def setUp(self):
self.config_file = "test_easywall.ini"
content = """[LOG]
level = info
to_files = false
to_stdout = true
filepath =
filename =
[IPV6]
enabled = true
[ACCEPTANCE]
enabled = true
duration = 1
[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
[BACKUP]
filepath = ./backup
ipv4filename = iptables_v4_backup
ipv6filename = iptables_v6_backup
"""
create_file_if_not_exists(self.config_file)
write_into_file(self.config_file, content)
self.cfg = Config(self.config_file)
self.easywall = Easywall(self.cfg)
self.easywall.rules.rules_firstrun()
def save_new_rules(self, ruletype: str, rules: list) -> None:
"""
TODO: Doku
"""
rules = list(filter(None, rules))
write_into_file("{}/new/{}".format(self.rulesfolder, ruletype),
'\n'.join(rules))
def test_apply_ssh_port(self) -> None:
"""
TODO: Doku
"""
write_into_file(
"{}/current/tcp".format(self.easywall.rules.rulesfolder), "22#ssh")
self.easywall.apply_rules("tcp")
def apply_step_two() -> None:
"""the function writes true into the accept file from easywall core"""
write_into_file(".acceptance", "true")
utils = Webutils()
utils.cfg_easywall.set_value(
"ACCEPTANCE", "timestamp",
datetime.now().strftime('%Y-%m-%d %H:%M:%S.%f'))
def set_status(self, status: str) -> None:
"""
TODO: Doku
"""
filename = ".acceptance_status"
create_file_if_not_exists(filename)
write_into_file(filename, status)
self.mystatus = status
def test_get_current_rules(self) -> None:
"""
TODO: Doku
"""
write_into_file("{}/current/tcp".format(self.rules.rulesfolder), """80
443
""")
self.assertEqual(self.rules.get_current_rules("tcp"), ["80", "443"])
def test_apply_custom_rules(self) -> None:
"""
TODO: Doku
"""
write_into_file(
"{}/current/custom".format(self.easywall.rules.rulesfolder),
"1234")
self.easywall.apply_custom_rules()
def test_apply_rules_port_range(self) -> None:
"""
TODO: Doku
"""
write_into_file(
"{}/current/udp".format(self.easywall.rules.rulesfolder),
"1234:1237")
self.easywall.apply_rules("udp")
def test_get_new_rules(self):
"""
TODO: Doku
"""
write_into_file("{}/new/tcp".format(self.rules.rulesfolder), """80
443
""")
self.assertEqual(self.rules.get_new_rules("tcp"), ["80", "443"])
def test_accepted_early(self):
"""
TODO: Doku
"""
self.acceptance.start()
write_into_file(self.acceptance.filename, "true")
self.acceptance.wait()
self.assertEqual(self.acceptance.status(), "accepted")
def test_apply_forwarding(self) -> None:
"""
TODO: Doku
"""
write_into_file(
"{}/current/forwarding".format(self.easywall.rules.rulesfolder),
"tcp:1234:1235")
self.easywall.apply_forwarding()
def copy_rules(self, source: str, dest: str) -> None:
"""
TODO: Doku
"""
for ruletype in self.types:
content = file_get_contents("{}/{}/{}".format(
self.rulesfolder, source, ruletype))
write_into_file(
"{}/{}/{}".format(self.rulesfolder, dest, ruletype), content)
def setUp(self) -> None:
self.config_file = "test_easywall.ini"
content = """[LOG]
level = info
to_files = no
to_stdout = yes
filepath = /var/log
filename = easywall.log
[IPTABLES]
log_blocked_connections = yes
log_blocked_connections_log_limit = 60
log_blacklist_connections = yes
log_blacklist_connections_log_limit = 60
drop_broadcast_packets = yes
drop_multicast_packets = yes
drop_anycast_packets = yes
ssh_brute_force_prevention = yes
ssh_brute_force_prevention_log = yes
ssh_brute_force_prevention_connection_limit = 5
ssh_brute_force_prevention_log_limit = 60
icmp_flood_prevention = yes
icmp_flood_prevention_log = yes
icmp_flood_prevention_connection_limit = 5
icmp_flood_prevention_log_limit = 60
drop_invalid_packets = yes
drop_invalid_packets_log = yes
drop_invalid_packets_log_limit = 60
port_scan_prevention = yes
port_scan_prevention_log = yes
port_scan_prevention_log_limit = 60
[IPV6]
enabled = true
icmp_allow_router_advertisement = yes
icmp_allow_neighbor_advertisement = yes
[ACCEPTANCE]
enabled = yes
duration = 1
timestamp =
[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
"""
create_file_if_not_exists(self.config_file)
write_into_file(self.config_file, content)
self.cfg = Config(self.config_file)
self.easywall = Easywall(self.cfg)
self.easywall.rules.ensure_files_exist()
def setUp(self):
content = """[ACCEPTANCE]
enabled = true
duration = 1
"""
create_file_if_not_exists("acceptance.ini")
write_into_file("acceptance.ini", content)
self.config = Config("acceptance.ini")
self.acceptance = Acceptance(self.config)
def test_constructor_file_not_read(self) -> None:
"""TODO: Doku."""
create_file_if_not_exists("test.ini")
content = """[DEFAULT]
goodcontent = test
badcontent
"""
write_into_file("test.ini", content)
with self.assertRaises(ParsingError):
Config("test.ini")
def setUp(self):
content = """[TEST]
teststring = string
testboolean = true
testint = 1
testfloat = 1.1
"""
create_file_if_not_exists("test.ini")
write_into_file("test.ini", content)
self.config = Config("test.ini")
def save(self) -> bool:
"""TODO: Doku."""
try:
data = dump(data=self.rules,
Dumper=Dumper,
default_flow_style=False)
write_into_file(self.filepath, data)
return True
except Exception as exc:
error(format_exception(exc))
return False
def test_apply_blacklist(self) -> None:
"""
TODO: Doku
"""
write_into_file(
"{}/current/blacklist".format(self.easywall.rules.rulesfolder),
"""192.168.233.254
1.2.4.5
2001:db8:a0b:12f0::1
""")
self.easywall.apply_blacklist()
def test_rollback_from_backup(self):
"""
TODO: Doku
"""
write_into_file("{}/backup/tcp".format(self.rules.rulesfolder), """80
443
""")
write_into_file("{}/current/tcp".format(self.rules.rulesfolder), "")
self.assertEqual(self.rules.get_current_rules("tcp"), [])
self.rules.rollback_from_backup()
self.assertEqual(self.rules.get_current_rules("tcp"), ["80", "443"])
def test_backup_current_rules(self) -> None:
"""
TODO: Doku
"""
write_into_file("{}/current/tcp".format(self.rules.rulesfolder), """80
443
""")
write_into_file("{}/backup/tcp".format(self.rules.rulesfolder), "")
self.rules.backup_current_rules()
self.assertEqual(file_get_contents("{}/backup/tcp".format(self.rules.rulesfolder)), """80
443
""")
def start(self) -> None:
"""
the start of the acceptance process is triggered by this function
the function checks the internal status of the class.
the internal status can be ready, accepted or not accepted.
if the status is disabled the function does nothing
"""
if self.mystatus in ["ready", "accepted", "not accepted"]:
create_file_if_not_exists(self.filename)
write_into_file(self.filename, "false")
self.set_status("started")
info("Acceptance Process has been started.")
def test_file(self):
assert not file_exists("testfile")
create_file_if_not_exists("testfile")
assert file_exists("testfile")
write_into_file("testfile", "testcontent")
assert file_get_contents("testfile") == "testcontent"
assert len(get_abs_path_of_filepath("testfile")) > 0
rename_file("testfile", "testfilenew")
assert not file_exists("testfile")
assert file_exists("testfilenew")
delete_file_if_exists("testfilenew")
assert not file_exists("testfile")
assert not file_exists("testfilenew")
def test_disabled(self):
"""
TODO: Doku
"""
content = """[ACCEPTANCE]
enabled = false
duration = 1
"""
create_file_if_not_exists("acceptance.ini")
write_into_file("acceptance.ini", content)
self.config = Config("acceptance.ini")
self.acceptance = Acceptance(self.config)
self.assertEqual(self.acceptance.status(), "disabled")
def test_get_rules_for_web(self):
"""
TODO: Doku
"""
write_into_file("{}/current/tcp".format(self.rules.rulesfolder), """80
443
""")
self.assertEqual(self.rules.get_rules_for_web("tcp"), ["80", "443"])
write_into_file("{}/new/tcp".format(self.rules.rulesfolder), """80
443
8080
""")
self.assertEqual(self.rules.get_rules_for_web("tcp"),
["80", "443", "8080"])
def test_file(self) -> None:
"""TODO: Doku."""
