def test_060_host_quota(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
global app
nuke_rules()
priority_level = 7 # Severely Limited
given_quota = 10000 # 10k
# Remove any existing quota
uvmContext.hostTable().removeQuota(remote_control.client_ip)
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create rule to give quota
append_rule(create_quota_rule("HOST_HAS_NO_QUOTA","true","GIVE_HOST_QUOTA",given_quota))
# Create penalty for exceeding quota
append_rule(create_single_condition_rule("HOST_QUOTA_EXCEEDED","true","SET_PRIORITY",priority_level))
# Download the file so quota is exceeded
global_functions.get_download_speed(meg=1)
# quota accounting occurs every 60 seconds, so we must wait at least 60 seconds
time.sleep(60)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio )
# Remove quota
uvmContext.hostTable().removeQuota(remote_control.client_ip)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Quota Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"action", 1, #quota given
"size", given_quota,
"entity", remote_control.client_ip)
assert(found)
found = global_functions.check_events( events.get('list'), 5,
"action", 2, #quota exceeded
"entity", remote_control.client_ip)
assert(found)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.client_ip)
assert( found )
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip));
blockRackFirewall.setRules(rules);
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] )
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager','All Events',None,100)
assert(events != None)
found = global_functions.check_events( events.get('list'), 100,
"s_server_addr", str(test_untangle_com_ip),
"policy_id", 1,
"c_client_addr", remote_control.client_ip)
assert( found )
def test_030_checkUserRegistrationScript(self):
"""
checkUserRegistration
"""
# remove leading and trailing spaces.
http_admin = global_functions.get_http_url()
assert(http_admin)
test_name = "randomName-" + "".join( [random.choice(string.ascii_letters) for i in range(15)] )
test_name_lower = test_name.lower()
result = register_username(http_admin, test_name)
user_list = get_list_of_username_mapped()
# print('test_name %s' % test_name)
# print('result %s' % result)
# print('user_list %s' % user_list)
found_username = find_name_in_host_table(test_name_lower)
assert(found_username)
assert (result == 0)
assert (test_name_lower in user_list)
events = global_functions.get_events('Directory Connector','API Events',None,1)
assert(events != None)
found_in_reports = global_functions.check_events( events.get('list'), 5,
"login_name",test_name_lower,
"client_addr", remote_control.client_ip)
assert( found_in_reports )
def test_600_web_searches(self):
"""check the web searches log correctly"""
termTests = [{
"host": "www.bing.com",
"uri": "/search?q=oneterm&qs=n&form=QBRE",
"term": "oneterm"
},{
"host": "www.bing.com",
"uri": "/search?q=two+terms&qs=n&form=QBRE",
"term": "two terms"
},{
"host": "www.bing.com",
"uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE",
"term": '"quoted terms"'
}]
host = "www.bing.com"
uri = "/search?q=oneterm&qs=n&form=QBRE"
for t in termTests:
fname = sys._getframe().f_code.co_name
eventTime = datetime.datetime.now()
result1 = remote_control.run_command("wget -q -O - 'http://%s%s' 2>&1 >/dev/null" % ( t["host"], t["uri"] ) )
events = global_functions.get_events(self.displayName(),'All Query Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", t["host"],
"term", t["term"])
assert( found )
def test_052_functional_icmp_log(self):
"""
Check for ICMP (ping)
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test")
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'protocol', "1",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_106_eventlog_smtpVirusPassList(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsite)
addPassSite(testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" % (fname, fname))
if result != 0:
nukePassSites()
assert( False )
# download the email script
result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py")
if result != 0:
nukePassSites()
assert( False )
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
if result != 0:
nukePassSites()
assert( False )
# email the file
result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar" % (testsiteIP, fname))
nukePassSites()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Email Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"addr", "*****@*****.**",
"subject", str(fname),
self.shortName() + '_clean', True,
min_date=startTime )
assert( found )
def test_054_functional_udp_block(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999998",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="udp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
