def setUp(self): self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = false to_stdout = true filepath = filename = [IPV6] enabled = true [ACCEPTANCE] enabled = true duration = 1 [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.rules_firstrun()
def save_new_rules(self, ruletype: str, rules: list) -> None: """ TODO: Doku """ rules = list(filter(None, rules)) write_into_file("{}/new/{}".format(self.rulesfolder, ruletype), '\n'.join(rules))
def test_apply_ssh_port(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/tcp".format(self.easywall.rules.rulesfolder), "22#ssh") self.easywall.apply_rules("tcp")
def apply_step_two() -> None: """the function writes true into the accept file from easywall core""" write_into_file(".acceptance", "true") utils = Webutils() utils.cfg_easywall.set_value( "ACCEPTANCE", "timestamp", datetime.now().strftime('%Y-%m-%d %H:%M:%S.%f'))
def set_status(self, status: str) -> None: """ TODO: Doku """ filename = ".acceptance_status" create_file_if_not_exists(filename) write_into_file(filename, status) self.mystatus = status
def test_get_current_rules(self) -> None: """ TODO: Doku """ write_into_file("{}/current/tcp".format(self.rules.rulesfolder), """80 443 """) self.assertEqual(self.rules.get_current_rules("tcp"), ["80", "443"])
def test_apply_custom_rules(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/custom".format(self.easywall.rules.rulesfolder), "1234") self.easywall.apply_custom_rules()
def test_apply_rules_port_range(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/udp".format(self.easywall.rules.rulesfolder), "1234:1237") self.easywall.apply_rules("udp")
def test_get_new_rules(self): """ TODO: Doku """ write_into_file("{}/new/tcp".format(self.rules.rulesfolder), """80 443 """) self.assertEqual(self.rules.get_new_rules("tcp"), ["80", "443"])
def test_accepted_early(self): """ TODO: Doku """ self.acceptance.start() write_into_file(self.acceptance.filename, "true") self.acceptance.wait() self.assertEqual(self.acceptance.status(), "accepted")
def test_apply_forwarding(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/forwarding".format(self.easywall.rules.rulesfolder), "tcp:1234:1235") self.easywall.apply_forwarding()
def copy_rules(self, source: str, dest: str) -> None: """ TODO: Doku """ for ruletype in self.types: content = file_get_contents("{}/{}/{}".format( self.rulesfolder, source, ruletype)) write_into_file( "{}/{}/{}".format(self.rulesfolder, dest, ruletype), content)
def setUp(self) -> None: self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = no to_stdout = yes filepath = /var/log filename = easywall.log [IPTABLES] log_blocked_connections = yes log_blocked_connections_log_limit = 60 log_blacklist_connections = yes log_blacklist_connections_log_limit = 60 drop_broadcast_packets = yes drop_multicast_packets = yes drop_anycast_packets = yes ssh_brute_force_prevention = yes ssh_brute_force_prevention_log = yes ssh_brute_force_prevention_connection_limit = 5 ssh_brute_force_prevention_log_limit = 60 icmp_flood_prevention = yes icmp_flood_prevention_log = yes icmp_flood_prevention_connection_limit = 5 icmp_flood_prevention_log_limit = 60 drop_invalid_packets = yes drop_invalid_packets_log = yes drop_invalid_packets_log_limit = 60 port_scan_prevention = yes port_scan_prevention_log = yes port_scan_prevention_log_limit = 60 [IPV6] enabled = true icmp_allow_router_advertisement = yes icmp_allow_neighbor_advertisement = yes [ACCEPTANCE] enabled = yes duration = 1 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.ensure_files_exist()
def setUp(self): content = """[ACCEPTANCE] enabled = true duration = 1 """ create_file_if_not_exists("acceptance.ini") write_into_file("acceptance.ini", content) self.config = Config("acceptance.ini") self.acceptance = Acceptance(self.config)
def test_constructor_file_not_read(self) -> None: """TODO: Doku.""" create_file_if_not_exists("test.ini") content = """[DEFAULT] goodcontent = test badcontent """ write_into_file("test.ini", content) with self.assertRaises(ParsingError): Config("test.ini")
def setUp(self): content = """[TEST] teststring = string testboolean = true testint = 1 testfloat = 1.1 """ create_file_if_not_exists("test.ini") write_into_file("test.ini", content) self.config = Config("test.ini")
def save(self) -> bool: """TODO: Doku.""" try: data = dump(data=self.rules, Dumper=Dumper, default_flow_style=False) write_into_file(self.filepath, data) return True except Exception as exc: error(format_exception(exc)) return False
def test_apply_blacklist(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/blacklist".format(self.easywall.rules.rulesfolder), """192.168.233.254 1.2.4.5 2001:db8:a0b:12f0::1 """) self.easywall.apply_blacklist()
def test_rollback_from_backup(self): """ TODO: Doku """ write_into_file("{}/backup/tcp".format(self.rules.rulesfolder), """80 443 """) write_into_file("{}/current/tcp".format(self.rules.rulesfolder), "") self.assertEqual(self.rules.get_current_rules("tcp"), []) self.rules.rollback_from_backup() self.assertEqual(self.rules.get_current_rules("tcp"), ["80", "443"])
def test_backup_current_rules(self) -> None: """ TODO: Doku """ write_into_file("{}/current/tcp".format(self.rules.rulesfolder), """80 443 """) write_into_file("{}/backup/tcp".format(self.rules.rulesfolder), "") self.rules.backup_current_rules() self.assertEqual(file_get_contents("{}/backup/tcp".format(self.rules.rulesfolder)), """80 443 """)
def start(self) -> None: """ the start of the acceptance process is triggered by this function the function checks the internal status of the class. the internal status can be ready, accepted or not accepted. if the status is disabled the function does nothing """ if self.mystatus in ["ready", "accepted", "not accepted"]: create_file_if_not_exists(self.filename) write_into_file(self.filename, "false") self.set_status("started") info("Acceptance Process has been started.")
def test_file(self): assert not file_exists("testfile") create_file_if_not_exists("testfile") assert file_exists("testfile") write_into_file("testfile", "testcontent") assert file_get_contents("testfile") == "testcontent" assert len(get_abs_path_of_filepath("testfile")) > 0 rename_file("testfile", "testfilenew") assert not file_exists("testfile") assert file_exists("testfilenew") delete_file_if_exists("testfilenew") assert not file_exists("testfile") assert not file_exists("testfilenew")
def test_disabled(self): """ TODO: Doku """ content = """[ACCEPTANCE] enabled = false duration = 1 """ create_file_if_not_exists("acceptance.ini") write_into_file("acceptance.ini", content) self.config = Config("acceptance.ini") self.acceptance = Acceptance(self.config) self.assertEqual(self.acceptance.status(), "disabled")
def test_get_rules_for_web(self): """ TODO: Doku """ write_into_file("{}/current/tcp".format(self.rules.rulesfolder), """80 443 """) self.assertEqual(self.rules.get_rules_for_web("tcp"), ["80", "443"]) write_into_file("{}/new/tcp".format(self.rules.rulesfolder), """80 443 8080 """) self.assertEqual(self.rules.get_rules_for_web("tcp"), ["80", "443", "8080"])
def test_file(self) -> None: """TODO: Doku.""" self.assertFalse(file_exists("testfile")) create_file_if_not_exists("testfile") self.assertTrue(file_exists("testfile")) write_into_file("testfile", "testcontent") self.assertEqual(file_get_contents("testfile"), "testcontent") self.assertGreater(len(get_abs_path_of_filepath("testfile")), 0) rename_file("testfile", "testfilenew") self.assertFalse(file_exists("testfile")) self.assertTrue(file_exists("testfilenew")) delete_file_if_exists("testfilenew") self.assertFalse(file_exists("testfile")) self.assertFalse(file_exists("testfilenew"))
def test_file(self): """ TODO: Doku """ assert not file_exists("testfile") create_file_if_not_exists("testfile") assert file_exists("testfile") write_into_file("testfile", "testcontent") assert file_get_contents("testfile") == "testcontent" self.assertGreater(len(get_abs_path_of_filepath("testfile")), 0) rename_file("testfile", "testfilenew") assert not file_exists("testfile") assert file_exists("testfilenew") delete_file_if_exists("testfilenew") assert not file_exists("testfile") assert not file_exists("testfilenew")
def prepare_configuration() -> None: """ TODO: Doku """ if file_exists(CONFIG_PATH): rename_file(CONFIG_PATH, CONFIG_BACKUP_PATH) content = """[LOG] level = info to_files = no to_stdout = yes filepath = log filename = easywall-web.log [WEB] username = demo password = xxx bindip = 0.0.0.0 bindport = 12227 login_attempts = 10 login_bantime = 1800 [VERSION] version = 0.0.0 sha = 12345 date = 2020-01-01T00:00:00Z timestamp = 1234 [uwsgi] https-socket = 0.0.0.0:12227,easywall.crt,easywall.key processes = 5 threads = 2 callable = APP master = false wsgi-file = easywall_web/__main__.py need-plugin = python3 """ create_file_if_not_exists(CONFIG_PATH) write_into_file(CONFIG_PATH, content) config = Config(CONFIG_PATH) config.set_value("VERSION", "timestamp", str(int(time())))
def setUp(self) -> None: content = """[EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [IPV6] enabled = yes [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists("iptables.ini") write_into_file("iptables.ini", content) self.config = Config("iptables.ini") self.iptables = Iptables(self.config)
def setUp(self) -> None: self.config_backup_path = "config/easywall.ini.backup" if file_exists(CONFIG_PATH): rename_file(CONFIG_PATH, self.config_backup_path) content = """[LOG] level = info to_files = false to_stdout = true filepath = filename = [IPV6] enabled = true [ACCEPTANCE] enabled = false duration = 120 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists(CONFIG_PATH) write_into_file(CONFIG_PATH, content) delete_folder_if_exists("rules")
def test_apply_accepted(self) -> None: """ TODO: Doku """ write_into_file(self.easywall.acceptance.filename, "true") self.easywall.apply()