tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 00:34:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

add pester test for event viewer scenarios (#788)

Browse Source 
* add pester test for event viewer scenarios

* revert ci changes

* Update regress/pesterTests/EventLogging.Tests.ps1

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update regress/pesterTests/EventLogging.Tests.ps1

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update EventLogging.Tests.ps1

* add comments

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Tess Gauthier 2025-07-21 16:46:25 -04:00 committed by GitHub
parent c1a8d54998
commit 139a1b413d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 185 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
regress/pesterTests/EventLogging.Tests.ps1 Normal file
View File

@ -0,0 +1,185 @@
If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
Import-Module OpenSSHUtils -Force
$tC = 1
$tI = 0
$suite = "EventLogging"
Describe "Tests for admin and non-admin event logs" -Tags "CI" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{
Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
}
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite"
if( -not (Test-path $testDir -PathType Container))
{
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
}
$server = $OpenSSHTestInfo["Target"]
$nonadminusername = $OpenSSHTestInfo['NonAdminUser']
$adminusername = $OpenSSHTestInfo['AdminUser']
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
$password = $OpenSSHTestInfo['TestAccountPW']
$port = 47003
$sshdDelay = $OpenSSHTestInfo["DelayTime"]
# Register OpenSSH events in Event Viewer
$etwman = Join-Path $opensshbinpath "openssh-events.man"
if (-not (Test-Path $etwman -PathType Leaf)) {
throw "openssh events manifest is not present in OpenSSH binary path"
}
wevtutil im "$etwman" | Out-Null
}
AfterEach { $tI++ }
AfterAll {
# Unregister etw provider
wevtutil um "$etwman"
}
Context "Tests Logs for SSH connections" {
BeforeAll {
Add-PasswordSetting -Pass $password
$tI=1
}
BeforeEach {
# disable the OpenSSH log channels
wevtutil sl "OpenSSH/Debug" /e:false /q:true | Out-Null
wevtutil sl "OpenSSH/Operational" /e:false /q:true | Out-Null
# clear any existing logs
wevtutil cl "OpenSSH/Debug" | Out-Null
wevtutil cl "OpenSSH/Operational" | Out-Null
# enable the OpenSSH log channels
wevtutil sl "OpenSSH/Debug" /e:true /q:true | Out-Null
wevtutil sl "OpenSSH/Operational" /e:true /q:true | Out-Null
}
AfterAll {
Remove-PasswordSetting
$tC++
}
It "$tC.$tI-Nonadmin SSH Connection" {
$o = ssh -l $nonadminusername test_target echo 1234
$o | Should Be 1234
Start-Sleep $sshdDelay
# query the OpenSSH log channels to make sure events were captured
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
$eventLogDebug | Should Not Be $null
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
$eventLogOperational | Should Not Be $null
}
It "$tC.$tI-Admin SSH Connection" {
$o = ssh -l $adminusername test_target echo 1234
$o | Should Be 1234
Start-Sleep $sshdDelay
# query the OpenSSH log channels to make sure events were captured
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
$eventLogDebug | Should Not Be $null
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
$eventLogOperational | Should Not Be $null
}
}
Context "Tests Logs for SFTP connections" {
BeforeAll {
function Setup-KeyBasedAuth
{
param([string] $Username, [string] $KeyFilePath, [string] $UserProfile)
$userSSHProfilePath = Join-Path $UserProfile .ssh
if (-not (Test-Path $userSSHProfilePath -PathType Container)) {
New-Item $userSSHProfilePath -ItemType directory -Force -ErrorAction Stop | Out-Null
}
$authorizedkeyPath = Join-Path $userSSHProfilePath authorized_keys
if($OpenSSHTestInfo["NoLibreSSL"])
{
ssh-keygen.exe -t ed25519 -f $KeyFilePath -Z -P "" aes128-ctr
}
else
{
ssh-keygen.exe -t ed25519 -f $KeyFilePath -P ""
}
Copy-Item "$KeyFilePath.pub" $authorizedkeyPath -Force -ErrorAction SilentlyContinue
Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false
}
$AdminUserProfile = $OpenSSHTestInfo['AdminUserProfile']
$NonAdminUserProfile = $OpenSSHTestInfo['NonAdminUserProfile']
$KeyFileName = $nonadminusername + "_sshtest_EventLog_ed25519"
$NonadminKeyFilePath = Join-Path $testDir $keyFileName
Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue
Setup-KeyBasedAuth -Username $nonadminusername -KeyFilePath $NonadminKeyFilePath -UserProfile $NonAdminUserProfile
$KeyFileName = $adminusername + "_sshtest_EventLog_ed25519"
$AdminKeyFilePath = Join-Path $testDir $keyFileName
Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue
Setup-KeyBasedAuth -Username $adminusername -KeyFilePath $AdminKeyFilePath -UserProfile $AdminUserProfile
#create batch file
$commands =
"ls
exit"
$batchFilePath = Join-Path $testDir "$tC.$tI.commands.txt"
Set-Content $batchFilePath -Encoding UTF8 -value $commands
$tI = 1
}
BeforeEach {
# disable the OpenSSH log channels
wevtutil sl "OpenSSH/Debug" /e:false /q:true | Out-Null
wevtutil sl "OpenSSH/Operational" /e:false /q:true | Out-Null
# clear any existing logs
wevtutil cl "OpenSSH/Debug" | Out-Null
wevtutil cl "OpenSSH/Operational" | Out-Null
# enable the OpenSSH log channels
wevtutil sl "OpenSSH/Debug" /e:true /q:true | Out-Null
wevtutil sl "OpenSSH/Operational" /e:true /q:true | Out-Null
}
AfterAll {
Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue
Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue
$authorized_key = Join-Path '.ssh' authorized_keys
$AdminAuthKeysPath = Join-Path $AdminUserProfile $authorized_key
$NonAdminAuthKeysPath = Join-Path $NonAdminUserProfile $authorized_key
Remove-Item -path "$AdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue
Remove-Item -path "$NonAdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue
$tC++
}
It "$tC.$tI-Nonadmin SFTP Connection" {
sftp -i $NonadminKeyFilePath -b $batchFilePath -o User=$nonadminusername test_target
Start-Sleep $sshdDelay
# query the OpenSSH log channels to make sure events were captured
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
$eventLogDebug | Should Not Be $null
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
$eventLogOperational | Should Not Be $null
}
It "$tC.$tI-Admin SFTP Connection" {
sftp -i $AdminKeyFilePath -b $batchFilePath -o User=$adminusername test_target
Start-Sleep $sshdDelay
# query the OpenSSH log channels to make sure events were captured
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
$eventLogDebug | Should Not Be $null
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
$eventLogOperational | Should Not Be $null
}
}
}