def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
self.path = "/etc/pam.d/screensaver"
self.tmppath = self.path + ".utmp"
ssText = '''# screensaver: auth account
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser \
fail_safe'''
if os.path.exists(self.path):
os.rename(self.path, self.tmppath)
createFile(self.path, self.logdispatch)
writeFile(self.path, ssText, self.logdispatch)
return success
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
self.path = "/etc/pam.d/screensaver"
self.tmppath = self.path + ".utmp"
ssText = '''# screensaver: auth account
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser \
fail_safe'''
if os.path.exists(self.path):
os.rename(self.path, self.tmppath)
createFile(self.path, self.logdispatch)
writeFile(self.path, ssText, self.logdispatch)
return success
def setCommonConditions(self, sshfile, directives):
'''Common system pre condition setting
:param self: essential if you override this definition
:param sshfile: ssh file to be fuzzed
:param directives: intentionally incorrect directives to fuzz file with
:returns: boolean - If successful True; If failure False
@author: dwalker
'''
# In this method, unlike the methods inside the rule, we don't
# need a portion for Ubuntu to make sure directives aren't present
# because we can put those directives in the file(s) to fuzz them
success = True
directives = dict(directives)
tpath = sshfile + ".tmp"
if not os.path.exists(sshfile):
if not createFile(sshfile, self.logger):
success = False
debug = "Unable to create " + sshfile + " for setting " + \
"pre-conditions"
self.logger.log(LogPriority.DEBUG, debug)
return False
editor = KVEditorStonix(self.statechglogger, self.logger, "conf",
sshfile, tpath, directives, "present", "space")
if not editor.report():
if not editor.fix():
success = False
debug = "Kveditor fix for file " + sshfile + " not successful"
self.logger.log(LogPriority.DEBUG, debug)
elif not editor.commit():
success = False
debug = "Kveditor commit for file " + sshfile + " not successful"
self.logger.log(LogPriority.DEBUG, debug)
if checkPerms(sshfile, [0, 0, 0o755], self.logger):
if not setPerms(sshfile, [0, 0, 0o755], self.logger):
success = False
debug = "Unable to set incorrect permissions on " + \
sshfile + " for setting pre-conditions"
self.logger.log(LogPriority.DEBUG, debug)
return success
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
self.path = "/etc/securetty"
self.tmppath = self.path + ".utmp"
sttyText = '''vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
tty1
tty2
tty3
tty4
tty5
tty6
console
ttyS0
ttyS1
'''
if os.path.exists(self.path):
try:
os.rename(self.path, self.tmppath)
except Exception:
success = False
self.logdispatch.log(LogPriority.ERROR, traceback.format_exc())
if not createFile(self.path, self.logdispatch):
success = False
if not writeFile(self.path, sttyText, self.logdispatch):
success = False
return success
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
self.path = "/etc/securetty"
self.tmppath = self.path + ".utmp"
sttyText = '''vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
tty1
tty2
tty3
tty4
tty5
tty6
console
ttyS0
ttyS1
'''
if os.path.exists(self.path):
try:
os.rename(self.path, self.tmppath)
except Exception:
success = False
self.logdispatch.log(LogPriority.ERROR, traceback.format_exc())
if not createFile(self.path, self.logdispatch):
success = False
if not writeFile(self.path, sttyText, self.logdispatch):
success = False
return success
