forked from sosreport/sos
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
- Loading branch information
Showing
10 changed files
with
191 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
# This file is part of the sos project: https://github.com/sosreport/sos | ||
# | ||
# This copyrighted material is made available to anyone wishing to use, | ||
# modify, copy, or redistribute it subject to the terms and conditions of | ||
# version 2 of the GNU General Public License. | ||
# | ||
# See the LICENSE file in the source distribution for further information. | ||
|
||
from sos_tests import StageOneReportTest, StageTwoReportTest | ||
import os | ||
|
||
|
||
class SystemPluginTest(StageOneReportTest): | ||
"""Basic sanity check to make sure common config files are collected | ||
:avocado: tags=stageone | ||
""" | ||
|
||
sos_cmd = '-o system' | ||
|
||
def test_system_files_collected(self): | ||
self.assertFileGlobInArchive("/proc/sys") | ||
if os.path.isdir("/etc/sysconfig"): | ||
self.assertFileGlobInArchive("/etc/sysconfig") | ||
self.assertFileGlobInArchive("/etc/default") | ||
self.assertFileGlobInArchive("/etc/environment") | ||
|
||
def test_system_files_forbidden(self): | ||
self.assertFileGlobNotInArchive("/proc/sys/net/ipv4/route/flush") | ||
self.assertFileGlobNotInArchive("/proc/sys/net/ipv6/route/flush") | ||
self.assertFileGlobNotInArchive("/proc/sys/net/ipv6/neigh/" + | ||
"*/retrans_time") | ||
self.assertFileGlobNotInArchive("/proc/sys/net/ipv6/neigh/" + | ||
"*/base_reachable_time") | ||
self.assertFileGlobNotInArchive("/etc/default/grub.d/" + | ||
"50-curtin-settings.cfg") | ||
|
||
def test_system_cmd_collected(self): | ||
self.assertFileGlobInArchive("ld.so_--help") | ||
self.assertFileGlobInArchive("ld.so_--list-diagnostics") | ||
self.assertFileGlobInArchive("ld.so_--list-tunables") | ||
|
||
|
||
class SystemScrubTest(StageTwoReportTest): | ||
"""Ensure that environment, default and sysconfig are picked up | ||
and properly scrubbed | ||
:avocado: tags=stagetwo,scrub | ||
""" | ||
sos_cmd = '-o system' | ||
files = [ | ||
('../../../tests/test_data/system_test_data', '/etc/environment'), | ||
('../../../tests/test_data/system_test_data', '/etc/default/proxy'), | ||
('../../../tests/test_data/system_test_data', '/etc/default/proxy1'), | ||
('../../../tests/test_data/system_test_data', '/etc/sysconfig/proxy'), | ||
('../../../tests/test_data/system_test_data', '/etc/sysconfig/proxy1'), | ||
] | ||
secrets_list = [ | ||
'foouser', | ||
'somesecretpassword' | ||
] | ||
|
||
def test_system_files_collected(self): | ||
for file in self.files: | ||
if "sysconfig" in file[1] and \ | ||
not os.path.isdir("/etc/sysconfig"): | ||
continue | ||
self.assertFileGlobInArchive(file[1]) | ||
|
||
def test_system_scrub(self): | ||
for file in self.files: | ||
for secret in self.secrets_list: | ||
if "sysconfig" in file[1] and \ | ||
not os.path.isdir("/etc/sysconfig"): | ||
continue | ||
self.assertFileNotHasContent(file[1], secret) | ||
|
||
# vim: set et ts=4 sw=4 : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
# This file is part of the sos project: https://github.com/sosreport/sos | ||
# | ||
# This copyrighted material is made available to anyone wishing to use, | ||
# modify, copy, or redistribute it subject to the terms and conditions of | ||
# version 2 of the GNU General Public License. | ||
# | ||
# See the LICENSE file in the source distribution for further information. | ||
|
||
from sos_tests import StageOneReportTest, StageTwoReportTest | ||
|
||
|
||
class SystemdPluginTest(StageOneReportTest): | ||
"""Basic sanity check to make sure common config files are collected | ||
:avocado: tags=stageone | ||
""" | ||
|
||
sos_cmd = '-o systemd' | ||
|
||
def test_systemd_files_collected(self): | ||
self.assertFileGlobInArchive("/etc/systemd") | ||
self.assertFileGlobInArchive("/lib/systemd/system") | ||
self.assertFileGlobInArchive("/lib/systemd/user") | ||
self.assertFileGlobInArchive("/etc/vconsole.conf") | ||
self.assertFileGlobInArchive("/run/systemd/generator*") | ||
self.assertFileGlobInArchive("/run/systemd/seats") | ||
self.assertFileGlobInArchive("/run/systemd/sessions") | ||
self.assertFileGlobInArchive("/run/systemd/system") | ||
self.assertFileGlobInArchive("/run/systemd/users") | ||
self.assertFileGlobInArchive("/etc/modules-load.d/*.conf") | ||
self.assertFileGlobInArchive("/etc/yum/protected.d/systemd.conf") | ||
self.assertFileGlobInArchive("/etc/tmpfiles.d/*.conf") | ||
self.assertFileGlobInArchive("/run/tmpfiles.d/*.conf") | ||
self.assertFileGlobInArchive("/usr/lib/tmpfiles.d/*.conf") | ||
|
||
def test_systemd_files_forbidden(self): | ||
self.assertFileGlobNotInArchive("/dev/null") | ||
|
||
def test_systemd_cmd_collected(self): | ||
self.assertFileGlobInArchive("journalctl_--list-boots") | ||
self.assertFileGlobInArchive("ls_-alZR_.lib.systemd") | ||
self.assertFileGlobInArchive("resolvectl_statistics") | ||
self.assertFileGlobInArchive("resolvectl_status") | ||
self.assertFileGlobInArchive("systemctl_list-dependencies") | ||
self.assertFileGlobInArchive("systemctl_list-jobs") | ||
self.assertFileGlobInArchive("systemctl_list-machines") | ||
self.assertFileGlobInArchive("systemctl_list-timers_--all") | ||
self.assertFileGlobInArchive("systemctl_list-unit-files") | ||
self.assertFileGlobInArchive("systemctl_list-units") | ||
self.assertFileGlobInArchive("systemctl_list-units_--all") | ||
self.assertFileGlobInArchive("systemctl_list-units_--failed") | ||
self.assertFileGlobInArchive("systemctl_show_--all") | ||
self.assertFileGlobInArchive("systemctl_show-environment") | ||
self.assertFileGlobInArchive("systemctl_show_service_--all") | ||
self.assertFileGlobInArchive("systemctl_status_--all") | ||
self.assertFileGlobInArchive("systemd-analyze") | ||
self.assertFileGlobInArchive("systemd-analyze_blame") | ||
self.assertFileGlobInArchive("systemd-analyze_dump") | ||
self.assertFileGlobInArchive("systemd-analyze_plot.svg") | ||
self.assertFileGlobInArchive("systemd-delta") | ||
self.assertFileGlobInArchive("systemd-inhibit_--list") | ||
self.assertFileGlobInArchive("timedatectl") | ||
|
||
|
||
class SystemdScrubTest(StageTwoReportTest): | ||
"""Ensure that system files are picked up | ||
and properly scrubbed | ||
:avocado: tags=stagetwo,scrub | ||
""" | ||
sos_cmd = '-o systemd' | ||
files = [ | ||
('../../../tests/test_data/system_test_data', '/etc/systemd/system'), | ||
('../../../tests/test_data/system_test_data', '/lib/systemd/system'), | ||
('../../../tests/test_data/system_test_data', '/run/systemd/system'), | ||
] | ||
secrets_list = [ | ||
'foouser', | ||
'somesecretpassword' | ||
] | ||
|
||
def test_systemd_files_collected(self): | ||
for file in self.files: | ||
self.assertFileGlobInArchive(file[1]) | ||
|
||
def test_systemd_scrub(self): | ||
for file in self.files: | ||
for secret in self.secrets_list: | ||
self.assertFileNotHasContent(file[1], secret) | ||
|
||
# vim: set et ts=4 sw=4 : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
HTTP_PROXY=http://foouser:somesecretpassword@proxyurl:8080 | ||
HTTPS_PROXY=https://foouser:somesecretpassword@proxyurl:8080 | ||
http_proxy=http://foouser:somesecretpassword@proxyurl:8080 | ||
https_proxy=https://foouser:somesecretpassword@proxyurl:8080 |