def test_parse_lsmod_single_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "bridge") self.assertEqual(lsmod_info, {'name': "bridge", 'size': 110862, 'used': 1, 'submodules': ['ebtable_broute']})
def test_parse_lsmod_no_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module(self.LSMOD_OUT, "ccm") submodules = [] self.assertEqual(lsmod_info['submodules'], submodules) self.assertEqual(lsmod_info, {'name': "ccm", 'size': 17773, 'used': 2, 'submodules': submodules})
def test_parse_lsmod(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "ebtables") self.assertEqual(lsmod_info, {'name': "ebtables", 'size': 30758, 'used': 3, 'submodules': ['ebtable_broute', 'ebtable_nat', 'ebtable_filter']})
def test_parse_lsmod_no_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.lsmod_out, "ccm") self.assertEqual(lsmod_info, { "name": "ccm", "size": 17773, "used": 2, "submodules": [] })
def test_parse_lsmod_single_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "bridge") submodules = ['ebtable_broute'] self.assertEqual(lsmod_info['submodules'], submodules) self.assertEqual(lsmod_info, {'name': "bridge", 'size': 110862, 'used': 1, 'submodules': submodules})
def test_parse_lsmod_no_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.lsmod_out, "ccm") self.assertEqual(lsmod_info, { 'name': "ccm", 'size': 17773, 'used': 2, 'submodules': [] })
def test_parse_lsmod(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "ebtables") submodules = ['ebtable_broute', 'ebtable_nat', 'ebtable_filter'] self.assertEqual(lsmod_info['submodules'], submodules) self.assertEqual(lsmod_info, {'name': "ebtables", 'size': 30758, 'used': 3, 'submodules': submodules})
def test_parse_lsmod_no_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module(self.LSMOD_OUT, "ccm") submodules = [] assert lsmod_info['submodules'] == submodules assert lsmod_info == { 'name': "ccm", 'size': 17773, 'used': 2, 'submodules': submodules }
def test_parse_lsmod_single_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.lsmod_out, "bridge") self.assertEqual( lsmod_info, { 'name': "bridge", 'size': 110862, 'used': 1, 'submodules': ['ebtable_broute'] })
def test_parse_lsmod(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "ebtables") submodules = ['ebtable_broute', 'ebtable_nat', 'ebtable_filter'] assert lsmod_info['submodules'] == submodules assert lsmod_info == { 'name': "ebtables", 'size': 30758, 'used': 3, 'submodules': submodules }
def test_parse_lsmod_no_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "ccm") submodules = [] assert lsmod_info['submodules'] == submodules assert lsmod_info == { 'name': "ccm", 'size': 17773, 'used': 2, 'submodules': submodules }
def test_parse_lsmod(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.lsmod_out, "ebtables") self.assertEqual( lsmod_info, { 'name': "ebtables", 'size': 30758, 'used': 3, 'submodules': ['ebtable_broute', 'ebtable_nat', 'ebtable_filter'] })
def test_parse_lsmod_single_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.LSMOD_OUT, "bridge") submodules = ['ebtable_broute'] assert lsmod_info['submodules'] == submodules assert lsmod_info == { 'name': "bridge", 'size': 110862, 'used': 1, 'submodules': submodules }
def test_parse_lsmod_single_submodules(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.lsmod_out, "bridge") self.assertEqual( lsmod_info, { "name": "bridge", "size": 110862, "used": 1, "submodules": ["ebtable_broute"], }, )
def test_parse_lsmod(self): lsmod_info = linux_modules.parse_lsmod_for_module( self.lsmod_out, "ebtables") self.assertEqual( lsmod_info, { "name": "ebtables", "size": 30758, "used": 3, "submodules": ["ebtable_broute", "ebtable_nat", "ebtable_filter"], }, )
def setUp(self): """ Load the sysdig kernel module if not already loaded. """ self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, '../build')) self.should_detect = self.params.get('detect', '*') self.trace_file = self.params.get('trace_file', '*') self.json_output = self.params.get('json_output', '*') if self.should_detect: self.detect_level = self.params.get('detect_level', '*') # Doing this in 2 steps instead of simply using # module_is_loaded to avoid logging lsmod output to the log. lsmod_output = process.system_output("lsmod", verbose=False) if linux_modules.parse_lsmod_for_module(lsmod_output, 'sysdig_probe') == {}: self.log.debug("Loading sysdig kernel module") process.run('sudo insmod {}/driver/sysdig-probe.ko'.format(self.falcodir)) self.str_variant = self.trace_file
def test_parse_lsmod_is_empty(): lsmod_info = linux_modules.parse_lsmod_for_module("", "ebtables") assert lsmod_info == {}
def setUp(self): """ Load the sysdig kernel module if not already loaded. """ self.falcodir = self.params.get('falcodir', '/', default=os.path.join( self.basedir, '../build')) self.should_detect = self.params.get('detect', '*', default=False) self.trace_file = self.params.get('trace_file', '*') if not os.path.isabs(self.trace_file): self.trace_file = os.path.join(self.basedir, self.trace_file) self.json_output = self.params.get('json_output', '*', default=False) self.rules_file = self.params.get('rules_file', '*', default=os.path.join( self.basedir, '../rules/falco_rules.yaml')) if not isinstance(self.rules_file, list): self.rules_file = [self.rules_file] self.rules_args = "" for file in self.rules_file: if not os.path.isabs(file): file = os.path.join(self.basedir, file) self.rules_args = self.rules_args + "-r " + file + " " self.conf_file = self.params.get('conf_file', '*', default=os.path.join( self.basedir, '../falco.yaml')) if not os.path.isabs(self.conf_file): self.conf_file = os.path.join(self.basedir, self.conf_file) self.disabled_rules = self.params.get('disabled_rules', '*', default='') if self.disabled_rules == '': self.disabled_rules = [] if not isinstance(self.disabled_rules, list): self.disabled_rules = [self.disabled_rules] self.disabled_args = "" for rule in self.disabled_rules: self.disabled_args = self.disabled_args + "-D " + rule + " " self.rules_warning = self.params.get('rules_warning', '*', default=False) if self.rules_warning == False: self.rules_warning = sets.Set() else: self.rules_warning = sets.Set(self.rules_warning) # Maps from rule name to set of evttypes self.rules_events = self.params.get('rules_events', '*', default=False) if self.rules_events == False: self.rules_events = {} else: events = {} for item in self.rules_events: for item2 in item: events[item2[0]] = sets.Set(item2[1]) self.rules_events = events if self.should_detect: self.detect_level = self.params.get('detect_level', '*') if not isinstance(self.detect_level, list): self.detect_level = [self.detect_level] # Doing this in 2 steps instead of simply using # module_is_loaded to avoid logging lsmod output to the log. lsmod_output = process.system_output("lsmod", verbose=False) if linux_modules.parse_lsmod_for_module(lsmod_output, 'sysdig_probe') == {}: self.log.debug("Loading sysdig kernel module") process.run('sudo insmod {}/driver/sysdig-probe.ko'.format( self.falcodir)) self.str_variant = self.trace_file self.outputs = self.params.get('outputs', '*', default='') if self.outputs == '': self.outputs = {} else: outputs = [] for item in self.outputs: for item2 in item: output = {} output['file'] = item2[0] output['line'] = item2[1] outputs.append(output) self.outputs = outputs
def test_parse_lsmod_is_empty(self): lsmod_info = linux_modules.parse_lsmod_for_module("", "ebtables") self.assertEqual(lsmod_info, {})
def setUp(self): """ Load the sysdig kernel module if not already loaded. """ self.falcodir = self.params.get('falcodir', '/', default=os.path.join( self.basedir, '../build')) self.stdout_contains = self.params.get('stdout_contains', '*', default='') self.stderr_contains = self.params.get('stderr_contains', '*', default='') self.exit_status = self.params.get('exit_status', '*', default=0) self.should_detect = self.params.get('detect', '*', default=False) self.trace_file = self.params.get('trace_file', '*', default='') if self.trace_file and not os.path.isabs(self.trace_file): self.trace_file = os.path.join(self.basedir, self.trace_file) self.json_output = self.params.get('json_output', '*', default=False) self.rules_file = self.params.get('rules_file', '*', default=os.path.join( self.basedir, '../rules/falco_rules.yaml')) if not isinstance(self.rules_file, list): self.rules_file = [self.rules_file] self.rules_args = "" for file in self.rules_file: if not os.path.isabs(file): file = os.path.join(self.basedir, file) self.rules_args = self.rules_args + "-r " + file + " " self.conf_file = self.params.get('conf_file', '*', default=os.path.join( self.basedir, '../falco.yaml')) if not os.path.isabs(self.conf_file): self.conf_file = os.path.join(self.basedir, self.conf_file) self.run_duration = self.params.get('run_duration', '*', default='') self.disabled_rules = self.params.get('disabled_rules', '*', default='') if self.disabled_rules == '': self.disabled_rules = [] if not isinstance(self.disabled_rules, list): self.disabled_rules = [self.disabled_rules] self.disabled_args = "" for rule in self.disabled_rules: self.disabled_args = self.disabled_args + "-D " + rule + " " self.detect_counts = self.params.get('detect_counts', '*', default=False) if self.detect_counts == False: self.detect_counts = {} else: detect_counts = {} for item in self.detect_counts: for item2 in item: detect_counts[item2[0]] = item2[1] self.detect_counts = detect_counts self.rules_warning = self.params.get('rules_warning', '*', default=False) if self.rules_warning == False: self.rules_warning = sets.Set() else: self.rules_warning = sets.Set(self.rules_warning) # Maps from rule name to set of evttypes self.rules_events = self.params.get('rules_events', '*', default=False) if self.rules_events == False: self.rules_events = {} else: events = {} for item in self.rules_events: for item2 in item: events[item2[0]] = sets.Set(item2[1]) self.rules_events = events if self.should_detect: self.detect_level = self.params.get('detect_level', '*') if not isinstance(self.detect_level, list): self.detect_level = [self.detect_level] self.package = self.params.get('package', '*', default='None') if self.package == 'None': # Doing this in 2 steps instead of simply using # module_is_loaded to avoid logging lsmod output to the log. lsmod_output = process.system_output("lsmod", verbose=False) if linux_modules.parse_lsmod_for_module(lsmod_output, 'falco_probe') == {}: self.log.debug("Loading falco kernel module") process.run('insmod {}/driver/falco-probe.ko'.format( self.falcodir), sudo=True) self.addl_docker_run_args = self.params.get('addl_docker_run_args', '*', default='') self.copy_local_driver = self.params.get('copy_local_driver', '*', default=False) # Used by possibly_copy_local_driver as well as docker run self.module_dir = os.path.expanduser("~/.sysdig") self.outputs = self.params.get('outputs', '*', default='') if self.outputs == '': self.outputs = {} else: outputs = [] for item in self.outputs: for item2 in item: output = {} output['file'] = item2[0] output['line'] = item2[1] outputs.append(output) filedir = os.path.dirname(output['file']) # Create the parent directory for the trace file if it doesn't exist. if not os.path.isdir(filedir): os.makedirs(filedir) self.outputs = outputs self.disable_tags = self.params.get('disable_tags', '*', default='') if self.disable_tags == '': self.disable_tags = [] self.run_tags = self.params.get('run_tags', '*', default='') if self.run_tags == '': self.run_tags = []
def setUp(self): """ Load the sysdig kernel module if not already loaded. """ self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, '../build')) self.should_detect = self.params.get('detect', '*', default=False) self.trace_file = self.params.get('trace_file', '*') if not os.path.isabs(self.trace_file): self.trace_file = os.path.join(self.basedir, self.trace_file) self.json_output = self.params.get('json_output', '*', default=False) self.rules_file = self.params.get('rules_file', '*', default=os.path.join(self.basedir, '../rules/falco_rules.yaml')) if not isinstance(self.rules_file, list): self.rules_file = [self.rules_file] self.rules_args = "" for file in self.rules_file: if not os.path.isabs(file): file = os.path.join(self.basedir, file) self.rules_args = self.rules_args + "-r " + file + " " self.conf_file = self.params.get('conf_file', '*', default=os.path.join(self.basedir, '../falco.yaml')) if not os.path.isabs(self.conf_file): self.conf_file = os.path.join(self.basedir, self.conf_file) self.disabled_rules = self.params.get('disabled_rules', '*', default='') if self.disabled_rules == '': self.disabled_rules = [] if not isinstance(self.disabled_rules, list): self.disabled_rules = [self.disabled_rules] self.disabled_args = "" for rule in self.disabled_rules: self.disabled_args = self.disabled_args + "-D " + rule + " " self.rules_warning = self.params.get('rules_warning', '*', default=False) if self.rules_warning == False: self.rules_warning = sets.Set() else: self.rules_warning = sets.Set(self.rules_warning) # Maps from rule name to set of evttypes self.rules_events = self.params.get('rules_events', '*', default=False) if self.rules_events == False: self.rules_events = {} else: events = {} for item in self.rules_events: for item2 in item: events[item2[0]] = sets.Set(item2[1]) self.rules_events = events if self.should_detect: self.detect_level = self.params.get('detect_level', '*') if not isinstance(self.detect_level, list): self.detect_level = [self.detect_level] # Doing this in 2 steps instead of simply using # module_is_loaded to avoid logging lsmod output to the log. lsmod_output = process.system_output("lsmod", verbose=False) if linux_modules.parse_lsmod_for_module(lsmod_output, 'sysdig_probe') == {}: self.log.debug("Loading sysdig kernel module") process.run('sudo insmod {}/driver/sysdig-probe.ko'.format(self.falcodir)) self.str_variant = self.trace_file self.outputs = self.params.get('outputs', '*', default='') if self.outputs == '': self.outputs = {} else: outputs = [] for item in self.outputs: for item2 in item: output = {} output['file'] = item2[0] output['line'] = item2[1] outputs.append(output) self.outputs = outputs