- name: /Downstream_audit_tests/Sanity/account-lifecycle summary: Verify user account lifecycle auditing implementation description: | There is a specification for User and Group Account Lifecycle auditing [1], this test verifies that the specification is implemented correctly. [1] https://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt contact: - aborah@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1294663 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1225560 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1700761 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1624764 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - TIPfail - TIPfail_Security - Tier1 - Tier1security tier: '1' component: - audit - shadow-utils test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/account-lifecycle framework: beakerlib manual: false tty: false require: - audit recommend: - policycoreutils-python-utils - audispd-plugins - shadow-utils - audit - expect - policycoreutils-python environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: &id001 [] check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 1 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/account-lifecycle/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ambient-capabilities summary: Test for ambient capabilities description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1165316 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier1 - Tier1security - kernel tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/ambient-capabilities framework: beakerlib manual: false tty: false require: - audit recommend: - libgcc.s390 - glibc-devel.s390 - audispd-plugins - libcap-ng-devel - audit - gcc - glibc-devel.ppc - libgcc.ppc - glibc-devel - glibc-devel.i686 - kernel - libgcc.i686 - libgcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 2 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ambient-capabilities/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audisp-syslog-plugin summary: Sanity of syslog audisp plugin description: |+ Test for syslog facility selection for audispd syslog plugin. Added ability for audispd syslog plugin to choose facility local0-7 For the new feature allowing audisp-syslog plugin copy events to facility local0-7, you would edit /etc/audisp/plugins.d/syslog.conf so that its active. You would also add a second option to the args line for whichever facility you intended. You also might want to edit rsyslog's configuration to put anything logged with the local facility into a specific file for ease of testing. Then restart the audit daemon and then look in the file rsyslog is sending it to. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1241634 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1002660 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1919878 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=667536 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1497279 id: tag: - CI-Tier-1 - TIPpass - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit - rsyslog test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audisp-syslog-plugin framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audispd-plugins - audit - rsyslog environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 3 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audisp-syslog-plugin/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audit-configuration summary: Test for audit configuration description: | This test verifies that audit configuration in kernel works as expected, ie. changes made are effective and all changes are correctly reported. The list of test items is as follows: * Default rules and default audit state * Adding rule * Removing rule * Changing backlog size * Setting failure flag * Setting rate limit * Trimming * Setting enabled flag (requires restart) * Making login uids unchangeable (requires restart) Added notier tag because our tiers are using workaround breaking this test. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1924561 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1655270 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1399823 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - TierCandidatesPASS - fedora-wanted - kernel - notier tier: component: - audit - kernel test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audit-configuration framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit - expect environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 4 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audit-configuration/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audit-log-update summary: Automatic update of testing audit logs description: | For testing purposes we maintain a set of sample audit logs. We want to have as much types of events as possible. Many types of events are hard to trigger and some even represent various anomalies. This test checks if actual audit log on a system executing this test has some types of events missing in the current version of sample audit log. If so, log is extended. contact: - Ondrej Moris enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - TIPpass - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audit-log-update framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - wget - audit - s-nail - mailx environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 5 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audit-log-update/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audit-rules-built-from-directory summary: Audit rules are built from directory description: | Bug summary: FutureFeature: Audit rules are built from a directory of rule files Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=967238 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=967238 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1065067 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1142989 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1478311 id: tag: - CI-Tier-1 - NoRHEL3 - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audit-rules-built-from-directory framework: beakerlib manual: false tty: false require: - audit recommend: - rpm-build - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 6 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audit-rules-built-from-directory/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audit-rules-smoke summary: Smoke test for audit.rules description: |2 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1089713 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1414812 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=658630 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1080391 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1103850 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1316444 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=977779 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1155061 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1396792 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1150202 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=916607 id: tag: - TIPfail_Security - TIPpass - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audit-rules-smoke framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 7 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audit-rules-smoke/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audit-testsuite summary: Execute audit-testsuite description: |- This test executes audit-testsuite. By default, test download upstream audit-testsuite from github [1] and execute all tests. Optionally, you can specify the following test parameters: * TESTS - set of tests to be executed, * GIT_URL - URL to alternative git repository (eg. fork from the upstream), * GIT_BRANCH - checkout specific branch for test execution, useful for downstream tests and tests not yet merged into master branch. * DEBUG - execute debugging shell after tests execution (for manual execution only) [1] https://github.com/linux-audit/audit-testsuite contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1426659 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382500 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382499 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382504 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382508 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1410862 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1155608 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1846972 id: tag: - CI-Tier-1 - NoFIPS - NoRHEL4 - NoRHEL5 - TIPpass - TIPpass_Security - Tier1 - Tier1security - kernel - rhel9-buildroot tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audit-testsuite framework: beakerlib manual: false tty: false require: - audit recommend: - libgcc.s390 - glibc-devel.s390 - gettext-devel - gcc - glibc-devel - perl-Test-Harness - perl - git - libgcc.ppc - glibc-devel.i686 - perl-File-Which - kernel - libgcc.i686 - audispd-plugins - expect - libgcc - perl-Test - perl-Time-HiRes - audit - iproute - glibc-devel.ppc - nmap-ncat - libtool environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 8 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audit-testsuite/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/audit-updates-rhel53 summary: Functionality tests for audit packages that have been updated to the newer upstream version 1.7.7 description: | Test Name: audit-updates-rhel53 - Bugzilla(s) 446080 Author: Eduard Benes Location: /CoreOS/audit/Sanity/audit-updates-rhel53 Short Description: Functionality tests for audit packages that have been updated to the newer upstream version 1.7.7 Long Description: See errata RHEA-2009:8168 for detailed description and expected results. Selected parts of how to test section provided by Steve Grubb: * New ausyscall program added for cross referencing syscall name and number info Not much to tell about this one. Just play with it and see if it breaks. ausyscall x86_64 dup should find 3 different dupes ausyscall x86_64 dup --exact should find one ausyscall x86_64 --dump should dump the whole syscall table * aureport now has a report about keys it sees in audit events This should be tested in the multiple key thing above. The --summary report should give totals for different keys. Otherwise it just pulls out each one. * The rule: -a always,user -S open -F filetype=file should not be legal. The older libs would allow it. * The rule: -a always,user -S open -F ppid=1 Should not be legal. The older libs would allow it. * The rule: -a always,exit -S open -F dir=/etc -k test Should be legal. The older version would see it as an error. * if you have /etc/audit/auditd.conf log_group=wheel (or anything other than root) and you have a rule like: -a always,exit -S open -F exit=-EPERM -k access you will get an audit record generated with a key of access against the dispatcher just by running aureport --start today. You should not get that generated. You will need to have wheel group access to /var/log/audit/audit* and /etc/audit/auditd.conf fixed in order to test this. * "aureport --start today PM" should produce an error. It did not previously. * ausearch interpretation of i386 syscalls on an x86_64 computer gave the wrong results. Use this audit event for testing on an x86_64 machine: type=SYSCALL msg=audit(1224864719.162:10038): arch=40000003 syscall=102 success=yes exit=5 a0=a a1=bfcc1f80 a2=25b0c4 a3=0 items=0 ppid=1 pid=11761 