 25 | grep -q '250' +r_checkExitStatus $? diff --git a/func/core/pkg_postfix/20-mta.sh b/func/core/pkg_postfix/20-mta.sh new file mode 100755 index 0000000..a955444 --- /dev/null +++ b/func/core/pkg_postfix/20-mta.sh @@ -0,0 +1,33 @@ +#!/bin/bash +r_log "postfix" "Test basic MTA" +REGEX='250\ 2\.0\.0\ Ok\:\ queued\ as\ ([0-9A-Z]*).*' +mailresp=$(echo -e "helo localhost\nmail from: root@localhost\nrcpt to: root@localhost\ndata\nt_functional test\n.\nquit\n" | nc -w 5 127.0.0.1 25 | grep queued) +if [ $? -eq 0 ]; then + r_log "postfix" "Mail queued successfully" + MTA_ACCEPTED=0 +else + r_log "postfix" "Mail not delivered." + r_checkExitStatus 1 +fi + +sleep 2 + +# Verify that /var/log/maillog is working, if not dump it out +mailresp_id=$(echo $mailresp | cut -d' ' -f6) +grep -q "${mailresp_id}" /var/log/maillog +if [ $? -eq 1 ]; then + journalctl -u postfix >> /var/log/maillog +fi + +if [[ "$mailresp" =~ $REGEX ]]; then + grep -q "${BASH_REMATCH[1]}: removed" /var/log/maillog + DELIVER=$? +fi + +if [ "$MTA_ACCEPTED" -eq 0 ] && [ "$DELIVER" -eq 0 ]; then + r_log "postfix" "Mail was delivered." + r_checkExitStatus 0 +else + r_log "postfix" "Mail was not delivered." + r_checkExitStatus 1 +fi diff --git a/func/core/pkg_postfix/30-postfix-sasl.sh b/func/core/pkg_postfix/30-postfix-sasl.sh new file mode 100755 index 0000000..49220e5 --- /dev/null +++ b/func/core/pkg_postfix/30-postfix-sasl.sh @@ -0,0 +1,23 @@ +#!/bin/bash +r_log "postfix" "Test postfix sasl support" + +cp -a /etc/postfix/main.cf /etc/postfix/main.cf.backup +cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.backup + +cat ./common/files/postfix-test-sasl >> /etc/postfix/main.cf +cat ./common/files/dovecot-test-sasl >> /etc/dovecot/dovecot.conf + +m_serviceCycler dovecot restart +m_serviceCycler postfix restart + +r_log "postfix" "Testing that postfix accepts connections and plain auth" +echo "ehlo test" | nc -w 3 127.0.0.1 25 | grep -q 'AUTH PLAIN' +ret_val=$? + +mv /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf +mv /etc/postfix/main.cf.backup /etc/postfix/main.cf + +r_checkExitStatus $ret_val + +cp -a /etc/postfix/main.cf.backup /etc/postfix/main.cf +cp -a /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf diff --git a/func/core/pkg_postfix/40-postfix-tls.sh b/func/core/pkg_postfix/40-postfix-tls.sh new file mode 100755 index 0000000..7ecaab1 --- /dev/null +++ b/func/core/pkg_postfix/40-postfix-tls.sh @@ -0,0 +1,69 @@ +#!/bin/bash +r_log "postfix" "Test postfix with TLS" +DROPDIR=/var/tmp/postfix + +cp -a /etc/postfix/main.cf /etc/postfix/main.cf.backup +cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.backup + +cat ./common/files/postfix-test-tls >> /etc/postfix/main.cf +cat ./common/files/dovecot-test-sasl >> /etc/dovecot/dovecot.conf + +mkdir $DROPDIR + +r_log "postfix" "Creating mail certificate and keys" + +openssl genrsa -passout pass:obsidian -des3 -out $DROPDIR/mail.key.secure 4096 > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "postfix" "Could not create private key." + r_checkExitStatus 1 +fi + +openssl rsa -passin pass:rocky -in "$DROPDIR/mail.key.secure" -out "$DROPDIR/mail.key" > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "postfix" "Could not create mail private key from secure key" + r_checkExitStatus 1 +fi + +if [ ! -f ./common/files/openssl-answers ]; then + r_log "postfix" "We do not have our openssl answers file" + r_checkExitStatus 1 +fi + +openssl req -batch -config ./common/files/openssl-answers -new -key "$DROPDIR/mail.key" -out "$DROPDIR/mail.csr" > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "postfix" "Could not create mail csr" + r_checkExitStatus 1 +fi + +openssl x509 -req -days 365 -in "$DROPDIR/mail.csr" -signkey "$DROPDIR/mail.key" -out "$DROPDIR/mail.crt" > /dev/null 2>&1 +ret_val=$? +if [ $ret_val -ne 0 ]; then + r_log "postfix" "Could not create self-signed certificate" + r_checkExitStatus 1 +fi + +cp "$DROPDIR/mail.key" /etc/pki/tls/private/ +cp "$DROPDIR/mail.crt" /etc/pki/tls/certs/ + +chmod 400 /etc/pki/tls/private/mail.key +chown postfix:postfix /etc/pki/tls/private/mail.key /etc/pki/tls/certs/mail.crt + +m_serviceCycler postfix restart +m_serviceCycler dovecot restart + +r_log "postfix" "Testing that postfix offers STARTTLS" + +echo "ehlo test" | nc -w 3 127.0.0.1 25 | grep -q "STARTTLS" +ret_val=$? + +mv /etc/postfix/main.cf.backup /etc/postfix/main.cf +mv /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf +rm /etc/pki/tls/certs/mail.crt +rm /etc/pki/tls/certs/mail.key +rm -rf $DROPDIR/mail.* +rm -rf /var/tmp/postfix + +r_checkExitStatus $? diff --git a/func/core/pkg_postfix/README.md b/func/core/pkg_postfix/README.md new file mode 100644 index 0000000..a1bdc7c --- /dev/null +++ b/func/core/pkg_postfix/README.md @@ -0,0 +1 @@ +Basic postfix tests diff --git a/func/core/pkg_python/00-install-python.sh b/func/core/pkg_python/00-install-python.sh new file mode 100755 index 0000000..1dac8ac --- /dev/null +++ b/func/core/pkg_python/00-install-python.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "python" "Install python3" +p_installPackageNormal python3 diff --git a/func/core/pkg_python/10-test-python3.sh b/func/core/pkg_python/10-test-python3.sh new file mode 100755 index 0000000..da16764 --- /dev/null +++ b/func/core/pkg_python/10-test-python3.sh @@ -0,0 +1,8 @@ +#!/bin/bash +r_log "python" "Test python basic printing" + +cat > /var/tmp/test.py << EOF +print("Hello!") +EOF +/usr/bin/python3 /var/tmp/test.py | grep -q "Hello!" +r_checkExitStatus $? diff --git a/func/core/pkg_python/README.md b/func/core/pkg_python/README.md new file mode 100644 index 0000000..7a2a579 --- /dev/null +++ b/func/core/pkg_python/README.md @@ -0,0 +1,3 @@ +Basic python tests + +TODO: Add other tests that use modules? Perhaps some wsgi stuff diff --git a/func/core/pkg_release/00-install-file.sh b/func/core/pkg_release/00-install-file.sh new file mode 100755 index 0000000..1cc548b --- /dev/null +++ b/func/core/pkg_release/00-install-file.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "rocky" "Install the file package" +p_installPackageNormal file diff --git a/func/core/pkg_release/10-name-sanity-check.sh b/func/core/pkg_release/10-name-sanity-check.sh new file mode 100755 index 0000000..4a88af5 --- /dev/null +++ b/func/core/pkg_release/10-name-sanity-check.sh @@ -0,0 +1,33 @@ +#!/bin/bash +r_log "release" "Ensure the release is actually where it should be" + +case $RELEASE_NAME in + rocky) + r_log "rocky release" "Base Repo Check" + grep -q 'name=Rocky' /etc/yum.repos.d/Rocky*-Base*.repo + r_checkExitStatus $? + r_log "rocky release" "Check /etc/rocky-release" + grep -q "Rocky" /etc/rocky-release + r_checkExitStatus $? + ;; + centos) + r_log "centos release" "Base Repo Check" + grep -q 'name=CentOS' /etc/yum.repos.d/CentOS*-Base*.repo + r_checkExitStatus $? + r_log "centos release" "Check /etc/centos-release" + grep -q "CentOS" /etc/centos-release + r_checkExitStatus $? + ;; + redhat) + r_log "redhat release" "Base Repo Check" + grep -q 'name=Red Hat' /etc/yum.repos.d/redhat.repo + r_checkExitStatus $? + r_log "redhat release" "Check /etc/redhat-release" + grep -q "Red Hat" /etc/redhat-release + r_checkExitStatus $? + ;; + *) + r_log "release" "Not a valid test candidate" + r_checkExitStatus 1 + ;; +esac diff --git a/func/core/pkg_release/20-check-gpg-keys.sh b/func/core/pkg_release/20-check-gpg-keys.sh new file mode 100755 index 0000000..e8ea65c --- /dev/null +++ b/func/core/pkg_release/20-check-gpg-keys.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "rocky" "Check the GPG keys" +file /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial > /dev/null 2>&1 && \ + file /etc/pki/rpm-gpg/RPM-GPG-KEY-rockytesting > /dev/null 2>&1 + +r_checkExitStatus $? diff --git a/func/core/pkg_release/30-os-release.sh b/func/core/pkg_release/30-os-release.sh new file mode 100755 index 0000000..a35bfca --- /dev/null +++ b/func/core/pkg_release/30-os-release.sh @@ -0,0 +1,13 @@ +#!/bin/bash +r_log "rocky" "Check /etc/os-release stuff" + +r_log "rocky" "Verify support directives" +for s in NAME=\"Rocky\ Linux\" \ + ID=\"rocky\" \ + ROCKY_SUPPORT_PRODUCT=\"Rocky\ Linux\" \ + ROCKY_SUPPORT_PRODUCT_VERSION=\"$RL_VER\"; do + if ! grep -q "$s" /etc/os-release; then + r_log "rocky" "Missing string in /etc/os-release" + r_checkExitStatus 1 + fi +done diff --git a/func/core/pkg_release/40-system-release.sh b/func/core/pkg_release/40-system-release.sh new file mode 100755 index 0000000..145a7f4 --- /dev/null +++ b/func/core/pkg_release/40-system-release.sh @@ -0,0 +1,8 @@ +#!/bin/bash +r_log "rocky" "Check /etc/rocky-release symbolic links" + +grep -q "Rocky" /etc/rocky-release || r_checkExitStatus 1 +(file /etc/redhat-release | grep -qE "symbolic link to .?rocky-release.?") && \ +(file /etc/system-release | grep -qE "symbolic link to .?rocky-release.?") + +r_checkExitStatus $? diff --git a/func/core/pkg_release/README.md b/func/core/pkg_release/README.md new file mode 100644 index 0000000..28c1414 --- /dev/null +++ b/func/core/pkg_release/README.md @@ -0,0 +1 @@ +Test the rocky-release packages diff --git a/func/core/pkg_rootfiles/00-install-rootfiles.sh b/func/core/pkg_rootfiles/00-install-rootfiles.sh new file mode 100755 index 0000000..17884cf --- /dev/null +++ b/func/core/pkg_rootfiles/00-install-rootfiles.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "rootfiles" "Install rootfiles (should be there)" +p_installPackageNormal rootfiles diff --git a/func/core/pkg_rootfiles/10-test-rootfiles.sh b/func/core/pkg_rootfiles/10-test-rootfiles.sh new file mode 100755 index 0000000..b4a493a --- /dev/null +++ b/func/core/pkg_rootfiles/10-test-rootfiles.sh @@ -0,0 +1,11 @@ +#!/bin/bash +r_log "rootfiles" "Test that rootfiles exist" +for y in .bashrc .bash_profile .bashrc .tcshrc .cshrc; do + r_log "rootfiles" "Checking for $y" + if [ ! -e "/root/${y}" ]; then + r_log "rootfiles" "$y doesn't exist" + r_checkExitStatus 1 + fi +done + +r_checkExitStatus 0 diff --git a/func/core/pkg_rsyslog/00-install-rsyslog.sh b/func/core/pkg_rsyslog/00-install-rsyslog.sh new file mode 100755 index 0000000..822f43b --- /dev/null +++ b/func/core/pkg_rsyslog/00-install-rsyslog.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "rsyslog" "Install rsyslog (default)" +p_installPackageNormal rsyslog + +r_log "rsyslog" "Ensure rsyslog is started" +m_serviceCycler rsyslog start diff --git a/func/core/pkg_rsyslog/10-test-syslog.sh b/func/core/pkg_rsyslog/10-test-syslog.sh new file mode 100755 index 0000000..ba6a1fc --- /dev/null +++ b/func/core/pkg_rsyslog/10-test-syslog.sh @@ -0,0 +1,8 @@ +#!/bin/bash +r_log "rsyslog" "Verify that rsyslog is working as intended" +logger "$0 says Green Obsidian" + +sleep 3 + +grep -q "Green Obsidian" /var/log/messages +r_checkExitStatus $? diff --git a/func/core/pkg_rsyslog/README.md b/func/core/pkg_rsyslog/README.md new file mode 100644 index 0000000..65b90ed --- /dev/null +++ b/func/core/pkg_rsyslog/README.md @@ -0,0 +1 @@ +Syslog tests diff --git a/func/core/pkg_samba/00-install-samba.sh b/func/core/pkg_samba/00-install-samba.sh new file mode 100755 index 0000000..19b21ae --- /dev/null +++ b/func/core/pkg_samba/00-install-samba.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "samba" "Install samba" +p_installPackageNormal samba samba-client cifs-utils +m_serviceCycler smb start diff --git a/func/core/pkg_samba/10-test-samba.sh b/func/core/pkg_samba/10-test-samba.sh new file mode 100755 index 0000000..32d4e26 --- /dev/null +++ b/func/core/pkg_samba/10-test-samba.sh @@ -0,0 +1,23 @@ +#!/bin/bash +r_log "sambsa" "Configure and test samba for a simple share" +/bin/cp /etc/samba/smb.conf /etc/samba/smb.conf.backup +/bin/cp ./common/files/smb.conf /etc/samba/smb.conf +mkdir -p /srv/smb +mkdir -p /mnt/smb +chcon -R -t samba_share_t /srv/smb + +m_serviceCycler smb restart +sleep 3 + +echo "Obsidian is the Release Name" > /srv/smb/test.txt + +mount -t cifs -o guest,ro //127.0.0.1/rocky /mnt/smb +sleep 1 + +cat /mnt/smb/test.txt | grep -q "Obsidian" + +ret_val=$? +umount /mnt/smb +/bin/rm -rf /mnt/smb + +r_checkExitStatus $ret_val diff --git a/func/core/pkg_samba/README.md b/func/core/pkg_samba/README.md new file mode 100644 index 0000000..7236cb8 --- /dev/null +++ b/func/core/pkg_samba/README.md @@ -0,0 +1 @@ +Basic samba tests diff --git a/func/core/pkg_secureboot/10-test-grub-secureboot.sh b/func/core/pkg_secureboot/10-test-grub-secureboot.sh new file mode 100755 index 0000000..30e50c9 --- /dev/null +++ b/func/core/pkg_secureboot/10-test-grub-secureboot.sh @@ -0,0 +1,14 @@ +#!/bin/bash +r_log "secureboot" "Verify that grub2-efi is correctly signed" + +if [ ! -d /sys/firmware/efi ]; then + r_log "secureboot" "System was not booted in EFI mode. It is likely that grub2-efi is also not installed." + if [ -f /boot/efi/EFI/rocky/grubx64.efi ]; then + r_log "secureboot" "Correct, system is not EFI and thus does not have grub2-efi installed." + exit 0 + fi +else + p_installPackageNormal pesign + pesign --show-signature --in /boot/efi/EFI/rocky/grubx64.efi | grep -Eq 'Rocky Linux' + r_checkExitStatus $? +fi diff --git a/func/core/pkg_secureboot/11-test-shim-certs.sh b/func/core/pkg_secureboot/11-test-shim-certs.sh new file mode 100755 index 0000000..98ad437 --- /dev/null +++ b/func/core/pkg_secureboot/11-test-shim-certs.sh @@ -0,0 +1,14 @@ +#!/bin/bash +r_log "secureboot" "Verify that grub2-efi is correctly signed" + +if [ ! -d /sys/firmware/efi ]; then + r_log "secureboot" "System was not booted in EFI mode. It is likely that grub2-efi is also not installed." + if [ -f /boot/efi/EFI/rocky/grubx64.efi ]; then + r_log "secureboot" "Correct, system is not EFI and thus does not have grub2-efi installed." + exit 0 + fi +else + p_installPackageNormal pesign + pesign --show-signature --in /boot/efi/EFI/rocky/shim.efi | grep -Eq "Microsoft Windows UEFI Driver Publisher" + r_checkExitStatus $? +fi diff --git a/func/core/pkg_secureboot/README.md b/func/core/pkg_secureboot/README.md new file mode 100644 index 0000000..273769c --- /dev/null +++ b/func/core/pkg_secureboot/README.md @@ -0,0 +1 @@ +Not an actual package name - Any tests for testing secure boot related keys diff --git a/func/core/pkg_selinux/00-install-selinux-tools.sh b/func/core/pkg_selinux/00-install-selinux-tools.sh new file mode 100755 index 0000000..57b8c22 --- /dev/null +++ b/func/core/pkg_selinux/00-install-selinux-tools.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "selinux" "Install selinux toolset" + +# Shouldn't change in 9 +p_installPackageNormal python3-libselinux diff --git a/func/core/pkg_selinux/10-check-alerts.sh b/func/core/pkg_selinux/10-check-alerts.sh new file mode 100755 index 0000000..d37c7ac --- /dev/null +++ b/func/core/pkg_selinux/10-check-alerts.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "selinux" "Check for SELinux AVC alerts" +grep -v "AVC" /var/log/audit/audit.log > /dev/null 2>&1 +r_checkExitStatus $? diff --git a/func/core/pkg_selinux/20-check-policy-mismatch.sh b/func/core/pkg_selinux/20-check-policy-mismatch.sh new file mode 100755 index 0000000..dd2b5b2 --- /dev/null +++ b/func/core/pkg_selinux/20-check-policy-mismatch.sh @@ -0,0 +1,16 @@ +#!