Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Cherry Tree Upgrade Test Procedures
/var/log/cherrytree/CherryTree_error.log,
/var/log/cherryweb/CherryWeb.log for errors).
Pass/Fail: The test passes if all verification steps pass.
2.2 Reboot “slave cb-cc server” Test
Description: Tests that the cb-cc slave server can be rebooted and that on power-
up, proper services are running, and the firewall is properly configured.
Setup: From a control terminal, open an ssh console (using PuTTy) to the slave cb-
cc server as root (consult “CB Installation Guide” for IP address and root linux user
credentials). Dump the iptables rules to a file (/sbin/iptables –L –n >
~/iptables_before_reboot.out), and dump the routing entries to a file (/sbin/route >
~/routes_before_reboot.out). Gracefully reboot the system (/sbin/reboot).
Run: Verify that the sponsor SNMP monitoring system is reporting the cb-cc slave
server down. Once the server is back online, verify that the sponsor SNMP
monitoring system is reporting the cb-cc slave server up. Dump the iptables rules
(/sbin/iptables –L –n > ~/iptables_after_reboot.out) and the routing entries
(/sbin/route > ~/routes_after_reboot.out) and compare to the respective
*_before_reboot files. Verify that the server role is “slave” by running the
/usr/local/bin/check_cb_role script. Verify mysql by running the
/usr/local/bin/check_cb_mysql script (should report “slave”, mysql up with no errors).
Verify CherryTree (on the master) by running the /usr/local/bin/check_cherrytree.sh
script (should report “CherryTree OK”). Verify CherryWeb (on the master) by running
the /usr/local/bin/check_cherryweb.sh script (should report “CherryWeb OK”).
Pass/Fail: The test passes if all verification steps pass.
2.3 Reboot “master cb-vpn server” Test
Description: Tests that the cb-vpn master server can be rebooted and that on
power-up, proper services are running, and the firewall is properly configured.
Setup: From a control terminal, open an ssh console (using PuTTy) to the master
cb-vpn server as root (consult “CB Installation Guide” for IP address and root linux
user credentials). Dump the iptables rules to a file (/sbin/iptables –L –n >
~/iptables_before_reboot.out), and dump the routing entries to a file (/sbin/route >
~/routes_before_reboot.out). Gracefully reboot the system (/sbin/reboot).
Run: Verify that the sponsor SNMP monitoring system is reporting the cb-vpn
master server down. Once the server is back online, verify that the sponsor SNMP
monitoring system is reporting the cb-vpn master server up. Verify that CherryTree
(java service cherrytree) is running. Dump the iptables rules (/sbin/iptables –L –n >
~/iptables_after_reboot.out) and the routing entries (/sbin/route >
~/routes_after_reboot.out) and compare to the respective *_before_reboot files.
UNCLASSIFIED
7

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh