Skip to content

Commit 139a1b4

Browse files
tgauthCopilot
tgauth
and
Copilot
authored
add pester test for event viewer scenarios (#788)
* add pester test for event viewer scenarios * revert ci changes * Update regress/pesterTests/EventLogging.Tests.ps1 Co-authored-by: Copilot <[email protected]> * Update regress/pesterTests/EventLogging.Tests.ps1 Co-authored-by: Copilot <[email protected]> * Update EventLogging.Tests.ps1 * add comments --------- Co-authored-by: Copilot <[email protected]>
1 parent c1a8d54 commit 139a1b4

File tree

1 file changed

+185
-0
lines changed

1 file changed

+185
-0
lines changed

regress/pesterTests/EventLogging.Tests.ps1

Lines changed: 185 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,185 @@
1+
If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
2+
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
3+
Import-Module OpenSSHUtils -Force
4+
$tC = 1
5+
$tI = 0
6+
$suite = "EventLogging"
7+
Describe "Tests for admin and non-admin event logs" -Tags "CI" {
8+
BeforeAll {
9+
if($OpenSSHTestInfo -eq $null)
10+
{
11+
Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
12+
}
13+
14+
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite"
15+
if( -not (Test-path $testDir -PathType Container))
16+
{
17+
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
18+
}
19+
20+
$server = $OpenSSHTestInfo["Target"]
21+
$nonadminusername = $OpenSSHTestInfo['NonAdminUser']
22+
$adminusername = $OpenSSHTestInfo['AdminUser']
23+
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
24+
$password = $OpenSSHTestInfo['TestAccountPW']
25+
$port = 47003
26+
$sshdDelay = $OpenSSHTestInfo["DelayTime"]
27+
28+
# Register OpenSSH events in Event Viewer
29+
$etwman = Join-Path $opensshbinpath "openssh-events.man"
30+
if (-not (Test-Path $etwman -PathType Leaf)) {
31+
throw "openssh events manifest is not present in OpenSSH binary path"
32+
}
33+
wevtutil im "$etwman" | Out-Null
34+
}
35+
36+
AfterEach { $tI++ }
37+
38+
AfterAll {
39+
# Unregister etw provider
40+
wevtutil um "$etwman"
41+
}
42+
43+
Context "Tests Logs for SSH connections" {
44+
BeforeAll {
45+
Add-PasswordSetting -Pass $password
46+
$tI=1
47+
}
48+
49+
BeforeEach {
50+
# disable the OpenSSH log channels
51+
wevtutil sl "OpenSSH/Debug" /e:false /q:true | Out-Null
52+
wevtutil sl "OpenSSH/Operational" /e:false /q:true | Out-Null
53+
# clear any existing logs
54+
wevtutil cl "OpenSSH/Debug" | Out-Null
55+
wevtutil cl "OpenSSH/Operational" | Out-Null
56+
# enable the OpenSSH log channels
57+
wevtutil sl "OpenSSH/Debug" /e:true /q:true | Out-Null
58+
wevtutil sl "OpenSSH/Operational" /e:true /q:true | Out-Null
59+
}
60+
61+
AfterAll {
62+
Remove-PasswordSetting
63+
$tC++
64+
}
65+
66+
It "$tC.$tI-Nonadmin SSH Connection" {
67+
$o = ssh -l $nonadminusername test_target echo 1234
68+
$o | Should Be 1234
69+
Start-Sleep $sshdDelay
70+
# query the OpenSSH log channels to make sure events were captured
71+
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
72+
$eventLogDebug | Should Not Be $null
73+
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
74+
$eventLogOperational | Should Not Be $null
75+
}
76+
77+
It "$tC.$tI-Admin SSH Connection" {
78+
$o = ssh -l $adminusername test_target echo 1234
79+
$o | Should Be 1234
80+
Start-Sleep $sshdDelay
81+
# query the OpenSSH log channels to make sure events were captured
82+
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
83+
$eventLogDebug | Should Not Be $null
84+
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
85+
$eventLogOperational | Should Not Be $null
86+
}
87+
}
88+
89+
Context "Tests Logs for SFTP connections" {
90+
91+
BeforeAll {
92+
93+
function Setup-KeyBasedAuth
94+
{
95+
param([string] $Username, [string] $KeyFilePath, [string] $UserProfile)
96+
97+
$userSSHProfilePath = Join-Path $UserProfile .ssh
98+
99+
if (-not (Test-Path $userSSHProfilePath -PathType Container)) {
100+
New-Item $userSSHProfilePath -ItemType directory -Force -ErrorAction Stop | Out-Null
101+
}
102+
103+
$authorizedkeyPath = Join-Path $userSSHProfilePath authorized_keys
104+
105+
if($OpenSSHTestInfo["NoLibreSSL"])
106+
{
107+
ssh-keygen.exe -t ed25519 -f $KeyFilePath -Z -P "" aes128-ctr
108+
}
109+
else
110+
{
111+
ssh-keygen.exe -t ed25519 -f $KeyFilePath -P ""
112+
}
113+
Copy-Item "$KeyFilePath.pub" $authorizedkeyPath -Force -ErrorAction SilentlyContinue
114+
Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false
115+
}
116+
117+
$AdminUserProfile = $OpenSSHTestInfo['AdminUserProfile']
118+
$NonAdminUserProfile = $OpenSSHTestInfo['NonAdminUserProfile']
119+
120+
$KeyFileName = $nonadminusername + "_sshtest_EventLog_ed25519"
121+
$NonadminKeyFilePath = Join-Path $testDir $keyFileName
122+
Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue
123+
Setup-KeyBasedAuth -Username $nonadminusername -KeyFilePath $NonadminKeyFilePath -UserProfile $NonAdminUserProfile
124+
125+
$KeyFileName = $adminusername + "_sshtest_EventLog_ed25519"
126+
$AdminKeyFilePath = Join-Path $testDir $keyFileName
127+
Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue
128+
Setup-KeyBasedAuth -Username $adminusername -KeyFilePath $AdminKeyFilePath -UserProfile $AdminUserProfile
129+
130+
#create batch file
131+
$commands =
132+
"ls
133+
exit"
134+
$batchFilePath = Join-Path $testDir "$tC.$tI.commands.txt"
135+
Set-Content $batchFilePath -Encoding UTF8 -value $commands
136+
137+
$tI = 1
138+
}
139+
140+
BeforeEach {
141+
# disable the OpenSSH log channels
142+
wevtutil sl "OpenSSH/Debug" /e:false /q:true | Out-Null
143+
wevtutil sl "OpenSSH/Operational" /e:false /q:true | Out-Null
144+
# clear any existing logs
145+
wevtutil cl "OpenSSH/Debug" | Out-Null
146+
wevtutil cl "OpenSSH/Operational" | Out-Null
147+
# enable the OpenSSH log channels
148+
wevtutil sl "OpenSSH/Debug" /e:true /q:true | Out-Null
149+
wevtutil sl "OpenSSH/Operational" /e:true /q:true | Out-Null
150+
}
151+
152+
AfterAll {
153+
Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue
154+
Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue
155+
156+
$authorized_key = Join-Path '.ssh' authorized_keys
157+
$AdminAuthKeysPath = Join-Path $AdminUserProfile $authorized_key
158+
$NonAdminAuthKeysPath = Join-Path $NonAdminUserProfile $authorized_key
159+
Remove-Item -path "$AdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue
160+
Remove-Item -path "$NonAdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue
161+
162+
$tC++
163+
}
164+
165+
It "$tC.$tI-Nonadmin SFTP Connection" {
166+
sftp -i $NonadminKeyFilePath -b $batchFilePath -o User=$nonadminusername test_target
167+
Start-Sleep $sshdDelay
168+
# query the OpenSSH log channels to make sure events were captured
169+
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
170+
$eventLogDebug | Should Not Be $null
171+
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
172+
$eventLogOperational | Should Not Be $null
173+
}
174+
175+
It "$tC.$tI-Admin SFTP Connection" {
176+
sftp -i $AdminKeyFilePath -b $batchFilePath -o User=$adminusername test_target
177+
Start-Sleep $sshdDelay
178+
# query the OpenSSH log channels to make sure events were captured
179+
$eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text
180+
$eventLogDebug | Should Not Be $null
181+
$eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text
182+
$eventLogOperational | Should Not Be $null
183+
}
184+
}
185+
}

0 commit comments

Comments
 (0)