def test_11_properties(self): """ Verify that property wrappers work """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[mozdef]\nmozdef_url = foo\n') filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): library = mozdef_client_config.ConfigedMozDefEvent() # Don't set anything? It's an event: self.assertEqual(library.category, 'event') # Setting: library.category = 'Authentication' # Getting OUR property: self.assertEqual(library.category, 'authentication') # And the upstream property (this might change in the future): self.assertEqual(library._category, 'authentication') self.assertEqual(library.source, None) # Setting: library.source = 'SomeWords Go Here' # Getting OUR property: self.assertEqual(library.source, 'SomeWords Go Here') # And the upstream property (this might change in the future): self.assertEqual(library._source, 'SomeWords Go Here')
def test_00_ingest_no_config(self): """ With no config files, get an error """ with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[]): with self.assertRaises(ValueError): mozdef_client_config.ConfigedMozDefEvent()
def test_06_optional_params(self): """ Verify that the self object was initialized with foofy parameters """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[mozdef]\nsend_events = False\n') filepointer.write( 'send_to_syslog = True\nsyslog_only = True\nsyslog_facility = local0\n' ) filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): library = mozdef_client_config.ConfigedMozDefEvent() self.assertIsInstance(library, mozdef_client.MozDefEvent) self.assertIsInstance(library, mozdef_client_config.ConfigedMozDefEvent) self.assertIsInstance(library._send_to_syslog, bool, '_send_to_syslog must be a bool') self.assertIsInstance(library._syslog_only, bool, '_syslog_only must be a bool') self.assertTrue(library._send_to_syslog, '_send_to_syslog becomes True') self.assertTrue(library._syslog_only, '_syslog_only becomes True') # This presumes that mozdef_client does facility this way: self.assertEqual(library._facility, syslog.LOG_LOCAL0, '_facility gets set as desired')
def test_01_ingest_empty_config(self): """ With junk config files, get an error """ test_reading_file = 'test/context.py' with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): with self.assertRaises(ValueError): mozdef_client_config.ConfigedMozDefEvent()
def test_03_ingest_partial_config(self): """ With send_events and no url, get an error """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[mozdef]\nsend_events = True\n') filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): with self.assertRaises(ValueError): mozdef_client_config.ConfigedMozDefEvent() os.remove(test_reading_file)
def test_02_ingest_bad_config(self): """ With config file lacking a url, get an error """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[aa]\nbb = cc\n') filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): with self.assertRaises(ValueError): mozdef_client_config.ConfigedMozDefEvent() os.remove(test_reading_file)
def log(self, summary, severity=None, details=None): """ This segment sends a log to mozdef for important events. """ logger = mozdef_client_config.ConfigedMozDefEvent() logger.category = 'Authentication' logger.source = 'openvpn' logger.tags = ['vpn', 'duosecurity'] logger.summary = summary logger.set_severity_from_string(severity) if details is not None: logger.details = details logger.send() # Print to stdout here because we want a local copy of the results. # We could log to syslog, but that separates our files from the # openvpn log to syslog. if self.log_to_stdout: # pragma: no cover # Most test cases are quiet / nonprinting print logger.syslog_convert()
def test_send_actual(self): """ Verify that the send doesn't die when sending """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[mozdef]\nmozdef_url = foo\n') filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): library = mozdef_client_config.ConfigedMozDefEvent() library.summary = 'a test message' library.tags = ['test-tag1', 'test-tag2'] library.details = {'testing': True, 'alert': False, 'is-a-test': 'yes'} try: library.send() except Exception: # pragma: no cover pylint: disable=broad-except # there are many 'raise' items in send, none of which should hit. # And since this is a test, broad is intentional and fine. self.fail("send() raised ExceptionType unexpectedly.")
def test_04_ingest_noop_config(self): """ With send_events false and no url, proceed """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[mozdef]\nsend_events = False\n') filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): with mock.patch.object(mozdef_client, '__init__') as mock_super: library = mozdef_client_config.ConfigedMozDefEvent() mock_super.assert_called_once() os.remove(test_reading_file) self.assertIsInstance(library, mozdef_client.MozDefEvent) self.assertIsInstance(library, mozdef_client_config.ConfigedMozDefEvent) self.assertIsInstance(library._send_events, bool, '_send_events must be a bool') self.assertFalse(library._send_events, '_send_events can be told to be False')
def __init__(self): """ ingest the config file, then establish our variables based on it. """ self.configfile = self._ingest_config_from_file() _cf = self.configfile self.iptables_executable = '/sbin/iptables' if _cf.has_option('openvpn-netfilter', 'iptables_executable'): self.iptables_executable = self.configfile.get( 'openvpn-netfilter', 'iptables_executable') self.ipset_executable = '/usr/sbin/ipset' if _cf.has_option('openvpn-netfilter', 'ipset_executable'): self.ipset_executable = self.configfile.get( 'openvpn-netfilter', 'ipset_executable') self.lockpath = '/var/run/openvpn_netfilter.lock' if _cf.has_option('openvpn-netfilter', 'LOCKPATH'): self.lockpath = self.configfile.get('openvpn-netfilter', 'LOCKPATH') self.lockwaittime = 2 # this is in seconds if _cf.has_option('openvpn-netfilter', 'LOCKWAITTIME'): self.lockwaittime = self.configfile.getint('openvpn-netfilter', 'LOCKWAITTIME') self.lockretriesmax = 10 if _cf.has_option('openvpn-netfilter', 'LOCKRETRIESMAX'): self.lockretriesmax = self.configfile.getint( 'openvpn-netfilter', 'LOCKRETRIESMAX') self._lock = None self.username = None self.client_ip = None self.logger = mozdef_client_config.ConfigedMozDefEvent() self.logger.tags = ['openvpn', 'netfilter'] if os.geteuid() != 0: # Since everything in this class will modify iptables/ipset, # this library pretty much must run as root. # # Side note: # Since it's called from learn-address, that means you need # to have a sudo allowance for the openvpn user. raise Exception('You must be root to use this library.')
def test_05_good_init(self): """ Verify that the self object was initialized """ test_reading_file = '/tmp/mozdef.cfg' with open(test_reading_file, 'w') as filepointer: filepointer.write('[mozdef]\nmozdef_url = foo\n') filepointer.close() with mock.patch.object(mozdef_client_config.ConfigFetchMixin, 'CONFIG_FILE_LOCATIONS', new=[test_reading_file]): library = mozdef_client_config.ConfigedMozDefEvent() self.assertIsInstance(library, mozdef_client.MozDefEvent) self.assertIsInstance(library, mozdef_client_config.ConfigedMozDefEvent) self.assertIsInstance(library._send_events, bool, '_send_events must be a bool') self.assertIsInstance(library._send_to_syslog, bool, '_send_to_syslog must be a bool') self.assertIsInstance(library._syslog_only, bool, '_syslog_only must be a bool') self.assertTrue(library._send_events, '_send_events defaults to True') self.assertFalse(library._send_to_syslog, '_send_to_syslog defaults to False') self.assertFalse(library._syslog_only, '_syslog_only defaults to False')
def setUp(self): """ Preparing test rig """ self.library = mozdef_client_config.ConfigedMozDefEvent()