Penguin taming: how to test Linux-based applications. Part 2

You can read the first part of the article here. The article was published on Engineers Edge.

Shortcuts for managing

The administration of the Linux host (where your web application runs) requires frequent job and process managing activities. A few must-knows are listed below.

To interrupt a job, use a shortcut Ctrl-C. When you need to resume a job, use a shortcut Ctrl-Z. The command fg restarts the job, while bg places a job to the background, allowing you to perform additional tasks at the same time. Also add an ampersand (“&”) to your command in the end of the string to start it in the background.

When you need to view currently running processes, run “ps.” While all jobs have unique process IDs displayed in the first column of the output, rest assured there are some more useful options here to modify its result view.
If you need to end a required job, run “kill/killall” followed by the process ID or process name (kill 22064; killall java, for example).

The grep command will help to find a specific job you might need. It is an efficient search tool with a large scope of configurations (for example, ps -aux | grep java). The ps returns the list of all processes. The grep filters the list according your search criteria.

Installing new software

What should we expect when installing new software in Linux OS? This can be a challenging task among former Windows users. Usually it can be done by following these methods: installing RPM packages, installing DEB packages or installing from tarballs (esp. source code).

On top of that, when starting working with Linux, you should always keep in mind software repositories, which provide storage for packages (both source and binary) accessible via Internet to install any required software on your computer. It’s up to you whether to use a certain repository or create your own. See examples for two of the most popular utilities: YUM in files repo in the directory/etc/yum.repos.d/ and APT in file /etc/apt/sources.list and in the files in the directory/etc/apt/source.list.d/.

Types of software

As for software testing itself, there are basic instruments for testing Linux applications you will definitely need. Most of these solutions are applicable to the majority of Unix-based systems and are console-based, which makes them easier to automate.

There are three types of software in Linux: Core (Kernel), User applications (userspace level), and Core + User applications. Core applications include the core itself, the kernel modules and user space level for kernel control (meaning the / proc and / sys interfaces). Since the kernel itself is written on C and ASM, C is the preference for testing. Usually these are small test kernel modules, checking some functions or module with different parameters + script.

Based on many years of testing experience, it is recommended you avoid using one module that checks the entire “feature.” This is why many modules are used to check each of the functions separately. Also keep in mind that you have to check all possible functions return codes.

User applications can be considered any application running on Linux. However, if the application is written in Java, you’ll need to own Java, at least in order to make sure that the program is working.

Core + User applications are the most popular to be used in Linux. If you are dealing with this type of application, it means the core driver provides low-level communication with any device and the user program.

Testing tools for Linux

Since all Linux tools are either present in any distributive or can be freely downloaded, Linux is a convenient OS both for programming and testing. Basic tools for testing Linux applications are as follows:

• GCC – Gnu C compiler. To test the compiler, you can use gcc, which is a Basic C, C++ compiler for Linux. Its website has special tests. If you compile the -g option, you can debug the program with GDB.
• BASH. The BASH shell is also included in each distribution. It is very useful for writing scripts.
• expect is also present in each distributive. It is a simple but quite handy syntax tool command language (TCL).
• expect-perl ? expect-python (pyexpect) – libraries expect for scripting languages perl and python.
• gdb – Gnu Debuger. This is a standard C/C++ debugger. If you’ve never used it, we advise you to get acquainted with this tool. Use kgdb for kernel.
• ltt – Linux Trace Toolkit. If your Linux core supports LTT, you can view the active processes/system calls in the current process.
• import ? gimp – can be used for taking screenshots for testing graphics applications.
• minicom is a program for manual testing. If you want to automate the console, it is better to use the expect (or in conjunction with the “cat” and “echo”, or just open / dev / ttySx as file – sometimes the second option does not fit).
• ltp – Linux Test Suite Page [ltp.sf.net] is a very useful collection of tests. It includes tests of file systems, system calls, etc.

Among other common tools, it would good to mention such as netperf (utility to verify the network performance), ircp, irdump, openobex (utilities for infrared checking), and telnet, ssh (a remote shell). If you need to enter same commands frequently, you can use expect, which is available in any distributive). A more detailed comprehensive list of tools commonly used for testing the various components of Linux can be found here.

Hackers’ security distribution

Linux also has its own distributions for testing. Backtrack-Linux.org is a good example of a specialized Linux distribution that has just one purpose – to test your network, devices and systems for security vulnerabilities. The last version of Backtrack was released in August of 2012.

Backtrack all started with earlier versions of live Linux such distributions such as Whoppix, IWHAX, and Auditor. As it’s said at Offensive Security, after years of development, penetration tests, and unprecedented help from the security community, it evolved to what is now known as a GPL-compliant Linux distribution built by penetration testers for penetration testers with development staff consisting of individuals spanning different languages, regions, industries and nationalities.

Backtrack consists of more than 300 security open source tools and utilities. While there are many commercial programs available, many security professionals prefer BackTrack tools. The interesting thing is that BackTrack is also popular among hackers because of its anonymity; when installing this distribution, you don’t have to register.

Many security practitioners use BackTrack to perform their security assessments. BackTrack is an open-source, Linux-based penetration testing toolset. It makes performing a security assessment easier, because all of the common tools that you need are all packaged into one nice distribution and ready to go at a moment’s notice. As with other Linux distributions, BackTrack is supported and developed by a community of users that range from skilled penetration testers in the information security field, government entities, information technology experts, security enthusiasts and individuals new to the security community.

Conclusion

The above should provide a good overview of some of the basic Linux tools, singularities, process management, specific limitations, etc., that are vital for quality assurance services involving Linux. However, this is just the tip of the iceberg when it comes to Linux, the most stable, efficient, safe and legal operating system ever.