my $list_mode = 0;
my $diff_mode = 0;
my $saved_last_results = 0;
+my $test_system_install = 0;
+my $normal_root_override_str = '';
my $PRINT_LEN = 68;
my $REQUIRED = 1;
my $OPTIONAL = 0;
'negative_output_matches' => $OPTIONAL,
);
+my @args_cp = @ARGV;
+
+exit 1 unless GetOptions(
+ 'psad-path=s' => \$psadCmd,
+ 'test-include=s' => \$test_include,
+ 'include=s' => \$test_include, ### synonym
+ 'test-exclude=s' => \$test_exclude,
+ 'exclude=s' => \$test_exclude, ### synonym
+ 'test-system-install' => \$test_system_install,
+ 'List-mode' => \$list_mode,
+ 'diff' => \$diff_mode,
+ 'help' => \$help
+);
+
+&usage() if $help;
+
+if ($test_system_install) {
+ $normal_root_override_str = "-O $conf_dir/normal_root_override.conf";
+ $psadCmd = '/usr/sbin/psad';
+}
+
### define all tests
my @tests = (
{
'detail' => '--help',
'err_msg' => 'could not get --help output',
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -h -c $default_conf",
+ 'cmdline' => "$psadCmd -h -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'detail' => 'config dump+validate',
'err_msg' => 'could not dump+validate config',
'function' => \&validate_config,
- 'cmdline' => "$psadCmd --test-mode -D -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode -D -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
qr/\biptables\b/, qr/\bip6tables\b/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode --fw-dump -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --fw-dump -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Listing\schains\sfrom\sIPT_AUTO_CHAIN/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode --fw-list-auto -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --fw-list-auto -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Parsing.*iptables/, qr/Parsing.*ip6tables/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode --fw-analyze -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --fw-analyze -c $default_conf $normal_root_override_str",
'exec_err' => $IGNORE,
'fatal' => $NO
},
'detail' => '--Status',
'err_msg' => 'could not get psad status',
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode -S -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode -S -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'detail' => '--Status --status-summary',
'err_msg' => 'could not get psad status summary',
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode -S --status-summary -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode -S --status-summary -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Next\savailable.*\s\d+/i],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode --get-next-rule-id -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --get-next-rule-id -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Entering\sbenchmark\smode/, qr/processing\stime\:\s\d+/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --test-mode --Benchmark --packets 1000 -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --Benchmark --packets 1000 -c $default_conf $normal_root_override_str",
'exec_err' => $IGNORE,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$syn_scan_file -c $default_conf",
+ &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ms_sql_server_sig_match_file -c $default_conf",
+ &fw_type() . "/$ms_sql_server_sig_match_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv6_ms_sql_server_sig_match_file -c $default_conf",
+ &fw_type() . "/$ipv6_ms_sql_server_sig_match_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$ms_sql_server_sig_match_file " .
- "--signatures $no_ms_sql_server_sig_match_file -c $default_conf",
+ "--signatures $no_ms_sql_server_sig_match_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$ipv6_ms_sql_server_sig_match_file " .
- "--signatures $no_ms_sql_server_sig_match_file -c $default_conf",
+ "--signatures $no_ms_sql_server_sig_match_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$fin_scan_file -c $default_conf",
+ &fw_type() . "/$fin_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$xmas_scan_file -c $default_conf",
+ &fw_type() . "/$xmas_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$null_scan_file -c $default_conf",
+ &fw_type() . "/$null_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ack_scan_file -c $enable_ack_detection_conf",
+ &fw_type() . "/$ack_scan_file -c $enable_ack_detection_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$udp_scan_file -c $default_conf",
+ &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_tcp " .
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_udp " .
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_udp " .
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_tcp " .
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_subnet_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf IGNORE_PROTOCOLS trumps auto_dl
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $ignore_tcp_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $ignore_tcp_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf FW_MSG_SEARCH trumps auto_dl
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $require_prefix_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $require_prefix_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf FW_MSG_SEARCH trumps auto_dl
- "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $require_missing_prefix_conf",
+ "-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $require_missing_prefix_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_subnet_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf IGNORE_PROTOCOLS trumps auto_dl
- "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $ignore_udp_conf",
+ "-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $ignore_udp_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv6_connect_scan_file -c $default_conf",
+ &fw_type() . "/$ipv6_connect_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv6_ping_scan_file -c $default_conf",
+ &fw_type() . "/$ipv6_ping_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv6_invalid_icmp6_type_code_file -c $default_conf",
+ &fw_type() . "/$ipv6_invalid_icmp6_type_code_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv4_valid_ping -c $default_conf",
+ &fw_type() . "/$ipv4_valid_ping -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv4_invalid_icmp6_type_code_file -c $default_conf",
+ &fw_type() . "/$ipv4_invalid_icmp6_type_code_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
- &fw_type() . "/$ipv6_connect_scan_file -c $disable_ipv6_conf",
+ &fw_type() . "/$ipv6_connect_scan_file -c $disable_ipv6_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv6_addr_auto_dl_file " .
- "-m $scans_dir/" . &fw_type() . "/$ipv6_connect_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$ipv6_connect_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv6_addr_auto_dl_file_abbrev " .
- "-m $scans_dir/" . &fw_type() . "/$ipv6_connect_scan_file -c $default_conf",
+ "-m $scans_dir/" . &fw_type() . "/$ipv6_connect_scan_file -c $default_conf $normal_root_override_str",
'exec_err' => $NO,
'fatal' => $NO
},
);
-my @args_cp = @ARGV;
-
-exit 1 unless GetOptions(
- 'psad-path=s' => \$psadCmd,
- 'test-include=s' => \$test_include,
- 'include=s' => \$test_include, ### synonym
- 'test-exclude=s' => \$test_exclude,
- 'exclude=s' => \$test_exclude, ### synonym
- 'List-mode' => \$list_mode,
- 'diff' => \$diff_mode,
- 'help' => \$help
-);
-
-&usage() if $help;
-
### make sure everything looks as expected before continuing
&init();
projects / psad.git / commitdiff