From c8b8f9cf8fe070a5c3af798b6cdda21067a91857 Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 10:12:24 +0000 Subject: [PATCH 1/9] add more logging --- testing/test_tests.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/testing/test_tests.py b/testing/test_tests.py index 7c60484f0..5c344ca0b 100644 --- a/testing/test_tests.py +++ b/testing/test_tests.py @@ -96,7 +96,12 @@ def test_list_tests(capsys, results, test_matrix): print('\n'.join([x.name for x in all_tests])) print('\ntesting for pass:') print('\n'.join(ci_pass)) - print('\ntesting for pass:') - print('\n'.join(ci_pass)) + print('\ntesting for fail:') + print('\n'.join(ci_fail)) + print('\ntester results') + for tester in test_matrix.keys(): + print(f'\n{tester}:') + for test in collect_actual_results(results[tester]): + print(f'{test.name}: {test.result}') assert True From ee282d74ade75a7e467921063aea699ec11d6f93 Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 10:46:27 +0000 Subject: [PATCH 2/9] test if installing ntpd in docker runs a service --- testing/docker/ci_test_device1/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/docker/ci_test_device1/Dockerfile b/testing/docker/ci_test_device1/Dockerfile index 0bb697509..c87a2a038 100644 --- a/testing/docker/ci_test_device1/Dockerfile +++ b/testing/docker/ci_test_device1/Dockerfile @@ -1,10 +1,10 @@ FROM ubuntu:jammy - +ENV DEBIAN_FRONTEND=noninteractive #Update and get all additional requirements not contained in the base image RUN apt-get update && apt-get -y upgrade -RUN apt-get update && apt-get install -y isc-dhcp-client ntpdate coreutils moreutils inetutils-ping curl jq dnsutils openssl netcat-openbsd +RUN apt-get update && apt-get install -y isc-dhcp-client ntp coreutils moreutils inetutils-ping curl jq dnsutils openssl netcat-openbsd COPY entrypoint.sh /entrypoint.sh From 5727c33ceee77e35c5c0959bde1243a31f8bf625 Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 11:44:59 +0000 Subject: [PATCH 3/9] add ntp test --- testing/docker/ci_test_device1/Dockerfile | 2 +- testing/docker/ci_test_device1/entrypoint.sh | 13 +++++++++++++ testing/test_tests.json | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/testing/docker/ci_test_device1/Dockerfile b/testing/docker/ci_test_device1/Dockerfile index c87a2a038..4328946fd 100644 --- a/testing/docker/ci_test_device1/Dockerfile +++ b/testing/docker/ci_test_device1/Dockerfile @@ -4,7 +4,7 @@ ENV DEBIAN_FRONTEND=noninteractive #Update and get all additional requirements not contained in the base image RUN apt-get update && apt-get -y upgrade -RUN apt-get update && apt-get install -y isc-dhcp-client ntp coreutils moreutils inetutils-ping curl jq dnsutils openssl netcat-openbsd +RUN apt-get update && apt-get install -y isc-dhcp-client ntpdate coreutils moreutils inetutils-ping curl jq dnsutils openssl netcat-openbsd COPY entrypoint.sh /entrypoint.sh diff --git a/testing/docker/ci_test_device1/entrypoint.sh b/testing/docker/ci_test_device1/entrypoint.sh index 8113704be..9c9d9ca0e 100755 --- a/testing/docker/ci_test_device1/entrypoint.sh +++ b/testing/docker/ci_test_device1/entrypoint.sh @@ -88,4 +88,17 @@ elif [ -n "${options[sshv1]}" ]; then /usr/local/sbin/sshd fi +# still testing - using fixed +if [ -n "${options[ntpv4_dhcp]}"]; then + (while true; do + dhcp_ntp=$(fgrep NTPSERVERS= /run/ntpdate.dhcp) + if [ -n "${dhcp_ntp}" ]; then + ntp_server=`echo $dhcp_ntp | cut -d "'" -f 2` + echo NTP server from DHCP $ntp_server + fi + ntpdate -q -p 1 $ntp_server + sleep 5 + done) & +fi + tail -f /dev/null \ No newline at end of file diff --git a/testing/test_tests.json b/testing/test_tests.json index 076e9149e..66d46618a 100644 --- a/testing/test_tests.json +++ b/testing/test_tests.json @@ -9,7 +9,7 @@ }, "tester2": { "image": "test-run/ci_test1", - "args": "", + "args": "ntpv4_dhcp", "ethmac": "02:42:aa:00:00:02", "expected_results": { "security.nmap.ports": "compliant" From 6ef8cf180938b34434fe0cdf013c89058e4b77ea Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 12:26:35 +0000 Subject: [PATCH 4/9] test ntpv3 --- testing/docker/ci_test_device1/entrypoint.sh | 7 +++++++ testing/test_tests.