def test_060_host_quota(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') global app nuke_rules() priority_level = 7 # Severely Limited given_quota = 10000 # 10k # Remove any existing quota uvmContext.hostTable().removeQuota(remote_control.client_ip) # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed() # Create rule to give quota append_rule(create_quota_rule("HOST_HAS_NO_QUOTA","true","GIVE_HOST_QUOTA",given_quota)) # Create penalty for exceeding quota append_rule(create_single_condition_rule("HOST_QUOTA_EXCEEDED","true","SET_PRIORITY",priority_level)) # Download the file so quota is exceeded global_functions.get_download_speed(meg=1) # quota accounting occurs every 60 seconds, so we must wait at least 60 seconds time.sleep(60) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed() print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio ) # Remove quota uvmContext.hostTable().removeQuota(remote_control.client_ip) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control','Quota Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "action", 1, #quota given "size", given_quota, "entity", remote_control.client_ip) assert(found) found = global_functions.check_events( events.get('list'), 5, "action", 2, #quota exceeded "entity", remote_control.client_ip) assert(found) events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert( found )
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_031_rule_modify(self): """ Modify existing rule and rule to enable it """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') rule_desc = appSettings['rules']['list'][0]['description'] if rule_desc != "ATS rule": raise unittest.SkipTest('Skipping as test test_030_rule_add is needed') else: appSettings['rules']['list'][0]['action'] = "log" app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_110_eventlog_smtpSSLVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name # download the email script result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") assert (result == 0) result = remote_control.run_command("chmod 775 /tmp/email_script.py") assert (result == 0) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() # email the file result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False) appSSL.stop() assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1) # print(events['list'][0]) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), 's_server_addr', testsiteIP, self.shortName() + '_clean', False, min_date=startTime) assert( found )
def test_021_shieldOffNmap(self): # enable logging of blocked settings netsettings = uvmContext.networkManager().getNetworkSettings() netsettings['logBlockedSessions'] = True netsettings['logBypassedSessions'] = True uvmContext.networkManager().setNetworkSettings(netsettings) settings = app.getSettings() settings['shieldEnabled'] = False app.setSettings(settings) start_time = datetime.datetime.now() result = remote_control.run_command( "nmap -PN -sT -T5 --min-parallelism 15 -p10000-10100 1.2.3.5 2>&1 >/dev/null" ) assert (result == 0) events = global_functions.get_events('Shield', 'Blocked Session Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 's_server_addr', '1.2.3.5', min_date=start_time) assert (not found)
def test_023_childShouldNotEffectParent(self): # add a child that blocks everything blockRackId = addRack(name="Block Rack", parentId=default_policy_id) blockRackFirewall = uvmContext.appManager().instantiate( "firewall", blockRackId) assert (blockRackFirewall != None) # add a block rule for the client IP rules = blockRackFirewall.getRules() rules["list"].append( createFirewallSingleConditionRule("SRC_ADDR", remote_control.client_ip)) blockRackFirewall.setRules(rules) # client should still be online result = remote_control.is_online() assert (result == 0) uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"]) assert (removeRack(blockRackId)) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") events = global_functions.get_events('Policy Manager', 'All Events', None, 100) assert (events != None) found = global_functions.check_events(events.get('list'), 100, "s_server_addr", str(test_untangle_com_ip), "policy_id", 1, "c_client_addr", remote_control.client_ip) assert (found)
def test_090_checkTLSwSSLInspector(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) test_untangle_IP = socket.gethostbyname(smtpServerHost) appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['allowTls'] = False appData['smtpConfig']['strength'] = 30 app.setSettings(appData) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() tlsSMTPResult, to_address = sendSpamMail(useTLS=True) # print("TLS 090 : " + str(tlsSMTPResult)) appSSL.stop() assert(tlsSMTPResult == 0) events = global_functions.get_events(self.displayName(),'Quarantined Events',None,1) assert( events != None ) assert( events.get('list') != None ) print(events['list'][0]) found = global_functions.check_events( events.get('list'), 5, 's_server_addr', test_untangle_IP, 's_server_port', 25, 'addr', to_address, 'c_client_addr', remote_control.client_ip) assert( found )
