From 543cd253db1818737ebfb85c2f7ea755a0fdffa9 Mon Sep 17 00:00:00 2001
From: John Brydon <jbrydon@secureworks.com>
Date: Mon, 6 Feb 2023 16:30:31 +0000
Subject: [PATCH] T1614.001: Add discovery tests for linux

Signed-off-by: John Brydon <jbrydon@secureworks.com>
---
 atomics/T1614.001/T1614.001.yaml | 75 +++++++++++++++++++++++++++++++-
 1 file changed, 74 insertions(+), 1 deletion(-)

diff --git a/atomics/T1614.001/T1614.001.yaml b/atomics/T1614.001/T1614.001.yaml
index a0490602..775d70b3 100644
--- a/atomics/T1614.001/T1614.001.yaml
+++ b/atomics/T1614.001/T1614.001.yaml
@@ -24,4 +24,77 @@ atomic_tests:
   executor:
     command: |
       chcp
-    name: command_prompt
\ No newline at end of file
+    name: command_prompt
+- name: Discover System Language with locale
+  description: |
+    Identify System language with the `locale` command.
+
+    Upon successful execution, the output will contain the environment variables that indicate
+    the 5 character locale that can be looked up to correlate the language and territory.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      locale
+    name: sh
+- name: Discover System Language with localectl
+  description: |
+    Identify System language with the `localectl` command.
+
+    Upon successful execution, the key `System Locale` from the output will contain the
+    `LANG` environment variable that has the 5 character locale result that can be looked
+    up to correlate the language and territory.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      localectl status
+    name: sh
+- name: Discover System Language by locale file
+  description: |
+    Identify System language with the by reading the locale configuration file.
+
+    The locale configuration file contains the `LANG` environment variable which
+    will contain the 5 character locale that can be looked up to correlate the
+    language and territory.
+  supported_platforms:
+  - linux
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Check the location of the locale configuration file.
+    prereq_command: |
+      [ -f /etc/locale.conf ] || [ -f /etc/default/locale ] && exit 0 || exit 1
+    get_prereq_command: |
+      echo "Test only valid for systems that have locale file"
+  executor:
+    command: |
+      [ -f /etc/locale.conf ] && cat /etc/locale.conf || cat /etc/default/locale
+    name: sh
+- name: Discover System Language by Environment Variable Query
+  description: |
+   Identify System language by checking the environment variables
+
+   Upon successful execution, the 5 character locale result can be looked up to
+   correlate the language and territory. Environment query commands are likely
+   to run with a pattern match command e.g. `printenv | grep LANG`
+
+   Note: `env` and `printenv` will usually provide the same results. `set` is
+   also used as a builtin command that does not generate syscall telemetry but
+   does provide a list of the environment variables.
+  supported_platforms:
+  - linux
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Check if printenv command exists on the machine
+    prereq_command: |
+      [ -x "$(command -v printenv)" ] && exit 0 || exit 1
+    get_prereq_command: |
+      echo "printenv command does not exist"
+  executor:
+    command: |
+      env
+      printenv
+      set
+    name: sh