diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-10-23 00:26:02 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-10-23 00:26:02 +0200 |
commit | b891c22aa99110b30d95ecac51a5fa28446e332f (patch) | |
tree | 5039141379745211dfe8b4683960b2d7eaa4fcf6 /testing/tests/tnc | |
parent | 252c04d3f9e3ce6c1c1071d607e8c48974cefbe4 (diff) | |
download | strongswan-b891c22aa99110b30d95ecac51a5fa28446e332f.tar.bz2 strongswan-b891c22aa99110b30d95ecac51a5fa28446e332f.tar.xz |
Updated and split data.sql
Diffstat (limited to 'testing/tests/tnc')
16 files changed, 174 insertions, 4491 deletions
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data.sql b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data.sql deleted file mode 100644 index 090eb47ff..000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data.sql +++ /dev/null @@ -1,873 +0,0 @@ -/* Products */ - -INSERT INTO products ( /* 1 */ - name -) VALUES ( - 'Debian 6.0 i686' -); - -INSERT INTO products ( /* 2 */ - name -) VALUES ( - 'Debian 6.0 x86_64' -); - -INSERT INTO products ( /* 3 */ - name -) VALUES ( - 'Debian 7.0 i686' -); - -INSERT INTO products ( /* 4 */ - name -) VALUES ( - 'Debian 7.0 x86_64' -); - -INSERT INTO products ( /* 5 */ - name -) VALUES ( - 'Debian 8.0 i686' -); - -INSERT INTO products ( /* 6 */ - name -) VALUES ( - 'Debian 8.0 x86_64' -); - -INSERT INTO products ( /* 7 */ - name -) VALUES ( - 'Ubuntu 10.04 i686' -); - -INSERT INTO products ( /* 8 */ - name -) VALUES ( - 'Ubuntu 10.04 x86_64' -); - -INSERT INTO products ( /* 9 */ - name -) VALUES ( - 'Ubuntu 10.10 i686' -); - -INSERT INTO products ( /* 10 */ - name -) VALUES ( - 'Ubuntu 10.10 x86_64' -); - -INSERT INTO products ( /* 11 */ - name -) VALUES ( - 'Ubuntu 11.04 i686' -); - -INSERT INTO products ( /* 12 */ - name -) VALUES ( - 'Ubuntu 11.04 x86_64' -); - -INSERT INTO products ( /* 13 */ - name -) VALUES ( - 'Ubuntu 11.10 i686' -); - -INSERT INTO products ( /* 14 */ - name -) VALUES ( - 'Ubuntu 11.10 x86_64' -); - -INSERT INTO products ( /* 15 */ - name -) VALUES ( - 'Ubuntu 12.04 i686' -); - -INSERT INTO products ( /* 16 */ - name -) VALUES ( - 'Ubuntu 12.04 x86_64' -); - -INSERT INTO products ( /* 17 */ - name -) VALUES ( - 'Ubuntu 12.10 i686' -); - -INSERT INTO products ( /* 18 */ - name -) VALUES ( - 'Ubuntu 12.10 x86_64' -); - -INSERT INTO products ( /* 19 */ - name -) VALUES ( - 'Ubuntu 13.04 i686' -); - -INSERT INTO products ( /* 20 */ - name -) VALUES ( - 'Ubuntu 13.04 x86_64' -); - -INSERT INTO products ( /* 21 */ - name -) VALUES ( - 'Android 4.1.1' -); - -INSERT INTO products ( /* 22 */ - name -) VALUES ( - 'Android 4.2.1' -); - -/* Directories */ - -INSERT INTO directories ( /* 1 */ - path -) VALUES ( - '/bin' -); - -INSERT INTO directories ( /* 2 */ - path -) VALUES ( - '/etc' -); - -INSERT INTO directories ( /* 3 */ - path -) VALUES ( - '/lib' -); - -INSERT INTO directories ( /* 4 */ - path -) VALUES ( - '/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 5 */ - path -) VALUES ( - '/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 6 */ - path -) VALUES ( - '/lib/xtables' -); - -INSERT INTO directories ( /* 7 */ - path -) VALUES ( - '/sbin' -); - -INSERT INTO directories ( /* 8 */ - path -) VALUES ( - '/usr/bin' -); - -INSERT INTO directories ( /* 9 */ - path -) VALUES ( - '/usr/lib' -); - -INSERT INTO directories ( /* 10 */ - path -) VALUES ( - '/usr/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 11 */ - path -) VALUES ( - '/usr/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 12 */ - path -) VALUES ( - '/usr/sbin' -); - -INSERT INTO directories ( /* 13 */ - path -) VALUES ( - '/system/bin' -); - -INSERT INTO directories ( /* 14 */ - path -) VALUES ( - '/system/lib' -); - -/* Files */ - -INSERT INTO files ( /* 1 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 5 -); - -INSERT INTO files ( /* 2 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 11 -); - -INSERT INTO files ( /* 3 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 5 -); - -INSERT INTO files ( /* 4 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 11 -); - -INSERT INTO files ( /* 5 */ - name, dir -) VALUES ( - 'openssl', 8 -); - -INSERT INTO files ( /* 6 */ - name, dir -) VALUES ( - 'tnc_config', 2 -); - -/* Algorithms */ - -INSERT INTO algorithms ( - id, name -) VALUES ( - 65536, 'SHA1-IMA' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 32768, 'SHA1' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 16384, 'SHA256' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 8192, 'SHA384' -); - -/* File Hashes */ - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' -); - -/* Packages */ - -INSERT INTO packages ( /* 1 */ - name -) VALUES ( - 'libssl-dev' -); - -INSERT INTO packages ( /* 2 */ - name -) VALUES ( - 'libssl1.0.0' -); - -INSERT INTO packages ( /* 3 */ - name -) VALUES ( - 'libssl1.0.0-dbg' -); - -INSERT INTO packages ( /* 4 */ - name -) VALUES ( - 'openssl' -); - -/* Versions */ - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 1, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 2, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 3, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 4, 4, '1.0.1e-2', 1366531494 -); - -/* Components */ - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 1, 33 /* ITA TGRUB */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 2, 33 /* ITA TBOOT */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 33 /* ITA IMA - Trusted Platform */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 34 /* ITA IMA - Operating System */ -); - -/* Groups */ - -INSERT INTO groups ( /* 1 */ - name -) VALUES ( - 'Default' -); - -INSERT INTO groups ( /* 2 */ - name, parent -) VALUES ( - 'Linux', 1 -); - -INSERT INTO groups ( /* 3 */ - name, parent -) VALUES ( - 'Android', 1 -); - -INSERT INTO groups ( /* 4 */ - name, parent -) VALUES ( - 'Debian i686', 2 -); - -INSERT INTO groups ( /* 5 */ - name, parent -) VALUES ( - 'Debian x86_64', 2 -); - -INSERT INTO groups ( /* 6 */ - name, parent -) VALUES ( - 'Ubuntu i686', 2 -); - -INSERT INTO groups ( /* 7 */ - name, parent -) VALUES ( - 'Ubuntu x86_64', 2 -); - -INSERT INTO groups ( /* 8 */ - name -) VALUES ( - 'Reference' -); - -INSERT INTO groups ( /* 9 */ - name, parent -) VALUES ( - 'Ref. Android', 8 -); - -INSERT INTO groups ( /* 10 */ - name, parent -) VALUES ( - 'Ref. Linux', 8 -); - -/* Default Product Groups */ - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 1 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 3 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 5 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 2 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 4 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 6 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 7 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 9 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 11 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 13 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 15 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 17 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 