Linux Test Project

Test Plan for SuSE Linux Enterprise Server V8 EAL2 Security Function Verification

Version: 1.9
Owner: Daniel Jones (danjones@us.ibm.com)
512.838.1794
IBM Linux Technology Center – Security
11400 Burnet Road
Austin, TX 78758

It is the responsibility of the user of this document to ensure that they are using the current version of this document. To validate that your copy of this document is at the latest level, view the latest version of this document,http://eclipse.ltc.austin.ibm.com/EAL2/eal2_test_plan.html.

Table of Contents

  1. Document Control
  2. Overview
  3. Assumptions and Dependencies
  4. Test Approach and Methodology
  5. Installation of Test Environment
  6. Target of Evaluation (TOE) Compliance
  7. Test Execution
  8. System Test Entry Criteria
  9. System Test Exit Criteria
  10. Problem Reporting and Tracking
  11. Test Case Information
  12. Appendix A: Execution Plan
  13. Appendix B: Manual Tests

Document Control

Reviewers

This document is distributed by 7UGA 5R Linux OS – Maroon. The latest version can be obtained internally fromhttp://eclipse.ltc.austin.ibm.com/EAL2/eal2_test_plan.html

Name Organization
Daniel Jones 7UGA 5R Linux OS – Maroon
DocShankar 7UGA 5R Linux OS – Maroon
Emily Ratliff 7UGA 5R Linux OS – Maroon
Klaus Weidner @sec information security GmbH

Change Summary

Date Version Description of Changes
03/19/2003 Draft 0.1 Initial Draft
03/27/2003 Draft 0.2 Added Entry/Exit Criteria, test tool descriptions, SMP test requirements, completed test cases.
04/01/2003 Draft 0.3 Added completed test cases, system call tests, additional software,installationof test environment.
04/04/2003 Draft 0.4 Added test environment install section, ftp database,lstatsyscall. Modified H/W requirements.
04/10/2003 Draft 0.5 Added completed test cases, manual test for /etc/securettyand /etc/inittab. Added “make” to additional software.
Removed non-security relevant system calls. Added TSF Databases and Administrator Programs.
04/14/2003 Draft 0.6 Added statement about TOE modifications for testing. Added completed test cases.
04/16/2003 1.0 Added completed test cases. Corrected test case execution instructions. Mademingettynot required.
04/17/2003 1.1 Added instructions for manual mount tests.
04/18/2003 1.2 Add requirement to reboot system before re-executing the test suite.
04/24/2003 1.3 Fix unixdomainsocketperm01testname. Addedtestcasesforsetfsuid/setfsgid. Added manual test for login.
04/25/2003 1.4 Correctmingettymanual test instructions.
05/01/2003 1.5 Added manualperlinstall instructions.
05/05/2003 1.6 Perform initialsshtolocalhost..Corrected script to install perl.
05/08/2003 1.7 Correct tests forremovexattr.
05/16/2003 1.8 Add requirement for adherence to security guide.
05/19/2003 1.9 Removed FAIL comment from unixdomainsocketperm01 test.

Overview

Purpose

The purpose of the Security Function Verification test is to demonstrate the correct operation of security functions identified in theSuSELinux Enterprise Server V8 (SLES8) Security Target for EAL2. The term “correct operation” is defined to include appropriate failures for unauthorized or invalid access to security functions.

Scope

The tests cases identified in this test plan are limited to those areas that enforce the secure operation of SLES8. Furthermore, only features and functions contained in the SLES8 Security Target for EAL2 are addressed. Test cases are designed to verify the correct operation of security related user programs, databases (files), and system calls. Testing for system availability in a stress environment is beyond the scope of this plan.

Environment

The following hardware and software will be used:

Hardware LinuxDistros Version Additional Software
IBMxSeries- Pentium 4 or Xeon Processor SuSELinux Enterprise Sever V8 expect,perlexpect,gcc, flex, make
Serial Terminal (or PC with Terminal Emulation) N/A N/A

The list of required packages, as well as configuration details will be provided by the EAL 2 evaluation security guide. The setup of the test machine(s) must conform strictly with the instructions and configuration details described in the EAL 2 evaluation security guide.

The selected hardware will be tested inuniprocessorand SMP configurations. The objective is to provide test coverage for both thek_defltandk_smpkernel packages.

