HP has posted the test suite we used for the audit and MLS
portions of our recent RHEL5 CAPP/LSPP/RBACPP certification.
http://sourceforge.net/projects/audit-test/
We used this suite in combination with the LTP and a handful
of manual tests to provide the necessary test coverage for our
evaluation. Although this suite is called 'audit-test' and includes
coverage of all the security relevant system calls, it also includes
tests for other components such as NetLabel/CIPSO, IPsec, and CUPS.
The suite is available as a tarball, a source rpm, and as a noarch
rpm which will install files into /usr/local/eal4_testing/audit-test.
There are 3 README files which describe how to run the tests, how to
develop tests, and how to configure the test server for network tests.
These tests are known to pass on RHEL5 plus the updated packages listed
in our security target in both CAPP mode (optional targeted policy) and
LSPP mode (mls policy) on i386, x86_64 and ia64 architectures. The
tests are known to run on the RHEL5.1 beta with about 17 failures due
to changes in some of the pam audit records. Items on our TODO list
include updating the suite to support multiple versions of some of the
interesting packages (such as audit and pam), providing more
intuitive subsets of the test cases for specific components, and
separating the test harness into its own package.
We would appreciate feedback as well as patches through the
sourceforge project trackers if you use and update the suite.
We are especially interested in hearing from people running the
tests on other distros, with or without SELinux.
Thanks,
-- ljk