sysklogd/test/secure.sh

71 lines
1.2 KiB
Bash
Raw Normal View History

#!/bin/sh
# Verify secure_mode changes at runtime w/o having to restart syslogd.
# We want to ensure goint from most secure, to no security, and back,
# works as intended.
#
# shellcheck disable=SC1090
if [ x"${srcdir}" = x ]; then
srcdir=.
fi
. ${srcdir}/lib.sh
MSG="Kilroy was here"
set_secure_mode()
{
cat <<-EOF > "${CONF}"
*.* @127.0.0.2
secure_mode=$1
EOF
if is_running; then
reload
else
setup -m0
fi
sleep 1
}
do_port_check()
{
netstat -atnup | grep "$PORT\|PORT2"
}
check_no_port_open()
{
do_port_check && FAIL "$@"
}
check_port_open()
{
do_port_check || FAIL "$@"
}
check_remote_logging()
{
cap_start
logger "$MSG"
cap_stop
cap_find "$MSG" || FAIL "Cannot find: $MSG"
}
print "Secure mode 2 - no remote no ports"
set_secure_mode 2
check_no_port_open "Secure mode 2, yet ports are opened!"
print "Secure mode 1 - remote but no ports"
set_secure_mode 1
check_no_port_open "Secure mode 1, yet ports are opened!"
check_remote_logging
print "Secure mode 0 - remote and open ports"
set_secure_mode 0
check_remote_logging "Secure mode 0, but no ports open!"
check_port_open
print "Secure mode 1 - remote but no ports"
set_secure_mode 1
check_no_port_open "Secure mode 1, yet ports are opened!"
check_remote_logging
OK