Test Plan for Red Hat Enterprise Linux EAL3 Security Function Verification

VER. 1.0.11 CUSTOMER Test Plan for Red Hat Enterprise Linux EAL3 Security Function Verification

Owner: Kris Wilson (krisw@us.ibm.com) (512) 838-0126

IBM Linux Technology Center - Security
11501 Burnet Road
Austin, TX 78758
(C)Copyright 2004, IBM
VERIFY VERSION AND COMPLETENESS PRIOR TO USE.
Master document rheal3fv.script

23 Jul 2004
NOTICE
The responsibility for using the latest level of this document lies with the user of the document. If a new level is available, it should be used and old level(s) should be discarded. To verify you are using the newest level, view it on CVS in the rhcc project under rhcc/specs/rheal3fv.html.


Table of Contents

Chapter 1. LEGAL NOTICES

Chapter 2. Document control information

  • 2.1 Reviewers
  • 2.2 Availability
  • 2.2.1 Completeness
  • 2.2.2 Obsolete copies, Retention, and Disposition
  • 2.2.3 Alteration/Duplication
  • 2.3 Document Change Control
  • 2.4 Change History
  • Chapter 3. Overview

  • 3.1 Purpose
  • 3.2 Scope
  • Chapter 4. Environment

  • 4.1 Software/Hardware
  • 4.1.1 Platforms
  • 4.1.2 Additional hardware
  • Chapter 5. Assumptions and dependencies

  • 5.1 Assumptions
  • 5.2 Dependencies
  • Chapter 6. Test approach and methodology

  • 6.1 Function Tests
  • Chapter 7. Target of Evaluation (TOE) compliance

    Chapter 8. Test tools

    Chapter 9. Test descriptions

  • 9.1 AMTU - Automated with manual verification
  • 9.1.1 Memory
  • 9.1.2 Memory Separation
  • 9.1.3 I/O Controller - Network
  • 9.1.4 I/O Controller - Disk
  • 9.1.5 Supervisor Mode Instructions
  • 9.2 at_test_EAL - Automated
  • 9.3 ext3_ACLs_tests (Access Control List) - Automated
  • 9.4 laus_test (Audit) - Automated
  • 9.5 ltp_EAL2 - Automated
  • 9.6 ltp_OpenSSL - Automated
  • 9.7 login.txt (not valid for iSeries or zSeries) - Manual
  • 9.8 serialterm.txt (not valid for iSeries or zSeries) - Manual
  • 9.9 inittabb.txt (/etc/inittab 1/sbin/init) - Manual
  • 9.10 virtconsole.txt (not valid for iSeries or zSeries) - Manual
  • 9.11 mount.txt - Manual
  • 9.12 /etc/init.d/audit.txt - Manual
  • 9.13 aurun.txt - Manual
  • 9.14 OpenSSL.txt - Manual
  • 9.15 Coverage - Internal Interfaces (gcov)
  • Chapter 10. Installation of test environment

  • 10.1 Red Hat installation
  • 10.1.1 Automated configuration
  • 10.1.2 Manual configuration
  • 10.2 Required test case support packages
  • 10.3 Install Perl Expect
  • 10.3.1 Non-internet connected host
  • 10.4 fstab addition
  • 10.5 zSeries steps
  • 10.6 Additional test requirement
  • Chapter 11. Installation of testcases

  • 11.0.1 Downloading test files from the web
  • Chapter 12. Add a user

    Chapter 13. Test execution

  • 13.1 Notes
  • 13.2 Building All Automated Testcases
  • 13.2.1 REQUIRED CLEANUP
  • 13.3 Running automated testcases individually
  • 13.3.1 LTP Compliant Testcases - ltp_EAL2
  • 13.3.1.1 Special instructions - 32 bit compile, 64 bit system
  • 13.3.1.2 Expected failures
  • 13.3.1.3 Problems and solutions
  • 13.3.2 At Testcase - at_test_EAL (standalone)
  • 13.3.3 ACL Testcases - ext3_ACLs_tests (standalone)
  • 13.3.4 Open SSL Tests - ltp_OpenSSL
  • 13.3.4.1 Problems and solutions
  • 13.3.5 Audit Tests - laus_test
  • 13.3.5.1 Standard instructions
  • 13.3.5.2 32 bit compile on 64 bit system instructions
  • 13.3.5.3 REQUIRED CLEANUP
  • 13.3.5.4 Expected laus_test summaries
  • 13.3.5.5 Expected laus test failures for Red Hat EAL3
  • 13.3.5.6 Problems and solutions
  • 13.3.6 AMTU
  • 13.3.6.1 Interpreting Results
  • 13.3.6.2 Problems and solutions
  • 13.3.7 Manual Tests
  • 13.3.7.1 audit(manual test)
  • 13.3.7.2 login (manual test)
  • 13.3.7.3 mount (manual test)
  • 13.3.7.4 OpenSSL Interoperability Test (manual test)
  • 13.3.7.5 serialterm (manual test)
  • 13.3.8 Internal Interfaces - using gcov instrumented kernel
  • Chapter 14. Quality information

  • 14.1 System Test Entry Criteria
  • 14.2 System Test Exit Criteria
  • 14.3 Retention of test cases
  • 14.4 Retention of test results
  • 14.4.1 Naming convention for test results
  • 14.5 Problem Reporting and Tracking
  • Chapter 15. Appendix A - Execution plan

    Chapter 16. Appendix B - manual tests sample results template for CVS

    Chapter 17. Appendix C - AMTU example results

  • 17.1 Debug output
  • Chapter 18. Appendix D - at_test_EAL example results

  • 18.1 test.results.txt
  • 18.1.1 Output File
  • Chapter 19. Appendix E - eal3_ACLs_tests example results

    Chapter 20. Appendix F - laus_test example results

    Chapter 21. Appendix G - ltp2_EAL2 example results

    Chapter 22. Appendix H - ltp_OpenSSL example results

    Chapter 23. Appendix I - gcov example output


    Chapter 1. LEGAL NOTICES

    The following terms are registered trademarks of International Business Machines Corporation in the United States and/or other countries: IBM, eServer, xSeries, pSeries, DB2, WebSphere. A full list of U.S. trademarks owned by IBM may be found at http://www.ibm.com/legal/copytrade.shtmal.

    Linux is a registered trademark of Linus Torvalds.

    Other company, product, and service names may be trademarks or service marks of others.


    Chapter 2. Document control information


    2.1 Reviewers


    NAME ORGANIZATION
    Mounir Bsaibes 7UGA 5R Linux OS Technical Team Lead
    Ken Hake Project Manager
    Paul Edgar Test Validation
    Stephan Mueller Atsec information security GmbH
    Helmut Kurth Atsec information security GmbH

    This document is distributed by 7UGA 5R Linux OS - Maroon.


    2.2 Availability

    The author of this document is Kris Wilson, krisw@us.ibm.com, 512.838.0126. Ask the author for the most recent version. It will also be stored in the Blue Fortress team room and on CVS.

    2.2.1 Completeness

    You should verify completeness of this document. Pages are numbered, and the "Last Page" is indicated.

    2.2.2 Obsolete copies, Retention, and Disposition

    It is your responsibility to ensure you have the most recent version of this document and to properly dispose of all obsolete copies.

    2.2.3 Alteration/Duplication

    You may make copies of this document. You must contact the author to make changes to the document.


    2.3 Document Change Control


    2.4 Change History


    VERSION DATE EXPLANATION
    Version 1.0.1, Draft 1 3/16/04 Initial draft
    Version 1.0.2, Draft 2 3/26/04 Second draft/comments on 1st draft
    Version 1.0.3, Draft3 04/23/04 More comments, add Expected results
    Version 1.0.4, Post review 04/30/04 More comments, test info
    Version 1.0.5, Post review 06/01/04 More comments, test info
    Version 1.0.6, Final Execution 06/11/04 More comments, test info
    Version 1.0.7, Final Execution 06/11/04 Remove AMTU build info, make more updates
    Version 1.0.8, Final Execution 06/22/04 More updates, additional information
    Version 1.0.9, Final Execution 06/22/04 Updates to expected results
    Version 1.0.10, Final Execution 06/30/04 More info, expected results
    Version 1.0.11, Customer 07/23/04 Cleanup for customer use
    (put next version) (put next date) (put next explanation)


    Chapter 3. Overview


    3.1 Purpose

    The purpose of the Security Function Verification test is to demonstrate the correct operation of security functions identified in the "Red Hat Enterprise Linux 3 Update 2 Security Target for CAPP/EAL3 Compliance". The term "correct operation" is defined to include appropriate failures for unauthorized or invalid access to security functions.


    3.2 Scope

    The test cases identified in this test plan are limited to those areas that enforce the secure operation of Red Hat Enterprise Linux 3 Update 2 (Red Hat EL 3). Only features and functions contained in the Security Target for CAPP Compliance are addressed. Test cases are designed to verify the correct operation of security related user programs, databases (files), and system calls. Testing for system availability in a stress environment is beyond the scope of this plan.

    Testing of alternate installation methods shall be covered by AtSec.


    Chapter 4. Environment


    4.1 Software/Hardware

    4.1.1 Platforms


    RH EL3 X IBM xSeries model x335 Z IBM zSeries model z900 (VM 4.3 LPAR) I IBM iSeries model 825 (type 9406, OS/400 V5R3 LPAR) P IBM pSeries model 630 (Type 7028) O Opteron IBM eServer 325 (AMD64 Processor)
    AS yes yes yes yes yes
    WS yes no no no no
    ES no no no no no

    The zSeries and iSeries systems will be configured within a logical partition (zSeries - z/VM, iSeries - LPAR).

    4.1.2 Additional hardware


    Chapter 5. Assumptions and dependencies


    5.1 Assumptions


    5.2 Dependencies


    Chapter 6. Test approach and methodology


    6.1 Function Tests

    The purpose of the test effort is to verify EAL3 compliance of Red Hat EL3 plus Update 2. Actual Functional Verification Testing of Update 2 will be performed by Red Hat.

    The tests which were used for SLES 8 EAL3 testing need to be adapted (ported) for execution on Red Hat EL3, bug reports written where appropriate (test cases or Red Hat code), and the tests run as successfully as possible before the GA of Update 2. Any tests run on the GA version of Update 2 which are using the required manual configuration can count as the official executions. Some tests may be ready for this execution while others may still be in the porting stage, but to count as an official run, all tests must be executed on the GA code with the proper configuration.


    Chapter 7. Target of Evaluation (TOE) compliance

    The additional packages required for the test environment are all permitted according to the configuration guide. There are no configuration violations such as setuid/setgid binaries, daemons, startup scripts or other prohibited changes. After installation of the test environment, the system remains compliant with the TOE.

    Although the gcov instrumented kernels are modified versions of the TOE, all automated gcov tests will be re-run to verify behavior is identical to the TOE. The data produced by gcov will only be used to verify that internal interfaces have been covered by the EAL3 test suites.


    Chapter 8. Test tools


    Chapter 9. Test descriptions

    This section contains a short, high level description of the test suites used for the EAL3 verification.


    9.1 AMTU - Automated with manual verification

    The Abstract Machine Test Utility (AMTU) is to be run to verify the hardware for all platforms and will be included in the certification rpm.

    AMTU is an administrative utility to check whether the underlying protection mechanisms of the hardware are still being enforced. This is a requirement of the Controlled Access Protection Profile (CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. AMTU executes the following tests:

    9.1.1 Memory

    Randomly writes to areas of memory and then reads the memory back to ensure the values written remain unchanged.

    9.1.2 Memory Separation

    Ensures that user space programs cannot read and write to areas of memory utilized by the likes of Video RAM, kernel code, etc.

    9.1.3 I/O Controller - Network

    Verifies random data transmitted is also the data received for each configured network device. Only ethernet and token ring devices that are configured and up are checked. Async devices are not checked.

    9.1.4 I/O Controller - Disk

    Verifies that information written to disks remains unchanged. Only SCSI and IDE controllers associated with mounted filesystems are checked.

    9.1.5 Supervisor Mode Instructions

    Ensures that the enforcement of the property that privileged instructions should only be used in supervisor mode is still in effect. The set of privileged instructions tested to confirm this is architecture dependent.


    9.2 at_test_EAL - Automated

    These scripts test the basic functionality of the "at" and "cron" utilities which are used to schedule jobs at particular times in the future.


    9.3 ext3_ACLs_tests (Access Control List) - Automated

    These are the extended attribute/access control list tests.


