PR#73: Proof-of-concept GEF tests for OpenSSH. - rpms/openssh

		`@@ -0,0 +1,45 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/openssh/Sanity/got-audit`
		`+ # Description: Ensure pointers in the sshd process GOT match expected values`
		`+ # Author: Gordon Messmer <gordon.messmer@gmail.com>`
		`+ #`
		`+`
		`+ export TEST=/CoreOS/openssh/Sanity/got-audit`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE got-audit.gdb got-audit.expected`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ -include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: Gordon Messmer <gordon.messmer@gmail.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: Ensure pointers in the sshd process GOT match expected values" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 5m" >> $(METADATA)`
		`+ @echo "RunFor: openssh" >> $(METADATA)`
		`+ @echo "Requires: openssh gdb binutils file procps-ng" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2+" >> $(METADATA)`
		`+ @echo "Confidential: yes" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+ @echo "Releases: " >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/got-audit/PURPOSE

file added

		`@@ -0,0 +1,3 @@`
		`+ PURPOSE of /CoreOS/openssh/Sanity/got-audit`
		`+ Description: Ensure pointers in the sshd process GOT match expected values`
		`+ Author: Gordon Messmer <gordon.messmer@gmail.com>`

tests/got-audit/gef.py

file added

+11640

The added file is too large to be shown here, see it at: tests/got-audit/gef.py

tests/got-audit/got-audit.expected

file added

+499

		`@@ -0,0 +1,499 @@`
		`+ accept@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ access@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ AES_encrypt@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ AES_set_encrypt_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ alarm@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ arc4random_buf@GLIBC_2.36 : /usr/lib64/libc.so`
		`+ arc4random@GLIBC_2.36 : /usr/lib64/libc.so`
		`+ arc4random_uniform@GLIBC_2.36 : /usr/lib64/libc.so`
		`+ __asprintf_chk@GLIBC_2.8 : /usr/lib64/libc.so`
		`+ audit_close : /usr/lib64/libaudit.so`
		`+ audit_encode_nv_string : /usr/lib64/libaudit.so`
		`+ audit_log_acct_message : /usr/lib64/libaudit.so`
		`+ audit_log_user_message : /usr/lib64/libaudit.so`
		`+ audit_open : /usr/lib64/libaudit.so`
		`+ bind@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ BIO_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BIO_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BIO_s_mem@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BIO_write@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_bin2bn@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_bn2bin@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_clear_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_cmp@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_CTX_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_CTX_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_div@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_dup@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_hex2bn@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_is_bit_set@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_is_negative@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_num_bits@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_set_flags@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_set_word@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_sub@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ BN_value_one@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ calloc@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ cfsetispeed@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ cfsetospeed@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ chdir@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ chmod@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ chown@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ chroot@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ clock_gettime@GLIBC_2.17 : /usr/lib64/libc.so`
		`+ closedir@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ close@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ closelog@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ close_range@GLIBC_2.34 : /usr/lib64/libc.so`
		`+ connect@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ context_free@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ context_new@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ context_range_get@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ context_range_set@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ context_role_set@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ context_str@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ context_type_set@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ crypt@XCRYPT_2.0 : /usr/lib64/libcrypt.so`
		`+ ctime@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __ctype_b_loc@GLIBC_2.3 : /usr/lib64/libc.so`
		`+ __ctype_tolower_loc@GLIBC_2.3 : /usr/lib64/libc.so`
		`+ __cxa_finalize@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ d2i_DSA_SIG@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ d2i_ECDSA_SIG@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ daemon@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ deflateEnd : /usr/lib64/libz.so`
		`+ deflateInit_ : /usr/lib64/libz.so`
		`+ deflate : /usr/lib64/libz.so`
		`+ DH_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DH_get0_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DH_get0_pqg@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DH_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DH_set0_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DH_set0_pqg@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ dirfd@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ dirname@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ DSA_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_generate_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_generate_parameters_ex@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_get0_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_get0_pqg@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_set0_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_set0_pqg@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_SIG_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_SIG_get0@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_SIG_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ DSA_SIG_set0@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ dup2@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ dup@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ ECDSA_do_verify@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ ECDSA_SIG_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ ECDSA_SIG_get0@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ ECDSA_SIG_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ ECDSA_SIG_set0@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_cmp@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_get_curve_name@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_get_order@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_method_of@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_new_by_curve_name@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_GROUP_set_asn1_flag@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_get0_group@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_get0_private_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_get0_public_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_get_ex_data@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_new_by_curve_name@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_set_asn1_flag@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_set_group@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_set_private_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_KEY_set_public_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_METHOD_get_field_type@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_cmp@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_get_affine_coordinates_GFp@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_is_at_infinity@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_mul@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_oct2point@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EC_POINT_point2oct@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ endgrent@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ endpwent@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ ERR_get_error@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ __errno_location@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ error_message : /usr/lib64/libcom_err.so`
		`+ ERR_peek_error@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ ERR_peek_last_error@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ ERR_print_errors_fp@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_chacha20@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_ctrl@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_get_iv_length@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_get_key_length@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_get_updated_iv@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CIPHER_CTX_set_key_length@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_CipherInit@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_Cipher@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_default_properties_is_fips_enabled@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestFinal_ex@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestInit_ex@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_Digest@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestSignFinal@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestSignInit@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestSignUpdate@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestUpdate@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestVerifyFinal@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestVerifyInit@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_DigestVerifyUpdate@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_MD_CTX_copy_ex@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_MD_CTX_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_MD_CTX_get0_md@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_MD_CTX_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_MD_get_block_size@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_new_from_name@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_new_from_pkey@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_set1_rsa_keygen_pubexp@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_set_group_name@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_set_params@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_CTX_set_rsa_keygen_bits@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_derive_init@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_derive@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_derive_set_peer@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_fromdata_init@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_fromdata@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_generate@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_get1_DSA@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_get1_EC_KEY@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_get1_RSA@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_get_base_id@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_get_bn_param@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_get_size@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_keygen_init@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_keygen@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_public_check@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_set1_EC_KEY@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_set1_RSA@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_PKEY_set_bn_param@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_sha1@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_sha256@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_sha384@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ EVP_sha512@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ execl@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ execlp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ execve@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ execv@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ _exit@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ exit@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __explicit_bzero_chk@GLIBC_2.25 : /usr/lib64/libc.so`
		`+ fchmodat@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ fchmod@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fchownat@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ fchown@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fclose@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fcntl@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fdopen@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fflush@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fgets@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fileno@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fopen@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fork@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __fprintf_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ fputs@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ freeaddrinfo@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ freecon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ free@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fstat@GLIBC_2.33 : /usr/lib64/libc.so`
		`+ fstatvfs@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ fsync@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ ftruncate@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ futimes@GLIBC_2.3 : /usr/lib64/libc.so`
		`+ fwrite@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ gai_strerror@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getaddrinfo@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getcon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ getcon_raw@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ getcwd@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ get_default_context@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ get_default_context_with_level@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ get_default_type@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ __getdelim@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getegid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getenv@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ geteuid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getexeccon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ getfilecon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ getgid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getgrgid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getgrnam@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getgrouplist@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __getgroups_chk@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ getgroups@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ gethostbyname@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ gethostname@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getnameinfo@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpagesize@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpeername@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpgid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getppid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpwent@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpwnam@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getpwuid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getrlimit@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getservbyname@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getseuserbyname@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ getsid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getsockname@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getsockopt@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ getspnam@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ gettimeofday@GLIBC_2.2.5 : [vdso]`
		`+ getuid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ gss_accept_sec_context@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_acquire_cred@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_add_oid_set_member@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_compare_name@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_create_empty_oid_set@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_delete_sec_context@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_display_name@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_display_status@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_export_name@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_get_mic@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_import_name@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_indicate_mechs@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_inquire_cred_by_mech@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_krb5_copy_ccache@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_release_buffer@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_release_cred@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_release_name@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_release_oid_set@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_test_oid_set_member@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ gss_verify_mic@gssapi_krb5_2_MIT : /usr/lib64/libgssapi_krb5.so`
		`+ i2d_DSA_SIG@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ i2d_ECDSA_SIG@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ inet_ntoa@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ inet_ntop@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ inflateEnd : /usr/lib64/libz.so`
		`+ inflateInit_ : /usr/lib64/libz.so`
		`+ inflate : /usr/lib64/libz.so`
		`+ initgroups@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ innetgr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ ioctl@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ isatty@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __isoc23_fscanf@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ __isoc23_sscanf@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ __isoc23_strtol@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ __isoc23_strtoll@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ __isoc23_strtoul@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ is_selinux_enabled@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ kill@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ killpg@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ krb5_aname_to_localname@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_close@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cccol_cursor_free@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cccol_cursor_new@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cccol_cursor_next@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_destroy@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_get_full_name@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_get_name@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_get_principal@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_get_type@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_initialize@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_new_unique@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_resolve@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_set_default_name@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_store_cred@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_support_switch@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_cc_switch@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_free_context@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_free_error_message@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_free_principal@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_free_string@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_free_unparsed_name@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_get_error_message@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_get_init_creds_password@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_get_profile@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_init_context@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_kuserok@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_parse_name@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_sname_to_principal@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_unparse_name@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ krb5_verify_init_creds@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ link@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ listen@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ localtime@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ localtime_r@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ login@GLIBC_2.34 : /usr/lib64/libc.so`
		`+ logout@GLIBC_2.34 : /usr/lib64/libc.so`
		`+ logwtmp@GLIBC_2.34 : /usr/lib64/libc.so`
		`+ lseek@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ lstat@GLIBC_2.33 : /usr/lib64/libc.so`
		`+ malloc@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ memchr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ memcmp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __memcpy_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ memcpy@GLIBC_2.14 : /usr/lib64/libc.so`
		`+ __memmove_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ memmove@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __memset_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ memset@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ mkdir@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ mkdtemp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ mkstemp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ mktime@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ nanosleep@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ OBJ_nid2sn@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ opendir@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ open@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ openlog@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ openpty@GLIBC_2.34 : /usr/lib64/libc.so`
		`+ OPENSSL_init_crypto@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OpenSSL_version_num@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OpenSSL_version@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_EC_curve_nid2name@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_push_BN@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_push_int@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_push_octet_string@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_push_utf8_string@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_BLD_to_param@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ OSSL_PARAM_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ pam_acct_mgmt@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_authenticate@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_chauthtok@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_close_session@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_end@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_getenvlist@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_get_item@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_open_session@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_putenv@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_setcred@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_set_item@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_start@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pam_strerror@LIBPAM_1.0 : /usr/lib64/libpam.so`
		`+ pclose@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ PEM_read_bio_PrivateKey@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ perror@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ pipe@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ poll@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ popen@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ ppoll@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ prctl@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __printf_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ profile_get_string@krb5_3_MIT : /usr/lib64/libkrb5.so`
		`+ putchar@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ puts@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ qsort@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ raise@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ RAND_bytes@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RAND_poll@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RAND_seed@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RAND_status@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ __read_chk@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ readdir@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ read@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ readlink@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ reallocarray@GLIBC_2.26 : /usr/lib64/libc.so`
		`+ realloc@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __realpath_chk@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ recvmsg@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ rename@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ rewind@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ rmdir@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ RSA_bits@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_blinding_on@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_free@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_get0_crt_params@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_get0_factors@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_get0_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_get_ex_data@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_new@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_set0_crt_params@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_set0_factors@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_set0_key@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ RSA_size@OPENSSL_3.0.0 : /usr/lib64/libcrypto.so`
		`+ security_compute_av@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ security_compute_relabel@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ security_getenforce@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ selinux_openssh_contexts_path@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ selinux_trans_to_raw_context@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ sendmsg@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setcon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ setegid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setenv@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ seteuid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setexeccon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ setfilecon@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ setgid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setgroups@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setpwent@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setresgid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setresuid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setrlimit@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setsid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setsockopt@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ setuid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ shutdown@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ sigaction@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ sigaddset@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ sigemptyset@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ sigfillset@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ sigprocmask@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __snprintf_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ socket@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ socketpair@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __stack_chk_fail@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ stat@GLIBC_2.33 : /usr/lib64/libc.so`
		`+ statvfs@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strcasecmp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strchr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strcmp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strcspn@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strdup@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strerror@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strftime@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ string_to_av_perm@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ string_to_security_class@LIBSELINUX_1.0 : /usr/lib64/libselinux.so`
		`+ strlcat@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ strlcpy@GLIBC_2.38 : /usr/lib64/libc.so`
		`+ strlen@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strncasecmp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strncmp@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __strncpy_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ strncpy@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strndup@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strnlen@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strpbrk@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strptime@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strrchr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strsep@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strsignal@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strspn@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strstr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ strtok@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ symlink@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ sysconf@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __syslog_chk@GLIBC_2.4 : /usr/lib64/libc.so`
		`+ tcgetattr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ tcsendbreak@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ tcsetattr@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ time@GLIBC_2.2.5 : [vdso]`
		`+ timegm@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ truncate@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ ttyname@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ umask@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ unlink@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ unsetenv@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ usleep@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ utimensat@GLIBC_2.6 : /usr/lib64/libc.so`
		`+ utimes@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ __vasprintf_chk@GLIBC_2.8 : /usr/lib64/libc.so`
		`+ __vsnprintf_chk@GLIBC_2.3.4 : /usr/lib64/libc.so`
		`+ waitpid@GLIBC_2.2.5 : /usr/lib64/libc.so`
		`+ write@GLIBC_2.2.5 : /usr/lib64/libc.so`

tests/got-audit/got-audit.gdb

file added

		`@@ -0,0 +1,3 @@`
		`+ source gef.py`
		`+ gef config gef.disable_color True`
		`+ got-audit`

tests/got-audit/runtest.sh

file added

+34

		`@@ -0,0 +1,34 @@`
		`+ #!/bin/bash`
		`+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/openssh/Sanity/got-audit`
		`+ # Description: Ensure pointers in the sshd process GOT match expected values`
		`+ # Author: Gordon Messmer <gordon.messmer@gmail.com>`
		`+ #`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/share/beakerlib/beakerlib.sh \|\| exit 1`
		`+`
		`+ rlJournalStart`
		`+ rlPhaseStartSetup`
		`+ rlServiceStart sshd`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Run GEF got-audit"`
		`+ rlRun "SSH_PID=\$( systemctl show --property=MainPID sshd.service \| cut -f2 -d= )"`
		`+ rlRun "echo SSH_PID is '$SSH_PID'"`
		`+ [ -n "$SSH_PID" ] \|\| rlFail "No sshd was found"`
		`+ rlRun "gdb --pid '$SSH_PID' --command=got-audit.gdb --batch \| grep ' : ' \| sed -e 's/\\.so\\.[-_.0-9a-z]*$/.so/' \| sort > '$auditfile'"`
		`+ rlAssertNotDiffer got-audit.expected "$auditfile"`
		`+ diff -u got-audit.expected "$auditfile" 1>&2`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartCleanup`
		`+ rlServiceRestore sshd`
		`+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
		`+ rlPhaseEnd`
		`+ rlJournalPrintText`
		`+ rlJournalEnd`

tests/tests.yml

file modified

		`@@ -16,6 +16,7 @@`
		`tests:`
		`- port-forwarding`
		`- pam_ssh_agent_auth`
		`+ - got-audit`
		`required_packages:`
		`- iproute # needs ip command`
		`- procps-ng # needs ps and pgrep commands`

gordonmessmer commented a month ago

DRAFT:

This proof-of-concept test records the expected state for the sshd GOT, and implements a test which compares the actual state to the expected state. Differences from the expected state may indicate a symbol poisoning attack by a shared library.

1 new commit added

Update got-audit for rawhide.

a month ago

1 new commit added

Fix sed filter in runtest.sh

a month ago

1 new commit added

Log diff to stderr.

a month ago

rebased onto e925a4e

a month ago

1 new commit added

Log process tree to figure out why this is selecting a bad PID.

a month ago

1 new commit added

Use because there is no longer a loop.

a month ago

dbelyavs commented 23 days ago

Many thanks for your contribution! I will think what is the best place to land it

dbelyavs commented 22 days ago

Here is a feedback from my QE colleague @hkario

don't include the gef.py file verbatim, download it from github, from specific revision, verify with sha256 if the hash is the expected one
the Makefile FILES is missing got-audit.gdb and got-audit.fedora
the got-audit.fedora should probably include the current version of Fedora, as in the future we will want to have multiple
in Makefile the Releases is wrong, it definitely won't pass on anything older than RHEL-9
ps axf 1>&2 should be in rlRun , and no need for 1>&2
diff -u got-audit.fedora "$auditfile" 1>&2 should be in rlRun
when the script is creating files (auditfile) it should be pushd to a mktemp -d created directory before, and delete it on cleanup

gordonmessmer commented 22 days ago

Thanks for the feedback! I'll apply some of those suggestions shortly. The first will take longer. ;)

1: I wouldn't include gef.py in a release-ready PR. If Fedora is interested in adopting this as a test for sshd and possibly other sensitive components, I'll work with the upstream GEF developers to merge the "audit" command and work on packaging the extension for Fedora.

3: Would it be better to have all of the files like "got-audit.fedora" in each branch? I though it would be better to simply keep the one that applied to the release in each release's branch.

1 new commit added

Cleanups suggested by @hkario

22 days ago

zuul commented 22 days ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/a1dc261d8ab34a58906070307d64e1aa

check-for-arches : SUCCESS in 1m 50s
check-for-eln : SUCCESS in 20s
eln-rpm-scratch-build : SUCCESS in 23m 28s
rpm-scratch-build : SUCCESS in 23m 00s
rpm-scratch-build-s390x : SUCCESS in 19m 33s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 31m 17s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 24m 15s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 24m 03s (non-voting)
rpm-linter : FAILURE in 6m 53s (non-voting)
rpm-rpminspect : FAILURE in 16m 07s (non-voting)
check-for-sti-tests : SUCCESS in 17s
check-for-fmf-tests : SUCCESS in 16s
rpm-install-test : SUCCESS in 1m 43s
rpm-sti-test : FAILURE in 9m 33s
Skipped 1 job

4 new commits added

Cleanups suggested by @hkario
Use because there is no longer a loop.
Log process tree to figure out why this is selecting a bad PID.
Proof-of-concept GEF tests for OpenSSH.

22 days ago

zuul commented 22 days ago

check-for-arches : SUCCESS in 1m 44s
check-for-eln : SUCCESS in 18s
eln-rpm-scratch-build : SUCCESS in 22m 40s
rpm-scratch-build : SUCCESS in 21m 16s
rpm-scratch-build-s390x : SUCCESS in 20m 25s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 25m 11s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 25m 01s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 25m 06s (non-voting)
rpm-linter : FAILURE in 6m 57s (non-voting)
rpm-rpminspect : FAILURE in 14m 50s (non-voting)
check-for-sti-tests : SUCCESS in 16s
check-for-fmf-tests : SUCCESS in 16s
rpm-install-test : SUCCESS in 1m 43s
rpm-sti-test : FAILURE in 9m 28s
Skipped 1 job

4 new commits added

Cleanups suggested by @hkario
Use because there is no longer a loop.
Log process tree to figure out why this is selecting a bad PID.
Proof-of-concept GEF tests for OpenSSH.

21 days ago

zuul commented 21 days ago

check-for-arches : SUCCESS in 1m 45s
check-for-eln : SUCCESS in 18s
eln-rpm-scratch-build : SUCCESS in 21m 50s
rpm-scratch-build : SUCCESS in 20m 13s
rpm-scratch-build-s390x : SUCCESS in 19m 55s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 23m 49s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 25m 45s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 19m 22s (non-voting)
rpm-linter : FAILURE in 6m 57s (non-voting)
rpm-rpminspect : FAILURE in 16m 04s (non-voting)
check-for-sti-tests : SUCCESS in 16s
check-for-fmf-tests : SUCCESS in 17s
rpm-install-test : SUCCESS in 1m 46s
rpm-sti-test : FAILURE in 8m 19s
Skipped 1 job

4 new commits added

Cleanups suggested by @hkario
Use because there is no longer a loop.
Log process tree to figure out why this is selecting a bad PID.
Proof-of-concept GEF tests for OpenSSH.

21 days ago

zuul commented 21 days ago

check-for-arches : SUCCESS in 1m 46s
check-for-eln : SUCCESS in 19s
eln-rpm-scratch-build : SUCCESS in 23m 05s
rpm-scratch-build : SUCCESS in 23m 02s
rpm-scratch-build-s390x : SUCCESS in 18m 32s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 25m 54s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 25m 00s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 26m 19s (non-voting)
rpm-linter : FAILURE in 7m 17s (non-voting)
rpm-rpminspect : FAILURE in 14m 26s (non-voting)
check-for-sti-tests : SUCCESS in 16s
check-for-fmf-tests : SUCCESS in 17s
rpm-install-test : SUCCESS in 1m 47s
rpm-sti-test : FAILURE in 8m 22s
Skipped 1 job

gordonmessmer commented 21 days ago

After a little fiddling:

1: As I mentioned earlier, I wouldn't include gef.py in a release-ready version of this PR.

2: Fixed the file list in Makefile.

3: I thought about the file recording the expected results. This file may need to be updated when openssh is rebuilt on new openssl releases that introduce new features. For auditing purposes, the history of the file will probably be interesting, and that will be more difficult to examine if the file is renamed or copied for each release. We can rename it if you're sure that's the path you want to take, but my opinion is that the data and its history will be easier to examine if there's just one file whose name is constant. So, for now, I've renamed it to "got-audit.expected" so that it no longer refers to Fedora.

4: I can't find any references to the data format expected for Releases in beakerlib metadata. The old value was simply inherited from the port-forwarding test. For now, I've removed the old values entirely. The expected file would need to be adjusted for RHEL 8, but I'm not sure why the test wouldn't work, otherwise.

5: ps aux was included to make process selection easier to understand, since it seemed to be different in Fedora's test env vs running locally. I removed it.

6: It's quite difficult to interpret failure without seeing the results of the diff, and I can't find any way to record the diff in the test results if diff is run under rlRun. If there is another way to record the differences between the expected file and the test results, I could use further guidance here.

7: pushd makes the test difficult because the gdb command file currently refers to the relative path of gef.py. Once gef.py is packaged, as it would be in a release-ready PR, the test could pushd into the temp directory. For now, a temp directory is created and the temporary file is created within it, and the directory is removed on cleanup.

1 new commit added