Do an earlier detection of grsecurity and store result, so tests can be simplified

2016-05-03 10:58:05 +02:00 · 2016-05-03 10:58:05 +02:00 · 924e53ed76
parent 89e16443a9
commit 924e53ed76
5 changed files with 9 additions and 16 deletions
--- a/include/consts
+++ b/include/consts
@ -83,8 +83,9 @@ unset LANG
    FIREWALL_ACTIVE=0
    FOUNDPATH=0
    GREPBINARY="grep"
-    GRPCKBINARY=""
    GROUP_NAME=""
+    GRPCKBINARY=""
+    GRSEC_FOUND=0
    GRUB2INSTALLBINARY=""
    HAS_SYSTEMD=0
    HELPER=""
--- a/include/osdetection
+++ b/include/osdetection
@ -113,6 +113,7 @@
          FIND_BINARIES="whereis -b"
          OS_KERNELVERSION_FULL=`uname -r`
          OS_KERNELVERSION=`echo ${OS_KERNELVERSION_FULL} | sed 's/-.*//'`
+          if [ -e /dev/grsec ]; then GRSEC_FOUND=1; fi

          # Amazon
          if [ -e "/etc/system-release" ]; then
--- a/include/tests_custom
+++ b/include/tests_custom
--- a/include/tests_logging
+++ b/include/tests_logging
@ -477,7 +477,7 @@
        LogText "Test: checking deleted files that are still in use"

        LSOF_GREP="WARNING|Output information"
-        if [ ${GRSECFOUND} -eq 1 ]; then
+        if [ ${GRSEC_FOUND} -eq 1 ]; then
            # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp
            LSOF_GREP="${LSOF_GREP}|fail2ban"
        fi
--- a/include/tests_mac_frameworks
+++ b/include/tests_mac_frameworks
@ -19,7 +19,6 @@
 #################################################################################
 #
    APPARMORFOUND=0                     # Set default for test MACF-6208
-    GRSECFOUND=0                        # grsecurity
    MAC_FRAMEWORK_ACTIVE=0              # Default no MAC framework active
    RBAC_FRAMEWORK_ACTIVE=0             # Default no RBAC framework active
    SELINUXFOUND=0
@ -137,28 +136,20 @@
 #
    # Test        : RBAC-6272
    # Description : Check if grsecurity is installed
-    # Notes       : Solaris doesn't support test -e
-    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no RBAC-6272 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check grsecurity presence"
+    # Notes       : We already checked grsecurity in osdetection
+    Register --test-no RBAC-6272 --weight L --network NO --description "Check grsecurity presence"
    if [ ${SKIPTEST} -eq 0 ]; then
-        if [ -e /dev/grsec ]; then
-            GRSECFOUND=1
-            LogText "Result: grsecurity available (/dev/grsec found)"
-           else
-            LogText "Result: grsecurity not present (/dev/grsec not found)"
-        fi
        # Check Linux kernel configuration
        if [ ! "${LINUXCONFIGFILE}" = "" -a -f "${LINUXCONFIGFILE}" ]; then
            FIND=`${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}`
            if [ ! "${FIND}" = "" ]; then
                LogText "Result: grsecurity available (in kernel config)"
-                GRSECFOUND=1
+                GRSEC_FOUND=1
              else
                LogText "Result: no grsecurity found in kernel config"
            fi
        fi
-        # Found grsecurity?
-        if [ ${GRSECFOUND} -eq 1 ]; then
+        if [ ${GRSEC_FOUND} -eq 1 ]; then
            Display --indent 2 --text "- Checking presence grsecurity" --result FOUND --color GREEN
            AddHP 3 3
          else
@ -186,7 +177,7 @@
 #################################################################################
 #

-Report "framework_grsecurity=${GRSECFOUND}"
+Report "framework_grsecurity=${GRSEC_FOUND}"
 Report "framework_selinux=${SELINUXFOUND}"

 WaitForKeyPress