    9.4 laus_test (Audit) - Automated


    9.5 ltp_EAL2 - Automated

    This bucket contains the tests for EAL2 certification (no audit) and contains subtests for the following in addition to other tests:

         admin tools
         ACLs
         at
         system calls
         file access permissions
         network commands
         object reuse
         user databases
    


    9.6 ltp_OpenSSL - Automated


    9.7 login.txt (not valid for iSeries or zSeries) - Manual

    This tests success and error cases for Login and verifies proper audit records were created.


    9.8 serialterm.txt (not valid for iSeries or zSeries) - Manual

    This tests use /etc/securetty and /sbin/agetty. It adds an agetty line to inittab and verifies root is denied access from a serial terminal until "ttySO" is added to the /etc/securetty file.


    9.9 inittabb.txt (/etc/inittab 1/sbin/init) - Manual

    This adds sleep 300 to /etc/inittab and confirms sleep runs on reboot and does not run when the sleep is removed and the machine rebooted.


    9.10 virtconsole.txt (not valid for iSeries or zSeries) - Manual

    This verifies success and error cases for login as root using /sbin/mingetty with a virtual console.


    9.11 mount.txt - Manual

    Success and error cases for the mount command.


    9.12 /etc/init.d/audit.txt - Manual

    This verifies audit records are created when audit is started, stopped, restarted, and reloaded.


    9.13 aurun.txt - Manual

    Verifies aurun correctly attaches to LAuS.


    9.14 OpenSSL.txt - Manual

    This tests open SSL Interoperability using a self signed certificate for stunnel, creates a page containing, "Hello World", and confirms access to it.


    9.15 Coverage - Internal Interfaces (gcov)


    Chapter 10. Installation of test environment


    10.1 Red Hat installation

    Follow the Instructions in the Evaluated Configuration Guide for Red Hat Enterprise Linux 3 (EAL3). Start with reading "Introduction" and continue up to the "Automated configuration of the system" section. When in the "Creating additional user accounts for administrators" section, use the user name "ealuser" instead of "John Doe" and "jdoe".

    10.1.1 Automated configuration

    Proceed following the steps in the "Automated configuration of the system" section of the Evaluated Configuration Guide.

    Be sure you have installed the eal3-certification-doc RPM on your system your system before running the script.

    If running on the xSeries WS platform, you should comment vsftpd out of the svc-allow.conf file since vsftpd is not included on WS.

    When using the rhel-eal3.bash script, use the --add-optional option to pick up the files for Expect, Perl, the compiler, etc. The rpm path specified should contain BOTH /root/rpms and either the cdrom path or a server path where additional RPMs can be found. When prompted for the path, just select Enter, and the script should search both paths in the order given.

    Note that after running the script you are ready to install the test cases packages listed below. It is advisable to also read the remaining sections of the Evaluated Configuration Guide for more understanding of the system.

    10.1.2 Manual configuration

    If manually installing, proceed with the "Configuring filesystem parameters" section of the Evaluated Configuration Guide. Include the "tolerated" packages of the "EAL3 Evaluated Configuration Guide for Red Hat Enterprise Linux" (listed in section 3.5):

         autoconf                  laus-devel
         automake                  libattr-devel
         bison                     libstdc++-devel
         expect                    openldap-clients
         expect-devel              openssl-devel
         flex                      pam-devel
         gcc                       perl-Digest-HMAC
         gcc-c++                   perl-Digest-SHA1
         glibc-devel               strace
         kernel-source             texinfo
         krb5-devel                zlib-devel
    

    Continue through the "Reboot and initial network connection" section of the guide.


    10.2 Required test case support packages

    The packages listed above in the "Manual configuration" section and those listed below should be added to the installation for test case support if they are not already present. The actual package names will include version numbers as applicable for the release and platform. Use rpm -qa to find what is installed on the system. For example:

          rpm -qa *tcl*
    

     Package name    Where to find       Comments
    ----------------------------------------------------------------------
    tcl                  CD 2        # Required by tk and expect.
    tk                   CD 2        # Requires tcl first.
    laus-devel         Update 2      # audit
    pam                              # May already be installed
    laus                             # May already be installed
    perl-Expect        Separate      # See "Install  Perl Expect" below.
    perl-IO-Tty        Separate      # See "Install Perl Expect" below.
    perl-IO-Stty       Separate      # See "Install Perl Expect" below.
     
    x86-64 (Opteron) ONLY:
    ---------------------
     
    glibc-2.3.2-95.20.i386.rpm         CD 2          # Required by glibc-devel
    glibc-devel-2.3.2-95.20.i386.rpm   CD 3          # Requires glibc
    libattr-2.2.0-1.i386.rpm           CD1
     
    pSeries only:
    ------------
     
    glibc-2.3.2-95.20.ppc64.rpm         CD 2         # Required by amtu, laus,
                                                       laus-libs, shadow-utils,
                                                       vixiie-cron
     
    On pSeries, you may need to use --force on the rpm-Uvh *.rpm command.
    ------------------------------------------------------------------------
    


    10.3 Install Perl Expect

    10.3.1 Non-internet connected host


    10.4 fstab addition

    Add user_xattr (required by the tests) in addition to acl in the /etc/fstab file if they have not already been added. Make the changes only to the ext3 lines:

    LABEL=/          /            ext3       defaults,user_xattr,acl      1 1
    LABEL=/boot      /boot        ext3       defaults,user_xattr,acl      1 2
    


    10.5 zSeries steps

    To start the install login, then enter:

         #cp I CMS and the rhel3
    

    Here is a screen shot of the area in which you will need to enter information during the install:

    ports 0x600,0x601)
    Hipersocket interfaces need to be configured like qeth devices,
    p.e. qeth0,0x3000,0x3001,0x3002
    Additional parameters for QETH devices such as the portname
    should be entered at the next prompt, not here !
    qeth0,0x600,0x601,0x602
    Each OSA-Express feature in QDIO mode must be associated with a port name
    Enter additional parameters for your QETH device
    (e.g. "add_parms,0x10,{lo_devno,hi_devno},portname:port_name")
    Press enter if you don't want to enter additional parameters
    add_parms,0x10,0x600,0x602,portname:test
    Enter the broadcast address for the new Linux guest:
    9.56.214.55
    

    The three things you will need to enter are:

      qeth0,0x600,0x601,0x602
      add_parms,0x10,0x600,0x602,portname:test
      9.56.214.55
    

    Then the system will tell you to sshd to 9.56.214.51 to continue the install. From that point it is a standard redhat installation on s390.


    10.6 Additional test requirement

    If it is not already running you should start vsftpd:

         /etc/init.d/vsftpd start
    

    If running on the xSeries WS platform, you should not try to start vsftpd since it is not included on WS.


    Chapter 11. Installation of testcases

    Execute initial ssh to localhost as root to establish authenticity of "localhost'. (This only needs to be performed once per freshly installed machine.)

       ssh ealuser@localhost   (Answer "Yes" to, "Are you sure you want to continue
                                connecting?" and enter the password when requested.)
    

    Use one of the two methods listed below to install the test files.

    A - First method

    Downloading test files using cvs command - use this OR method B below.

    Note: The /tmp directory is shown in these examples, but Red Hat routinely cleans up /tmp, so another directory accessible by all users may be a better choice.

    To download the whole test bucket and autoinstall to a Linux system which has cvs installed:

       mkdir /tmp/rhcc
       cd /tmp/rhcc
       export CVS_RSH=ssh
       export CVSROOT=yourid@cvs.opensource.ibm.com:/cvsroot/rhcc
       cvs co .
       (Note:  be sure to use the dot at the end.)
     
             OR - For anonymous access (read authority only):
     
      cvs -z9 -d:pserver:anonymous@cvs.opensource.ibm.com:/cvsroot/co .
       (Note:  be sure to use the dot at the end.)
    

    To only download a certain test, use the test name instead of "." in the command above.

    B - Second method

    Installing all tests from the .tar.gz file - use this OR method A above.

    Note: The /tmp directory is shown in these examples, but Red Hat routinely cleans up /tmp, so another directory accessible to all users is a better location.

    When it is available, retrieve linux_security_test_suite_EAL3.tar.gz from the rhcc IIOSB project to the target test machine.

    To download, use one of the following steps.

    11.0.1 Downloading test files from the web

    To find the tests, use one the following methods:

         http://w3.opensource.ibm.com
         In the blue panel to the left, log in.
         Search Projects for rhcc for Red Hat.
         Click on REL3 Common Criteria Evaluation
         In the blue panel on the left, click on "Browse ViewCVS."
     
                     - OR -
     
         http://cvs.opensource.ibm.com
         Select ViewCVS.
         Scroll down to select rhcc and click on it.
    

    Either method above will display a list of the tests. Click on the appropriate package and select download. If downloading from another machine, copy this file to the test machine.

    Note: When downloaded to an XP system, the extension may change from .tar.gz to .tar.tar. Just name it back to the .gz extension and proceed.

    If the .tar.gz file is available and you have downloaded it, extract the files into a directory readable by all, such as /tmp/rhcc. You may get an error unless the perl and perl Expect files are unzipped in the same directory.

         cp linux_security_test_suite_EAL3.tar.gz  /tmp/rhcc
         cd /tmp
         chmod 777 rhcc
         cd rhcc
         gunzip linux_security_test_suite_EAL3.tar.gz
         tar -xvf linux_security_test_suite_EAL3.tar
    


    Chapter 12. Add a user

    Ealuser should be created as follows:


    Chapter 13. Test execution


    13.1 Notes


    13.2 Building All Automated Testcases

    The set of automated tests is comprised of 5 separate suites: at_test_EAL, ext3_ACLs_tests, laus_test, ltp_EAL2, and ltp_OpenSSL. Instructions for running each individual suite are provided in the following sections. However, it is possible to run the entire set of tests from the test root directory by following the instructions below.

    A summary run.log file will be created in the test root directory. More detailed output will be located in the test suite directory in the <suite_name>.run.log file.

    13.2.1 REQUIRED CLEANUP

    After running the laus_test, the /etc/audit/filter.conf file will be damaged. Copy the filter.conf.default file from CVS rhcc/tools and rename it filter.conf to restore the file.

    The sections below describe how to run each automated test individually.


    13.3 Running automated testcases individually

    Be SURE you have done the correct setup following the "EAL3 Evaluated Configuration Guide for Red Hat Enterprise Linux" before running any tests.

    Be SURE "/usr/sbin" and "." are included in your PATH environment variable.

    13.3.1 LTP Compliant Testcases - ltp_EAL2

    13.3.1.1 Special instructions - 32 bit compile, 64 bit system

    On 64 bit systems, it is required to compile and execute the syscalls tests using both 32 bit and 64 bit (two passes per 64 bit platform).

    To run syscalls only, use the runsyscalls.sh file, which is a subset of the runalltests.sh file and executes the following in the runtest directory:

         ${LTPROOT}/runtest/file_io_sys_calls
         ${LTPROOT}/runtest/process_control_sys_calls
         ${LTPROOT}/runtest/vmm_sys_calls
         ${LTPROOT}/runtest/id_auth_sys_calls
         ${LTPROOT}/runtest/syscalls
    

    To build the syscalls tests in 32 bit mode on a 64 bit system:

        make clean
        make cleanup
        make MODE=32 2>&1 | tee make32_1.log
        make install 2>&1 | tee make32_2.log
        ./runsyscalls.sh -N -p -l logfile 2>&1 | tee runit32.log
    

    13.3.1.2 Expected failures

    13.3.1.3 Problems and solutions

    If msgget, msgctl, msgrcv and msgsnd have failures, try rebooting the system; there may not be an available message queue.

    If ftp04 fails, check that /etc/vsftpd.ftpusers is not empty. The file has been saved on CVS in rhcc/tools; download it and rerun. Another reason ftp04 may fail is if the connection is being refused, which does not return the expected error. Solution: Be sure vsftpd is running and start it if needed.

    13.3.2 At Testcase - at_test_EAL (standalone)

    13.3.3 ACL Testcases - ext3_ACLs_tests (standalone)

    13.3.4 Open SSL Tests - ltp_OpenSSL

    13.3.4.1 Problems and solutions

    If the login authentication test is failing, be SURE you have correctly set the REFERENCE_PLATFORM_SUCCESS_STRING. If it fails using the IP address, try using the fully qualified host name.

    13.3.5 Audit Tests - laus_test

    If it is not already running you should start vsftpd:

         /etc/init.d/vsftpd start
    

    This does not apply for xSeries WS since vsftpd is not included on WS.

    Please note that the audit files will grow indefinitely if you have the following in audit.conf:

         notify="/usr/sbin/audbin -S /var/log/audit.d/save.%u-C"
    

    A solution is to replace the notify command in /etc/audit/audit.conf with:

         /usr/sbin/audbin -C
    

    If you will be running on a 64 bit system (iSeries, pSeries, or Opteron), you will need to run the test compiled 64 bit and then again compiled 32 bit. Between runs on Opteron ONLY, delete the CVS tree and check it out again before building the next version. Apparently make clean is not doing a complete cleanup, and you will have failures when you run the second version. A test bug was written to fix this in the future.

    13.3.5.1 Standard instructions

    To run all tests at once:

    13.3.5.2 32 bit compile on 64 bit system instructions

    On 64 bit systems, the syscalls tests are to be compiled and executed using 32 bit and 64 bit (2 passes per 64 bit platform.)

    To run in MODE=32 (32 bit mode) on ppc64, do the following after running the full laus_test using 64 bit mode:

    1. Do a "make clean" command to be sure everything is cleaned out.

    2. cd laus_test/syscalls.

    3. Do "make MODE=32".

    4. Run the syscalls tests: ./syscalls &> ./syscalls.run.log

    To run in MODE=32 (32 bit mode) on Opteron, do the following after running the full laus_test using 64 bit mode:

    1. Delete the whole CVS tree.

    2. Check out the tree from CVS again.

    3. cd laus_test/syscalls.

    4. Do "make MODE=32".

    5. Run the syscalls tests: ./syscalls &> ./syscalls.run.log

    We are only concerned with running the syscalls tests using 32 bit, not the rest of the laus tests.

    13.3.5.3 REQUIRED CLEANUP

    After running the laus_test, the /etc/audit/filter.conf file will be damaged. Copy the filter.conf.default file from CVS rhcc/tools and rename it filter.conf to restore the file.

    13.3.5.4 Expected laus_test summaries

    Search the .log files for "FAIL" and for "test invalid". Be sure neither is found and everything indicates success.

    See examples of laus_test results in Appendix F.

    13.3.5.5 Expected laus test failures for Red Hat EAL3

    As of 6/30/04, these are expected results:

                    xSeries AS:
                     PASSED: 1162
                     FAILED: 2
                      adjtimex - 2 - bugzilla 9277 (syscall parameter buffer)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    xSeries WS:
                     PASSED: 1162
                     FAILED: 2
                      adjtimex - 2 - bugzilla 9277 (syscall parameter buffer)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    zSeries AS:
                     PASSED: 1132
                     FAILED: 4
                      adjtimex - 2 - bugzilla 9277 (syscall parameter buffer)
                      semtimedop - 2 - bugzilla 9752 (testcase)
                     SKIPPED: 24
                      brk - 4 - fail case N/A
                      clone - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    iSeries AS compiled 64bit:
                     PASSED: 890
                     FAILED: 10
                      adjtimex - 2 - bugzilla 9277 (syscall parameter buffer)
                      umount - 8 - bugzilla 9615 (test invalid)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    iSeries AS compiled 32bit:
                     PASSED: 852
                     FAILED: 48
                      adjtimex - 4 - bugzilla 9277 (syscall parameter buffer)
                      msgrcv - 4 - bugzilla 9281 (syscall parameter NULL)
                      msgctl - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      msgctl_eperm - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      msgsnd - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      semop - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      semtimedop - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      setrlimit - 4 - bugzilla 9319 (syscall paramter max=infinite)
                      shmat - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmat_eacces - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmctl - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmctl_eacces - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    pSeries AS compiled 64bit:
                     PASSED: 890
                     FAILED: 10
                      adjtimex - 2 - bugzilla 9277 (syscall parameter buffer)
                      umount - 8 - bugzilla 9615 (test invalid)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    pSeries AS compiled 32bit:
                     PASSED: 852
                     FAILED: 48
                      adjtimex - 4 - bugzilla 9277 (syscall parameter buffer)
                      msgrcv - 4 - bugzilla 9281 (syscall parameter NULL)
                      msgctl - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      msgctl_eperm - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      msgsnd - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      semop - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      semtimedop - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      setrlimit - 4 - bugzilla 9319 (syscall paramter max=infinite)
                      shmat - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmat_eacces - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmctl - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmctl_eacces - 4 - bugzilla 9279 (syscall parameter error=Unknown error)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    Opteron AS compiled 64bit:
                     PASSED: 874
                     FAILED: 2
                      adjtimex - 2 - bugzilla 9277 (syscall parameter buffer)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    
                    Opteron AS compiled 32bit:
                     PASSED: 840
                     FAILED: 36
                      adjtimex - 4 - bugzilla 9277 (syscall parameter buffer)
                      msgrcv - 4 - bugzilla 9281 (syscall parameter NULL)
                      shmat - 2 - bugzilla 9279 (syscall parameter error=Unknown error)
                      shmat_eacces - 2 - bugzilla 9279 (syscall parameter error=Unknown error)
                      create_module - 8 - (test invalid)
                      delete_module - 8 - (test invalid)
                      query_module - 8 - (test invalid)
                     SKIPPED: 20
                      brk - 4 - fail case N/A
                      exit - 4 - fail case N/A
                      fork - 4 - fail case N/A
                      umask - 4 - fail case N/A
                      vfork - 4 - fail case N/A
    

    13.3.5.6 Problems and solutions

    13.3.6 AMTU

    AMTU installs to /usr/bin/amtu by default. You can add optional command line arguments (see the AMTU man page (amtu.8) for more details). You can run the test without any options to execute all five tests, but verify that all have been run (See example output below). You can also run each test individually and may need to do this on zSeries or the -n option could cause failure.

        amtu -m
        amtu -s
        amtu -i
        amtu -n  DON'T RUN THIS OPTION ON ISERIES OR ZSERIES; NOT SUPPORTED.
        amtu -p
    

    Copy and paste the results to a .log file and save it on CVS using the appropriate naming convention, then run the following:

        augrep -e TEXT -X amtu 2>&1 | tee amtuaudit.log
    

    Verify an audit record exists for each amtu command in amtuaudit.log and that all indicate success, then save the file on CVS using the naming convention.

    13.3.6.1 Interpreting Results

    AMTU issues the following return codes when executed:

        * -1 - Program abort error
        *  0 - Successful program completion
    

    If the error is repeatable, you can re-run amtu with the -d option to get more information about the failure. The success or failure of AMTU is logged in the audit log files (see auditd.8).

    The results from performing the first five runs listed above should be:

       Executing Memory Test...
       Memory Test SUCCESS!
       Executing Memory Separation Test...
       Memory Separation Test SUCCESS!
       Executing I/O Controller - Disk Test...
       I/O Controller - Disk Test SUCCESS!
       Executing Network I/O Tests...
       Network I/O Controller Test SUCCESS!
       Executing Supervisor Mode Instructions Test...
       Privileged Instruction Test SUCCESS!
    

    13.3.6.2 Problems and solutions

    If the auditing test fails, check the /etc/audit/filter.conf file. If this file has been corrupted or is empty or missing, a good copy can be picked up from CVS: rhcc/tests/amtu/config/filter.conf.default. Rename it to filter.conf and copy it to /etc/audit.

    13.3.7 Manual Tests

    Mounir Bsaibes has created scripts for some of these tests which can be used instead manually entering the commands. They can be found on CVS in rhcc/tests/manual/mt.tar.

    13.3.7.1 audit(manual test)

    Step 14 - "Run dmesg" - dmesg does not return anything. Instead use:

         augrep -e "TEXT" | tail -1
    

    This will show that the configuration file was reloaded.

    13.3.7.2 login (manual test)

    The faillog portion of the login test does not work as described. Failed login attempts are recorded by the audit subsystem.

    13.3.7.3 mount (manual test)

    On zSeries, test case failures are expected due to differences in errno values. Tests 8 and 9 of mount02 expect errno 14 (EFAULT) but receive errno 19 (ENODEV) and 22 (EINVAL) respectively. The difference in errno values does not pose any security problems.

    13.3.7.4 OpenSSL Interoperability Test (manual test)

    The test using the TDES cipher with OpenSSL is expected to fail because the cipher is not supported in the evaluation configuration.

    13.3.7.5 serialterm (manual test)

    This test can not be run on remote systems (iSeries, zSeries).

    Use the following in /etc/inittab instead of what is shown in the test:

      srl0:2345:respawn:/sbin/mgetty -r -s 9600 -x 3 /dev/ttyS0
    

    13.3.8 Internal Interfaces - using gcov instrumented kernel

    So far there has only been success instrumenting kernels for the X platform, but since the code is common regardless of the platform, this should be sufficient coverage to confirm the functions are called.


    Chapter 14. Quality information


    14.1 System Test Entry Criteria

    System test will begin upon availability of the Red Hat Update 2 golden master.


    14.2 System Test Exit Criteria


    14.3 Retention of test cases

    The files used for this testing will be stored on CVS in the rhcc project.


    14.4 Retention of test results

    Results of preliminary and final executions will be saved temporarily on the test machines. The results of the final executions will be stored on CVS in the rhcc project, testResults directory. Under the testResults directory are the "REALLYfinal", "final", and "preliminary" directories. The results in the "preliminary" directory are test executions run using either the pre-beta or beta versions of Update 2, and possibly early executions using the GA version of Update 2. The "final" directory contains only the executions run using the GA version of Update 2, the errata, and the official manual configuration steps. The "REALLYfinal" directory contains the final (formal) executions which were run using the GA version of Update 2, the errata, the NEW kernel with patches for bugs found with SPARSE, AND the final configuration script.

    14.4.1 Naming convention for test results

    Under the final and preliminary directories each test case will have a directory. Results for each execution will be stored under the appropriate test directory and will use the following naming convention to indicate the platform, AS or WS (if applicable), version (including processor type), the results file name, and compile mode (where applicable).

       <platform>_<as|ws>_<version>_<filename>_<mode> where
       platform: x,z,p,i,o    ( xSeries, zSeries, pSeries, iSeries, opteron)
       On x only, "as" or "ws" for advanced server or workstation.
       version: "U2+errataUP", "U2+errataSMP"
       mode:  (32, 64) - for 32B or 64B test compile; applies to P, I, Opteron
              for the syscalls only.
     
       For example:
     
        p_U2+errataUP_mytest.log32
        X_AS_U2+errataSMP_mytest.log
    


    14.5 Problem Reporting and Tracking


    Chapter 15. Appendix A - Execution plan

    This is the tentative Execution Plan for Red Hat EAL3 security function verification. This portion of the plan will be updated with actual dates as the product is under test. This document will be the best source to determine in what state the product test is in. It is important to also list key milestones or checkpoints so others will be able to determine how the project is going.


    Checkpoint Test Cases Plan Test Start Actual Test Start Plan Test Completion Actual Completion
    Testcase porting All 03/18/04 03/18/04 06/14/04 06/22/04
    Preliminary testing All 03/18/04 03/18/04 06/14/04 06/22/04
    Final testing All 06/24/04 06/26/04 06/25/04 06/30/04


    Chapter 16. Appendix B - manual tests sample results template for CVS

    Summary: <number> PASS/FAIL.
     
    Host name: ????
    Hardware: ????
    ???? CPUs ????
    RAM total ???? KB
     
    Assumption:  All tests should be run from the console unless otherwise stated.
     
    ***************************************************************************
    * login
    *
    * Test started 2004--xx xx:xx CET. One ???? for "faillog", rest ????
     
    PASS/FAIL: attempt to login (not from the console) via ssh to "root" with a valid: fails
     
    PASS/FAIL: login as "root" password "x": fails
     
    PASS/FAIL: login as "x" password "x": fails
     
    PASS/FAIL: "/bin/su -" to root only works if the user is part of the wheel group
     
    PASS/FAIL: login as "root", valid password: succeeds
     
    PASS/FAIL: "id" command shows correct uid=0 identity
     
    PASS/FAIL: faillog does *NOT* work as expected. No output.
     
    PASS/FAIL: lastlog shows correct record.
    FILL_IN
            root             tty1                      Fri Nov 28 19:18:18 -0600 2003
     
    
    PASS/FAIL: "augrep -e TEXT -U AUTH_failure" command shows failed login attempts in audit records:
    FILL_IN
            2003-11-28T19:17:54     26    665       -1 [AUTH_failure]
                    PAM authentication: user=root (hostname=?, addr=?, terminal=/dev/tty1)
            2003-11-28T19:18:10     28    665       -1 [AUTH_failure]
                    PAM authentication: user=? (hostname=?, addr=?, terminal=/dev/tty1)
     
    PASS/FAIL: "augrep -e TEXT -U AUTH_success" command shows successful login attempts in libpam audit records:
    FILL_IN
            2003-11-28T19:18:18     29    665       -1 [AUTH_success]
                    PAM authentication: user=root (hostname=?, addr=?, terminal=/dev/tty1)
     
    PASS/FAIL: "augrep -e LOGIN" command shows successful login attempts in pam_laus audit records:
    FILL_IN
            2003-11-28T19:18:18     32    665     root [AUDIT_login]
                    LOGIN: uid=0, terminal=/dev/tty1, executable=/lib/libnss_compat.so.2
     
    
    ***************************************************************************
    * serialterm: /etc/inittab 1/etc/securetty
    *
    * Test started <date>. Summary of PASS/FAIL.
     
