def test_parse_lsmod_single_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "bridge")
self.assertEqual(lsmod_info, {'name': "bridge",
'size': 110862,
'used': 1,
'submodules': ['ebtable_broute']})
def test_parse_lsmod_no_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(self.LSMOD_OUT, "ccm")
submodules = []
self.assertEqual(lsmod_info['submodules'], submodules)
self.assertEqual(lsmod_info, {'name': "ccm",
'size': 17773,
'used': 2,
'submodules': submodules})
def test_parse_lsmod(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "ebtables")
self.assertEqual(lsmod_info, {'name': "ebtables",
'size': 30758,
'used': 3,
'submodules': ['ebtable_broute',
'ebtable_nat',
'ebtable_filter']})
def test_parse_lsmod_no_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.lsmod_out, "ccm")
self.assertEqual(lsmod_info, {
"name": "ccm",
"size": 17773,
"used": 2,
"submodules": []
})
def test_parse_lsmod_single_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "bridge")
submodules = ['ebtable_broute']
self.assertEqual(lsmod_info['submodules'], submodules)
self.assertEqual(lsmod_info, {'name': "bridge",
'size': 110862,
'used': 1,
'submodules': submodules})
def test_parse_lsmod_no_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.lsmod_out, "ccm")
self.assertEqual(lsmod_info, {
'name': "ccm",
'size': 17773,
'used': 2,
'submodules': []
})
def test_parse_lsmod(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "ebtables")
submodules = ['ebtable_broute', 'ebtable_nat', 'ebtable_filter']
self.assertEqual(lsmod_info['submodules'], submodules)
self.assertEqual(lsmod_info, {'name': "ebtables",
'size': 30758,
'used': 3,
'submodules': submodules})
def test_parse_lsmod_no_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(self.LSMOD_OUT, "ccm")
submodules = []
assert lsmod_info['submodules'] == submodules
assert lsmod_info == {
'name': "ccm",
'size': 17773,
'used': 2,
'submodules': submodules
}
def test_parse_lsmod_single_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.lsmod_out, "bridge")
self.assertEqual(
lsmod_info, {
'name': "bridge",
'size': 110862,
'used': 1,
'submodules': ['ebtable_broute']
})
def test_parse_lsmod(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "ebtables")
submodules = ['ebtable_broute', 'ebtable_nat', 'ebtable_filter']
assert lsmod_info['submodules'] == submodules
assert lsmod_info == {
'name': "ebtables",
'size': 30758,
'used': 3,
'submodules': submodules
}
def test_parse_lsmod_no_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "ccm")
submodules = []
assert lsmod_info['submodules'] == submodules
assert lsmod_info == {
'name': "ccm",
'size': 17773,
'used': 2,
'submodules': submodules
}
def test_parse_lsmod(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.lsmod_out, "ebtables")
self.assertEqual(
lsmod_info, {
'name': "ebtables",
'size': 30758,
'used': 3,
'submodules':
['ebtable_broute', 'ebtable_nat', 'ebtable_filter']
})
def test_parse_lsmod_single_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.LSMOD_OUT, "bridge")
submodules = ['ebtable_broute']
assert lsmod_info['submodules'] == submodules
assert lsmod_info == {
'name': "bridge",
'size': 110862,
'used': 1,
'submodules': submodules
}
def test_parse_lsmod_single_submodules(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.lsmod_out, "bridge")
self.assertEqual(
lsmod_info,
{
"name": "bridge",
"size": 110862,
"used": 1,
"submodules": ["ebtable_broute"],
},
)
def test_parse_lsmod(self):
lsmod_info = linux_modules.parse_lsmod_for_module(
self.lsmod_out, "ebtables")
self.assertEqual(
lsmod_info,
{
"name": "ebtables",
"size": 30758,
"used": 3,
"submodules":
["ebtable_broute", "ebtable_nat", "ebtable_filter"],
},
)
def setUp(self):
"""
Load the sysdig kernel module if not already loaded.
"""
self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, '../build'))
self.should_detect = self.params.get('detect', '*')
self.trace_file = self.params.get('trace_file', '*')
self.json_output = self.params.get('json_output', '*')
if self.should_detect:
self.detect_level = self.params.get('detect_level', '*')
# Doing this in 2 steps instead of simply using
# module_is_loaded to avoid logging lsmod output to the log.
lsmod_output = process.system_output("lsmod", verbose=False)
if linux_modules.parse_lsmod_for_module(lsmod_output, 'sysdig_probe') == {}:
self.log.debug("Loading sysdig kernel module")
process.run('sudo insmod {}/driver/sysdig-probe.ko'.format(self.falcodir))
self.str_variant = self.trace_file
def test_parse_lsmod_is_empty():
lsmod_info = linux_modules.parse_lsmod_for_module("", "ebtables")
assert lsmod_info == {}
def setUp(self):
"""
Load the sysdig kernel module if not already loaded.
