From: Kern Sibbald <kern@sibbald.com>
Date: Sun, 14 Oct 2018 08:47:37 +0000 (+0200)
Subject: Add new security monitoring test
X-Git-Tag: Release-9.4.0~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=398144591cf79c466b6b31ea91fc3d9e638753d3;p=thirdparty%2Fbacula.git

Add new security monitoring test
---

diff --git a/regress/scripts/functions.pm b/regress/scripts/functions.pm
index 32ed40159e..7a3b60ae48 100644
--- a/regress/scripts/functions.pm
+++ b/regress/scripts/functions.pm
@@ -44,6 +44,7 @@ our @EXPORT = qw(update_some_files create_many_files check_multiple_copies
                   set_global_maximum_concurrent_jobs check_volumes update_some_files_rep
                   remote_init remote_config remote_stop remote_diff remote_check
                   get_field_size get_field_ratio create_binfile get_bytes get_mbytes
+                  check_tcp check_tcp_loop
                   check_parts);
 
 
@@ -1414,4 +1415,42 @@ sub check_jobmedia_content
     close(FP);
 }
 
+use IO::Socket::INET;
+
+sub check_tcp
+{
+    my ($host, $port) = @_;
+    my $sock = IO::Socket::INET->new(PeerAddr => $host,
+                                     PeerPort => $port,
+                                     Proto    => 'tcp') or die "Error: check_tcp Unable to connect $host:$port $@";
+    $sock->write("Hello !\n");
+    $sock->close();
+}
+
+sub check_tcp_loop
+{
+    my ($pid, $host, $port) = @_;
+    my $count=5;
+    while (! -f $pid && $count > 0) {
+        if ($debug) {
+            print "Waiting for $pid to appear\n";
+        }
+        $count--;
+        sleep(1);
+    }
+    $count=0;
+    while (-f $pid) {
+        check_tcp($host, $port);
+        $count++;
+        sleep(1);
+    }
+    if ($count > 0) {
+        open(FP, ">$tmp/$host.$port.probe") or die "ERROR: Unable to open $tmp/$host.$port.probe $@";
+        print FP "$count\n";
+        close(FP);
+    }
+    print "Did $count network probes on $host:$port\n";
+    return $count;
+}
+
 1;
diff --git a/regress/tests/monitoring-bacula-error-test b/regress/tests/monitoring-bacula-error-test
new file mode 100755
index 0000000000..f3a8219e5c
--- /dev/null
+++ b/regress/tests/monitoring-bacula-error-test
@@ -0,0 +1,120 @@
+#!/bin/sh
+#
+# Run a simple backup of the Bacula build directory and simulate network probes
+# from a "check_tcp" like tool. It should not be in the job log. (Waiting
+# to store security messages at a proper place)
+#
+TestName="monitoring-bacula-error-test"
+JobName=backup
+. scripts/functions
+
+scripts/cleanup
+scripts/copy-confs
+
+#
+# Zap out any schedule in default conf file so that
+#  it doesn't start during our test
+#
+outf="$tmp/sed_tmp"
+echo "s%  Schedule =%# Schedule =%g" >${outf}
+cp $scripts/bacula-dir.conf $tmp/1
+sed -f ${outf} $tmp/1 >$scripts/bacula-dir.conf
+
+change_jobname BackupClient1 $JobName
+start_test
+
+cat <<END_OF_DATA >$tmp/bconcmds
+@output /dev/null
+messages
+@$out $tmp/log1.out
+setdebug level=50 trace=1 dir
+setdebug level=50 trace=1 client
+setdebug level=50 trace=1 storage=File1
+@sleep 5
+label volume=TestVolume001 storage=File1 pool=File slot=1 drive=0
+setbandwidth limit=5MB/s client
+run job=$JobName yes
+wait
+messages
+@# 
+@# now do a restore
+@#
+@$out $tmp/log2.out
+restore where=$tmp/bacula-restores select all done
+yes
+wait
+messages
+@sleep 10
+quit
+END_OF_DATA
+
+pfd=`expr $BASEPORT + 1`
+psd=`expr $BASEPORT + 2`
+
+f1=$working/bacula-fd.$pfd.pid
+f2=$working/bacula-sd.$psd.pid
+f3=$working/bacula-dir.$BASEPORT.pid
+
+$bperl -e "check_tcp_loop('$f1', 'localhost', $pfd)" &
+$bperl -e "check_tcp_loop('$f2', 'localhost', $psd)" &
+$bperl -e "check_tcp_loop('$f3', 'localhost', $BASEPORT)" &
+
+run_bacula
+check_for_zombie_jobs storage=File1
+sleep 10
+stop_bacula
+
+wait
+
+cat <<END_OF_DATA >$tmp/bconcmds
+@$out $tmp/joblog.out
+list joblog jobid=1
+list joblog jobid=2
+END_OF_DATA
+
+run_bacula
+sleep 10
+stop_bacula
+
+grep "Terminating connection" $working/*dir.trace > /dev/null
+if [ $? != 0 ]; then
+    estat=1
+    print_debug "ERROR: Unable to find network errors in $working/*dir.trace"
+fi
+
+grep "Terminating connection" $working/*sd.trace > /dev/null
+if [ $? != 0 ]; then
+    estat=1
+    print_debug "ERROR: Unable to find network errors in $working/*sd.trace"
+fi
+
+grep "Terminating connection" $working/*fd.trace > /dev/null
+if [ $? != 0 ]; then
+    estat=1
+    print_debug "ERROR: Unable to find network errors in $working/*fd.trace"
+fi
+
+grep -i "Security" $tmp/joblog.out
+if [ $? = 0 ]; then
+    estat=1
+    print_debug "ERROR: Should not find security problems in the job log"
+fi
+
+if [ ! $tmp/localhost.$pfd ]; then
+    estat=1
+    print_debug "ERROR: Unable to send network probes to the FD"
+fi
+
+if [ ! $tmp/localhost.$sfd ]; then
+    estat=1
+    print_debug "ERROR: Unable to send network probes to the SD"
+fi
+
+if [ ! $tmp/localhost.$BASEPORT ]; then
+    estat=1
+    print_debug "ERROR: Unable to send network probes to the DIR"
+fi
+
+check_two_logs
+check_restore_diff
+end_test