Latest revision |
Your text |
Line 7: |
Line 7: |
| |} | | |} |
|
| |
|
| {{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at [http://bugzilla.redhat.com Bugzilla], and add your results to the results section. If this page is more than a month old when you arrive here, please check the [[QA/Test_Days|current schedule]] and see if a similar but more recent Test Day is planned or has already happened.}} | | {{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at [http://bugzilla.redhat.com Bugzilla], and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule - which should be linked at [[QA/Test_Days]] - and see if a similar but more recent Test Day is planned or has already happened.}} |
|
| |
|
| == What to test? == | | == What to test? == |
| | |
| | {{admon/important|Page not ready yet|This page is still being worked on. The instructions here are not final yet and they will probably change substantially soon.}} |
|
| |
|
| Have you ever used any security '''scanning application'''? Does the '''security configuration''' of your box matters? Do you want to keep you system in '''consistent state'''? If you have positive answer to any of these questions then it's probably worth to joint this Fedora Test Day that will focus on [https://fedoraproject.org/wiki/Features/OpenSCAP OpenSCAP] feature. | | Have you ever used any security '''scanning application'''? Does the '''security configuration''' of your box matters? Do you want to keep you system in '''consistent state'''? If you have positive answer to any of these questions then it's probably worth to joint this Fedora Test Day that will focus on [https://fedoraproject.org/wiki/Features/OpenSCAP OpenSCAP] feature. |
Line 20: |
Line 22: |
|
| |
|
| The following cast of characters will be available testing, workarounds, bug fixes, and general discussion: | | The following cast of characters will be available testing, workarounds, bug fixes, and general discussion: |
| * Development - [[User:pvrabec|Peter Vrabec]] (wrabco), Tomas Heinrich (theinric), Maros Barabas (mbarabas), Daniel Kopecek (dkopecek), Lukas Kuklinek (lkukline) | | * Development - [[User:pvrabec|Peter Vrabec]] (wrabco), Tomas Heinrich (theinric), Maros Barabas (mbarabas), Daniel Kopecek (dkopecek) |
| * FirstAidKit development - [[User:msivak|Martin Sivák]] (msivak)
| | * Quality Assurance - [[User:kparal|Kamil Páral]] (kparal) |
| * Quality Assurance - [[User:kparal|Kamil Páral]] (kparal), Ondrej Moris (omoris) | |
|
| |
|
| == Prerequisite for Test Day == | | == Prerequisite for Test Day == |
Line 29: |
Line 30: |
| ** This must be a real installation, live CDs are unfortunately not suitable for this test day. | | ** This must be a real installation, live CDs are unfortunately not suitable for this test day. |
| ** We are interested in different software setups, so if possible please use your real workstation, rather than clean install of F13 or F14. You don't have to be afraid, this software is not destructive in any way. | | ** We are interested in different software setups, so if possible please use your real workstation, rather than clean install of F13 or F14. You don't have to be afraid, this software is not destructive in any way. |
| * At least 2 GB of RAM is recommended for the system, otherwise the tool may work very slow.
