Skip to content

Commit c265e9f

Browse files
rgbriggsrgbriggs
committed
tests: add support for sessionID_set user filter.
Signed-off-by: Richard Guy Briggs <[email protected]>
1 parent 13f5d6f commit c265e9f

File tree

1 file changed

+23
-3
lines changed
  • tests/sessionid_filter

1 file changed

+23
-3
lines changed

tests/sessionid_filter/test

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,13 @@ system("auditctl -D >& /dev/null");
2828
UNLINK => 1);
2929
(my $fh_err, my $stderr) = tempfile(TEMPLATE => '/tmp/audit-testsuite-err-XXXX',
3030
UNLINK => 1);
31-
(my $fh_ses, my $sesout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-tmp-XXXX',
31+
(my $fh_out_set, my $stdout_set) = tempfile(TEMPLATE => '/tmp/audit-testsuite-out-set-XXXX',
32+
UNLINK => 1);
33+
(my $fh_err_set, my $stderr_set) = tempfile(TEMPLATE => '/tmp/audit-testsuite-err-set-XXXX',
34+
UNLINK => 1);
35+
(my $fh_ses, my $sesout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-ses-XXXX',
3236
UNLINK => 1);
33-
(my $fh_pid, my $pidout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-tmp-XXXX',
37+
(my $fh_pid, my $pidout) = tempfile(TEMPLATE => '/tmp/audit-testsuite-pid-XXXX',
3438
UNLINK => 1);
3539

3640
###
@@ -47,19 +51,24 @@ chomp($sessionid);
4751
my $key = key_gen();
4852
$result = system("auditctl -a always,exit -F arch=b64 -F path=/tmp/$key -F sessionid=$sessionid -k $key");
4953
ok($result, 0);
54+
$result = system("auditctl -a always,exit -F arch=b64 -F path=/tmp/${key}_set -F sessionid_set=1 -k ${key}_set");
55+
ok($result, 0);
5056

5157
# send the userspace message (NOTE: requires bash)
52-
system("echo \$\$ > $pidout; exec touch /tmp/$key");
58+
system("echo \$\$ > $pidout; exec touch /tmp/$key /tmp/${key}_set");
5359
my $pid = <$fh_pid>;
5460
chomp($pid);
5561

5662
# test for the SYSCALL message
5763
$result = system("ausearch -i -m SYSCALL -sc open -p $pid --session $sessionid -k $key > $stdout 2> $stderr");
5864
ok($result, 0);
65+
$result = system("ausearch -i -m SYSCALL -sc open -p $pid --sessionid_set 1 -k ${key}_set > $stdout_set 2> $stderr_set");
66+
ok($result, 0);
5967

6068
# test if we generate the SYSCALL record correctly
6169
my $line;
6270
my $syscall_msg_match = 0;
71+
my $syscall_msg_match_set = 0;
6372
while ($line = <$fh_out>) {
6473
# test if SYSCALL record matches
6574
if ($line =~ m?^type=SYSCALL ? and
@@ -71,6 +80,17 @@ while ($line = <$fh_out>) {
7180
}
7281
}
7382
ok($syscall_msg_match);
83+
while ($line = <$fh_out_set>) {
84+
# test if SYSCALL record matches
85+
if ($line =~ m?^type=SYSCALL ? and
86+
$line =~ m? pid=$pid ? and
87+
$line =~ m? ses=$sessionid ? and
88+
$line =~ m? key=${key}_set ?) {
89+
$syscall_msg_match_set = 1;
90+
last;
91+
}
92+
}
93+
ok($syscall_msg_match_set);
7494

7595
###
7696
# cleanup

0 commit comments

Comments
 (0)