honeyclient_agent_integrity_registry.t

Revision 521, 11.8 kB (checked in by kindlund, 1 year ago)
Merged DB branch into trunk.

Line
1	#!/usr/bin/perl -w
2
3	use strict;
4	use Test::More 'no_plan';
5	$\| = 1;
6
7
8
9	# =begin testing
10	{
11	# Make sure Log::Log4perl loads
12	BEGIN { use_ok('Log::Log4perl', qw(:nowarn))
13	or diag("Can't load Log::Log4perl package. Check to make sure the package library is correctly listed within the path.");
14
15	# Suppress all logging messages, since we need clean output for unit testing.
16	Log::Log4perl->init({
17	"log4perl.rootLogger" => "DEBUG, Buffer",
18	"log4perl.appender.Buffer" => "Log::Log4perl::Appender::TestBuffer",
19	"log4perl.appender.Buffer.min_level" => "fatal",
20	"log4perl.appender.Buffer.layout" => "Log::Log4perl::Layout::PatternLayout",
21	"log4perl.appender.Buffer.layout.ConversionPattern" => "%d{yyyy-MM-dd HH:mm:ss} %5p [%M] (%F:%L) - %m%n",
22	});
23	}
24	require_ok('Log::Log4perl');
25	use Log::Log4perl qw(:easy);
26
27	# Make sure the module loads properly, with the exportable
28	# functions shared.
29	BEGIN { use_ok('HoneyClient::Util::Config', qw(getVar setVar))
30	or diag("Can't load HoneyClient::Util::Config package. Check to make sure the package library is correctly listed within the path."); }
31	require_ok('HoneyClient::Util::Config');
32	can_ok('HoneyClient::Util::Config', 'getVar');
33	can_ok('HoneyClient::Util::Config', 'setVar');
34	use HoneyClient::Util::Config qw(getVar setVar);
35
36	# Suppress all logging messages, since we need clean output for unit testing.
37	Log::Log4perl->init({
38	"log4perl.rootLogger" => "DEBUG, Buffer",
39	"log4perl.appender.Buffer" => "Log::Log4perl::Appender::TestBuffer",
40	"log4perl.appender.Buffer.min_level" => "fatal",
41	"log4perl.appender.Buffer.layout" => "Log::Log4perl::Layout::PatternLayout",
42	"log4perl.appender.Buffer.layout.ConversionPattern" => "%d{yyyy-MM-dd HH:mm:ss} %5p [%M] (%F:%L) - %m%n",
43	});
44
45	# Make sure Data::Dumper loads
46	BEGIN { use_ok('Data::Dumper')
47	or diag("Can't load Data::Dumper package. Check to make sure the package library is correctly listed within the path."); }
48	require_ok('Data::Dumper');
49	use Data::Dumper;
50
51	# Make sure Storable loads
52	BEGIN { use_ok('Storable', qw(dclone))
53	or diag("Can't load Storable package. Check to make sure the package library is correctly listed within the path."); }
54	require_ok('Storable');
55	can_ok('Storable', 'dclone');
56	use Storable qw(dclone);
57
58	# Make sure IO::Handle loads
59	BEGIN { use_ok('IO::Handle')
60	or diag("Can't load IO::Handle package. Check to make sure the package library is correctly listed within the path."); }
61	require_ok('IO::Handle');
62	use IO::Handle;
63
64	# Make sure IO::File loads
65	BEGIN { use_ok('IO::File')
66	or diag("Can't load IO::File package. Check to make sure the package library is correctly listed within the path."); }
67	require_ok('IO::File');
68	use IO::File;
69
70	# Make sure Fcntl loads
71	BEGIN { use_ok('Fcntl')
72	or diag("Can't load Fcntl package. Check to make sure the package library is correctly listed within the path."); }
73	require_ok('Fcntl');
74	use Fcntl qw(:seek);
75
76	# Make sure File::Temp loads
77	BEGIN { use_ok('File::Temp')
78	or diag("Can't load File::Temp package. Check to make sure the package library is correctly listed within the path."); }
79	require_ok('File::Temp');
80	can_ok('File::Temp', 'tmpnam');
81	can_ok('File::Temp', 'unlink0');
82	use File::Temp qw(tmpnam unlink0);
83
84	# Make sure Filesys::CygwinPaths loads
85	BEGIN { use_ok('Filesys::CygwinPaths')
86	or diag("Can't load Filesys::CygwinPaths package. Check to make sure the package library is correctly listed within the path."); }
87	require_ok('Filesys::CygwinPaths');
88	use Filesys::CygwinPaths qw(:all);
89
90	# Make sure Search::Binary loads
91	BEGIN { use_ok('Search::Binary')
92	or diag("Can't load Search::Binary package. Check to make sure the package library is correctly listed within the path."); }
93	require_ok('Search::Binary');
94	can_ok('Search::Binary', 'binary_search');
95	use Search::Binary;
96
97	# Make sure HoneyClient::Agent::Integrity::Registry::Parser loads
98	BEGIN { use_ok('HoneyClient::Agent::Integrity::Registry::Parser')
99	or diag("Can't load HoneyClient::Agent::Integrity::Registry::Parser package. Check to make sure the package library is correctly listed within the path."); }
100	require_ok('HoneyClient::Agent::Integrity::Registry::Parser');
101	use HoneyClient::Agent::Integrity::Registry::Parser;
102
103	# Make sure HoneyClient::Agent::Integrity::Registry loads
104	BEGIN { use_ok('HoneyClient::Agent::Integrity::Registry')
105	or diag("Can't load HoneyClient::Agent::Integrity::Registry package. Check to make sure the package library is correctly listed within the path."); }
106	require_ok('HoneyClient::Agent::Integrity::Registry');
107	use HoneyClient::Agent::Integrity::Registry;
108
109	# Make sure File::Basename loads.
110	BEGIN { use_ok('File::Basename', qw(dirname basename fileparse)) or diag("Can't load File::Basename package. Check to make sure the package library is correctly listed within the path."); }
111	require_ok('File::Basename');
112	can_ok('File::Basename', 'dirname');
113	can_ok('File::Basename', 'basename');
114	can_ok('File::Basename', 'fileparse');
115	use File::Basename qw(dirname basename fileparse);
116	}
117
118
119
120	# =begin testing
121	{
122	diag("These tests will create temporary files in /tmp. Be sure to cleanup this directory, if any of these tests fail.");
123
124	# Create a generic Registry object, with test state data.
125	my $registry = HoneyClient::Agent::Integrity::Registry->new(test => 1, bypass_baseline => 1);
126	is($registry->{test}, 1, "new(test => 1, bypass_baseline => 1)") or diag("The new() call failed.");
127	isa_ok($registry, 'HoneyClient::Agent::Integrity::Registry', "new(test => 1, bypass_baseline => 1)") or diag("The new() call failed.");
128
129	diag("Performing baseline check of 'HKEY_CURRENT_USER' hive; this may take some time...");
130
131	# Perform Registry baseline on HKEY_CURRENT_USER.
132	$registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_USER' ]);
133	isa_ok($registry, 'HoneyClient::Agent::Integrity::Registry', "new(hives_to_check => [ 'HKEY_CURRENT_USER' ])") or diag("The new() call failed.");
134	}
135
136
137
138	# =begin testing
139	{
140	my ($foundChanges, $expectedChanges);
141	my $before_registry_file = $ENV{PWD} . "/" . getVar(name => "before_registry_file",
142	namespace => "HoneyClient::Agent::Integrity::Registry::Test");
143	my $after_registry_file = $ENV{PWD} . "/" . getVar(name => "after_registry_file",
144	namespace => "HoneyClient::Agent::Integrity::Registry::Test");
145
146
147	# Create a generic Registry object, with test state data.
148	my $registry = HoneyClient::Agent::Integrity::Registry->new(bypass_baseline => 1);
149
150	# Verify Changes
151	$foundChanges = $registry->check(before_file => $before_registry_file,
152	after_file => $after_registry_file);
153	$expectedChanges = [
154	{
155	'entries' => [
156	{
157	'new_value' => undef,
158	'name' => 'Test_Bin_1',
159	'old_value' => 'hex:f4,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,\\
160	00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,f0,77,3f,00,\\
161	3f,00,3f,00,3f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,00,1c,10,fc,\\
162	7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77',
163	},
164	{
165	'new_value' => 'hex:f4,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,\\
166	00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,f0,77,3f,00,\\
167	3f,00,3f,00,3f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,00,1c,10,fc,\\
168	7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77',
169	'name' => 'Test_Bon_1',
170	'old_value' => undef,
171	}
172	],
173	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
174	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 3',
175	},
176	{
177	'entries' => [],
178	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_DELETED,
179	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 4',
180	},
181	{
182	'entries' => [
183	{
184	'new_value' => 'new value',
185	'name' => '@',
186	'old_value' => '',
187	}
188	],
189	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
190	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 5',
191	},
192	{
193	'entries' => [
194	{
195	'new_value' => 'hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\\
196	00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\\
197	20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,f0,\\
198	77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,14,00',
199	'name' => 'Test_Bin_3',
200	'old_value' => undef,
201	}
202	],
203	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_ADDED,
204	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 6',
205	},
206	{
207	'entries' => [
208	{
209	'new_value' => 'C:\\\\WINDOWSsystem32\\\\',
210	'name' => 'InstallerLocation',
211	'old_value' => 'C:\\\\WINDOWS\\\\system32\\\\',
212	}
213	],
214	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
215	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 6\\With\\Really\\Deep\\Nested\\Directory\\Structure',
216	},
217	{
218	'entries' => [
219	{
220	'new_value' => '',
221	'name' => 'C:\\\\WINDOWS\\\\Installer\\\\{6855XXXX-BDF9-48E4-B80A-80DFB96FE36C}\\\\',
222	'old_value' => undef,
223	},
224	{
225	'new_value' => undef,
226	'name' => 'C:\\\\WINDOWS\\\\Installer\\\\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}\\\\',
227	'old_value' => '',
228	}
229	],
230	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_MODIFIED,
231	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 7',
232	},
233	{
234	'entries' => [
235	{
236	'new_value' => undef,
237	'name' => '000',
238	'old_value' => 'String Value',
239	}
240	],
241	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_DELETED,
242	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 8\\{00021492-0000-0000-C000-000000000046}',
243	},
244	{
245	'entries' => [
246	{
247	'new_value' => 'String Value',
248	'name' => '000',
249	'old_value' => undef,
250	}
251	],
252	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_ADDED,
253	'key_name' => 'HKEY_CURRENT_USER\\Testing Group 8\\{01021492-0000-0000-C000-000000000046}',
254	},
255	{
256	'entries' => [
257	{
258	'new_value' => 'newvalue',
259	'name' => 'newkey',
260	'old_value' => undef,
261	}
262	],
263	'status' => $HoneyClient::Agent::Integrity::Registry::STATUS_ADDED,
264	'key_name' => 'HKEY_CURRENT_USER\\Tsting Group 9',
265	}
266	];
267
268	is_deeply($foundChanges, $expectedChanges, "check(before_file => '" . $before_registry_file . "', after_file => '" . $after_registry_file . "')") or diag("The check() call failed.");
269	}
270
271
272
273	# =begin testing
274	{
275	# Perform Registry baseline on HKEY_CURRENT_CONFIG.
276	diag("Performing baseline check of 'HKEY_CURRENT_CONFIG' hive; this may take some time...");
277	my $registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_CONFIG' ]);
278	my @files_created = $registry->getFilesCreated();
279	use Data::Dumper;
280	my $tmpfile = tmpnam();
281	unlink($tmpfile);
282	my $tmpdir = dirname($tmpfile);
283	foreach my $file (@files_created) {
284	like($file, qr/$tmpdir/, "getFilesCreated()") or diag("The getFilesCreated() call failed.");
285	}
286	}
287
288
289
290	# =begin testing
291	{
292	# Perform Registry baseline on HKEY_CURRENT_CONFIG.
293	diag("Performing baseline check of 'HKEY_CURRENT_CONFIG' hive; this may take some time...");
294	my $registry = HoneyClient::Agent::Integrity::Registry->new(hives_to_check => [ 'HKEY_CURRENT_CONFIG' ]);
295	$registry->closeFiles();
296	my @files_created = $registry->getFilesCreated();
297	use Data::Dumper;
298	my $tmpfile = tmpnam();
299	unlink($tmpfile);
300	my $tmpdir = dirname($tmpfile);
301	foreach my $file (@files_created) {
302	like($file, qr/$tmpdir/, "closeFiles()") or diag("The closeFiles() call failed.");
303	}
304	}
305
306
307
308
309	1;

Note: See TracBrowser for help on using the browser.

root/honeyclient/tags/exp/UP2-kindlund-dynamic_updates/t/honeyclient_agent_integrity_registry.t

Download in other formats: