def test_get_ossec_rule_filenames_args_no_autodetect(self, ans_mock, _):
""" Tests `get_ossec_rule_filenames`: check that no autodetect is set.
"""
self.autodetect = None
args_string = 'target={} scan_type={} rdns={} scan_timming={} scan_ports={} job_id={}'.format(
self.target_system_ip, self.scan_type, str(self.reverse_dns).lower(), self.scan_timing,
self.port_range, self.job_id)
ansible_run_nmap_scan(self.sensor_ip, self.target_system_ip, self.scan_type, self.reverse_dns,
self.scan_timing, self.autodetect, self.port_range, self.job_id)
ans_mock.run_module.assert_called_once_with([self.sensor_ip], 'av_nmap', args_string)
def test_get_ossec_rule_filenames_args_no_reverse_dns(self, ans_mock, _):
""" Tests `get_ossec_rule_filenames`: check that no reverse_dns is set.
"""
self.reverse_dns = None
args_string = 'target={} scan_type={} scan_timming={} autodetect={} scan_ports={} job_id={}'.format(
self.target_system_ip, self.scan_type, self.scan_timing,
str(self.autodetect).lower(), self.port_range, self.job_id)
ansible_run_nmap_scan(self.sensor_ip, self.target_system_ip,
self.scan_type, self.reverse_dns,
self.scan_timing, self.autodetect,
self.port_range, self.job_id)
ans_mock.run_module.assert_called_once_with([self.sensor_ip],
'av_nmap', args_string)
def test_get_ossec_rule_filenames_ok_all_params_passed(
self, ans_mock, ans_response_mock):
""" Tests `get_ossec_rule_filenames`: exception raised.
"""
result_msg = 'test ok'
ans_mock.run_module.return_value = {
'contacted': {
self.sensor_ip: {
'data': result_msg
}
}
}
ans_response_mock.return_value = (True, '')
args_string = 'target={} scan_type={} rdns={} scan_timming={} autodetect={} scan_ports={} job_id={}'.format(
self.target_system_ip, self.scan_type,
str(self.reverse_dns).lower(), self.scan_timing,
str(self.autodetect).lower(), self.port_range, self.job_id)
status, result = ansible_run_nmap_scan(
self.sensor_ip, self.target_system_ip, self.scan_type,
self.reverse_dns, self.scan_timing, self.autodetect,
self.port_range, self.job_id)
ans_mock.run_module.assert_called_once_with([self.sensor_ip],
'av_nmap', args_string)
self.assertEqual((True, result_msg), (status, result))
def apimethod_run_nmap_scan(sensor_id, target, idm, scan_type, rdns, scan_timing, autodetect, scan_ports,
output_file_prefix="", save_to_file=False, job_id=""):
"""Launches an MAP scan
Args:
sensor_id: The system IP where you want to get the [sensor]/interfaces from ossim_setup.conf
target: IP address of the component where the NMAP will be executed
idm: Convert results into idm events
scan_type: Sets the NMAP scan type
rdns: Tells Nmap to do reverse DNS resolution on the active IP addresses it finds
scan_timing: Set the timing template
autodetect: Aggressive scan options (enable OS detection)
scan_ports: Only scan specified ports
output_file_prefix: Prefix string to be added to the output filename
save_to_file: Indicates whether you want to save the NMAP report to a file or not.
job_id: Celery job ID.
Returns:
nmap_report: The NMAP report or the filename where the report has been saved.
Raises:
APINMAPScanCannotRun
APICannotResolveSensorID
APINMAPScanCannotRetrieveBaseFolder
APINMAPScanCannotCreateLocalFolder
"""
(result, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id, local_loopback=False)
if result is False:
api_log.error(
"[apimethod_run_nmap_scan] Cannot retrieve the sensor ip from the given sensor id <%s>" % sensor_id)
raise APICannotResolveSensorID(sensor_id)
success, nmap_report = ansible_run_nmap_scan(sensor_ip=sensor_ip, target=target, scan_type=scan_type, rdns=rdns,
scan_timing=scan_timing, autodetect=autodetect, scan_ports=scan_ports,
job_id=job_id)
if not success:
api_log.error('Failed to launch NMAP scan: %s' % nmap_report)
raise APINMAPScanCannotRun(nmap_report)
filename = None
if save_to_file:
base_path = get_nmap_directory(sensor_id)
filename = "%s/nmap_report_%s.json" % (base_path, output_file_prefix)
with open(filename, "w") as f:
f.write(json.dumps(nmap_report))
if idm:
conn = IDMConnection(sensor_id=sensor_id)
if conn.connect():
conn.send_events_from_hosts(nmap_report)
try:
if filename is not None:
os.remove(filename)
except Exception:
pass
else:
api_log.error("[apimethod_run_nmap_scan] Cannot connect with the IDM Service")
try:
apimethods_nmap_purge_scan_files(job_id)
except Exception as exp:
api_log.warning("[apimethod_run_nmap_scan] Cannot purge the scan files %s" % str(exp))
return nmap_report
def test_get_ossec_rule_filenames_run_time_error(self, ans_mock):
""" Tests `get_ossec_rule_filenames`: exception raised.
"""
err_msg = 'test err'
ans_mock.run_module.side_effect = IOError(err_msg)
status, result = ansible_run_nmap_scan(self.sensor_ip, self.target_system_ip, self.scan_type, self.reverse_dns,
self.scan_timing, self.autodetect, self.port_range, self.job_id)
self.assertEqual((False, err_msg), (status, result))
def test_get_ossec_rule_filenames_run_time_error(self, ans_mock):
""" Tests `get_ossec_rule_filenames`: exception raised.
"""
err_msg = 'test err'
ans_mock.run_module.side_effect = IOError(err_msg)
status, result = ansible_run_nmap_scan(
self.sensor_ip, self.target_system_ip, self.scan_type,
self.reverse_dns, self.scan_timing, self.autodetect,
self.port_range, self.job_id)
self.assertEqual((False, err_msg), (status, result))
def test_get_ossec_rule_filenames_ok_all_params_passed(self, ans_mock, ans_response_mock):
""" Tests `get_ossec_rule_filenames`: exception raised.
"""
result_msg = 'test ok'
ans_mock.run_module.return_value = {
'contacted': {
self.sensor_ip: {
'data': result_msg
}
}
}
ans_response_mock.return_value = (True, '')
args_string = 'target={} scan_type={} rdns={} scan_timming={} autodetect={} scan_ports={} job_id={}'.format(
self.target_system_ip, self.scan_type, str(self.reverse_dns).lower(),
self.scan_timing, str(self.autodetect).lower(), self.port_range, self.job_id)
status, result = ansible_run_nmap_scan(self.sensor_ip, self.target_system_ip, self.scan_type, self.reverse_dns,
self.scan_timing, self.autodetect, self.port_range, self.job_id)
ans_mock.run_module.assert_called_once_with([self.sensor_ip], 'av_nmap', args_string)
self.assertEqual((True, result_msg), (status, result))