def test_3_4_2_nss_is_inactive_1(log_test_name, dc_is_joined,
set_da_installation, login_as_root):
"""
Disable NSS module
"""
logger.info("--- Case C1238952")
rc, result, error = login_as_root.send_command("dacontrol -d")
log_assert(rc == 0, f"Failed to run 'dacontrol -d': {error}")
rc, result, error = login_as_root.send_command("dainfo -q nss_status")
log_assert(rc == 1, f"NSS module is not disabled successfully: {error}")
def test_4_3_command_level_mode_5(log_test_name, dc_is_joined, login_as_root):
"""
Disable audited command
"""
logger.info("--- Case C1239001")
login_as_root.send_command(
"dacontrol -e -c /usr/share/centrifydc/libexec/adinfo")
login_as_root.send_command("dacontrol -e -c `which kill`")
rc, result, error = login_as_root.send_command("dacontrol -d -a")
log_assert(rc == 0, f"Failed to disable auditing of all commands: {error}")
def test_4_2_nss_mode_2(
log_test_name, dc_is_joined, set_da_installation, disable_da_nss, login_as_root):
"""
Enable NSS module
"""
logger.info("--- Case C1238981")
rc, result, error = login_as_root.send_command("dacontrol -e")
log_assert(rc == 0, f"Failed to run 'dacontrol -e': {error}")
rc, result, error = login_as_root.send_command("dainfo -q nss_status")
log_assert(rc == 0, f"NSS module is not enabled successfully: {error}")
def test_4_2_nss_mode_1(
log_test_name, dc_is_joined, set_da_installation, login_as_root):
"""
Enable 'dzdo' command
"""
logger.info("--- Case C1238980")
rc, result, error = login_as_root.send_command("dacontrol -e -c /usr/share/centrifydc/bin/dzdo")
log_assert(rc == 0, f"Failed to enable command auditing for 'dzdo': {error}")
# Restore
login_as_root.send_command("dacontrol -d -c /usr/share/centrifydc/bin/dzdo")
def test_3_4_2_nss_is_inactive_9(log_test_name, dc_is_joined,
set_da_installation, disable_da_nss,
css_test_machine):
"""
Login with local user who has the following sysrights:
Audit level: AuditRequired
Always permit login: false
"""
logger.info("--- Case C1238960")
if check_ssh_login(css_test_machine['public_ip'], "blocal3",
css_test_machine['blocal3_password']):
log_assert(
False,
"Login the machine as blocal3 somehow succeeded, which is unexpected."
)
def test_3_4_2_nss_is_inactive_4(log_test_name, dc_is_joined,
set_da_installation, disable_da_nss,
css_test_machine):
"""
Login with AD user who has the following sysrights:
Audit level: AuditRequired
Always permit login: false
"""
logger.info("--- Case C1238955")
if check_ssh_login(css_test_machine['public_ip'],
dc_is_joined['aduser_2001_name'],
dc_is_joined['common_password']):
log_assert(
False,
"Login the machine as (%s) somehow succeeded, which is unexpected."
% dc_is_joined['aduser_2001_name'])
def test_4_3_command_level_mode_1(log_test_name, dc_is_joined, login_as_root):
"""
Enable audited commands
"""
logger.info("--- Case C1238995")
rc, result, error = login_as_root.send_command(
"dacontrol -e -c /usr/share/centrifydc/libexec/adinfo")
log_assert(rc == 0,
f"Failed to enable command auditing for 'adinfo': {error}")
rc, result, error = login_as_root.send_command(
"dacontrol -e -c `which kill`")
log_assert(rc == 0,
f"Failed to enable command auditing for 'kill': {error}")
# Restore
login_as_root.send_command("dacontrol -d -a")
def test_3_4_audit_level_1(log_test_name, dc_is_joined, login_as_root):
"""
Check audit level for different AD users
"""
logger.info("--- Case C1238934")
rc, result, error = login_as_root.send_command(
"dzinfo %s" % dc_is_joined['aduser_0032_name'])
log_assert(rc == 0, f"Failed to run dzinfo: {error}")
content = ''.join(login_as_root.to_list(result))
logger.debug(content)
if not check_pattern(content, AUDIT_NOT_REQUESTED_PATTERN, True) or not \
check_pattern(content, RESCURE_RIGHT_FALSE_PATTERN, True):
log_assert(False, f"Unexpected result from dzinfo: {content}")
rc, result, error = login_as_root.send_command(
"dzinfo %s" % dc_is_joined['aduser_0033_name'])
log_assert(rc == 0, f"Failed to run dzinfo: {error}")
content = ''.join(login_as_root.to_list(result))
logger.debug(content)
if not check_pattern(content, AUDIT_IF_POSSIBLE_PATTERN, True) or not \
check_pattern(content, RESCURE_RIGHT_FALSE_PATTERN, True):
log_assert(False, f"Unexpected result from dzinfo: {content}")
rc, result, error = login_as_root.send_command(
"dzinfo %s" % dc_is_joined['aduser_2001_name'])
log_assert(rc == 0, f"Failed to run dzinfo: {error}")
content = ''.join(login_as_root.to_list(result))
logger.debug(content)
if not check_pattern(content, AUDIT_REQUIRED_PATTERN, True) or not \
check_pattern(content, RESCURE_RIGHT_FALSE_PATTERN, True):
log_assert(False, f"Unexpected result from dzinfo: {content}")
rc, result, error = login_as_root.send_command(
"dzinfo %s" % dc_is_joined['aduser_2002_name'])
log_assert(rc == 0, f"Failed to run dzinfo: {error}")
content = ''.join(login_as_root.to_list(result))
logger.debug(content)
if not check_pattern(content, AUDIT_REQUIRED_PATTERN, True) or not \
check_pattern(content, RESCURE_RIGHT_TRUE_PATTERN, True):
log_assert(False, f"Unexpected result from dzinfo: {content}")
rc, result, error = login_as_root.send_command(
"dzinfo %s" % dc_is_joined['aduser_2004_name'])
log_assert(rc == 0, f"Failed to run dzinfo: {error}")
content = ''.join(login_as_root.to_list(result))
logger.debug(content)
if not check_pattern(content, AUDIT_IF_POSSIBLE_PATTERN, True) or not \
check_pattern(content, RESCURE_RIGHT_TRUE_PATTERN, True):
log_assert(False, f"Unexpected result from dzinfo: {content}")
