def RunXinetdCheck(self,
chk_id,
svc,
disabled,
sym,
found,
xinetd=False,
should_detect=True):
host_data = self.SetKnowledgeBase()
cfgs = parsers_test_lib.GenXinetd(svc, disabled)
pathspecs, files = artifact_test_lib.GenPathspecFileData(cfgs)
data = list(self.parser(None, pathspecs, files))
# create entries on whether xinetd itself is setup to start or not
if xinetd:
cfgs = parsers_test_lib.GenInit(
"xinetd", "the extended Internet services daemon")
pathspecs, files = artifact_test_lib.GenPathspecFileData(cfgs)
lsb_parser = linux_service_parser.LinuxLSBInitParser()
data.extend(list(lsb_parser.ParseFiles(None, pathspecs, files)))
host_data["LinuxServices"] = self.SetArtifactData(parsed=data)
results = self.RunChecks(host_data)
if should_detect:
self.assertCheckDetectedAnom(chk_id, results, sym, found)
else:
self.assertCheckUndetected(chk_id, results)
def testParseXinetd(self):
"""Xinetd entries return accurate LinuxServiceInformation values."""
configs = parsers_test_lib.GenXinetd("telnet", "yes")
configs.update(parsers_test_lib.GenXinetd("forwarder", "no"))
pathspecs, files = artifact_test_lib.GenPathspecFileData(configs)
parser = linux_service_parser.LinuxXinetdParser()
results = list(parser.ParseFiles(None, pathspecs, files))
self.assertLen(results, 2)
self.assertCountEqual(["forwarder", "telnet"],
[r.name for r in results])
for rslt in results:
self.assertFalse(rslt.start_on)
self.assertFalse(rslt.stop_on)
self.assertFalse(rslt.stop_after)
if rslt.name == "telnet":
self.assertFalse(rslt.start_mode)
self.assertFalse(rslt.start_after)
self.assertFalse(rslt.starts)
else:
self.assertEqual(
rslt.start_mode,
rdf_client.LinuxServiceInformation.StartMode.XINETD)
self.assertCountEqual(["xinetd"], list(rslt.start_after))
self.assertTrue(rslt.starts)
def testSkipBadLSBInit(self):
"""Bad Init entries fail gracefully."""
empty = ""
snippet = r"""# Provides: sshd"""
unfinished = """
### BEGIN INIT INFO
what are you thinking?
"""
data = {
"/tmp/empty": empty.encode("utf-8"),
"/tmp/snippet": snippet.encode("utf-8"),
"/tmp/unfinished": unfinished.encode("utf-8"),
}
pathspecs, files = artifact_test_lib.GenPathspecFileData(data)
parser = linux_service_parser.LinuxLSBInitParser()
results = list(parser.ParseFiles(None, pathspecs, files))
self.assertFalse(results)
def testParseLSBInit(self):
"""Init entries return accurate LinuxServiceInformation values."""
configs = parsers_test_lib.GenInit("sshd", "OpenBSD Secure Shell server")
pathspecs, files = artifact_test_lib.GenPathspecFileData(configs)
parser = linux_service_parser.LinuxLSBInitParser()
results = list(parser.ParseFiles(None, pathspecs, files))
self.assertIsInstance(results[0], rdf_client.LinuxServiceInformation)
result = results[0]
self.assertEqual("sshd", result.name)
self.assertEqual("OpenBSD Secure Shell server", result.description)
self.assertEqual("INIT", result.start_mode)
self.assertCountEqual([2, 3, 4, 5], result.start_on)
self.assertCountEqual([1], result.stop_on)
self.assertCountEqual([
"umountfs", "umountnfs", "sendsigs", "rsyslog", "sysklogd", "syslog-ng",
"dsyslog", "inetutils-syslogd"
], result.start_after)
self.assertCountEqual(
["rsyslog", "sysklogd", "syslog-ng", "dsyslog", "inetutils-syslogd"],
result.stop_after)
def testParseMultiple(self):
"""Tests for the ParseMultiple() method."""
parser = linux_pam_parser.PAMParser()
# Parse the simplest 'normal' config we can.
# e.g. a single entry for 'telnet' with no includes etc.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
TELNET_ONLY_CONFIG)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
self.assertCountEqual(TELNET_ONLY_CONFIG_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertEqual([], out[0].external_config)
# Parse the simplest 'normal' config we can but with an effectively
# empty /etc/pam.conf file.
# e.g. a single entry for 'telnet' with no includes etc.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
TELNET_WITH_PAMCONF)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
entry = out[0].entries[0]
self.assertEqual(
('telnet', 'auth',
'[success=ok new_authtok_reqd=ok ignore=ignore default=bad]',
'testing.so', 'module arguments'), self._EntryToTuple(entry))
self.assertCountEqual(TELNET_WITH_PAMCONF_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertEqual([], out[0].external_config)
# Parse a simple old-style pam config. i.e. Just /etc/pam.conf.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
PAM_CONF_SIMPLE)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
self.assertCountEqual(PAM_CONF_SIMPLE_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertEqual([], out[0].external_config)
# Parse a simple old-style pam config overriding a 'new' style config.
# i.e. Configs in /etc/pam.conf override everything else.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
PAM_CONF_OVERRIDE)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
self.assertCountEqual(PAM_CONF_OVERRIDE_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertEqual([], out[0].external_config)
# Parse a complex old-style pam config overriding a 'new' style config but
# the /etc/pam.conf includes parts from the /etc/pam.d dir.
# i.e. Configs in /etc/pam.conf override everything else but imports stuff.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
PAM_CONF_OVERRIDE_COMPLEX)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
self.assertCountEqual(PAM_CONF_OVERRIDE_COMPLEX_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertEqual([], out[0].external_config)
# Parse a normal-looking pam configuration.
# i.e. A no-op of a /etc/pam.conf with multiple files under /etc/pam.d
# that have includes etc.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
PAM_CONF_TYPICAL)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
self.assertCountEqual(PAM_CONF_TYPICAL_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertEqual([], out[0].external_config)
# Parse a config which has references to external or missing files.
pathspecs, file_objs = artifact_test_lib.GenPathspecFileData(
PAM_CONF_EXTERNAL_REF)
out = list(parser.ParseFiles(self.kb, pathspecs, file_objs))
self.assertLen(out, 1)
self.assertIsInstance(out[0], rdf_config_file.PamConfig)
self.assertCountEqual(PAM_CONF_EXTERNAL_REF_EXPECTED,
self._EntriesToTuples(out[0].entries))
self.assertCountEqual(PAM_CONF_EXTERNAL_REF_ERRORS,
list(out[0].external_config))
