def loginspectiontest(rule_to_apply, policy_id, configuration, api_version,
overrides, operating_system):
print("---Running The Log Inspection Test---")
#Get the LI Rule ID
rule_id = getruleid("li", rule_to_apply, configuration, api_version)
# Check if the rule is assigned to the policy
found = checkifruleassigned(rule_to_apply, "li", rule_id, policy_id,
configuration, api_version, overrides)
# If the rule is not assigned, then assign it
if (found == False):
assignlirule(rule_to_apply, rule_id, policy_id, configuration,
api_version, overrides, True)
# Run the tests
runtest(operating_system)
# If the rule was not originally assigned, remove it to restore the state of the policy
if (found == False):
assignlirule(rule_to_apply, rule_id, policy_id, configuration,
api_version, overrides, False)
# Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
print("---Log Inspection Test Completed---")
def ipstest(rule_to_apply, policy_id, configuration, api_version, overrides,
operating_system):
#Get the IPS rule id for the rule defined by rule_to_apply
print("---Running The Intrusion Prevention Test---")
rule_id = getruleid("ips", rule_to_apply, configuration, api_version)
#Check if the rule is assigned to the policy
found = checkifruleassigned(rule_to_apply, "ips", rule_id, policy_id,
configuration, api_version, overrides)
#If the rule is not assigned, assign it
if (found == False):
assignipsrule(rule_to_apply, rule_id, policy_id, configuration,
api_version, overrides, True)
# Wait for the policy to be sent
time.sleep(10)
# Run the test
runtest()
#If the rule was not originally assigned, unassign it to restore the original state
if (found == False):
assignipsrule(rule_to_apply, rule_id, policy_id, configuration,
api_version, overrides, False)
#Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
print("---Intrusion Prevention Test Complete---")
def dockeramtest(host_id, policy_id, configuration, api_version, overrides,
operating_system):
# Check if Docker is installed
print("---Running The Docker Test---")
docker_installed = False
if ("ubuntu" in operating_system or "redhat" in operating_system):
print("Checking if Docker is installed")
cmd = "sudo docker version"
output = runcommand(cmd)
if (output == ""):
print("Docker not found; installing Docker")
if ("ubuntu" in operating_system):
cmd = "sudo apt-get install docker.io -y"
output = runcommand(cmd)
if ("redhat" in operating_system):
cmd = "sudo yum install docker -y"
output = runcommand(cmd)
else:
docker_installed = True
if ("windows" in operating_system):
print(
"This test only works on ubuntu and redhat currently. Exiting!!")
return ()
cmd = "docker version"
output = runcommand(cmd)
if ("docker" in output.lower() and "version" in output.lower()
and "build" in output.lower()):
print("Found docker installed already")
docker_installed = True
else:
cmd = "curl https://download.docker.com/win/stable/Docker%20Desktop%20Installer.exe -o Docker_Desktop_Installer.exe"
output = runcommand(cmd)
cmd = "Docker_Desktop_Installer.exe install --quiet"
output = runcommand(cmd)
# Run the tests
runtest(host_id, policy_id, configuration, api_version, overrides,
operating_system)
#Clean up after the tests and reset the system to it's original state
if (docker_installed == False):
cleanup(operating_system)
# Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
def antimalwaretest(operating_system):
# Set up the filenames to write the downloaded files to
tempfile = "eicar.com"
tempfile2 = "eicar.com.txt"
tempfile3 = "eicar_com.zip"
tempfile4 = "eicarcom2.zip"
# Attempt to download the various eicar test files
print("---Running Anti-Malware Test---")
print("Downloading eicar.com")
downloadfileutf8('https://secure.eicar.org/eicar.com', tempfile)
print("Downloading eicar.com.txt")
downloadfileutf8('https://secure.eicar.org/eicar.com.txt', tempfile2)
print("Downloading eicar_com.zip")
downloadfilebinary('https://secure.eicar.org/eicar_com.zip', tempfile3)
print("Downloading eicarcom2.zip")
downloadfilebinary('https://secure.eicar.org/eicarcom2.zip', tempfile4)
print("---Anti-Malware Test Complete---")
#Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
def applicationcontroltest(host_id, policy_id, configuration, api_version, overrides, operating_system):
print("---Running The Application Control Test---")
#Check if Application control is already enabled
enabled = False
policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration))
application_control_policy_extension = deepsecurity.ApplicationControlPolicyExtension()
if(application_control_policy_extension.state is not None):
if("on" in application_control_policy_extension.state):
enabled = True
#If application control is not enabled, enable it
if(enabled == False):
print("Enabling Application Control")
enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "on")
done = False
while done == False:
print("Waiting for Application Control Baseline to finish...")
#put a sleep here to allow the policy to update and the baseline to start
time.sleep(30)
status = getacstatus(host_id, policy_id, configuration, api_version, overrides)
if(status is not None):
if("sending policy" in status.lower() or "application control inventory scan in progress" in status.lower() or "security update in progress" in status.lower()):
time.sleep(10)
else:
print("Application Control Baseline complete")
done = True
#Run the tests
runtest(operating_system)
# If Application Control was not previously on, turn it off again to return the policy to it's original state
if(enabled == False):
enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "off")
#Clean up after the tests and reset the system to it's original state
cleanup(policy_id, policies_api, application_control_policy_extension, api_version, enabled, operating_system)
# Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
print("---Application Control Test Completed---")
def webreputationtest(policy_id, configuration, api_version, overrides,
operating_system):
print("---Running The Web Reputation Test---")
# Check if WRS is on or off
current_state = checkifwrson(policy_id, configuration, api_version,
overrides)
# If it's off, let's turn it on
if ("off" in current_state):
modifywrsstate(policy_id, configuration, api_version, overrides, "on")
time.sleep(10)
# Attempt to access each of the sites to trigger events
print("Testing the Dangerous URL: http://wrs49.winshipway.com/")
print(subprocess.call(['curl', 'http://wrs49.winshipway.com/']))
print("Testing the Highly Suspicious URL: http://wrs65.winshipway.com/")
print(subprocess.call(['curl', 'http://wrs65.winshipway.com/']))
print("Testing the Suspicious URL: http://wrs70.winshipway.com/")
print(subprocess.call(['curl', 'http://wrs70.winshipway.com/']))
print("Testing the Unrated URL: http://wrs71.winshipway.com/")
print(subprocess.call(['curl', 'http://wrs71.winshipway.com/']))
print("Testing the Normal URL: http://wrs81.winshipway.com/")
print(subprocess.call(['curl', 'http://wrs81.winshipway.com/']))
print("Testing the Dangerous C&C URL: http://ca91-1.winshipway.com/")
print(subprocess.call(['curl', 'http://ca91-1.winshipway.com/']))
# If WRS was off originally, turn it off again
if ("off" in current_state):
modifywrsstate(policy_id, configuration, api_version, overrides, "off")
# Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
print("---Web Reputation Test Completed---")