-
Notifications
You must be signed in to change notification settings - Fork 96
Test Plan
- TO DO : produce a set of config files
- for each config file, run Core-Test.
-
./builder -
TO DO : produce a banned word list in the binary
-
for wordlist in $(cat banlist.txt) ; do cat libselinux.so | grep $word ; done -
Compare hooked functions with standard functions:
LD_PRELOAD=/path/to/my/libselinux.so $cmd > $cmd_output_libselinux.txt $cmd > $cmd_output_default.txt` diff $cmd_output_libselinux.txt $cmd_output_default.txt
-
Manual Test.
(Tests that impact [core] only)
A collection of simple tests to ensure that all public functions are working as expected on hooking library.
TODO: determine unit-test setup on core
Ensure that the system still works as expected from victim's point of view, and no bug happens once the rootkit is installed.
Check compiled library for symbols and strings that should not be leaked.
(Tests that impact [client] only)
A collection of simple tests to ensure that client functions are working as expected.
TODO: determine unit-test setup on core
(Tests that impact both [core] and [client])
Verify if the client can connect to an infected machine in many scenarios.
Ensure that the victim cannot detect any suspect activity while the attacker plays with the system remotely.
It includes checking open processes, remote connections, etc...
Check if common anti-rootkits can detect BEURK as a malicious program.