honeyclient_agent_integrity_registry.t

Revision 760, 12.3 kB (checked in by kindlund, 1 year ago)
Fixed destroy() and incorporated into all unit tests.

Line
1	#!/usr/bin/perl -w
2
3	use strict;
4	use Test::More 'no_plan';
5	$\| = 1;
6
7
8
9	# =begin testing
10	{
11	# Make sure Log::Log4perl loads
12	BEGIN { use_ok('Log::Log4perl', qw(:nowarn))
13	or diag("Can't load Log::Log4perl package. Check to make sure the package library is correctly listed within the path.");
14
15	# Suppress all logging messages, since we need clean output for unit testing.
16	Log::Log4perl->init({
17	"log4perl.rootLogger" => "DEBUG, Buffer",
18	"log4perl.appender.Buffer" => "Log::Log4perl::Appender::TestBuffer",
19	"log4perl.appender.Buffer.min_level" => "fatal",
20	"log4perl.appender.Buffer.layout" => "Log::Log4perl::Layout::PatternLayout",
21	"log4perl.appender.Buffer.layout.ConversionPattern" => "%d{yyyy-MM-dd HH:mm:ss} %5p [%M] (%F:%L) - %m%n",
22	});
23	}
24	require_ok('Log::Log4perl');
25	use Log::Log4perl qw(:easy);
26
27	# Make sure the module loads properly, with the exportable
28	# functions shared.
29	BEGIN { use_ok('HoneyClient::Util::Config', qw(getVar setVar))
30	or diag("Can't load HoneyClient::Util::Config package. Check to make sure the package library is correctly listed within the path."); }
31	require_ok('HoneyClient::Util::Config');
32	can_ok('HoneyClient::Util::Config', 'getVar');
33	can_ok('HoneyClient::Util::Config', 'setVar');
34	use HoneyClient::Util::Config qw(getVar setVar);
35
36	# Suppress all logging messages, since we need clean output for unit testing.
37	Log::Log4perl->init({
38	"log4perl.rootLogger" => "DEBUG, Buffer",
39	"log4perl.appender.Buffer" => "Log::Log4perl::Appender::TestBuffer",
40	"log4perl.appender.Buffer.min_level" => "fatal",
41	"log4perl.appender.Buffer.layout" => "Log::Log4perl::Layout::PatternLayout",
42	"log4perl.appender.Buffer.layout.ConversionPattern" => "%d{yyyy-MM-dd HH:mm:ss} %5p [%M] (%F:%L) - %m%n",
43	});
44
45	# Make sure Data::Dumper loads
46	BEGIN { use_ok('Data::Dumper')
47	or diag("Can't load Data::Dumper package. Check to make sure the package library is correctly listed within the path."); }
48	require_ok('Data::Dumper');
49	use Data::Dumper;
50
51	# Make sure Storable loads
52	BEGIN { use_ok('Storable', qw(dclone))
53	or diag("Can't load Storable package. Check to make sure the package library is correctly listed within the path."); }
54	require_ok('Storable');
55	can_ok('Storable', 'dclone');
56	use Storable qw(dclone);
57
58	# Make sure IO::Handle loads
59	BEGIN { use_ok('IO::Handle')
60	or diag("Can't load IO::Handle package. Check to make sure the package library is correctly listed within the path."); }
61	require_ok('IO::Handle');
62	use IO::Handle;
63
64	# Make sure IO::File loads
65	BEGIN { use_ok('IO::File')
66	or diag("Can't load IO::File package. Check to make sure the package library is correctly listed within the path."); }
67	require_ok('IO::File');
68	use IO::File;
69
70	# Make sure Fcntl loads
71	BEGIN { use_ok('Fcntl')
72	or diag("Can't load Fcntl package. Check to make sure the package library is correctly listed within the path."); }
73	require_ok('Fcntl');
74	use Fcntl qw(:seek);
75
76	# Make sure File::Temp loads
77	BEGIN { use_ok('File::Temp')
78	or diag("Can't load File::Temp package. Check to make sure the package library is correctly listed within the path."); }
79	require_ok('File::Temp');
80	can_ok('File::Temp', 'tmpnam');
81	can_ok('File::Temp', 'unlink0');
82	use File::Temp qw(tmpnam unlink0);
83
84	# Make sure Filesys::CygwinPaths loads
85	BEGIN { use_ok('Filesys::CygwinPaths')
86	or diag("Can't load Filesys::CygwinPaths package. Check to make sure the package library is correctly listed within the path."); }
87	require_ok('Filesys::CygwinPaths');
88	use Filesys::CygwinPaths qw(:all);
89
90	# Make sure Search::Binary loads
91	BEGIN { use_ok('Search::Binary')
92	or diag("Can't load Search::Binary package. Check to make sure the package library is correctly listed within the path."); }
93	require_ok('Search::Binary');
94	can_ok('Search::Binary', 'binary_search');
95	use Search::Binary;
96
97	# Make sure HoneyClient::Agent::Integrity::Registry::Parser loads
98	BEGIN { use_ok('HoneyClient::Agent::Integrity::Registry::Parser')
99	or diag("Can't load HoneyClient::Agent::Integrity::Registry::Parser package. Check to make sure the package library is correctly listed within the path."); }
100	require_ok('HoneyClient::Agent::Integrity::Registry::Parser');
101	use HoneyClient::Agent::Integrity::Registry::Parser;
102
103	# Make sure HoneyClient::Agent::Integrity::Registry loads
104	BEGIN { use_ok('HoneyClient::Agent::Integrity::Registry')
105	or diag("Can't load HoneyClient::Agent::Integrity::Registry package. Check to make sure the package library is correctly listed within the path."); }
106	require_ok('HoneyClient::Agent::Integrity::Registry');
107	use HoneyClient::Agent::Integrity::Registry;
108
109	# Make sure File::Basename loads.
110	BEGIN { use_ok('File::Basename', qw(dirname basename fileparse)) or diag("Can't load File::Basename package. Check to make sure the package library is correctly listed within the path."); }
111	require_ok('File::Basename');
112	can_ok('File::Basename', 'dirname');
113	can_ok('File::Basename', 'basename');
114	can_ok('File::Basename', 'fileparse');
115	use File::Basename qw(dirname basename fileparse);
116	}
117
118
119
120	# =begin testing
121	{
122	diag("These tests will create temporary files in /tmp. Be sure to cleanup this directory, if any of these tests fail.");
123
124	# Create a generic Registry object, with test state data.
125	my $registry = HoneyClient::Agent::Integrity::Registry->new(test => 1, bypass_baseline => 1);
126	is($registry->{test}, 1, "new(test => 1, bypass_baseline => 1)") or diag("The new() call failed.");
127	isa_ok($registry, 'HoneyClient::Agent::Integrity::Registry', "new(test => 1, bypass_baseline => 1)") or diag("The new() call failed.");
128
129	diag("Performing baseline check of 'HKEY_CURRENT_USER' hive; this may take some time...");
130
131	# Perform Registry baseline on HKEY_CURRENT_USER.
132	$registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_USER' ]);
133	isa_ok($registry, 'HoneyClient::Agent::Integrity::Registry', "new(hives_to_check => [ 'HKEY_CURRENT_USER' ])") or diag("The new() call failed.");
134	$registry->destroy();
135	}
136
137
138
139	# =begin testing
140	{
141	my ($foundChanges, $expectedChanges);
142	my $before_registry_file = $ENV{PWD} . "/" . getVar(name => "before_registry_file",
143	namespace => "HoneyClient::Agent::Integrity::Registry::Test");
144	my $after_registry_file = $ENV{PWD} . "/" . getVar(name => "after_registry_file",
145	namespace => "HoneyClient::Agent::Integrity::Registry::Test");
146
147
148	# Create a generic Registry object, with test state data.
149	my $registry = HoneyClient::Agent::Integrity::Registry->new(bypass_baseline => 1);
150
151	# Verify Changes
152	$foundChanges = $registry->check(before_file => $before_registry_file,
153	after_file => $after_registry_file);
154	$expectedChanges = [
155	{
156	'entries' => [
157	{
158	'new_value' => undef,
159	'name' => 'Test_Bin_1',
160	'old_value' => 'hex:f4,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,\\
161	00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,f0,77,3f,00,\\
162	3f,00,3f,00,3f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,00,1c,10,fc,\\
163	7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77',
164	},
165	{
166	'new_value' => 'hex:f4,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,\\
167	00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,f0,77,3f,00,\\
168	3f,00,3f,00,3f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,00,1c,10,fc,\\
169	7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77',
170	'name' => 'Test_Bon_1',
171	'old_value' => undef,
172	}
173	],
174	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
175	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 3',
176	},
177	{
178	'entries' => [],
179	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_DELETED,
180	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 4',
181	},
182	{
183	'entries' => [
184	{
185	'new_value' => 'new value',
186	'name' => '@',
187	'old_value' => '',
188	}
189	],
190	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
191	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 5',
192	},
193	{
194	'entries' => [
195	{
196	'new_value' => 'hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\\
197	00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\\
198	20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,f0,\\
199	77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,14,00',
200	'name' => 'Test_Bin_3',
201	'old_value' => undef,
202	}
203	],
204	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_ADDED,
205	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 6',
206	},
207	{
208	'entries' => [
209	{
210	'new_value' => 'C:\\\\WINDOWSsystem32\\\\',
211	'name' => 'InstallerLocation',
212	'old_value' => 'C:\\\\WINDOWS\\\\system32\\\\',
213	}
214	],
215	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
216	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 6\\With\\Really\\Deep\\Nested\\Directory\\Structure',
217	},
218	{
219	'entries' => [
220	{
221	'new_value' => '',
222	'name' => 'C:\\\\WINDOWS\\\\Installer\\\\{6855XXXX-BDF9-48E4-B80A-80DFB96FE36C}\\\\',
223	'old_value' => undef,
224	},
225	{
226	'new_value' => undef,
227	'name' => 'C:\\\\WINDOWS\\\\Installer\\\\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}\\\\',
228	'old_value' => '',
229	}
230	],
231	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
232	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 7',
233	},
234	{
235	'entries' => [
236	{
237	'new_value' => undef,
238	'name' => '000',
239	'old_value' => 'String Value',
240	}
241	],
242	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_DELETED,
243	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 8\\{00021492-0000-0000-C000-000000000046}',
244	},
245	{
246	'entries' => [
247	{
248	'new_value' => 'String Value',
249	'name' => '000',
250	'old_value' => undef,
251	}
252	],
253	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_ADDED,
254	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 8\\{01021492-0000-0000-C000-000000000046}',
255	},
256	{
257	'entries' => [
258	{
259	'new_value' => 'newvalue',
260	'name' => 'newkey',
261	'old_value' => undef,
262	}
263	],
264	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_ADDED,
265	'key_name' => 'HKEY_CURRENT_USER\\Tsting Group 9',
266	}
267	];
268
269	is_deeply($foundChanges, $expectedChanges, "check(before_file => '" . $before_registry_file . "', after_file => '" . $after_registry_file . "')") or diag("The check() call failed.");
270	$registry->destroy();
271	}
272
273
274
275	# =begin testing
276	{
277	# Perform Registry baseline on HKEY_CURRENT_CONFIG.
278	diag("Performing baseline check of 'HKEY_CURRENT_CONFIG' hive; this may take some time...");
279	my $registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_CONFIG' ]);
280	my @files_created = $registry->getFilesCreated();
281	use Data::Dumper;
282	my $tmpfile = tmpnam();
283	unlink($tmpfile);
284	my $tmpdir = dirname($tmpfile);
285	foreach my $file (@files_created) {
286	like($file, qr/$tmpdir/, "getFilesCreated()") or diag("The getFilesCreated() call failed.");
287	}
288	$registry->destroy();
289	}
290
291
292
293	# =begin testing
294	{
295	# Perform Registry baseline on HKEY_CURRENT_CONFIG.
296	diag("Performing baseline check of 'HKEY_CURRENT_CONFIG' hive; this may take some time...");
297	my $registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_CONFIG' ]);
298	$registry->closeFiles();
299	my @files_created = $registry->getFilesCreated();
300	use Data::Dumper;
301	my $tmpfile = tmpnam();
302	unlink($tmpfile);
303	my $tmpdir = dirname($tmpfile);
304	foreach my $file (@files_created) {
305	like($file, qr/$tmpdir/, "closeFiles()") or diag("The closeFiles() call failed.");
306	}
307	$registry->destroy();
308	}
309
310
311
312	# =begin testing
313	{
314	# Perform Registry baseline on HKEY_CURRENT_CONFIG.
315	diag("Performing baseline check of 'HKEY_CURRENT_CONFIG' hive; this may take some time...");
316	my $registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_CONFIG' ]);
317	my @files_created = $registry->getFilesCreated();
318	$registry->destroy();
319	use Data::Dumper;
320	foreach my $file (@files_created) {
321	is(-e $file, undef, "destroy()") or diag("The destroy() call failed.");
322	}
323	}
324
325
326
327
328	1;

Note: See TracBrowser for help on using the browser.

root/honeyclient/tags/exp/DOWN1-kindlund-dynamic_updates/t/honeyclient_agent_integrity_registry.t

Download in other formats: