[RFC] Testcase Scenarios for Auditfs Code

Loulwa F Salem loulwa at us.ibm.com
Tue Apr 26 15:38:50 UTC 2005 

These are the testcases I am writing to test the code Tim is providing for 
the audit filesystem. The testcases will be included in LTP.
These cases are meant to cover the CAPP requirements. there is some FVT 
testing covered as well, but that still needs to be expanded to test the 
permissions and boundary cases (watch fields lengths, invalid fields ... 
etc).
Please give feedback if you can think of any scenarios that I have not 
considered, or modifications that I need to implement.

Thanks
- Loulwa

Test 1 : Access watched file by opening it (file already exists)
               Expected: 1 watch records for file access/open
 
Test 2 : Create a watched file (file created after watch is inserted)
               Expected: 1 watch records for open() with regards to file 
creation

Test 3 : Create hard link to a watched file and then access it by opening 
it for read
               Expected: 1 watch record for open() on original file

Test 4 : Create hard link to an unwatched file, watch file, then access 
hard link by opening it for read
                Expected: 1 watch record for open() on original file

Test 5 : Create hard link to watched file, delete watched file, then 
access hard link by opening it for read
                Expected: No watch record

Test 6 : Recreate a watched file that has been deleted previously
                Expected: 1 watch record for unlink() with regards to file 
deletion
                Expected: 1 watch record for open() with regards to file 
recreation

Test 7 : Recreate a watched file that has been deleted previously
               (creating hardlink to it first, so on recreation we are 
certain we get new inode number)
               Expected: 1 watch record for unlink() with regards to file 
deletion
               Expected: 1 watch record for open() with regards to file 
recreation

Test 8 : Delete a watched file
              Expected: 1 watch record for file deletion

Test 9 : Remove a watched directory
              Expected: 1 watch record for rmdir() with respect to 
directory removal

Test 10 : copy a watched file to unwatched name (copy out) - access 
through new name
               Expected: 1 watch record for original file access/open
               Expected: No record for accessing through new name 

Test 11 : copy a file to a watched name (copy in) - access through new 
name
               Expected: 1 record for file creation in new name
               Expected: 1 record for new file access/open

Test 12 : Move a watched file out of a watched location and access by 
opening it for read
               Expected: 1 watch record for rename() with regards to 
moving out of a watched location. 
               Expected: No watch record for new file open()

Test 13 : Move a watched file into a watched location and access by 
opening it for read
               Expected: 1 record for rename() with regards to moving out 
of a watched location. 
               Expected: 1 watch record for open() in new location

Test 14 : Move a directory having a watched file - access file in new 
location
               Expected: No watch record
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050426/8b44012c/attachment.htm>

More information about the Linux-audit mailing list