def test_firewall_enabled_pos(): with mock.patch('iptc.Table') as ipt: chain0 = mock.Mock() chain0.name = 'INPUT' chain0.rules = [object(), object()] ipt.return_value = [chain0] assert is_firewall_enabled() is True
def test_firewall_enabled_neg(): with mock.patch('iptc.Table') as ipt: chain0 = mock.Mock() chain0.name = 'INPUT' chain0.rules = [] ipt.return_value = [chain0] assert is_firewall_enabled() is False
def send_ping(debug=False, dev=False): can_read_cert() payload = { 'device_operating_system_version': platform.release(), 'fqdn': socket.getfqdn(), 'ipv4_address': get_primary_ip(), 'uptime': get_uptime(), 'scan_info': get_open_ports(), 'netstat': security_helper.netstat_scan(), 'processes': security_helper.process_scan(), 'firewall_enabled': security_helper.is_firewall_enabled(), 'firewall_rules': security_helper.get_firewall_rules(), 'app_armor_enabled': security_helper.is_app_armor_enabled() } rpi_metadata = rpi_helper.detect_raspberry_pi() if rpi_metadata['is_raspberry_pi']: payload['device_manufacturer'] = 'Raspberry Pi' payload['device_model'] = rpi_metadata['hardware_model'] if debug: print("[GATHER] Ping: {}".format(payload)) ping = requests.post('{}/v0.2/ping'.format(MTLS_ENDPOINT), cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH), json=payload, headers={ 'SSL-CLIENT-SUBJECT-DN': 'CN=' + get_device_id(), 'SSL-CLIENT-VERIFY': 'SUCCESS' } if dev else {}) if debug: print("[RECEIVED] Ping: {}".format(ping.status_code)) print("[RECEIVED] Ping: {}".format(ping.content)) if not ping.ok: print('Ping failed.') return pong = ping.json() security_helper.block_ports(pong.get('block_ports', [])) security_helper.block_networks(pong.get('block_networks', []))
def test_firewall_enabled_neg(): with mock.patch('agent.iptc_helper.dump_chain') as dump_chain: dump_chain.return_value = [] assert is_firewall_enabled() is False
def test_firewall_enabled_pos(): with mock.patch('agent.iptc_helper.dump_chain') as dump_chain: dump_chain.return_value = [{'dst': 'DROP'}] assert is_firewall_enabled() is True
def test_firewall_enabled_neg(): with mock.patch('agent.iptc_helper.get_policy') as get_policy: get_policy.return_value = 'ACCEPT' assert is_firewall_enabled() is False
def test_firewall_enabled_pos(): with mock.patch('agent.iptc_helper.get_policy') as get_policy: get_policy.return_value = 'DROP' assert is_firewall_enabled() is True