| |
|
| |
|
| == How to test? == | | == How to test? == |
|
| |
|
| <ol>
| | # Fully update your '''Fedora 13''' or '''Fedora 14'''. |
| <li>Fully update your '''Fedora 13''' or '''Fedora 14'''.</li>
| | # Install '''openscap, openscap-utils''' and '''openscap-python''' packages version '''0.6.1'''. Download them from: [http://people.redhat.com/pvrabec/openscap/ ToDo]. |
| <li>Install '''openscap, openscap-utils''' and '''openscap-python''' packages version '''0.6.1-testday5'''. Download them from: http://people.redhat.com/pvrabec/openscap/
| | # Download required SCAP content: |
| {{admon/important|Packages updated|Packages have been updated to fix numerous errors. Please update if you've downloaded the old ones.}}
| | #* [http://git.fedorahosted.org/git?p=openscap.git;a=blob_plain;f=dist/fedora/scap-fedora14-oval.xml;hb=HEAD scap-fedora14-oval.xml] |
| </li>
| | #* [http://git.fedorahosted.org/git?p=openscap.git;a=blob_plain;f=dist/fedora/scap-fedora14-xccdf.xml;hb=HEAD scap-fedora14-xccdf.xml] |
| <li>Download required SCAP content: http://people.redhat.com/pvrabec/openscap/content
| | # Follow the test cases below. |
| {{admon/important|Files updated|SCAP content was updated during this test day. Please update if you've downloaded the old one.}}
| | # Write your results to the result matrix. |
| </li>
| |
| <li>Follow the test cases below.</li>
| |
| <li>Write your results to the result matrix.</li>
| |
| </ol>
| |
|
| |
|
| == Test Cases == | | == Test Cases == |
Line 50: |
Line 46: |
| * [[QA:TestCase OpenSCAP Fedora default settings|Fedora default settings]] | | * [[QA:TestCase OpenSCAP Fedora default settings|Fedora default settings]] |
| * [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]] | | * [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]] |
| * [[QA:TestCase OpenSCAP secstate|secstate tool]]
| |
| * [[QA:TestCase_OpenSCAP_Fedora_FirstAidKit|FirstAidKit plugin for OpenSCAP]]
| |
|
| |
|
| == Test Results == | | == Test Results == |
Line 59: |
Line 53: |
| {| | | {| |
| ! User | | ! User |
| ! [[QA:TestCase OpenSCAP Fedora default settings|Fedora default settings]] | | ! [[QA:Testcase_sample_1|Sample test 1]] |
| ! [[QA:TestCase OpenSCAP Fedora adjusted settings|Fedora adjusted settings]] | | ! [[QA:Testcase_sample_2|Sample test 2]] |
| ! [[QA:TestCase OpenSCAP secstate|secstate tool]] | | ! [[QA:Testcase_sample_3|Sample test 3]] |
| ! [[QA:TestCase_OpenSCAP_Fedora_FirstAidKit|FAK plugin]] | | ! [[QA:Testcase_sample_4|Sample test 4]] |
| ! References | | ! References |
| |- | | |- |
| | [[User:SampleUser|Sample User]] | | | [[User:SampleUser|Sample User]] |
| | | {{result|none}} |
| | {{result|pass}} | | | {{result|pass}} |
| | {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref> | | | {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref> |
| | {{result|fail}} <ref>{{bz|12345}}</ref> | | | {{result|fail}} <ref>{{bz|12345}}</ref> |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:Newgle1|newgle1]]
| |
| | {{result|fail|newgle1}}<ref name=bug />
| |
| | {{result|fail|newgle1}} <ref name=bug>err:*** buffer overflow detected ***: oscap terminated</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:Rhe|He Rui]]
| |
| | {{result|fail|rhe}}<ref>buffer overflowed and some rules failed: http://fpaste.org/wSvq/</ref>
| |
| | {{result|fail|rhe}}<ref group="long">tested the rule-2.2.2.3.a (Disable the Automounter if Possible), when I stopped the autofs service as the rules suggested, the result was still 'fail'.(Yum remove autofs can get a 'pass' result) </ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| |-
| |
| | [[User:jkaluza|Jan Kaluza]]
| |
| | {{result|fail|jkaluza}}<ref>buffer overflowed - {{bz|627488}}</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:ppisar|Petr Pisar]]
| |
