1# Start syslogd in daemon mode. 2# The client writes a message to Sys::Syslog native method. 3# The syslogd writes it into a file and through a pipe. 4# The syslogd passes it via UDP to the loghost. 5# The server receives the message on its UDP socket. 6# Find the message in client, file, syslogd, server log. 7# Check fstat for the parent and child process. 8# Check ktrace for setting the correct uid and gid. 9# Check that stdio is dupped to /dev/null. 10 11use strict; 12use warnings; 13 14our %args = ( 15 syslogd => { 16 daemon => 1, 17 loggrep => { 18 qr/ -F / => 0, 19 qr/ -d / => 0, 20 }, 21 fstat => { 22 qr/^root .* wd / => 1, 23 qr/^root .* root / => 0, 24 qr/^root .* [012] .* null$/ => 3, 25 qr/^root .* kqueue / => 0, 26 qr/^root .* internet/ => 0, 27 qr/^_syslogd .* wd / => 1, 28 qr/^_syslogd .* root / => 1, 29 qr/^_syslogd .* [012] .* null$/ => 3, 30 qr/^_syslogd .* kqueue / => 1, 31 qr/^_syslogd .* internet/ => 2, 32 }, 33 ktrace => { 34 qr/CALL setresuid(.*"_syslogd".*){3}/ => 2, 35 qr/CALL setresgid(.*"_syslogd".*){3}/ => 2, 36 qr/CALL setsid/ => 1, 37 qr/RET setsid.* errno / => 0, 38 }, 39 }, 40 pipe => { nocheck => 1 }, 41 tty => { nocheck => 1 }, 42); 43 441; 45