rpms
/
setroubleshoot
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

no-plugin-exception-during-analyses: Test sealert -a ./short.log 

short.log exposes a problem with Plugin Exception in catchall_labels plugin

Covers "'generator' object is not subscriptable" in sealert output:

    $ sealert -a ./short.log
    100% done'generator' object is not subscriptable
    100% done
    found 2 alerts in ./short.log
    ...
This commit is contained in:
Petr Lautrbach 2020-01-11 19:28:15 +01:00
parent 77e7a0320c
commit e4ba63e00b
3 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/Regression/no-plugin-exception-during-analyses/Makefile
View File

@ -29,7 +29,7 @@ export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile
FILES=$(METADATA) runtest.sh Makefile short.log
.PHONY: all install download clean

14
tests/Regression/no-plugin-exception-during-analyses/runtest.sh
View File

@ -51,10 +51,22 @@ rlJournalStart
rlAssertNotGrep "setroubleshoot.*: Plugin Exception " journal-after.txt
[[ $? -eq 0 ]] || STATUS=$?
rlRun "[[ $STATUS -eq 0 ]] || cat journal-after.txt"
rlRun "rm -f journal-after.txt"
rlPhaseEnd
rlPhaseStartTest "no 'Plugin Exception' in short.log"
OUTPUT_FILE=`mktemp`
rlRun "sealert -a ./short.log >& $OUTPUT_FILE"
STATUS=0
rlAssertNotGrep "'generator' object is not subscriptable" $OUTPUT_FILE
[[ $? -eq 0 ]] || STATUS=$?
rlAssertGrep "Plugin catchall_labels" $OUTPUT_FILE
[[ $? -eq 0 ]] || STATUS=$?
rlRun "[[ $STATUS -eq 0 ]] || cat $OUTPUT_FILE"
rlRun "rm -f $OUTPUT_FILE"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm -f journal-after.txt"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

10
tests/Regression/no-plugin-exception-during-analyses/short.log Normal file
View File

@ -0,0 +1,10 @@
type=PROCTITLE msg=audit(1574867531.103:1226): proctitle=2F7573722F7362696E2F6368726F6E7964002D6E002D66002F7661722F72756E2F74696D656D61737465722F6368726F6E792E636F6E66
type=AVC msg=audit(1574867531.516:1227): avc: denied { read } for pid=936 comm="auditd" name="passwd" dev="sda2" ino=25468387 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1228): avc: denied { read } for pid=936 comm="auditd" name="passwd" dev="sda2" ino=25468387 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1229): avc: denied { write } for pid=936 comm="auditd" name="nss" dev="sda2" ino=209156 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file permissive=0
type=AVC msg=audit(1574867531.516:1230): avc: denied { read } for pid=936 comm="auditd" name="group" dev="sda2" ino=25468401 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1231): avc: denied { read } for pid=936 comm="auditd" name="group" dev="sda2" ino=25468401 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1232): avc: denied { write } for pid=936 comm="auditd" name="nss" dev="sda2" ino=209156 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file permissive=0
type=SYSCALL msg=audit(1574867527.549:1163): arch=c000003e syscall=21 success=no exit=-13 a0=7f61e4002460 a1=4 a2=0 a3=0 items=1 ppid=1 pid=1871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="in:imjournal" exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)ARCH=x86_64 SYSCALL=access AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1574867527.549:1163): cwd="/"
type=PATH msg=audit(1574867527.549:1163): item=0 name="/var/lib/rsyslog/imjournal.state" inode=25845859 dev=08:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root"