result = remote_control.run_command("host www.companysecret.com 4.2.2.1 > /dev/null")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_110_eventlog_smtpSSLVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
# email the file
result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False)
appSSL.stop()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1)
# print(events['list'][0])
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"addr", "*****@*****.**",
"subject", str(fname),
's_server_addr', testsiteIP,
self.shortName() + '_clean', False,
min_date=startTime)
assert( found )
def test_031_rule_modify(self):
"""
Modify existing rule and rule to enable it
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
rule_desc = appSettings['rules']['list'][0]['description']
if rule_desc != "ATS rule":
raise unittest.SkipTest('Skipping as test test_030_rule_add is needed')
else:
appSettings['rules']['list'][0]['action'] = "log"
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_090_checkTLSwSSLInspector(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + smtpServerHost)
test_untangle_IP = socket.gethostbyname(smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['allowTls'] = False
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
tlsSMTPResult, to_address = sendSpamMail(useTLS=True)
# print("TLS 090 : " + str(tlsSMTPResult))
appSSL.stop()
assert(tlsSMTPResult == 0)
events = global_functions.get_events(self.displayName(),'Quarantined Events',None,1)
assert( events != None )
assert( events.get('list') != None )
print(events['list'][0])
found = global_functions.check_events( events.get('list'), 5,
's_server_addr', test_untangle_IP,
's_server_port', 25,
'addr', to_address,
'c_client_addr', remote_control.client_ip)
assert( found )
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# clear out the signature list
appSettings['signatures']['list'] = []
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999999",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="tcp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
app.forceUpdateStats()
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_detect = global_functions.get_app_metric_value(app,"detect")
pre_events_block = global_functions.get_app_metric_value(app,"block")
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
time.sleep(10)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_detect = global_functions.get_app_metric_value(app,"detect")
post_events_block = global_functions.get_app_metric_value(app,"block")
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert(pre_events_detect < post_events_detect)
assert(pre_events_block < post_events_block)
def test_030_checkSslInspectorInspectorEventLog(self):
remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName))
events = global_functions.get_events('SSL Inspector','All Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"ssl_inspector_status","INSPECTED",
"ssl_inspector_detail",testedServerName)
assert( found )
def test_020_backupNow(self):
global app
boxUID = uvmContext.getServerUID()
app.sendBackup()
events = global_functions.get_events('Configuration Backup','Backup Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'success', True )
assert( found )
def test_040_checkWebFilterEventLog(self):
addBlockedUrl(testedServerName)
remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName))
nukeBlockedUrls()
events = global_functions.get_events('Web Filter','Blocked Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testedServerName,
"web_filter_blocked", True)
assert( found )
def test_101_eventlog_httpNonVirus(self):
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget -q -O - http://" + testsite + "/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testsite,
"uri", ("/test/test.zip?arg=%s" % fname),
self.shortName() + '_clean', True )
assert( found )
def test_102_admin_login_event(self):
uvmContext.adminManager().logAdminLoginEvent( "admin", True, "127.0.1.1", True, 'X' )
events = global_functions.get_events('Administration','Admin Login Events',None,10)
assert(events != None)
for i in events.get('list'):
print(i)
found = global_functions.check_events( events.get('list'), 10,
'client_addr', "127.0.1.1",
'reason', 'X',
'local', True,
'succeeded', True,
'login', 'admin' )
assert( found )
def test_100_eventlog_httpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget -q -O - http://" + testsite + "/virus/eicar.zip?arg=%s 2>&1 | grep -q blocked" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testsite,
"uri", ("/virus/eicar.zip?arg=%s" % fname),
self.shortName() + '_clean', False )
assert( found )
def test_021_check_for_mailshell(self):
if (not self.canRelay):
raise unittest.SkipTest('Unable to relay through ' + global_functions.TEST_SERVER_HOST)
events = global_functions.get_events(self.displayName(),'Quarantined Events',None,8)
