def testCronAllowOnlyContainsRoot(self): """Ensure cron/at allow only contains "root".""" check_id = "CIS-CRON-AT-ALLOW-ONLY-CONTAINS-ROOT" artifact = "CronAtAllowDenyFiles" sym = ("Found: at.allow or cron.allow contains non-root users or does " "not contain root.") parser = config_file.CronAtAllowDenyParser() data = { "/etc/at.allow": "root", "/etc/cron.allow": "user1", "/etc/at.deny": "blah\nblah blah" } found = ["/etc/cron.allow: user1"] results = self.GenResults([artifact], [data], [parser]) self.assertCheckDetectedAnom(check_id, results, sym, found) data = {"/etc/at.allow": "", "/etc/cron.allow": "root"} found = ["/etc/at.allow:"] results = self.GenResults([artifact], [data], [parser]) self.assertCheckDetectedAnom(check_id, results, sym, found) data = {"/etc/at.allow": "", "/etc/cron.allow": ""} found = ["/etc/at.allow:", "/etc/cron.allow:"] results = self.GenResults([artifact], [data], [parser]) self.assertCheckDetectedAnom(check_id, results, sym, found) data = {"/etc/at.allow": "root", "/etc/cron.allow": "root"} results = self.GenResults([artifact], [data], [parser]) self.assertCheckUndetected(check_id, results)
def testParseCronData(self): test_data = r"""root user user2 user3 root hi hello user pparth""" file_obj = StringIO.StringIO(test_data) pathspec = rdf_paths.PathSpec(path="/etc/at.allow") stat = rdf_client.StatEntry(pathspec=pathspec) parser = config_file.CronAtAllowDenyParser() results = list(parser.Parse(stat, file_obj, None)) result = [d for d in results if isinstance(d, rdf_protodict.AttributedDict)][0] filename = result.filename users = result.users self.assertEqual("/etc/at.allow", filename) self.assertEqual(sorted(["root", "user", "pparth"]), sorted(users)) anomalies = [a for a in results if isinstance(a, rdf_anomaly.Anomaly)] self.assertEqual(1, len(anomalies)) anom = anomalies[0] self.assertEqual("Dodgy entries in /etc/at.allow.", anom.symptom) self.assertEqual(sorted(["user2 user3", "hi hello"]), sorted(anom.finding)) self.assertEqual(pathspec, anom.reference_pathspec) self.assertEqual("PARSER_ANOMALY", anom.type)