def test_11_properties(self):
""" Verify that property wrappers work """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[mozdef]\nmozdef_url = foo\n')
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
library = mozdef_client_config.ConfigedMozDefEvent()
# Don't set anything? It's an event:
self.assertEqual(library.category, 'event')
# Setting:
library.category = 'Authentication'
# Getting OUR property:
self.assertEqual(library.category, 'authentication')
# And the upstream property (this might change in the future):
self.assertEqual(library._category, 'authentication')
self.assertEqual(library.source, None)
# Setting:
library.source = 'SomeWords Go Here'
# Getting OUR property:
self.assertEqual(library.source, 'SomeWords Go Here')
# And the upstream property (this might change in the future):
self.assertEqual(library._source, 'SomeWords Go Here')
def test_00_ingest_no_config(self):
""" With no config files, get an error """
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[]):
with self.assertRaises(ValueError):
mozdef_client_config.ConfigedMozDefEvent()
def test_06_optional_params(self):
""" Verify that the self object was initialized with foofy parameters """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[mozdef]\nsend_events = False\n')
filepointer.write(
'send_to_syslog = True\nsyslog_only = True\nsyslog_facility = local0\n'
)
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
library = mozdef_client_config.ConfigedMozDefEvent()
self.assertIsInstance(library, mozdef_client.MozDefEvent)
self.assertIsInstance(library,
mozdef_client_config.ConfigedMozDefEvent)
self.assertIsInstance(library._send_to_syslog, bool,
'_send_to_syslog must be a bool')
self.assertIsInstance(library._syslog_only, bool,
'_syslog_only must be a bool')
self.assertTrue(library._send_to_syslog,
'_send_to_syslog becomes True')
self.assertTrue(library._syslog_only, '_syslog_only becomes True')
# This presumes that mozdef_client does facility this way:
self.assertEqual(library._facility, syslog.LOG_LOCAL0,
'_facility gets set as desired')
def test_01_ingest_empty_config(self):
""" With junk config files, get an error """
test_reading_file = 'test/context.py'
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
with self.assertRaises(ValueError):
mozdef_client_config.ConfigedMozDefEvent()
def test_03_ingest_partial_config(self):
""" With send_events and no url, get an error """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[mozdef]\nsend_events = True\n')
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
with self.assertRaises(ValueError):
mozdef_client_config.ConfigedMozDefEvent()
os.remove(test_reading_file)
def test_02_ingest_bad_config(self):
""" With config file lacking a url, get an error """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[aa]\nbb = cc\n')
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
with self.assertRaises(ValueError):
mozdef_client_config.ConfigedMozDefEvent()
os.remove(test_reading_file)
def log(self, summary, severity=None, details=None):
"""
This segment sends a log to mozdef for important events.
"""
logger = mozdef_client_config.ConfigedMozDefEvent()
logger.category = 'Authentication'
logger.source = 'openvpn'
logger.tags = ['vpn', 'duosecurity']
logger.summary = summary
logger.set_severity_from_string(severity)
if details is not None:
logger.details = details
logger.send()
# Print to stdout here because we want a local copy of the results.
# We could log to syslog, but that separates our files from the
# openvpn log to syslog.
if self.log_to_stdout: # pragma: no cover
# Most test cases are quiet / nonprinting
print logger.syslog_convert()
def test_send_actual(self):
""" Verify that the send doesn't die when sending """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[mozdef]\nmozdef_url = foo\n')
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
library = mozdef_client_config.ConfigedMozDefEvent()
library.summary = 'a test message'
library.tags = ['test-tag1', 'test-tag2']
library.details = {'testing': True, 'alert': False, 'is-a-test': 'yes'}
try:
library.send()
except Exception: # pragma: no cover pylint: disable=broad-except
# there are many 'raise' items in send, none of which should hit.
# And since this is a test, broad is intentional and fine.
self.fail("send() raised ExceptionType unexpectedly.")
def test_04_ingest_noop_config(self):
""" With send_events false and no url, proceed """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[mozdef]\nsend_events = False\n')
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
with mock.patch.object(mozdef_client, '__init__') as mock_super:
library = mozdef_client_config.ConfigedMozDefEvent()
mock_super.assert_called_once()
os.remove(test_reading_file)
self.assertIsInstance(library, mozdef_client.MozDefEvent)
self.assertIsInstance(library,
mozdef_client_config.ConfigedMozDefEvent)
self.assertIsInstance(library._send_events, bool,
'_send_events must be a bool')
self.assertFalse(library._send_events,
'_send_events can be told to be False')
def __init__(self):
"""
ingest the config file, then
establish our variables based on it.
"""
self.configfile = self._ingest_config_from_file()
_cf = self.configfile
self.iptables_executable = '/sbin/iptables'
if _cf.has_option('openvpn-netfilter', 'iptables_executable'):
self.iptables_executable = self.configfile.get(
'openvpn-netfilter', 'iptables_executable')
self.ipset_executable = '/usr/sbin/ipset'
if _cf.has_option('openvpn-netfilter', 'ipset_executable'):
self.ipset_executable = self.configfile.get(
'openvpn-netfilter', 'ipset_executable')
self.lockpath = '/var/run/openvpn_netfilter.lock'
if _cf.has_option('openvpn-netfilter', 'LOCKPATH'):
self.lockpath = self.configfile.get('openvpn-netfilter',
'LOCKPATH')
self.lockwaittime = 2 # this is in seconds
if _cf.has_option('openvpn-netfilter', 'LOCKWAITTIME'):
self.lockwaittime = self.configfile.getint('openvpn-netfilter',
'LOCKWAITTIME')
self.lockretriesmax = 10
if _cf.has_option('openvpn-netfilter', 'LOCKRETRIESMAX'):
self.lockretriesmax = self.configfile.getint(
'openvpn-netfilter', 'LOCKRETRIESMAX')
self._lock = None
self.username = None
self.client_ip = None
self.logger = mozdef_client_config.ConfigedMozDefEvent()
self.logger.tags = ['openvpn', 'netfilter']
if os.geteuid() != 0:
# Since everything in this class will modify iptables/ipset,
# this library pretty much must run as root.
#
# Side note:
# Since it's called from learn-address, that means you need
# to have a sudo allowance for the openvpn user.
raise Exception('You must be root to use this library.')
def test_05_good_init(self):
""" Verify that the self object was initialized """
test_reading_file = '/tmp/mozdef.cfg'
with open(test_reading_file, 'w') as filepointer:
filepointer.write('[mozdef]\nmozdef_url = foo\n')
filepointer.close()
with mock.patch.object(mozdef_client_config.ConfigFetchMixin,
'CONFIG_FILE_LOCATIONS',
new=[test_reading_file]):
library = mozdef_client_config.ConfigedMozDefEvent()
self.assertIsInstance(library, mozdef_client.MozDefEvent)
self.assertIsInstance(library,
mozdef_client_config.ConfigedMozDefEvent)
self.assertIsInstance(library._send_events, bool,
'_send_events must be a bool')
self.assertIsInstance(library._send_to_syslog, bool,
'_send_to_syslog must be a bool')
self.assertIsInstance(library._syslog_only, bool,
'_syslog_only must be a bool')
self.assertTrue(library._send_events, '_send_events defaults to True')
self.assertFalse(library._send_to_syslog,
'_send_to_syslog defaults to False')
self.assertFalse(library._syslog_only,
'_syslog_only defaults to False')
def setUp(self):
""" Preparing test rig """
self.library = mozdef_client_config.ConfigedMozDefEvent()