HOW TO ADD A NEW SECURITY TEST INTO SAM

For each new security test intended to be used by SAM, you must provide two files:

  • a file describing the test
  • the test script

A Test Description File

File Naming Convention:

You should call this file in the format < sensor name >-< test name >.def, where < sensor name > is the service type your script will test:

ArcCE, BDII, CE, FTS, LFC, MyProxy, RB, RGMA, SE, SRM, SRMv2, VOBOX, VOMS, gCE, gRB, sBDII

An example would be: CE-wn-sec-crl.def

Structure:

Inside this file you must specify the:

testName: <sensor name>-<test name>
testTitle: <a short line describing the test>
testAbbr: <an abbreviation name>
testHelp: <a URL pointing to the documentation>
EOT

Note that you should end the file with a single line having EOT

An example of this file would be:

testName: CE-wn-sec-crl
testTitle: CRLs validity on WN
testAbbr: crl
testHelp: http://grid.cyfronet.pl/sam-doc/CE/CE-wn-sec-crl.html
EOT

The Test Script

File Naming Convention:

As explained before, call this file in the format < sensor name >-< test name >

Example: CE-wn-sec-crl

Exit Code:

When executing the test, it must return one of these possible values:

Value Status Description
0 UNKNOWN Cannot determine service status
10 OK Service is running as expected
40 WARNING Service may be degraded in some way, or about to become degraded
60 CRITICAL Service has a problem affecting functionality and/or availability

Note that UNKNOWN is used by the probe when the probe has a internal problem which means that it cannot accurately determine the status of the service. This is different, for instance, to the service not being contactable.

Encrypted Test Output:

At the same time, you can print to stdout whatever you want, in HTML compatible format. Example:

<br>
Here you can put the detailed result of the test <br>
in HTML compatible format<br>
<br>
EOT

but the sensible information must be encrypted first.

Here is a bash example for this:

SAME_HOME="$HOME/same"
OPENSSL=`which openssl`
ENCRYPTION_CERT=$SAME_HOME/client/sensors/common/sam-cert.pem

# SSL is mandatory for security tests
if [ "x$OPENSSL" == "x" ]; then
        echo "<p><i>ERROR</i> - Cannot find OpenSSL, detailed results will <b>not</b> be available.</p>"
        crl_check=$SAME_WARNING
fi

# A certificate is also mandatory to encrypt the results
if [ "x$ENCRYPTION_CERT" == "x" ]; then
        echo "<p><i>ERROR</i> - Cannot find an encryption certificate, detailed results will <b>not</b> be available.</p>"
        crl_check=$SAME_WARNING
fi

##########################
# COMPONENT SPECIFIC PART
##########################

bla,bla,bla

# This doesn't need to be encrypted:
echo "<h2>CRL Timestamps</h2>"
echo "<p>Checking the last time CRLs have been updated. Detailed results may not be publicly visible.</p>"

#############################
# Encrypting OUTPUT
#############################

if [ "x$ENCRYPTION_CERT" != "x" ]; then
    if [ "x$OPENSSL" != "x" ]; then
        echo "<!--"
        CRYPTED_OUTPUT=`echo -e "${OUTPUT}" | ${OPENSSL} smime -encrypt -des3 ${ENCRYPTION_CERT}`
        echo -e "BEGIN_ENCRYPTED_RESULT <br /> ${CRYPTED_OUTPUT} <br /> END_ENCRYPTED_RESULT"
        echo "-->"
    fi
else
  echo $OUTPUT
fi

exit $result_check

Where to submit your new tests

One you have the two files, send them by email to: same-devel@cernNOSPAMPLEASE.ch

Questions/Comments

If you have any question about this procedure, feel free to send an email to: sam-support@cernNOSPAMPLEASE.ch


-- RomainWartel - 03 Sep 2007

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r5 - 2007-09-14 - DavidCollados
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback