From: Andreas Steffen Date: Fri, 19 Jul 2013 17:36:07 +0000 (+0200) Subject: updated some TNC scenarios X-Git-Tag: 5.1.0rc1~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=645e9291f03a4d4714a1e27d8fea83643f6cb48a;p=thirdparty%2Fstrongswan.git updated some TNC scenarios --- diff --git a/testing/tests/tnc/tnccs-11-radius-pts/description.txt b/testing/tests/tnc/tnccs-11-radius-pts/description.txt index 83e5b96f31..51dd033626 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/description.txt +++ b/testing/tests/tnc/tnccs-11-radius-pts/description.txt @@ -7,7 +7,8 @@ At the outset the gateway authenticates itself to the clients by sending an IKEv The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on EAP-MD5. In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the health of carol and dave via the IF-TNCCS 1.1 client-server interface. -The communication between IMCs and IMVs is based on the IF-M protocol defined by RFC 5792 PA-TNC. +The communication between the OS and Attestation IMC and the Attestion IMV is based on the + IF-M protocol defined by RFC 5792 PA-TNC.

carol passes the health test and dave fails. Based on these measurements the clients are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, respectively. diff --git a/testing/tests/tnc/tnccs-20-os/description.txt b/testing/tests/tnc/tnccs-20-os/description.txt index b5d12fc8c6..f660a0b633 100644 --- a/testing/tests/tnc/tnccs-20-os/description.txt +++ b/testing/tests/tnc/tnccs-20-os/description.txt @@ -9,12 +9,13 @@ exchange PA-TNC attributes.

carol sends information on her operating system consisting of the PA-TNC attributes Product Information, String Version, Numeric Version, -Operational Status, Forwarding Enabled, and -Factory Default Password Enabled up-front, whereas dave must be prompted -by the IMV to do so via an Attribute Request PA-TNC attribute. carol is -then prompted to send a list of installed packages using the Installed Packages -PA-TNC attribute whereas dave's "Windows 1.2.3" operating system is not supported -and thus dave receives a Remediation Instructions PA-TNC attribute. +Operational Status, Forwarding Enabled, Factory Default Password Enabled +and Device ID> up-front, whereas dave must be prompted by the IMV to do so via an +Attribute Request PA-TNC attribute. carol is then prompted to send a list of +installed packages using the Installed Packages PA-TNC attribute. Since dave +successfully connected to the VPN gateway shortly before, no new list of installed packages is +requested again but because IP forwarding is enabled dave receives a corresponding +Remediation Instructions PA-TNC attribute.

carol passes the health test and dave fails. Based on these assessments which are communicated to the IMCs using the Assessment Result PA-TNC attribute, diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql index d114233531..d17aac15e9 100644 --- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql +++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql @@ -666,6 +666,46 @@ INSERT INTO groups_product_defaults ( 3, 22 ); +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 4, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 5, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) VALUES ( + NOW, 1, 1, 1, 4, 0 +); + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + /* Policies */ INSERT INTO policies ( /* 1 */ diff --git a/testing/tests/tnc/tnccs-20-pts/description.txt b/testing/tests/tnc/tnccs-20-pts/description.txt index b5d12fc8c6..e78a700919 100644 --- a/testing/tests/tnc/tnccs-20-pts/description.txt +++ b/testing/tests/tnc/tnccs-20-pts/description.txt @@ -8,16 +8,15 @@ is using the IF-M 1.0 measurement protocol defined by RFC 5792 PA-TNC< exchange PA-TNC attributes.

carol sends information on her operating system consisting of the PA-TNC attributes -Product Information, String Version, Numeric Version, -Operational Status, Forwarding Enabled, and -Factory Default Password Enabled up-front, whereas dave must be prompted -by the IMV to do so via an Attribute Request PA-TNC attribute. carol is -then prompted to send a list of installed packages using the Installed Packages -PA-TNC attribute whereas dave's "Windows 1.2.3" operating system is not supported -and thus dave receives a Remediation Instructions PA-TNC attribute. +Product Information, String Version, and Device ID up-front +to the Attestation IMV, whereas dave must be prompted by the IMV to do so via an +Attribute Request PA-TNC attribute. dave is instructed to do a reference +measurement on all files in the /bin directory. carol is then prompted to +measure a couple of individual files and the files in the /bin directory as +well as to get metadata on the /etc/tnc_confg configuration file.

-carol passes the health test and dave fails. Based on these assessments -which are communicated to the IMCs using the Assessment Result PA-TNC attribute, -the clients are connected by gateway moon to the "rw-allow" and "rw-isolate" -subnets, respectively. +carol passes the health test and dave fails because IP forwarding is +enabled. Based on these assessments which are communicated to the IMCs using the +Assessment Result PA-TNC attribute, the clients are connected by gateway moon +to the "rw-allow" and "rw-isolate" subnets, respectively.