HP has posted the test suite we used for the audit and MLS portions of our recent RHEL5 CAPP/LSPP/RBACPP certification. http://sourceforge.net/projects/audit-test/
We used this suite in combination with the LTP and a handful of manual tests to provide the necessary test coverage for our evaluation. Although this suite is called 'audit-test' and includes coverage of all the security relevant system calls, it also includes tests for other components such as NetLabel/CIPSO, IPsec, and CUPS. The suite is available as a tarball, a source rpm, and as a noarch rpm which will install files into /usr/local/eal4_testing/audit-test. There are 3 README files which describe how to run the tests, how to develop tests, and how to configure the test server for network tests. These tests are known to pass on RHEL5 plus the updated packages listed in our security target in both CAPP mode (optional targeted policy) and LSPP mode (mls policy) on i386, x86_64 and ia64 architectures. The tests are known to run on the RHEL5.1 beta with about 17 failures due to changes in some of the pam audit records. Items on our TODO list include updating the suite to support multiple versions of some of the interesting packages (such as audit and pam), providing more intuitive subsets of the test cases for specific components, and separating the test harness into its own package. We would appreciate feedback as well as patches through the sourceforge project trackers if you use and update the suite. We are especially interested in hearing from people running the tests on other distros, with or without SELinux. Thanks, -- ljk -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
