SubuRama
Flight Engineer
Flight Engineer
  • 210 Views

Hard coded values in grading scripts ...

Similar to the LUKS/NBDE grading script issue hardcoding /dev/vdb1 instead of allowing a UUID, there are other instances of grading scripts hardcoding expected values.

 

For ex: ch06s09 for setting up remote audit servers.

The grading script /usr/local/lib/lab-audit-review has:

pad " . Verifying /etc/audisp/audisp-remote.conf on servera"

if ${ssh} root@servera "grep -E 'remote_server.*=.*172.25.250.11' /etc/audisp/audisp-remote.conf"; then

    print_PASS

else

    print_FAIL

fi

So if I used serverb.lab.example.com in the audisp-remote.conf I get that step marked as "FAIL" during grading.

For the LUKS/NBDE lab, ch03s05 there are some other issues too.

Step 5, says "When done, create a file in that directory". It does *not* specify the name of that file. However, the grading script specifically looks for a file called /encrypted/testfile.

In addition, all that is checked if keys are rotated is to check if /var/db/tang/exchange.jwk and /var/db/tang/signature.jwk exist. I could just touch these two files and the test would then pass (I am not sure *how* one would verify that it really is a result of running jose command for rotating the keys).

See the grading script /usr/local/lib/lab-luks-review

Thank you

Subu

Labels (1)
0 Replies
Join the discussion
You must log in to join this conversation.