Do an earlier detection of grsecurity and store result, so tests can be simplified

include/consts

@@ -83,8 +83,9 @@ unset LANG
     FIREWALL_ACTIVE=0
     FOUNDPATH=0
     GREPBINARY="grep"
-    GRPCKBINARY=""
     GROUP_NAME=""
+    GRPCKBINARY=""
+    GRSEC_FOUND=0
     GRUB2INSTALLBINARY=""
     HAS_SYSTEMD=0
     HELPER=""

include/osdetection

@@ -113,6 +113,7 @@
           FIND_BINARIES="whereis -b"
           OS_KERNELVERSION_FULL=`uname -r`
           OS_KERNELVERSION=`echo ${OS_KERNELVERSION_FULL} | sed 's/-.*//'`
+          if [ -e /dev/grsec ]; then GRSEC_FOUND=1; fi
 
           # Amazon
           if [ -e "/etc/system-release" ]; then

include/tests_logging

@@ -477,7 +477,7 @@
         LogText "Test: checking deleted files that are still in use"
 
         LSOF_GREP="WARNING|Output information"
-        if [ ${GRSECFOUND} -eq 1 ]; then
+        if [ ${GRSEC_FOUND} -eq 1 ]; then
             # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp
             LSOF_GREP="${LSOF_GREP}|fail2ban"
         fi

include/tests_mac_frameworks

@@ -19,7 +19,6 @@
 #################################################################################
 #
     APPARMORFOUND=0                     # Set default for test MACF-6208
-    GRSECFOUND=0                        # grsecurity
     MAC_FRAMEWORK_ACTIVE=0              # Default no MAC framework active
     RBAC_FRAMEWORK_ACTIVE=0             # Default no RBAC framework active
     SELINUXFOUND=0
@@ -137,28 +136,20 @@
 #
     # Test        : RBAC-6272
     # Description : Check if grsecurity is installed
-    # Notes       : Solaris doesn't support test -e
+    # Notes       : We already checked grsecurity in osdetection
-    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no RBAC-6272 --weight L --network NO --description "Check grsecurity presence"
-    Register --test-no RBAC-6272 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check grsecurity presence"
     if [ ${SKIPTEST} -eq 0 ]; then
-        if [ -e /dev/grsec ]; then
-            GRSECFOUND=1
-            LogText "Result: grsecurity available (/dev/grsec found)"
-           else
-            LogText "Result: grsecurity not present (/dev/grsec not found)"
-        fi
         # Check Linux kernel configuration
         if [ ! "${LINUXCONFIGFILE}" = "" -a -f "${LINUXCONFIGFILE}" ]; then
             FIND=`${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}`
             if [ ! "${FIND}" = "" ]; then
                 LogText "Result: grsecurity available (in kernel config)"
-                GRSECFOUND=1
+                GRSEC_FOUND=1
               else
                 LogText "Result: no grsecurity found in kernel config"
             fi
         fi
-        # Found grsecurity?
+        if [ ${GRSEC_FOUND} -eq 1 ]; then
-        if [ ${GRSECFOUND} -eq 1 ]; then
             Display --indent 2 --text "- Checking presence grsecurity" --result FOUND --color GREEN
             AddHP 3 3
           else
@@ -186,7 +177,7 @@
 #################################################################################
 #
 
-Report "framework_grsecurity=${GRSECFOUND}"
+Report "framework_grsecurity=${GRSEC_FOUND}"
 Report "framework_selinux=${SELINUXFOUND}"
 
 WaitForKeyPress