19 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 8 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 10 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 12 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 14 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 16 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 18 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 20 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 21 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 22 -); - -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) VALUES ( - 'aabbccddeeff11223344556677889900', 4, 1372330615 -); - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 10, 1 -); - -/* Policies */ - -INSERT INTO policies ( /* 1 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 1, 'Installed Packages', 2, 2 -); - -INSERT INTO policies ( /* 2 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 2, 'Unknown Source', 2, 2 -); - -INSERT INTO policies ( /* 3 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 3, 'IP Forwarding Enabled', 1, 1 -); - -INSERT INTO policies ( /* 4 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 4, 'Default Factory Password Enabled', 1, 1 -); - -INSERT INTO policies ( /* 5 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2 -); - -INSERT INTO policies ( /* 6 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2 -); - -INSERT INTO policies ( /* 7 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/bin/openssl', 5, 2, 2 -); - -INSERT INTO policies ( /* 8 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 11, 'No Open TCP Ports', 1, 1 -); - -INSERT INTO policies ( /* 9 */ - type, name, argument, rec_fail, rec_noresult -) VALUES ( - 13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1 -); - -INSERT INTO policies ( /* 10 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 7, 'Metadata of /etc/tnc_config', 6, 0, 0 -); - -INSERT INTO policies ( /* 11 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /bin', 1, 0, 0 -); - -INSERT INTO policies ( /* 12 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2 -); - -INSERT INTO policies ( /* 13 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2 -); - -INSERT INTO policies ( /* 14 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/bin', 13, 0, 0 -); - -INSERT INTO policies ( /* 15 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/lib', 14, 0, 0 -); - -INSERT INTO policies ( /* 16 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 9, 'Measure /bin', 1, 2, 2 -); - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 2, 3, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 2, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 10, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 5, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 6, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 7, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 8, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 9, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 10, 2, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 11, 10, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 12, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 13, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 14, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 15, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 16, 2, 0 -); diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..2bb7e7924 --- /dev/null +++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,29 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 28, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 16, 2, 0 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat index 5f94f8dbb..a991d05ea 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat @@ -5,7 +5,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second -alice::cd /etc/pts; cat tables.sql data.sql | sqlite3 config.db +alice::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd alice::cat /etc/tnc_config carol::cat /etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-os/evaltest.dat b/testing/tests/tnc/tnccs-20-os/evaltest.dat index 0d3f55b45..21a7278d7 100644 --- a/testing/tests/tnc/tnccs-20-os/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-os/evaltest.dat @@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES -moon:: ipsec attest --sessions 2> /dev/null::Debian 7.0 x86_64.*carol@strongswan.org - allow::YES +moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: ipsec attest --sessions 2> /dev/null::Debian 7.0 x86_64.*dave@strongswan.org - isolate::YES +moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql deleted file mode 100644 index d17aac15e..000000000 --- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql +++ /dev/null @@ -1,892 +0,0 @@ -/* Products */ - -INSERT INTO products ( /* 1 */ - name -) VALUES ( - 'Debian 6.0 i686' -); - -INSERT INTO products ( /* 2 */ - name -) VALUES ( - 'Debian 6.0 x86_64' -); - -INSERT INTO products ( /* 3 */ - name -) VALUES ( - 'Debian 7.0 i686' -); - -INSERT INTO products ( /* 4 */ - name -) VALUES ( - 'Debian 7.0 x86_64' -); - -INSERT INTO products ( /* 5 */ - name -) VALUES ( - 'Debian 8.0 i686' -); - -INSERT INTO products ( /* 6 */ - name -) VALUES ( - 'Debian 8.0 x86_64' -); - -INSERT INTO products ( /* 7 */ - name -) VALUES ( - 'Ubuntu 10.04 i686' -); - -INSERT INTO products ( /* 8 */ - name -) VALUES ( - 'Ubuntu 10.04 x86_64' -); - -INSERT INTO products ( /* 9 */ - name -) VALUES ( - 'Ubuntu 10.10 i686' -); - -INSERT INTO products ( /* 10 */ - name -) VALUES ( - 'Ubuntu 10.10 x86_64' -); - -INSERT INTO products ( /* 11 */ - name -) VALUES ( - 'Ubuntu 11.04 i686' -); - -INSERT INTO products ( /* 12 */ - name -) VALUES ( - 'Ubuntu 11.04 x86_64' -); - -INSERT INTO products ( /* 13 */ - name -) VALUES ( - 'Ubuntu 11.10 i686' -); - -INSERT INTO products ( /* 14 */ - name -) VALUES ( - 'Ubuntu 11.10 x86_64' -); - -INSERT INTO products ( /* 15 */ - name -) VALUES ( - 'Ubuntu 12.04 i686' -); - -INSERT INTO products ( /* 16 */ - name -) VALUES ( - 'Ubuntu 12.04 x86_64' -); - -INSERT INTO products ( /* 17 */ - name -) VALUES ( - 'Ubuntu 12.10 i686' -); - -INSERT INTO products ( /* 18 */ - name -) VALUES ( - 'Ubuntu 12.10 x86_64' -); - -INSERT INTO products ( /* 19 */ - name -) VALUES ( - 'Ubuntu 13.04 i686' -); - -INSERT INTO products ( /* 20 */ - name -) VALUES ( - 'Ubuntu 13.04 x86_64' -); - -INSERT INTO products ( /* 21 */ - name -) VALUES ( - 'Android 4.1.1' -); - -INSERT INTO products ( /* 22 */ - name -) VALUES ( - 'Android 4.2.1' -); - -/* Directories */ - -INSERT INTO directories ( /* 1 */ - path -) VALUES ( - '/bin' -); - -INSERT INTO directories ( /* 2 */ - path -) VALUES ( - '/etc' -); - -INSERT INTO directories ( /* 3 */ - path -) VALUES ( - '/lib' -); - -INSERT INTO directories ( /* 4 */ - path -) VALUES ( - '/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 5 */ - path -) VALUES ( - '/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 6 */ - path -) VALUES ( - '/lib/xtables' -); - -INSERT INTO directories ( /* 7 */ - path -) VALUES ( - '/sbin' -); - -INSERT INTO directories ( /* 8 */ - path -) VALUES ( - '/usr/bin' -); - -INSERT INTO directories ( /* 9 */ - path -) VALUES ( - '/usr/lib' -); - -INSERT INTO directories ( /* 10 */ - path -) VALUES ( - '/usr/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 11 */ - path -) VALUES ( - '/usr/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 12 */ - path -) VALUES ( - '/usr/sbin' -); - -INSERT INTO directories ( /* 13 */ - path -) VALUES ( - '/system/bin' -); - -INSERT INTO directories ( /* 14 */ - path -) VALUES ( - '/system/lib' -); - -/* Files */ - -INSERT INTO files ( /* 1 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 5 -); - -INSERT INTO files ( /* 2 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 11 -); - -INSERT INTO files ( /* 3 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 5 -); - -INSERT INTO files ( /* 4 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 11 -); - -INSERT INTO files ( /* 5 */ - name, dir -) VALUES ( - 'openssl', 8 -); - -INSERT INTO files ( /* 6 */ - name, dir -) VALUES ( - 'tnc_config', 2 -); - -/* Algorithms */ - -INSERT INTO algorithms ( - id, name -) VALUES ( - 65536, 'SHA1-IMA' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 32768, 'SHA1' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 16384, 'SHA256' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 8192, 'SHA384' -); - -/* File Hashes */ - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' -); - -/* Packages */ - -INSERT INTO packages ( /* 1 */ - name -) VALUES ( - 'libssl-dev' -); - -INSERT INTO packages ( /* 2 */ - name -) VALUES ( - 'libssl1.0.0' -); - -INSERT INTO packages ( /* 3 */ - name -) VALUES ( - 'libssl1.0.0-dbg' -); - -INSERT INTO packages ( /* 4 */ - name -) VALUES ( - 'openssl' -); - -/* Versions */ - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 1, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 2, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 3, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 4, 4, '1.0.1e-2', 1366531494 -); - -/* Components */ - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 1, 33 /* ITA TGRUB */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 2, 33 /* ITA TBOOT */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 33 /* ITA IMA - Trusted Platform */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 34 /* ITA IMA - Operating System */ -); - -/* Groups */ - -INSERT INTO groups ( /* 1 */ - name -) VALUES ( - 'Default' -); - -INSERT INTO groups ( /* 2 */ - name, parent -) VALUES ( - 'Linux', 1 -); - -INSERT INTO groups ( /* 3 */ - name, parent -) VALUES ( - 'Android', 1 -); - -INSERT INTO groups ( /* 4 */ - name, parent -) VALUES ( - 'Debian i686', 2 -); - -INSERT INTO groups ( /* 5 */ - name, parent -) VALUES ( - 'Debian x86_64', 2 -); - -INSERT INTO groups ( /* 6 */ - name, parent -) VALUES ( - 'Ubuntu i686', 2 -); - -INSERT INTO groups ( /* 7 */ - name, parent -) VALUES ( - 'Ubuntu x86_64', 2 -); - -INSERT INTO groups ( /* 8 */ - name -) VALUES ( - 'Reference' -); - -INSERT INTO groups ( /* 9 */ - name, parent -) VALUES ( - 'Ref. Android', 8 -); - -INSERT INTO groups ( /* 10 */ - name, parent -) VALUES ( - 'Ref. Linux', 8 -); - -/* Default Product Groups */ - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 1 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 3 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 5 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 2 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 4 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 6 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 7 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 9 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 11 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 13 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 15 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 17 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 19 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 8 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 10 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 12 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 14 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 16 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 18 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 20 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 21 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 22 -); - -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) VALUES ( - 'aabbccddeeff11223344556677889900', 4, 1372330615 -); - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 5, 1 -); - -/* Identities */ - -INSERT INTO identities ( - type, value -) VALUES ( /* dave@strongswan.org */ - 4, X'64617665407374726f6e677377616e2e6f7267' -); - -/* Sessions */ - -INSERT INTO sessions ( - time, connection, identity, device, product, rec -) VALUES ( - NOW, 1, 1, 1, 4, 0 -); - -/* Results */ - -INSERT INTO results ( - session, policy, rec, result -) VALUES ( - 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' -); - -/* Policies */ - -INSERT INTO policies ( /* 1 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 1, 'Installed Packages', 2, 2 -); - -INSERT INTO policies ( /* 2 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 2, 'Unknown Source', 2, 2 -); - -INSERT INTO policies ( /* 3 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 3, 'IP Forwarding Enabled', 1, 1 -); - -INSERT INTO policies ( /* 4 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 4, 'Default Factory Password Enabled', 1, 1 -); - -INSERT INTO policies ( /* 5 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2 -); - -INSERT INTO policies ( /* 6 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2 -); - -INSERT INTO policies ( /* 7 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/bin/openssl', 5, 2, 2 -); - -INSERT INTO policies ( /* 8 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 11, 'No Open TCP Ports', 1, 1 -); - -INSERT INTO policies ( /* 9 */ - type, name, argument, rec_fail, rec_noresult -) VALUES ( - 13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1 -); - -INSERT INTO policies ( /* 10 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 7, 'Metadata of /etc/tnc_config', 6, 0, 0 -); - -INSERT INTO policies ( /* 11 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /bin', 1, 0, 0 -); - -INSERT INTO policies ( /* 12 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2 -); - -INSERT INTO policies ( /* 13 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2 -); - -INSERT INTO policies ( /* 14 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/bin', 13, 0, 0 -); - -INSERT INTO policies ( /* 15 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/lib', 14, 0, 0 -); - -INSERT INTO policies ( /* 16 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 9, 'Measure /bin', 1, 2, 2 -); - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 1, 1, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 2, 3, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 2, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 5, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 6, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 7, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 8, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 9, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 10, 2, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 11, 10, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 12, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 13, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 14, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 15, 9, 0 -); - diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql new file mode 100644 index 000000000..6682a5a1c --- /dev/null +++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql @@ -0,0 +1,45 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 28, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 5, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) VALUES ( + NOW, 1, 1, 1, 28, 0 +); + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +UPDATE enforcements SET + rec_fail = 2, rec_noresult = 2 +WHERE id = 3; diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat index 610e88b8c..e1434e481 100644 --- a/testing/tests/tnc/tnccs-20-os/pretest.dat +++ b/testing/tests/tnc/tnccs-20-os/pretest.dat @@ -3,8 +3,8 @@ carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id -moon::sed -i "s/NOW/`date +%s`/g" /etc/pts/data.sql -moon::cd /etc/pts; cat tables.sql data.sql | sqlite3 config.db +moon::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +moon::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config @@ -15,6 +15,6 @@ carol::sleep 1 carol::ipsec up home dave::ipsec up home dave::sleep 1 -moon::ipsec attest --packages --product 'Debian 7.0 x86_64' +moon::ipsec attest --packages --product 'Debian 7.2 x86_64' moon::ipsec attest --sessions moon::ipsec attest --devices diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data.sql deleted file mode 100644 index 6c6e97b45..000000000 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data.sql +++ /dev/null @@ -1,1045 +0,0 @@ -/* Products */ - -INSERT INTO products ( /* 1 */ - name -) VALUES ( - 'Debian 6.0 i686' -); - -INSERT INTO products ( /* 2 */ - name -) VALUES ( - 'Debian 6.0 x86_64' -); - -INSERT INTO products ( /* 3 */ - name -) VALUES ( - 'Debian 7.0 i686' -); - -INSERT INTO products ( /* 4 */ - name -) VALUES ( - 'Debian 7.0 x86_64' -); - -INSERT INTO products ( /* 5 */ - name -) VALUES ( - 'Debian 8.0 i686' -); - -INSERT INTO products ( /* 6 */ - name -) VALUES ( - 'Debian 8.0 x86_64' -); - -INSERT INTO products ( /* 7 */ - name -) VALUES ( - 'Ubuntu 10.04 i686' -); - -INSERT INTO products ( /* 8 */ - name -) VALUES ( - 'Ubuntu 10.04 x86_64' -); - -INSERT INTO products ( /* 9 */ - name -) VALUES ( - 'Ubuntu 10.10 i686' -); - -INSERT INTO products ( /* 10 */ - name -) VALUES ( - 'Ubuntu 10.10 x86_64' -); - -INSERT INTO products ( /* 11 */ - name -) VALUES ( - 'Ubuntu 11.04 i686' -); - -INSERT INTO products ( /* 12 */ - name -) VALUES ( - 'Ubuntu 11.04 x86_64' -); - -INSERT INTO products ( /* 13 */ - name -) VALUES ( - 'Ubuntu 11.10 i686' -); - -INSERT INTO products ( /* 14 */ - name -) VALUES ( - 'Ubuntu 11.10 x86_64' -); - -INSERT INTO products ( /* 15 */ - name -) VALUES ( - 'Ubuntu 12.04 i686' -); - -INSERT INTO products ( /* 16 */ - name -) VALUES ( - 'Ubuntu 12.04 x86_64' -); - -INSERT INTO products ( /* 17 */ - name -) VALUES ( - 'Ubuntu 12.10 i686' -); - -INSERT INTO products ( /* 18 */ - name -) VALUES ( - 'Ubuntu 12.10 x86_64' -); - -INSERT INTO products ( /* 19 */ - name -) VALUES ( - 'Ubuntu 13.04 i686' -); - -INSERT INTO products ( /* 20 */ - name -) VALUES ( - 'Ubuntu 13.04 x86_64' -); - -INSERT INTO products ( /* 21 */ - name -) VALUES ( - 'Android 4.1.1' -); - -INSERT INTO products ( /* 22 */ - name -) VALUES ( - 'Android 4.2.1' -); - -/* Directories */ - -INSERT INTO directories ( /* 1 */ - path -) VALUES ( - '/bin' -); - -INSERT INTO directories ( /* 2 */ - path -) VALUES ( - '/etc' -); - -INSERT INTO directories ( /* 3 */ - path -) VALUES ( - '/lib' -); - -INSERT INTO directories ( /* 4 */ - path -) VALUES ( - '/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 5 */ - path -) VALUES ( - '/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 6 */ - path -) VALUES ( - '/lib/xtables' -); - -INSERT INTO directories ( /* 7 */ - path -) VALUES ( - '/sbin' -); - -INSERT INTO directories ( /* 8 */ - path -) VALUES ( - '/usr/bin' -); - -INSERT INTO directories ( /* 9 */ - path -) VALUES ( - '/usr/lib' -); - -INSERT INTO directories ( /* 10 */ - path -) VALUES ( - '/usr/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 11 */ - path -) VALUES ( - '/usr/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 12 */ - path -) VALUES ( - '/usr/sbin' -); - -INSERT INTO directories ( /* 13 */ - path -) VALUES ( - '/system/bin' -); - -INSERT INTO directories ( /* 14 */ - path -) VALUES ( - '/system/lib' -); - -/* Files */ - -INSERT INTO files ( /* 1 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 5 -); - -INSERT INTO files ( /* 2 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 11 -); - -INSERT INTO files ( /* 3 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 5 -); - -INSERT INTO files ( /* 4 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 11 -); - -INSERT INTO files ( /* 5 */ - name, dir -) VALUES ( - 'openssl', 8 -); - -INSERT INTO files ( /* 6 */ - name, dir -) VALUES ( - 'tnc_config', 2 -); - -/* Algorithms */ - -INSERT INTO algorithms ( - id, name -) VALUES ( - 65536, 'SHA1-IMA' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 32768, 'SHA1' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 16384, 'SHA256' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 8192, 'SHA384' -); - -/* File Hashes */ - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' -); - -/* Packages */ - -INSERT INTO packages ( /* 1 */ - name -) VALUES ( - 'libssl-dev' -); - -INSERT INTO packages ( /* 2 */ - name -) VALUES ( - 'libssl1.0.0' -); - -INSERT INTO packages ( /* 3 */ - name -) VALUES ( - 'libssl1.0.0-dbg' -); - -INSERT INTO packages ( /* 4 */ - name -) VALUES ( - 'openssl' -); - -/* Versions */ - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 1, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 2, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 3, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 4, 4, '1.0.1e-2', 1366531494 -); - -/* Components */ - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 1, 33 /* ITA TGRUB */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 2, 33 /* ITA TBOOT */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 33 /* ITA IMA - Trusted Platform */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 34 /* ITA IMA - Operating System */ -); - -/* Groups */ - -INSERT INTO groups ( /* 1 */ - name -) VALUES ( - 'Default' -); - -INSERT INTO groups ( /* 2 */ - name, parent -) VALUES ( - 'Linux', 1 -); - -INSERT INTO groups ( /* 3 */ - name, parent -) VALUES ( - 'Android', 1 -); - -INSERT INTO groups ( /* 4 */ - name, parent -) VALUES ( - 'Debian i686', 2 -); - -INSERT INTO groups ( /* 5 */ - name, parent -) VALUES ( - 'Debian x86_64', 2 -); - -INSERT INTO groups ( /* 6 */ - name, parent -) VALUES ( - 'Ubuntu i686', 2 -); - -INSERT INTO groups ( /* 7 */ - name, parent -) VALUES ( - 'Ubuntu x86_64', 2 -); - -INSERT INTO groups ( /* 8 */ - name -) VALUES ( - 'Reference' -); - -INSERT INTO groups ( /* 9 */ - name, parent -) VALUES ( - 'Ref. Android', 8 -); - -INSERT INTO groups ( /* 10 */ - name, parent -) VALUES ( - 'Ref. Linux', 8 -); - -/* Default Product Groups */ - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 1 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 3 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 5 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 2 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 4 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 6 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 7 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 9 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 11 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 13 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 15 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 17 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 19 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 8 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 10 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 12 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 14 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 16 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 18 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 20 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 21 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 22 -); - -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) VALUES ( - 'aabbccddeeff11223344556677889900', 4, 1372330615 -); - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 10, 1 -); - -/* Identities */ - -INSERT INTO identities ( - type, value -) VALUES ( /* dave@strongswan.org */ - 4, X'64617665407374726f6e677377616e2e6f7267' -); - -/* Sessions */ - -INSERT INTO sessions ( - time, connection, identity, device, product, rec -) VALUES ( - NOW, 1, 1, 1, 4, 0 -); - -/* Results */ - -INSERT INTO results ( - session, policy, rec, result -) VALUES ( - 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' -); - -/* Policies */ - -INSERT INTO policies ( /* 1 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 1, 'Installed Packages', 2, 2 -); - -INSERT INTO policies ( /* 2 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 2, 'Unknown Source', 2, 2 -); - -INSERT INTO policies ( /* 3 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 3, 'IP Forwarding Enabled', 1, 1 -); - -INSERT INTO policies ( /* 4 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 4, 'Default Factory Password Enabled', 1, 1 -); - -INSERT INTO policies ( /* 5 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2 -); - -INSERT INTO policies ( /* 6 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2 -); - -INSERT INTO policies ( /* 7 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/bin/openssl', 5, 2, 2 -); - -INSERT INTO policies ( /* 8 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 11, 'No Open TCP Ports', 1, 1 -); - -INSERT INTO policies ( /* 9 */ - type, name, argument, rec_fail, rec_noresult -) VALUES ( - 13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1 -); - -INSERT INTO policies ( /* 10 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 7, 'Metadata of /etc/tnc_config', 6, 0, 0 -); - -INSERT INTO policies ( /* 11 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /bin', 1, 0, 0 -); - -INSERT INTO policies ( /* 12 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2 -); - -INSERT INTO policies ( /* 13 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2 -); - -INSERT INTO policies ( /* 14 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/bin', 13, 0, 0 -); - -INSERT INTO policies ( /* 15 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/lib', 14, 0, 0 -); - -INSERT INTO policies ( /* 16 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 9, 'Measure /bin', 1, 2, 2 -); - -INSERT INTO policies ( /* 17 */ - type, name, argument, rec_fail, rec_noresult -) VALUES ( - 15, 'SWID Tag IDs', 'R', 2, 2 -); - -INSERT INTO policies ( /* 18 */ - type, name, argument, rec_fail, rec_noresult -) VALUES ( - 15, 'SWID Tags', '', 2, 2 -); - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 2, 3, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 2, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 10, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 5, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 6, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 7, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 8, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 9, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 10, 2, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 11, 10, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 12, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 13, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 14, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 15, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 17, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 18, 10, 86400 -); - -/* regids */ - -INSERT INTO regids ( /* 1 */ - name -) VALUES ( - 'regid.1986-12.com.adobe' -); - -INSERT INTO regids ( /* 2 */ - name -) VALUES ( - 'regid.1991-06.com.microsoft' -); - -INSERT INTO regids ( /* 3 */ - name -) VALUES ( - 'regid.2004-05.com.ubuntu' -); - -INSERT INTO regids ( /* 4 */ - name -) VALUES ( - 'regid.1995-04.org.apache' -); - -INSERT INTO regids ( /* 5 */ - name -) VALUES ( - 'regid.1999-03.org.debian' -); - -INSERT INTO regids ( /* 6 */ - name -) VALUES ( - 'regid.1994-04.org.isc' -); - -INSERT INTO regids ( /* 7 */ - name -) VALUES ( - 'regid.1998-12.org.openssl' -); - -INSERT INTO regids ( /* 8 */ - name -) VALUES ( - 'regid.1998-01.org.samba' -); - -INSERT INTO regids ( /* 9 */ - name -) VALUES ( - 'regid.2002-08.org.sqlite' -); - -INSERT INTO regids ( /* 10 */ - name -) VALUES ( - 'regid.2004-03.org.strongswan' -); - -/* Tags */ - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 2, 'Windows-8-Pro' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'apache-2-2-22-13' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'bind-9-8-4-dfsg' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'libsqlite-3-7-13-1' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'libssl-1-0-1e-2' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'libssl-dev-1-0-1e-2' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'libssl-doc-1-0-1e-2' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'openssl-1-0-1e-2' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'smbclient-3-6-6-6' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 5, 'sqlite-3-7-13-1' -); - -INSERT INTO tags ( - regid, unique_sw_id -) VALUES ( - 10, 'strongSwan-5-1-1' -); diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..71592211b --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 28, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) VALUES ( + NOW, 1, 1, 1, 28, 0 +); + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat index f1edab276..2a53977c0 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat @@ -7,7 +7,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id dave::cat /etc/tnc_config alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data.sql -alice::cd /etc/pts; cat tables.sql data.sql | sqlite3 config.db +alice::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db alice::ipsec start winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 carol::ip route add 10.1.0.0/16 via 192.168.0.1 diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat index 100754332..5eb944055 100644 --- a/testing/tests/tnc/tnccs-20-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pts/evaltest.dat @@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES -moon:: ipsec attest --session 2> /dev/null::Debian 7.0 x86_64.*carol@strongswan.org - allow::YES +moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: ipsec attest --session 2> /dev/null::Debian 7.0 x86_64.*dave@strongswan.org - isolate::YES +moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data.sql deleted file mode 100644 index 090eb47ff..000000000 --- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data.sql +++ /dev/null @@ -1,873 +0,0 @@ -/* Products */ - -INSERT INTO products ( /* 1 */ - name -) VALUES ( - 'Debian 6.0 i686' -); - -INSERT INTO products ( /* 2 */ - name -) VALUES ( - 'Debian 6.0 x86_64' -); - -INSERT INTO products ( /* 3 */ - name -) VALUES ( - 'Debian 7.0 i686' -); - -INSERT INTO products ( /* 4 */ - name -) VALUES ( - 'Debian 7.0 x86_64' -); - -INSERT INTO products ( /* 5 */ - name -) VALUES ( - 'Debian 8.0 i686' -); - -INSERT INTO products ( /* 6 */ - name -) VALUES ( - 'Debian 8.0 x86_64' -); - -INSERT INTO products ( /* 7 */ - name -) VALUES ( - 'Ubuntu 10.04 i686' -); - -INSERT INTO products ( /* 8 */ - name -) VALUES ( - 'Ubuntu 10.04 x86_64' -); - -INSERT INTO products ( /* 9 */ - name -) VALUES ( - 'Ubuntu 10.10 i686' -); - -INSERT INTO products ( /* 10 */ - name -) VALUES ( - 'Ubuntu 10.10 x86_64' -); - -INSERT INTO products ( /* 11 */ - name -) VALUES ( - 'Ubuntu 11.04 i686' -); - -INSERT INTO products ( /* 12 */ - name -) VALUES ( - 'Ubuntu 11.04 x86_64' -); - -INSERT INTO products ( /* 13 */ - name -) VALUES ( - 'Ubuntu 11.10 i686' -); - -INSERT INTO products ( /* 14 */ - name -) VALUES ( - 'Ubuntu 11.10 x86_64' -); - -INSERT INTO products ( /* 15 */ - name -) VALUES ( - 'Ubuntu 12.04 i686' -); - -INSERT INTO products ( /* 16 */ - name -) VALUES ( - 'Ubuntu 12.04 x86_64' -); - -INSERT INTO products ( /* 17 */ - name -) VALUES ( - 'Ubuntu 12.10 i686' -); - -INSERT INTO products ( /* 18 */ - name -) VALUES ( - 'Ubuntu 12.10 x86_64' -); - -INSERT INTO products ( /* 19 */ - name -) VALUES ( - 'Ubuntu 13.04 i686' -); - -INSERT INTO products ( /* 20 */ - name -) VALUES ( - 'Ubuntu 13.04 x86_64' -); - -INSERT INTO products ( /* 21 */ - name -) VALUES ( - 'Android 4.1.1' -); - -INSERT INTO products ( /* 22 */ - name -) VALUES ( - 'Android 4.2.1' -); - -/* Directories */ - -INSERT INTO directories ( /* 1 */ - path -) VALUES ( - '/bin' -); - -INSERT INTO directories ( /* 2 */ - path -) VALUES ( - '/etc' -); - -INSERT INTO directories ( /* 3 */ - path -) VALUES ( - '/lib' -); - -INSERT INTO directories ( /* 4 */ - path -) VALUES ( - '/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 5 */ - path -) VALUES ( - '/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 6 */ - path -) VALUES ( - '/lib/xtables' -); - -INSERT INTO directories ( /* 7 */ - path -) VALUES ( - '/sbin' -); - -INSERT INTO directories ( /* 8 */ - path -) VALUES ( - '/usr/bin' -); - -INSERT INTO directories ( /* 9 */ - path -) VALUES ( - '/usr/lib' -); - -INSERT INTO directories ( /* 10 */ - path -) VALUES ( - '/usr/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 11 */ - path -) VALUES ( - '/usr/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 12 */ - path -) VALUES ( - '/usr/sbin' -); - -INSERT INTO directories ( /* 13 */ - path -) VALUES ( - '/system/bin' -); - -INSERT INTO directories ( /* 14 */ - path -) VALUES ( - '/system/lib' -); - -/* Files */ - -INSERT INTO files ( /* 1 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 5 -); - -INSERT INTO files ( /* 2 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 11 -); - -INSERT INTO files ( /* 3 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 5 -); - -INSERT INTO files ( /* 4 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 11 -); - -INSERT INTO files ( /* 5 */ - name, dir -) VALUES ( - 'openssl', 8 -); - -INSERT INTO files ( /* 6 */ - name, dir -) VALUES ( - 'tnc_config', 2 -); - -/* Algorithms */ - -INSERT INTO algorithms ( - id, name -) VALUES ( - 65536, 'SHA1-IMA' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 32768, 'SHA1' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 16384, 'SHA256' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 8192, 'SHA384' -); - -/* File Hashes */ - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' -); - -/* Packages */ - -INSERT INTO packages ( /* 1 */ - name -) VALUES ( - 'libssl-dev' -); - -INSERT INTO packages ( /* 2 */ - name -) VALUES ( - 'libssl1.0.0' -); - -INSERT INTO packages ( /* 3 */ - name -) VALUES ( - 'libssl1.0.0-dbg' -); - -INSERT INTO packages ( /* 4 */ - name -) VALUES ( - 'openssl' -); - -/* Versions */ - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 1, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 2, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 3, 4, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 4, 4, '1.0.1e-2', 1366531494 -); - -/* Components */ - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 1, 33 /* ITA TGRUB */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 2, 33 /* ITA TBOOT */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 33 /* ITA IMA - Trusted Platform */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 34 /* ITA IMA - Operating System */ -); - -/* Groups */ - -INSERT INTO groups ( /* 1 */ - name -) VALUES ( - 'Default' -); - -INSERT INTO groups ( /* 2 */ - name, parent -) VALUES ( - 'Linux', 1 -); - -INSERT INTO groups ( /* 3 */ - name, parent -) VALUES ( - 'Android', 1 -); - -INSERT INTO groups ( /* 4 */ - name, parent -) VALUES ( - 'Debian i686', 2 -); - -INSERT INTO groups ( /* 5 */ - name, parent -) VALUES ( - 'Debian x86_64', 2 -); - -INSERT INTO groups ( /* 6 */ - name, parent -) VALUES ( - 'Ubuntu i686', 2 -); - -INSERT INTO groups ( /* 7 */ - name, parent -) VALUES ( - 'Ubuntu x86_64', 2 -); - -INSERT INTO groups ( /* 8 */ - name -) VALUES ( - 'Reference' -); - -INSERT INTO groups ( /* 9 */ - name, parent -) VALUES ( - 'Ref. Android', 8 -); - -INSERT INTO groups ( /* 10 */ - name, parent -) VALUES ( - 'Ref. Linux', 8 -); - -/* Default Product Groups */ - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 1 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 3 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 5 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 2 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 4 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 6 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 7 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 9 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 11 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 13 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 15 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 17 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 6, 19 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 8 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 10 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 12 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 14 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 16 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 18 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 7, 20 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 21 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 22 -); - -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) VALUES ( - 'aabbccddeeff11223344556677889900', 4, 1372330615 -); - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 10, 1 -); - -/* Policies */ - -INSERT INTO policies ( /* 1 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 1, 'Installed Packages', 2, 2 -); - -INSERT INTO policies ( /* 2 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 2, 'Unknown Source', 2, 2 -); - -INSERT INTO policies ( /* 3 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 3, 'IP Forwarding Enabled', 1, 1 -); - -INSERT INTO policies ( /* 4 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 4, 'Default Factory Password Enabled', 1, 1 -); - -INSERT INTO policies ( /* 5 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2 -); - -INSERT INTO policies ( /* 6 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2 -); - -INSERT INTO policies ( /* 7 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/bin/openssl', 5, 2, 2 -); - -INSERT INTO policies ( /* 8 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 11, 'No Open TCP Ports', 1, 1 -); - -INSERT INTO policies ( /* 9 */ - type, name, argument, rec_fail, rec_noresult -) VALUES ( - 13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1 -); - -INSERT INTO policies ( /* 10 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 7, 'Metadata of /etc/tnc_config', 6, 0, 0 -); - -INSERT INTO policies ( /* 11 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /bin', 1, 0, 0 -); - -INSERT INTO policies ( /* 12 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2 -); - -INSERT INTO policies ( /* 13 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2 -); - -INSERT INTO policies ( /* 14 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/bin', 13, 0, 0 -); - -INSERT INTO policies ( /* 15 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Get /system/lib', 14, 0, 0 -); - -INSERT INTO policies ( /* 16 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 9, 'Measure /bin', 1, 2, 2 -); - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 2, 3, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 2, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 10, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 5, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 6, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 7, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 8, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 9, 1, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 10, 2, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 11, 10, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 12, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 13, 5, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 14, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 15, 9, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 16, 2, 0 -); diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql new file mode 100644 index 000000000..2bb7e7924 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql @@ -0,0 +1,29 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 28, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 16, 2, 0 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat index cb6c131ef..794aef9fb 100644 --- a/testing/tests/tnc/tnccs-20-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat @@ -3,7 +3,7 @@ carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id -moon::cd /etc/pts; cat tables.sql data.sql | sqlite3 config.db +moon::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20/hosts/moon/etc/pts/data.sql deleted file mode 100644 index dcc4e75d1..000000000 --- a/testing/tests/tnc/tnccs-20/hosts/moon/etc/pts/data.sql +++ /dev/null @@ -1,793 +0,0 @@ -/* Products */ - -INSERT INTO products ( /* 1 */ - name -) VALUES ( - 'Debian 7.0' -); - -INSERT INTO products ( /* 2 */ - name -) VALUES ( - 'Debian 7.0 i686' -); - -INSERT INTO products ( /* 3 */ - name -) VALUES ( - 'Debian 7.0 x86_64' -); - -INSERT INTO products ( /* 4 */ - name -) VALUES ( - 'Ubuntu 10.04' -); - -INSERT INTO products ( /* 5 */ - name -) VALUES ( - 'Ubuntu 10.04 i686' -); - -INSERT INTO products ( /* 6 */ - name -) VALUES ( - 'Ubuntu 10.04 x86_64' -); - -INSERT INTO products ( /* 7 */ - name -) VALUES ( - 'Ubuntu 10.10' -); - -INSERT INTO products ( /* 8 */ - name -) VALUES ( - 'Ubuntu 10.10 i686' -); - -INSERT INTO products ( /* 9 */ - name -) VALUES ( - 'Ubuntu 10.10 x86_64' -); - -INSERT INTO products ( /* 10 */ - name -) VALUES ( - 'Ubuntu 11.04' -); - -INSERT INTO products ( /* 11 */ - name -) VALUES ( - 'Ubuntu 11.04 i686' -); - -INSERT INTO products ( /* 12 */ - name -) VALUES ( - 'Ubuntu 11.04 x86_64' -); - -INSERT INTO products ( /* 13 */ - name -) VALUES ( - 'Ubuntu 11.10' -); - -INSERT INTO products ( /* 14 */ - name -) VALUES ( - 'Ubuntu 11.10 i686' -); - -INSERT INTO products ( /* 15 */ - name -) VALUES ( - 'Ubuntu 11.10 x86_64' -); - -INSERT INTO products ( /* 16 */ - name -) VALUES ( - 'Ubuntu 12.04' -); - -INSERT INTO products ( /* 17 */ - name -) VALUES ( - 'Ubuntu 12.04 i686' -); - -INSERT INTO products ( /* 18 */ - name -) VALUES ( - 'Ubuntu 12.04 x86_64' -); - -INSERT INTO products ( /* 19 */ - name -) VALUES ( - 'Ubuntu 12.10' -); - -INSERT INTO products ( /* 20 */ - name -) VALUES ( - 'Ubuntu 12.10 i686' -); - -INSERT INTO products ( /* 21 */ - name -) VALUES ( - 'Ubuntu 12.10 x86_64' -); - -INSERT INTO products ( /* 22 */ - name -) VALUES ( - 'Ubuntu 13.04' -); - -INSERT INTO products ( /* 23 */ - name -) VALUES ( - 'Ubuntu 13.04 i686' -); - -INSERT INTO products ( /* 24 */ - name -) VALUES ( - 'Ubuntu 13.04 x86_64' -); - -INSERT INTO products ( /* 25 */ - name -) VALUES ( - 'Android 4.1.1' -); - -INSERT INTO products ( /* 26 */ - name -) VALUES ( - 'Android 4.2.1' -); - -/* Directories */ - -INSERT INTO directories ( /* 1 */ - path -) VALUES ( - '/bin' -); - -INSERT INTO directories ( /* 2 */ - path -) VALUES ( - '/etc' -); - -INSERT INTO directories ( /* 3 */ - path -) VALUES ( - '/lib' -); - -INSERT INTO directories ( /* 4 */ - path -) VALUES ( - '/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 5 */ - path -) VALUES ( - '/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 6 */ - path -) VALUES ( - '/lib/xtables' -); - -INSERT INTO directories ( /* 7 */ - path -) VALUES ( - '/sbin' -); - -INSERT INTO directories ( /* 8 */ - path -) VALUES ( - '/usr/bin' -); - -INSERT INTO directories ( /* 9 */ - path -) VALUES ( - '/usr/lib' -); - -INSERT INTO directories ( /* 10 */ - path -) VALUES ( - '/usr/lib/i386-linux-gnu' -); - -INSERT INTO directories ( /* 11 */ - path -) VALUES ( - '/usr/lib/x86_64-linux-gnu' -); - -INSERT INTO directories ( /* 12 */ - path -) VALUES ( - '/usr/sbin' -); - -/* Files */ - -INSERT INTO files ( /* 1 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 5 -); - -INSERT INTO files ( /* 2 */ - name, dir -) VALUES ( - 'libcrypto.so.1.0.0', 11 -); - -INSERT INTO files ( /* 3 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 5 -); - -INSERT INTO files ( /* 4 */ - name, dir -) VALUES ( - 'libssl.so.1.0.0', 11 -); - -INSERT INTO files ( /* 5 */ - name, dir -) VALUES ( - 'openssl', 8 -); - -INSERT INTO files ( /* 6 */ - name, dir -) VALUES ( - 'tnc_config', 2 -); - -/* Algorithms */ - -INSERT INTO algorithms ( - id, name -) VALUES ( - 65536, 'SHA1-IMA' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 32768, 'SHA1' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 16384, 'SHA256' -); - -INSERT INTO algorithms ( - id, name -) VALUES ( - 8192, 'SHA384' -); - -/* File Hashes */ - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 3, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' -); - -INSERT INTO file_hashes ( - product, file, algo, hash -) VALUES ( - 21, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' -); - -/* Packages */ - -INSERT INTO packages ( /* 1 */ - name -) VALUES ( - 'libssl-dev' -); - -INSERT INTO packages ( /* 2 */ - name -) VALUES ( - 'libssl1.0.0' -); - -INSERT INTO packages ( /* 3 */ - name -) VALUES ( - 'libssl1.0.0-dbg' -); - -INSERT INTO packages ( /* 4 */ - name -) VALUES ( - 'openssl' -); - -/* Versions */ - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 1, 1, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 2, 1, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 3, 1, '1.0.1e-2', 1366531494 -); - -INSERT INTO versions ( - package, product, release, time -) VALUES ( - 4, 1, '1.0.1e-2', 1366531494 -); - -/* Components */ - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 1, 33 /* ITA TGRUB */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 2, 33 /* ITA TBOOT */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 33 /* ITA IMA - Trusted Platform */ -); - -INSERT INTO components ( - vendor_id, name, qualifier -) VALUES ( - 36906, 3, 34 /* ITA IMA - Operating System */ -); - -/* Groups */ - -INSERT INTO groups ( /* 1 */ - name, parent -) VALUES ( - 'Debian i686', 6 -); - -INSERT INTO groups ( /* 2 */ - name, parent -) VALUES ( - 'Debian x86_64', 6 -); - -INSERT INTO groups ( /* 3 */ - name, parent -) VALUES ( - 'Ubuntu i686', 6 -); - -INSERT INTO groups ( /* 4 */ - name, parent -) VALUES ( - 'Ubuntu x86_64', 6 -); - -INSERT INTO groups ( /* 5 */ - name, parent -) VALUES ( - 'Android', 7 -); - -INSERT INTO groups ( /* 6 */ - name, parent -) VALUES ( - 'Linux', 7 -); - -INSERT INTO groups ( /* 7 */ - name -) VALUES ( - 'Default' -); - -/* Default Product Groups */ - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 1, 2 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 2, 3 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 5 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 8 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 11 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 14 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 17 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 20 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 3, 23 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 6 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 9 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 12 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 15 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 18 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 21 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 4, 24 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 25 -); - -INSERT INTO groups_product_defaults ( - group_id, product_id -) VALUES ( - 5, 26 -); - -/* Policies */ - -INSERT INTO policies ( /* 1 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 1, 'Installed Packages', 2, 2 -); - -INSERT INTO policies ( /* 2 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 2, 'Unknown Source', 2, 2 -); - -INSERT INTO policies ( /* 3 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 3, 'IP Forwarding Enabled', 1, 1 -); - -INSERT INTO policies ( /* 4 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 4, 'Default Factory Password Enabled', 1, 1 -); - -INSERT INTO policies ( /* 5 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2 -); - -INSERT INTO policies ( /* 6 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2 -); - -INSERT INTO policies ( /* 7 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/bin/openssl', 5, 2, 2 -); - -INSERT INTO policies ( /* 8 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 11, 'No Open TCP Ports', 1, 1 -); - -INSERT INTO policies ( /* 9 */ - type, name, rec_fail, rec_noresult -) VALUES ( - 13, 'No Open UDP Ports', 1, 1 -); - -INSERT INTO policies ( /* 10 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 7, 'Metadata of /etc/tnc_config', 6, 0, 0 -); - -INSERT INTO policies ( /* 11 */ - type, name, dir, rec_fail, rec_noresult -) VALUES ( - 8, 'Measure as reference /bin', 1, 0, 0 -); - -INSERT INTO policies ( /* 12 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2 -); - -INSERT INTO policies ( /* 13 */ - type, name, file, rec_fail, rec_noresult -) VALUES ( - 6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2 -); - - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 1, 7, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 2, 5, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 3, 6, 0 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 5, 4, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 6, 4, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 7, 6, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 8, 7, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 9, 7, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 10, 6, 60 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 11, 6, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 12, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 13, 2, 86400 -); - diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf index 032ae7e91..1a0cc202e 100644 --- a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf @@ -20,10 +20,5 @@ libimcv { imv-test { rounds = 1 } - imv-scanner { - closed_port_policy = yes - udp_ports = 500 4500 - tcp_ports = 22 - } } } |