def test_060_checkTLSwSSLInspector(self): global appSSL if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) if (not mail_app): raise unittest.SkipTest('Unable download mailsendder app') ip_address_testuntangle = socket.gethostbyname(smtpServerHost) appSSL.start() tlsSMTPResult = sendPhishMail(mailfrom="test060", host=smtpServerHost, useTLS=True) # print("TLS : " + str(tlsSMTPResult)) appSSL.stop() assert (tlsSMTPResult == 0) events = global_functions.get_events('Phish Blocker', 'All Phish Events', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, 'c_server_addr', ip_address_testuntangle, 's_server_port', 25, 'addr', '*****@*****.**', 'c_client_addr', remote_control.client_ip, 'phish_blocker_action', 'D')
def test_610_web_search_rules(self): """check the https web rule searches log correctly""" term = "boobs" termTests = [{ "host": "www.bing.com", "uri": ("/search?q=%s&qs=n&form=QBRE" % term), }, { "host": "search.yahoo.com", "uri": ("/search?p=%s" % term), }, { "host": "www.google.com", "uri": ("/search?hl=en&q=%s" % term), }] search_term_rule_add(term) for t in termTests: eventTime = datetime.datetime.now() result = remote_control.run_command( "curl -s -4 -o /dev/null -A 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' --connect-timeout 10 --insecure 'https://%s%s'" % (t["host"], t["uri"])) assert (result == 0) events = global_functions.get_events("Web Filter", 'All Search Events', None, 1) found = global_functions.check_events(events.get('list'), 5, "host", t["host"], "term", term, 'blocked', True, 'flagged', True) assert (found) search_term_rules_clear()
def test_020_testHttpPatternLog(self): nukepatterns(self._app) addPatterns( self._app, definition= "http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\\x09-\\x0d -~]* http/[01]\\.[019]", protocol="HTTP", category="Web", description="HyperText Transfer Protocol") result = remote_control.run_command( "wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") nukepatterns(self._app) assert (result == 0) time.sleep(3) events = global_functions.get_events('Application Control Lite', 'All Events', None, 5) assert (events != None) print(events) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'HTTP', 'application_control_lite_blocked', False) assert (found)
def test_054_functional_udp_block(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999998", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="udp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() result = remote_control.run_command("host www.companysecret.com 4.2.2.1 > /dev/null") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_020_severely_limited_tcp(self): nuke_rules(self._app) priority_level = 7 # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed( download_server=target_server) # Create SRC_ADDR based rule to limit bandwidth append_rule( self._app, create_single_condition_rule("SRC_ADDR", remote_control.client_ip, "SET_PRIORITY", priority_level)) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed( download_server=target_server) print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1, wget_speed_pre * limited_acceptance_ratio) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control', 'Prioritized Sessions', None, 5) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert (found)
def test_030_checkUserRegistrationScript(self): """ checkUserRegistration """ # remove leading and trailing spaces. http_admin = global_functions.get_http_url() assert (http_admin) test_name = "randomName-" + "".join( [random.choice(string.ascii_letters) for i in range(15)]) test_name_lower = test_name.lower() result = register_username(http_admin, test_name) user_list = get_list_of_username_mapped() # print('test_name %s' % test_name) # print('result %s' % result) # print('user_list %s' % user_list) found_username = find_name_in_host_table(test_name_lower) assert (found_username) assert (result == 0) assert (test_name_lower in user_list) events = global_functions.get_events('Directory Connector', 'API Events', None, 1) assert (events != None) found_in_reports = global_functions.check_events( events.get('list'), 5, "login_name", test_name_lower, "client_addr", remote_control.client_ip) assert (found_in_reports)
def test_110_eventlog_smtpSSLVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name # download the email script result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") assert (result == 0) result = remote_control.run_command("chmod 775 /tmp/email_script.py") assert (result == 0) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() # email the file result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False) appSSL.stop() assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1) # print(events['list'][0]) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), 's_server_addr', testsiteIP, self.shortName() + '_clean', False, min_date=startTime) assert( found )
def test_030_checkUserRegistrationScript(self): """ checkUserRegistration """ # remove leading and trailing spaces. http_admin = global_functions.get_http_url() assert(http_admin) test_name = "randomName-" + "".join( [random.choice(string.ascii_letters) for i in range(15)] ) test_name_lower = test_name.lower() result = register_username(http_admin, test_name) user_list = get_list_of_username_mapped() # print('test_name %s' % test_name) # print('result %s' % result) # print('user_list %s' % user_list) found_username = find_name_in_host_table(test_name_lower) assert(found_username) assert (result == 0) assert (test_name_lower in user_list) events = global_functions.get_events('Directory Connector','API Events',None,1) assert(events != None) found_in_reports = global_functions.check_events( events.get('list'), 5, "login_name",test_name_lower, "client_addr", remote_control.client_ip) assert( found_in_reports )
def test_023_childShouldNotEffectParent(self): # add a child that blocks everything blockRackId = addRack(name="Block Rack", parentId=default_policy_id) blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId) assert (blockRackFirewall != None) # add a block rule for the client IP rules = blockRackFirewall.getRules() rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip)); blockRackFirewall.setRules(rules); # client should still be online result = remote_control.is_online() assert (result == 0) uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] ) assert (removeRack(blockRackId)) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") events = global_functions.get_events('Policy Manager','All Events',None,100) assert(events != None) found = global_functions.check_events( events.get('list'), 100, "s_server_addr", str(test_untangle_com_ip), "policy_id", 1, "c_client_addr", remote_control.client_ip) assert( found )
def test_031_rule_modify(self): """ Modify existing rule and rule to enable it """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') rule_desc = appSettings['rules']['list'][0]['description'] if rule_desc != "ATS rule": raise unittest.SkipTest('Skipping as test test_030_rule_add is needed') else: appSettings['rules']['list'][0]['action'] = "log" app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_080_nmap_log(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest( "IperfServer test client unreachable, skipping alternate port forwarding test" ) startTime = datetime.datetime.now() # start nmap on client remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1", host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 5) found = global_functions.check_events(events.get('list'), 5, 'msg', "NMAP", 'blocked', False, min_date=startTime)
def test_620_web_search_block(self): """test that search events are blocked and show up in 'Blocked Search Events'""" term = "boobs" termTests = [{ "host": "www.bing.com", "uri": ("/search?q=%s&qs=n&form=QBRE" % term), }, { "host": "search.yahoo.com", "uri": ("/search?p=%s" % term), }, { "host": "www.google.com", "uri": ("/search?hl=en&q=%s" % term), }] search_term_rule_add(term) for t in termTests: result = remote_control.run_command( "curl -s -4 -o /dev/null -A 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' --connect-timeout 10 --insecure 'https://%s%s'" % (t["host"], t["uri"])) assert (result == 0) events = global_functions.get_events("Web Filter", "Blocked Search Events", None, 1) found = global_functions.check_events(events.get('list'), 5, "host", t["host"], "term", term, "blocked", True, "flagged", True) assert (found) search_term_rules_clear()
def test_025_ping_test_wan_offline(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(indexOfWans) < 2): raise unittest.SkipTest( "Need at least two WANS for test_025_addPingFailTestForWans") nuke_rules() orig_offline_count = offline_wan_count() for wanIndexTup in indexOfWans: wanIndex = wanIndexTup[0] build_wan_test(wanIndex, "ping", pingHost="192.168.244.1") wait_for_wan_offline() offline_count = offline_wan_count() assert (offline_count > orig_offline_count) result = remote_control.is_online() assert (result == 0) events = global_functions.get_events('WAN Failover', 'Outage Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 2, "action", "DISCONNECTED") assert (found)
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_103_eventlog_ftpNonVirus(self): ftp_result = subprocess.call( ["ping", "-c", "1", global_functions.ftp_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip") assert (result == 0) events = global_functions.get_events(self.displayName(), 'Clean Ftp Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "uri", "test.zip", self.shortName() + '_clean', True) assert (found)
def test_106_eventlog_smtpVirusPassList(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsite) addPassSite(testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" % (fname, fname)) if result != 0: nukePassSites() assert( False ) # download the email script result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") if result != 0: nukePassSites() assert( False ) result = remote_control.run_command("chmod 775 /tmp/email_script.py") if result != 0: nukePassSites() assert( False ) # email the file result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar" % (testsiteIP, fname)) nukePassSites() assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Email Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), self.shortName() + '_clean', True, min_date=startTime ) assert( found )
def test_105_eventlog_smtpNonVirus(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsite) startTime = datetime.now() fname = sys._getframe().f_code.co_name print("fname: %s" % fname) result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" % (fname, fname)) assert (result == 0) # download the email script result = remote_control.run_command( "wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") assert (result == 0) result = remote_control.run_command("chmod 775 /tmp/email_script.py") assert (result == 0) # email the file result = remote_control.run_command( "/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/attachment-%s" % (testsiteIP, fname, fname)) assert (result == 0) events = global_functions.get_events(self.displayName(), 'Clean Email Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), self.shortName() + '_clean', True, min_date=startTime) assert (found)
def test_104_eventlog_smtpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name # download the email script result = remote_control.run_command( "wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") assert (result == 0) result = remote_control.run_command("chmod 775 /tmp/email_script.py") assert (result == 0) # email the file result = remote_control.run_command( "/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar" % (testsiteIP, fname)) assert (result == 0) events = global_functions.get_events(self.displayName(), 'Infected Email Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), self.shortName() + '_clean', False, min_date=startTime) assert (found)
def test_020_smtpTest(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['strength'] = 30 app.setSettings(appData) # Get the IP address of test.untangle.com test_untangle_IP = socket.gethostbyname(smtpServerHost) result, to_address = sendSpamMail() events = global_functions.get_events(self.displayName(), 'Quarantined Events', None, 1) assert (events != None) assert (events.get('list') != None) print(events['list'][0]) found = global_functions.check_events(events.get('list'), 10, 's_server_addr', test_untangle_IP, 's_server_port', 25, 'addr', to_address, 'c_client_addr', remote_control.client_ip) assert (found)
def test_090_checkTLSwSSLInspector(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) test_untangle_IP = socket.gethostbyname(smtpServerHost) appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['allowTls'] = False appData['smtpConfig']['strength'] = 30 app.setSettings(appData) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0, createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() tlsSMTPResult, to_address = sendSpamMail(useTLS=True) # print("TLS 090 : " + str(tlsSMTPResult)) appSSL.stop() assert (tlsSMTPResult == 0) events = global_functions.get_events(self.displayName(), 'Quarantined Events', None, 1) assert (events != None) assert (events.get('list') != None) print(events['list'][0]) found = global_functions.check_events(events.get('list'), 5, 's_server_addr', test_untangle_IP, 's_server_port', 25, 'addr', to_address, 'c_client_addr', remote_control.client_ip) assert (found)
def test_600_web_searches(self): """check the web searches log correctly""" termTests = [{ "host": "www.bing.com", "uri": "/search?q=oneterm&qs=n&form=QBRE", "term": "oneterm" },{ "host": "www.bing.com", "uri": "/search?q=two+terms&qs=n&form=QBRE", "term": "two terms" },{ "host": "www.bing.com", "uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE", "term": '"quoted terms"' }] host = "www.bing.com" uri = "/search?q=oneterm&qs=n&form=QBRE" for t in termTests: fname = sys._getframe().f_code.co_name eventTime = datetime.datetime.now() result1 = remote_control.run_command("wget -q -O - 'http://%s%s' 2>&1 >/dev/null" % ( t["host"], t["uri"] ) ) events = global_functions.get_events(self.displayName(),'All Query Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", t["host"], "term", t["term"]) assert( found )
def test_054_functional_udp_block(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999998", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="udp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() result = remote_control.run_command("host www.companysecret.com 4.2.2.1 > /dev/null") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_030_smtpMarkPhishBlockerTest(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) if (not mail_app): raise unittest.SkipTest('Unable download mailsendder app') appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['strength'] = 5 appData['smtpConfig']['msgAction'] = "MARK" app.setSettings(appData) # Get the IP address of test.untangle.com ip_address_testuntangle = socket.gethostbyname(smtpServerHost) timeout = 12 found = False email_index = 20 while (not found and timeout > 0): time.sleep(3) email_index += 1 from_address = "test0" + str(email_index) sendPhishMail(mailfrom=from_address) events = global_functions.get_events('Phish Blocker', 'All Phish Events', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, 'c_server_addr', ip_address_testuntangle, 's_server_port', 25, 'addr', '*****@*****.**', 'c_client_addr', remote_control.client_ip, 'phish_blocker_action', 'M') timeout -= 1 assert (found)
def test_025_ftpVirusBlocked(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") ftp_result = subprocess.call( ["ping", "-c", "1", global_functions.ftp_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") remote_control.run_command("rm -f /tmp/temp_025_ftpVirusBlocked_file") result = remote_control.run_command( "wget --user="******" --password='******' -q -O /tmp/temp_025_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) md5TestNum = remote_control.run_command( "\"md5sum /tmp/temp_025_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True) print("md5StdNum <%s> vs md5TestNum <%s>" % (md5StdNum, md5TestNum)) assert (md5StdNum != md5TestNum) events = global_functions.get_events(self.displayName(), 'Infected Ftp Events', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, "s_server_addr", global_functions.ftp_server, "c_client_addr", remote_control.client_ip, "uri", "fedexvirus.zip", self.shortName() + '_clean', False) assert (found)
def test_102_eventlog_ftpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") ftp_result = subprocess.call( ["ping", "-c", "1", global_functions.ftp_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command( "wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) events = global_functions.get_events(self.displayName(), 'Infected Ftp Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "uri", "fedexvirus.zip", self.shortName() + '_clean', False) assert (found)
def test_060_app_stats(self): """ Checks that the scan, detect, and block stats are properly incremented """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # clear out the signature list appSettings['signatures']['list'] = [] appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999999", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="tcp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() app.forceUpdateStats() pre_events_scan = global_functions.get_app_metric_value(app,"scan") pre_events_detect = global_functions.get_app_metric_value(app,"detect") pre_events_block = global_functions.get_app_metric_value(app,"block") startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") time.sleep(10) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) post_events_scan = global_functions.get_app_metric_value(app,"scan") post_events_detect = global_functions.get_app_metric_value(app,"detect") post_events_block = global_functions.get_app_metric_value(app,"block") del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found) print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan))) print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect))) print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block))) # assert(pre_events_scan < post_events_scan) assert(pre_events_detect < post_events_detect) assert(pre_events_block < post_events_block)
def test_060_app_stats(self): """ Checks that the scan, detect, and block stats are properly incremented """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # clear out the signature list appSettings['signatures']['list'] = [] appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999999", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="tcp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() app.forceUpdateStats() pre_events_scan = global_functions.get_app_metric_value(app,"scan") pre_events_detect = global_functions.get_app_metric_value(app,"detect") pre_events_block = global_functions.get_app_metric_value(app,"block") startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") time.sleep(10) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) post_events_scan = global_functions.get_app_metric_value(app,"scan") post_events_detect = global_functions.get_app_metric_value(app,"detect") post_events_block = global_functions.get_app_metric_value(app,"block") del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found) print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan))) print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect))) print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block))) # assert(pre_events_scan < post_events_scan) assert(pre_events_detect < post_events_detect) assert(pre_events_block < post_events_block)
def test_030_checkSslInspectorInspectorEventLog(self): remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName)) events = global_functions.get_events('SSL Inspector','All Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "ssl_inspector_status","INSPECTED", "ssl_inspector_detail",testedServerName) assert( found )
def test_020_backupNow(self): self._app.sendBackup() events = global_functions.get_events('Configuration Backup', 'Backup Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'success', True) assert (found)
def test_022_notBlocked(self): result = remote_control.run_command( "wget -4 -q -O /dev/null http://www.google.com") assert (result == 0) events = global_functions.get_events('Ad Blocker', 'All Ad Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'host', 'www.google.com', 'uri', ("/"), 'ad_blocker_action', 'P')
def test_020_backupNow(self): global app boxUID = uvmContext.getServerUID() app.sendBackup() events = global_functions.get_events('Configuration Backup','Backup Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'success', True ) assert( found )
def test_020_basic_block(self): result = remote_control.run_command("wget -q -4 -t 2 -O - http://account.paypal-inc.tribesiren.com 2>&1 | grep -q blocked") assert (result == 0) events = global_functions.get_events(self.displayName(),'Blocked Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host","account.paypal-inc.tribesiren.com", self.eventAppName() + '_blocked', True, self.eventAppName() + '_flagged', True ) assert( found )
def test_030_test_untangle_com_reachable(self): result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q text123") assert (result == 0) events = global_functions.get_events(self.displayName(),'All Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host","test.untangle.com", self.eventAppName() + '_blocked', False, self.eventAppName() + '_flagged', False ) assert( found )
def test_040_checkWebFilterEventLog(self): addBlockedUrl(testedServerName) remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName)) nukeBlockedUrls() events = global_functions.get_events('Web Filter','Blocked Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testedServerName, "web_filter_blocked", True) assert( found )
def test_101_eventlog_httpNonVirus(self): fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget -q -O - http://" + testsite + "/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname) assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testsite, "uri", ("/test/test.zip?arg=%s" % fname), self.shortName() + '_clean', True ) assert( found )
def test_102_admin_login_event(self): uvmContext.adminManager().logAdminLoginEvent( "admin", True, "127.0.1.1", True, 'X' ) events = global_functions.get_events('Administration','Admin Login Events',None,10) assert(events != None) for i in events.get('list'): print(i) found = global_functions.check_events( events.get('list'), 10, 'client_addr', "127.0.1.1", 'reason', 'X', 'local', True, 'succeeded', True, 'login', 'admin' ) assert( found )
def test_103_eventlog_ftpNonVirus(self): ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip") assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "uri", "test.zip", self.shortName() + '_clean', True ) assert( found )
def test_100_eventlog_httpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget -q -O - http://" + testsite + "/virus/eicar.zip?arg=%s 2>&1 | grep -q blocked" % fname) assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testsite, "uri", ("/virus/eicar.zip?arg=%s" % fname), self.shortName() + '_clean', False ) assert( found )
def test_023_eventlog_blockedAd(self): fname = sys._getframe().f_code.co_name # specify an argument so it isn't confused with other events eventTime = datetime.datetime.now() result = remote_control.run_command("wget -4 -q -O /dev/null http://ads.pubmatic.com/AdServer/js/showad.js?arg=%s" % fname) assert ( result != 0 ) events = global_functions.get_events('Ad Blocker','Blocked Ad Events',None,1) assert( events != None ) found = global_functions.check_events( events.get('list'), 5, 'host', 'ads.pubmatic.com', 'uri', ("/AdServer/js/showad.js?arg=%s" % fname), 'ad_blocker_action', 'B' ) assert( found )
def test_100_eventlog_Block_Google(self): touchProtoRule("Google",True,True) result = remote_control.run_command("wget -O /dev/null -4 -t 2 --timeout=5 http://www.google.com/") assert (result != 0) time.sleep(1) events = global_functions.get_events('Application Control','Blocked Sessions',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "application_control_application", "GOOGLE", "application_control_category", "Web Services", "application_control_blocked", True, "application_control_flagged", True) assert( found )
def test_102_reports_all_urls(self): """check the All Web Events report""" fname = sys._getframe().f_code.co_name self.block_url_list_clear(); # specify an argument so it isn't confused with other events result1 = remote_control.run_command("wget -q -O - http://test.untangle.com/test/testPage1.html?arg=%s 2>&1 >/dev/null" % fname) events = global_functions.get_events(self.displayName(),'All Web Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host","test.untangle.com", "uri", ("/test/testPage1.html?arg=%s" % fname), 'web_filter_blocked', False, 'web_filter_flagged', False ) assert( found )
