You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
510 lines
14 KiB
510 lines
14 KiB
---
|
|
test case: No rules (all allowed)
|
|
in:
|
|
rules: []
|
|
out:
|
|
number_of_rules: 1
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
---
|
|
test case: No allowed keys
|
|
in:
|
|
rules:
|
|
- pattern: '*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 1
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.localtime[utc]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
---
|
|
test case: No arguments
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Empty parameter list
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[""]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Any arguments
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/path/to/file]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Any arguments double asterisk
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[**]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/path/to/file]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/path/to/file,UTF8]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Specific first parameter
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[/etc/passwd,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd,]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/var/log/zabbix_server.log]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: First argument pattern
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[*passwd*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd,]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Any second parameter value
|
|
in:
|
|
rules:
|
|
- pattern: 'test[a,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'test[a]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test[a,]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test[a,anything]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test[]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: First argument pattern and any following arguments
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[*passwd*,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd,]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/tmp/test]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Any first parameter value
|
|
in:
|
|
rules:
|
|
- pattern: 'test[*,b]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'test[anything,c]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'test[anything,b]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test[anything,b,c]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'test[anything,b,]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Empty second parameter value
|
|
in:
|
|
rules:
|
|
- pattern: 'test[a,,c]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'test[a,,c]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test[a,b,c]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Any second parameter value
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[/var/log/zabbix_server.log,*,abc]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/var/log/zabbix_server.log,,abc]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/var/log/zabbix_server.log,utf8,abc]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/var/log/zabbix_server.log,,abc,def]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Specific parameters
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd,]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents[/etc/passwd,utf16]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Quoted parameters
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'system.run[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents["/etc/passwd","utf8"]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents["/etc/passwd",""]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents["/etc/passwd","utf16"]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.run["echo 1"]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
---
|
|
test case: Key pattern without arguments
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.size'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.size[/var/log/zabbix_server.log]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Key pattern with any arguments
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.*.contents'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 3
|
|
metrics:
|
|
- metric: 'vfs.file.size.bytes[]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.size[/var/log/zabbix_server.log, utf8]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.size.bytes'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.mount.point.file.contents'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs..contents'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.contents'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Whitelist
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*[/var/log/*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'system.localtime[*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: '*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 3
|
|
metrics:
|
|
- metric: 'vfs.file.size[/var/log/zabbix_server.log]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.contents[/var/log/zabbix_server.log]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.localtime[]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.localtime[utc]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.localtime'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
---
|
|
test case: Blacklist
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.contents[/etc/passwd,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'system.run[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd,]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.run[]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.run[echo 2,a]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.localtime[utc]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Combined wildcard in key
|
|
in:
|
|
rules:
|
|
- pattern: 't*t*[a]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'test1[a]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test_best2[a]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'tests[a]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'test[a]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'best[a]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Duplicate rules
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.file.*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.file.contents'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.file.contents[]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.file.contents[/etc/passwd]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.file.contents[/etc/passwd,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'vfs.file.*'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'vfs.file.contents'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'vfs.file.contents[]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'vfs.file.contents[/etc/passwd]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'vfs.file.contents[/etc/passwd,*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'net.*.in'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'net.*.in'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'net.*.in[]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'net.*.in[eth0]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'net.*.in[eth0,*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'net.*.in'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'net.*.in[]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'net.*.in[eth0]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'net.*.in[eth0,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'net.*.in[eth0,bytes]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: '*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 11
|
|
metrics:
|
|
- metric: 'vfs.file.size'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'net.if.in'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'net.if.in[]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'net.if.in[eth0]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'net.if.in[eth0,]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'net.if.in[eth0,packets]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'net.if.in[eth0,bytes]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
---
|
|
test case: No rules after AllowKey=*
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: '*'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'system.run[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 1
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.size[/etc/systemd.conf]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: No rules after DenyKey=*
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*[*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: '*'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'system.run[*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'vfs.file.size[/etc/systemd.conf]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.localtime'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
---
|
|
test case: Incomplete whitelist (no deny all at the end)
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*[/var/log/*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: 'system.localtime[*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
exit code: failure
|
|
---
|
|
test case: No trailing AllowKey rules
|
|
in:
|
|
rules:
|
|
- pattern: 'vfs.file.*[*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
- pattern: 'system.run[*]'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
- pattern: '*'
|
|
type: ZBX_KEY_ACCESS_ALLOW
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'vfs.file.contents[/etc/passwd]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'vfs.file.size[/etc/systemd.conf]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'system.run[echo 1]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
- metric: 'system.localtime'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
---
|
|
test case: Empty parameters match
|
|
in:
|
|
rules:
|
|
- pattern: 'web.page.get[localhost,*,*]'
|
|
type: ZBX_KEY_ACCESS_DENY
|
|
out:
|
|
number_of_rules: 2
|
|
metrics:
|
|
- metric: 'web.page.get[localhost]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'web.page.get[localhost,]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'web.page.get[localhost,/,80]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'web.page.get[localhost,/]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'web.page.get[localhost,,80]'
|
|
result: ZBX_KEY_ACCESS_DENY
|
|
- metric: 'web.page.get[127.0.0.1]'
|
|
result: ZBX_KEY_ACCESS_ALLOW
|
|
...
|