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/testing/docker/ci_test_device1/entrypoint.sh b/testing/docker/ci_test_device1/entrypoint.sh index 9c9d9ca0e..5ccce636d 100755 --- a/testing/docker/ci_test_device1/entrypoint.sh +++ b/testing/docker/ci_test_device1/entrypoint.sh @@ -101,4 +101,11 @@ if [ -n "${options[ntpv4_dhcp]}"]; then done) & fi +if [ -n "${options[ntpv3_time_google_com]}"]; then + (while true; do + ntpdate -q -p 1 -o 3 time.google.com + sleep 5 + done) & +fi + tail -f /dev/null \ No newline at end of file diff --git a/testing/test_tests.json b/testing/test_tests.json index 66d46618a..990ba452e 100644 --- a/testing/test_tests.json +++ b/testing/test_tests.json @@ -1,7 +1,7 @@ { "tester1": { "image": "test-run/ci_test1", - "args": "oddservices", + "args": "oddservices ntpv3_time_google_com", "ethmac": "02:42:aa:00:00:01", "expected_results": { "security.nmap.ports": "non-compliant" From 39e94f2e7319d894cd575461e4886830d85a7c6c Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 12:59:10 +0000 Subject: [PATCH 5/9] add ntp pass --- testing/test_tests.json | 6 ++++-- testing/test_tests.py | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/testing/test_tests.json b/testing/test_tests.json index 990ba452e..3c0190087 100644 --- a/testing/test_tests.json +++ b/testing/test_tests.json @@ -4,7 +4,7 @@ "args": "oddservices ntpv3_time_google_com", "ethmac": "02:42:aa:00:00:01", "expected_results": { - "security.nmap.ports": "non-compliant" + "security.nmap.ports": "non-compliant", } }, "tester2": { @@ -12,7 +12,9 @@ "args": "ntpv4_dhcp", "ethmac": "02:42:aa:00:00:02", "expected_results": { - "security.nmap.ports": "compliant" + "security.nmap.ports": "compliant", + "ntp.network.ntp_support": "compliant", + "ntp.network.ntp_dhcp": "compliant" } } diff --git a/testing/test_tests.py b/testing/test_tests.py index 5c344ca0b..b61fdf064 100644 --- a/testing/test_tests.py +++ b/testing/test_tests.py @@ -29,6 +29,7 @@ TEST_MATRIX = 'test_tests.json' RESULTS_PATH = '/tmp/results/*.json' +#TODO add reason @dataclass(frozen=True) class TestResult: name: str @@ -90,6 +91,7 @@ def test_list_tests(capsys, results, test_matrix): if result == 'non-compliant']) with capsys.disabled(): + #TODO print matching the JSON schema for easy copy/paste print('============') print('============') print('tests seen:') From 33c70f2b1c36c06ac4ec7275669591e6cdb6dbc8 Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 13:23:53 +0000 Subject: [PATCH 6/9] fix json syntax --- testing/test_tests.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/test_tests.json b/testing/test_tests.json index 3c0190087..28e20d15c 100644 --- a/testing/test_tests.json +++ b/testing/test_tests.json @@ -4,7 +4,7 @@ "args": "oddservices ntpv3_time_google_com", "ethmac": "02:42:aa:00:00:01", "expected_results": { - "security.nmap.ports": "non-compliant", + "security.nmap.ports": "non-compliant" } }, "tester2": { From 34287ff2083e901f6ff5718862468ff2f9750d4e Mon Sep 17 00:00:00 2001 From: Noureddine Date: Fri, 14 Jul 2023 13:51:07 +0000 Subject: [PATCH 7/9] diagnose unexpected failure --- testing/test_tests | 2 +- testing/test_tests.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/test_tests b/testing/test_tests index 6ba9fef94..ed14f1043 100755 --- a/testing/test_tests +++ b/testing/test_tests @@ -115,6 +115,6 @@ for tester in $TESTERS; do done -pytest -s testing/test_tests.py +pytest -v testing/test_tests.py exit $? diff --git a/testing/test_tests.json b/testing/test_tests.json index 28e20d15c..179a3f7fc 100644 --- a/testing/test_tests.json +++ b/testing/test_tests.json @@ -1,7 +1,7 @@ { "tester1": { "image": "test-run/ci_test1", - "args": "oddservices ntpv3_time_google_com", + "args": "oddservices", "ethmac": "02:42:aa:00:00:01", "expected_results": { "security.nmap.ports": "non-compliant" From b89913915fb7c22bc444617247c3c152d89f62e1 Mon Sep 17 00:00:00 2001 From: Noureddine Date: Mon, 17 Jul 2023 08:40:21 +0000 Subject: [PATCH 8/9] empty From a112153eba0fd6d37de40f9b386734e0627414f1 Mon Sep 17 00:00:00 2001 From: Noureddine Date: Mon, 17 Jul 2023 09:47:29 +0000 Subject: [PATCH 9/9] fix bash syntax --- testing/docker/ci_test_device1/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/docker/ci_test_device1/entrypoint.sh b/testing/docker/ci_test_device1/entrypoint.sh index 5ccce636d..9152af0c8 100755 --- a/testing/docker/ci_test_device1/entrypoint.sh +++ b/testing/docker/ci_test_device1/entrypoint.sh @@ -89,7 +89,7 @@ elif [ -n "${options[sshv1]}" ]; then fi # still testing - using fixed -if [ -n "${options[ntpv4_dhcp]}"]; then +if [ -n "${options[ntpv4_dhcp]}" ]; then (while true; do dhcp_ntp=$(fgrep NTPSERVERS= /run/ntpdate.dhcp) if [ -n "${dhcp_ntp}" ]; then @@ -101,7 +101,7 @@ if [ -n "${options[ntpv4_dhcp]}"]; then done) & fi -if [ -n "${options[ntpv3_time_google_com]}"]; then +if [ -n "${options[ntpv3_time_google_com]}" ]; then (while true; do ntpdate -q -p 1 -o 3 time.google.com sleep 5