1# Start syslogd in daemon mode.
2# The client writes a message to Sys::Syslog native method.
3# The syslogd writes it into a file and through a pipe.
4# The syslogd passes it via UDP to the loghost.
5# The server receives the message on its UDP socket.
6# Find the message in client, file, syslogd, server log.
7# Check fstat for the parent and child process.
8# Check ktrace for setting the correct uid and gid.
9# Check that stdio is dupped to /dev/null.
10
11use strict;
12use warnings;
13
14our %args = (
15    syslogd => {
16	options => ["-u"],
17	daemon => 1,
18	nopipe => 1,
19	noconsole => 1,
20	nouser => 1,
21	loggrep => {
22	    qr/ -F / => 0,
23	    qr/ -d / => 0,
24	},
25	fstat => {
26	    qr/^root .* wd / => 1,
27	    qr/^root .* root / => 0,
28	    qr/^root .* [012] .* null$/ => 3,
29	    qr/^root .* kqueue / => 0,
30	    qr/^root .* internet/ => 0,
31	    qr/^_syslogd .* wd / => 1,
32	    qr/^_syslogd .* root / => 1,
33	    qr/^_syslogd .* [012] .* null$/ => 3,
34	    qr/^_syslogd .* kqueue / => 1,
35	    qr/^_syslogd .* internet/ => 2,
36	},
37	ktrace => {
38	    qr/CALL  setresuid(.*"_syslogd".*){3}/ => 1,
39	    qr/CALL  setresgid(.*"_syslogd".*){3}/ => 1,
40	    qr/CALL  setsid/ => 1,
41	    qr/RET   setsid.* errno / => 0,
42	},
43    },
44    pipe => { nocheck => 1 },
45    tty => { nocheck => 1 },
46);
47
481;
49