From 8763da79c9e6e0a99cbfdd5317122ab6d3f00e25 Mon Sep 17 00:00:00 2001
From: Dave Tucker
Date: Tue, 6 Jun 2017 10:31:37 +0100
Subject: [PATCH] tests: Add a test case to ensure no ports are open
Signed-off-by: Dave Tucker
---
test/cases/030_security/010_ports/check.sh | 13 ++++++++++++
test/cases/030_security/010_ports/test.sh | 24 ++++++++++++++++++++++
test/cases/030_security/010_ports/test.yml | 23 +++++++++++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 test/cases/030_security/010_ports/check.sh
create mode 100644 test/cases/030_security/010_ports/test.sh
create mode 100644 test/cases/030_security/010_ports/test.yml
diff --git a/test/cases/030_security/010_ports/check.sh b/test/cases/030_security/010_ports/check.sh
new file mode 100644
index 000000000..29c8ed9af
--- /dev/null
+++ b/test/cases/030_security/010_ports/check.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+PORTS=$(netstat -lntup)
+LINES=$(echo "${PORTS}" | wc -l)
+if [ $((LINES > 2)) -ne 0 ]
+then
+ echo "Ports test case FAILED"
+ echo "${PORTS}"
+ exit 1
+fi
+echo "Ports test case PASSED"
diff --git a/test/cases/030_security/010_ports/test.sh b/test/cases/030_security/010_ports/test.sh
new file mode 100644
index 000000000..7255cab37
--- /dev/null
+++ b/test/cases/030_security/010_ports/test.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+# SUMMARY: Check that there are no open ports
+# LABELS:
+
+set -e
+
+# Source libraries. Uncomment if needed/defined
+#. "${RT_LIB}"
+. "${RT_PROJECT_ROOT}/_lib/lib.sh"
+
+NAME=lsof
+
+clean_up() {
+ # remove any files, containers, images etc
+ rm -rf ${NAME}* || true
+}
+
+trap clean_up EXIT
+
+moby build -output kernel+initrd -name "${NAME}" test.yml
+linuxkit run qemu -kernel "${NAME}"
+#RESULT=$(linuxkit run qemu -kernel "${NAME}")
+#echo "${RESULT}" | grep -q "PASSED"
+exit 0
diff --git a/test/cases/030_security/010_ports/test.yml b/test/cases/030_security/010_ports/test.yml
new file mode 100644
index 000000000..ee71257ca
--- /dev/null
+++ b/test/cases/030_security/010_ports/test.yml
@@ -0,0 +1,23 @@
+kernel:
+ image: "linuxkit/kernel:4.9.x"
+ cmdline: "console=ttyS0 page_poison=1"
+init:
+ - linuxkit/init:1b8a7e394d2ec2f1fdb4d67645829d1b5bdca037
+ - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
+ - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
+onboot:
+ - name: test
+ image: "alpine:3.6"
+ readonly: true
+ binds:
+ - /check.sh:/check.sh
+ command: ["sh", "./check.sh"]
+ - name: poweroff
+ image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"
+ command: ["/bin/sh", "/poweroff.sh", "10"]
+files:
+ - path: check.sh
+ source: ./check.sh
+trust:
+ org:
+ - linuxkit