Command control test suites allow you to test your rules by running specified commands, submit users and other input values through your rule configuration, and check to make sure the result is as expected. Each test suite can contain a number of test cases where you specify the expected outcome for one or more input values.
Click
on the home page of the console.Click
in the task pane.Click
in the task pane.Specify a name for the test suite.
Specify a description for the test suite.
Click
.Continue with Adding or Modifying a Test Case to add test cases to your test suite.
A test case allows you to emulate an end user running a command through the Command Control system.
Click
on the home page of the console.Click
in the task pane.Select the test suite for which you want to add a test case, or modify an existing test case.
Click
in the task pane.Do one of the following:
To add a new test case, click
in the task pane.To modify a test case, select the test case, then click
.Specify the values and the expected results that you want to run through the rule configuration. (To review the rule configuration you want to test with this case, see Section 5.6.2, Modifying a Rule.)
Enter a single value in each field. The purpose of the test case is emulate the user performing a usrun command from the command line.
To create a test case that can be used for general testing and could possible match multiple rules, supply only submit information for the test case.
To create a test case that matches only one rule, use the expected fields to specify values that match a single rule.
Command: (Required) Specify the command the user would run.
For example, if the user would enter the following on the command line:
usrun passwd user1
Specify the following as the command:
passwd user1
Submit User: (Required) Specify the name of the user who is entering the privileged command.
Submit Host: (Required) Specify the name of the host that the submit user is logged in to.
Run User: (Optional) When the submit user is requesting to run the command as a specific user with the usrun command, specify the username that is being requested. For example, if the user would enter the following on the command line:
usrun -u root ksh
Specify the following as the run user:
root
Run Host: (Optional) When the submit user is requesting to run the command on a specific host, specify the hostname that is being requested. For example, if the user would enter the following on the command line:
usrun -h hosta ksh
Specify the following as the run host:
hosta
User Input: (Optional) Use this field to specify the information that a script, associated with the Command Control policy, expects the user to enter.
Expected command: (Optional) Use this field to confirm that the command being executed is the correct command. If the command specified in this field does not match the results, the test case fails.
Expected authorized: (Optional) Use this field to confirm that the request was authorised. If value in this field does not match the results, the test case fails.
Expected capture: (Optional) This field is compared with the result of the authorization request to confirm the capture mode is correct. If this field does not match the results, the test case fails.
Expected run user: (Optional) Use this field to confirm that the user context used to execute the command is correct. If this field does not match the results, the test case fails.
Expected run host: (Optional) Use this field to confirm that the host on which the command is being executed is correct. If this field does not match the results, the test case fails.
Expected risk: (Optional) This field is compared with the result of the authorization request in order to confirm the risk associated with the command being executed is correct. If this field does not match the results, the test case fails.
Submit Time: (Optional) Specify the time that the request should appear to be made. This is useful for testing access time restrictions in the policy.
Custom Input: (Optional) Use this field to add attributes within the request object. These XML definitions are inserted into the privileged request. For example, you could use this field to configure the group memberships for a user in order to test policies that perform tests on the user’s group membership:
<Groups> <Group name='grpa'/> <Group name='grpb'/> </Groups>
Click
. The input values are shown in the table.Repeat Step 5 through Step 7 for any additional test cases you want to include or modify in this test suite.
You can now run the test suite as explained in Running a Test Suite.
Click
on the home page of the console.Click
in the task pane.Select the test suite you want to run.
To select multiple test suites, press the Ctrl key and select the required test suites one at a time, or press the Shift key to select a consecutive list of test suites. Use Ctrl+A to select all test suites.
Click
in the task pane. The results are displayed for each test case as Success or as Failure, along with the reason for the failure.Use the buttons on the left and right of the table to find previous successes and failures, and the next successes and failures.
To view further details on a specific entry, select the entry and click
.The configuration for the test case is shown, and a list of rules that have been tested, with configuration settings for each rule. The
column shows true if the rule conditions were met, and false if the rule conditions were not met.Click
to return to the main Run Test Suite page.Click
to return to the list of test suites.To use a command line option to run a test suite or to run a specific test case, see Section 10.2.3, Running Test Suites.
Click
on the home page of the console.Click
in the task pane.Select the test suite you want to view, then click
.From here you can modify the test suite; add, modify and delete test cases; and run the test suite.
Click
on the home page of the console.Click
in the task pane.Select the test suite you want to modify.
Click
in the task pane.Click
in the task pane.Modify the test suite as desired:
Change the name of the test suite.
Add or change the description.
Use the
and buttons to change the order in which the test cases are run.Click
.Click
on the home page of the console.Click
in the task pane.Select the test suite from which you want to delete a test case.
Click
in the task pane.Select the test case you want to delete.
Click
in the task pane.Click
to confirm the deletion. The test case is deleted.Click
on the home page of the console.Click
in the task pane.Select the test suite you want to delete.
To select multiple test suites, press the Ctrl key and select the required test suites one at a time, or press the Shift key to select a consecutive list of test suites.
Click
in the task pane.Click
to confirm the deletion. The test suite is deleted.You use the
option to restores a previously backed-up test suite, or to test suites from another Framework. You then use the option to obtain configuration details so you can then paste them into a text document for backup or for use on another Framework.NOTE:When you import test suites, they are added to your existing configuration and do not overwrite your existing test suites. However, if you import a Command Control database by using the
option, your existing test suites are overwritten.Access the test suite data you require and copy it.
Click
on the home page of the console.Click
in the task pane.Click
in the task pane.Click in the text area, then paste the copied settings by using Ctrl+V, or right-click in the text area and click
.Click
.You can export your Command Control test suites to a text file for backup purposes, or for use in another Framework. You can then use the
option to restore the backed-up test suites, or to import the test suites into another Framework.Click
on the home page of the console.Click
in the task pane.Select the test suite you want to export.
To select multiple test suites, press the Ctrl key and select the required test suites one at a time, or press the Shift key to select a consecutive list of test suites. To select all test suites, use Ctrl+A.
Click
in the task pane.Select the test suite data by using Ctrl+A, or right-click in the text window and click
.Copy the test suite data by using Ctrl+C, or right-click in the text window and click
.Paste the text into a text document.
Click
.