def test_update(self, mock_create_rules, mock_delete_rule,
mock_rule_exists):
"""
Unittest to update a rule.
:param mock_create_rules:
:param mock_delete_rule:
:param mock_rule_exists:
:return:
"""
param = {
"type": "System Rule",
"rule_info": {
"action": "always",
"filter": "exit",
"systemcall": "init_module,delete_module"
",finit_module",
"field": ["arch=b32", "arch=b64"],
"key": "abcde"
}
}
old_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
new_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abcde'
mock_rule_exists.return_value = True
mock_delete_rule.return_value = {}
mock_create_rules.return_value = new_rule
ruleModel = RuleModel()
out_rule = ruleModel.update(old_rule, param)
self.assertEquals(out_rule, new_rule)
def test_get_audit_rule_info(self, mock_system_info, mock_load_persist,
mock_type):
rule_type = 'System Call Rule'
name = 'a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
mock_type.return_value = rule_type
audit_info = {
'rule': 'a always,exit -F arch=b32 -F '
'arch=b64 -S init_module,'
'delete_module,finit_module -F key=abc99',
'type': 'System Call Rule'
}
mock_load_persist.return_value = {}
expected_out = {
'type':
'System Call Rule',
'rule':
'a always,exit -F arch=b32 -F'
' arch=b64 -S init_module,delete_module,'
'finit_module -F key=abc99'
}
mock_system_info.return_value = {}
rulemodel = RuleModel()
actualout = rulemodel.get_audit_rule_info(name)
mock_system_info.assert_called_with(audit_info, name)
self.assertEquals(actualout, expected_out)
def test_delete_success(self, mock_exists, mock_delete_rule):
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
mock_exists.return_value = True
mock_delete_rule.return_value = {}
rulemodel = RuleModel()
rulemodel.delete(rule)
def test_unload_loaded_unpersisted(self, mock_reload, mock_get_audit_info):
"""
Unnitest to unload a loaded and unpersisted rule.
:param mock_reload:
:param mock_delete:
:param mock_get_audit_info:
:return:
"""
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
audit_info = {'loaded': 'yes', 'persisted': 'no',
'type': 'System Call Rule',
'rule_info': {'action': u'always',
'filter': u'exit',
'systemcall': u'init_module,'
u'delete_module,'
u'finit_module',
'key': u'abc99', 'field': [u'arch=b32',
u'arch=b64',
u'key=abc99']
},
'rule': u'-a always,exit -F arch=b32 '
u'-F arch=b64 -S init_module,'
u'delete_module,finit_module'
u' -F key=abc99'
}
mock_get_audit_info.return_value = audit_info
mock_reload.return_value = {}
rulemodel = RuleModel()
rulemodel.unload(rule)
mock_get_audit_info.assert_called_with(rule)
def test_persist(self, mock_exist, mock_write, mock_get_audit_info):
"""
Unittest to persist the rule in the rules file
:param mock_write:
:param mock_get_audit_info:
:return:
"""
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
audit_info = {'loaded': 'yes', 'persisted': 'no',
'type': 'System Call Rule',
'rule_info': {'action': u'always',
'filter': u'exit',
'systemcall': u'init_module,'
u'delete_module,'
u'finit_module',
'key': u'abc99', 'field': [u'arch=b32',
u'arch=b64',
u'key=abc99']
},
'rule': u'-a always,exit -F arch=b32 '
u'-F arch=b64 -S init_module,'
u'delete_module,finit_module'
u' -F key=abc99'
}
mock_exist.return_value = False
mock_get_audit_info.return_value = audit_info
mock_write.return_value = {}
ruleModel = RuleModel()
ruleModel.persist(rule)
mock_get_audit_info.assert_called_with(rule)
def test_audit_rule_type(self):
"""
Unittest to get rule type.
:return:
"""
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
rule_type = "System Call Rule"
ruleModel = RuleModel()
out_type = ruleModel.get_auditrule_type(rule)
self.assertEquals(out_type, rule_type)
def test_load(self, mock_load):
"""
Unittest to load a rule.
:param mock_write:
:param mock_get_audit_info:
:return:
"""
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
mock_load.return_value = {}
ruleModel = RuleModel()
ruleModel.load(rule)
mock_load.assert_called_with(rule)