File: xml-checks.sh

package info (click to toggle)
checksec 2.6.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 10,936 kB
  • sloc: sh: 1,882; makefile: 2
file content (157 lines) | stat: -rwxr-xr-x 4,078 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
#!/usr/bin/env bash
set -ou pipefail
if [[ -f /bin/bash ]]; then
  test_file="/bin/bash"
elif [[ -f /bin/sh ]]; then
  test_file="/bin/sh"
elif [[ -f /bin/ls ]]; then
  test_file="/bin/ls"
else
  echo "could not find valid file to test"
  exit 255
fi

DIR=$(
  cd "$(dirname "$0")"
  pwd
)
PARENT=$(
  cd "$(dirname "$0")/.."
  pwd
)

#check xml for proc-all
echo "starting proc-all check - xml"
"${PARENT}"/checksec --format=xml --proc-all > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "proc-all xml validation failed"
  exit 1
fi

#check xml for proc-all
echo "starting extended proc-all check - xml"
"${PARENT}"/checksec --format=xml --proc-all --extended > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "proc-all xml validation failed"
  exit 1
fi

#check xml for kernel
echo "starting kernel check - xml"
"${PARENT}"/checksec --format=xml --kernel > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "kernel xml validation failed"
  exit 1
fi

echo "starting custom kernel check for file kernel.config - json"
"${PARENT}"/checksec --format=xml --kernel=kernel.config > "${DIR}"/output.xml
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "custom kernel json validation failed"
  exit 1
fi

while read -r file; do
  #check xml against custom kernel config to trigger all checks
  echo "starting custom kernel check for file ${file} - xml"
  "${PARENT}"/checksec --format=xml --kernel="${file}" > "${DIR}/output.xml"
  xmllint --noout "${DIR}/output.xml"
  RET=$?
  if [ ${RET} != 0 ]; then
    cat "${DIR}/output.xml"
    echo "custom kernel xml validation failed"
    exit 1
  fi
done < <(find "${PARENT}"/kernel_configs/configs/ -type f -iname "config-*")

#check xml for file
echo "starting file check - xml"
"${PARENT}"/checksec --format=xml --file="${test_file}" > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "file xml validation failed"
  exit 1
fi

#check xml for file
echo "starting extended file check - xml"
"${PARENT}"/checksec --format=xml --file="${test_file}" --extended > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "file xml validation failed"
  exit 1
fi

#check xml for fortify file
echo "starting fortify-file check - xml"
"${PARENT}"/checksec --format=xml --fortify-file="${test_file}" > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "fortify-file xml validation failed"
  exit 1
fi

#check xml for fortify file
echo "starting extended fortify-file check - xml"
"${PARENT}"/checksec --format=xml --fortify-file="${test_file}" --extended > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "fortify-file xml validation failed"
  exit 1
fi

#check xml for fortify proc
echo "starting fortify-proc check - xml"
"${PARENT}"/checksec --format=xml --fortify-proc=1 > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "fortify-proc xml validation failed"
  exit 1
fi

#check xml for fortify proc
echo "starting extended fortify-proc check - xml"
"${PARENT}"/checksec --format=xml --fortify-proc=1 --extended > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "fortify-proc xml validation failed"
  exit 1
fi

#check xml for dir
echo "starting dir check - xml"
"${PARENT}"/checksec --format=xml --dir=/sbin > "${DIR}/output.xml"
xmllint --noout "${DIR}/output.xml"
RET=$?
if [ ${RET} != 0 ]; then
  cat "${DIR}/output.xml"
  echo "dir xml validation failed"
  exit 1
fi

echo "All XML validation tests passed xmllint"
rm -f "${DIR}/output.xml"