/bin/bash +r_log "selinux" "Check policy mismatch" + +cat << EOF | /usr/bin/python3 - +import sys +import selinux.audit2why as audit2why + +try: + audit2why.init() +except: + sys.exit(1) + +sys.exit(0) +EOF + +r_checkExitStatus $? diff --git a/func/core/pkg_setup/00-test-shells.sh b/func/core/pkg_setup/00-test-shells.sh new file mode 100755 index 0000000..b4e33a0 --- /dev/null +++ b/func/core/pkg_setup/00-test-shells.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "setup" "Test /etc/shells" + +grep -q 'bash' /etc/shells + +r_checkExitStatus $? diff --git a/func/core/pkg_setup/10-test-group-file.sh b/func/core/pkg_setup/10-test-group-file.sh new file mode 100755 index 0000000..67ebe20 --- /dev/null +++ b/func/core/pkg_setup/10-test-group-file.sh @@ -0,0 +1,11 @@ +#!/bin/bash +r_log "setup" "Testing /etc/group file" +NOBODY=65534 + +grep -q "root:x:0" /etc/group && \ +grep -q "bin:x:1" /etc/group && \ +grep -q "daemon:x:2" /etc/group && \ +grep -q "sys:x:3" /etc/group && \ +grep -q "nobody:x:${NOBODY}" /etc/group + +r_checkExitStatus $? diff --git a/func/core/pkg_setup/20-test-passwd-file.sh b/func/core/pkg_setup/20-test-passwd-file.sh new file mode 100755 index 0000000..a628a23 --- /dev/null +++ b/func/core/pkg_setup/20-test-passwd-file.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "setup" "Testing /etc/passwd file" +NOBODY=65534 + +grep -q "root:x:0" /etc/passwd && \ +grep -q "bin:x:1" /etc/passwd && \ +grep -q "nobody:x:${NOBODY}" /etc/passwd + +r_checkExitStatus $? diff --git a/func/core/pkg_setup/README.md b/func/core/pkg_setup/README.md new file mode 100644 index 0000000..db25ea8 --- /dev/null +++ b/func/core/pkg_setup/README.md @@ -0,0 +1 @@ +Test setup diff --git a/func/core/pkg_shadow-utils/00-install.sh b/func/core/pkg_shadow-utils/00-install.sh new file mode 100755 index 0000000..b6d36d9 --- /dev/null +++ b/func/core/pkg_shadow-utils/00-install.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "shadow" "I mean really, it should be installed." +p_installPackageNormal shadow-utils diff --git a/func/core/pkg_shadow-utils/10-files-verify.sh b/func/core/pkg_shadow-utils/10-files-verify.sh new file mode 100755 index 0000000..916adaf --- /dev/null +++ b/func/core/pkg_shadow-utils/10-files-verify.sh @@ -0,0 +1,10 @@ +#!/bin/bash +r_log "shadow" "Verify the shadow-utils files exist" + +r_log "shadow" "Verify /etc/default" +[ -d "/etc/default" ] || { r_log "shadow" "Missing /etc/default"; r_checkExitStatus 1; } +r_log "shadow" "Verify /etc/default/useradd" +[ -e "/etc/default/useradd" ] || { r_log "shadow" "Missing /etc/default/useradd"; r_checkExitStatus 1; } +r_log "shadow" "Verify /etc/login.defs" +[ -e "/etc/login.defs" ] || { r_log "shadow" "Missing /etc/login.defs"; r_checkExitStatus 1; } +r_checkExitStatus 0 diff --git a/func/core/pkg_shadow-utils/20-user-tests.sh b/func/core/pkg_shadow-utils/20-user-tests.sh new file mode 100755 index 0000000..7feaba1 --- /dev/null +++ b/func/core/pkg_shadow-utils/20-user-tests.sh @@ -0,0 +1,83 @@ +#!/bin/bash +r_log "shadow" "Various User Tests" + +# useradd +r_log "shadow" "Ensure that useradd works" +r_log "shadow" "Add the user obsidian" +useradd obsidian +r_checkExitStatus $? + +r_log "shadow" "Verify obsidian exists with ID" +id obsidian > /dev/null 2>&1 +r_checkExitStatus $? + +r_log "shadow" "Verify /etc/passwd" +grep -q "^obsidian" /etc/passwd +r_checkExitStatus $? + +# usermod +r_log "shadow" "Verify usermod can add a comment" +usermod -c "Green Obsidian" obsidian +r_checkExitStatus $? +r_log "shadow" "Verify comment exists in /etc/passwd" +grep "^obsidian" /etc/passwd | grep -q "Green Obsidian" +r_checkExitStatus $? +r_log "shadow" "Verify comment exists with getent" +getent passwd obsidian | grep -q "Green Obsidian" +r_checkExitStatus $? + +# lastlog +r_log "shadow" "Verify lastlog" +lastlog -u obsidian | grep -q "**Never logged in**" +r_checkExitStatus $? + +# chpasswd +r_log "shadow" "Verify chpasswd utility" +chpasswd -e << EOF +obsidian:somenonsense +EOF +r_checkExitStatus $? +r_log "shadow" "Verify /etc/shadow" +grep -q "somenonsense" /etc/shadow +r_checkExitStatus $? + +# newusers +r_log "shadow" "Verify newusers utility" +newusers << EOF +blueonyx:x:333344:333344:Blue Onyx:/home/blueonyx:/bin/bash +EOF +r_checkExitStatus $? +r_log "shadow" "Verify blueonyx exists with ID" +id blueonyx > /dev/null 2>&1 +r_checkExitStatus $? +r_log "shadow" "Verify /etc/passwd" +grep -q "^blueonyx" /etc/passwd +r_checkExitStatus $? + +# chage +r_log "shadow" "Verify chage utility" +echo "obsidian" | passwd --stdin obsidian +chage -d 2012-11-20 obsidian +r_checkExitStatus $? + +r_log "shadow" "Verify last password change is correct" +chage -l obsidian | grep Last | grep -q "Nov 20, 2012" +r_checkExitStatus $? + +# userdel +r_log "shadow" "Delete the users we created: obsidian" +userdel -rf obsidian +r_checkExitStatus $? +r_log "shadow" "Delete the users we created: blueonyx" +userdel -rf blueonyx +r_checkExitStatus $? + +r_log "shadow" "Verify they do not exist" +grep -qE "^obsidian|^blueonyx" /etc/passwd +ret_val=$? +if [ "$ret_val" -ne 0 ]; then + r_checkExitStatus 0 +else + r_log "shadow" "The users still exist." + r_checkExitStatus 1 +fi diff --git a/func/core/pkg_shadow-utils/30-group-tests.sh b/func/core/pkg_shadow-utils/30-group-tests.sh new file mode 100755 index 0000000..d50ca6d --- /dev/null +++ b/func/core/pkg_shadow-utils/30-group-tests.sh @@ -0,0 +1,113 @@ +#!/bin/bash +r_log "shadow" "Various Group Tests" + +r_log "shadow" "Verify /etc/group exists" +[ -e /etc/group ] || { r_log "shadow" "/etc/group doesn't exist"; exit 1; } + +# groupadd +r_log "shadow" "Create our first group" +groupadd -g 55553 onyxgroup +r_checkExitStatus $? + +# gpasswd +r_log "shadow" "Create a user and add to the group with gpasswd" +useradd onyxuser +gpasswd -a onyxuser onyxgroup +r_checkExitStatus $? + +# groupmems +r_log "shadow" "Simple groupmems test against onyxgroup" +groupmems -g onyxgroup -l | grep -q "onyxuser" +r_checkExitStatus $? + +# newgrp +r_log "shadow" "Attempt to use newgrp for onyxuser" +groups onyxuser | grep -q "onyxuser onyxgroup" || { r_log "shadow" "Groups information is incorrect."; r_checkExitStatus 1; } +echo $( su - onyxuser << EOF +newgrp onyxgroup +groups +exit +EOF +) | grep -q "onyxgroup onyxuser" +r_checkExitStatus $? + +# groupmod +r_log "shadow" "Verify that the onyxgroup exists with GID 55553" +getent group onyxgroup | grep -q "onyxgroup:x:55553:onyxuser" +r_checkExitStatus $? +r_log "shadow" "Change the GID for onyxgroup to 55554" +groupmod -g 55554 onyxgroup +r_checkExitStatus $? + +# grpck +r_log "shadow" "Verify grpck functions" +grpck +r_checkExitStatus $? + +r_log "shadow" "Check that test files are malformed" +grpck -r ./common/files/malform-group ./common/files/malform-gshadow +ret_val=$? +if [ "$ret_val" -eq 2 ]; then + r_checkExitStatus 0 +else + r_log "shadow" "Malformed files were not detected." + r_checkExitStatus 1 +fi + +# groupdel +r_log "shadow" "Verify groupdel functionality" +getent group onyxgroup > /dev/null 2>&1 || { r_log "shadow" "The onyxgroup doesn't exist."; exit 1; } +groupdel onyxgroup +r_checkExitStatus $? + +r_log "shadow" "Make sure that when a group doesn't exist, groupdel returns 6" +groupdel onyxgroup > /dev/null 2>&1 +ret_val=$? +if [ "$ret_val" -eq 6 ]; then + r_checkExitStatus 0 +else + r_log "shadow" "Either the group still existed or another problem occured." + r_checkExitStatus 1 +fi + +r_log "shadow" "Make sure that when a group is a primary user group, groupdel returns 8" +groupdel onyxuser +ret_val=$? +if [ "$retval" -eq 8 ]; then + r_checkExitStatus 0 +else + r_log "shadow" "The group was removed..." + r_checkExitStatus 1 +fi + +# grpconv +r_log "shadow" "Test that grpconv properly creates /etc/gshadow" +/bin/cp /etc/gshadow /var/tmp/gshadow.backup +grpconv +r_checkExitStatus $? +r_log "shadow" "Verify the format is consistent" +grpck +r_checkExitStatus $? + +# grpunconv +r_log "shadow" "Convert group and gshadow to be merged" +mkdir -p /var/tmp/grpunconv +/bin/cp /etc/group /etc/gshadow /var/tmp/grpunconv +r_log "shadow" "Verify consistency first" +grpck +r_checkExitStatus $? +/bin/cp /var/tmp/grpunconv/* /etc +rm -r /var/tmp/grpunconv +r_log "shadow" "Actually do it." +grpunconv +r_checkExitStatus $? +grpconv + +# sg +r_log "shadow" "Test sg" +sg onyxuser "touch /var/tmp/onyxsg" +r_checkExitStatus $? +r_log "shadow" "Verify sg worked" +ls -l /var/tmp/onyxsg | grep -q onyxuser +r_checkExitStatus $? +rm /var/tmp/onyxsg diff --git a/func/core/pkg_shadow-utils/40-pw.sh b/func/core/pkg_shadow-utils/40-pw.sh new file mode 100755 index 0000000..7f250f4 --- /dev/null +++ b/func/core/pkg_shadow-utils/40-pw.sh @@ -0,0 +1,31 @@ +#!/bin/bash +r_log "shadow" "Check that pwck can use correct files" +pwck -rq ./common/files/correct-passwd ./common/files/correct-shadow +r_checkExitStatus $? + +r_log "shadow" "Check that pwck cannot use incorrect files" +pwck -rq ./common/files/incorrect-passwd ./common/files/incorrect-shadow +ret_val=$? +if [ "$ret_val" -eq 0 ]; then + r_log "shadow" "They're correct." + exit 1 +fi +r_checkExitStatus 0 + +r_log "shadow" "Check that pwconv is functional" +mkdir -p /var/tmp/pwconv +/bin/cp /etc/shadow /etc/passwd /var/tmp/pwconv || { r_log "shadow" "Could not backup files"; exit 1; } +/bin/cp /var/tmp/pwconv/* /etc +pwconv +r_checkExitStatus $? + +r_log "shadow" "Check that pwunconv is functional" +mkdir -p /var/tmp/pwunconv +/bin/cp /etc/passwd /etc/shadow /var/tmp/pwunconv || { r_log "shadow" "Could not backup files"; exit 1; } +/bin/cp /var/tmp/pwunconv/* /etc +pwunconv +r_checkExitStatus $? + +# cleanup +pwconv +rm -rf /var/tmp/pwunconv /var/tmp/pwconv diff --git a/func/core/pkg_shadow-utils/90-clean.sh b/func/core/pkg_shadow-utils/90-clean.sh new file mode 100755 index 0000000..4297516 --- /dev/null +++ b/func/core/pkg_shadow-utils/90-clean.sh @@ -0,0 +1,4 @@ +#!/bin/bash +userdel -rf onyxuser > /dev/null 2>&1 +userdel -rf obsidian > /dev/null 2>&1 +groupdel onyxgroup > /dev/null 2>&1 diff --git a/func/core/pkg_shadow-utils/README.md b/func/core/pkg_shadow-utils/README.md new file mode 100644 index 0000000..d38a78d --- /dev/null +++ b/func/core/pkg_shadow-utils/README.md @@ -0,0 +1 @@ +Test anything related to passwd/group/shadow/etc diff --git a/func/core/pkg_snmp/00-install-snmp.sh b/func/core/pkg_snmp/00-install-snmp.sh new file mode 100755 index 0000000..c15cf64 --- /dev/null +++ b/func/core/pkg_snmp/00-install-snmp.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "snmp" "Install net-snmp" +p_installPackageNormal net-snmp net-snmp-utils +m_serviceCycler snmpd start diff --git a/func/core/pkg_snmp/10-test-snmp-1.sh b/func/core/pkg_snmp/10-test-snmp-1.sh new file mode 100755 index 0000000..fd36235 --- /dev/null +++ b/func/core/pkg_snmp/10-test-snmp-1.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "snmp" "Run snmpv1 test" + +snmpwalk -v 1 -c public 127.0.0.1 > /dev/null 2>&1 +r_checkExitStatus $? diff --git a/func/core/pkg_snmp/11-test-snmp-2.sh b/func/core/pkg_snmp/11-test-snmp-2.sh new file mode 100755 index 0000000..3a5800a --- /dev/null +++ b/func/core/pkg_snmp/11-test-snmp-2.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "snmp" "Run snmpv2 test" + +snmpwalk -v 2c -c public 127.0.0.1 > /dev/null 2>&1 +r_checkExitStatus $? diff --git a/func/core/pkg_snmp/12-test-snmp-3.sh b/func/core/pkg_snmp/12-test-snmp-3.sh new file mode 100755 index 0000000..b7b2143 --- /dev/null +++ b/func/core/pkg_snmp/12-test-snmp-3.sh @@ -0,0 +1,20 @@ +#!/bin/bash +r_log "snmp" "Test snmpv3" + +cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup + +r_log "snmp" "Create rockyro user" +cat >> /etc/snmp/snmpd.conf < /dev/null 2>&1 +r_checkExitStatus $? + +cp /etc/snmp/snmpd.conf.backup /etc/snmp/snmpd.conf +m_serviceCycler snmpd restart diff --git a/func/core/pkg_snmp/README.md b/func/core/pkg_snmp/README.md new file mode 100644 index 0000000..b436d3a --- /dev/null +++ b/func/core/pkg_snmp/README.md @@ -0,0 +1 @@ +Test basic snmp stuff diff --git a/func/core/pkg_sqlite/00-install-sqlite.sh b/func/core/pkg_sqlite/00-install-sqlite.sh new file mode 100755 index 0000000..9c553c1 --- /dev/null +++ b/func/core/pkg_sqlite/00-install-sqlite.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "sqlite" "Install sqlite" +p_installPackageNormal sqlite diff --git a/func/core/pkg_sqlite/10-sqlite-tables.sh b/func/core/pkg_sqlite/10-sqlite-tables.sh new file mode 100755 index 0000000..186431e --- /dev/null +++ b/func/core/pkg_sqlite/10-sqlite-tables.sh @@ -0,0 +1,15 @@ +#!/bin/bash +r_log "sqlite" "Test basic table functionality" + +r_log "sqlite" "Create a database" +sqlite3 /var/tmp/coretest.db 'drop table if exists tf_coretable' +sqlite3 /var/tmp/coretest.db 'create table tf_coretable(text, id INTEGER);' +r_checkExitStatus $? + +r_log "sqlite" "Create a table in that database" +sqlite3 /var/tmp/coretest.db "insert into tf_coretable values ('Green_Obsidian', 1);" +r_checkExitStatus $? + +r_log "sqlite" "Check that we can select that table" +sqlite3 /var/tmp/coretest.db "select * from tf_coretable;" | grep -q "Green_Obsidian" +r_checkExitStatus $? diff --git a/func/core/pkg_sqlite/20-sqlite-dump.sh b/func/core/pkg_sqlite/20-sqlite-dump.sh new file mode 100755 index 0000000..747d63c --- /dev/null +++ b/func/core/pkg_sqlite/20-sqlite-dump.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "sqlite" "Test that we can dump the database" +sqlite3 /var/tmp/coretest.db ".dump" | grep -q "Green_Obsidian" +r_checkExitStatus $? diff --git a/func/core/pkg_sqlite/README.md b/func/core/pkg_sqlite/README.md new file mode 100644 index 0000000..2ec9e41 --- /dev/null +++ b/func/core/pkg_sqlite/README.md @@ -0,0 +1 @@ +sqlite tests diff --git a/func/core/pkg_strace/00-install-strace.sh b/func/core/pkg_strace/00-install-strace.sh new file mode 100755 index 0000000..b359af3 --- /dev/null +++ b/func/core/pkg_strace/00-install-strace.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "strace" "Install strace" +p_installPackageNormal strace diff --git a/func/core/pkg_strace/10-test-strace.sh b/func/core/pkg_strace/10-test-strace.sh new file mode 100755 index 0000000..bf26e0f --- /dev/null +++ b/func/core/pkg_strace/10-test-strace.sh @@ -0,0 +1,12 @@ +#!/bin/bash +r_log "strace" "Run basic strace tests" +STRACE=$(which strace) +/usr/bin/strace ls &> /dev/null +ret_val=$? + +if [ "$ret_val" -ne 0 ]; then + r_log "strace" "strace exited with a non-zero exit code" + r_checkExitStatus 1 +else + r_checkExitStatus 0 +fi diff --git a/func/core/pkg_strace/README.md b/func/core/pkg_strace/README.md new file mode 100644 index 0000000..9738b52 --- /dev/null +++ b/func/core/pkg_strace/README.md @@ -0,0 +1 @@ +Test strace diff --git a/func/core/pkg_sysstat/00-install-sysstat.sh b/func/core/pkg_sysstat/00-install-sysstat.sh new file mode 100755 index 0000000..036ee4a --- /dev/null +++ b/func/core/pkg_sysstat/00-install-sysstat.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "sysstat" "Install sysstat" +p_installPackageNormal sysstat diff --git a/func/core/pkg_sysstat/10-iostat.sh b/func/core/pkg_sysstat/10-iostat.sh new file mode 100755 index 0000000..d579fb4 --- /dev/null +++ b/func/core/pkg_sysstat/10-iostat.sh @@ -0,0 +1,31 @@ +#!/bin/bash +r_log "sysstat" "Test basic iostat disk measurements" + +TMPFILE=/var/tmp/iostat.disk +BLOCKS=4096 +COUNT=10100 +SUM="$(expr $BLOCKS \* $COUNT / 1024)" +DISK="$(fdisk -l | grep -Po -m1 '^/dev/[\D]+')" + +[ -e $TMPFILE ] && /bin/rm -f $TMPFILE + +# Clear out page cache +echo 1 > /proc/sys/vm/drop_caches + +r_log "sysstat" "Running iostat on $DISK" +/usr/bin/iostat -dkx 1 5 $DISK > $TMPFILE & + +# wait +sleep 4 + +# Generate traffic +/bin/dd if=$DISK of=/dev/null bs=$BLOCKS count=$COUNT &> /dev/null + +# wait +sleep 6 + +READBYTES=$(awk '$6 ~ /[0-9]/ {NR>1 && sum+=$6} END {print int(sum)}' $TMPFILE) + +[ "$READBYTES" -ge "$SUM" ] || { r_log "sysstat" "It doesn't look like we got a lot of traffic. Why?"; } + +r_checkExitStatus $? diff --git a/func/core/pkg_sysstat/11-cpu.sh b/func/core/pkg_sysstat/11-cpu.sh new file mode 100755 index 0000000..6c07e5e --- /dev/null +++ b/func/core/pkg_sysstat/11-cpu.sh @@ -0,0 +1,26 @@ +#!/bin/bash +r_log "sysstat" "Testing CPU load is being measured via mpstat" + +TMPFILE=/var/tmp/mpstat +BLOCKS=4096 +COUNT=20000 + +[ -e "$TMPFILE" ] && /bin/rm -f $TMPFILE + +/usr/bin/mpstat -P 0 1 5 > $TMPFILE & + +# wait +sleep 5 + +# generate cpu stuff +/bin/dd if=/dev/urandom bs=$BLOCKS count=$COUNT 2> /dev/null | sha256sum -b - &> /dev/null + +# wait +sleep 5 + +# Check that our bytes are greater than zero. Except the first line. +CPU_SYS_PERCENT=$(awk '$6 ~ /[0-9]\./ {$6>a ? a=$6 : $6} END {print int(a)}' $TMPFILE) + +[ "$CPU_SYS_PERCENT" -gt 5 ] || { r_log "sysstat" "Why didn't we log CPU activity..."; } + +r_checkExitStatus $? diff --git a/func/core/pkg_sysstat/12-cpu-io.sh b/func/core/pkg_sysstat/12-cpu-io.sh new file mode 100755 index 0000000..e947def --- /dev/null +++ b/func/core/pkg_sysstat/12-cpu-io.sh @@ -0,0 +1,29 @@ +#!/bin/bash +r_log "sysstat" "Test CPU measurements via iostat" + +TMPFILE=/var/tmp/iostat.cpi +DISK=$(fdisk -l|grep -Po -m1 '^/dev/[\D]+') +BLOCKS=4096 +COUNT=20000 + + +# drop caches +echo 1 > /proc/sys/vm/drop_caches + +[ -e "$TMPFILE" ] && /bin/rm -f $TMPFILE + +/usr/bin/iostat -c 1 5 > $TMPFILE & + +# wait +sleep 5 + +/bin/dd if=$DISK bs=$BLOCKS count=$COUNT 2> /dev/null | sha256sum -b - &> /dev/null + +# wait +sleep 5 + +CPU_USER_PERCENT=$(awk '$1 ~ /[0-9]/ {$1>a ? a=$1 : $1} END {print int(a)}' $TMPFILE) + +[ "$CPU_USER_PERCENT" -gt 3 ] || { r_log "sysstat" "Why aren't we generating activity..."; } + +r_checkExitStatus $? diff --git a/func/core/pkg_sysstat/README.md b/func/core/pkg_sysstat/README.md new file mode 100644 index 0000000..355b98f --- /dev/null +++ b/func/core/pkg_sysstat/README.md @@ -0,0 +1 @@ +Test some sysstat stufff diff --git a/func/core/pkg_systemd/00-systemd-list-services.sh b/func/core/pkg_systemd/00-systemd-list-services.sh new file mode 100755 index 0000000..f95e47c --- /dev/null +++ b/func/core/pkg_systemd/00-systemd-list-services.sh @@ -0,0 +1,7 @@ +#!/bin/bash +r_log "systemd" "Checking that systemctl can verify if a service is enabled" + +# sshd is part of a minimal install +systemctl is-enabled sshd.service > /dev/null + +r_checkExitStatus $? diff --git a/func/core/pkg_systemd/10-systemd-list-non-native-sevices.sh b/func/core/pkg_systemd/10-systemd-list-non-native-sevices.sh new file mode 100755 index 0000000..a0494c2 --- /dev/null +++ b/func/core/pkg_systemd/10-systemd-list-non-native-sevices.sh @@ -0,0 +1,5 @@ +#!/bin/bash +r_log "systemd" "Checking if systemctl can see enabled status for non-native services" +systemctl is-enabled kdump.service 2> /dev/null | grep -qE 'disabled|enabled' + +r_checkExitStatus $? diff --git a/func/core/pkg_systemd/11-systemd-service-status.sh b/func/core/pkg_systemd/11-systemd-service-status.sh new file mode 100755 index 0000000..9dab1a6 --- /dev/null +++ b/func/core/pkg_systemd/11-systemd-service-status.sh @@ -0,0 +1,6 @@ +#!/bin/bash +r_log "systemd" "Checking if systemctl can check service status" + +systemctl is-active sshd.service > /dev/null + +r_checkExitStatus $? diff --git a/func/core/pkg_systemd/20-systemd-journald.sh b/func/core/pkg_systemd/20-systemd-journald.sh new file mode 100755 index 0000000..245c777 --- /dev/null +++ b/func/core/pkg_systemd/20-systemd-journald.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "systemd" "Testing journalctl with a teststring" + +currentTime=$(date +'%T') +testString=01092deadbeef9915710501deadbeef6 +echo "${testString}" > /dev/kmsg +journalctl --since "${currentTime}" | grep -q "${testString}" + +r_checkExitStatus $? diff --git a/func/core/pkg_systemd/README.md b/func/core/pkg_systemd/README.md new file mode 100644 index 0000000..f7585f9 --- /dev/null +++ b/func/core/pkg_systemd/README.md @@ -0,0 +1 @@ +Test systemd and journald diff --git a/func/core/pkg_tcpdump/README.md b/func/core/pkg_tcpdump/README.md new file mode 100644 index 0000000..34e1a56 --- /dev/null +++ b/func/core/pkg_tcpdump/README.md @@ -0,0 +1 @@ +Test basic tcpdump stuff diff --git a/func/core/pkg_telnet/00-install-telnet.sh b/func/core/pkg_telnet/00-install-telnet.sh new file mode 100755 index 0000000..861ec85 --- /dev/null +++ b/func/core/pkg_telnet/00-install-telnet.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "telnet" "Install the telnet package" +p_installPackageNormal telnet diff --git a/func/core/pkg_telnet/10-test-telnet.sh b/func/core/pkg_telnet/10-test-telnet.sh new file mode 100755 index 0000000..3efffd3 --- /dev/null +++ b/func/core/pkg_telnet/10-test-telnet.sh @@ -0,0 +1,8 @@ +#!/bin/bash +r_log "telnet" "Basic telnet test" + +telnet_sshd_test=`telnet 127.0.0.1 22 << EOF +EOF` + +echo "$telnet_sshd_test" | grep -q "Escape character is '^]'" +r_checkExitStatus $? diff --git a/func/core/pkg_vsftpd/00-install-vsftpd.sh b/func/core/pkg_vsftpd/00-install-vsftpd.sh new file mode 100755 index 0000000..4663647 --- /dev/null +++ b/func/core/pkg_vsftpd/00-install-vsftpd.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "vsftpd" "Installing vsftpd" +p_installPackageNormal vsftpd diff --git a/func/core/pkg_vsftpd/10-anonymous-vsftpd.sh b/func/core/pkg_vsftpd/10-anonymous-vsftpd.sh new file mode 100755 index 0000000..c4cad3d --- /dev/null +++ b/func/core/pkg_vsftpd/10-anonymous-vsftpd.sh @@ -0,0 +1,16 @@ +#!/bin/bash +r_log "vsftpd" "Configure vsftpd for anonymous login" + +# el9 likely won't change + +if [ "$RL_VER" -ge 8 ]; then + cp -fp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.backup + sed -i 's/anonymous_enable=NO/anonymous_enable=YES/g' /etc/vsftpd/vsftpd.conf +fi + +m_serviceCycler vsftpd restart + +r_log "vsftpd" "Verify anonymous logins work" +echo -e 'user anonymous\npass password\nquit' | nc localhost 21 | grep -q "230 Login successful." + +r_checkExitStatus $? diff --git a/func/core/pkg_vsftpd/20-local-login.sh b/func/core/pkg_vsftpd/20-local-login.sh new file mode 100755 index 0000000..8fc14f4 --- /dev/null +++ b/func/core/pkg_vsftpd/20-local-login.sh @@ -0,0 +1,18 @@ +#!/bin/bash +r_log "vsftpd" "Test local logins" + +getent passwd ftprocky | grep -q "ftprocky" +ret_val=$? + +if [ $ret_val -ne 0 ]; then + useradd ftprocky +fi + +echo ftptest | passwd --stdin ftprocky +setsebool ftp_home_dir 1 + +echo -e 'user ftprocky\npass ftptest\nquit' | nc localhost 21 | grep -q '230 Login successful.' + +r_checkExitStatus $? + +userdel -rf ftprocky diff --git a/func/core/pkg_vsftpd/30-cleanup.sh b/func/core/pkg_vsftpd/30-cleanup.sh new file mode 100755 index 0000000..d80f43f --- /dev/null +++ b/func/core/pkg_vsftpd/30-cleanup.sh @@ -0,0 +1,4 @@ +#!/bin/bash +r_log "vsftpd" "Cleanup configs" +cp -fp /etc/vsftpd/vsftpd.conf.backup /etc/vsftpd/vsftpd.conf +m_serviceCycler vsftpd stop diff --git a/func/core/pkg_vsftpd/README.md b/func/core/pkg_vsftpd/README.md new file mode 100644 index 0000000..1822f30 --- /dev/null +++ b/func/core/pkg_vsftpd/README.md @@ -0,0 +1 @@ +vsftpd tests diff --git a/func/core/pkg_wget/00-install-wget.sh b/func/core/pkg_wget/00-install-wget.sh new file mode 100755 index 0000000..edaf71e --- /dev/null +++ b/func/core/pkg_wget/00-install-wget.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "wget" "Install wget" +p_installPackageNormal wget diff --git a/func/core/pkg_wget/10-test-wget.sh b/func/core/pkg_wget/10-test-wget.sh new file mode 100755 index 0000000..a09e1da --- /dev/null +++ b/func/core/pkg_wget/10-test-wget.sh @@ -0,0 +1,13 @@ +#!/bin/bash +r_log "wget" "Test wget works as intended" + +URL=http://dl.rockylinux.org +FILE=/var/tmp/dlrocky.html +CHECK="pub/" + +r_log "wget" "Querying: ${URL}" +wget -q -O ${FILE} ${URL} +grep -q "${CHECK}" "${FILE}" + +r_checkExitStatus $? +/bin/rm ${FILE} diff --git a/func/core/pkg_wget/README.md b/func/core/pkg_wget/README.md new file mode 100644 index 0000000..c222c12 --- /dev/null +++ b/func/core/pkg_wget/README.md @@ -0,0 +1 @@ +Test wget diff --git a/func/core/pkg_which/00-install-which.sh b/func/core/pkg_which/00-install-which.sh new file mode 100755 index 0000000..46bce63 --- /dev/null +++ b/func/core/pkg_which/00-install-which.sh @@ -0,0 +1,3 @@ +#!/bin/bash +r_log "which" "Install which" +p_installPackageNormal which diff --git a/func/core/pkg_which/10-test-which.sh b/func/core/pkg_which/10-test-which.sh new file mode 100755 index 0000000..916bb3f --- /dev/null +++ b/func/core/pkg_which/10-test-which.sh @@ -0,0 +1,9 @@ +#!/bin/bash +r_log "which" "Testing that which can find bash" +/usr/bin/which bash | grep -Eq '^(/usr)?/bin/bash$' +r_checkExitStatus $? + +r_log "which" "Testing that which fails on a command that doesn't exist" +/usr/bin/which obsidiaN 2> /dev/null +[ $? -eq 1 ] || { r_log "which" "Which should have failed." ; exit "$FAIL"; } +r_checkExitStatus $? diff --git a/func/core/pkg_which/README.md b/func/core/pkg_which/README.md new file mode 100644 index 0000000..1213dd5 --- /dev/null +++ b/func/core/pkg_which/README.md @@ -0,0 +1 @@ +Testing which diff --git a/func/debrand.list b/func/debrand.list new file mode 100644 index 0000000..12b4af3 --- /dev/null +++ b/func/debrand.list @@ -0,0 +1,25 @@ +# Place packages that were modified for debranding, regardless if their +# release tag was modified. +# +# The format is this: +# -> Rocky Version ($RL_VER, so major version) +# -> Package Name +# X|name +ALL|abrt +ALL|anaconda +8|cloud-init +8|cockpit +ALL|dhcp +ALL|firefox +ALL|fwupdate +ALL|httpd +ALL|initial-setup +ALL|kernel +ALL|libreport +ALL|nginx +ALL|PackageKit +ALL|redhat-rpm-config +ALL|shim +ALL|sos +ALL|subscription-manager +ALL|thunderbird diff --git a/func/log/README.md b/func/log/README.md new file mode 100644 index 0000000..b9a25cd --- /dev/null +++ b/func/log/README.md @@ -0,0 +1 @@ +All logs will show up here. diff --git a/func/mods.list b/func/mods.list new file mode 100644 index 0000000..3132816 --- /dev/null +++ b/func/mods.list @@ -0,0 +1,14 @@ +# Place modified packages here (that have a .rocky and/or required heavy +# modification). This list does not affect the functionality of the tests. +# +# The format is this: +# -> Rocky Version ($RL_VER, so major version) +# -> Package Name +# -> Current version that was modified (full NVR required) +# X|name|N-V-R +8|dotnet3.1|ALL +8|dotnet5.0|ALL +ALL|fwupd|ALL +ALL|fwupdate|ALL +ALL|pesign|ALL +ALL|shim|ALL diff --git a/func/monotests.sh b/func/monotests.sh new file mode 100644 index 0000000..ce03842 --- /dev/null +++ b/func/monotests.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# This is used to help identify what actually failed (assuming we can't figure +# it out ourselves or don't want to run something manually) + +for x in success fail; do + [ -e "$x" ] && rm "$x" +done diff --git a/func/runtests.sh b/func/runtests.sh new file mode 100644 index 0000000..4719d15 --- /dev/null +++ b/func/runtests.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# Release Engineering Core Functionality Testing +# Louis Abel @nazunalika + +################################################################################ +# Settings and variables + +# Exits on any non-zero exit status - Disabled for now. +#set -e +# Undefined variables will cause an exit +set -u + +COMMON_EXPORTS='./common/exports.sh' +COMMON_IMPORTS='./common/imports.sh' +SELINUX=$(getenforce) + +# End +################################################################################ + +# shellcheck source=/dev/null +[ -f $COMMON_EXPORTS ] && source $COMMON_EXPORTS || { echo -e "\n[-] $(date): Variables cannot be sourced."; exit 1; } +# shellcheck source=/dev/null +[ -f $COMMON_IMPORTS ] && source $COMMON_IMPORTS || { echo -e "\n[-] $(date): Functions cannot be sourced."; exit 1; } +# Init log +[ -e "$LOGFILE" ] && m_recycleLog || touch "$LOGFILE" +# SELinux check +if [ "$SELINUX" != "Enforcing" ]; then + echo -e "\n[-] $(date): SELinux is not enforcing." + exit 1 +fi + +r_log "internal" "Starting Release Engineering Core Tests" + +################################################################################ +# Script Work + +# Skip tests in a list - some tests are already -x, so it won't be an issue +if [ -e skip.list ]; then + r_log "internal" "Disabling tests" + grep -E "^${RL_VER}" skip.list | while read line; do + testFile=$(echo $line | cut -d '|' -f 2) + r_log "internal" "SKIP ${testFile}" + chmod -x ${testFile} + done + r_log "internal" "WARNING: Tests above were disabled." +fi + +# TODO: should we let $1 judge what directory is ran? +# TODO: get some stacks and lib in there + +r_processor <(/usr/bin/find ./core -type f | sort -t'/') +#r_processor <(/usr/bin/find ./lib -type f | sort -t'/') +#r_processor <(/usr/bin/find ./stacks -type f | sort -t'/') + +r_log "internal" "Core Tests completed" +exit 0 diff --git a/func/skip.list b/func/skip.list new file mode 100644 index 0000000..ccddc50 --- /dev/null +++ b/func/skip.list @@ -0,0 +1,18 @@ +# Place skipped tests here. Typically we ask that a test that will be skipped +# to be set -x, but there may be a need to just have a list instead to track +# it. +# +# The format is this: +# -> Rocky Version ($RL_VER, so major version) +# -> Path to the test, relative to this file (eg, ./core/pkg_foo/10-bar.sh) +# -> Name (eg github username, RAS account name) +# -> Reason (must be a URL to a bugs.rl.o or related github issue) +# -> Must be a URL to bugs.rl.o, a github issue number, or a code, such as: +# * NEEDINFO +# * NOTREADY +8|./core/pkg_archive/26-zmore.sh|nazunalika|NEEDINFO +8|./core/pkg_nfs/12-prepare-autofs.sh|nazunalika|NEEDINFO +8|./core/pkg_diffutils/00-install-diff.sh|nazunalika|NOTREADY +8|./core/pkg_snmp/12-test-snmp-3.sh|nazunalika|NOTWORKING +8|./core/pkg_samba/00-install-samba.sh|nazunalika|NOTWORKING +8|./core/pkg_samba/10-test-samba.sh|nazunalika|NOTWORKING diff --git a/func/stacks/ipa/00-ipa-pregame.sh b/func/stacks/ipa/00-ipa-pregame.sh new file mode 100644 index 0000000..9a84754 --- /dev/null +++ b/func/stacks/ipa/00-ipa-pregame.sh @@ -0,0 +1,51 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa" "Skipping for aarch64" + exit 0 +fi + +r_log "ipa" "Removing the httpd package if