def test_050_alert_rule(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*") settings['alertRules']['list'].append( new_rule ) uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) events = global_functions.get_events('Events','Alert Events',None,10) found = global_functions.check_events( events.get('list'), 5, 'description', 'test alert rule' ) uvmContext.eventManager().setSettings( orig_settings ) assert(events != None) assert ( found )
def test_200_scanFileExtension(self): """test that "Scan" option in advanced tab is scanned, using zip file""" #find 'zip' file extension and enable scan option enableFileExtensionScan("zip") remote_control.run_command("wget -q -O - http://test.untangle.com/test/test.zip 2>&1") events = global_functions.get_events(self.displayName(),'Scanned Web Events',None,1) assert(events != None) found = global_functions.check_events(events.get("list"), 50, 'host', 'test.untangle.com', 'c_client_addr', remote_control.client_ip, 'uri', '/test/test.zip') assert(found)
def test_102_eventlog_ftpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "uri", "fedexvirus.zip", self.shortName() + '_clean', False ) assert( found )
def test_060_testDnsUdpPatternBlock(self): nukepatterns() addPatterns(definition="^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c]", protocol="DNS", blocked=True, category="Web", description="Domain Name System") result = remote_control.run_command("host -R 1 www.google.com 8.8.8.8") assert (result != 0) time.sleep(3); events = global_functions.get_events('Application Control Lite','All Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'DNS', 'application_control_lite_blocked', True ) assert( found )
def test_030_testHttpPatternBlocked(self): nukepatterns() addPatterns(definition="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\\x09-\\x0d -~]* http/[01]\\.[019]", protocol="HTTP", blocked=True, category="Web", description="HyperText Transfer Protocol") result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") assert (result != 0) time.sleep(3); events = global_functions.get_events('Application Control Lite','All Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'HTTP', 'application_control_lite_blocked', True ) assert( found )
def test_040_testFtpPatternBlock(self): nukepatterns() addPatterns(definition="^220[\x09-\x0d -~]*ftp", protocol="FTP", blocked=True, category="Web", description="File Transfer Protocol") result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 ftp://test.untangle.com") assert (result != 0) time.sleep(3); events = global_functions.get_events('Application Control Lite','All Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'FTP', 'application_control_lite_blocked', True ) assert( found )
def check_events(self, host="", uri="", blocked=True, flagged=None): app_display_name = self.app.getAppTitle() if flagged == None: flagged = blocked if (("Monitor" in app_display_name) and blocked): blocked = False if (blocked): event_list = "Blocked Web Events" elif (flagged): event_list = "Flagged Web Events" else: event_list = "All Web Events" events = global_functions.get_events(app_display_name, event_list, None, 10) assert(events != None) found = global_functions.check_events( events.get('list'), 10, "host", host, "uri", uri, 'web_filter_blocked', blocked, 'web_filter_flagged', flagged ) return found
def test_050_severely_limited_web_filter_flagged(self): global app, app_web_filter nuke_rules() pre_count = global_functions.get_app_metric_value(app,"prioritize") priority_level = 7 # This test might need web filter for http to start # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed(download_server="test.untangle.com") # Create WEB_FILTER_FLAGGED based rule to limit bandwidth append_rule(create_single_condition_rule("WEB_FILTER_FLAGGED","true","SET_PRIORITY",priority_level)) # Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology settingsWF = app_web_filter.getSettings() i = 0 untangleCats = ["Computer,", "Security"] for webCategories in settingsWF['categories']['list']: if any(x in webCategories['name'] for x in untangleCats): settingsWF['categories']['list'][i]['flagged'] = "true" i += 1 app_web_filter.setSettings(settingsWF) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed(download_server="test.untangle.com") print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio ) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert( found ) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app,"prioritize") assert(pre_count < post_count)
def test_025_ftpVirusBlocked(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") remote_control.run_command("rm -f /tmp/temp_022_ftpVirusBlocked_file") result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) md5TestNum = remote_control.run_command("\"md5sum /tmp/temp_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True) print("md5StdNum <%s> vs md5TestNum <%s>" % (md5StdNum, md5TestNum)) assert (md5StdNum != md5TestNum) events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "s_server_addr", global_functions.ftp_server, "c_client_addr", remote_control.client_ip, "uri", "fedexvirus.zip", self.shortName() + '_clean', False ) assert( found )