User:Athmane/Fedora 15 Security Lab Testing

From FedoraProject

Jump to: navigation, search
Test Case Security_Lab References
QA:Testcase_Mediakit_ISO_Size
Pass pass athmane
[1]
  1. Used: Fedora-15-i686-Live-Security.iso
QA:Testcase_Mediakit_ISO_Checksums
Pass pass athmane
[1]
  1. Used: Fedora-15-i686-Live-Security.iso
QA:TestCases/Install_Source_Live_Image
Pass pass athmane
[1]
  1. Used: Fedora-15-i686-Live-Security.iso
QA:Testcase_desktop_browser
Pass pass athmane
QA:Testcase_desktop_updates
Pass pass athmane
[1]
  1. tested with YUM, PackageKit test skipped
QA:Testcase_desktop_login
Pass pass athmane
QA:Testcase_desktop_panel_basic
Pass pass athmane
QA:Testcase_desktop_error_checks
Pass pass athmane
[1]
  1. accessibility: lxterminal background is opaque.
QA:Testcase_desktop_menus
Warning warn athmane
[1]
  1. Security Lab Menu: GUI applications are launched from terminal because Exec (in security-*.desktop files) is prefixed with gnome-terminal, eg: Exec=gnome-terminal -e "sh -c 'openvas-client; bash'"
Nmap: testing port scanning, OS detection, version detection, script scanning, and traceroute. UPDATE: QA:Testcase_Nmap
Pass pass athmane
[1]
  1. GUI zenmap not tested.
Wireshark tests UPDATE: QA:Testcase_Wireshark
Fail fail athmane [1]
  1. RHBZ #708250
Nikto: test a web server scan, UPDATE: QA:Testcase_Nikto
Pass pass athmane
[1]
  1. HTTPS Scan fail (SSL support not available)
OpenVAS : generated a new certificate, added a new openvas user, started openvas-scanner service, sync-ed new NVTs, restarted openvas-scanner, connected with openvas-client, performed a scan and finally exported the report to html. UPDATE: QA:Testcase_OpenVAS
Pass pass athmane
[1][2]
  1. As usual openvas-scanner service take a while to start for the first time (seems was loading NVTs)
  2. Performance during the scan of 1 host; CPU: 50%, Mem usage: 515M/623M, SWAP usage: 111M/1215M load average: 4.25, 3.20, 1.87
Ratproxy: ran with various options, tested a web application and generated a report with ratproxy-report
Pass pass athmane
Tcpdump: sniff network traffic .
Pass pass athmane
Hping3: basic tests
Pass pass athmane
nc (netcat): try to listen to a IP:PORT, connect to IP:PORT, port scanning tested with a given range.
Pass pass athmane
Medusa: brute-forcing a remote ssh server, with a provided list of accounts and passwords.
Pass pass athmane
httping: httping a web server, both HTTP and HTTPS protocols tested. UPDATE: QA:Testcase_HTTPing
Pass pass athmane
Rkhunter: updated database (there was no updates), then searched for rootkits. UPDATE: QA:Testcase_Rkhunter
Pass pass athmane
[1] [2]
  1. CPU usage <= 20%
  2. a warning raised about SSH protocol v1 being allowed