if events != None:
assert( events.get('list') != None )
found = False
for event in events['list']:
if 'MAILSHELL_SCORE_' in event['spam_blocker_tests_string']:
found = True
break
assert(found)
else:
raise unittest.SkipTest('No events to check for MAIL_SHELL')
def test_103_eventlog_ftpNonVirus(self):
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"uri", "test.zip",
self.shortName() + '_clean', True )
assert( found )
def test_100_eventlog_httpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget -q -O - http://" + testsite + "/virus/eicar.zip?arg=%s 2>&1 | grep -q blocked" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testsite,
"uri", ("/virus/eicar.zip?arg=%s" % fname),
self.shortName() + '_clean', False )
assert( found )
def test_102_reports_all_urls(self):
"""check the All Web Events report"""
fname = sys._getframe().f_code.co_name
self.block_url_list_clear();
# specify an argument so it isn't confused with other events
result1 = remote_control.run_command("wget -q -O - http://test.untangle.com/test/testPage1.html?arg=%s 2>&1 >/dev/null" % fname)
events = global_functions.get_events(self.displayName(),'All Web Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host","test.untangle.com",
"uri", ("/test/testPage1.html?arg=%s" % fname),
'web_filter_blocked', False,
'web_filter_flagged', False )
assert( found )
def test_103_eventlog_ftpNonVirus(self):
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"uri", "test.zip",
self.shortName() + '_clean', True )
assert( found )
def test_102_admin_login_event(self):
uvmContext.adminManager().logAdminLoginEvent("admin", True,
"127.0.1.1", True, 'X')
events = global_functions.get_events('Administration',
'Admin Login Events', None, 10)
assert (events != None)
for i in events.get('list'):
print(i)
found = global_functions.check_events(events.get('list'), 10,
'client_addr', "127.0.1.1",
'reason', 'X', 'local', True,
'succeeded', True, 'login',
'admin')
assert (found)
def test_023_eventlog_blockedAd(self):
fname = sys._getframe().f_code.co_name
# specify an argument so it isn't confused with other events
eventTime = datetime.datetime.now()
result = remote_control.run_command("wget -4 -q -O /dev/null http://ads.pubmatic.com/AdServer/js/showad.js?arg=%s" % fname)
assert ( result != 0 )
events = global_functions.get_events('Ad Blocker','Blocked Ad Events',None,1)
assert( events != None )
found = global_functions.check_events( events.get('list'), 5,
'host', 'ads.pubmatic.com',
'uri', ("/AdServer/js/showad.js?arg=%s" % fname),
'ad_blocker_action', 'B' )
assert( found )
def test_100_eventlog_Block_Google(self):
touchProtoRule("Google",True,True)
result = remote_control.run_command("wget -O /dev/null -4 -t 2 --timeout=5 http://www.google.com/")
assert (result != 0)
time.sleep(1)
events = global_functions.get_events('Application Control','Blocked Sessions',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"application_control_application", "GOOGLE",
"application_control_category", "Web Services",
"application_control_blocked", True,
"application_control_flagged", True)
assert( found )
def test_050_severely_limited_web_filter_flagged(self):
global app, app_web_filter
nuke_rules(self._app)
pre_count = global_functions.get_app_metric_value(app, "prioritize")
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(
download_server="test.untangle.com")
# Create WEB_FILTER_FLAGGED based rule to limit bandwidth
append_rule(
self._app,
create_single_condition_rule("WEB_FILTER_FLAGGED", "true",
"SET_PRIORITY", priority_level))
# Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology
settingsWF = app_web_filter.getSettings()
i = 0
untangleCats = ["Computer,", "Security"]
for webCategories in settingsWF['categories']['list']:
if any(x in webCategories['name'] for x in untangleCats):
settingsWF['categories']['list'][i]['flagged'] = "true"
i += 1
app_web_filter.setSettings(settingsWF)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(
download_server="test.untangle.com")
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control',
'Prioritized Sessions', None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"bandwidth_control_priority",
priority_level, "c_client_addr",
remote_control.client_ip)
assert (found)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app, "prioritize")
assert (pre_count < post_count)
def test_033_block_by_Hostname(self):
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
self.rules_clear()
self.rule_add("DST_PORT","53",action="pass") # allow DNS otherwise bridged configs fail
self.rule_add("HOST_HOSTNAME",entry['hostname'])
result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q blocked")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Blocked Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"hostname",entry['hostname'],
self.eventAppName() + '_blocked', True,
self.eventAppName() + '_flagged', True )
assert( found )
def test_101_eventlog_httpNonVirus(self):
fname = sys._getframe().f_code.co_name
result = remote_control.run_command(
"wget -q -O - http://" + testsite +
"/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Clean Web Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, "host", testsite, "uri",
("/test/test.zip?arg=%s" % fname),
self.shortName() + '_clean', True)
assert (found)
def test_101_reports_flagged_url(self):
"""check the Flagged Web Events report"""
fname = sys._getframe().f_code.co_name
self.block_url_list_clear();
self.block_url_list_add("test.untangle.com/test/testPage1.html", blocked=False, flagged=True)
# specify an argument so it isn't confused with other events
result1 = remote_control.run_command("wget -q -O - http://test.untangle.com/test/testPage1.html?arg=%s 2>&1 >/dev/null" % fname)
events = global_functions.get_events(self.displayName(),'Flagged Web Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host","test.untangle.com",
"uri", ("/test/testPage1.html?arg=%s" % fname),
'web_filter_blocked', False,
'web_filter_flagged', True )
assert( found )
def test_052_functional_icmp_log(self):
"""
Check for ICMP (ping)
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest(
"IperfServer test client unreachable, skipping alternate port forwarding test"
)
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(
0,
create_rule(action="log", rule_type="CATEGORY", type_value="scan"))
app.setSettings(appSettings, True)
self.do_wait_for_daemon_ready()
startTime = datetime.datetime.now()
# Ensure the icmp request includes the string ISSPNGRQ in it so we are sure to trigger a detected scan event
# see sid: 2100465 "GPL SCAN ISS Pinger"
remote_control.run_command("ping -c 1 -p 495353504e475251 " + wan_ip +
" >/dev/null 2>&1",
host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 5)
found = global_functions.check_events(events.get('list'),
5,
'protocol',
"1",
'blocked',
False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert (found)
def test_080_multiple_rule_conditions_matching(self):
"""Verify that conditions are AND logic"""
self.rules_clear()
self.multiple_rule_add("DST_ADDR",global_functions.test_server_ip,"DST_PORT","443")
result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com 2>&1 | grep -q Hi")
assert (result == 0)
result = remote_control.run_command("wget --no-check-certificate -q -4 -t 2 -O - https://test.untangle.com 2>&1 | grep -q blocked")
self.rules_clear()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'All Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 1,
"host","test.untangle.com",
self.eventAppName() + '_blocked', True,
self.eventAppName() + '_flagged', True )
assert( found )
def test_102_eventlog_ftpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"uri", "fedexvirus.zip",
self.shortName() + '_clean', False )
assert( found )
def test_050_alert_rule(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['alertRules']['list'].append( new_rule )
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
events = global_functions.get_events('Events','Alert Events',None,10)
found = global_functions.check_events( events.get('list'), 5,
'description', 'test alert rule' )
uvmContext.eventManager().setSettings( orig_settings )
assert(events != None)
assert ( found )
def test_021_check_for_mailshell(self):
if (not self.canRelay):
raise unittest.SkipTest('Unable to relay through ' +
global_functions.TEST_SERVER_HOST)
events = global_functions.get_events(self.displayName(),
'Quarantined Events', None, 8)
if events != None:
assert (events.get('list') != None)
found = False
for event in events['list']:
if 'MAILSHELL_SCORE_' in event['spam_blocker_tests_string']:
found = True
break
assert (found)
else:
raise unittest.SkipTest('No events to check for MAIL_SHELL')
def test_100_eventlog_Block_Google(self):
touchProtoRule("Google", True, True)
result = remote_control.run_command(
"wget -O /dev/null -4 -t 2 --timeout=5 http://www.google.com/")
assert (result != 0)
time.sleep(1)
events = global_functions.get_events('Application Control',
'Blocked Sessions', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, "application_control_application", "GOOGLE",
"application_control_category", "Web Services",
"application_control_blocked", True, "application_control_flagged",
True)
assert (found)
def test_102_eventlog_ftpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"uri", "fedexvirus.zip",
self.shortName() + '_clean', False )
assert( found )
def test_200_scanFileExtension(self):
"""test that "Scan" option in advanced tab is scanned, using zip file"""
#find 'zip' file extension and enable scan option
enableFileExtensionScan("zip")
remote_control.run_command("wget -q -O - http://test.untangle.com/test/test.zip 2>&1")
events = global_functions.get_events(self.displayName(),'Scanned Web Events',None,1)
assert(events != None)
found = global_functions.check_events(events.get("list"), 50,
'host', 'test.untangle.com',
'c_client_addr', remote_control.client_ip,
'uri', '/test/test.zip')
assert(found)
def test_050_alert_rule(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['alertRules']['list'].append( new_rule )
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
events = global_functions.get_events('Events','Alert Events',None,10)
found = global_functions.check_events( events.get('list'), 5,
'description', 'test alert rule' )
uvmContext.eventManager().setSettings( orig_settings )
assert(events != None)
assert ( found )
def test_200_scanFileExtension(self):
"""test that "Scan" option in advanced tab is scanned, using zip file"""
#find 'zip' file extension and enable scan option
enableFileExtensionScan("zip")
remote_control.run_command("wget -q -O - http://test.untangle.com/test/test.zip 2>&1")
events = global_functions.get_events(self.displayName(),'Scanned Web Events',None,1)
assert(events != None)
found = global_functions.check_events(events.get("list"), 50,
'host', 'test.untangle.com',
'c_client_addr', remote_control.client_ip,
'uri', '/test/test.zip')
assert(found)
def test_023_eventlog_blockedAd(self):
fname = sys._getframe().f_code.co_name
# specify an argument so it isn't confused with other events
eventTime = datetime.datetime.now()
result = remote_control.run_command(
"wget -4 -q -O /dev/null http://ads.pubmatic.com/AdServer/js/showad.js?arg=%s"
% fname)
assert (result != 0)
events = global_functions.get_events('Ad Blocker', 'Blocked Ad Events',
None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, 'host', 'ads.pubmatic.com', 'uri',
("/AdServer/js/showad.js?arg=%s" % fname), 'ad_blocker_action',
'B')
assert (found)
def test_070_penalty_rule(self):
global app
nuke_rules(self._app)
tag_time = 2000000
# remove tags
entry = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
entry['tags']['list'] = []
entry = uvmContext.hostTable().setHostTableEntry(
remote_control.client_ip, entry)
# Create penalty rule
append_rule(
self._app,
create_penalty_rule("SRC_ADDR", remote_control.client_ip,
"TAG_HOST", "penalty-box", tag_time))
# go to test.untangle.com
result = remote_control.is_online()
# Look for tag
entry = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
print(entry['tags']['list'])
found = False
for tag in entry['tags']['list']:
if tag['name'] == 'penalty-box':
found = True
assert (found)
# remove tags
entry['tags']['list'] = []
entry = uvmContext.hostTable().setHostTableEntry(
remote_control.client_ip, entry)
# check penalty box
events = global_functions.get_events('Hosts', 'Hosts Events', None, 50)
assert (events != None)
event = global_functions.find_event(events.get('list'), 50, "address",
remote_control.client_ip, "key",
"tags")
print(event)
assert ((event != None))
def test_900_logEventLog(self):
rules_clear()
rule_append(
create_rule_single_condition("DST_PORT",
"80",
blocked=False,
flagged=False))
result = remote_control.is_online()
assert (result == 0)
events = global_functions.get_events('Firewall', 'All Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'c_client_addr',
remote_control.client_ip,
's_server_port', 80,
'firewall_blocked', False,
'firewall_flagged', False)
def test_040_balanced(self):
if (len(index_of_wans) < 2):
raise unittest.SkipTest("Need at least two WANS for test_040_routedByIPWan")
# Set weighting to default
set_wan_weight("all", 50)
# Test balanced
# send netcat UDP to random IPs
result = remote_control.run_command("for i in \`seq 100\` ; do echo \"test\" | netcat -u -w1 -q1 1.2.3.\$i 7 >/dev/null ; done",stdout=False)
events = global_functions.get_events('Network','All Sessions',None,20)
assert(events != None)
for wanIndexTup in index_of_wans:
found = global_functions.check_events( events.get('list'), 20,
"server_intf", wanIndexTup[0],
"c_client_addr", remote_control.client_ip,
"s_server_port", 7)
assert(found)
def test_054_functional_udp_block(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
appSettings['signatures']['list'].append(
create_signature(gid="1",
sid="1999998",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="udp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(
0,
create_rule(action="block",
rule_type="CATEGORY",
type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
result = remote_control.run_command(
"host www.companysecret.com 4.2.2.1 > /dev/null")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 5)
found = global_functions.check_events(events.get('list'),
5,
'msg',
"CompanySecret",
'blocked',
True,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert (found)
def test_040_testFtpPatternBlock(self):
nukepatterns()
addPatterns(definition="^220[\x09-\x0d -~]*ftp",
protocol="FTP",
blocked=True,
category="Web",
description="File Transfer Protocol")
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 ftp://test.untangle.com")
assert (result != 0)
time.sleep(3);
events = global_functions.get_events('Application Control Lite','All Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'FTP',
'application_control_lite_blocked', True )
assert( found )
def test_060_testDnsUdpPatternBlock(self):
nukepatterns()
addPatterns(definition="^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c]",
protocol="DNS",
blocked=True,
category="Web",
description="Domain Name System")
result = remote_control.run_command("host -R 1 www.google.com 8.8.8.8")
assert (result != 0)
time.sleep(3);
events = global_functions.get_events('Application Control Lite','All Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'DNS',
'application_control_lite_blocked', True )
assert( found )
def test_030_testHttpPatternBlocked(self):
nukepatterns()
addPatterns(definition="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\\x09-\\x0d -~]* http/[01]\\.[019]",
protocol="HTTP",
blocked=True,
category="Web",
description="HyperText Transfer Protocol")
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
time.sleep(3);
events = global_functions.get_events('Application Control Lite','All Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'HTTP',
'application_control_lite_blocked', True )
assert( found )
def test_110_eventlog_smtpSSLVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command(
"wget -q -O /tmp/email_script.py http://" + testsite +
"/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0, createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
# email the file
result = remote_control.run_command(
"/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls"
% (testsiteIP, fname),
nowait=False)
appSSL.stop()
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Infected Email Events', None, 1)
# print(events['list'][0])
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
"addr",
"*****@*****.**",
"subject",
str(fname),
's_server_addr',
testsiteIP,
self.shortName() + '_clean',
False,
min_date=startTime)
assert (found)
def test_060_queryEventLog(self):
termTests = [{
"host": "www.bing.com",
"uri": "/search?q=oneterm&qs=n&form=QBRE",
"term": "oneterm"
}, {
"host": "www.bing.com",
"uri": "/search?q=two+terms&qs=n&form=QBRE",
"term": "two terms"
}, {
"host": "www.bing.com",
"uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE",
"term": '"quoted terms"'
}, {
"host": "search.yahoo.com",
"uri": "/search?p=oneterm",
"term": "oneterm"
}, {
"host": "search.yahoo.com",
"uri": "/search?p=%22quoted+terms%22",
"term": '"quoted terms"'
}, {
"host": "search.yahoo.com",
"uri": "/search?p=two+terms",
"term": "two terms"
}]
host = "www.bing.com"
uri = "/search?q=oneterm&qs=n&form=QBRE"
for t in termTests:
eventTime = datetime.datetime.now()
result = remote_control.run_command(
"curl -s -4 -o /dev/null -A 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' --connect-timeout 10 --insecure 'https://%s%s'"
% (t["host"], t["uri"]))
assert (result == 0)
events = global_functions.get_events('Web Filter',
'All Search Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"host", t["host"], "term",
t["term"])
assert (found)
def test_106_eventlog_smtpVirusPassList(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsite)
addPassSite(self._app, testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" %
(fname, fname))
if result != 0:
nukePassSites(self._app)
assert (False)
# download the email script
result = remote_control.run_command(
"wget -q -O /tmp/email_script.py http://" + testsite +
"/test/email_script.py")
if result != 0:
nukePassSites(self._app)
assert (False)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
if result != 0:
nukePassSites(self._app)
assert (False)
# email the file
result = remote_control.run_command(
"/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar"
% (testsiteIP, fname))
nukePassSites(self._app)
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Clean Email Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
"addr",
"*****@*****.**",
"subject",
str(fname),
self.shortName() + '_clean',
True,
min_date=startTime)
assert (found)
def test_903_blockLocalEventLog(self):
rules_clear()
rule_append(create_rule_single_condition("CLIENT_COUNTRY","XL"))
pre_events_block = global_functions.get_app_metric_value(app,"block")
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
events = global_functions.get_events('Firewall','Blocked Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'client_country', "XL",
'firewall_blocked', True,
'firewall_flagged', True)
assert( found )
# Check to see if the faceplate counters have incremented.
post_events_block = global_functions.get_app_metric_value(app,"block")
assert(pre_events_block < post_events_block)
def test_040_smtpDropPhishBlockerTest(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through' + smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 5
appData['smtpConfig']['msgAction'] = "DROP"
app.setSettings(appData)
# Get the IP address of test.untangle.com
ip_address_testuntangle = socket.gethostbyname(smtpServerHost)
sendPhishMail(mailfrom="test040")
events = global_functions.get_events('Phish Blocker',
'All Phish Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, 'c_server_addr', ip_address_testuntangle,
's_server_port', 25, 'addr', '*****@*****.**',
'c_client_addr', remote_control.client_ip, 'phish_blocker_action',
'D')
assert (found)
def check_events(self, host="", uri="", blocked=True, flagged=None):
app_display_name = self.app.getAppTitle()
if flagged == None:
flagged = blocked
if (("Monitor" in app_display_name) and blocked):
blocked = False
if (blocked):
event_list = "Blocked Web Events"
elif (flagged):
event_list = "Flagged Web Events"
else:
event_list = "All Web Events"
events = global_functions.get_events(app_display_name, event_list, None, 10)
assert(events != None)
found = global_functions.check_events( events.get('list'), 10,
"host", host,
"uri", uri,
'web_filter_blocked', blocked,
'web_filter_flagged', flagged )
return found
def test_050_severely_limited_web_filter_flagged(self):
global app, app_web_filter
nuke_rules()
pre_count = global_functions.get_app_metric_value(app,"prioritize")
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(download_server="test.untangle.com")
# Create WEB_FILTER_FLAGGED based rule to limit bandwidth
append_rule(create_single_condition_rule("WEB_FILTER_FLAGGED","true","SET_PRIORITY",priority_level))
# Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology
settingsWF = app_web_filter.getSettings()
i = 0
untangleCats = ["Computer,", "Security"]
for webCategories in settingsWF['categories']['list']:
if any(x in webCategories['name'] for x in untangleCats):
settingsWF['categories']['list'][i]['flagged'] = "true"
i += 1
app_web_filter.setSettings(settingsWF)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(download_server="test.untangle.com")
print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio )
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.client_ip)
assert( found )
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app,"prioritize")
assert(pre_count < post_count)
def test_031_rule_modify(self):
"""
Modify existing rule and rule to enable it
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
rule_desc = appSettings['rules']['list'][0]['description']
if rule_desc != "ATS rule":
raise unittest.SkipTest(
'Skipping as test test_030_rule_add is needed')
else:
appSettings['rules']['list'][0]['action'] = "log"
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret"
)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 5)
found = global_functions.check_events(events.get('list'),
5,
'msg',
"CompanySecret",
'blocked',
False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert (found)
def test_904_flagLocalEventLog(self):
rules_clear()
rule_append(
create_rule_single_condition("CLIENT_COUNTRY",
"XL",
blocked=False,
flagged=True))
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result == 0)
events = global_functions.get_events('Firewall', 'Flagged Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'c_client_addr',
remote_control.client_ip,
'client_country', "XL",
'firewall_blocked', False,
'firewall_flagged', True)
assert (found)
