Test Plan

for

SuSE Linux Enterprise Server V8

EAL2 Security Function Verification

Version: 1.9

Owner: Daniel Jones

danjones@us.ibm.com

512.838.1794

IBM Linux Technology Center – Security

11400 Burnet Road

Austin, TX 78758

It is the responsibility of the user of this document to ensure that they are using the current version of this document. To validate that your copy of this document is at the latest level, view the latest version of this document, http://eclipse.ltc.austin.ibm.com/EAL2/eal2_test_plan.html.

Document Control
Overview
Assumptions and Dependencies
Test Approach and Methodology
Installation of Test Environment
Target of Evaluation (TOE) Compliance
Test Execution
System Test Entry Criteria
System Test Exit Criteria
Problem Reporting and Tracking
Test Case Information
Appendix A: Execution Plan
Appendix B: Manual Tests

Document Control

Reviewers

This document is distributed by 7UGA 5R Linux OS – Maroon. The latest version can be obtained internally from http://eclipse.ltc.austin.ibm.com/EAL2/eal2_test_plan.html

Name	Organization
Daniel Jones	7UGA 5R Linux OS – Maroon
Doc Shankar	7UGA 5R Linux OS – Maroon
Emily Ratliff	7UGA 5R Linux OS – Maroon
Klaus Weidner	@sec information security GmbH

Change Summary

Date	Version	Description of Changes
03/19/2003	Draft 0.1	Initial Draft
03/27/2003	Draft 0.2	Added Entry/Exit Criteria, test tool descriptions, SMP test requirements, completed test cases.
04/01/2003	Draft 0.3	Added completed test cases, system call tests, additional software, installation of test environment.
04/04/2003	Draft 0.4	Added test environment install section, ftp database, lstat syscall. Modified H/W requirements.
04/10/2003	Draft 0.5	Added completed test cases, manual test for /etc/securetty and /etc/inittab. Added “make” to additional software. Removed non-security relevant system calls. Added TSF Databases and Administrator Programs.
04/14/2003	Draft 0.6	Added statement about TOE modifications for testing. Added completed test cases.
04/16/2003	1.0	Added completed test cases. Corrected test case execution instructions. Made mingetty not required.
04/17/2003	1.1	Added instructions for manual mount tests.
04/18/2003	1.2	Add requirement to reboot system before re-executing the test suite.
04/24/2003	1.3	Fix unixdomainsocketperm01 testname. Added testcases for setfsuid/setfsgid. Added manual test for login.
04/25/2003	1.4	Correct mingetty manual test instructions.
05/01/2003	1.5	Added manual perl install instructions.
05/05/2003	1.6	Perform initial ssh to localhost.. Corrected script to install perl.
05/08/2003	1.7	Correct tests for removexattr.
05/16/2003	1.8	Add requirement for adherence to security guide.
05/19/2003	1.9	Removed FAIL comment from unixdomainsocketperm01 test.

Overview

Purpose

The purpose of the Security Function Verification test is to demonstrate the correct operation of security functions identified in the SuSE Linux Enterprise Server V8 (SLES8) Security Target for EAL2. The term “correct operation” is defined to include appropriate failures for unauthorized or invalid access to security functions.

Scope

The tests cases identified in this test plan are limited to those areas that enforce the secure operation of SLES8. Furthermore, only features and functions contained in the SLES8 Security Target for EAL2 are addressed. Test cases are designed to verify the correct operation of security related user programs, databases (files), and system calls. Testing for system availability in a stress environment is beyond the scope of this plan.

Environment

The following hardware and software will be used:

Hardware	Linux Distros	Version	Additional Software
IBM xSeries - Pentium 4 or Xeon Processor	SuSE Linux Enterprise Sever	V8	expect, perl expect, gcc, flex, make
Serial Terminal (or PC with Terminal Emulation)	N/A	N/A

The list of required packages, as well as configuration details will be provided by the EAL 2 evaluation security guide. The setup of the test machine(s) must conform strictly with the instructions and configuration details described in the EAL 2 evaluation security guide.

The selected hardware will be tested in uniprocessor and SMP configurations. The objective is to provide test coverage for both the k_deflt and k_smp kernel packages.

Assumptions and Dependencies

Assumptions

Expect, perl expect, gcc, flex and make packages are installed.
The test cases will execute local to the test target machine (i.e. not as a remote client).

Dependencies

Completion of test case development.
Completion of the security guide.
Availability of suitable hardware.

Test Approach and Methodology

The test suite package includes the PAN testing framework.
Where suitable, tests available from the Linux Test Project (LTP) have been utilized.
Where possible, the test suite is designed to run automatically, without user intervention.
Test cases are self contained and create/remove any resources required for validation (i.e. users, groups, files).
Test case source code contains descriptions of the test objective, the method of verification, and the expected result.
Test cases are self reporting. Each test case will check the actual result against the expected result and output a PASS/FAIL status.
Test cases may be executed individually without requiring the entire test suite to run.
Manual testing is performed only when automated options are not available.

