RedHat-SP-Security · sopos · Dec 5, 2023 · Dec 5, 2023 · Jan 25, 2024 · Jan 25, 2024
diff --git a/Regression/io-log-escapes/main.fmf b/Regression/io-log-escapes/main.fmf
@@ -0,0 +1,28 @@
+description: test loggin of the terminal control characters
+contact: Dalibor Pospíšil <[email protected]>
+test: ./runtest.sh
+require+:
+  - library(distribution/tcf)
+  - library(distribution/Cleanup)
+  - library(distribution/testUser)
+  - url: https://github.com/RedHat-SP-Security/rsyslog-tests.git
+    name: /Library/basic
+    type: library
+link:
+  - verifies: https://issues.redhat.com/browse/RHEL-1505
+  - verifies: https://issues.redhat.com/browse/RHEL-9717
+  - verifies: https://issues.redhat.com/browse/RHEL-21827
+  - verifies: https://issues.redhat.com/browse/RHEL-21829
+  - verifies: https://issues.redhat.com/browse/RHEL-21830
+  - verifies: https://issues.redhat.com/browse/RHEL-21831
+  - verifies: https://issues.redhat.com/browse/RHEL-21832
+  - verifies: https://issues.redhat.com/browse/RHEL-21833
+  - verifies: https://issues.redhat.com/browse/RHEL-21834
+  - verifies: https://issues.redhat.com/browse/RHEL-1506
+  - verifies: https://issues.redhat.com/browse/RHEL-9716
+  - verifies: https://issues.redhat.com/browse/RHEL-21823
+  - verifies: https://issues.redhat.com/browse/RHEL-21824
+  - verifies: https://issues.redhat.com/browse/RHEL-21825
+  - verifies: https://issues.redhat.com/browse/RHEL-21826
+  - verifies: https://issues.redhat.com/browse/RHEL-21827
+  - verifies: https://issues.redhat.com/browse/RHEL-21828
diff --git a/Regression/io-log-escapes/runtest.sh b/Regression/io-log-escapes/runtest.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/sudo/Sanity/io-logging
+#   Description: Test tries several sudoers options stored in ldap. It tries both ways howto get them - native sudo-ldap and sssd.
+#   Author: David Spurek <[email protected]>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2024 Red Hat, Inc.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || :
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+
+rlJournalStart && {
+    rlPhaseStartSetup && {
+        rlRun "rlImport --all" || rlDie 'cannot continue'
+        # Check reqiured packages.
+        rlRun "rlCheckMakefileRequires" || rlDie "cannot continue"
+
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'"
+        CleanupRegister 'rlRun "popd"'
+        rlRun "pushd $TmpDir"
+        CleanupRegister 'rlRun "rsyslogCleanup"'
+        rlRun "rsyslogSetup"
+        CleanupRegister 'rlRun "sudoCleanup"'
+        rlRun "sudoSetup"
+        CleanupRegister 'rlRun "rlFileRestore"'
+        rlRun "rlFileBackup --clean /var/log/sudo.log /var/log/sudo-io/ /etc/nslcd.conf"
+
+        rm -f /var/log/sudo.log
+        rm -rf /var/log/sudo-io
+
+        CleanupRegister 'rlRun "testUserCleanup"'
+        rlRun "testUserSetup"
+
+        rlRun "sudoSwitchProvider files"
+        rlRun "cat /etc/nsswitch.conf"
+        rlRun "sudoAddSudoRule --nowait 'defaults'"
+        exclam='!'
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' '${exclam}authenticate'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' '${exclam}requiretty'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_output'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_input'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'iolog_dir=/var/log/sudo-io'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'logfile=/var/log/sudo.log'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'syslog=authpriv'"
+
+        rlRun "sudoAddSudoRule --nowait 'rule_allow'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'rule_allow' 'sudoHost' 'ALL'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'rule_allow' 'sudoUser' '$testUser'"
+        rlRun "sudoAddOptionToSudoRule --nowait 'rule_allow' 'sudoCommand' 'ALL'"
+        rlRun "cat /etc/sudoers"
+        rsyslogResetLogFilePointer /var/log/secure
+    rlPhaseEnd; }
+
+    rlPhaseStartTest 'sudo format' && {
+        rm -f /var/log/sudo.log
+        rlRun "su - $testUser -c 'cp /bin/ls \"./my ls\"'" 0
+        rlRun "su - $testUser -c 'sudo \"./my ls\"'" 0
+        sleep 3
+        rlRun -s "rsyslogCatLogFileFromPointer /var/log/secure"
+        rlAssertGrep 'my#040ls' $rlRun_LOG
+        rlRun -s "cat /var/log/sudo.log"
+        rlAssertGrep 'my#040ls' $rlRun_LOG
+        rlRun -s "sudoreplay -l"
+        rlAssertGrep 'my#040ls' $rlRun_LOG
+    rlPhaseEnd; }
+
+    rlPhaseStartTest 'json format' && {
+        rlRun "sudoAddOptionToSudoRule --nowait 'defaults' 'sudoOption' 'log_format=json'"
+        rm -f /var/log/sudo.log
+        rlRun "su - $testUser -c 'cp /bin/ls \"./my ls\"'" 0
+        rlRun "su - $testUser -c 'sudo \"./my ls\"'" 0
+        sleep 3
+        rlRun -s "cat /var/log/sudo.log"
+        rlAssertGrep 'my ls' $rlRun_LOG
+        rlRun -s "sudoreplay -l"
+        rlAssertGrep 'my#040ls' $rlRun_LOG
+    rlPhaseEnd; }
+
+    rlPhaseStartCleanup && {
+        CleanupDo
+    rlPhaseEnd; }
+  rlJournalPrintText
+rlJournalEnd; }
diff --git a/main.fmf b/main.fmf
@@ -2,4 +2,7 @@ component:
   - sudo
 require:
   - sudo
+  - url: https://github.com/RedHat-SP-Security/sudo-tests.git
+    name: /Library/common
+    type: library
 framework: beakerlib