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="prelude-manager" exe="/usr/bin/prelude-manager" subj=system_u:system_r:prelude_t:s0-s15:c0.c1023 key=(null) should be a socketcall(recv) when "cat file | ausearch -i" is used. contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=446080 id: tag: - CI-Tier-1 - NoRHEL4 - TIPpass - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/audit-updates-rhel53 framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audit-libs-devel - procps-ng - audit - audit-libs environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 9 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/audit-updates-rhel53/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/auditctl-rules-allow-a0-a3-to-be-negative-numbers summary: auditctl rules allow a0-a3 to be negative numbers description: '' contact: - omoris@redhat.com enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/auditctl-rules-allow-a0-a3-to-be-negative-numbers framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 10 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/auditctl-rules-allow-a0-a3-to-be-negative-numbers/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/auditctl-smoke summary: Smoke test for auditctl description: '' contact: - omoris@redhat.com enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - NoRHEL4 - TIPfail - TIPfail_Security - Tier1 - Tier1security - kernel tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/auditctl-smoke framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit - rsyslog environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 11 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/auditctl-smoke/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/aulast-smoke summary: Sanity test for aulast description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=922508 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1127312 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=975796 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1019376 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1158521 id: tag: - CI-Tier-1 - NoRHEL5 - TIPfail_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/aulast-smoke framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - openssh-server - openssh - audit - expect - openssh-clients environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 12 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/aulast-smoke/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/aureport-smoke summary: Test sanity of aureport description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1448526 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=700098 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1019385 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1003816 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1460110 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=985971 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1511606 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier3 - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/aureport-smoke framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 10m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 13 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/aureport-smoke/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ausearch-checkpoint summary: Sanity test for ausearch checkpoint feature description: | Sanity test for ausearch options --checkpoint. contact: - Ondrej Moris enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - NoRHEL6 - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/ausearch-checkpoint framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 14 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ausearch-checkpoint/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ausearch-eoe-timeout summary: Sanity test for ausearch end_of_event_timeout (rhbz#1921658) description: '' contact: - Martin Zelený enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1921658 id: tag: - CI-Tier-1 - NoRHEL6 - NoRHEL7 - Tier2 tier: '2' component: - audit test: ./test.sh path: /Downstream_audit_tests/tests/Sanity/ausearch-eoe-timeout framework: beakerlib manual: false tty: false require: - audit recommend: - diffutils - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 15 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ausearch-eoe-timeout/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ausearch-expression summary: Sanity test for ausearch expression API description: |- Audit lib provides the following function in API for auparse: * int ausearch_add_expression(auparse_state_t *au, const char *expression, char **error, ausearch_rule_t how); This is a sanity test for this function. Currently only the supported fields are virtual ones and *uid and *gid. We are testing the following * logical operators !, && and ||; * comparison operators <, <=, ==, >, >=, !==, i=, i!=, r= and r!=; * virtual fields \timestamp, \timestamp_ex and \record_type; * actual fields: *uid and *gid. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1399314 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/ausearch-expression framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - audispd-plugins - audit - gcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 16 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ausearch-expression/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ausearch-localtime summary: Test that ausearch correctly parse local time description: | This test verifies that ausearch works correctly with locales. There is a list of locales which * cannot be fixed at the moment (exceptions) and * are broken in glibc because of BZ#1322292 and BZ#1322585 (exceptions). contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1286633 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1271669 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/ausearch-localtime framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 10m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 17 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ausearch-localtime/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ausearch-smoke summary: Sanity test for ausearch description: | Uses ausearch-test [1] provided by Steve Grubb. [1] http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1049916 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=967240 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1260873 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1065067 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1142989 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1186158 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1169461 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1120286 id: tag: - CI-Tier-1 - NoRHEL6 - TIPpass - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/ausearch-smoke framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - audispd-plugins - wget - audit - gcc - sharutils - rpm-build - gzip environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 18 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ausearch-smoke/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/autrace-basic-functionality summary: Test autrace for basic functionality description: | CVS: http://cvs.devel.redhat.com/cgi-bin/cvsweb.cgi/tests/audit/Sanity/autrace-basic-functionality/ contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1358775 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1185892 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=700005 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=702279 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=697463 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1172624 id: tag: - CI-Tier-1 - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/autrace-basic-functionality framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 19 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/autrace-basic-functionality/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/bz1906065-audisp-remote-unavailable-location summary: Test audisp when remote location is unavailable description: '' contact: - Martin Zelený enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1906065 id: tag: - Tier3 tier: '3' component: - audit test: ./test.sh path: /Downstream_audit_tests/tests/Sanity/bz1906065-audisp-remote-unavailable-location framework: beakerlib manual: false tty: false require: - audit recommend: - procps-ng - audispd-plugins - audit - nmap-ncat environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 10m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 20 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/bz1906065-audisp-remote-unavailable-location/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/bz1985630-audit-shipped-rules summary: Test audit shipped sample rules description: | Bug summary: Shipped /usr/share/audit/sample-rules/ *.rules cannot be used on all supported architectures Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1985630 contact: - Martin Zelený enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1985630 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - NoRHEL7 tier: component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/bz1985630-audit-shipped-rules framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 1h result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 21 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/bz1985630-audit-shipped-rules/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/check-auvirt-options-listing summary: check option listing in auvirt --help description: |+ Bug summary: auvirt --help shows an incorrect option "--show--uuid" Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1129076 Check for the present of specific options in "auvirt --help" contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1129076 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/check-auvirt-options-listing framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 2m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 22 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/check-auvirt-options-listing/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/dns-reverse-lookup summary: Empty addr parameter to audit logging function should cause to bypass reverse dns lookup. description: | Test Name: dns-reverse-lookup Author: Eduard Benes Location: /CoreOS/audit/Sanity/dns-reverse-lookup Short Description: Empty addr parameter to audit logging function should cause to bypass reverse dns lookup. Long Description: If the addr parameter being passed to an audit logging function (such as audit_log_user_message) is "", it should bypass a reverse dns lookup. This can be verified by stracing this program: #include int main(void) { int fd = audit_open(); audit_log_user_message(fd, AUDIT_USER_AUTH, "", NULL, "", NULL, 1); return 0; } Stracing this program will give much more than ~40 lines of output if dns reverse lookup has been performed. Number around 40 is acceptable. contact: - omoris@redhat.com enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - NoRHEL3 - NoRHEL4 - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/dns-reverse-lookup framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - audispd-plugins - audit - gcc - strace - audit-libs environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 23 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/dns-reverse-lookup/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/fanotify