def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictMounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.sh = ServiceHelper(self.environ, self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictMounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.sh = ServiceHelper(self.environ, self.logdispatch)
class zzzTestRuleRestrictMounting(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictMounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.sh = ServiceHelper(self.environ, self.logdispatch)
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
# Enable CIs
datatype = "bool"
key = "RESTRICTCONSOLEACCESS"
instructions = "Unit test"
default = True
self.rule.consoleCi = self.rule.initCi(datatype, key, instructions,
default)
key = "DISABLEAUTOFS"
self.rule.autofsCi = self.rule.initCi(datatype, key, instructions,
default)
key = "DISABLEGNOMEAUTOMOUNT"
self.rule.gnomeCi = self.rule.initCi(datatype, key, instructions,
default)
self.path1 = "/etc/security/console.perms.d/50-default.perms"
self.path2 = "/etc/security/console.perms"
self.data1 = ["<floppy>=/dev/fd[0-1]* \\",
"<scanner>=/dev/scanner* /dev/usb/scanner*",
"<flash>=/mnt/flash* /dev/flash*",
"# permission definitions",
"<console> 0660 <floppy> 0660 root.floppy",
"<console> 0600 <scanner> 0600 root",
"<console> 0600 <flash> 0600 root.disk"]
self.data2 = ["<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+",
"<xconsole>=:[0-9]+\.[0-9]+ :[0-9]+"]
if os.path.exists(self.path1):
self.tmpfile1 = self.path1 + ".tmp"
os.rename(self.path1, self.tmpfile1)
try:
defaultPermsFile = open(self.path1, "w")
except IOError:
debug = "Could not open file " + self.path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
try:
defaultPermsFile.writelines(self.data1)
except IOError:
debug = "Could not write to file " + self.path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
if os.path.exists(self.path2):
self.tmpfile2 = self.path2 + ".tmp"
os.rename(self.path2, self.tmpfile2)
try:
permsFile = open(self.path2, "w")
except IOError:
debug = "Could not open file " + self.path2 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
try:
permsFile.writelines(self.data2)
except IOError:
debug = "Could not write to file " + self.path2 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
# If autofs is installed, enable and start it. If it is not
# installed, it will not be tested.
if self.ph.check("autofs"):
if not self.sh.enableservice("autofs"):
debug = "Could not enable autofs\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
cmd = ["gconftool-2", "--direct", "--config-source",
"xml:readwrite:/etc/gconf/gconf.xml.mandatory",
"--type", "bool", "--set",
"/desktop/gnome/volume_manager/automount_media",
"true"]
cmdSuccess = self.ch.executeCommand(cmd)
cmd = ["gconftool-2", "--direct", "--config-source",
"xml:readwrite:/etc/gconf/gconf.xml.mandatory",
"--type", "bool", "--set",
"/desktop/gnome/volume_manager/automount_drives",
"true"]
cmdSuccess &= self.ch.executeCommand(cmd)
if not cmdSuccess:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " +
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " +
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
# Cleanup: put original perms files back
if os.path.exists(self.path1) and os.path.exists(self.tmpfile1):
os.remove(self.path1)
os.rename(self.tmpfile1, self.path1)
if os.path.exists(self.path2) and os.path.exists(self.tmpfile2):
os.remove(self.path2)
os.rename(self.tmpfile2, self.path2)
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " +
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " +
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestRuleRestrictMounting(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictMounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.sh = ServiceHelper(self.environ, self.logdispatch)
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
# Enable CIs
datatype = "bool"
key = "RESTRICTCONSOLEACCESS"
instructions = "Unit test"
default = True
self.rule.consoleCi = self.rule.initCi(datatype, key, instructions,
default)
key = "DISABLEAUTOFS"
self.rule.autofsCi = self.rule.initCi(datatype, key, instructions,
default)
key = "DISABLEGNOMEAUTOMOUNT"
self.rule.gnomeCi = self.rule.initCi(datatype, key, instructions,
default)
self.path1 = "/etc/security/console.perms.d/50-default.perms"
self.path2 = "/etc/security/console.perms"
self.data1 = [
"<floppy>=/dev/fd[0-1]* \\",
"<scanner>=/dev/scanner* /dev/usb/scanner*",
"<flash>=/mnt/flash* /dev/flash*", "# permission definitions",
"<console> 0660 <floppy> 0660 root.floppy",
"<console> 0600 <scanner> 0600 root",
"<console> 0600 <flash> 0600 root.disk"
]
self.data2 = [
"<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+",
"<xconsole>=:[0-9]+\.[0-9]+ :[0-9]+"
]
if os.path.exists(self.path1):
self.tmpfile1 = self.path1 + ".tmp"
os.rename(self.path1, self.tmpfile1)
try:
defaultPermsFile = open(self.path1, "w")
except IOError:
debug = "Could not open file " + self.path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
try:
defaultPermsFile.writelines(self.data1)
except IOError:
debug = "Could not write to file " + self.path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
if os.path.exists(self.path2):
self.tmpfile2 = self.path2 + ".tmp"
os.rename(self.path2, self.tmpfile2)
try:
permsFile = open(self.path2, "w")
except IOError:
debug = "Could not open file " + self.path2 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
try:
permsFile.writelines(self.data2)
except IOError:
debug = "Could not write to file " + self.path2 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
# If autofs is installed, enable and start it. If it is not
# installed, it will not be tested.
if self.ph.check("autofs"):
if not self.sh.enableservice("autofs"):
debug = "Could not enable autofs\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
cmd = [
"gconftool-2", "--direct", "--config-source",
"xml:readwrite:/etc/gconf/gconf.xml.mandatory", "--type", "bool",
"--set", "/desktop/gnome/volume_manager/automount_media", "true"
]
cmdSuccess = self.ch.executeCommand(cmd)
cmd = [
"gconftool-2", "--direct", "--config-source",
"xml:readwrite:/etc/gconf/gconf.xml.mandatory", "--type", "bool",
"--set", "/desktop/gnome/volume_manager/automount_drives", "true"
]
cmdSuccess &= self.ch.executeCommand(cmd)
if not cmdSuccess:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG,
"pCompliance = " + str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG,
"pRuleSuccess = " + str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
# Cleanup: put original perms files back
if os.path.exists(self.path1) and os.path.exists(self.tmpfile1):
os.remove(self.path1)
os.rename(self.tmpfile1, self.path1)
if os.path.exists(self.path2) and os.path.exists(self.tmpfile2):
os.remove(self.path2)
os.rename(self.tmpfile2, self.path2)
self.logdispatch.log(LogPriority.DEBUG,
"pRuleSuccess = " + str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG,
"pRuleSuccess = " + str(pRuleSuccess) + ".")
success = True
return success