From 7b898eb0a72bf58664b0b22f9ba041347529b7f5 Mon Sep 17 00:00:00 2001 From: gbaconni Date: Mon, 8 Nov 2021 17:58:25 +0100 Subject: [PATCH] Add more tests and add ssh sudo script --- Makefile | 10 +++++++- ssh_sudo.exp | 11 +++++++++ test.sh | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100755 ssh_sudo.exp diff --git a/Makefile b/Makefile index 1812be9..e3afccb 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ # By: gbaconni@student.42lausanne.ch +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2021/11/02 17:47:57 by gbaconni #+# #+# # -# Updated: 2021/11/08 06:09:29 by gbaconni ### lausanne.ch # +# Updated: 2021/11/08 15:13:14 by gbaconni ### ########.fr # # # # **************************************************************************** # @@ -29,6 +29,14 @@ virtualbox: @test -L ~/VirtualBox\ VMs || ln -snf ~/goinfre/VirtualBox\ VMs ~/VirtualBox\ VMs @echo /Applications/VirtualBox.app/Contents/MacOS/VBoxManage createmedium disk --filename ~/goinfre/VirtualBox\\ VMs/$$(basename ~)42/$$(basename ~)42.vdi --size $$(($(SSD)*1024)) --format VDI +signature: +ifeq ($(KERNEL),Darwin) + @shasum ~/goinfre/VirtualBox\ VMs/$$(basename ~)42/$$(basename ~)42.vdi | cut -d' ' -f1 +endif +ifeq ($(KERNEL),Linux) + @sha1sum ~/goinfre/VirtualBox\ VMs/$$(basename ~)42/$$(basename ~)42.vdi | cut -d' ' -f1 +endif + data: ifeq ($(FT),yes) @test -d ~/goinfre/born2beroot || install -d ~/goinfre/born2beroot diff --git a/ssh_sudo.exp b/ssh_sudo.exp new file mode 100755 index 0000000..9469717 --- /dev/null +++ b/ssh_sudo.exp @@ -0,0 +1,11 @@ +#!/usr/bin/expect -- +set timeout -1 +set send_human {.05 0.1 1 .07 1.5} +eval spawn ssh -t -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o PubkeyAuthentication=no $argv +match_max 100000 +expect "*?assword:*" +send -- "$env(SSHPASS)\r" +send -- "\r" +expect "*?assword for*" +send -- "$env(SSHPASS)\r" +interact diff --git a/test.sh b/test.sh index 853b3d5..cf35a24 100755 --- a/test.sh +++ b/test.sh @@ -18,6 +18,19 @@ ssh_exec () | grep -v -i -e '^Warning: Permanently added' -e ' password:' -e '^spawn ssh' } +ssh_sudo () +{ + port=${1-4242} + shift + login=${1-marvin} + shift + pass=${1-Born2beRoot} + shift + export SSHPASS="${pass}" + ./ssh_sudo.exp -p ${port} ${login}@127.0.0.1 sudo $@ 2>&1 \ + | grep -v -i -e '^Warning: Permanently added' -e 'password' -e '^spawn ssh' -e 'Connection to' +} + main () { port=${1-4242} @@ -33,16 +46,32 @@ main () then pass="Born2beRoot" fi + echo "" ssh_clean if ssh_exec ${port} ${login} ${pass} hostname -s | grep -q "^${login}42" then - echo "OK: hostname is ${login}42" + echo "OK: Hostname is ${login}42" else echo "KO: Unexpected hostname (should be ${login}42)" fi + if ssh_exec ${port} ${login} ${pass} cat /etc/os-release | grep -q -i -E "(CentOS|Debian)" + then + echo "OK: Debian or CentOS installed" + else + echo "KO: Unknown Linux distribution" + fi + + if ssh_exec ${port} ${login} ${pass} /usr/sbin/aa-status | grep -q -i -E "apparmor module is loaded" \ + || ssh_exec ${port} ${login} ${pass} sestatus | grep -q -i -E "SELinux status:[^e]*enabled" + then + echo "OK: AppArmor or SELinux is active" + else + echo "KO: No AppArmor or SELinux is active" + fi + if ssh_exec ${port} ${login} ${pass} lspci | grep -q -i -E "(VirtualBox|QEMU)" then echo "OK: VirtualBox or UTM QEMU" @@ -50,6 +79,41 @@ main () echo "KO: Unexpected Virtual Machine" fi + if ssh_exec ${port} ${login} ${pass} dpkg -l | grep -q -i -E "(xserver|xorg)" \ + || ssh_exec ${port} ${login} ${pass} rpm -qa | grep -q -i -E "(xserver|xorg)" + then + echo "KO: X server is present" + else + echo "OK: No X server" + fi + + if ssh_exec ${port} ${login} ${pass} lsblk | grep -q -i -E "_crypt" + then + echo "OK: Disk crypted" + else + echo "KO: Not disk crypted" + fi + + if ssh_exec ${port} ${login} ${pass} ss -tunlpe | grep -q -E "LISTEN.*:4242.*ssh" + then + echo "OK: ssh running on 4242" + else + echo "KO: ssh not running on 4242" + fi + + if ssh_sudo ${port} ${login} ${pass} /usr/sbin/ufw status | grep -q -E "Status: active" + then + echo "OK: Firewall ufw is active" + else + echo "KO: No firewall ufw is active" + fi + + if ssh_sudo ${port} ${login} ${pass} /usr/sbin/ufw status | grep -q -E "4242.*ALLOW.*Anywhere" + then + echo "OK: Firewall allow port 4242 from anywhere" + else + echo "KO: Firewall does not allow port 4242 from anywhere" + fi } main $@