summary: Test for fanotify event description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1451872 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - Tier1 - Tier1security - kernel tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/fanotify framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - kernel - audit - glibc-devel.ppc64 - gcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 24 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/fanotify/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/filter summary: Test for audit filter (auditctl -F) description: | Sanity test for audit filter - auditctl "-F" option. At the moment the following filter are covered by the test: * -F pid/exe (RHEL-7.3) * -F saddr_fam (RHEL-7.7) contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1715852 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1135565 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1715679 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier1 - Tier1security - kernel tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/filter framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - nc - audit - gcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 25 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/filter/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/flush summary: Smoke test for flush config option description: | Smoke testing that flush option setting works as expected. Valid values are none, incremental, incremental_async, data, and sync. * none - no special effort is made to flush the audit records to disk. * incremental - the freq parameter is used to determine how often an explicit flush to disk is issued. * incremental_async - very much like incremental except the flushing is done asynchronously for higher performance. * data - tells the audit daemon to keep the data portion of the disk file sync’d at all times. * sync - tells the audit daemon to keep both the data and meta-data fully sync’d with every write to disk. This is not a reliable way to test flush option thoroughly, it only test very basic sanity. In general, testing flush/freq options automatically and reliably via black-box testing is non-trivial. We can only test very basic sanity scenarios as follows: * flush=none - data are in the log at least when auditd is restarted * flush=incremental, freq=x - after x messages, data are in the log * flush=incremental_async, freq=x - after x messages, data are in the log * flush=data - data are in the log immediately * flush=sync - data are in the log immediately Without performance testing, we cannot distinguish between incremental and incremental_async strategy. We also cannot distinguish between data and sync without syscall "tracing". contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1459065 id: tag: - TIPfail_Security - fedora-wanted - NoTier tier: component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/flush framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audit - bc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 26 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/flush/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/initscript summary: Make sure audit complies to guidelines for SysV-style Initscripts. description: '' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=982112 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=539460 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1247556 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=901533 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=996190 id: tag: - RHEL6 - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/initscript framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 27 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/initscript/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/internal-state-dump summary: Smoke test for dump of internal state description: | Since 2.8.4-1 audit support dumping internal state. Sending SIGCONT signal to auditd makes it to dump its internal state into /var/run/auditd.state file. This test checks that dump is created and correct. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1504251 id: tag: - NoRHEL6 - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/internal-state-dump framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit - rsyslog environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 28 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/internal-state-dump/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/multikey summary: Smoke test for multikey support (added in 2.6.6) description: | Since 2.6.6 audit support multiple keys for audit events. You can create audit rules with more than one keys and you can also search logs using more than one key. This test covers both cases. Please notice that in ausearch, multiple key parameters mean logical AND. contact: - Ondrej Moris enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/multikey framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 29 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/multikey/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/normalizer summary: Sanity of normalizer description: '' contact: - Ondrej Moris enabled: true order: 50 link: [] id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - NoTier tier: component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/normalizer framework: beakerlib manual: false tty: false require: - audit recommend: - mailx - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 30 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/normalizer/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/options-log-format summary: Sanity of log_format option of auditd description: |+ Test that log_format options of auditd works as expected. The log_format describes how the information should be stored on disk. There are 2 options and 1 depreated: * NOLOG - deprecated, if you are setting this format, now you should set the write_logs option to no; * RAW - the audit records will be stored in a format exactly as the kernel sends it (default); * ENRICHED - will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1414812 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1406525 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382397 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1127343 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/options-log-format framework: beakerlib manual: false tty: false require: - audit recommend: - vim-common - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 31 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/options-log-format/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/options-max-log-file summary: Sanity of max_log_file* options of auditd description: |+ Test that max_log_file, max_log_file_action and num_logs options of auditd work as expected. The log_format describes how the information should be stored on disk. There are 2 options and 1 depreated: * NOLOG - deprecated, if you are setting this format, now you should set the write_logs option to no; * RAW - the audit records will be stored in a format exactly as the kernel sends it (default); * ENRICHED - will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1672287 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail_Security - Tier2 - fedora-wanted tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/options-max-log-file framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 60m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 32 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/options-max-log-file/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/options-space-left summary: Sanity of admin_space_left and space_left description: | Test that admin_space_left and space_left options work correctly using default actions SYSLOG and SUSPEND. Also test that both values can be specified as percentage. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=529851 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=830780 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1478311 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/options-space-left framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - rsyslog - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 10m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 33 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/options-space-left/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/options-verify-email summary: Sanity of verify_email option of auditd description: |- Test that verify_email option of auditd work as expected. verify_email This option determines if the email address given in action_mail_acct is checked to see if the domain name can be resolved. This option must be given before action_mail_acct or the default value of yes will be used. Test also verifies that e-mail verification works. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1406887 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier1 - Tier1security - TierCandidatesPASS tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/options-verify-email framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 34 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/options-verify-email/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/options-write-logs summary: Sanity of write_logs options of auditd description: | Test that write_logs option of auditd work as expected. The write_log options determines whether or not to write logs to the disk: * yes - log to disk; * no - do not log to disk. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1414812 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/options-write-logs framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 35 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/options-write-logs/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/ospp summary: Test sanity of OSPP rules description: | Test sanity of OSPP rules. 1. Syntax ------ First, we test that when all OSPP rules are loaded from all files (after split from from a single file in RHEL-8.2) they are loaded correctly and in expected order. 2. Semantics --------- TODO contact: - Ondrej Moris enabled: true order: 50 link: [] id: tag: - TIPfail_Security - Tier2 tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/ospp framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 36 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/ospp/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/packaged-rules-files summary: Test sanity of packaged rules files description: | Audit package comes with a set of audit rules files. This test verifies that a) each of these files can be loaded into kernel and b) all rules from each file were loaded correctly. Please notice that automatic verification of (b) is a non-trivial problem and hence there is a list of exceptions - rules which are loaded correctly, but it cannot be easily checked. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1462178 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1421416 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1767054 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1404093 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - TIPpass_Security - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/packaged-rules-files framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - aide - audit - stunnel - libreswan - cups - selinux-policy-mls - Network-Manager environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 37 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/packaged-rules-files/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/permissions summary: Test for permissions of files related to audit description: |+ Attributes: * owner * group * permissions * selinux context Objects: * Directories: * /etc/audit/ * /etc/audit/rules.d/ * /var/log/audit/ * Files: * /etc/audit/auditd.conf * /etc/audit/audit.rules * /var/log/audit/audit.log * /var/log/audit/audit.log.* (rotated logs) Expected Values: In general we expect root for both user and group ownership for all objects. The only exception is when log_group is set non-root in audit.conf, then /var/log/audit and all audit.log files should be owned by that particular group. Log files in /var/log/audit are writable by root only, rotated logs are not writable. Detailed expected values can be found in tables below: User : root Group : root Context : system_u:object_r:auditd_etc_t:s0 Permissions: - /etc/audit/ 0750 - /etc/audit/rules.d/ 0750 - /etc/audit/auditd.conf 0640 - /etc/audit/audit.rules 0640 User : root Group : root/log_group Context : system_u:object_r:auditd_log_t:s0 Permissions: - /var/log/audit/ 0700/0750 - /var/log/audit/audit.log 0600/0640 - /var/log/audit/audit.log.* 0400/0440 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1362582 id: tag: - CI-Tier-1 - NoRHEL4 - Tier1 - Tier1security tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/permissions framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 38 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/permissions/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/selftest summary: Test executes audit selftest description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2116867 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1639745 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2098169 id: tag: - NoRHEL3 - NoRHEL4 - NoRHEL5 - TIPpass - TIPpass_Security - Tier1 - Tier1security - audit-flaky-test - rhel-buildroot tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/selftest framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - audispd-plugins - openldap-devel - libcap-ng-devel - python-devel - autoconf - libtool - go-toolset-7-golang - audit - golang - rpm-build - python3-devel - krb5-devel - python2-devel - swig - tcp_wrappers-devel - automake environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 39 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/selftest/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/syscalls-smoke summary: Sanity test for auditing specific syscalls description: | Test auditing for specific syscalls. Any change in audit regarding syscalls auditing might be put into this test. Currently it contains the following: * mq_open (BZ#955749) contact: - Ondrej Moris enabled: true order: 50 link: [] id: tag: - CI-Tier-1 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - Tier1 - Tier1security - kernel tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/syscalls-smoke framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audit - gcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 40 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/syscalls-smoke/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Sanity/system-lifecycle summary: Verify system lifecycle auditing implementation description: | There is a specification for System Lifecycle auditing [1], this test verifies that the specification is implemented correctly. [1] https://github.com/linux-audit/audit-documentation/wiki/SPEC-System-Lifecycle-Events contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1779627 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1779636 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - Tier1 tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Sanity/system-lifecycle framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 41 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/system-lifecycle/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/aulast-segfault-on-foreign-uids summary: There was a crash in aulast when auid is foreign to the system. description: '' contact: - omoris@redhat.com enabled: true order: 50 link: [] id: tag: - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/aulast-segfault-on-foreign-uids framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 42 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/aulast-segfault-on-foreign-uids/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/auparse-missing-information-when-used-with-format-text summary: Check that auparse does not miss information when used with --format-text description: '' contact: - Martin Zelený enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2061726 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2061731 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2062612 id: tag: - CI-Tier-1 - NoRHEL6 - NoRHEL7 - Tier1 tier: '1' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/auparse-missing-information-when-used-with-format-text framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 43 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/auparse-missing-information-when-used-with-format-text/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1019898-audit-auditd-calling-audit-log-start-causes-hang summary: Test for BZ#1019898 (audit auditd calling audit_log_start causes hang) description: | Bug summary: audit: auditd calling audit_log_start causes hang Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1019898 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1019898 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1997129 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1019895 id: tag: - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1019898-audit-auditd-calling-audit-log-start-causes-hang framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 44 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1019898-audit-auditd-calling-audit-log-start-causes-hang/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1053424-Error-in-auparse-defs-h-audit-libs-devel-package summary: Test for BZ#1053424 (Error in auparse-defs.h (audit-libs-devel package)) description: | Bug summary: Error in auparse-defs.h (audit-libs-devel package) Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1053424 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1053424 id: tag: - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1053424-Error-in-auparse-defs-h-audit-libs-devel-package framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - glibc-devel.s390 - audispd-plugins - glibc-devel.ppc64 - audit - glibc-devel - glibc-devel.i686 - gcc-c++ environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 45 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1053424-Error-in-auparse-defs-h-audit-libs-devel-package/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1053600-Systemd-is-not-sending-AUDIT-SYSTEM-SHUTDOWN summary: Test for BZ#1053600 (Systemd is not sending AUDIT_SYSTEM_SHUTDOWN) description: |- Bug summary: Systemd is not sending AUDIT_SYSTEM_SHUTDOWN events Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1053600 This test is destructive because it needs to reboot the machine which might be risky in general. contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1053600 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1421968 id: tag: - NoRHEL6 - NoRHEL7 - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1053600-Systemd-is-not-sending-AUDIT-SYSTEM-SHUTDOWN framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 46 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1053600-Systemd-is-not-sending-AUDIT-SYSTEM-SHUTDOWN/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1071580-bz1235457 summary: Test for BZ#1071580 and BZ#1235457 description: | Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1071580 Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1235457 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1071580 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1235457 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1320161 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1105150 id: tag: - RHEL6 - RHEL7 - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1071580-bz1235457 framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 47 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1071580-bz1235457/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1073063-seccomp-syscall-name-translation summary: checks format of audit messages with type=SECCOMP description: '' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1073063 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1053921 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1438997 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - Tier2 - Tier2security - rhel8-buildroot tier: '2' component: - audit - kernel - gcc test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1073063-seccomp-syscall-name-translation framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - libseccomp-devel - audit - libseccomp - gcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 48 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1073063-seccomp-syscall-name-translation/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1075155-kernel-AUDIT-LOGIN-event-is-missing-subject-label summary: Test for BZ#1075155 (kernel AUDIT_LOGIN event is missing subject label) description: | Bug summary: kernel AUDIT_LOGIN event is missing subject label Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1075155 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1075155 id: tag: - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1075155-kernel-AUDIT-LOGIN-event-is-missing-subject-label framework: beakerlib manual: false tty: false require: - audit recommend: - expect - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 49 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1075155-kernel-AUDIT-LOGIN-event-is-missing-subject-label/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1155208-BUG-Audit-subsystem-not-resolving-path-name-on summary: Test for BZ#1155208 (BUG Audit subsystem not resolving path name on) description: | Bug summary: BUG: Audit subsystem not resolving path name on directory watches Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1155208 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1155208 id: tag: - TIPfail_Security - TIPpass - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1155208-BUG-Audit-subsystem-not-resolving-path-name-on framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - nc - kernel - audit - expect environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 50 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1155208-BUG-Audit-subsystem-not-resolving-path-name-on/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1155221-adjust-fstatat-naming-to-match-kernel-uapi summary: uses ausyscall to check for fstatat names description: '' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1155221 id: tag: - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1155221-adjust-fstatat-naming-to-match-kernel-uapi framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 1m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 51 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1155221-adjust-fstatat-naming-to-match-kernel-uapi/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1180675-ppc64le-rules-with-F-arch-ppc64le-fail-to-load summary: Test for BZ#1180675 (ppc64le rules with "-F arch=ppc64le" fail to load) description: | Bug summary: ppc64le: rules with "-F arch=ppc64le" fail to load Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1180675 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1180675 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1186313 id: tag: - NoRHEL4 - NoRHEL5 - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1180675-ppc64le-rules-with-F-arch-ppc64le-fail-to-load framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 52 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1180675-ppc64le-rules-with-F-arch-ppc64le-fail-to-load/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1206516-auditctl-segfaults-with-incorrect-parameters summary: Test for BZ#1206516 (auditctl segfaults with incorrect parameters) description: | Bug summary: auditctl segfaults with incorrect parameters Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1206516 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1206516 id: tag: - NoRHEL4 - NoRHEL5 - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1206516-auditctl-segfaults-with-incorrect-parameters framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 2m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 53 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1206516-auditctl-segfaults-with-incorrect-parameters/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1249813 summary: Test for BZ#1249813 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1249813 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier2security - Tier3 - fedora-wanted - kernel tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1249813 framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 54 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1249813/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1281545-aureport-not-working-with-timezones summary: Test for BZ#1281545 (aureport not working with timezones) description: | Bug summary: aureport not working with timezones Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1281545 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1281545 id: tag: - NoRHEL4 - NoRHEL5 - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1281545-aureport-not-working-with-timezones framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 55 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1281545-aureport-not-working-with-timezones/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1305103 summary: Regression test for BZ#1305103 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1305103 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier2 - Tier2security - TierCandidatesPASS - kernel tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1305103 framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 56 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1305103/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1367703 summary: Test for BZ#1367703 description: | Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1367703 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1367703 id: tag: - NoRHEL4 - NoRHEL5 - TIPfail_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1367703 framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 57 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1367703/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1379453 summary: Test for BZ#1379453 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1379453 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail_Security - Tier2 - Tier2security - kernel tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1379453 framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - glibc-devel.s390 - audispd-plugins - libgcc.s390 - glibc-devel.ppc64 - glibc-devel.x86_64 - audit - gcc - glibc-devel.ppc - libgcc.ppc - glibc-devel.i686 - libgcc.i686 - libgcc environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 58 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1379453/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1406525 summary: Test for BZ#1406525 description: | Bug summary: ausearch with '--raw' parameter outputs garbage character Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1406525 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1406525 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1437626 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass - TIPpass_Security - Tier2 - Tier2security - TierCandidatesPASS tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1406525 framework: beakerlib manual: false tty: false require: - git-core - rpm - curl recommend: - policycoreutils-python-utils - yum-utils - python3 - setools-console - sqlite - audit - /usr/sbin/semanage - expect - setools - policycoreutils - library(distribution/epel-internal) - policycoreutils-python - selinux-policy-devel environment: AVC_ERROR: +no_avc_check TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 59 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1406525/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1437626 summary: Test for BZ#1437626 description: | Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1437626 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1437626 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1437626 framework: beakerlib manual: false tty: false require: - audit recommend: - platform-python - audispd-plugins - audit - python environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 60 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1437626/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1455598-Default-port-is-wrong-in-audisp-remote-conf summary: Test for BZ#1455598 (Default port is wrong in audisp-remote.conf) description: | Bug summary: Default port is wrong in audisp-remote.conf Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1455598 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1455598 id: tag: - NoRHEL4 - NoRHEL5 - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1455598-Default-port-is-wrong-in-audisp-remote-conf framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 61 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1455598-Default-port-is-wrong-in-audisp-remote-conf/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1462178-BUG-audit-rule-architecture-incorrectly-changed summary: Test for BZ#1462178 (BUG audit rule architecture incorrectly changed) description: | Bug summary: BUG: audit rule architecture incorrectly changed from b32 to b64 on ppc64le Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1462178 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1462178 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - Tier3 - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1462178-BUG-audit-rule-architecture-incorrectly-changed framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 62 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1462178-BUG-audit-rule-architecture-incorrectly-changed/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1465558 summary: Test for BZ#1465558 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1465558 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - TIPpass_Security - Tier2 - Tier2security - kernel tier: '2' component: - audit - kernel test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1465558 framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 63 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1465558/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1465614 summary: Test for BZ#1465614 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1465614 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - TIPpass_Security - Tier2 - Tier2security - TierCandidatesPASS - kernel tier: '2' component: - audit - kernel test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1465614 framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit - sudo environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 64 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1465614/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1465626 summary: Test for BZ#1465626 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1465626 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier2 - Tier2security - TierCandidatesPASS - kernel tier: '2' component: - audit - kernel test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1465626 framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit - sudo environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 65 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1465626/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1475998-python-audit-crash-if-when-using summary: Test for BZ#1475998 (python audit crash if when using) description: | Bug summary: python audit crash if when using AUSOURCE_FILE_POINTER Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1475998 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1475998 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1475998-python-audit-crash-if-when-using framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit - audit-libs-python - python36 - python3-audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 66 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1475998-python-audit-crash-if-when-using/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1478533-RFE-Cleanup-audit-s-NETFILTER-CFG-event summary: Test for BZ#1478533 (RFE Cleanup audit's NETFILTER_CFG event) description: | Bug summary: RFE: Cleanup audit's NETFILTER_CFG event Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1478533 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1478533 id: tag: - TIPpass - Tier3 - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1478533-RFE-Cleanup-audit-s-NETFILTER-CFG-event framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - autoconf - audit - gcc - git - libtool - make - automake environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 67 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1478533-RFE-Cleanup-audit-s-NETFILTER-CFG-event/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1482121-python-audit-crash-due-to-dereferencing-NULL summary: Test for BZ#1482121 (python audit crash due to dereferencing NULL) description: | Bug summary: python audit crash due to dereferencing NULL auparse_state_t le field. Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1482121 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1482121 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1482121-python-audit-crash-due-to-dereferencing-NULL framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-python - audispd-plugins - audit - python3-audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 68 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1482121-python-audit-crash-due-to-dereferencing-NULL/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1487352 summary: Test for BZ#1487352 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1487352 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1966454 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - TIPpass_Security - Tier3 - Tier3security - TierCandidatesPASS - audit-flaky-test - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1487352 framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit - grubby environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 69 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1487352/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1488822 summary: Test for BZ#1488822 description: '' contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1488822 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier2 - Tier2security - kernel tier: '2' component: - audit - kernel test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1488822 framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 70 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1488822/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1508965-Need-to-rebuild-rpm-in-order-to-remove-static summary: Test for BZ#1508965 (Need to rebuild rpm in order to remove static) description: | Bug summary: Need to rebuild rpm in order to remove static relocations not known to older linkers Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1508965 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1508965 id: tag: - NoRHEL4 - NoRHEL5 - Tier2 - Tier2security - fedora-wanted tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1508965-Need-to-rebuild-rpm-in-order-to-remove-static framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit - audit-libs-static environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 71 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1508965-Need-to-rebuild-rpm-in-order-to-remove-static/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1540507-ausearch-i-prints-0x0x-if-ioctlcmd-is-part-of summary: Test for BZ#1540507 (ausearch -i prints 0x0x if ioctlcmd= is part of) description: | Bug summary: ausearch -i prints 0x0x if ioctlcmd= is part of the audit event Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1540507 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1540507 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier2 - Tier2security - TierCandidatesPASS tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1540507-ausearch-i-prints-0x0x-if-ioctlcmd-is-part-of framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 72 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1540507-ausearch-i-prints-0x0x-if-ioctlcmd-is-part-of/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1573889-auditd-busy-loop-in-rotate-logs-with-num-logs summary: Test for BZ#1573889 (auditd busy loop in rotate_logs() with num_logs <) description: | Bug summary: auditd busy loop in rotate_logs() with num_logs < 2 and max_log_size_action != SZ_ROTATE Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1573889 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1573889 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1573889-auditd-busy-loop-in-rotate-logs-with-num-logs framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit - strace environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 73 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1573889-auditd-busy-loop-in-rotate-logs-with-num-logs/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1625156-audisp-remote-does-not-connect-when-remote-ending summary: Test for BZ#1625156 (audisp-remote does not connect when remote ending) description: | Bug summary: audisp-remote does not connect when remote ending action is not set to 'reconnect' Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625156 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1625156 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier3 - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1625156-audisp-remote-does-not-connect-when-remote-ending framework: beakerlib manual: false tty: false require: - library(audit/testing) recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 74 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1625156-audisp-remote-does-not-connect-when-remote-ending/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1642315-renameat2-does-not-generate-any-audit-events-for summary: Test for BZ#1642315 (renameat2() does not generate any audit events for) description: | Bug summary: renameat2() does not generate any audit events for a directory being monitored Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1642315 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1642315 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail_Security - fedora-wanted tier: component: - kernel test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1642315-renameat2-does-not-generate-any-audit-events-for framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit - strace environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 75 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1642315-renameat2-does-not-generate-any-audit-events-for/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1643567-service-auditd-stop-exits-prematurely summary: Test for BZ#1643567 (service auditd stop exits prematurely) description: | Bug summary: service auditd stop exits prematurely Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1643567 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1643567 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass_Security - Tier3 - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1643567-service-auditd-stop-exits-prematurely framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 76 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1643567-service-auditd-stop-exits-prematurely/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1663285-ausearch-does-not-record-device-inode-details-when summary: Test for BZ#1663285 (ausearch does not record device/inode details when) description: | Bug summary: ausearch does not record device/inode details when checkpointing a single file Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1663285 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1663285 id: tag: - CI-Tier-1 - Tier2 tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1663285-ausearch-does-not-record-device-inode-details-when framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 77 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1663285-ausearch-does-not-record-device-inode-details-when/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1671338-using-yesterday-for-both-start-date-and summary: Test for BZ#1671338 (using "yesterday" for both --start-date and) description: | Bug summary: using "yesterday" for both --start-date and --end-time with ausearch gives some hit whereas it should not. Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1671338 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1671338 id: tag: - NoRHEL4 - NoRHEL5 - TIPfail_Security - Tier2 tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1671338-using-yesterday-for-both-start-date-and framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 78 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1671338-using-yesterday-for-both-start-date-and/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1693470-libauparse-memory-leak summary: Test for BZ#1693470 (libauparse memory leak) description: | Bug summary: libauparse memory leak Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1693470 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1693470 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - TIPpass_Security - Tier2 tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1693470-libauparse-memory-leak framework: beakerlib manual: false tty: false require: - git-core - rpm - curl recommend: - audit-libs-devel - yum-utils - python3 - valgrind - setools-console - sqlite - audit - /usr/sbin/semanage - gcc - expect - setools - policycoreutils - library(distribution/epel-internal) - selinux-policy-devel environment: AVC_ERROR: +no_avc_check TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 79 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1693470-libauparse-memory-leak/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1696709-updating-auditd-is-enabling-disabled-service summary: Test for BZ#1696709 (updating auditd is enabling disabled service) description: | Bug summary: updating auditd is enabling disabled service Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1696709 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1696709 id: tag: - NoRHEL4 - NoRHEL5 - TIPfail_Security - Tier2 tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1696709-updating-auditd-is-enabling-disabled-service framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 15m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 80 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1696709-updating-auditd-is-enabling-disabled-service/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1705376-aureport-aborts-when-using-a-specific-input summary: Test for BZ#1705376 (aureport aborts when using a specific input) description: | Bug summary: aureport aborts when using a specific input Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1705376 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1705376 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - TIPfail_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1705376-aureport-aborts-when-using-a-specific-input framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 81 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1705376-aureport-aborts-when-using-a-specific-input/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz1738634-audit-add-kernel-boot-option-to-override-default summary: Test for BZ#1738634 (audit add kernel boot option to override default) description: | Bug summary: audit: add kernel boot option to override default backlog limit Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1738634 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1738634 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass - TIPpass_Security - Tier3 - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz1738634-audit-add-kernel-boot-option-to-override-default framework: beakerlib manual: false tty: false require: - audit recommend: - kernel - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 82 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz1738634-audit-add-kernel-boot-option-to-override-default/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz235398-LSPP-ausearch-does-not-correctly-find-out-of summary: 'Test for bz235398 (LSPP: ausearch does not correctly find out of)' description: | Bug summary: LSPP: ausearch does not correctly find out of order records Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=235398 Description: Description of problem: When record parts are distributed in the log file(ie separated by other records that have a different timestamp/number), ausearch does not correcly search through them. The first record part will be found, but not the other record parts. Version-Release number of selected component (if applicable): audit-1.3.1-3 How reproducible: always Steps to Reproduce: 1. ausearch -c python -if ausearch-good-audit.log 2. ausearch -c python -if ausearch-bad-audit.log (the logs are attached in this bugzilla) Actual results: 1. The first one returns all records. 2. The second one returns only a single record. Expected results: All records should be returned from both logs NOTE: Depending on your local timezone or system time format, the reference results might cause the test to produce false-negative. This could be safely waived. contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=235398 id: tag: - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz235398-LSPP-ausearch-does-not-correctly-find-out-of framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 83 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz235398-LSPP-ausearch-does-not-correctly-find-out-of/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz495711-problem-loading-some-rules summary: Some audit rules will not load even though they are correct description: | Test bug 495711 and then exercise all syscall names and rules as dumped from ausyscall. On s390x are excluded select and newfstatat syscalls. contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=495711 id: tag: - TIPpass - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz495711-problem-loading-some-rules framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 30m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 84 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz495711-problem-loading-some-rules/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz497542-auditctl-parsing-error-for-arg0-3-fields summary: Test for bz497542 (auditctl parsing error for arg0-3 fields) description: | Bug summary: auditctl parsing error for arg0-3 fields Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=497542 Description: Description of problem: Auditctl is not accepting rules of the following form: -a entry,always -S kill -F uid=0 -F a0!=-1 -F a1=1 Version-Release number of selected component (if applicable): audit-1.7.7-6 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=497542 id: tag: - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz497542-auditctl-parsing-error-for-arg0-3-fields framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 85 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz497542-auditctl-parsing-error-for-arg0-3-fields/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz519790-libauparse-interpreting-ipc-mode-fields-segfault summary: Bug 519790 - crash interpreting IPC mode fields via libauparse description: '' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=519790 id: tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz519790-libauparse-interpreting-ipc-mode-fields-segfault framework: beakerlib manual: false tty: false require: - audit recommend: - audit-libs-devel - glibc-devel.s390 - audispd-plugins - audit - gcc - glibc-devel.ppc - glibc-devel - glibc-devel.i686 - audit-libs environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 86 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz519790-libauparse-interpreting-ipc-mode-fields-segfault/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz529851-auparse-handle-empty-AUSOURCE_FILE_ARRAY-segfault summary: Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (was segfaulting) description: '' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=529851 id: tag: - TIPpass - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz529851-auparse-handle-empty-AUSOURCE_FILE_ARRAY-segfault framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - python3 - python - audit - platform-python - audit-libs-python - python3-audit - audit-libs environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 87 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz529851-auparse-handle-empty-AUSOURCE_FILE_ARRAY-segfault/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz554553-audit-does-not-work-for-filtering-a-large-inode-number-on-i386 summary: Audit may not handle rules with large integers correctly on i386 description: |+ Audit may not handle rules with large integers correctly. For example, running auditctl -a exit,always -S all -F inode= has no effect on an i386 system. Steps to Reproduce: 1. Make sure that the audit service (auditd) is started 2. Run auditctl -a exit,always -S all \ -F inode=`ls -i /proc/cpuinfo | cut -f 1 -d ' '` to add a rule with a large inode number. (/proc/cpuinfo seems to usually have a large enough inode number) 3. Run "ls /proc/cpuinfo" to trigger the previously added rule. Actual results: No messages are generated in /var/log/audit/audit.log Expected results: Messages similar to the following should be added to /var/log/audit/audit.log: type=SYSCALL msg=audit(1263252195.265:336): arch=40000003 syscall=195 success=yes exit=0 a0=bfdbdc99 a1=94dd11c a2=b79ff4 a3=bfdbcfe0 items=1 ppid=1527 pid=829 auid=4372 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ls" exe="/bin/ls" subj=user_u:system_r:unconfined_t:s0 key=(null) contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=554553 id: tag: - TIPpass - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz554553-audit-does-not-work-for-filtering-a-large-inode-number-on-i386 framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 88 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz554553-audit-does-not-work-for-filtering-a-large-inode-number-on-i386/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz554555-audit-does-not-work-for-filtering-a-large-inode summary: Test for bz554555 (audit does not work for filtering a large inode) description: | Bug summary: audit does not work for filtering a large inode number on i386 Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=554555 Description: +++ This bug was initially created as a clone of Bug #554553 +++ Description of problem: audit may not handle rules with large integers correctly. For example, running auditctl -a exit,always -S all -F inode= has no effect on an i386 system. Version-Release number of selected component (if applicable): audit-1.7.17-3.el5 How reproducible: 100% Steps to Reproduce: 1. Make sure that the audit service (auditd) is started 2. Run auditctl -a exit,always -S all \ -F inode=`ls -i /proc/cpuinfo | cut -f 1 -d ' '` to add a rule with a large inode number. (/proc/cpuinfo seems to usually have a large enough inode number) 3. Run "ls /proc/cpuinfo" to trigger the previously added rule. Actual results: No messages are generated in /var/log/audit/audit.log Expected results: Messages similar to the following should be added to /var/log/audit/audit.log: type=SYSCALL msg=audit(1263252195.265:336): arch=40000003 syscall=195 success=yes exit=0 a0=bfdbdc99 a1=94dd11c a2=b79ff4 a3=bfdbcfe0 items=1 ppid=1527 pid=829 auid=4372 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ls" exe="/bin/ls" subj=user_u:system_r:unconfined_t:s0 key=(null) type=CWD msg=audit(1263252195.265:336): cwd="/root" type=PATH msg=audit(1263252195.265:336): item=0 name="/proc/cpuinfo" inode=4026531851 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:proc_t:s0 type=SYSCALL msg=audit(1263252195.265:337): arch=40000003 syscall=196 success=yes exit=0 a0=bfdbdc99 a1=94dd11c a2=b79ff4 a3=0 items=1 ppid=1527 pid=829 auid=4372 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ls" exe="/bin/ls" subj=user_u:system_r:unconfined_t:s0 key=(null) type=CWD msg=audit(1263252195.265:337): cwd="/root" type=PATH msg=audit(1263252195.265:337): item=0 name="/proc/cpuinfo" inode=4026531851 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:proc_t:s0 Additional info: This issue can also be verified by running auditctl -l after adding the rule in step two above. The hexadecimal value of the inode in the rule will not match the value on the command line. For example: # ls -i /proc/cpuinfo 4026531851 /proc/cpuinfo # auditctl -a exit,always -S all -F inode=4026531851 # auditctl -l LIST_RULES: exit,always inode=2147483647 (0x7fffffff) syscall=all # dc 16 o 4026531851 p F000000B The inode value 0xf000000b does not match the value in the rule list. On an x86_64 system the commands above result in: # ls -i /proc/cpuinfo 4026532000 /proc/cpuinfo # auditctl -a exit,always -S all -F inode=4026532000 # auditctl -l LIST_RULES: exit,always inode=-268435296 (0xf00000a0) syscall=all # dc 16 o 4026532000 p F00000A0 So on an x86_64 system, the hex value of the inode matches the actual inode value. The decimal value of the inode listed by the rule doesn't match, but that seems like another bug. :) contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=554555 id: tag: - TIPfail_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz554555-audit-does-not-work-for-filtering-a-large-inode framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 89 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz554555-audit-does-not-work-for-filtering-a-large-inode/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz585356-audit-updates-for-virtualization summary: 'There are some updates to handle the new audit events for virtualization: VIRT_CONTROL, VIRT_RESOURCE, and VIRT_MACHINE_ID' description: | Since RHEL 5.6 audit errata version >= audit-1.7.18-1.el5 new events are supported: VIRT_CONTROL, VIRT_RESOURCE, and VIRT_MACHINE_ID. contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=585356 id: tag: - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz585356-audit-updates-for-virtualization framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 90 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz585356-audit-updates-for-virtualization/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz607823-inodes-display-incorrectly-when-listing-rules summary: When listing audit rules, large inode values may not display properly. description: '' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=607823 id: tag: - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz607823-inodes-display-incorrectly-when-listing-rules framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 91 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz607823-inodes-display-incorrectly-when-listing-rules/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz654883-service-auditd-restart-output-in-immutable-mode-is summary: Test for bz654883 (service auditd restart output in immutable mode is) description: | Bug summary: service auditd restart output in immutable mode is not clear. Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=654883 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=654883 id: tag: - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz654883-service-auditd-restart-output-in-immutable-mode-is framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 92 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz654883-service-auditd-restart-output-in-immutable-mode-is/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz670938-searching-on-auid-1-results-in-all-events summary: Bug 670938 - searching on auid = -1 results in all events description: | When an audit rules such as this is loaded on a 32 bit system: -a exit,always -S creat -S open -S openat -S truncate -S ftruncate -F success=0 -F auid!=-1 System processes (ones with auid == -1) still get logged. This is because the auid is converted using a signed conversion and then compared in the kernel unsigned. Since 2147483647 does not equal 4294967295, the rule never triggers. Listing the rule back out with "auditctl -l" shows that auid=2147483647 (0x7fffffff) is loaded rather than 4294967295. Second issue tracked in this bug was with getting records for auid 4294967295 with ausearch. This resulted in all records rather than the one wanted. The query was something like this: ausearch -ul 4294967295 -if ./audit.log Where audit.log had the following event type=USER_AUTH msg=audit(1258740386.638:288): user pid=28360 uid=500 auid=500 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/libexec/polkit-1/polkit-agent-helper-1" hostname=? addr=? terminal=? res=failed' contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=670938 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=706156 id: tag: - Tier3 - Tier3security - fedora-wanted - rhel-5.8 tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz670938-searching-on-auid-1-results-in-all-events framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 93 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz670938-searching-on-auid-1-results-in-all-events/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz803349-allocate-extra-space-for-node-names summary: Test for bz803349 (allocate extra space for node names) description: | Bug summary: allocate extra space for node names Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=803349 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=803349 id: tag: - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz803349-allocate-extra-space-for-node-names framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 94 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz803349-allocate-extra-space-for-node-names/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz810749-audit-allows-tcp-max-per-addr-1-connections summary: Test for BZ#810749 (audit allows tcp_max_per_addr + 1 connections) description: | Bug summary: audit allows tcp_max_per_addr + 1 connections Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=810749 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=810749 id: tag: - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz810749-audit-allows-tcp-max-per-addr-1-connections framework: beakerlib manual: false tty: false require: - audit recommend: - nc - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 95 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz810749-audit-allows-tcp-max-per-addr-1-connections/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz869555-ausearch-i-does-not-interpret-execve-arguments summary: Test for BZ#869555 (ausearch -i does not interpret execve arguments) description: | Bug summary: ausearch -i does not interpret execve arguments when aN_len=nbytes is encountered Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=869555 Test produces a splitted audit record (more than 8560 bytes long) and checks if there is a number in aN_len=nbytes (correct) or the number is interpreted (wrong) contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=869555 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1180675 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1496408 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass - TIPpass_Security - Tier3 - Tier3security - fedora-wanted tier: '3' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz869555-ausearch-i-does-not-interpret-execve-arguments framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 96 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz869555-ausearch-i-does-not-interpret-execve-arguments/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz888348-bz1138674 summary: Test for BZ#888348 and BZ#1138674 description: | Bugzilla links: * https://bugzilla.redhat.com/show_bug.cgi?id=888348 * https://bugzilla.redhat.com/show_bug.cgi?id=1138674 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=888348 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1138674 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz888348-bz1138674 framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 97 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz888348-bz1138674/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz952295-Add-msgtype-to-user-filter summary: Test for BZ#952295 (Add msgtype to user filter) description: | Bug summary: Add msgtype to user filter Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=952295 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=952295 id: tag: - NoRHEL4 - NoRHEL5 - TIPpass - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz952295-Add-msgtype-to-user-filter framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 98 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz952295-Add-msgtype-to-user-filter/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz970675-auparse-seems-to-be-truncating-path-audit-message summary: Test for BZ#970675 (auparse seems to be truncating path audit message) description: | Bug summary: auparse seems to be truncating path audit message selinux context after first category Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=970675 contact: - omoris@redhat.com enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=970675 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1104973 id: tag: - NoRHEL4 - NoRHEL5 - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz970675-auparse-seems-to-be-truncating-path-audit-message framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 99 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz970675-auparse-seems-to-be-truncating-path-audit-message/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/bz982154 summary: Test for BZ#982154 description: | Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=982154 contact: - Ondrej Moris enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=982154 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPpass_Security - Tier2 - Tier2security tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/bz982154 framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit - python environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 10m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 100 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/bz982154/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/default-systemd-service-blocks-watch-rules-in-some-dirs summary: Test watch rules in some directories description: Test issue with the default audit configuration, watch rules in some directories are blocked. contact: - Martin Zelený enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2070705 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2070706 id: tag: - NoRHEL6 - NoRHEL7 - Tier2 tier: '2' component: - audit test: ./test.sh path: /Downstream_audit_tests/tests/Regression/default-systemd-service-blocks-watch-rules-in-some-dirs framework: beakerlib manual: false tty: false require: - audit recommend: - audispd-plugins - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 101 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/default-systemd-service-blocks-watch-rules-in-some-dirs/main.fmf discover-phase: Downstream_audit_tests - name: /Downstream_audit_tests/Regression/sample-rules-is-readable-for-non-root summary: List sample-rules directory as a non root user description: '' contact: - Martin Zelený enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2054432 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2054727 id: tag: - CI-Tier-1 - NoRHEL6 - NoRHEL7 - Tier2 tier: '2' component: - audit test: ./runtest.sh path: /Downstream_audit_tests/tests/Regression/sample-rules-is-readable-for-non-root framework: beakerlib manual: false tty: false require: [] recommend: - audit - /usr/sbin/runuser environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: *id001 check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 102 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Regression/sample-rules-is-readable-for-non-root/main.fmf discover-phase: Downstream_audit_tests - name: /Upstream_fapolicyd_tests/Sanity/audit-rule-number summary: description: chech the decision rule number is sent to audit contact: - Dalibor Pospíšil enabled: true order: 50 link: - verifies: https://issues.redhat.com/browse/RHEL-624 - verifies: https://issues.redhat.com/browse/RHEL-628 - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=2216668 - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=2216666 id: e5ea5841-8f6f-4e7a-a68e-6f57f61f6984 tag: - Tier2 - CI-Tier-1 tier: '2' component: - fapolicyd - audit test: ./runtest.sh path: /Upstream_fapolicyd_tests/tests/Sanity/audit-rule-number framework: beakerlib manual: false tty: false require: - rpm-build - rpm - rpmdevtools - curl - fapolicyd - git-core - audit - gcc recommend: - fapolicyd-selinux - yum-utils - python3 - setools-console - sqlite - /usr/sbin/semanage - expect - setools - policycoreutils - library(distribution/epel-internal) - selinux-policy-devel environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 5m result: respect where: [] check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 103 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Upstream_fapolicyd_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Upstream_fapolicyd_tests/tests/Sanity/audit-rule-number/main.fmf discover-phase: Upstream_fapolicyd_tests - name: /Downstream_rpm_tests/Sanity/bz1555326-rpm-should-provide-audit-events-on-update summary: Test for BZ#1555326 (rpm should provide audit events on update) description: | Bug summary: rpm should provide audit events on update verification Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1555326 contact: - Jan Blazek enabled: true order: 50 link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1555326 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1607612 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2001948 id: tag: - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail_Security - Tier2pm - Tier3 - TierCandidatesPASS - fedora-wanted tier: '3' component: - audit - rpm test: ./runtest.sh path: /Downstream_rpm_tests/tests/Sanity/bz1555326-rpm-should-provide-audit-events-on-update framework: beakerlib manual: false tty: false require: - library(yum/common-functions) recommend: - rpm - audit - rng-tools - rpm-build - expect - rng-utils - pinentry - rpm-sign - rpm-plugin-audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 10m result: respect where: [] check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 104 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_rpm_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_rpm_tests/tests/Sanity/bz1555326-rpm-should-provide-audit-events-on-update/main.fmf discover-phase: Downstream_rpm_tests - name: /Downstream_scap-security-guide_tests/Sanity/audit-sample-rules summary: Verify SSG rules configuring audit from OSPP are aligned with the audit package. description: | Verifies that SSG rules configuring audit from the OSPP profile (rules which use template audit_file_contents) correspond to sample audit rules for OSPP under /usr/share/audit/sample-rules from the audit package. List of the SSG rules checked by the test: audit_basic_configuration audit_perm_change_success audit_delete_failed audit_access_success audit_owner_change_failed audit_owner_change_success audit_modify_failed audit_create_success audit_module_load audit_delete_success audit_ospp_general audit_perm_change_failed audit_create_failed audit_access_failed audit_modify_success If this test fails please contact RHEL Security Compliance team on "openscap / cac (compliance as code)" gchat, or mailing list , or on internal IRC (#openscap). contact: - Matus Marhefka enabled: true order: 200 link: [] id: tag: - NoFedora - daily - NoStabilization - NoProductization tier: component: - scap-security-guide - audit test: ./runtest.sh path: /Downstream_scap-security-guide_tests/tests/Sanity/audit-sample-rules framework: beakerlib manual: false tty: false require: [] recommend: - scap-security-guide - libxml2 - audit environment: TMT_PLAN_DATA: /var/tmp/tmt/run-017/Plans/general/data TMT_PLAN_ENVIRONMENT_FILE: /var/tmp/tmt/run-017/Plans/general/data/variables.env TMT_TREE: /var/tmp/tmt/run-017/Plans/general/tree TMT_VERSION: 1.33.0 duration: 4h result: respect where: [] check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false serial-number: 105 sources: - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_scap-security-guide_tests/tests/Sanity/main.fmf - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_scap-security-guide_tests/tests/Sanity/audit-sample-rules/main.fmf discover-phase: Downstream_scap-security-guide_tests