def test_record_diff_char_sets(self): """ Check tlog-rec preserves non-English I/O in recordings """ logfile = '{}-ru_RU'.format(mklogfile(self.tempdir)) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) shell.sendline('export LANG=ru_RU.utf8') shell.sendline('badcommand') shell.sendline('exit') check_outfile('найдена', logfile) check_recording(shell, 'найдена', logfile) shell.close() logfile = '{}-el_GR'.format(mklogfile(self.tempdir)) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) shell.sendline('export LANG=el_GR.utf8') shell.sendline('badcommand') shell.sendline('exit') check_outfile('βρέθηκε', logfile) check_recording(shell, 'βρέθηκε', logfile) shell.close() logfile = '{}-en_US'.format(mklogfile(self.tempdir)) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) shell.sendline('export LANG=en_US.utf8') shell.sendline('echo Watérmân') shell.sendline('exit') check_outfile('Watérmân', logfile) check_recording(shell, 'Watérmân', logfile) shell.expect('Watérmân') shell.close()
def test_record_diff_char_sets(self): """ Check tlog-rec preserves non-English I/O in recordings """ logfile = '{}-ru_RU'.format(mklogfile(self.tempdir)) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) shell.sendline('export LANG=ru_RU.utf8') shell.sendline('badcommand') shell.sendline('exit') check_outfile('найдена', logfile) check_recording(shell, 'найдена', logfile) shell.close() logfile = '{}-el_GR'.format(mklogfile(self.tempdir)) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) shell.sendline('export LANG=el_GR.utf8') shell.sendline('badcommand') shell.sendline('exit') check_outfile('βρέθηκε', logfile) check_recording(shell, 'βρέθηκε', logfile) shell.close() logfile = '{}-en_US'.format(mklogfile(self.tempdir)) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) shell.sendline('export LANG=en_US.utf8') shell.sendline('echo Watérmân') shell.sendline('exit') check_outfile('Watérmân', logfile) check_recording(shell, 'Watérmân', logfile) shell.expect('Watérmân') shell.close()
def test_record_as_admin_user(self): """ Check tlog-rec preserves sudo activity of admin user in recordings """ logfile = mklogfile(self.tempdir) cfg = ''' %wheel ALL=(ALL) NOPASSWD: ALL ''' mkcfgfile('/etc/sudoers.d/01_wheel_nopass', cfg) shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('whoami') shell.expect(self.admin1) shell.sendline('sleep 2') shell.sendline('echo test1223') shell.expect('test1223') shell.sendline('sudo ls -ltr /var/log/audit') shell.expect('audit.log') shell.sendline('exit') check_outfile('test1223', logfile) check_recording(shell, 'test1223', logfile) shell.close() shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost') check_recording(shell, 'audit.log', logfile) shell.close()
def test_play_from_file_match(self): """ File reader matching functionality test """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} whoami'.format(logfile)) time.sleep(5) shell.sendline('tlog-rec -o {} lsblk'.format(logfile)) time.sleep(5) shell.sendline('tlog-rec -o {} ls -l /usr/bin'.format(logfile)) time.sleep(5) rec_ids = [] recording = read_tlog_recording_file(logfile) for msg in recording: rec = msg['rec'] if rec not in rec_ids: rec_ids.append(rec) shell.sendline('tlog-play -i {} -m {}'.format(logfile, rec_ids[0])) shell.expect(self.user1) shell.sendline('tlog-play -i {} -m {}'.format(logfile, rec_ids[1])) shell.expect('MOUNTPOINT') shell.sendline('tlog-play -i {} -m {}'.format(logfile, rec_ids[2])) shell.expect('uname')
def test_conf_text_var(self, session_env_config_setup): """ Validate configuration settings are overwritten by TLOG_REC_SESSION_CONF_TEXT variable """ logfile = mklogfile(self.tempdir) msg = inspect.stack()[0][3] tmp_notice_msg = "temp" tmp_conf_file = TMP_TLOG_REC_SESSION_CONF # system wide configuration file sessionclass_system = TlogRecSessionConfig(writer="journal") sessionclass_system.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) # temporary configuration file sessionclass_tmp = TlogRecSessionConfig(writer="file", file_writer_path=logfile, notice=tmp_notice_msg) sessionclass_tmp.generate_config(tmp_conf_file) # validate the notice override shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline(f'export TLOG_REC_SESSION_CONF_FILE={tmp_conf_file}') shell.sendline('export TLOG_REC_SESSION_CONF_TEXT=' '\'{"notice":"TEXT Notice"}\'') shell.sendline(TLOG_REC_SESSION_PROG) shell.expect("TEXT Notice") shell.sendline(f'echo {msg}') shell.expect(msg) shell.sendline('exit') shell.close()
def test_conf_file_var(self, session_env_config_setup): """ Validate configuration settings are overwritten by TLOG_REC_SESSION_CONF_FILE variable """ logfile = mklogfile(self.tempdir) msg = inspect.stack()[0][3] input_notice = "Test NOTICE" tmp_conf_file = TMP_TLOG_REC_SESSION_CONF # system wide journal configuration file sessionclass_system = TlogRecSessionConfig(writer="journal") sessionclass_system.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) # temporary configuration file to override with sessionclass_tmp = TlogRecSessionConfig(writer="file", file_writer_path=logfile, notice=input_notice) sessionclass_tmp.generate_config(tmp_conf_file) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline(f'export TLOG_REC_SESSION_CONF_FILE={tmp_conf_file}') shell.sendline(TLOG_REC_SESSION_PROG) # validate the notice override shell.expect(input_notice) shell.sendline(f'echo {msg}') shell.expect(msg) shell.sendline('exit') check_recording(shell, msg, logfile) shell.close()
def test_record_as_admin_user(self): """ Check tlog-rec preserves sudo activity of admin user in recordings """ logfile = mklogfile(self.tempdir) cfg = ''' %wheel ALL=(ALL) NOPASSWD: ALL ''' mkcfgfile('/etc/sudoers.d/01_wheel_nopass', cfg) shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('whoami') shell.expect(self.admin1) shell.sendline('sleep 2') shell.sendline('echo test1223') shell.expect('test1223') shell.sendline('sudo ls -ltr /var/log/audit') shell.expect('audit.log') shell.sendline('exit') check_outfile('test1223', logfile) check_recording(shell, 'test1223', logfile) shell.close() shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost') check_recording(shell, 'audit.log', logfile) shell.close()
def test_play_output_file(self): """ Ensure tlog-play will redirect output to file """ outputfile = mklogfile(self.tempdir) recordedtext = 'output_test' shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline(f'tlog-rec -w journal echo {recordedtext}') time.sleep(5) entry = journal_find_last() message = entry['MESSAGE'] rec = ast.literal_eval(message)['rec'] tlog_rec = 'TLOG_REC={}'.format(rec) playcmd = f'tlog-play -r journal -M {tlog_rec} > {outputfile}' shell2 = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell2.sendline(playcmd) time.sleep(5) with open(outputfile) as f: read_data = f.read() assert recordedtext in read_data f.closed
def test_play_from_file(self): """ Check tlog-play can playback session from file """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') mkrecording(shell, logfile) shell.sendline('tlog-play -i {}'.format(logfile)) shell.expect('localhost')
def test_play_from_file(self): """ Check tlog-play can playback session from file """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') mkrecording(shell, logfile) shell.sendline('tlog-play -i {}'.format(logfile)) shell.expect('KNOWN BUGS')
def test_record_command_to_file(self): """ Check tlog-rec preserves output when reording to file """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} whoami'.format(logfile)) check_outfile('out_txt\":\"{}'.format(self.user1), logfile) check_recording(shell, self.user1, logfile) shell.close()
def test_record_command_to_file(self): """ Check tlog-rec preserves output when reording to file """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} whoami'.format(logfile)) check_outfile('out_txt\":\"{}'.format(self.user1), logfile) check_recording(shell, self.user1, logfile) shell.close()
def test_record_binary_output(self): """ Check tlog-rec preserves binary output in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') reccmd = 'cat /usr/bin/gzip' shell.sendline('tlog-rec -o {} {}'.format(logfile, reccmd)) shell.expect(r'\u0000') check_recording(shell, r'\u0000', logfile) shell.close()
def test_record_binary_output(self): """ Check tlog-rec preserves binary output in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') reccmd = 'cat /usr/bin/gzip' shell.sendline('tlog-rec -o {} {}'.format(logfile, reccmd)) shell.expect(r'\u0000') check_recording(shell, r'\u0000', logfile) shell.close()
def test_record_fast_input_with_limit_burst(self): """ Check tlog-rec allows limited burst of fast output """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-burst=100' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') shell.close()
def test_record_fast_input_with_limit_burst(self): """ Check tlog-rec allows limited burst of fast output """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-burst=100' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') shell.close()
def test_record_fast_input_with_limit_action_pass(self): """ Check tlog-rec ignores logging limits """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-action=pass' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_record_fast_input_with_latency(self): """ Check tlog-rec caches data some time before logging """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--latency=9' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_record_fast_input_with_payload(self): """ Check tlog-rec limits output payload size """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--payload=128' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_record_fast_input(self): """ Check tlog-rec preserves fast flooded I/O in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) for num in range(0, 2000): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') for num in range(0, 2000, 100): check_recording(shell, 'test_{}'.format(num), logfile) shell.close()
def test_record_fast_input_with_limit_action_drop(self): """ Check tlog-rec drops output when logging limit reached """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-action=drop' cmd = 'cat /usr/share/dict/linux.words' shell.sendline('tlog-rec {} ' '-o {} {}'.format(opts, logfile, cmd)) shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') check_recording_missing(shell, 'Byronite', logfile) check_recording_missing(shell, 'zygote', logfile)
def test_session_record_with_different_shell(self): """ Check tlog-rec-session can specify different shell """ logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(shell="/usr/bin/tcsh", writer="file", file_writer_path=logfile) sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') shell.sendline('echo $SHELL') check_recording(shell, '/usr/bin/tcsh', logfile) shell.sendline('exit')
def test_record_fast_input(self): """ Check tlog-rec preserves fast flooded I/O in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile)) for num in range(0, 2000): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') for num in range(0, 2000, 100): check_recording(shell, 'test_{}'.format(num), logfile) shell.close()
def test_record_fast_input_with_latency(self): """ Check tlog-rec caches data some time before logging """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--latency=9' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_record_fast_input_with_payload(self): """ Check tlog-rec limits output payload size """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--payload=128' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_record_fast_input_with_limit_action_drop(self): """ Check tlog-rec drops output when logging limit reached """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-action=drop' cmd = 'cat /usr/share/dict/linux.words' shell.sendline('tlog-rec {} ' '-o {} {}'.format(opts, logfile, cmd)) shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') check_recording_missing(shell, 'Byronite', logfile) check_recording_missing(shell, 'zygote', logfile)
def test_record_fast_input_with_limit_action_delay(self): """ Check tlog-rec delays recording when logging limit reached """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-action=delay' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) check_outfile('test_199', logfile, maxchecks=100) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_record_fast_input_with_limit_action_pass(self): """ Check tlog-rec ignores logging limits """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') opts = '--limit-rate=10 --limit-action=pass' shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile)) for num in range(0, 200): shell.sendline('echo test_{}'.format(num)) shell.sendline('exit') check_recording(shell, 'test_199', logfile) shell.close()
def test_session_record_to_file(self): """ Check tlog-rec-session preserves session in a file """ myname = inspect.stack()[0][3] logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(writer="file", file_writer_path=logfile) sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') shell.sendline('echo {}'.format(myname)) shell.sendline('exit') check_recording(shell, myname, logfile) shell.close()
def test_session_record_fast_input_with_latency(self): """ Check tlog-rec-session caches data some time before logging """ myname = inspect.stack()[0][3] logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(writer="file", file_writer_path=logfile, latency=15) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') for num in range(0, 200): shell.sendline('echo {}_{}'.format(myname, num)) shell.sendline('exit') check_recording(shell, '{}_199'.format(myname), logfile) shell.close()
def test_play_at_speed_x2(self): """ Check tlog-play can playback session at 2x speed """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') mkrecording(shell, logfile, sleep=15) shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} --speed=2'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('localhost') time_stop = time.time() assert time_stop - time_start < 9
def test_play_at_speed_x2(self): """ Check tlog-play can playback session at 2x speed """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') mkrecording(shell, logfile, sleep=15) shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} --speed=2'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('KNOWN BUGS') time_stop = time.time() assert time_stop-time_start < 9
def test_session_record_fast_input_with_payload(self): """ Check tlog-rec limits output payload size """ myname = inspect.stack()[0][3] logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(writer="file", file_writer_path=logfile, payload=128) sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') for num in range(0, 200): shell.sendline('echo {}_{}'.format(myname, num)) shell.sendline('exit') check_recording(shell, '{}_199'.format(myname), logfile) shell.close()
def test_play_at_goto_points(self): """ Check tlog-play can start playback session from goto points """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('echo start') time.sleep(5) shell.sendline('echo test_1') shell.expect('test_1') time.sleep(5) shell.sendline('echo test_2') shell.expect('test_2') time.sleep(5) shell.sendline('echo test_3') shell.expect('test_3') shell.sendline('echo end') shell.sendline('exit') shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} -g start'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('end') time_stop = time.time() assert time_stop-time_start > 15 shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} -g end'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('end') time_stop = time.time() assert time_stop-time_start < 2 shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} -g 11'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('end') time_stop = time.time() assert time_stop-time_start < 8 shell.close()
def test_play_at_goto_points(self): """ Check tlog-play can start playback session from goto points """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('echo start') time.sleep(5) shell.sendline('echo test_1') shell.expect('test_1') time.sleep(5) shell.sendline('echo test_2') shell.expect('test_2') time.sleep(5) shell.sendline('echo test_3') shell.expect('test_3') shell.sendline('echo end') shell.sendline('exit') shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} -g start'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('end') time_stop = time.time() assert time_stop - time_start > 15 shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} -g end'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('end') time_stop = time.time() assert time_stop - time_start < 2 shell.close() shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() opts = '-i {} -g 11'.format(logfile) shell.sendline('tlog-play {}'.format(opts)) shell.expect('end') time_stop = time.time() assert time_stop - time_start < 8 shell.close()
def test_record_interactive_session(self): """ Check tlog-rec preserves activity during interactive session in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('whoami') shell.expect(self.user1) shell.sendline('sleep 2') shell.sendline('echo test123') shell.expect('test123') shell.sendline('echo test1123out>/tmp/pexpect.test1123out') check_outfile('test1123out', logfile) check_recording(shell, 'test1123out', logfile) shell.close()
def test_record_interactive_session(self): """ Check tlog-rec preserves activity during interactive session in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('whoami') shell.expect(self.user1) shell.sendline('sleep 2') shell.sendline('echo test123') shell.expect('test123') shell.sendline('echo test1123out>/tmp/pexpect.test1123out') check_outfile('test1123out', logfile) check_recording(shell, 'test1123out', logfile) shell.close()
def test_session_record_fast_input_with_limit_action_delay(self): """ Check tlog-rec-session delays recording when logging limit reached """ myname = inspect.stack()[0][3] logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(writer="file", file_writer_path=logfile, limit_rate=500, limit_action="delay") sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') for num in range(0, 200): shell.sendline('echo {}_{}'.format(myname, num)) shell.sendline('exit') check_recording(shell, '{}_199'.format(myname), logfile) shell.close()
def test_record_as_unprivileged_user(self): """ Check tlog-rec preserves unauthorized activity of unprivileged user in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('whoami') shell.expect(self.user1) shell.sendline('echo test1123out') shell.sendline('sleep 2') shell.sendline('ls -ltr /var/log/audit') check_recording(shell, 'test1123out', logfile) check_recording(shell, 'Permission denied', logfile) shell.sendline('exit') shell.close()
def test_record_as_unprivileged_user(self): """ Check tlog-rec preserves unauthorized activity of unprivileged user in recordings """ logfile = mklogfile(self.tempdir) shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(logfile)) shell.sendline('whoami') shell.expect(self.user1) shell.sendline('echo test1123out') shell.sendline('sleep 2') shell.sendline('ls -ltr /var/log/audit') check_recording(shell, 'test1123out', logfile) check_recording(shell, 'Permission denied', logfile) shell.sendline('exit') shell.close()
def test_session_record_fast_input_with_limit_action_drop(self): """ Check tlog-rec-session drops output when logging limit reached """ logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(writer="file", file_writer_path=logfile, limit_rate=10, limit_action="drop") sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') shell.sendline('cat /usr/share/dict/linux.words') time.sleep(1) shell.sendline('exit') shell.close() shell = ssh_pexpect(self.user, 'Secret123', 'localhost') check_recording_missing(shell, 'Byronite', logfile) check_recording_missing(shell, 'zygote', logfile)
def test_session_record_user_in_utmp(self, utempter_enabled): """ Check tlog-rec-session preserves session in a file """ if not utempter_enabled: pytest.skip('utempter not enabled, skipping test') myname = inspect.stack()[0][3] whoami = '{} pts'.format(self.user) logfile = mklogfile(self.tempdir) sessionclass = TlogRecSessionConfig(writer="file", file_writer_path=logfile) sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF) shell = ssh_pexpect(self.user, 'Secret123', 'localhost') shell.sendline('echo {}'.format(myname)) shell.sendline('who am i') shell.sendline('exit') check_recording(shell, myname, logfile) check_recording(shell, whoami, logfile) shell.close()
def test_play_follow_running_session(self): """ Check tlog-play can follow a live running session """ logfile = mklogfile(self.tempdir) shell1 = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell2 = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell2.logfile = sys.stdout shell1.sendline('tlog-rec -o {}'.format(logfile)) time.sleep(1) shell2.sendline('tlog-play -i {} -f'.format(logfile)) shell1.sendline('echo line1') shell2.expect('line1') time.sleep(2) shell1.sendline('echo line2') shell2.expect('line2') time.sleep(2) shell1.sendline('echo line3') shell2.expect('line3') shell1.close() shell2.close()
def test_play_follow_running_session(self): """ Check tlog-play can follow a live running session """ logfile = mklogfile(self.tempdir) shell1 = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell2 = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell2.logfile = sys.stdout shell1.sendline('tlog-rec -o {}'.format(logfile)) time.sleep(1) shell2.sendline('tlog-play -i {} -f'.format(logfile)) shell1.sendline('echo line1') shell2.expect('line1') time.sleep(2) shell1.sendline('echo line2') shell2.expect('line2') time.sleep(2) shell1.sendline('echo line3') shell2.expect('line3') shell1.close() shell2.close()
def test_conf_file_var(self, rec_env_config_setup): """ Validate configuration settings are overwritten by TLOG_REC_CONF_FILE variable """ logfile = mklogfile(self.tempdir) msg = inspect.stack()[0][3] tmp_conf_file = TMP_TLOG_REC_CONF # system wide configuration file recclass_system = TlogRecConfig(writer="journal") recclass_system.generate_config(SYSTEM_TLOG_REC_CONF) # temporary configuration file to override with recclass_tmp = TlogRecConfig(writer="file", file_writer_path=logfile) recclass_tmp.generate_config(tmp_conf_file) # validate the file writer override shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') shell.sendline(f'export TLOG_REC_CONF_FILE={tmp_conf_file}') shell.sendline(TLOG_REC_PROG + f"-c echo {msg}") check_recording(shell, msg, logfile) shell.close()
class TestTlogPlayControl: """ Tests for tlog-play running key controls usage """ user1 = 'tlitestlocaluser1' tempdir = mkdtemp(prefix='/tmp/TestTlogPlay.') os.chmod( tempdir, stat.S_IRWXU + stat.S_IRWXG + stat.S_IRWXO + stat.S_ISUID + stat.S_ISGID + stat.S_ISVTX) ctl_log = mklogfile(tempdir) @classmethod def setup_class(cls): """ create sample recorded session for key control tests """ shell = ssh_pexpect(cls.user1, 'Secret123', 'localhost') shell.sendline('tlog-rec -o {}'.format(cls.ctl_log)) shell.sendline('echo start') time.sleep(10) shell.sendline('echo testime_stop') time.sleep(10) shell.sendline('echo test2') time.sleep(10) shell.sendline('echo test3') time.sleep(10) shell.sendline('echo end') shell.sendline('exit') shell.close() def test_play_key_ctl_goto_end(self): """ Check tlog-play key control goes to end of session """ shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() shell.sendline('tlog-play -i {}'.format(self.ctl_log)) time.sleep(1) shell.sendline('G') shell.expect('end') time_stop = time.time() assert time_stop - time_start < 3 shell.close() def test_play_key_ctl_next_packet(self): """ Check tlog-play key control skips to next packet """ shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() shell.sendline('tlog-play -i {}'.format(self.ctl_log)) time.sleep(1) shell.sendline('.') time.sleep(1) shell.sendline('.') time.sleep(1) shell.sendline('.') time.sleep(1) shell.sendline('.') shell.expect('end') time_stop = time.time() assert time_stop - time_start < 5 shell.close() def test_play_key_ctl_double_speed(self): """ Check tlog-play key control doubles playback speed """ shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() shell.sendline('tlog-play -i {}'.format(self.ctl_log)) time.sleep(1) shell.sendline('}') time.sleep(1) shell.sendline('}') shell.expect('end') time_stop = time.time() assert time_stop - time_start < 15 shell.close() def test_play_key_ctl_quit(self): """ Check tlog-play key control quits playback """ shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() shell.sendline('tlog-play -i {}'.format(self.ctl_log)) time.sleep(1) shell.sendline('q') time_stop = time.time() assert time_stop - time_start < 2 shell.close() def test_play_key_ctl_halve_speed(self): """ Check tlog-play key control halves speed The double speed steps are there as necessary pre-req steps """ shell = ssh_pexpect(self.user1, 'Secret123', 'localhost') time_start = time.time() shell.sendline('tlog-play -i {}'.format(self.ctl_log)) time.sleep(1) shell.sendline('}') time.sleep(1) shell.sendline('}') time.sleep(1) shell.sendline('{') time.sleep(1) shell.sendline('{') shell.expect('end', timeout=40) time_stop = time.time() assert time_stop - time_start > 30 shell.close()