diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 79f18b2..cd23079 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -17,9 +17,4 @@ jobs: run: sudo apt install usbguard - name: Run test scripts - run: | - export PYTHONPATH="${PYTHONPATH}:/home/runner/work/HardeningHub/HardeningHub" - for script in tests/*.sh; do - chmod +x "$script" - ./"$script" - done + run: python3 tests/test_aide.py diff --git a/tests/test_aide.py b/tests/test_aide.py new file mode 100644 index 0000000..2ecbba2 --- /dev/null +++ b/tests/test_aide.py @@ -0,0 +1,42 @@ +import subprocess +from harden import config_file + +def get_script(config): + file_systems_config = config["file-systems"] + # Start with an empty script and build it up + script = "" + + if file_systems_config['enable_aide']: + # Each file system gets its own set of commands + script += """ +apt install aide aide-common +aideinit +mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db +""" + return script + +def run_bash_script(script): + try: + # Run the script and capture the output + result = subprocess.run(script, shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) + return result.stdout, result.stderr + except subprocess.CalledProcessError as e: + return e.stdout, e.stderr + +def test_bash_script(): + # Run the script and capture the output + audit = "dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n' aide aide-common" + result = subprocess.run(audit, shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) + return result.stdout, result.stderr + +if __name__ == "__main__": + config = config_file.read() + bash_script = get_script(config) + stdout, stderr = run_bash_script(bash_script) + + print("STDOUT:\n", stdout) + print("STDERR:\n", stderr) + + stdout, stderr = test_bash_script() + print("AUDIT:", stdout) + print("AUDITERR:", stderr) diff --git a/tests/test_aide.sh b/tests/test_aide.sh deleted file mode 100644 index a82a76f..0000000 --- a/tests/test_aide.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" -PYTHON_SCRIPT="$SCRIPT_DIR/../harden/file_systems/aide.py" -echo "Python script path: $PYTHON_SCRIPT" - -# Check if the Python script exists -if [ ! -f "$PYTHON_SCRIPT" ]; then - echo "Error: Python script not found." - exit 1 -fi - -# Run the Python script and capture its output -echo "Running the Python script..." -script_output=$(python3 "$PYTHON_SCRIPT") - -# Check the exit status of the Python script -if [ $? -ne 0 ]; then - echo "Python script execution failed." - exit 1 -fi - -# Optionally, print the output for verification -echo "Python script output:" -echo "$script_output" - -# Execute the output as a Bash script -# WARNING: Executing scripts directly can be risky, especially with sudo commands. -# Ensure you thoroughly understand and trust the script before executing. -echo "Executing the generated Bash script..." -bash -c "$script_output" - -echo "Script executed successfully." diff --git a/tests/test_cramfs_output.sh b/tests/test_cramfs_output.sh index 26e7932..154cf68 100755 --- a/tests/test_cramfs_output.sh +++ b/tests/test_cramfs_output.sh @@ -29,4 +29,16 @@ echo "$script_output" echo "Executing the generated Bash script..." bash -c "$script_output" +# Execute dpkg-query command and check the output +echo "Executing dpkg-query..." +dpkg_output=$(dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n') + +# Check if dpkg-query output contains the specific line +if echo "$dpkg_output" | grep -q ""; then + echo "pre-link is not installed." +else + echo "pre-link may be installed." +fi + + echo "Script executed successfully."