Installation of Test Environment

Install gcc, expect, & flex

o Launch “yast”

o Goto Software à Install/Remove Software

o Goto search and search for “gcc”

o Select “gcc” & “gcc-c++” by selecting them and pressing “+”

o Goto search and search for “make”

o Select “make” by selecting it and pressing “+”

o Goto search and search for “expect”

o Select “expect” by selecting it and pressing “+”

o Goto search and search for “lex”

o Select “flex” by selecting it and pressing “+”

Install perl expect

For internet connected host

#Enter the following command:

perl -MCPAN -e shell

#Answer “no” to the following prompt::

Are you ready for manual configuration ? [yes] no

#At the cpan prompt run the “install Expect” command:

cpan>install Expect

#Answer “yes” to the following prompt:

Shall I follow then and prepend to the queue of modules

we are processing right now? [yes] yes

#Quit the program

cpan>quit

For non-internet connected host

# Download the required files on an Internet-connected machine:

wget http://www.cpan.org/authors/id/R/RG/RGIERSIG/IO-Tty-1.02.tar.gz

wget http://www.cpan.org/authors/id/R/RG/RGIERSIG/Expect-1.15.tar.gz

# Transfer the files to the target machine, and run the following to

# install the Perl modules:

for f in IO-Tty*tar.gz Expect*tar.gz; do (

gzip -dc "$f" | tar xf -

cd `basename "$f" .tar.gz`

perl Makefile.PL

make && make install

cd -

) done

Target of Evaluation (TOE) Compliance

The following packages are added through yast2, including dependencies added automatically (verified through 'rpmqpack' output):

o                    binutils

o                    cpp

o                    expect

o                    flex

o                    gcc

o                    gcc-c++

o                    glibc-devel

o                    libstdc++-devel

o                    make

o                    tcl

o                    tk

o                    xshared

The 'Expect.pm' module needed for Perl tests installs the following Perl packages (not through Yast2, the command used is "perl -mCPAN -e 'Install Expect'"):

o                    IO-Tty-1.02.tar.gz

o                    Expect-1.15.tar.gz

These modifications are all permitted according to the Security Guide ("Reviewing the system configuration"). There are no configuration violations such as setuid/setgid binaries, daemons, startup scripts or other prohibited changes. After installation of the test environment, the system remains compliant with the TOE.

Test Execution

NOTE

Some tests may leave the machine in an inconsistent state and cause the cron tests to fail. To avoid these spurious cron failures, the test host must be rebooted before attempting to run the test suite again.

LTP Compliant Testcases

Execute initial ssh to localhost as root to establish authenticity of ‘localhost’. (This only needs to be performed once per freshly installed machine).
Retrieve linux_security_test_suite_EAL2.tar.gz from the “Extending LTP” IIOSB project to the target test machine.
Unzip/untar file into a directory readable by all (for example, /test_EAL2).
cd to ltp_EAL2 subdirectory (for example /test_EAL2/ltp_EAL2).
As root user, run “make”.
As root user, run “make install”.
Export “.” To PATH (i.e. export PATH=$PATH:.).
Export the root password in the ROOT_PASSWORD environment variable.
As root user, run “./runalltests.sh –N –p –l <logfile>”
View the test execution results in the results/<logfile> file.
To execute a single test case, cd to ltp_EAL2/testcases/bin directory and run the desired test (for example ./chmod01). Test results will output to stdout.

At Testcase (standalone)

cd to at_test_EAL subdirectory.
As root user, run “sh runme.sh 2>&1 | tee <output file>”
View execution results in <output file>

ACL Testcases (standalone)

cd to ext3_ACLS_tests subdirectory.
As root user, run “sh runme”
View execution results in the ACL_TEST_RESULTS.log file.

Manual Tests

See appendix B.

System Test Entry Criteria

System test will begin on April 1, 2003 with available test cases.
Additional test cases may be delivered to the system test team until April 15^th.

System Test Exit Criteria

At least 95% of the test cases must pass.
No critical defects remain open.
Tests executed on IBM xSeries - Pentium 4 or Xeon Processor hardware platform.

Problem Reporting and Tracking

SLES 8 product defects will be recorded in the “service” family in LTC Bugzilla.
Test case defects will be recorded in the “Bluefortress” family in LTC Bugzilla.

Test Case Information

Test Tools

PAN – Test framework used by the Linux Test Project (LTP).
expect / perl expect – A tool for automating interactive applications such as login, ssh, etc.

Security Function, Test Location

User Databases

Name	Location	Comments
/etc/at.allow /etc/at.deny	ltp_EAL2/testcases/admin_tools/at/at_allow01 ltp_EAL2/testcases/admin_tools/at/at_deny01
/etc/cron.d/*	ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.daily/	ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.hourly/	ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.monthly/	ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.weekly/	ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/crontab	ltp_EAL2/testcases/admin_tools/cron/cron01 ltp_EAL2/testcases/admin_tools/cron/cron02
/etc/ftpusers	ltp_EAL2/testcases/user_databases/ftpusers01
/etc/group	ltp_EAL2/testcases/user_databases/group01
/etc/gshadow	ltp_EAL2/testcases/user_databases/group01
/etc/inittab	manual test	see appendix B
/etc/ld.so.conf	ltp_EAL2/testcases/user_databases/ld.so.conf01
/etc/login.defs	ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03
/etc/modules.conf	ltp_EAL2/testcases/admin_tools/modules.conf/modules.conf01 ltp_EAL2/testcases/admin_tools/modules.conf/modules.conf02
/etc/pam.d	ltp_EAL2/testcases/user_databases/pam01
/etc/passwd	ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03
/etc/securetty	manual test	see appendix B
/etc/security/pam_pwcheck.conf	ltp_EAL2/testcases/user_databases/pam01 ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03
/etc/security/pam_unix2.conf	ltp_EAL2/testcases/user_databases/pam01 ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03
/etc/shadow	ltp_EAL2/testcases/user_databases/shadow01
/etc/ssh/ssh_config	ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04
/etc/ssh/sshd_config	ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04
/etc/sysconfig/*	ltp_EAL2/testcases/admin_tools/sysconfig/sysconfig01
/etc/vsftpd.conf	ltp_EAL2/testcases/user_databases/ftpusers01
/etc/xinetd.conf	ltp_EAL2/testcases/user_databases/ftpusers01 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04	implicit testing by ftp
/usr/lib/cracklib_dict.*	ltp_EAL2/testcases/user_databases/pam01 ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03
/var/log/faillog	ltp_EAL2/testcases/user_databases/faillog01
/var/log/lastlog	ltp_EAL2/testcases/user_databases/lastlog01
/var/spool/atjobs	at_test_EAL2/runme.sh
/var/spool/cron/*	ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/var/spool/cron/allow /var/spool/cron/deny	ltp_EAL2/testcases/admin_tools/cron/cron_allow01 ltp_EAL2/testcases/admin_tools/cron/cron_deny01

Administration Tools

Name	Location	Comments
/bin/login	manual test	see appendix B
/bin/ping	ltp_EAL2/testcases/network/tcp_cmds/ping/ping01
/bin/su	ltp_EAL2/testcases/admin_tools/su/su01
/sbin/agetty	manual test	see appendix B
/sbin/mingetty	manual test	see appendix B – not required
/usr/bin/at	at_test_EAL2/runme.sh	standalone test
/usr/bin/chage	ltp_EAL2/testcases/user_databases/shadow01
/usr/bin/chfn	ltp_EAL2/testcases/user_databases/passwd02
/usr/bin/chsh	ltp_EAL2/testcases/user_databases/passwd03
/usr/bin/crontab	ltp_EAL2/testcases/admin_tools/cron/cron01 ltp_EAL2/testcases/admin_tools/cron/cron02
/usr/bin/passwd	ltp_EAL2/testcases/user_databases/pam01 ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03
/usr/sbin/atd	at_test_EAL2/runme.sh
/usr/sbin/cron	ltp_EAL2/testcases/admin_tools/cron/cron01 ltp_EAL2/testcases/admin_tools/cron/cron02
/usr/sbin/groupadd	ltp_EAL2/testcases/user_databases/group01
/usr/sbin/groupdel	ltp_EAL2/testcases/user_databases/group01
/usr/sbin/groupmod	ltp_EAL2/testcases/user_databases/group01
/usr/sbin/sshd	ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03 ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04
/usr/sbin/useradd	ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03 ltp_EAL2/testcases/user_databases/pam01 ltp_EAL2/testcases/user_databases/shadow01 ltp_EAL2/testcases/user_databases/group01 ltp_EAL2/testcases/user_databases/ftpusers01
/usr/sbin/userdel	ltp_EAL2/testcases/user_databases/passwd01 ltp_EAL2/testcases/user_databases/passwd02 ltp_EAL2/testcases/user_databases/passwd03 ltp_EAL2/testcases/user_databases/pam01 ltp_EAL2/testcases/user_databases/shadow01 ltp_EAL2/testcases/user_databases/group01 ltp_EAL2/testcases/user_databases/ftpusers01
/usr/sbin/usermod	ltp_EAL2/testcases/user_databases/group01
/usr/sbin/vsftpd	ltp_EAL2/testcases/user_databases/ftpusers01 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04
/usr/sbin/xinetd	ltp_EAL2/testcases/user_databases/ftpusers01 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03 ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04	implicit testing by ftp
/sbin/init	manual test	see appendix B

Network Commands

Name

Location

Comments

ftp

ltp_EAL2/testcases/user_databases/ftpusers01

ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02

ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03

ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04

ssh

ltp_EAL2/testc