    - serial terminal connected, inittab line added, "init q" run.
    - add "S0:2345:respawn:/sbin/agetty -L 9600 ttyS0" to /etc/inittab
    - reboot the machine
     
    PASS/FAIL: root access is denied as expected:
    FILL_IN
            ppc64cc login: root
            Password:
            Login incorrect
     
    - add "ttyS0" to /etc/securetty
     
    PASS/FAIL: root login now works as expected:
    FILL_IN
            ppc64cc login: root
            Password:
            You have new mail in /var/mail/root.
            Last login: Fri Nov 28 19:18:18 on tty1
            ppc64cc:~ #
     
    
    ***************************************************************************
    * inittab:  /etc/inittab
    *
    * Test started 2003-11-xx xx:xx CET. All ????
     
    - add "TEAL:2345:respawn:/bin/sleep 300" line to /etc/inittab
     
    - reboot the machine (optionally change init level or run "init q")
     
    PASS/FAIL: expected "sleep" process is present:
    FILL_IN
            ppc64cc:~ # ps -ef | grep "/bin/sleep 300"
            root       730     1  0 19:23 ?        00:00:00 /bin/sleep 300
     
    - remove line again from /etc/inittab, reboot (optionally change init level or run "init q")
    PASS/FAIL: "sleep" process is gone as expected:
    Note: the "grep" output is the "grep" command itself, not the "sleep".
    FILL_IN
            INIT: Sending processes the TERM signal
            ppc64cc:~ # ps -ef | grep "/bin/sleep 300"
            root       736   713  0 19:23 ttyS0    00:00:00 grep /bin/sleep 300
     
    
    ***************************************************************************
    * virtualconsole:  /sbin/mingetty
    *
    * Test started 2003-11-xx xx:xx CET. All ????
     
    - open virtual console 3 via <Ctrl>-<Alt>-<F3>
     
    PASS/FAIL: login as "root" password "x": fails as expected.
     
    PASS/FAIL: login as "root" with valid password: succeeds as expected.
     
    - execute "w" command:
    FILL_IN
            ppc64cc:~ # w
             19:25:51 up 9 min,  3 users,  load average: 0.00, 0.03, 0.03
            USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
            root     tty1      19:18    2:04   0.10s  0.04s -bash
            root     tty3      19:25    2.00s  0.09s  0.04s -bash
            root     ttyS0     19:22    0.00s  0.03s  0.01s w
     
    PASS/FAIL: expected output TTY=tty3 is present
     
    PASS/FAIL: expected output USER=root is present
     
    PASS/FAIL: LOGIN@=xx:xx is correct
     
    
    ***************************************************************************
    * mount
    *
    * Test started 2003-11-xx xx:xx CET. All ????
     
    - create a block device for testing:
     
            dd if=/dev/zero of=block.img count=2880
            losetup /dev/loop0 block.img
            mke2fs /dev/loop0
     
    - change directory to the ltp_EAL2 testcases: /ltp_EAL2/testcases/
    - and compile to get mount0* executables:
     
            cd /home/ealuser/rhcc/tests/ltp_EAL2/testcases
            make
            cd /home/ealuser/rhcc/tests/ltp_EAL2/testcases/bin
     
    PASS/FAIL: run the mount test cases:
     
            ppc64cc:/eal3/ltp_EAL2/testcases/bin # ./mount01 -D /dev/loop0
            mount01     1  ????  :  mount(2) Passed
            ppc64cc:/eal3/ltp_EAL2/testcases/bin # ./mount02 -D /dev/loop0
            mount02     1  ????  :  mount(2) expected failure; Got errno - ENODEV : Fstype not configured
            mount02     2  ????  :  mount(2) expected failure; Got errno - ENOTBLK : Not a block device
            mount02     3  ????  :  mount(2) expected failure; Got errno - EBUSY : Already mounted/busy
            mount02     4  ????  :  mount(2) expected failure; Got errno - EBUSY : Cannot remount as read-only
            mount02     5  ????  :  mount(2) expected failure; Got errno - EINVAL : Invalid  device
            mount02     6  ????  :  mount(2) expected failure; Got errno - EINVAL : Invalid  fstype
            mount02     7  ????  :  mount(2) expected failure; Got errno - EINVAL : Attempted remounted without mounting
            mount02     8  ????  :  mount(2) expected failure; Got errno - EFAULT : Invalid address space for fstype
            mount02     9  ????  :  mount(2) expected failure; Got errno - EFAULT : Invalid address space for Device
            mount02    10  ????  :  mount(2) expected failure; Got errno - ENAMETOOLONG : Pathname too long
            mount02    11  ????  :  mount(2) expected failure; Got errno - ENOENT : Pathname empty
            mount02    12  ????  :  mount(2) expected failure; Got errno - ENOENT : Directory not found
            mount02    13  ????  :  mount(2) expected failure; Got errno - ENOTDIR : Not a Directory
            ppc64cc:/eal3/ltp_EAL2/testcases/bin # ./mount03 -D /dev/loop0
            mount03     1  ????  :  mount(2) Passed for rwflag MS_RDONLY - mount read-only
            mount03     2  ????  :  mount(2) Passed for rwflag MS_NODEV - disallow access to device special files
            mount03     3  ????  :  mount(2) Passed for rwflag MS_NOEXEC - disallow program execution
            mount03     4  ????  :  mount(2) Passed for rwflag MS_SYNCHRONOUS - writes are synced at once
            mount03     5  ????  :  mount(2) Passed for rwflag MS_REMOUNT - alter flags of a mounted FS
            mount03     0  WARN  :  chmod() failed to change mode  4511 errno = 0 : Success
            mount03     6  ????  :  mount(2) Passed for rwflag MS_NOSUID - ignore suid and sgid bits
            mount03     0  WARN  :  tst_rmdir(): rmobj(/tmp/moufcx4j9) failed: unlink(/tmp/moufcx4j9/mnt_782/tmp2) failed; errno=13: Permission denied
            mount03     6  ????  :  mount(2) Passed for rwflag MS_NOSUID - ignore suid and sgid bits
            ppc64cc:/eal3/ltp_EAL2/testcases/bin # ./mount04 -D /dev/loop0
            mount04     1  ????  :  mount(2) expected failure; Got errno - EPERM : User not Super User/root
     
    - cleanup:
     
            losetup -d /dev/loop0
            rm block.img
     
    
    ***************************************************************************
    * audit:  /etc/init.d/audit
    *
    * Test started 2003-11-xx xx:xx CET. All ????
     
    - ensure auditd not running: "killall auditd" or "killall auditd64":
    FILL_IN
            ppc64cc:~ # killall auditd64
            ppc64cc:~ # killall auditd64
            auditd64: no process killed
     
    - save /etc/audit/filter.conf to /etc/audit/filter.conf.orig
    - use specific filter.conf:
    FILL_IN:
            ppc64cc:~ # echo 'event user-message = always;' > /etc/audit/filter.conf
            ppc64cc:~ # /etc/init.d/audit start
            Starting audit subsystem                                   done
     
    PASS/FAIL: start audit: "/etc/init.d/audit start" & verify AUDIT_start message is present:
    FILL_IN
            ppc64cc:~ # augrep -e TEXT | tail -1
            2003-11-28T19:30:47    855     root [AUDIT_start] audit system started
     
    PASS/FAIL: run "/etc/init.d/audit status" and verify "running" status is displayed:
    FILL_IN:
            ppc64cc:~ # /etc/init.d/audit status
            Checking for audit daemon:                                 running
     
    PASS/FAIL: test restart:
    FILL_IN:
            ppc64cc:~ # /etc/init.d/audit restart
            Shutting down audit subsystem                              done
            Starting audit subsystem                                   done
     
    PASS/FAIL: the expected AUDIT_stop and AUDIT_start messages are present:
    FILL_IN:
            ppc64cc:~ # augrep -e TEXT | tail -2
            2003-11-28T19:31:32    855     root [AUDIT_stop] audit system stopped
            2003-11-28T19:31:32    907     root [AUDIT_start] audit system started
     
    
    PASS/FALL: test condrestart:
    FILL_IN:
            ppc64cc:~ # /etc/init.d/audit condrestart
            Shutting down audit subsystem                              done
            Starting audit subsystem                                   done
     
    PASS/FAIL: the expected AUDIT_stop and AUDIT_start messages are present:
    FILL_IN:
            ppc64cc:~ # augrep -e TEXT | tail -2
            2003-11-28T19:32:07    907     root [AUDIT_stop] audit system stopped
            2003-11-28T19:32:07    961     root [AUDIT_start] audit system started
     
    - turn on audit debugging:
    FILL_IN:
            ppc64cc:~ # echo 2 > /proc/sys/dev/audit/debug
     
    - clear dmesg buffer (also use -c after each test):
    FILL_IN:
            ppc64cc:~ # dmesg -c >/dev/nul
     
    - do reload:
    FILL_IN:
            ppc64cc:~ # /etc/init.d/audit reload
            Reload audit configuration                                 missing
     
    PASS/FAIL: the expected auditf_read message is present:
    FILL_IN:
            ppc64cc:~ # dmesg -c | grep read
            auditf_read: called.
     
    - do "force reload":
    FILL_IN:
            ppc64cc:~ # /etc/init.d/audit force-reload
            Reload audit configurationppc64cc:~ #
     
    PASS/FAIL: the expected auditf_read message is present:
    FILL_IN:
            ppc64cc:~ # dmesg -c | grep read
            auditf_read: called.
     
    - Turn off debugging
    FILL_IN:
            ppc64cc:~ # echo 0 > /proc/sys/dev/audit/debug
     
    - stop audit
    FILL_IN:
            ppc64cc:~ # /etc/init.d/audit stop
            Shutting down audit subsystem                              done
     
    PASS/FAIL: AUDIT_stop message is present
     
            ppc64cc:~ # augrep -e TEXT | tail -1
            2003-11-28T19:34:12    961     root [AUDIT_stop] audit system stopped
     
    - restore original audit configuration by copying
    - /etc/audit/filter.conf.orig to /etc/audit/filter.conf
     
            ppc64cc:~ #
     
    
    ***************************************************************************
    * aurun
    *
    * Test started 2003-11-xx xx:xx CET. All ????
     
    - disabled pam_laus.so entry in /etc/pam.d/sshd by commenting out the entire line with a #.
     
    - log in using ssh, "/bin/su -" to root.
     
    - cd laus_test/audit_tools/
     
    - run "aurun make run"
     
            ./au_exit &> ./au_exit.run.log
            ./au_login &> ./au_login.run.log
            ./au_netlink &> ./au_netlink.run.log
            ./au_syscalls &> ./au_syscalls.run.log
            ./au_trustedpgms &> ./au_trustedpgms.run.log
     
            ppc64cc:/eal3/laus_test/audit_tools # ls -l *.run.log
            -rwxrwxrwx    1 root     root         1753 Nov 28 19:37 au_exit.run.log
            -rwxrwxrwx    1 root     root          978 Nov 28 19:38 au_login.run.log
            -rwxrwxrwx    1 root     root         1202 Nov 28 19:42 au_netlink.run.log
            -rwxrwxrwx    1 root     root         1733 Nov 28 19:43 au_syscalls.run.log
            -rwxrwxrwx    1 root     root          510 Nov 28 19:43 au_trustedpgms.run.log
     
    PASS/FAIL: all tests completed successfully:
     
            ppc64cc:/eal3/laus_test/audit_tools # grep FAILED *.run.log
            au_exit.run.log:TEST ????ED = 27, FAILED = 0
            au_login.run.log:TEST ????ED = 11, FAILED = 0
            au_netlink.run.log:TEST ????ED = 22, FAILED = 0
            au_syscalls.run.log:TEST ????ED = 26, FAILED = 0
            au_trustedpgms.run.log:TEST ????ED = 5, FAILED = 0
     
    - cleanup: re-activate pam_laus.so in /etc/pam.d/sshd by uncommenting it out
    

    In the template above, the areas marked with "????" and the indented sections showing command output are those that need to be filled in, usually by cut&paste from the ssh window.

    Since the template contains most of the commands you need to run, you can also use cut&paste to avoid having to retype them. Just copy the commands from the template into the ssh window, then copy the output (including the command line) back into the template and delete the old text.

    It is important to make sure that it's very clear what tests were run on which machine at which time, and with what results.


    Chapter 17. Appendix C - AMTU example results

    AMTU runs:
     
    Executing Memory Test...
    Memory Test SUCCESS!
    Executing Memory Separation Test...
    Memory Separation Test SUCCESS!
    Executing Network I/O Tests...
    Network I/O Controller Test SUCCESS!
    Executing I/O Controller - Disk Test...
    I/O Controller - Disk Test SUCCESS!
    Executing Supervisor Mode Instructions Test...
    Privileged Instruction Test SUCCESS!
    

    Example of AMTU with augrep on an xSeries SMP system:

    2004-06-17T04:08:21   5982  ealuser [ADMIN_amtu] amtu - Memory Test succeeded
    2004-06-17T04:08:21   5982  ealuser [ADMIN_amtu] amtu - Memory Separation Test succeeded
    2004-06-17T04:08:21   5982  ealuser [ADMIN_amtu] amtu - Network I/O Controller Test succeeded
    2004-06-17T04:08:25   5982  ealuser [ADMIN_amtu] amtu - I/O Controller - Disk Test succeeded
    2004-06-17T04:08:25   5982  ealuser [ADMIN_amtu] amtu - Privileged Instruction Test succeeded
    2004-06-17T04:08:25   5982  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T04:15:47   6001  ealuser [ADMIN_amtu] amtu - Memory Test succeeded
    2004-06-17T04:15:47   6001  ealuser [ADMIN_amtu] amtu - Memory Separation Test succeeded
    2004-06-17T04:15:47   6001  ealuser [ADMIN_amtu] amtu - Network I/O Controller Test succeeded
    2004-06-17T04:15:51   6001  ealuser [ADMIN_amtu] amtu - I/O Controller - Disk Test succeeded
    2004-06-17T04:15:51   6001  ealuser [ADMIN_amtu] amtu - Privileged Instruction Test succeeded
    2004-06-17T04:15:51   6001  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T04:26:29   6058  ealuser [ADMIN_amtu] amtu - Memory Test succeeded
    2004-06-17T04:26:29   6058  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T04:52:59   6092  ealuser [ADMIN_amtu] amtu - Memory Test succeeded
    2004-06-17T04:52:59   6092  ealuser [ADMIN_amtu] amtu - Memory Separation Test succeeded
    2004-06-17T04:52:59   6092  ealuser [ADMIN_amtu] amtu - Network I/O Controller Test succeeded
    2004-06-17T04:53:03   6092  ealuser [ADMIN_amtu] amtu - I/O Controller - Disk Test succeeded
    2004-06-17T04:53:03   6092  ealuser [ADMIN_amtu] amtu - Privileged Instruction Test succeeded
    2004-06-17T04:53:03   6092  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T04:53:30   6109  ealuser [ADMIN_amtu] amtu - Memory Test succeeded
    2004-06-17T04:53:30   6109  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T05:12:47   6112  ealuser [ADMIN_amtu] amtu - Memory Test succeeded
    2004-06-17T05:12:48   6112  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T05:13:40   6113  ealuser [ADMIN_amtu] amtu - Memory Separation Test succeeded
    2004-06-17T05:13:40   6113  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T05:13:51   6123  ealuser [ADMIN_amtu] amtu - I/O Controller - Disk Test succeeded
    2004-06-17T05:13:51   6123  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T05:14:01   6124  ealuser [ADMIN_amtu] amtu - Network I/O Controller Test succeeded
    2004-06-17T05:14:01   6124  ealuser [ADMIN_amtu] amtu completed successfully.
    2004-06-17T05:14:17   6125  ealuser [ADMIN_amtu] amtu - Privileged Instruction Test succeeded
    2004-06-17T05:14:17   6125  ealuser [ADMIN_amtu] amtu completed successfully.
    


    17.1 Debug output

    The addresses in the output will differ, but results should be the same.

    Executing Memory Test...
    Total amount of physical memory in kB: 383128
    Amount of memory in kB we can allocate: 38312
    Successfully allocated memory amount in kB: 38312
    Writing random values to memory...
    Verifying memory values...
    Memory Test SUCCESS!
    Executing Memory Separation Test...
    Setting effective UID of user nobody to: 99
    Effective UID is now: 500
    Line from /proc/self/maps: 08048000-0804d000 r-xp 00000000 03:02 1343869    /usr /local/bin/amtu
    start 0x8048000, end 0x804d000, flags r-xp
    Writing to Memory Address 0x804884c
    caught the fault 11
    Reading Memory Address 0x9dced8
    caught the fault 11
    Line from /proc/self/maps: 0804d000-0804e000 rw-p 00005000 03:02 1343869    /usr /local/bin/amtu
    start 0x804d000, end 0x804e000, flags rw-p
    Line from /proc/self/maps: 0804e000-0806e000 rw-p 00000000 00:00 0
    start 0x804e000, end 0x806e000, flags rw-p
    Line from /proc/self/maps: b7492000-b749d000 r-xp 00000000 03:02 557095     /lib /libnss_files-2.3.2.so
    start 0xb7492000, end 0xb749d000, flags r-xp
    Writing to Memory Address 0xb7493250
    caught the fault 11
    Reading Memory Address 0x5b9f5f9c
    caught the fault 11
    Line from /proc/self/maps: b749d000-b749e000 rw-p 0000a000 03:02 557095     /lib /libnss_files-2.3.2.so
    start 0xb749d000, end 0xb749e000, flags rw-p
    Line from /proc/self/maps: b74a7000-b74a8000 rw-p 00000000 00:00 0
    start 0xb74a7000, end 0xb74a8000, flags rw-p
    Reading Memory Address 0xb749fb78
    caught the fault 11
    Line from /proc/self/maps: b74a8000-b75da000 r-xp 00000000 03:02 425997     /lib /tls/libc-2.3.2.so
    start 0xb74a8000, end 0xb75da000, flags r-xp
    Writing to Memory Address 0xb74e0fb8
    caught the fault 11
    Line from /proc/self/maps: b75da000-b75de000 rw-p 00131000 03:02 425997     /lib /tls/libc-2.3.2.so
    start 0xb75da000, end 0xb75de000, flags rw-p
    Line from /proc/self/maps: b75de000-b75e1000 rw-p 00000000 00:00 0
    start 0xb75de000, end 0xb75e1000, flags rw-p
    Line from /proc/self/maps: b75ea000-b75eb000 rw-p 00001000 00:00 0
    start 0xb75ea000, end 0xb75eb000, flags rw-p
    Reading Memory Address 0xb75e1e98
    caught the fault 11
    Line from /proc/self/maps: b75eb000-b7600000 r-xp 00000000 03:02 557062     /lib /ld-2.3.2.so
    start 0xb75eb000, end 0xb7600000, flags r-xp
    Writing to Memory Address 0xb75ebf30
    caught the fault 11
    Line from /proc/self/maps: b7600000-b7601000 rw-p 00015000 03:02 557062     /lib /ld-2.3.2.so
    start 0xb7600000, end 0xb7601000, flags rw-p
    Line from /proc/self/maps: bfff8000-c0000000 rwxp ffffb000 00:00 0
    start 0xbfff8000, end 0xc0000000, flags rwxp
    This is the stack area.
    Reset Effective UID to root: 500
    Memory Separation Test SUCCESS!
    Executing Network I/O Tests...
    SIOCGIFCONF has 2 interfaces in list:
    lo
    eth0
    
    Interface list to test:
       eth0
     
    message string: DY".2M3EFI^0mpP&.E$n_VN{kT=Zofq"q6h:Q"/6CtZ2T1OKk#}wjn[$8g9$NS@H DKDk/3z1y3WOvs_G@qZ5+&y=($\[/sx)$qHX'w/wa7p47-1tUUQ0D).ivAhESd@STQp5!}wN;|d*|~!= 6%+{'4Ot"`F)PO^qLih$d.*0g fKb31?tS:|o[`VDIqh-p<Ivl0S<b5obf.V9M5<pTfa<,PI#<y95D%}
    *STc!e])zp~`
    Q:tRgDCJ_To\C0bd{A%<#V](DTDNUYe#q9M8V~:{(;7-^T<d,9pOIasmR,eV1YRC0l{7 m4(<Bq5^ob^G4,GD]]P6/=`*HL%9Z(uRx4V{<BOOO2/\U{U5\}*x=J>~eNyp;@#[_s*YnUTp+L(4E?qN /4~$Cd,DHV!Dtu5H3F$VVSdQk.Z.LW%-D5q8+&X*( ]n'D}T(&6BI +#MoY>'e.{G@D`hL|?KNk7q8&J
    vNN[M|hmd4$xtDzFH|E4kR+9 ot$S(8w ,e&+'T=5j9zrneD
     
    Beginning test for eth0
    networkio:bind failed: Bad file descriptor
    Interface eth0 failed test.
    Network I/O Controller Test Failed.
    Executing I/O Controller - Disk Test...
    Line retrieved from /proc/partitions:   22     0     640992 hdc 141 599 2978 102 00 0 0 0 0 -8365 4071390 12585996
     
    Stored partition name = hdc
    Line retrieved from /proc/partitions:    3     0   29300040 hda 13366 20280 2670 58 72260 14733 214802 846408 568130 -15 4423290 20289865
     
    Stored partition name = hda
    Line retrieved from /proc/partitions:    3     1     104391 hda1 52 64 232 520 2 915 162217 330264 212880 0 4100 213400
     
    Stored partition name = hda1
    Line retrieved from /proc/partitions:    3     2   28410952 hda2 13219 20069 266 282 70390 11818 52585 516144 355250 0 51320 425640
     
    Stored partition name = hda2
    Line retrieved from /proc/partitions:    3     3     779152 hda3 22 32 168 140 0  0 0 0 0 80 140
     
    Stored partition name = hda3
    Line retrieved from /proc/partitions:    3     3     779152 hda3 22 32 168 140 0  0 0 0 0 80 140
     
    Stored partition name = hda3
    Stored mounted filesystem info = /dev/hda2 / rw
    Stored mounted filesystem info = none /proc rw
    Stored mounted filesystem info = usbdevfs /proc/bus/usb rw
    Stored mounted filesystem info = /dev/hda1 /boot rw
    Stored mounted filesystem info = none /dev/pts rw,gid=5,mode=620
    Stored mounted filesystem info = none /dev/shm rw
    Stored mounted filesystem info = /dev/cdrom /mnt/cdrom ro,nosuid,nodev,user=chav ezt
    Generating random numbers...
    Filesystem option is rw for /dev/hda2
    Detected filesystem associated with SCSI/IDE Controller
    Incremented rw count to: 1
    Could not create a new file: 13
    Executing Supervisor Mode Instructions Test...
    HLT test: caught the fault 11
    RDPMC test: caught the fault 11
    CLTS test: caught the fault 11
    LGDT test: caught the fault 11
    LIDT test: caught the fault 11
    LTR test: caught the fault 11
    LLDT test: caught the fault 11
    Privileged Instruction Test SUCCESS!
    


    Chapter 18. Appendix D - at_test_EAL example results

    The /tmp/test.results.txt file contains a summary of the test results; the local output file contains the full output of the test execution. Here are example run on the X platform:


    18.1 test.results.txt

    Test Results File created on Fri Apr  9 13:35:45 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    8       |752 64 |PASSED |crontab - option -u -r, ran by 10172
    ===================================================================
    Elapsed time: 17:15:25
    

    18.1.1 Output File

    Stopping atd: [  OK  ]
    Starting atd: [  OK  ]
    Stopping crond: [  OK  ]
    Starting crond: [  OK  ]
    No NOTIFY set
    Running scripts/10030_at_start_lsb.exp test
    eal4.ltc.austin.ibm.com
    scripts/10030_at_start_lsb.exp
    scripts/10030_at_start_lsb.exp
    Debug: 10030
    at-3.1.8-46
    Starting atd tests
    spawn /bin/bash
    ps -ax | grep 4741
    [root@eal4 at_test_EAL]# ps -ax | grep 4741
     4741 ?        S      0:00 /usr/sbin/atd
     4776 pts/2    S      0:00 grep 4741
    752 9  PASSED  check service start
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    scripts/10030_at_start_lsb.exp.orig
    scripts/10030_at_start_lsb.exp.orig
    Debug: 10030
    ###########################################################################
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    scripts/10031_at_stop_lsb.exp
    scripts/10031_at_stop_lsb.exp
    Debug: 10031
    at-3.1.8-46
    Starting atd tests
    Stopping atd: [  OK  ]
    Starting atd: [  OK  ]
    spawn /bin/bash
    ps -ax | grep 4794
    [root@eal4 at_test_EAL]# ps -ax | grep 4794
     4837 pts/2    S      0:00 grep 4794
    [root@eal4 at_test_EAL]# 752 10  PASSED  check service stop
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    scripts/10032_at_restart_lsb.exp
    scripts/10032_at_restart_lsb.exp
    Debug: 10032
    at-3.1.8-46
    Starting atd tests
    spawn /bin/bash
    ps -ax | grep 4863
    [root@eal4 at_test_EAL]# ps -ax | grep 4863
     4863 ?        S      0:00 /usr/sbin/atd
    Started PID:4863
    Started PID:4908
    752 11  PASSED  check service restart
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    scripts/10035_at_addjob_lsb.exp
    scripts/10035_at_addjob_lsb.exp
    Debug: 10035
    at-3.1.8-46
    Starting at tests
    job 2 at 2004-04-09 12:02
    spawn /bin/bash
    [root@eal4 at_test_EAL]# ls /tmp/auto_tests/at/*
    /tmp/auto_tests/at/commands  /tmp/auto_tests/at/worked012345
     
    752 12  PASSED  add jobs to queue
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    scripts/10036_at_listjob_lsb.exp
    scripts/10036_at_listjob_lsb.exp
    Debug: 10036
    at-3.1.8-46
    2004-04-09
     
    Starting at tests
    job 1 at 2004-04-09 12:04
    spawn /bin/bash
    [root@eal4 at_test_EAL]# at -l
    1       2004-04-09 12:04 c root
    752 13  PASSED  list jobs in queue
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    scripts/10036_at_listjob_lsb.exp.orig
    scripts/10036_at_listjob_lsb.exp.orig
    Debug: 10036
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    scripts/10037_at_deletejob_lsb.exp
    scripts/10037_at_deletejob_lsb.exp
    Debug: 10037
    at-3.1.8-46
    2004-04-09
     
    Starting at tests
    job 1 at 2004-04-09 12:09
    spawn /bin/bash
    [root@eal4 at_test_EAL]# at -d 1
    [root@eal4 at_test_EAL]# at -l
    [root@eal4 at_test_EAL]# 752 14  PASSED  remove jobs from queue
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    scripts/10037_at_deletejob_lsb.exp.orig
    scripts/10037_at_deletejob_lsb.exp.orig
    Debug: 10037
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    scripts/10170_contab_uadd_lsb.exp
    scripts/10170_contab_uadd_lsb.exp
    Debug: 10170
    vixie-cron-3.0.1-74
    Starting crontab tests
    spawn /bin/bash
    [root@eal4 at_test_EAL]# cat /var/spool/cron/crontab_test
    # DO NOT EDIT THIS FILE - edit the master and reinstall.
    # (- installed on Fri Apr  9 12:12:44 2004)
    # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
    30 * * * *      echo crontab is running
    752 62  PASSED  crontab - option -u -e
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    scripts/10170_contab_uadd_lsb.exp.orig
    scripts/10170_contab_uadd_lsb.exp.orig
    Debug: 10170
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    scripts/10171_crontab_ulist_lsb.exp
    scripts/10171_crontab_ulist_lsb.exp
    Debug: 10171
    vixie-cron-3.0.1-74
    Starting crontab tests
    spawn /bin/bash
    [root@eal4 at_test_EAL]# crontab -u crontab_test -l
    # DO NOT EDIT THIS FILE - edit the master and reinstall.
    # (- installed on Fri Apr  9 12:13:06 2004)
    # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
    30 * * * *      echo crontab is running
    752 63  PASSED  crontab - option -u -l
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    scripts/10171_crontab_ulist_lsb.exp.orig
    scripts/10171_crontab_ulist_lsb.exp.orig
    Debug: 10171
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    scripts/10172_crontab_uremove_lsb.exp
    scripts/10172_crontab_uremove_lsb.exp
    Debug: 10172
    vixie-cron-3.0.1-74
    Starting crontab tests
    spawn /bin/bash
    [root@eal4 at_test_EAL]# cat /var/spool/cron/crontab_test
    # DO NOT EDIT THIS FILE - edit the master and reinstall.
    # (- installed on Fri Apr  9 12:13:29 2004)
    # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
    30 * * * *      echo crontab is running
    [root@eal4 at_test_EAL]# crontab -u crontab_test -r
    [root@eal4 at_test_EAL]# crontab -u crontab_test -l
    no crontab for crontab_test
    752 64  PASSED  crontab - option -u -r
    0
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    8       |752 64 |PASSED |crontab - option -u -r, ran by 10172
    scripts/10172_crontab_uremove_lsb.exp.orig
    scripts/10172_crontab_uremove_lsb.exp.orig
    Debug: 10172
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    8       |752 64 |PASSED |crontab - option -u -r, ran by 10172
    scripts/CVS
    scripts/CVS
    Debug: 10172
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    8       |752 64 |PASSED |crontab - option -u -r, ran by 10172
     
    .
    Debug: 10172
    ###########################################################################
     
    
    Results from /tmp/test.results.txt :
     
    Test Results File created on Fri Apr  9 11:58:37 CDT 2004
     
    tested on eal4.ltc.austin.ibm.com, framework $Id: framework,v 1.1 2004/04/01 17:05:30 krisw Exp $
    ===================================================================
    Test    |ID     |Result |Description
    ===================================================================
    0       |752 9  |PASSED |check service start, ran by 10030
    1       |752 10 |PASSED |check service stop, ran by 10031
    2       |752 11 |PASSED |check service restart, ran by 10032
    3       |752 12 |PASSED |add jobs to queue, ran by 10035
    4       |752 13 |PASSED |list jobs in queue, ran by 10036
    5       |752 14 |PASSED |remove jobs from queue, ran by 10037
    6       |752 62 |PASSED |crontab - option -u -e, ran by 10170
    7       |752 63 |PASSED |crontab - option -u -l, ran by 10171
    8       |752 64 |PASSED |crontab - option -u -r, ran by 10172
    Elapsed time: 17:15:25
    


    Chapter 19. Appendix E - eal3_ACLs_tests example results

    The results from different platforms do not differ, they are the same. The ACL tests create 3 log files:

    1. ACL_TEST_RESULTS.log - make commands run included here also shows what commands are being run to produce other 2 log files. If one of the make commands fails you will see the error here, but this will not tell you if the tests pass or failed.
      make -C acl-tests > ext3_ACL.run.log 2>&1
      make report
      make[1]: Entering directory `/eal2/ext3_ACLs_tests'
      grep "passed\|run" ext3_ACL.run.log | sed "s/^.*run //" | sed "s/^.*commands
      (/TEST PASSED = /" | sed "s/)$//" | sed "s/passed, /, FAILED = /" | sed "s/
      ,/,/" | sed "s/failed//" | sed "s/^[^T]/==> &/" | sed "s/^[^T].*$/1<==/" | sed
      "s/[0-9].*$/&\n/" > run.log
      make[1]: Leaving directory `/eal2/ext3_ACLs_tests'
      

    2. run.log - high level summary, shows how many tests passed and failed in each of the four subgroups: permissions.tests, getfacl-noacl.tests, setfacl.test, misc.test.
      ==> permissions.test <==
      TEST PASSED = 101, FAILED = 0
       
      ==> getfacl-noacl.test <==
      TEST PASSED = 22, FAILED = 0
       
      ==> setfacl.test <==
      TEST PASSED = 37, FAILED = 0
       
      ==> misc.test <==
      TEST PASSED = 101, FAILED = 0
      

    3. ext3_ACL.run.log - low level, shows on an individual test basis. If a test passed it is followed with an "--ok". If a test fails, it will mark it as fail, display the output resulting from running the command and display the output it was expecting from running the command.
      make[1]: Entering directory `/eal2/ext3_ACLs_tests/acl-tests'
      ../tools/run permissions.test
      [12] $ id -u -- ok
      [19] $ mkdir d -- ok
      [20] $ cd d -- ok
      [21] $ umask 027 -- ok
      [22] $ touch f -- ok
      [23] $ ls -l f | awk -- '{ print $1, $3, $4 }' -- ok
      [30] $ echo root > f -- ok
      [32] $ su daemon -- ok
      [33] $ echo daemon >> f -- ok
      [36] $ su -- ok
      [42] $ chown bin:bin f -- ok
      [43] $ ls -l f | awk -- '{ print $1, $3, $4 }' -- ok
      [45] $ su bin -- ok
      [46] $ echo bin >> f -- ok
      [52] $ su daemon -- ok
      [53] $ cat f -- ok
      [57] $ echo daemon >> f -- ok
      [64] $ su bin -- ok
      [65] $ setfacl -m u:daemon:rw f -- ok
      [66] $ getfacl --omit-header f -- ok
      [77] $ su daemon -- ok
      [78] $ echo daemon >> f -- ok
      [79] $ cat f -- ok
      [88] $ su bin -- ok
      [89] $ chmod g-w f -- ok
      [90] $ getfacl --omit-header f -- ok
      [98] $ su daemon -- ok
      [99] $ echo daemon >> f -- ok
      [108] $ su bin -- ok
      [109] $ setfacl -m u:daemon:r,g:daemon:rw-,o::rw- f -- ok
      [111] $ su daemon -- ok
      [112] $ echo daemon >> f -- ok
      [119] $ su bin -- ok
      [120] $ setfacl -x u:daemon f -- ok
      [122] $ su daemon -- ok
      [123] $ echo daemon2 >> f -- ok
      [124] $ cat f -- ok
      [134] $ su bin -- ok
      [135] $ setfacl -m g:daemon:r f -- ok
      [137] $ su daemon -- ok
      [138] $ echo daemon3 >> f -- ok
      [145] $ su bin -- ok
      [146] $ setfacl -x g:daemon f -- ok
      [148] $ su daemon -- ok
      [149] $ echo daemon4 >> f -- ok
      [156] $ su -- ok
      [157] $ chgrp root f -- ok
      [159] $ su daemon -- ok
      [160] $ echo daemon5 >> f -- ok
      [161] $ cat f -- ok
      [172] $ su -- ok
      [173] $ setfacl -m g:bin:r,g:daemon:w f -- ok
      [175] $ su daemon -- ok
      [176] $ : < f -- ok
      [177] $ : > f -- ok
      [178] $ : <> f -- ok
      
      [186] $ su -- ok
      [187] $ mkdir -m 750 e -- ok
      [188] $ touch e/h -- ok
      [190] $ su bin -- ok
      [191] $ shopt -s nullglob ; echo e/* -- ok
      [194] $ echo i > e/i -- ok
      [197] $ su -- ok
      [198] $ setfacl -m u:bin:rx e -- ok
      [200] $ su bin -- ok
      [201] $ echo e/* -- ok
      [203] $ echo i > e/i -- ok
      [206] $ su -- ok
      [207] $ setfacl -m u:bin:rwx e -- ok
      [209] $ su bin -- ok
      [210] $ echo i > e/i -- ok
      [215] $ su -- ok
      [216] $ touch g -- ok
      [217] $ ln -s g l -- ok
      [218] $ setfacl -m u:bin:rw l -- ok
      [219] $ ls -l g | awk -- '{ print $1, $3, $4 }' -- ok
      [229] $ mknod -m 0660 hdt b 91 64 -- ok
      [230] $ mknod -m 0660 null c 1 3 -- ok
      [231] $ mkfifo -m 0660 fifo -- ok
      [233] $ su bin -- ok
      [234] $ : < hdt -- ok
      [236] $ : < null -- ok
      [238] $ : < fifo -- ok
      [241] $ su -- ok
      [242] $ setfacl -m u:bin:rw hdt null fifo -- ok
      [244] $ su bin -- ok
      [245] $ : < hdt -- ok
      [247] $ : < null -- ok
      [248] $ ( echo blah > fifo 1) ; cat fifo -- ok
      [256] $ su -- ok
      [257] $ mkdir -m 600 x -- ok
      [258] $ chown daemon:daemon x -- ok
      [259] $ echo j > x/j -- ok
      [260] $ ls -l x/j | awk -- '{ print $1, $3, $4 }' -- ok
      [263] $ setfacl -m u:daemon:r x -- ok
      [265] $ ls -l x/j | awk -- '{ print $1, $3, $4 }' -- ok
      [269] $ echo k > x/k -- ok
      [272] $ chmod 750 x -- ok
      [277] $ su -- ok
      [278] $ cd .. -- ok
      [279] $ rm -rf d -- ok
      101 commands (101 passed, 0 failed)
      
      ../tools/run getfacl-noacl.test
      [4] $ mkdir test -- ok
      [5] $ cd test -- ok
      [6] $ umask 027 -- ok
      [7] $ touch x -- ok
      [8] $ getfacl --omit-header x -- ok
      [14] $ getfacl --omit-header --access x -- ok
      [20] $ getfacl --omit-header -d x -- ok
      [21] $ getfacl --omit-header -d . -- ok
      [22] $ getfacl --omit-header -d / -- ok
      [25] $ getfacl --skip-base x -- ok
      [26] $ getfacl --omit-header --all-effective x -- ok
      [32] $ getfacl --omit-header --no-effective x -- ok
      [38] $ mkdir d -- ok
      [39] $ touch d/y -- ok
      [40] $ ln -s d l -- ok
      [41] $ getfacl -dR . | grep file | sort -- ok
      [47] $ ln -s l ll -- ok
      [48] $ getfacl -dLR ll | grep file | sort -- ok
      [52] $ rm l ll x -- ok
      [53] $ rm -rf d -- ok
      [54] $ cd .. -- ok
      [55] $ rmdir test -- ok
      22 commands (22 passed, 0 failed)
      
      ../tools/run setfacl.test
      [3] $ mkdir d -- ok
      [4] $ chown bin:bin d -- ok
      [5] $ cd d -- ok
      [7] $ su bin -- ok
      [8] $ sg bin -- [(1,0)(1 2 3 1,1 2 3 1)]ok
      [9] $ umask 027 -- ok
      [10] $ touch g -- ok
      [11] $ ls -dl g | awk '{print $1}' -- ok
      [14] $ setfacl -m m:- g -- ok
      [15] $ ls -dl g | awk '{print $1}' -- ok
      [18] $ getfacl g -- ok
      [28] $ setfacl -x m g -- ok
      [29] $ getfacl g -- ok
      [38] $ setfacl -m u:daemon:rw g -- ok
      [39] $ getfacl g -- ok
      [50] $ setfacl -m u::rwx,g::r-x,o:- g -- ok
      [51] $ getfacl g -- ok
      [62] $ setfacl -m u::rwx,g::r-x,o:-,m:- g -- ok
      [63] $ getfacl g -- ok
      [74] $ setfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g -- ok
      [75] $ getfacl g -- ok
      [87] $ setfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g -- ok
      [88] $ getfacl g -- ok
      [100] $ setfacl -m u::rwx,g::r-x,o:-,u:root:- g -- ok
      [101] $ getfacl g -- ok
      [113] $ setfacl --test -x u: g -- ok
      [116] $ setfacl --test -x u:x -- ok
      [119] $ setfacl -m d:u:root:rwx g -- ok
      [122] $ setfacl -x m g -- ok
      [129] $ mkdir d -- ok
      [130] $ setfacl --test -m u::rwx,u:bin:rwx,g::r-x,o::--- d -- ok
      [133] $ setfacl --test -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d -- ok
      [136] $ setfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,o::--- d -- ok
      [139] $ setfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d -- ok
      [142] $ su -- ok
      [143] $ cd .. -- ok
      [144] $ rm -r d -- ok
      37 commands (37 passed, 0 failed)
      
      ../tools/run misc.test
      [6] $ umask 027 -- ok
      [7] $ touch f -- ok
      [10] $ setfacl -m u::r f -- ok
      [11] $ setfacl -m u::rw,u:bin:rw f -- ok
      [12] $ ls -dl f | awk '{print $1}' -- ok
      [15] $ getfacl --omit-header f -- ok
      [23] $ rm f -- ok
      [24] $ umask 022 -- ok
      [25] $ touch f -- ok
      [26] $ setfacl -m u:bin:rw f -- ok
      [27] $ ls -dl f | awk '{print $1}' -- ok
      [30] $ getfacl --omit-header f -- ok
      [38] $ rm f -- ok
      [39] $ umask 027 -- ok
      [40] $ mkdir d -- ok
      [41] $ setfacl -m u:bin:rwx d -- ok
      [42] $ ls -dl d | awk '{print $1}' -- ok
      [45] $ getfacl --omit-header d -- ok
      [53] $ rmdir d -- ok
      [54] $ umask 022 -- ok
      [55] $ mkdir d -- ok
      [56] $ setfacl -m u:bin:rwx d -- ok
      [57] $ ls -dl d | awk '{print $1}' -- ok
      [60] $ getfacl --omit-header d -- ok
      [68] $ rmdir d -- ok
      [73] $ umask 022 -- ok
      [74] $ touch f -- ok
      
      [75] $ setfacl -m u:bin:rw,u:daemon:r f -- ok
      [76] $ ls -dl f | awk '{print $1}' -- ok
      [79] $ getfacl --omit-header f -- ok
      [90] $ setfacl -m g:users:rw,g:daemon:r f -- ok
      [91] $ ls -dl f | awk '{print $1}' -- ok
      [94] $ getfacl --omit-header f -- ok
      [107] $ setfacl -x g:users f -- ok
      [108] $ ls -dl f | awk '{print $1}' -- ok
      [111] $ getfacl --omit-header f -- ok
      [123] $ setfacl -x u:daemon f -- ok
      [124] $ ls -dl f | awk '{print $1}' -- ok
      [127] $ getfacl --omit-header f -- ok
      [136] $ rm f -- ok
      [140] $ umask 027 -- ok
      [141] $ mkdir d -- ok
      [142] $ setfacl -m u:bin:rwx,u:daemon:rw,d:u:bin:rwx,dcolon.rm:rx d -- ok
      [143] $ ls -dl d | awk '{print $1}' -- ok
      [146] $ getfacl --omit-header d -- ok
      [162] $ umask 027 -- ok
      [163] $ touch d/f -- ok
      [164] $ ls -dl d/f | awk '{print $1}' -- ok
      [167] $ getfacl --omit-header d/f -- ok
      [175] $ rm d/f -- ok
      [176] $ umask 022 -- ok
      [177] $ touch d/f -- ok
      [178] $ ls -dl d/f | awk '{print $1}' -- ok
      [181] $ getfacl --omit-header d/f -- ok
      [189] $ rm d/f -- ok
      [193] $ umask 000 -- ok
      [194] $ mkdir d/d -- ok
      [195] $ ls -dl d/d | awk '{print $1}' -- ok
      [198] $ getfacl --omit-header d/d -- ok
      [211] $ rmdir d/d -- ok
      [212] $ umask 022 -- ok
      [213] $ mkdir d/d -- ok
      
      [214] $ ls -dl d/d | awk '{print $1}' -- ok
      [217] $ getfacl --omit-header d/d -- ok
      [232] $ setfacl -nm u:daemon:rx,d:u:daemon:rx,g:users:rx,g:daemon:rwx d/d -- ok
      [233] $ ls -dl d/d | awk '{print $1}' -- ok
      [236] $ getfacl --omit-header d/d -- ok
      [255] $ ln -s d d/l -- ok
      [256] $ ls -dl d/l | awk '{print $1}' -- ok
      [259] $ ls -dl -L d/l | awk '{print $1}' -- ok
      [262] $ getfacl --omit-header d/l -- ok
      [279] $ rm d/l -- ok
      [283] $ setfacl -m g:daemon:rx,u:bin:rx d/d -- ok
      [284] $ ls -dl d/d | awk '{print $1}' -- ok
      [287] $ getfacl --omit-header d/d -- ok
      [304] $ setfacl -m d:u:bin:rwx d/d -- ok
      [305] $ ls -dl d/d | awk '{print $1}' -- ok
      [308] $ getfacl --omit-header d/d -- ok
      [325] $ rmdir d/d -- ok
      [329] $ setfacl -k d -- ok
      [330] $ ls -dl d | awk '{print $1}' -- ok
      [333] $ getfacl --omit-header d -- ok
      [344] $ setfacl -b d -- ok
      [345] $ ls -dl d | awk '{print $1}' -- ok
      [348] $ getfacl --omit-header d -- ok
      [356] $ chmod 775 d -- ok
      [357] $ ls -dl d | awk '{print $1}' -- ok
      [360] $ getfacl --omit-header d -- ok
      [366] $ rmdir d -- ok
      [367] $ umask 002 -- ok
      [368] $ mkdir d -- ok
      
      [369] $ setfacl -m u:daemon:rwx,u:bin:rx,dcolon.uu:daemon:rwx,d:u:bin:rx d -- ok
      [370] $ ls -dl d | awk '{print $1}' -- ok
      [373] $ getfacl --omit-header d -- ok
      [388] $ chmod 750 d -- ok
      [389] $ ls -dl d | awk '{print $1}' -- ok
      [392] $ getfacl --omit-header d -- ok
      [407] $ chmod 750 d -- ok
      [408] $ ls -dl d | awk '{print $1}' -- ok
      [411] $ getfacl --omit-header d -- ok
      [426] $ rmdir d -- ok
      101 commands (101 passed, 0 failed)
      make[1]: Leaving directory `/eal2/ext3_ACLs_tests/acl-tests'
      


    Chapter 20. Appendix F - laus_test example results

       audbin: PASSED=8, FAILED=0, SKIPPED=0
     
       audit_tools:
        au_exit: PASSED=27, FAILED=0
        au_login: PASSED=11, FAILED=0
        au_netlink: PASSED=22 ,FAILED=0
        au_restart: PASSED=3 ,FAILED=0
        au_syscalls: PASSED=26 ,FAILED=0
        au_trustedpgms: PASSED=5 ,FAILED=0
     
       audit_trail_protection:   PASSED=7, FAILED=0, SKIPPED=0
     
       fail-safe: PASSED=2, FAILED=0
     
       filter-conf:
        Opteron: PASSED=89, FAILED=0
         (Test skips syscall_attrs minor section on Opteron platform since minor codes
          are all 0.)
        All other platforms: PASSED=91, FAILED=0
     
       libpam:
        xSeries WS: PASSED=6, FAILED=3
         (RHEL3 WS does not include vsftpd package, so those tests are expected
           to fail)
        All Platforms with RHEL3 AS: PASSED=9, FAILED=0
     
       pam_laus:
        PASS=2, FAIL=0  OR  PASS=1, FAIL=1   OR   PASS=0, FAIL=2
         Reasons for different results:
           xSeries AS should pass both.
     
         Also see Red Hat bug 9355 - not security relevant.
     
       syscalls:
        xSeries:
         PASSED=1162, FAIL=2, SKIPPED=20
        zSeries:
         ?
        64bit tests on 64bit systems:
         PASSED=906, FAILED=10, SKIPPED=20
        32bit tests on 64bit systems:
         PASSED=868, FAIL=48, SKIPPED=20
         (Because of bugs #9277, 9279, 9281, 9319)
     
       trustedprograms:
          PASS=85, FAIL=0
    


    Chapter 21. Appendix G - ltp2_EAL2 example results

    The full output file, runit.log, is nearly 10,000 lines long, so it is not imbedded here. A sample can be found on CVS in rhcc/testResults/preliminary/ltp_EAL2/x_as_U2+errata_runit.log. Be sure to scan if for "FAIL" and investigate any found. There should be NO failures.

    Below is a sample of the summary file. Even if this indicates all PASS, you must also check runit.log.

    Test Start Time: Fri Jun  4 14:21:37 2004
    -----------------------------------------
    Testcase                       Result     Exit Value
    --------                       ------     ----------
    access01                       PASS       0
    access02                       PASS       0
    access03                       PASS       0
    access04                       PASS       0
    access05                       PASS       0
    chmod01                        PASS       0
    chmod01A                       PASS       0
    chmod02                        PASS       0
    chmod03                        PASS       0
    chmod04                        PASS       0
    chmod05                        PASS       0
    chmod06                        PASS       0
    chmod07                        PASS       0
    
    chown01                        PASS       0
    chown02                        PASS       0
    chown03                        PASS       0
    chown04                        PASS       0
    chown05                        PASS       0
    creat01                        PASS       0
    creat03                        PASS       0
    creat04                        PASS       0
    creat05                        PASS       0
    creat06                        PASS       0
    creat07                        PASS       0
    creat08                        PASS       0
    creat09                        PASS       0
    
    fchmod01                       PASS       0
    fchmod02                       PASS       0
    fchmod03                       PASS       0
    fchmod04                       PASS       0
    fchmod05                       PASS       0
    fchmod06                       PASS       0
    fchmod07                       PASS       0
    fchown01                       PASS       0
    fchown02                       PASS       0
    fchown03                       PASS       0
    fchown04                       PASS       0
    fchown05                       PASS       0
    
    lchown01                       PASS       0
    lchown02                       PASS       0
    link01                         PASS       0
    link02                         PASS       0
    link03                         PASS       0
    link04                         PASS       0
    link05                         PASS       0
    link06                         PASS       0
    link07                         PASS       0
    mkdir01                        PASS       0
    mkdir02                        PASS       0
    mkdir03                        PASS       0
    mkdir04                        PASS       0
    mkdir05                        PASS       0
    mkdir05A                       PASS       0
    mkdir08                        PASS       0
    mkdir09                        PASS       0
    
    open01                         PASS       0
    open01A                        PASS       0
    open02                         PASS       0
    open03                         PASS       0
    open04                         PASS       0
    open05                         PASS       0
    open06                         PASS       0
    open07                         PASS       0
    open08                         PASS       0
    open09                         PASS       0
    open10                         PASS       0
    
    rename01                       PASS       0
    rename01A                      PASS       0
    rename02                       PASS       0
    rename03                       PASS       0
    rename04                       PASS       0
    rename05                       PASS       0
    rename06                       PASS       0
    rename07                       PASS       0
    rename08                       PASS       0
    rename09                       PASS       0
    rename10                       PASS       0
    rename12                       PASS       0
    rename13                       PASS       0
    rename14                       PASS       0
    
    rmdir01                        PASS       0
    rmdir02                        PASS       0
    rmdir03                        PASS       0
    rmdir03A                       PASS       0
    rmdir04                        PASS       0
    rmdir05                        PASS       0
    symlink01                      PASS       0
    symlink02                      PASS       0
    symlink03                      PASS       0
    symlink04                      PASS       0
    symlink05                      PASS       0
    
    unlink05                       PASS       0
    unlink06                       PASS       0
    unlink07                       PASS       0
    unlink08                       PASS       0
    utime01                        PASS       0
    utime01A                       PASS       0
    utime02                        PASS       0
    utime03                        PASS       0
    utime04                        PASS       0
    utime05                        PASS       0
    utime06                        PASS       0
    
    su01                           PASS       0
    cron01                         PASS       0
    cron02                         PASS       0
    cron_deny01                    PASS       0
    cron_allow01                   PASS       0
    cron_dirs_checks01             PASS       0
    at_deny01                      PASS       0
    at_allow01                     PASS       0
    sysconfig01                    PASS       0
    modules.conf01                 PASS       0
    modules.conf02                 PASS       0
    acl_test01                     PASS       0
    init.d01                       PASS       0
    
    pipe01                         PASS       0
    pipe02                         PASS       0
    pipe03                         PASS       0
    pipe04                         PASS       0
    pipe05                         PASS       0
    pipe06                         PASS       0
    pipe07                         PASS       0
    pipe08                         PASS       0
    pipe09                         PASS       0
    pipe10                         PASS       0
    pipe11                         PASS       0
    mknod01                        PASS       0
    mknod02                        PASS       0
    mknod03                        PASS       0
    mknod04                        PASS       0
    mknod05                        PASS       0
    mknod06                        PASS       0
    mknod07                        PASS       0
    mknod08                        PASS       0
    mknod09                        PASS       0
    
    signal01                       PASS       0
    signal02                       PASS       0
    signal03                       PASS       0
    signal04                       PASS       0
    signal05                       PASS       0
    sigaction01                    PASS       0
    sigaction02                    PASS       0
    sigaltstack01                  PASS       0
    sigaltstack02                  PASS       0
    sighold02                      PASS       0
    sigprocmask01                  PASS       0
    sigrelse01                     PASS       0
    sigsuspend01                   PASS       0
    
    semctl01                       PASS       0
    semctl02                       PASS       0
    semctl03                       PASS       0
    semctl04                       PASS       0
    semctl05                       PASS       0
    semctl06                       PASS       0
    semctl07                       PASS       0
    semget01                       PASS       0
    semget02                       PASS       0
    semget03                       PASS       0
    semget05                       PASS       0
    semget06                       PASS       0
    
    semop01                        PASS       0
    semop02                        PASS       0
    semop03                        PASS       0
    semop04                        PASS       0
    semop05                        PASS       0
    shmat01                        PASS       0
    shmat02                        PASS       0
    shmat03                        PASS       0
    shmctl01                       PASS       0
    shmctl03                       PASS       0
    shmctl04                       PASS       0
    shmdt01                        PASS       0
    shmdt02                        PASS       0
    
    shmget01                       PASS       0
    shmget02                       PASS       0
    shmget03                       PASS       0
    shmget04                       PASS       0
    shmget05                       PASS       0
    msgctl01                       PASS       0
    msgctl02                       PASS       0
    msgctl03                       PASS       0
    msgctl04                       PASS       0
    msgctl05                       PASS       0
    msgctl06                       PASS       0
    msgctl07                       PASS       0
    msgctl08                       PASS       0
    msgctl09                       PASS       0
    
    msgget01                       PASS       0
    msgget02                       PASS       0
    msgget03                       PASS       0
    msgget04                       PASS       0
    msgrcv01                       PASS       0
    msgrcv02                       PASS       0
    msgrcv03                       PASS       0
    msgrcv04                       PASS       0
    msgrcv05                       PASS       0
    msgrcv06                       PASS       0
    msgsnd01                       PASS       0
    msgsnd02                       PASS       0
    msgsnd03                       PASS       0
    msgsnd04                       PASS       0
    msgsnd05                       PASS       0
    msgsnd06                       PASS       0
    
    socket01                       PASS       0
    socketpair01                   PASS       0
    sockioctl01                    PASS       0
    brk01                          PASS       0
    sbrk01                         PASS       0
    setuid01                       PASS       0
    setuid02                       PASS       0
    setuid03                       PASS       0
    setreuid01                     PASS       0
    setreuid02                     PASS       0
    setreuid03                     PASS       0
    setreuid04                     PASS       0
    setreuid05                     PASS       0
    setreuid06                     PASS       0
    setregid01                     PASS       0
    setregid02                     PASS       0
    setregid03                     PASS       0
    setregid04                     PASS       0
    
    setresuid01                    PASS       0
    setresuid02                    PASS       0
    setresuid03                    PASS       0
    setresgid01                    PASS       0
    setresgid02                    PASS       0
    setresgid03                    PASS       0
    fileperm01                     PASS       0
    dirperm01                      PASS       0
    msqperm01                      PASS       0
    procperm01                     PASS       0
    namedpipes01                   PASS       0
    shmperm01                      PASS       0
    semperm01                      PASS       0
    
    devfileperm01                  PASS       0
    unixdomainsocketperm           PASS       0
    suid_sgid01                    PASS       0
    object_reuse01                 PASS       0
    group01                        PASS       0
    pam01                          PASS       0
    passwd01                       PASS       0
    passwd02                       PASS       0
    chfn01                         PASS       0
    passwd03                       PASS       0
    shadow01                       PASS       0
    ftpusers01                     PASS       0
    lastlog01                      PASS       0
    faillog01                      PASS       0
    ld.so.conf01                   PASS       0
    
    acl_file01                     PASS       0
    execve01                       PASS       0
    execve02                       PASS       0
    execve03                       PASS       0
    execve04                       PASS       0
    execve05                       PASS       0
    execve06                       PASS       0
    chdir01                        PASS       0
    chdir01A                       PASS       0
    chdir02                        PASS       0
    chdir03                        PASS       0
    chdir04                        PASS       0
    stime01                        PASS       0
    stime02                        PASS       0
    umask01                        PASS       0
    umask02                        PASS       0
    umask03                        PASS       0
    
    settimeofday01                 PASS       0
    settimeofday02                 PASS       0
    setgroups01                    PASS       0
    setgroups02                    PASS       0
    setgroups03                    PASS       0
    setgroups04                    PASS       0
    swapon01                       PASS       0
    truncate01                     PASS       0
    truncate02                     PASS       0
    truncate03                     PASS       0
    truncate04                     PASS       0
    ioperm01                       PASS       0
    ioperm02                       PASS       0
    
    socketcall01                   PASS       0
    socketcall02                   PASS       0
    socketcall03                   PASS       0
    iopl01                         PASS       0
    iopl02                         PASS       0
    adjtimex01                     PASS       0
    adjtimex02                     PASS       0
    delete_module01                PASS       0
    delete_module02                PASS       0
    setfsuid01                     PASS       0
    setfsuid02                     PASS       0
    setfsuid03                     PASS       0
    setfsgid01                     PASS       0
    setfsgid02                     PASS       0
    setfsgid03                     PASS       0
    
    setgid01                       PASS       0
    setgid02                       PASS       0
    setgid03                       PASS       0
    capset01                       PASS       0
    capset02                       PASS       0
    ptrace01                       PASS       0
    ptrace02                       PASS       0
    ptrace03                       PASS       0
    bind01                         PASS       0
    bind02                         PASS       0
    
    ftp02                          PASS       0
    ftp03                          PASS       0
    ftp04                          PASS       0
    ftp05                          PASS       0
    ssh01                          PASS       0
    ssh02                          PASS       0
    ssh03                          PASS       0
    ssh04                          PASS       0
    ping01                         PASS       0
    access01                       PASS       0
    access02                       PASS       0
    access03                       PASS       0
    access04                       PASS       0
    access05                       PASS       0
    chmod01                        PASS       0
    
    -----------------------------------------------
    Total Tests: 319
    Total Failures: 0
    Kernel Version: 2.4.21-15.EL
    Machine Architecture: i686
    Hostname: eal4
    


    Chapter 22. Appendix H - ltp_OpenSSL example results

    OpenSSL Tests from the OpenSSL package
    LTPROOT=[/tmp/rhcc/tests/ltp_OpenSSL]
    Setting up test account(s)...
    spawn userdel -r openssl_eal_test
    userdel: user openssl_eal_test does not exist
    spawn useradd -m -G trusted openssl_eal_test
    spawn passwd openssl_eal_test
    Changing password for user openssl_eal_test.
    New password:
    Retype new password:
    PASS
    
    Checking system date...
    Testing DES...
    Doing cbcm
    Doing ecb
    Doing ede ecb
    Doing cbc
    Doing desx cbc
    Doing ede cbc
    Doing pcbc
    Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
    Doing ofb
    Doing ofb64
    Doing ede_ofb64
    Doing cbc_cksum
    Doing quad_cksum
    input word alignment test 0 1 2 3
    output word alignment test 0 1 2 3
    fast crypt test
    DES: PASS
    
    Testing RSA...
    PKCS #1 v1.5 encryption/decryption ok
    OAEP encryption/decryption ok
    PKCS #1 v1.5 encryption/decryption ok
    OAEP encryption/decryption ok
    PKCS #1 v1.5 encryption/decryption ok
    OAEP encryption/decryption ok
    RSA: PASS
    
    Testing DSA...
    test generation of DSA parameters
    .++++++++++++++++++++++++++++++++++++++++++*
    ....+..+...+............+.+..+.........................................
    seed
    D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3
    counter=105 h=2
    P:
        00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
        69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
        78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
        32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
        ee:31:c8:02:91
    Q:
        00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:
        f4:8e:da:ce:91:5f
    G:
        62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:
        00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:
        2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:
        92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:
        e6:d7:88:02
    DSA: PASS
    
    Testing DH...
    .+..+.+..+.+.....+..+..+...+..+.........&peri
     
    p    =906B6A2319565E47
    g    =5
    pri 1=595A37EE2C8706B0
    pub 1=83B3FD7379583E1E
    pri 2=621CB25488249339
    pub 2=4B15BFB59C0A54E1
    key1 =444278902F6782D1
    key2 =444278902F6782D1
    DH: PASS
    
    Testing SHA1...
    test 1 ok
    test 2 ok
    test 3 ok
    SHA1: PASS
    
    Testing random number generation...
    test 1 done
    test 2 done
    test 3 done
    test 4 done
    test 5 done
    RANDTEST: PASS
    
    Testing RC4...
    test 0 ok
    test 1 ok
    test 2 ok
    test 3 ok
    test 4 ok
    test 5 ok
    test end processing ....................done
    test multi-call ....................done
    RC4TEST: PASS
    
    Testing SSL protocol with RSA certs (client/server via stunnel)...
    spawn killall -q stunnel
    spawn stunnel /etc/stunnel/stunnel.conf
    spawn /tmp/rhcc/tests/ltp_OpenSSL/testcases/bin/server
    spawn /tmp/rhcc/tests/ltp_OpenSSL/testcases/bin/client
    Goodbye.
    SSL protocol (RSA): PASS
    
    Testing password authentication...
    Testing standard OpenSSH password-authenticated login
    spawn ssh -l ealuser eal4.ltc.austin.ibm.com
    ealuser@eal4.ltc.austin.ibm.com's password:
    [ealuser@localhost ealuser]$
    PASS
    Password auth: PASS
    
    Removing temporary test accounts...
    Restoring system date...
    


    Chapter 23. Appendix I - gcov example output

    The output for gcov is extensive. The preliminairy results can be found in CVS in rhcc/testResults/gcov/lcov-output.tar.gz. Final results will be in the rhcc/testResults/final path.

    THIS IS THE LAST PAGE OF THE RED HAT EAL3 SECURITY FVT TEST PLAN.