Assumptions and Dependencies

Assumptions

Dependencies

Test Approach and Methodology

Installation of Test Environment

Install gcc, expect, & flex

  1. Launch “yast”
  2. Goto Software à Install/Remove Software
  3. Goto search and search for “gcc”
  4. Select “gcc” & “gcc-c++” by selecting them and pressing “+”
  5. Goto search and search for “make”
  6. Select “make” by selecting it and pressing “+”
  7. Goto search and search for “expect”
  8. Select “expect” by selecting it and pressing “+”
  9. Goto search and search for “lex”
  10. Select “flex” by selecting it and pressing “+”

Install perl expect

For internet connected host

	#Enter the following command:
	perl-MCPAN -e shell
	#Answer “no” to the following prompt:
	Are you ready for manualconfiguration ?[yes] no
	#Atthecpanprompt run the “install Expect”a command:
	cpan>install Expect
	#Answer “yes” to the following prompt:
	Shall I follow then andprependto the queue of modules
	weare processing right now? [yes] yes
	#Quit the program
	cpan>quit

For non-internet connected host

	# Download the required files on an Internet-connected machine:
	wget http://www.cpan.org/authors/id/R/RG/RGIERSIG/IO-Tty-1.02.tar.gz
	wget http://www.cpan.org/authors/id/R/RG/RGIERSIG/Expect-1.15.tar.gz
	# Transfer the files to the target machine, and run the following to
	#installthePerlmodules:
	for f in IO-Tty*tar.gz Expect*tar.gz; do (
		gzip -dc "$f" | tar xf -
		cd `basename "$f" .tar.gz`
		perl Makefile.PL
		make && make install
		cd -
	) done

Target of Evaluation (TOE) Compliance

The following packages are added through yast2, including dependencies added automatically (verified through 'rpmqpack' output):

The 'Expect.pm' module needed forPerltests installs the followingPerlpackages (not through Yast2, the command used is "perl-mCPAN-e 'Install Expect'"):

These modifications are all permitted according to the Security Guide ("Reviewing the system configuration"). There are no configuration violations such assetuid/setgidbinaries, daemons, startup scripts or other prohibited changes. After installation of the test environment, the system remains compliant with the TOE.

Test Execution

NOTE

Some tests may leave the machine in an inconsistent state and cause thecrontests to fail. To avoid these spuriouscronfailures, the test hostmustberebooted before attempting to run the test suite again.

LTP CompliantTestcases

At Testcase (standalone)

ACL Testcases (standalone)

Manual Tests

System Test Entry Criteria

System Test Exit Criteria

Problem Reporting and Tracking

Test Case Information

Test Tools

Security Function, Test Location

User Databases

Name Location Comments
/etc/at.allow
/etc/at.deny
ltp_EAL2/testcases/admin_tools/at/at_allow01
ltp_EAL2/testcases/admin_tools/at/at_deny01
/etc/cron.d/* ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.daily/ ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.hourly/ ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.monthly/ ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/cron.weekly/ ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/etc/crontab ltp_EAL2/testcases/admin_tools/cron/cron01
ltp_EAL2/testcases/admin_tools/cron/cron02
/etc/ftpusers ltp_EAL2/testcases/user_databases/ftpusers01
/etc/group ltp_EAL2/testcases/user_databases/group01
/etc/gshadow ltp_EAL2/testcases/user_databases/group01
/etc/inittab manual test see appendix B
/etc/ld.so.conf ltp_EAL2/testcases/user_databases/ld.so.conf01
/etc/login.defs ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
/etc/modules.conf ltp_EAL2/testcases/admin_tools/modules.conf/modules.conf01
ltp_EAL2/testcases/admin_tools/modules.conf/modules.conf02
/etc/pam.d ltp_EAL2/testcases/user_databases/pam01
/etc/passwd ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
/etc/securetty manual test see appendix B
/etc/security/pam_pwcheck.conf ltp_EAL2/testcases/user_databases/pam01
ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
/etc/security/pam_unix2.conf ltp_EAL2/testcases/user_databases/pam01
ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
/etc/shadow ltp_EAL2/testcases/user_databases/shadow01
/etc/ssh/ssh_config ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04
/etc/ssh/sshd_config ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04
/etc/sysconfig/* ltp_EAL2/testcases/admin_tools/sysconfig/sysconfig01
/etc/vsftpd.conf ltp_EAL2/testcases/user_databases/ftpusers01
/etc/xinetd.conf ltp_EAL2/testcases/user_databases/ftpusers01
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04
implicit testing by ftp
/usr/lib/cracklib_dict.* ltp_EAL2/testcases/user_databases/pam01
ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
/var/log/faillog ltp_EAL2/testcases/user_databases/faillog01
/var/log/lastlog ltp_EAL2/testcases/user_databases/lastlog01
/var/spool/atjobs at_test_EAL2/runme.sh
/var/spool/cron/* ltp_EAL2/testcases/admin_tools/cron/cron_dirs_checks01
/var/spool/cron/allow
/var/spool/cron/deny
ltp_EAL2/testcases/admin_tools/cron/cron_allow01
ltp_EAL2/testcases/admin_tools/cron/cron_deny01

Administration Tools

Name Location Comments
/bin/login manual test see appendix B
/bin/ping ltp_EAL2/testcases/network/tcp_cmds/ping/ping01
/bin/su ltp_EAL2/testcases/admin_tools/su/su01
/sbin/agetty manual test see appendix B
/sbin/mingetty manual test see appendix B – not required
/usr/bin/at at_test_EAL2/runme.sh standalone test
/usr/bin/chage ltp_EAL2/testcases/user_databases/shadow01
/usr/bin/chfn ltp_EAL2/testcases/user_databases/passwd02
/usr/bin/chsh ltp_EAL2/testcases/user_databases/passwd03
/usr/bin/crontab ltp_EAL2/testcases/admin_tools/cron/cron01
ltp_EAL2/testcases/admin_tools/cron/cron02
/usr/bin/passwd ltp_EAL2/testcases/user_databases/pam01
ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
/usr/sbin/atd at_test_EAL2/runme.sh
/usr/sbin/cron ltp_EAL2/testcases/admin_tools/cron/cron01
ltp_EAL2/testcases/admin_tools/cron/cron02
/usr/sbin/groupadd ltp_EAL2/testcases/user_databases/group01
/usr/sbin/groupdel ltp_EAL2/testcases/user_databases/group01
/usr/sbin/groupmod ltp_EAL2/testcases/user_databases/group01
/usr/sbin/sshd ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04
/usr/sbin/useradd ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
ltp_EAL2/testcases/user_databases/pam01
ltp_EAL2/testcases/user_databases/shadow01
ltp_EAL2/testcases/user_databases/group01
ltp_EAL2/testcases/user_databases/ftpusers01
/usr/sbin/userdel ltp_EAL2/testcases/user_databases/passwd01
ltp_EAL2/testcases/user_databases/passwd02
ltp_EAL2/testcases/user_databases/passwd03
ltp_EAL2/testcases/user_databases/pam01
ltp_EAL2/testcases/user_databases/shadow01
ltp_EAL2/testcases/user_databases/group01
ltp_EAL2/testcases/user_databases/ftpusers01
/usr/sbin/usermod ltp_EAL2/testcases/user_databases/group01
/usr/sbin/vsftpd ltp_EAL2/testcases/user_databases/ftpusers01
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04
/usr/sbin/xinetd ltp_EAL2/testcases/user_databases/ftpusers01
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04
implicit testing by ftp
/sbin/init manual test see appendix B

Network Commands

Name Location Comments
ftp ltp_EAL2/testcases/user_databases/ftpusers01
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp02
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp03
ltp_EAL2/testcases/network/tcp_cmds/ftp/ftp04
ssh ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh01
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh02
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh03
ltp_EAL2/testcases/network/tcp_cmds/ssh/ssh04

File IO System Calls

Name Location Comments
access() ltp_EAL2/testcases/kernel/syscalls/access/access01.c
ltp_EAL2/testcases/kernel/syscalls/access/access02.c
ltp_EAL2/testcases/kernel/syscalls/access/access03.c
ltp_EAL2/testcases/kernel/syscalls/access/access04.c
ltp_EAL2/testcases/kernel/syscalls/access/access05.c
bind() ltp_EAL2/testcases/kernel/syscalls/bind/bind01.c
ltp_EAL2/testcases/kernel/syscalls/bind/bind02
capset() ltp_EAL2/testcases/kernel/syscalls/capset/capset01.c
ltp_EAL2/testcases/kernel/syscalls/capset/capset02.c
chdir() ltp_EAL2/testcases/kernel/syscalls/chdir/chdir01.c
ltp_EAL2/testcases/kernel/syscalls/chdir/chdir02.c
ltp_EAL2/testcases/kernel/syscalls/chdir/chdir03.c
ltp_EAL2/testcases/kernel/syscalls/chdir/chdir04.c
chmod() ltp_EAL2/testcases/kernel/syscalls/chmod/chmod01.c
ltp_EAL2/testcases/kernel/syscalls/chmod/chmod02.c
ltp_EAL2/testcases/kernel/syscalls/chmod/chmod03.c
ltp_EAL2/testcases/kernel/syscalls/chmod/chmod04.c
ltp_EAL2/testcases/kernel/syscalls/chmod/chmod05.c
ltp_EAL2/testcases/kernel/syscalls/chmod/chmod06.c
ltp_EAL2/testcases/kernel/syscalls/chmod/chmod07.c
chown() ltp_EAL2/testcases/kernel/syscalls/chown/chown01.c
ltp_EAL2/testcases/kernel/syscalls/chown/chown02.c
ltp_EAL2/testcases/kernel/syscalls/chown/chown03.c
ltp_EAL2/testcases/kernel/syscalls/chown/chown04.c
ltp_EAL2/testcases/kernel/syscalls/chown/chown05.c
creat() ltp_EAL2/testcases/kernel/syscalls/creat/creat01.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat03.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat04.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat05.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat06.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat07.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat08.c
ltp_EAL2/testcases/kernel/syscalls/creat/creat09.c
create_module() ltp_EAL2/testcases/kernel/syscalls/create_module/create_module01.c
ltp_EAL2/testcases/kernel/syscalls/create_module/create_module02.c
delete_module() ltp_EAL2/testcases/kernel/syscalls/delete_module/delete_module01.c
ltp_EAL2/testcases/kernel/syscalls/delete_module/delete_module02.c
ltp_EAL2/testcases/kernel/syscalls/delete_module/delete_module03.c
execve() ltp_EAL2/testcases/kernel/syscalls/execve/execve01.c
ltp_EAL2/testcases/kernel/syscalls/execve/execve02.c
ltp_EAL2/testcases/kernel/syscalls/execve/execve03.c
ltp_EAL2/testcases/kernel/syscalls/execve/execve04.c
ltp_EAL2/testcases/kernel/syscalls/execve/execve05.c
ltp_EAL2/testcases/kernel/syscalls/execve/execve06.c
fchmod() ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod01.c
ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod02.c
ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod03.c
ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod04.c
ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod05.c
ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod06.c
ltp_EAL2/testcases/kernel/syscalls/fchmod/fchmod07.c
fchown() ltp_EAL2/testcases/kernel/syscalls/fchown/fchown01.c
ltp_EAL2/testcases/kernel/syscalls/fchown/fchown02.c
ltp_EAL2/testcases/kernel/syscalls/fchown/fchown03.c
ltp_EAL2/testcases/kernel/syscalls/fchown/fchown04.c
ltp_EAL2/testcases/kernel/syscalls/fchown/fchown05.c
fremovexattr() ltp_EAL2/testcases/admin_tools/acls/acl_test01 usingsyscall237
fsetxattr() ltp_EAL2/testcases/admin_tools/acls/acl_test01 usingsyscall228
init_module() covered by access rights checking for
modules.confand /lib/modules directory.
ioperm() ltp_EAL2/testcases/kernel/syscalls/ioperm/ioperm01.c
ltp_EAL2/testcases/kernel/syscalls/ioperm/ioperm02.c
iopl() ltp_EAL2/testcases/kernel/syscalls/iopl/iopl01.c
ltp_EAL2/testcases/kernel/syscalls/iopl/iopl02.c
lchown() ltp_EAL2/testcases/kernel/syscalls/lchown/lchown01.c
ltp_EAL2/testcases/kernel/syscalls/lchown/lchown02.c
link() ltp_EAL2/testcases/kernel/syscalls/link/link02.c
ltp_EAL2/testcases/kernel/syscalls/link/link03.c
ltp_EAL2/testcases/kernel/syscalls/link/link04.c
ltp_EAL2/testcases/kernel/syscalls/link/link05.c
ltp_EAL2/testcases/kernel/syscalls/link/link06.c
ltp_EAL2/testcases/kernel/syscalls/link/link07.c
lremovexattr() ltp_EAL2/testcases/admin_tools/acls/acl_test01 usingsyscall236
lsetxattr() ltp_EAL2/testcases/admin_tools/acls/acl_test01 usingsyscall227
mkdir() ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir01.c
ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir02.c
ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir03.c
ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir04.c
ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir05.c
ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir08.c
ltp_EAL2/testcases/kernel/syscalls/mkdir/mkdir09.c
mknod() tested by “Process Control
unnamed pipes”
mount() ltp_EAL2/testcases/kernel/syscalls/mount/mount01.c
ltp_EAL2/testcases/kernel/syscalls/mount/mount02.c
ltp_EAL2/testcases/kernel/syscalls/mount/mount03.c
ltp_EAL2/testcases/kernel/syscalls/mount/mount04.c
manual tests – requiresunmounted
block device
open() ltp_EAL2/testcases/kernel/syscalls/open/open01.c
ltp_EAL2/testcases/kernel/syscalls/open/open02.c
ltp_EAL2/testcases/kernel/syscalls/open/open03.c
ltp_EAL2/testcases/kernel/syscalls/open/open04.c
ltp_EAL2/testcases/kernel/syscalls/open/open05.c
ltp_EAL2/testcases/kernel/syscalls/open/open06.c
ltp_EAL2/testcases/kernel/syscalls/open/open07.c
ltp_EAL2/testcases/kernel/syscalls/open/open08.c
ltp_EAL2/testcases/kernel/syscalls/open/open09.c
ltp_EAL2/testcases/kernel/syscalls/open/open10.c
ptrace() ltp_EAL2/testcases/kernel/syscalls/ptrace/ptrace01.c
ltp_EAL2/testcases/kernel/syscalls/ptrace/ptrace02.c
ltp_EAL2/testcases/kernel/syscalls/ptrace/ptrace03.c
removexattr() ext3_ACLs_tests/acl-tests/misc.test see Ext3ACLs
rename() ltp_EAL2/testcases/kernel/syscalls/rename/rename01.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename02.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename03.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename04.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename05.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename06.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename07.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename08.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename09.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename10.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename12.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename13.c
ltp_EAL2/testcases/kernel/syscalls/rename/rename14.c
rmdir() ltp_EAL2/testcases/kernel/syscalls/rmdir/rmdir01.c
ltp_EAL2/testcases/kernel/syscalls/rmdir/rmdir02.c
ltp_EAL2/testcases/kernel/syscalls/rmdir/rmdir03.c
ltp_EAL2/testcases/kernel/syscalls/rmdir/rmdir04.c
ltp_EAL2/testcases/kernel/syscalls/rmdir/rmdir05.c
setfsgid() ltp_EAL2/testcases/kernel/syscalls/setfsgid/setfsgid01.c
ltp_EAL2/testcases/kernel/syscalls/setfsgid/setfsgid02.c
ltp_EAL2/testcases/kernel/syscalls/setfsgid/setfsgid03.c
setfsuid() ltp_EAL2/testcases/kernel/syscalls/setfsuid/setfsuid01.c
ltp_EAL2/testcases/kernel/syscalls/setfsuid/setfsuid02.c
ltp_EAL2/testcases/kernel/syscalls/setfsuid/setfsuid03.c
setgroups() ltp_EAL2/testcases/kernel/syscalls/setgroups/setgroups01.c
ltp_EAL2/testcases/kernel/syscalls/setgroups/setgroups02.c
ltp_EAL2/testcases/kernel/syscalls/setgroups/setgroups03.c
ltp_EAL2/testcases/kernel/syscalls/setgroups/setgroups04.c
socketcall() ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall01.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall02.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall03.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall04.c
tested by “Process Control
internet domain sockets”
setxattr() ltp_EAL2/testcases/ext3_acls/file/acl_file01
ext3_ACLs_tests/acl-tests/permissions.test
ext3_ACLs_tests/acl-tests/setfacl.test
ext3_ACLs_tests/acl-tests/getfacl-noacl.test
ext3_ACLs_tests/acl-tests/misc.test
see Ext3ACLs
swapon() ltp_EAL2/testcases/kernel/syscalls/swapon/swapon01.c
ltp_EAL2/testcases/kernel/syscalls/swapon/swapon02.c
symlink() ltp_EAL2/testcases/kernel/syscalls/symlink/symlink01.c
ltp_EAL2/testcases/kernel/syscalls/symlink/symlink02.c
ltp_EAL2/testcases/kernel/syscalls/symlink/symlink03.c
ltp_EAL2/testcases/kernel/syscalls/symlink/symlink04.c
ltp_EAL2/testcases/kernel/syscalls/symlink/symlink05.c
truncate() ltp_EAL2/testcases/kernel/syscalls/truncate/truncate01.c
ltp_EAL2/testcases/kernel/syscalls/truncate/truncate02.c
ltp_EAL2/testcases/kernel/syscalls/truncate/truncate03.c
ltp_EAL2/testcases/kernel/syscalls/truncate/truncate04.c
umask() ltp_EAL2/testcases/kernel/syscalls/umask/umask01.c
ltp_EAL2/testcases/kernel/syscalls/umask/umask02.c
ltp_EAL2/testcases/kernel/syscalls/umask/umask03.c
unlink() ltp_EAL2/testcases/kernel/syscalls/unlink/unlink05.c
ltp_EAL2/testcases/kernel/syscalls/unlink/unlink06.c
ltp_EAL2/testcases/kernel/syscalls/unlink/unlink07.c
ltp_EAL2/testcases/kernel/syscalls/unlink/unlink08.c
utime() ltp_EAL2/testcases/kernel/syscalls/utime/utime01.c
ltp_EAL2/testcases/kernel/syscalls/utime/utime02.c
ltp_EAL2/testcases/kernel/syscalls/utime/utime03.c
ltp_EAL2/testcases/kernel/syscalls/utime/utime04.c
ltp_EAL2/testcases/kernel/syscalls/utime/utime05.c
ltp_EAL2/testcases/kernel/syscalls/utime/utime06.c