"""
self.falcodir = self.params.get('falcodir',
'/',
default=os.path.join(
self.basedir, '../build'))
self.should_detect = self.params.get('detect', '*', default=False)
self.trace_file = self.params.get('trace_file', '*')
if not os.path.isabs(self.trace_file):
self.trace_file = os.path.join(self.basedir, self.trace_file)
self.json_output = self.params.get('json_output', '*', default=False)
self.rules_file = self.params.get('rules_file',
'*',
default=os.path.join(
self.basedir,
'../rules/falco_rules.yaml'))
if not isinstance(self.rules_file, list):
self.rules_file = [self.rules_file]
self.rules_args = ""
for file in self.rules_file:
if not os.path.isabs(file):
file = os.path.join(self.basedir, file)
self.rules_args = self.rules_args + "-r " + file + " "
self.conf_file = self.params.get('conf_file',
'*',
default=os.path.join(
self.basedir, '../falco.yaml'))
if not os.path.isabs(self.conf_file):
self.conf_file = os.path.join(self.basedir, self.conf_file)
self.disabled_rules = self.params.get('disabled_rules',
'*',
default='')
if self.disabled_rules == '':
self.disabled_rules = []
if not isinstance(self.disabled_rules, list):
self.disabled_rules = [self.disabled_rules]
self.disabled_args = ""
for rule in self.disabled_rules:
self.disabled_args = self.disabled_args + "-D " + rule + " "
self.rules_warning = self.params.get('rules_warning',
'*',
default=False)
if self.rules_warning == False:
self.rules_warning = sets.Set()
else:
self.rules_warning = sets.Set(self.rules_warning)
# Maps from rule name to set of evttypes
self.rules_events = self.params.get('rules_events', '*', default=False)
if self.rules_events == False:
self.rules_events = {}
else:
events = {}
for item in self.rules_events:
for item2 in item:
events[item2[0]] = sets.Set(item2[1])
self.rules_events = events
if self.should_detect:
self.detect_level = self.params.get('detect_level', '*')
if not isinstance(self.detect_level, list):
self.detect_level = [self.detect_level]
# Doing this in 2 steps instead of simply using
# module_is_loaded to avoid logging lsmod output to the log.
lsmod_output = process.system_output("lsmod", verbose=False)
if linux_modules.parse_lsmod_for_module(lsmod_output,
'sysdig_probe') == {}:
self.log.debug("Loading sysdig kernel module")
process.run('sudo insmod {}/driver/sysdig-probe.ko'.format(
self.falcodir))
self.str_variant = self.trace_file
self.outputs = self.params.get('outputs', '*', default='')
if self.outputs == '':
self.outputs = {}
else:
outputs = []
for item in self.outputs:
for item2 in item:
output = {}
output['file'] = item2[0]
output['line'] = item2[1]
outputs.append(output)
self.outputs = outputs
def test_parse_lsmod_is_empty():
lsmod_info = linux_modules.parse_lsmod_for_module("", "ebtables")
assert lsmod_info == {}
def test_parse_lsmod_is_empty(self):
lsmod_info = linux_modules.parse_lsmod_for_module("", "ebtables")
self.assertEqual(lsmod_info, {})
def test_parse_lsmod_is_empty(self):
lsmod_info = linux_modules.parse_lsmod_for_module("", "ebtables")
self.assertEqual(lsmod_info, {})
def setUp(self):
"""
Load the sysdig kernel module if not already loaded.
"""
self.falcodir = self.params.get('falcodir',
'/',
default=os.path.join(
self.basedir, '../build'))
self.stdout_contains = self.params.get('stdout_contains',
'*',
default='')
self.stderr_contains = self.params.get('stderr_contains',
'*',
default='')
self.exit_status = self.params.get('exit_status', '*', default=0)
self.should_detect = self.params.get('detect', '*', default=False)
self.trace_file = self.params.get('trace_file', '*', default='')
if self.trace_file and not os.path.isabs(self.trace_file):
self.trace_file = os.path.join(self.basedir, self.trace_file)
self.json_output = self.params.get('json_output', '*', default=False)
self.rules_file = self.params.get('rules_file',
'*',
default=os.path.join(
self.basedir,
'../rules/falco_rules.yaml'))
if not isinstance(self.rules_file, list):
self.rules_file = [self.rules_file]
self.rules_args = ""
for file in self.rules_file:
if not os.path.isabs(file):
file = os.path.join(self.basedir, file)
self.rules_args = self.rules_args + "-r " + file + " "
self.conf_file = self.params.get('conf_file',
'*',
default=os.path.join(
self.basedir, '../falco.yaml'))
if not os.path.isabs(self.conf_file):
self.conf_file = os.path.join(self.basedir, self.conf_file)
self.run_duration = self.params.get('run_duration', '*', default='')
self.disabled_rules = self.params.get('disabled_rules',
'*',
default='')
if self.disabled_rules == '':
self.disabled_rules = []
if not isinstance(self.disabled_rules, list):
self.disabled_rules = [self.disabled_rules]
self.disabled_args = ""
for rule in self.disabled_rules:
self.disabled_args = self.disabled_args + "-D " + rule + " "
self.detect_counts = self.params.get('detect_counts',
'*',
default=False)
if self.detect_counts == False:
self.detect_counts = {}
else:
detect_counts = {}
for item in self.detect_counts:
for item2 in item:
detect_counts[item2[0]] = item2[1]
self.detect_counts = detect_counts
self.rules_warning = self.params.get('rules_warning',
'*',
default=False)
if self.rules_warning == False:
self.rules_warning = sets.Set()
else:
self.rules_warning = sets.Set(self.rules_warning)
# Maps from rule name to set of evttypes
self.rules_events = self.params.get('rules_events', '*', default=False)
if self.rules_events == False:
self.rules_events = {}
else:
events = {}
for item in self.rules_events:
for item2 in item:
events[item2[0]] = sets.Set(item2[1])
self.rules_events = events
if self.should_detect:
self.detect_level = self.params.get('detect_level', '*')
if not isinstance(self.detect_level, list):
self.detect_level = [self.detect_level]
self.package = self.params.get('package', '*', default='None')
if self.package == 'None':
# Doing this in 2 steps instead of simply using
# module_is_loaded to avoid logging lsmod output to the log.
lsmod_output = process.system_output("lsmod", verbose=False)
if linux_modules.parse_lsmod_for_module(lsmod_output,
'falco_probe') == {}:
self.log.debug("Loading falco kernel module")
process.run('insmod {}/driver/falco-probe.ko'.format(
self.falcodir),
sudo=True)
self.addl_docker_run_args = self.params.get('addl_docker_run_args',
'*',
default='')
self.copy_local_driver = self.params.get('copy_local_driver',
'*',
default=False)
# Used by possibly_copy_local_driver as well as docker run
self.module_dir = os.path.expanduser("~/.sysdig")
self.outputs = self.params.get('outputs', '*', default='')
if self.outputs == '':
self.outputs = {}
else:
outputs = []
for item in self.outputs:
for item2 in item:
output = {}
output['file'] = item2[0]
output['line'] = item2[1]
outputs.append(output)
filedir = os.path.dirname(output['file'])
# Create the parent directory for the trace file if it doesn't exist.
if not os.path.isdir(filedir):
os.makedirs(filedir)
self.outputs = outputs
self.disable_tags = self.params.get('disable_tags', '*', default='')
if self.disable_tags == '':
self.disable_tags = []
self.run_tags = self.params.get('run_tags', '*', default='')
if self.run_tags == '':
self.run_tags = []
def setUp(self):
"""
Load the sysdig kernel module if not already loaded.
"""
self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, '../build'))
self.should_detect = self.params.get('detect', '*', default=False)
self.trace_file = self.params.get('trace_file', '*')
if not os.path.isabs(self.trace_file):
self.trace_file = os.path.join(self.basedir, self.trace_file)
self.json_output = self.params.get('json_output', '*', default=False)
self.rules_file = self.params.get('rules_file', '*', default=os.path.join(self.basedir, '../rules/falco_rules.yaml'))
if not isinstance(self.rules_file, list):
self.rules_file = [self.rules_file]
self.rules_args = ""
for file in self.rules_file:
if not os.path.isabs(file):
file = os.path.join(self.basedir, file)
self.rules_args = self.rules_args + "-r " + file + " "
self.conf_file = self.params.get('conf_file', '*', default=os.path.join(self.basedir, '../falco.yaml'))
if not os.path.isabs(self.conf_file):
self.conf_file = os.path.join(self.basedir, self.conf_file)
self.disabled_rules = self.params.get('disabled_rules', '*', default='')
if self.disabled_rules == '':
self.disabled_rules = []
if not isinstance(self.disabled_rules, list):
self.disabled_rules = [self.disabled_rules]
self.disabled_args = ""
for rule in self.disabled_rules:
self.disabled_args = self.disabled_args + "-D " + rule + " "
self.rules_warning = self.params.get('rules_warning', '*', default=False)
if self.rules_warning == False:
self.rules_warning = sets.Set()
else:
self.rules_warning = sets.Set(self.rules_warning)
# Maps from rule name to set of evttypes
self.rules_events = self.params.get('rules_events', '*', default=False)
if self.rules_events == False:
self.rules_events = {}
else:
events = {}
for item in self.rules_events:
for item2 in item:
events[item2[0]] = sets.Set(item2[1])
self.rules_events = events
if self.should_detect:
self.detect_level = self.params.get('detect_level', '*')
if not isinstance(self.detect_level, list):
self.detect_level = [self.detect_level]
# Doing this in 2 steps instead of simply using
# module_is_loaded to avoid logging lsmod output to the log.
lsmod_output = process.system_output("lsmod", verbose=False)
if linux_modules.parse_lsmod_for_module(lsmod_output, 'sysdig_probe') == {}:
self.log.debug("Loading sysdig kernel module")
process.run('sudo insmod {}/driver/sysdig-probe.ko'.format(self.falcodir))
self.str_variant = self.trace_file
self.outputs = self.params.get('outputs', '*', default='')
if self.outputs == '':
self.outputs = {}
else:
outputs = []
for item in self.outputs:
for item2 in item:
output = {}
output['file'] = item2[0]
output['line'] = item2[1]
outputs.append(output)
self.outputs = outputs