| | {{result|fail|ppisar}} <ref group="long">Tests checking file permissions (rule-2.2.3.3.a, rule-2.2.3.4.a, rule-2.2.3.4.b, rule-2.2.3.5.a, rule-2.2.3.5.b, rule-2.2.3.6.a) eats all memory (4 GiB) and are terminated by kernel – {{bz|565691}}</ref>
| |
| {{result|fail|ppisar}} <ref group="long">Test rule-2.1.2.3.4.a (Ensure Package Signature Checking is Not Disabled For Any Repos) fails because I have defined rawhide repositories with disabled signature checking and disabled for installation. I think disabled repositories should not be considered in this test.</ref>
| |
| {{result|fail|ppisar}} <ref group="long">Test rule-2.5.1.2.b (Set net.ipv4.conf.all.accept_redirects for Hosts and Routers) fails. This is default value for F13. F13 should be fixed (/etc/sysctl.conf) or the test removed as far as it can be useful in some scenarios (link with more routers, link with more IP networks).</ref>
| |
| {{result|pass|ppisar}} <ref>Other tests passed</ref>
| |
| | {{result|fail|ppisar}} <ref group="long">Test rule-3.6.1.1.a (Disable X Windows at System Boot) fails if enabled despite my inittab has default runlevel 3. Test is defined as equality to number 5 in oval file. More ever `X Windows' is nonsense. Correct name is `X Window' without the `s' suffix. See X(7) manual page. You are breaking trade mark ;)</ref>
| |
| {{result|fail|ppisar}} <ref>Test rule-3.7.1.1.a (Disable Avahi Server Software) fails even if avahi-deamon is disabled in all runlevels and none is running</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:jgorig|Jan Gorig]]
| |
| | {{result|fail|jgorig}}<ref>same problem - buffer overflowed on x86_64 F13 - {{bz|627488}}</ref>
| |
| {{result|pass|jgorig}}<ref>bug fixed</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:kushal|Kushal Das]]
| |
| | {{result|fail|kushal}}<ref>same problem - buffer overflowed on x86 F13 - {{bz|627488}}</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:dramsey|David Ramsey]]
| |
| | {{result|fail}}<ref>Same problem with buffer overflowed on x86 F14</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:mgrepl|Miroslav Grepl]]
| |
| | {{result|pass|mgrepl}}<ref>Test finished (fixed pkgs from koji)</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:omoris|Ondrej Moriš]]
| |
| | {{result|fail|omoris}}<ref>test finished (fixed pkgs from koji) with several fails: http://fpaste.org/Sgys/</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|warn|omoris}}<ref>getting error while changing some variable values (HTTP reply/request), gui is mostly not updated during evaluation</ref>
| |
| | <references/>
| |
| |-
| |
| | [[User:masami|Masami Ichikawa]]
| |
| | {{result|fail|masami}}<ref>same problem - buffer overflowed on x86 F14 - {{bz|627488}}</ref> {{result|fail|masami}}<ref>testday5 fails rule-2.5.1.2.b (Set net.ipv4.conf.all.accept_redirects for Hosts and Routers). same as {{bz|627600}}</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/>
| |
| |-
| |
| | [[User:kparal|Kamil Páral]]
| |
| | {{result|warn|kparal}}<ref>''Set net.ipv4.conf.all.accept_redirects for Hosts and Routers'' fails {{bz|627600}}</ref> {{result|fail|kparal||627674}}
| |
| | {{result|none}}
| |
| | {{result|fail|kparal}}<ref>''Not Selected: 0'' in http://fpaste.org/4Okv/</ref> {{result|pass|kparal}}<ref>openscap-0.6.1-testday4.fc14</ref>
| |
| | {{result|fail|kparal||627633}}<ref>Values in test and policy selection allows "0.5" and "enforcingaaa"</ref>
| |
| | <references/>
| |
| |-
| |
| | [[User:David.Paige|David Paige]]
| |
| | {{result|pass|David.Paige}}<ref>'No errors, five failed individual tests.</ref>
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | {{result|none}}
| |
| | <references/> | | | <references/> |
| |- | | |- |
| |} | | |} |
|
| |
|
| == Long comments ==
| | [[Category:Test Days]] |
| <references group="long" />
| |
| | |
| [[Category:Fedora 14 Test Days]] | |