ProcessContolSystem Calls

Name Location Comments
named pipes ltp_EAL2/testcases/kernel/syscalls/pipe/pipe01.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe02.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe03.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe04.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe05.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe06.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe07.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe08.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe09.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe10.c
ltp_EAL2/testcases/kernel/syscalls/pipe/pipe11.c
unnamed pipes
mknod()
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod01.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod02.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod03.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod04.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod05.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod06.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod07.c
ltp_EAL2/testcases/kernel/syscalls/mknod/mknod08.c
signals ltp_EAL2/testcases/kernel/syscalls/signals/signal01.c
ltp_EAL2/testcases/kernel/syscalls/signals/signal02.c
ltp_EAL2/testcases/kernel/syscalls/signals/signal03.c
ltp_EAL2/testcases/kernel/syscalls/signals/signal04.c
ltp_EAL2/testcases/kernel/syscalls/signals/signal05.c
ltp_EAL2/testcases/kernel/syscalls/sigaction/sigaction01.c
ltp_EAL2/testcases/kernel/syscalls/sigaction/sigaction02.c
ltp_EAL2/testcases/kernel/syscalls/sigaltstack/sigaltstack01.c
ltp_EAL2/testcases/kernel/syscalls/sigaltstack/sigaltstack02.c
ltp_EAL2/testcases/kernel/syscalls/sighold/sighold02.c
ltp_EAL2/testcases/kernel/syscalls/sigprocmask/sigprocmask01.c
ltp_EAL2/testcases/kernel/syscalls/sigrelse/sigrelse01.c
ltp_EAL2/testcases/kernel/syscalls/sigsuspend/sigsuspend01.c
semaphores
semctl()
semget()
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl05.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl06.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semctl/semctl07.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semget/semget01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semget/semget02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semget/semget03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semget/semget04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semget/semget05.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semget/semget06.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semop/semop01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semop/semop02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semop/semop03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semop/semop04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/semop/semop05.c
shared memory
shmat()
shmctl()
shmget()
ltp_EAL2/testcases/kernel/syscalls/ipc/shmat/shmat01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmat/shmat02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmat/shmat03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmctl/shmctl01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmctl/shmctl02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmctl/shmctl03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmctl/shmctl04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmdt/shmdt01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmdt/shmdt02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmget/shmget01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmget/shmget02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmget/shmget03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmget/shmget04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/shmget/shmget05.c
message queues
msgctl()
msgget()
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl05.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl06.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl07.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl08.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgctl/msgctl09.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgget/msgget01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgget/msgget02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgget/msgget03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgget/msgget04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgrcv/msgrcv01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgrcv/msgrcv02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgrcv/msgrcv03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgrcv/msgrcv04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgrcv/msgrcv05.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgrcv/msgrcv06.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgsmd/msgsnd01.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgsmd/msgsnd02.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgsmd/msgsnd03.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgsmd/msgsnd04.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgsmd/msgsnd05.c
ltp_EAL2/testcases/kernel/syscalls/ipc/msgsmd/msgsnd06.c
ipc() tested by semaphore, shared
memoryand message queues.
internet domain sockets
socketcall()
ltp_EAL2/testcases/kernel/syscalls/socket/socket01.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall01.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall02.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall03.c
ltp_EAL2/testcases/kernel/syscalls/socketcall/socketcall04.c
ltp_EAL2/testcases/kernel/syscalls/socketpair/socketpair01.c
ltp_EAL2/testcases/kernel/syscalls/socketioctl/sockioctl01.c
unixdomain sockets tested by File Access Permission

VMM System Calls

Name Location Comments
brk() ltp_EAL2/testcases/kernel/syscalls/brk/brk01.c
sbrk() ltp_EAL2/testcases/kernel/syscalls/sbrk/sbrk01.c

Identification & Authorization System Calls

Name Location Comments
setuid() ltp_EAL2/testcases/kernel/syscalls/setuid/setuid01.c
ltp_EAL2/testcases/kernel/syscalls/setuid/setuid02.c
ltp_EAL2/testcases/kernel/syscalls/setuid/setuid03.c
setreuid() ltp_EAL2/testcases/kernel/syscalls/setreuid/setreuid01.c
ltp_EAL2/testcases/kernel/syscalls/setreuid/setreuid02.c
ltp_EAL2/testcases/kernel/syscalls/setreuid/setreuid03.c
ltp_EAL2/testcases/kernel/syscalls/setreuid/setreuid04.c
ltp_EAL2/testcases/kernel/syscalls/setreuid/setreuid05.c
ltp_EAL2/testcases/kernel/syscalls/setreuid/setreuid06.c
setresuid() ltp_EAL2/testcases/kernel/syscalls/setreusid/setresuid01.c
ltp_EAL2/testcases/kernel/syscalls/setreusid/setresuid02.c
ltp_EAL2/testcases/kernel/syscalls/setreusid/setresuid03.c
setgid() ltp_EAL2/testcases/kernel/syscalls/setgid/setgid01.c
ltp_EAL2/testcases/kernel/syscalls/setgid/setgid02.c
ltp_EAL2/testcases/kernel/syscalls/setgid/setgid03.c
setregid() ltp_EAL2/testcases/kernel/syscalls/setregid/setregid01.c
ltp_EAL2/testcases/kernel/syscalls/setregid/setregid02.c
ltp_EAL2/testcases/kernel/syscalls/setregid/setregid03.c
ltp_EAL2/testcases/kernel/syscalls/setregid/setregid04.c
setresgid() ltp_EAL2/testcases/kernel/syscalls/setresgid/setresgid01.c
ltp_EAL2/testcases/kernel/syscalls/setresgid/setresgid02.c
ltp_EAL2/testcases/kernel/syscalls/setresgid/setresgid03.c

ACL System Calls

Name Location Comments
getxattr() tested indirectly by Ext3ACLs
listxattr() tested indirectly by Ext3ACLs
removexattr() tested indirectly by Ext3ACLs
setxattr() tested indirectly by Ext3ACLs

File Access Permission

Name Location Comments
file ltp_EAL2/testcases/file_access_perm/file/fileperm01
directory ltp_EAL2/testcases/file_access_perm/directory/dirperm01
shared memory ltp_EAL2/testcases/file_access_perm/shared_memory/shmperm01
message queues ltp_EAL2/testcases/file_access_perm/message_queues/msqperm01
semaphores ltp_EAL2/testcases/file_access_perm/semaphore/semperm01
socket special files
(unixdomain socket)
ltp_EAL2/testcases/file_access_perm/unixdomainsocket/unixdomainsocketperm01
device special files ltp_EAL2/testcases/file_access_perm/dev_spc_files/devfileperm01
named pipes ltp_EAL2/testcases/file_access_perm/namedpipes/namedpipes01
proc file system ltp_EAL2/testcases/file_access_perm/proc_file_sys/procperm01
SUID/SGID ltp_EAL2/testcases/file_access_perm/suid_sgid/suid_sgid01

Ext3ACLs

Name Location Comments
file ltp_EAL2/testcases/ext3_acls/file/acl_file01
ext3_ACLs_tests/acl-tests/permissions.test
ext3_ACLs_tests/acl-tests/setfacl.test
ext3_ACLs_tests/acl-tests/getfacl-noacl.test
ext3_ACLs_tests/acl-tests/misc.test
directory ext3_ACLs_tests/acl-tests/permissions.test
ext3_ACLs_tests/acl-tests/setfacl.test
ext3_ACLs_tests/acl-tests/misc.test
device special files ext3_ACLs_tests/acl-tests/permissions.test
named pipes ext3_ACLs_tests/acl-tests/permissions.test

Object Reuse

Name Location Comments
memory ltp_EAL2/testcases/object_reuse/objreuse-brk.c
file ltp_EAL2/testcases/object_reuse/objreuse-ftruncate.c
ltp_EAL2/testcases/object_reuse/objreuse-lseek.c
shared memory ltp_EAL2/testcases/object_reuse/objreuse-shm.c
message queues ltp_EAL2/testcases/object_reuse/objreuse-msg.c
semaphores ltp_EAL2/testcases/object_reuse/objreuse-sem.c
mmap ltp_EAL2/testcases/object_reuse/objreuse-mmap.c

Appendix A: Execution Plan

This is the tentative Execution Plan for SLES8 EAL2 security function verification. This portion of the plan will be updated with actual dates as the product is under test. This document will be the best source to determine in what state the product test is in. It is important to also list key milestones or checkpoints so others will be able to determine how the project is going.

Environment/Checkpoint Test Cases Plan Test Start Actual Test Start Plan Test Completion Actual Completion
All test cases have been written N/A 2003/01/01 2003/02/10 2003/03/31 2003/04/16
Begin System Test All 2003/04/01 2003/04/01 2003/05/01

Appendix B: Manual Tests

  1. login

    1. From the console, attempt to login as root with an invalid password (login should fail)
    2. Attempt to login with invalid (non-existing) username.(loginshould fail)
    3. Attempt to login as root with valid password.(loginshould succeed)
    4. Execute “id” command and verify identity (i.e.uid=0)
    5. Execute “faillog” command and verify invalid login attempts were recorded.
    6. Execute “lastlog” command and verify root user login date/time is correct.
  2. /etc/securetty, /sbin/agetty,

    1. Connect serial terminal to target of evaluation.
    2. Add the following line to /etc/inittab
    3. § S0:2345:respawn:/sbin/agetty –L 9600 ttyS0
    4. Reboot machine (or change init level).
    5. Verify “root” is denied login access from the serial terminal.
    6. Add “ttyS0” to the /etc/securettyfile.
    7. Verify “root” is allowed login access from the serial terminal.
  3. /etc/inittab & /sbin/init

    1. Add the following line to /etc/inittab
    2. § TEAL:2345:respawn:/bin/sleep 300
    3. Reboot machine (or change init level).
    4. Verify the sleep process is running (ps–ef|grep“/bin/sleep 300”).
    5. Remove line from /etc/inittab.
    6. Reboot machine (or change init level).
    7. Verify the sleep process is not running.
  4. /sbin/mingetty

    1. Open a virtual console usingCntrl-Alt-Fn, where n is 1-6.
    2. Attempt to login as root with an invalid password.The login operation should fail.
    3. Attempt to login as root with a valid operation.The login operation should be successful.
    4. Execute “w” command.
    5. oVerify TTY is correct (i.e.ttyn).
    6. Verify USER is “root”.
    7. Verify LOGIN@ time is correct (i.e. current time).
  5. mount

    1. cd to ltp_EAL2/testcases/bin subdirectory (for example /test_EAL2/ltp_EAL2/testcases/bin).
    2. Run “./mount01 –D /dev/...” (where/dev/… is anumountedblock device)
    3. Run “./mount02 –D /dev/...”
    4. Run “./mount03 –D /dev/...”
    5. Run “./mount04 –D /dev/...”

Sourceforge.net  Last modified on: June 15, 2006 - 16:37:35 UTC.
Theme: