# !/bin/bash dir="/test_dir" mac_cat_file="/etc/parsec/mac_categories" mac_lev_file="/etc/parsec/mac_levels" secure="/parsecfs/unsecure_setxattr" u=`id -u -n` red=$(tput setaf 1) green=$(tput setaf 2) coff=$(tput sgr0) test_result="${green}TEST PASS${coff}\n" mv $mac_cat_file $mac_cat_file.bak > $mac_cat_file usercat -a 10 cat_10 mv $mac_lev_file $mac_lev_file.bak > $mac_lev_file for i in 0 1 2 3; do userlev -a $i Уровень_$i done mkdir $dir pdpl-file 3:0:10:ccnr $dir for l in lvl1 lvl2 lvl3; do mkdir $dir/$l done for num in 1 2 3; do pdpl-file $num:0:10:ccnr $dir/lvl$num done for d in lvl1 lvl2 lvl3; do for f in 1 2 3; do touch $dir/$d/file$f done done pdpl-file 1:0:0 $dir/lvl1/file2 pdpl-file 1:0:10 $dir/lvl1/file3 pdpl-file 1:0:10 $dir/lvl2/file2 pdpl-file 2:0:10 $dir/lvl2/file3 pdpl-file 1:0:10 $dir/lvl3/file1 pdpl-file 2:0:10 $dir/lvl3/file2 pdpl-file 3:0:10 $dir/lvl3/file3 setfaud -R -m o:ocx:ocx $dir setfaud -d -m o:udn:udn $dir/lvl1 setfacl -R -m u:$u:rwx $dir tar --xattrs --acls -cvzf $dir.tar $dir &> /dev/null rm -r $dir echo 1 > $secure execaps -c 0x1000 -- tar --xattrs --acls --xattrs-include=security.{PDPL,AUDIT,DEF_AUDIT} \ -xvf $dir.tar -C / &> /dev/null echo 0 > $secure pdp-ls -Md $dir | grep "Уровень_3:Низкий:cat_10:ccnr" &> /dev/null check_dir=$(echo $?) if [ $check_dir == 0 ]; then printf "${green}PDPL on dir restored normaly${coff}\n" else test_result="${red}TEST FAIL!\n${coff}" printf "${red}PDPL on dir not restored!${coff}\n" fi pdp-ls -Md $dir/lvl1 | grep "Уровень_1:Низкий:cat_10:ccnr" &> /dev/null check_sdir1=$(echo $?) if [ $check_sdir1 == 0 ]; then printf "${green}PDPL on subdir 1 lvl restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}PDPL on subdir 1 lvl not restored!${coff}\n" fi pdp-ls -Md $dir/lvl2 | grep "Уровень_2:Низкий:cat_10:ccnr" &> /dev/null check_sdir2=$(echo $?) if [ $check_sdir2 == 0 ]; then printf "${green}PDPL on subdir 2 lvl restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}PDPL on subdir 2 lvl not restored!${coff}\n" fi pdp-ls -Md $dir/lvl3 | grep "Уровень_3:Низкий:cat_10:ccnr" &> /dev/null check_sdir3=$(echo $?) if [ $check_sdir3 == 0 ]; then printf "${green}PDPL on subdir 3 lvl restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}PDPL on subdir 3 lvl not restored!${coff}\n" fi pdp-ls -Md $dir/lvl1/file3 | grep "Уровень_1:Низкий:cat_10" &> /dev/null check_file1=$(echo $?) if [ $check_file1 == 0 ]; then printf "${green}PDPL on subfile 1 lvl restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}PDPL on subfile 1 lvl not restored!${coff}\n" fi pdp-ls -Md $dir/lvl2/file3 | grep "Уровень_2:Низкий:cat_10" &> /dev/null check_file2=$(echo $?) if [ $check_file2 == 0 ]; then printf "${green}PDPL on subfile 2 lvl restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}PDPL on subfile 2 lvl not restored!${coff}\n" fi pdp-ls -Md $dir/lvl3/file3 | grep "Уровень_3:Низкий:cat_10" &> /dev/null check_file3=$(echo $?) if [ $check_file3 == 0 ]; then printf "${green}PDPL on subfile 3 lvl restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}PDPL on subfile 3 lvl not restored!${coff}\n" fi getfaud $dir 2> /dev/null | grep o:oxc:oxc &> /dev/null check_dir_aud=$(echo $?) if [ $check_dir_aud == 0 ]; then printf "${green}AUDIT on dir restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on dir not restored!${coff}\n" fi getfaud $dir/lvl1 2> /dev/null | grep o:oxc:oxc &> /dev/null check_sdir1_aud=$(echo $?) if [ $check_sdir1_aud == 0 ]; then printf "${green}AUDIT on subdir lvl1 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on subdir lvl1 not restored!${coff}\n" fi getfaud $dir/lvl2 2> /dev/null | grep o:oxc:oxc &> /dev/null check_sdir2_aud=$(echo $?) if [ $check_sdir2_aud == 0 ]; then printf "${green}AUDIT on subdir lvl2 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on subdir lvl2 not restored!${coff}\n" fi getfaud $dir/lvl3 2> /dev/null | grep o:oxc:oxc &> /dev/null check_sdir3_aud=$(echo $?) if [ $check_sdir3_aud == 0 ]; then printf "${green}AUDIT on subdir lvl3 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on subdir lvl3 not restored!${coff}\n" fi getfaud $dir/lvl1 2> /dev/null | grep o:udn:udn &> /dev/null check_def_aud=$(echo $?) if [ $check_def_aud == 0 ]; then printf "${green}AUDIT DEFAULT restored normaly${coff}\n" else printf "${red}AUDIT DEFAULT not restored!${coff}\n" fi getfaud $dir/lvl1/file3 2> /dev/null | grep o:oxc:oxc &> /dev/null check_sfile1_aud=$(echo $?) if [ $check_sfile1_aud == 0 ]; then printf "${green}AUDIT on subfile lvl1 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on subfile lvl1 not restored!${coff}\n" fi getfaud $dir/lvl2/file3 2> /dev/null | grep o:oxc:oxc &> /dev/null check_sfile2_aud=$(echo $?) if [ $check_sfile2_aud == 0 ]; then printf "${green}AUDIT on subfile lvl2 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on subfile lvl2 not restored!${coff}\n" fi getfaud $dir/lvl3/file3 2> /dev/null | grep o:oxc:oxc &> /dev/null check_sfile3_aud=$(echo $?) if [ $check_sfile3_aud == 0 ]; then printf "${green}AUDIT on subfile lvl3 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}AUDIT on subfile lvl3 not restored!${coff}\n" fi getfacl $dir 2> /dev/null | grep user:$u:rwx &> /dev/null check_dir_acl=$(echo $?) if [ $check_dir_acl == 0 ]; then printf "${green}ACL on dir restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on dir not restored!${coff}\n" fi getfacl $dir/lvl1 2> /dev/null | grep user:$u:rwx &> /dev/null check_sdir1_acl=$(echo $?) if [ $check_sdir1_acl == 0 ]; then printf "${green}ACL on subdir lvl1 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on subdir lvl1 not restored!${coff}\n" fi getfacl $dir/lvl2 2> /dev/null | grep user:$u:rwx &> /dev/null check_sdir2_acl=$(echo $?) if [ $check_sdir2_acl == 0 ]; then printf "${green}ACL on subdir lvl2 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on subdir lvl2 not restored!${coff}\n" fi getfacl $dir/lvl3 2> /dev/null | grep user:$u:rwx &> /dev/null check_sdir3_acl=$(echo $?) if [ $check_sdir3_acl == 0 ]; then printf "${green}ACL on subdir lvl3 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on subdir lvl3 not restored!${coff}\n" fi getfacl $dir/lvl1/file3 2> /dev/null | grep user:$u:rwx &> /dev/null check_sfile1_acl=$(echo $?) if [ $check_sfile1_acl == 0 ]; then printf "${green}ACL on subfile lvl1 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on subfile lvl1 not restored!${coff}\n" fi getfacl $dir/lvl2/file3 2> /dev/null | grep user:$u:rwx &> /dev/null check_sfile2_acl=$(echo $?) if [ $check_sfile2_acl == 0 ]; then printf "${green}ACL on subfile lvl2 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on subfile lvl2 not restored!${coff}\n" fi getfacl $dir/lvl3/file3 2> /dev/null | grep user:$u:rwx &> /dev/null check_sfile3_acl=$(echo $?) if [ $check_sfile3_acl == 0 ]; then printf "${green}ACL on subfile lvl3 restored normaly${coff}\n" else test_result="${red}TEST FAIL!${coff}\n" printf "${red}ACL on subfile lvl3 not restored!${coff}\n" fi rm -r $dir* mv $mac_cat_file.bak $mac_cat_file mv $mac_lev_file.bak $mac_lev_file echo printf "$test_result" exit 0