Esempio n. 1
0
 def test_update(self, mock_create_rules, mock_delete_rule,
                 mock_rule_exists):
     """
     Unittest to update a rule.
     :param mock_create_rules:
     :param mock_delete_rule:
     :param mock_rule_exists:
     :return:
     """
     param = {
         "type": "System Rule",
         "rule_info": {
             "action": "always",
             "filter": "exit",
             "systemcall": "init_module,delete_module"
             ",finit_module",
             "field": ["arch=b32", "arch=b64"],
             "key": "abcde"
         }
     }
     old_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
                'delete_module,finit_module -F key=abc99'
     new_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
                'delete_module,finit_module -F key=abcde'
     mock_rule_exists.return_value = True
     mock_delete_rule.return_value = {}
     mock_create_rules.return_value = new_rule
     ruleModel = RuleModel()
     out_rule = ruleModel.update(old_rule, param)
     self.assertEquals(out_rule, new_rule)
Esempio n. 2
0
 def test_get_audit_rule_info(self, mock_system_info, mock_load_persist,
                              mock_type):
     rule_type = 'System Call Rule'
     name = 'a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
            'delete_module,finit_module -F key=abc99'
     mock_type.return_value = rule_type
     audit_info = {
         'rule': 'a always,exit -F arch=b32 -F '
         'arch=b64 -S init_module,'
         'delete_module,finit_module -F key=abc99',
         'type': 'System Call Rule'
     }
     mock_load_persist.return_value = {}
     expected_out = {
         'type':
         'System Call Rule',
         'rule':
         'a always,exit -F arch=b32 -F'
         ' arch=b64 -S init_module,delete_module,'
         'finit_module -F key=abc99'
     }
     mock_system_info.return_value = {}
     rulemodel = RuleModel()
     actualout = rulemodel.get_audit_rule_info(name)
     mock_system_info.assert_called_with(audit_info, name)
     self.assertEquals(actualout, expected_out)
Esempio n. 3
0
 def test_delete_success(self, mock_exists, mock_delete_rule):
     rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
            'delete_module,finit_module -F key=abc99'
     mock_exists.return_value = True
     mock_delete_rule.return_value = {}
     rulemodel = RuleModel()
     rulemodel.delete(rule)
Esempio n. 4
0
 def test_unload_loaded_unpersisted(self, mock_reload, mock_get_audit_info):
     """
     Unnitest to unload a loaded and unpersisted rule.
     :param mock_reload:
     :param mock_delete:
     :param mock_get_audit_info:
     :return:
     """
     rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
            'delete_module,finit_module -F key=abc99'
     audit_info = {'loaded': 'yes', 'persisted': 'no',
                   'type': 'System Call Rule',
                   'rule_info': {'action': u'always',
                                 'filter': u'exit',
                                 'systemcall': u'init_module,'
                                               u'delete_module,'
                                               u'finit_module',
                                 'key': u'abc99', 'field': [u'arch=b32',
                                                            u'arch=b64',
                                                            u'key=abc99']
                                 },
                   'rule': u'-a always,exit -F arch=b32 '
                           u'-F arch=b64 -S init_module,'
                           u'delete_module,finit_module'
                           u' -F key=abc99'
                   }
     mock_get_audit_info.return_value = audit_info
     mock_reload.return_value = {}
     rulemodel = RuleModel()
     rulemodel.unload(rule)
     mock_get_audit_info.assert_called_with(rule)
Esempio n. 5
0
 def test_persist(self, mock_exist, mock_write, mock_get_audit_info):
     """
     Unittest to persist the rule in the rules file
     :param mock_write:
     :param mock_get_audit_info:
     :return:
     """
     rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
            'delete_module,finit_module -F key=abc99'
     audit_info = {'loaded': 'yes', 'persisted': 'no',
                   'type': 'System Call Rule',
                   'rule_info': {'action': u'always',
                                 'filter': u'exit',
                                 'systemcall': u'init_module,'
                                               u'delete_module,'
                                               u'finit_module',
                                 'key': u'abc99', 'field': [u'arch=b32',
                                                            u'arch=b64',
                                                            u'key=abc99']
                                 },
                   'rule': u'-a always,exit -F arch=b32 '
                           u'-F arch=b64 -S init_module,'
                           u'delete_module,finit_module'
                           u' -F key=abc99'
                   }
     mock_exist.return_value = False
     mock_get_audit_info.return_value = audit_info
     mock_write.return_value = {}
     ruleModel = RuleModel()
     ruleModel.persist(rule)
     mock_get_audit_info.assert_called_with(rule)
Esempio n. 6
0
 def test_audit_rule_type(self):
     """
      Unittest to get rule type.
     :return:
     """
     rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
            'delete_module,finit_module -F key=abc99'
     rule_type = "System Call Rule"
     ruleModel = RuleModel()
     out_type = ruleModel.get_auditrule_type(rule)
     self.assertEquals(out_type, rule_type)
Esempio n. 7
0
 def test_load(self, mock_load):
     """
      Unittest to load a rule.
     :param mock_write:
     :param mock_get_audit_info:
     :return:
     """
     rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
            'delete_module,finit_module -F key=abc99'
     mock_load.return_value = {}
     ruleModel = RuleModel()
     ruleModel.load(rule)
     mock_load.assert_called_with(rule)