self.assertFalse(file_exists("testfile"))
create_file_if_not_exists("testfile")
self.assertTrue(file_exists("testfile"))
write_into_file("testfile", "testcontent")
self.assertEqual(file_get_contents("testfile"), "testcontent")
self.assertGreater(len(get_abs_path_of_filepath("testfile")), 0)
rename_file("testfile", "testfilenew")
self.assertFalse(file_exists("testfile"))
self.assertTrue(file_exists("testfilenew"))
delete_file_if_exists("testfilenew")
self.assertFalse(file_exists("testfile"))
self.assertFalse(file_exists("testfilenew"))
def test_file(self):
"""
TODO: Doku
"""
assert not file_exists("testfile")
create_file_if_not_exists("testfile")
assert file_exists("testfile")
write_into_file("testfile", "testcontent")
assert file_get_contents("testfile") == "testcontent"
self.assertGreater(len(get_abs_path_of_filepath("testfile")), 0)
rename_file("testfile", "testfilenew")
assert not file_exists("testfile")
assert file_exists("testfilenew")
delete_file_if_exists("testfilenew")
assert not file_exists("testfile")
assert not file_exists("testfilenew")
def prepare_configuration() -> None:
"""
TODO: Doku
"""
if file_exists(CONFIG_PATH):
rename_file(CONFIG_PATH, CONFIG_BACKUP_PATH)
content = """[LOG]
level = info
to_files = no
to_stdout = yes
filepath = log
filename = easywall-web.log
[WEB]
username = demo
password = xxx
bindip = 0.0.0.0
bindport = 12227
login_attempts = 10
login_bantime = 1800
[VERSION]
version = 0.0.0
sha = 12345
date = 2020-01-01T00:00:00Z
timestamp = 1234
[uwsgi]
https-socket = 0.0.0.0:12227,easywall.crt,easywall.key
processes = 5
threads = 2
callable = APP
master = false
wsgi-file = easywall_web/__main__.py
need-plugin = python3
"""
create_file_if_not_exists(CONFIG_PATH)
write_into_file(CONFIG_PATH, content)
config = Config(CONFIG_PATH)
config.set_value("VERSION", "timestamp", str(int(time())))
def setUp(self) -> None:
content = """[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
[IPV6]
enabled = yes
[BACKUP]
filepath = ./backup
ipv4filename = iptables_v4_backup
ipv6filename = iptables_v6_backup
"""
create_file_if_not_exists("iptables.ini")
write_into_file("iptables.ini", content)
self.config = Config("iptables.ini")
self.iptables = Iptables(self.config)
def setUp(self) -> None:
self.config_backup_path = "config/easywall.ini.backup"
if file_exists(CONFIG_PATH):
rename_file(CONFIG_PATH, self.config_backup_path)
content = """[LOG]
level = info
to_files = false
to_stdout = true
filepath =
filename =
[IPV6]
enabled = true
[ACCEPTANCE]
enabled = false
duration = 120
timestamp =
[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
[BACKUP]
filepath = ./backup
ipv4filename = iptables_v4_backup
ipv6filename = iptables_v6_backup
"""
create_file_if_not_exists(CONFIG_PATH)
write_into_file(CONFIG_PATH, content)
delete_folder_if_exists("rules")
def test_apply_accepted(self) -> None:
"""
TODO: Doku
"""
write_into_file(self.easywall.acceptance.filename, "true")
self.easywall.apply()
