def test_041_trigger_rule_untag_host(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_trigger_rule("TAG_HOST", "localAddr", "test-tag", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
new_rule = create_trigger_rule("UNTAG_HOST", "localAddr", "test*", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test2 = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
assert( tag_test != None )
assert( "test-tag" in tag_test )
assert( tag_test2 == None or "test-tag" not in tag_test2)
def test_041_trigger_rule_untag_host(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_trigger_rule("TAG_HOST", "localAddr", "test-tag", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
new_rule = create_trigger_rule("UNTAG_HOST", "localAddr", "test*", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test2 = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
assert( tag_test != None )
assert( "test-tag" in tag_test )
assert( tag_test2 == None or "test-tag" not in tag_test2)
def test_050_alert_rule(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['alertRules']['list'].append( new_rule )
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
events = global_functions.get_events('Events','Alert Events',None,10)
found = global_functions.check_events( events.get('list'), 5,
'description', 'test alert rule' )
uvmContext.eventManager().setSettings( orig_settings )
assert(events != None)
assert ( found )
def test_050_alert_rule(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['alertRules']['list'].append( new_rule )
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
events = global_functions.get_events('Events','Alert Events',None,10)
found = global_functions.check_events( events.get('list'), 5,
'description', 'test alert rule' )
uvmContext.eventManager().setSettings( orig_settings )
assert(events != None)
assert ( found )
def test_060_customized_email_alert(self):
"""Create custom email template and verify alert email is received correctly"""
#get settings, backup original settings
email_settings = uvmContext.eventManager().getSettings()
orig_email_settings = copy.deepcopy(email_settings)
admin_settings = uvmContext.adminManager().getSettings()
orig_admin_settings = copy.deepcopy(admin_settings)
#change admin email to verify sent email
new_admin_email = global_functions.random_email()
admin_settings["users"]["list"][0]["emailAddress"] = new_admin_email
uvmContext.adminManager().setSettings(admin_settings)
#set custom email template subject and body
new_email_subject = "NEW EMAIL SUBJECT TEST"
new_email_body = "NEW EMAIL BODY TEST"
email_settings["emailSubject"] = new_email_subject
email_settings["emailBody"] = new_email_body
#set new alert rule for easy trigger of email
new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*", sendEmail=True)
email_settings['alertRules']['list'].append(new_rule)
#set new settings
uvmContext.eventManager().setSettings(email_settings)
#send a session
remote_control.is_online()
time.sleep(4)
#check email sent is correct
emailFound = False
timeout = 5
alertEmail = ""
while not emailFound and timeout > 0:
timeout -= 1
time.sleep(1)
alertEmail = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + new_admin_email + " 2>&1 | grep TEST" ,stdout=True)
if (alertEmail != ""):
emailFound = True
#set settings back
uvmContext.eventManager().setSettings(orig_email_settings)
uvmContext.adminManager().setSettings(orig_admin_settings)
assert(emailFound)
def test_040_remote_syslog(self):
if (not can_syslog):
raise unittest.SkipTest('Unable to syslog through ' +
syslog_server_host)
firewall_app = None
if (uvmContext.appManager().isInstantiated("firewall")):
print("App %s already installed" % "firewall")
firewall_app = uvmContext.appManager().app("firewall")
else:
firewall_app = uvmContext.appManager().instantiate(
"firewall", default_policy_id)
# Install firewall rule to generate syslog events
rules = firewall_app.getRules()
rules["list"].append(
create_firewall_rule("SRC_ADDR", remote_control.client_ip))
firewall_app.setRules(rules)
rules = firewall_app.getRules()
# Get rule ID
for rule in rules['list']:
if rule['enabled'] and rule['block']:
targetRuleId = rule['ruleId']
break
# Setup syslog to send events to syslog host in /config/events/syslog
syslogSettings = uvmContext.eventManager().getSettings()
syslogSettings["syslogEnabled"] = True
syslogSettings["syslogPort"] = 514
syslogSettings["syslogProtocol"] = "UDP"
syslogSettings["syslogHost"] = syslog_server_host
uvmContext.eventManager().setSettings(syslogSettings)
# create some traffic (blocked by firewall and thus create a syslog event)
exactly_now = datetime.now()
exactly_now_minus1 = datetime.now() - timedelta(minutes=1)
exactly_now_plus1 = datetime.now() + timedelta(minutes=1)
timestamp = exactly_now.strftime('%Y-%m-%d %H:%M')
timestamp_minus1 = exactly_now_minus1.strftime('%Y-%m-%d %H:%M')
timestamp_now_plus1 = exactly_now_plus1.strftime('%Y-%m-%d %H:%M')
result = remote_control.is_online(tries=1)
# flush out events
self._app.flushEvents()
# remove the firewall rule aet syslog back to original settings
self._app.setSettings(orig_settings)
rules["list"] = []
firewall_app.setRules(rules)
# remove firewall
if firewall_app != None:
uvmContext.appManager().destroy(
firewall_app.getAppSettings()["id"])
firewall_app = None
# parse the output and look for a rule that matches the expected values
tries = 5
found_count = 0
timestamp_variations = [
str('\"timeStamp\":\"%s' % timestamp_minus1),
str('\"timeStamp\":\"%s' % timestamp_now_plus1)
]
strings_to_find = [
'\"blocked\":true',
str('\"ruleId\":%i' % targetRuleId),
str('\"timeStamp\":\"%s' % timestamp)
]
num_string_find = len(strings_to_find)
while (tries > 0 and found_count < num_string_find):
# get syslog results on server
rsyslogResult = remote_control.run_command(
"sudo tail -n 200 /var/log/syslog | grep 'FirewallEvent'",
host=syslog_server_host,
stdout=True)
tries -= 1
for line in rsyslogResult.splitlines():
print("\nchecking line: %s " % line)
found_count = 0
for string in strings_to_find:
if not string in line:
print("missing: %s" % string)
if ('timeStamp' in string):
# Allow +/- one minute in timestamp
if (timestamp_variations[0]
in line) or (timestamp_variations[1]
in line):
print("found: time with varation %s or %s" %
(timestamp_variations[0],
timestamp_variations[1]))
found_count += 1
else:
break
else:
# continue
break
else:
found_count += 1
print("found: %s" % string)
# break if all the strings have been found.
if found_count == num_string_find:
break
time.sleep(2)
# Disable syslog
syslogSettings = uvmContext.eventManager().getSettings()
syslogSettings["syslogEnabled"] = False
uvmContext.eventManager().setSettings(syslogSettings)
assert (found_count == num_string_find)
def test_040_remote_syslog(self):
if (not can_syslog):
raise unittest.SkipTest('Unable to syslog through ' + syslog_server_host)
firewall_app = None
if (uvmContext.appManager().isInstantiated("firewall")):
print("App %s already installed" % "firewall")
firewall_app = uvmContext.appManager().app("firewall")
else:
firewall_app = uvmContext.appManager().instantiate("firewall", default_policy_id)
# Install firewall rule to generate syslog events
rules = firewall_app.getRules()
rules["list"].append(create_firewall_rule("SRC_ADDR",remote_control.client_ip));
firewall_app.setRules(rules);
rules = firewall_app.getRules()
# Get rule ID
for rule in rules['list']:
if rule['enabled'] and rule['block']:
targetRuleId = rule['ruleId']
break
# Setup syslog to send events to syslog host in /config/events/syslog
syslogSettings = uvmContext.eventManager().getSettings()
syslogSettings["syslogEnabled"] = True
syslogSettings["syslogPort"] = 514
syslogSettings["syslogProtocol"] = "UDP"
syslogSettings["syslogHost"] = syslog_server_host
uvmContext.eventManager().setSettings( syslogSettings )
# create some traffic (blocked by firewall and thus create a syslog event)
exactly_now = datetime.now()
exactly_now_minus1 = datetime.now() - timedelta(minutes=1)
exactly_now_plus1 = datetime.now() + timedelta(minutes=1)
timestamp = exactly_now.strftime('%Y-%m-%d %H:%M')
timestamp_minus1 = exactly_now_minus1.strftime('%Y-%m-%d %H:%M')
timestamp_now_plus1 = exactly_now_plus1.strftime('%Y-%m-%d %H:%M')
result = remote_control.is_online(tries=1)
# flush out events
app.flushEvents()
# remove the firewall rule aet syslog back to original settings
app.setSettings(orig_settings)
rules["list"]=[];
firewall_app.setRules(rules);
# remove firewall
if firewall_app != None:
uvmContext.appManager().destroy( firewall_app.getAppSettings()["id"] )
firewall_app = None
# parse the output and look for a rule that matches the expected values
tries = 5
found_count = 0
timestamp_variations = [str('\"timeStamp\":\"%s' % timestamp_minus1),str('\"timeStamp\":\"%s' % timestamp_now_plus1)]
strings_to_find = ['\"blocked\":true',str('\"ruleId\":%i' % targetRuleId),str('\"timeStamp\":\"%s' % timestamp)]
num_string_find = len(strings_to_find)
while (tries > 0 and found_count < num_string_find):
# get syslog results on server
rsyslogResult = remote_control.run_command("sudo tail -n 200 /var/log/syslog | grep 'FirewallEvent'", host=syslog_server_host, stdout=True)
tries -= 1
for line in rsyslogResult.splitlines():
print("\nchecking line: %s " % line)
found_count = 0
for string in strings_to_find:
if not string in line:
print("missing: %s" % string)
if ('timeStamp' in string):
# Allow +/- one minute in timestamp
if (timestamp_variations [0] in line) or (timestamp_variations [1] in line):
print("found: time with varation %s or %s" % (timestamp_variations [0],timestamp_variations [1]))
found_count += 1
else:
break
else:
# continue
break
else:
found_count += 1
print("found: %s" % string)
# break if all the strings have been found.
if found_count == num_string_find:
break
time.sleep(2)
# Disable syslog
syslogSettings = uvmContext.eventManager().getSettings()
syslogSettings["syslogEnabled"] = False
uvmContext.eventManager().setSettings( syslogSettings )
assert(found_count == num_string_find)