present" +if rpm -q httpd &> /dev/null; then + p_removePackage httpd + rm -rf /etc/httpd +fi + +r_log "ipa" "Removing the bind package if present" +if rpm -q httpd &> /dev/null; then + p_removePackage bind + rm -rf /etc/named /var/named +fi + +mkdir /root/ipa-backup +r_log "ipa" "Backup dnf history" +dnf history list | awk 'NR == 4 {print $1}' > /root/ipa-backup/dnf-history.ipa + +r_log "ipa" "Backup necessary files in /etc" +r_log "ipa" "/etc/resolv.conf" +cp /etc/resolv.conf /root/ipa-backup +r_log "ipa" "/etc/nsswitch.conf" +cp /etc/nsswitch.conf /root/ipa-backup +r_log "ipa" "/etc/hosts" +cp /etc/hosts /root/ipa-backup +r_log "ipa" "/etc/hostname" +cp /etc/hostname /root/ipa-backup +# For Justin Case +hostname > /root/ipa-backup/hostname-command + +# Not really necessary, an NTP server shouldn't be default anymore +r_log "ipa" "/etc/chrony.conf" +cp /etc/chrony.conf /root/ipa-backup + +r_log "ipa" "/etc/ssh/ssh_config" +cp /etc/ssh/ssh_config /root/ipa-backup + +r_log "ipa" "Removing hostname from /etc/hosts" +sed -i "s|127.0.0.1 $(hostname)||" /etc/hosts + +r_log "ipa" "Removing tomcat if installed" +p_removePackage ipa-server tomcat +rm -rf /var/lib/pki/pki-tomcat/ \ + /etc/sysconfig/pki-tomcat \ + /var/log/pki/pki-tomcat \ + /etc/pki/pki-tomcat \ + /etc/sysconfig/pki/tomcat/pki-tomcat diff --git a/func/stacks/ipa/10-install-ipa.sh b/func/stacks/ipa/10-install-ipa.sh new file mode 100644 index 0000000..40aa006 --- /dev/null +++ b/func/stacks/ipa/10-install-ipa.sh @@ -0,0 +1,13 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa $0" "Skipping for aarch64" + exit 0 +fi + +# The IPA maintainers for EL went a little bonkers with how they want to +# support it. There's two separate modules. It's not clear if in 9 it's +# going to be the same thing or not so this check is there just in case. +if [ "$RL_VER" -eq 8 ]; then + p_enableModule idm:DL1/{client,common,dns,server} + p_installPackageNormal ipa-server ipa-server-dns +fi diff --git a/func/stacks/ipa/11-configure-ipa.sh b/func/stacks/ipa/11-configure-ipa.sh new file mode 100644 index 0000000..a4d3aa5 --- /dev/null +++ b/func/stacks/ipa/11-configure-ipa.sh @@ -0,0 +1,40 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa" "Skipping for aarch64" + exit 0 +fi + +r_log "ipa" "Setting up the networking portions of the system" +net_int=$(ip addr | grep -B1 "link/ether" | head -n 1 | awk '{print $2}' | tr -d ':') +net_ip=$(ip -4 -o addr show dev "${net_int}" | awk '/inet/ {print $4}' | cut -d'/' -f1) +forwarder=$(awk '$0 ~ /nameserver/ {print $2}' /etc/resolv.conf | head -n 1) + +r_log "ipa" "Set hostname" +hostnamectl set-hostname onyxtest.rlipa.local +echo "$net_ip $(hostname)" >> /etc/hosts +hostname | grep "onyxtest.rlipa.local" &> /dev/null +r_checkExitStatus $? + +r_log "ipa" "Installing the IPA domain (warning this takes a while)" +ipa-server-install -U \ + --hostname="$(hostname)" \ + --ip-address="${net_ip}" \ + -r RLIPA.LOCAL \ + -n rlipa.local \ + -p b1U3OnyX! \ + -a b1U3OnyX! \ + --ssh-trust-dns \ + --setup-dns \ + --mkhomedir \ + --forwarder="${forwarder}" + +ret_val=$? + +if [ "$ret_val" -eq 0 ]; then + r_log "ipa" "IPA Domain installed" + r_checkExitStatus 0 +else + r_log "ipa" "IPA Domain failed to install" + r_checkExitStatus 1 + export IPAINSTALLED=1 +fi diff --git a/func/stacks/ipa/12-verify-ipa.sh b/func/stacks/ipa/12-verify-ipa.sh new file mode 100644 index 0000000..b8fa76e --- /dev/null +++ b/func/stacks/ipa/12-verify-ipa.sh @@ -0,0 +1,10 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa $0" "Skipping for aarch64" + exit 0 +fi + +if [ "$IPAINSTALLED" -eq 1 ]; then + r_log "ipa" "IPA was not successfully installed. Aborting." + r_checkExitStatus 1 +fi diff --git a/func/stacks/ipa/20-ipa-user.sh b/func/stacks/ipa/20-ipa-user.sh new file mode 100644 index 0000000..884f0df --- /dev/null +++ b/func/stacks/ipa/20-ipa-user.sh @@ -0,0 +1,11 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa $0" "Skipping for aarch64" + exit 0 +fi + +if [ "$IPAINSTALLED" -eq 1 ]; then + r_log "ipa" "IPA was not successfully installed. Aborting." + r_checkExitStatus 1 +fi + diff --git a/func/stacks/ipa/21-ipa-service.sh b/func/stacks/ipa/21-ipa-service.sh new file mode 100644 index 0000000..9f053a1 --- /dev/null +++ b/func/stacks/ipa/21-ipa-service.sh @@ -0,0 +1,11 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa -bash" "Skipping for aarch64" + exit 0 +fi + +if [ "$IPAINSTALLED" -eq 1 ]; then + r_log "ipa" "IPA was not successfully installed. Aborting." + r_checkExitStatus 1 +fi + diff --git a/func/stacks/ipa/22-ipa-dns.sh b/func/stacks/ipa/22-ipa-dns.sh new file mode 100644 index 0000000..9f053a1 --- /dev/null +++ b/func/stacks/ipa/22-ipa-dns.sh @@ -0,0 +1,11 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa -bash" "Skipping for aarch64" + exit 0 +fi + +if [ "$IPAINSTALLED" -eq 1 ]; then + r_log "ipa" "IPA was not successfully installed. Aborting." + r_checkExitStatus 1 +fi + diff --git a/func/stacks/ipa/23-ipa-sudo.sh b/func/stacks/ipa/23-ipa-sudo.sh new file mode 100644 index 0000000..9f053a1 --- /dev/null +++ b/func/stacks/ipa/23-ipa-sudo.sh @@ -0,0 +1,11 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa -bash" "Skipping for aarch64" + exit 0 +fi + +if [ "$IPAINSTALLED" -eq 1 ]; then + r_log "ipa" "IPA was not successfully installed. Aborting." + r_checkExitStatus 1 +fi + diff --git a/func/stacks/ipa/50-cleanup-ipa.sh b/func/stacks/ipa/50-cleanup-ipa.sh new file mode 100644 index 0000000..9f053a1 --- /dev/null +++ b/func/stacks/ipa/50-cleanup-ipa.sh @@ -0,0 +1,11 @@ +#!/bin/bash +if m_getArch aarch64 | grep -qE 'aarch64'; then + r_log "ipa -bash" "Skipping for aarch64" + exit 0 +fi + +if [ "$IPAINSTALLED" -eq 1 ]; then + r_log "ipa" "IPA was not successfully installed. Aborting." + r_checkExitStatus 1 +fi + diff --git a/func/stacks/ipa/README.md b/func/stacks/ipa/README.md new file mode 100644 index 0000000..ecfa277 --- /dev/null +++ b/func/stacks/ipa/README.md @@ -0,0 +1,7 @@ +While not considered a "stack", it's a combination of many things at once. So +it is being tested as a stack. + +We will be testing mainly against EL8. It is not clear if EL9 will keep idm as +a module in 9. However, certain tests will be checking for the release just in +case that the modules will disappear. (I can only hope that it does and that +it just goes back to what Fedora is doing and what EL7 does). -label diff --git a/func/stacks/lamp/00-install-lamp.sh b/func/stacks/lamp/00-install-lamp.sh new file mode 100755 index 0000000..cef30a9 --- /dev/null +++ b/func/stacks/lamp/00-install-lamp.sh @@ -0,0 +1,20 @@ +#!/bin/bash +r_log "lamp" "Install LAMP packages" + +# this shouldn't change for 9 +if [ "$RL_VER" -ge 8 ]; then + p_installPackageNormal mariadb mariadb-server httpd php php-mysqlnd wget +fi + +m_serviceCycler httpd stop + +# for some reason or another, httpd doesn't stop right away +# in some instances. + +if pgrep httpd; then + killall -9 httpd +fi + +sleep 1 + +m_serviceCycler httpd start diff --git a/func/stacks/lamp/01-verification.sh b/func/stacks/lamp/01-verification.sh new file mode 100755 index 0000000..3bfc978 --- /dev/null +++ b/func/stacks/lamp/01-verification.sh @@ -0,0 +1,25 @@ +#!/bin/bash +r_log_"lamp" "Verify LAMP can potentially work" + +PHP_CHECK=/tmp/php.check + +# This may not change for EL9 +if [ "$RL_VER" -ge 8 ]; then + SQL=mariadb +else + SQL=mysqld +fi + +# for Justin Case +rm -f "${PHP_CHECK}" + +r_log "lamp" "Starting up httpd and MySQL/mariadb" + +m_serviceCycler httpd restart +m_serviceCycler $SQL restart + +r_log "lamp" "We did this before, but double check PHP works" +echo "" > $PHP_CHECK + +/bin/php $PHP_CHECK &> /dev/null +r_checkExitStatus $? diff --git a/func/stacks/lamp/10-test-lamp.sh b/func/stacks/lamp/10-test-lamp.sh new file mode 100755 index 0000000..04a3d1b --- /dev/null +++ b/func/stacks/lamp/10-test-lamp.sh @@ -0,0 +1,28 @@ +#!/bin/bash +r_log "lamp" "Testing basic LAMP (not for moths)" +if [ "$RL_VER" -ge 8 ]; then + SQL=mariadb +else + SQL=mysqld +fi + +r_log "lamp" "Import SQL" +mysql < ./common/files/lamp-sql + +cp ./common/files/lamp-sql-php /var/www/html/mysql.php +curl -s http://localhost/mysql.php + +r_log "lamp" "Perform the LAMP test (no moths allowed)" +db_content=$(echo "select * from obsidiancore.tests where name='sqltest'" | mysql -B --skip-column-names) + +if [ "$db_content" == "sqltest" ]; then + r_checkExitStatus 0 +else + r_log "lamp" "The database doesn't seem to exist or contain correct data" + r_checkExitStatus 1 +fi + +r_log "lamp" "Clean up" +mysql -u root -e 'drop database obsidiancore;' +m_serviceCycler httpd stop +m_serviceCycler $SQL stop diff --git a/sync/README.md b/sync/README.md new file mode 100644 index 0000000..51b52ed --- /dev/null +++ b/sync/README.md @@ -0,0 +1,6 @@ +sync +==== + +These scripts assist in syncing to staging and to prod for releases, whether +they are full point releases, simple update releases, or a brand new repository +being added. Each script here has a specific purpose. diff --git a/sync/prep-staging.sh b/sync/prep-staging.sh new file mode 100644 index 0000000..d7f7c3e --- /dev/null +++ b/sync/prep-staging.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# This should only be ran during straight updates during a minor release cadence. +# In the case of point releases, this will need to be changed accordingly so that +# way it can be ran properly. +# +# The point of this script is to basically allow all old versions of a package +# or set of packages to be available during the life of a point release. As it +# currently stands, CentOS has started doing this for both 8 and 8-stream. RHEL +# also does this (and has always done this, except they take it a step further +# and provide everything, even if it's not installable). +# +# Compose dir example: /mnt/repos-staging/mirror/pub/rocky/8.4-RC2 +# Revision must always start with a major number +REVISION=8.4 +# comment or blank if needed +APPEND_TO_DIR="-RC2" +COMPOSE_DIR="/mnt/repos-staging/mirror/pub/rocky/${REVISION}${APPEND_TO_DIR}" +ARCHES=(x86_64 aarch64) + +# Set all repos that have no comps/groups associated with them. This is even in +# cases where repos will not be available by normal means. It's just for +# consistency. +NONMODS_REPOS=( + extras + Devel + nfv + storage/gluster9 + plus +) + +# These repos have comps/groups, except for debuginfo and sources +MODS_REPOS=( + BaseOS + AppStream + HighAvailability + ResilientStorage + PowerTools +) + +# These repos have modules +MODS=( + AppStream + PowerTools +) + +echo "** Updating source repos" +for y in "${NONMODS_REPOS[@]}" "${MODS_REPOS[@]}"; do + test -d "${COMPOSE_DIR}/${y}/${x}/${z}" + ret_val=$? + if [ "$ret_val" -eq 0 ]; then + createrepo --update "${COMPOSE_DIR}/${y}/source/tree" \ + "--distro=cpe:/o:rocky:rocky:${REVISION:0:1},Rocky Linux ${REVISION:0:1}" + else + echo "${COMPOSE_DIR}/${y}/source/tree does not exist" + fi +done + +# Sync up some stuff +echo "** Updating arch repos as necessary **" +for x in "${ARCHES[@]}"; do + echo "${x}: Sync up repos that do not use comps/groups" + # regular repos, no comps + for y in "${NONMODS_REPOS[@]}"; do + # os and debug/tree directories + for z in os debug/tree; do + test -d "${COMPOSE_DIR}/${y}/${x}/${z}" + ret_val=$? + if [ "$ret_val" -eq 0 ]; then + createrepo --update "${COMPOSE_DIR}/${y}/${x}/${z}" \ + "--distro=cpe:/o:rocky:rocky:${REVISION:0:1},Rocky Linux ${REVISION:0:1}" + else + echo "${COMPOSE_DIR}/${y}/${x}/${z} does not exist" + fi + done + # repos with comps/groups involved, but only debug + for y in "${MODS_REPOS[@]}"; do + test -d "${COMPOSE_DIR}/${y}/${x}/debug/tree" + ret_val=$? + if [ "$ret_val" -eq 0 ]; then + createrepo --update "${COMPOSE_DIR}/${y}/${x}/${z}" \ + "--distro=cpe:/o:rocky:rocky:${REVISION:0:1},Rocky Linux ${REVISION:0:1}" + else + echo "${COMPOSE_DIR}/${y}/${x}/debug/tree does not exist" + fi + done + + echo "** Update all repos with comps/groups" + for y in "${MODS_REPOS[@]}"; do + echo "${y}: ${x}" + test -d "${COMPOSE_DIR}/${y}/${x}/os" + ret_val=$? + if [ "$ret_val" -eq 0 ]; then + createrepo --update "${COMPOSE_DIR}/${y}/${x}/os" \ + --groupfile="/mnt/compose/8/latest-Rocky-8/work/${x}/comps/comps-${y}.${x}.xml" \ + --xz --revision=${REVISION} \ + "--distro=cpe:/o:rocky:rocky:${REVISION:0:1},Rocky Linux ${REVISION:0:1}" \ + --workers=8 --checksum=sha256 + else + echo "${COMPOSE_DIR}/${y}/${x}/os does not exist" + fi + done + + echo "** Update modules" + for y in "${MODS[@]}"; do + echo "Modules: ${y} ${x}" + cp "/mnt/compose/8_metadata/${x}/${y}-modules.yaml" /tmp/modules.yaml + modifyrepo --mdtype=modules /tmp/modules.yaml \ + "${COMPOSE_DIR}/${y}/${x}/os/repodata" \ + --compress --compress-type=gz + + rm /tmp/modules.yaml + sleep 1 + done +done diff --git a/sync/sync-to-prod.sh b/sync/sync-to-prod.sh new file mode 100644 index 0000000..7b5ad1e --- /dev/null +++ b/sync/sync-to-prod.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Syncs everything from staging to production +REVISION=${1} +cd "/mnt/repos-staging/mirror/pub/rocky/${REVISION}" +ret_val=$? +if [ $ret_val -eq "0" ]; then + mkdir -p "/mnt/repos-production/mirror/pub/rocky/${REVISION:0:3}" + sudo -l && find **/* -maxdepth 0 -type d | parallel --will-cite -j 18 sudo rsync -av --chown=10004:10005 --progress --relative --human-readable {} /mnt/repos-production/mirror/pub/rocky/${REVISION:0:3} +else + echo "Failed to change directory" +fi diff --git a/sync/sync-to-staging-sig.sh b/sync/sync-to-staging-sig.sh new file mode 100644 index 0000000..aa7e5d8 --- /dev/null +++ b/sync/sync-to-staging-sig.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# Major Version (eg, 8) +MAJOR=${1} +# Short name (eg, NFV, extras, Rocky, gluster9) +SHORT=${2} +# The directory where we're going to, usually MAJOR.MINOR, sometimes it's MAJOR.MINOR-RCX +REVISION=${3} +# Note, this should be lowercase. eg, storage. +SIG=${4} +cd /mnt/compose/${MAJOR}/latest-${SHORT}-${MAJOR} +ret_val=$? +if [ $ret_val -eq "0" ]; then + mkdir -p /mnt/repos-staging/mirror/pub/rocky/${REVISION}/${SIG} + sudo -l && find **/* -maxdepth 0 -type d | parallel --will-cite -j 18 sudo rsync -av --chown=10004:10005 --progress --relative --human-readable {} /mnt/repos-staging/mirror/pub/rocky/${REVISION}/${SIG} +else + echo "Failed to change directory" +fi diff --git a/sync/sync-to-staging.sh b/sync/sync-to-staging.sh new file mode 100644 index 0000000..45b1466 --- /dev/null +++ b/sync/sync-to-staging.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Major Version (eg, 8) +MAJOR=${1} +# Short name (eg, NFV, extras, Rocky, gluster9) +SHORT=${2} +# The directory where we're going to, usually MAJOR.MINOR, sometimes it's MAJOR.MINOR-RCX +REVISION=${3} +cd /mnt/compose/${MAJOR}/latest-${SHORT}-${MAJOR} +ret_val=$? +if [ $ret_val -eq "0" ]; then + mkdir -p /mnt/repos-staging/mirror/pub/rocky/${REVISION} + sudo -l && find **/* -maxdepth 0 -type d | parallel --will-cite -j 18 sudo rsync -av --chown=10004:10005 --progress --relative --human-readable {} /mnt/repos-staging/mirror/pub/rocky/${REVISION} +else + echo "Failed to change directory" +fi