def RunXinetdCheck(self, chk_id, svc, disabled, sym, found, xinetd=False, should_detect=True): host_data = self.SetKnowledgeBase() cfgs = parsers_test_lib.GenXinetd(svc, disabled) pathspecs, files = artifact_test_lib.GenPathspecFileData(cfgs) data = list(self.parser(None, pathspecs, files)) # create entries on whether xinetd itself is setup to start or not if xinetd: cfgs = parsers_test_lib.GenInit( "xinetd", "the extended Internet services daemon") pathspecs, files = artifact_test_lib.GenPathspecFileData(cfgs) lsb_parser = linux_service_parser.LinuxLSBInitParser() data.extend(list(lsb_parser.ParseFiles(None, pathspecs, files))) host_data["LinuxServices"] = self.SetArtifactData(parsed=data) results = self.RunChecks(host_data) if should_detect: self.assertCheckDetectedAnom(chk_id, results, sym, found) else: self.assertCheckUndetected(chk_id, results)
def testParseXinetd(self): """Xinetd entries return accurate LinuxServiceInformation values.""" configs = parsers_test_lib.GenXinetd("telnet", "yes") configs.update(parsers_test_lib.GenXinetd("forwarder", "no")) pathspecs, files = artifact_test_lib.GenPathspecFileData(configs) parser = linux_service_parser.LinuxXinetdParser() results = list(parser.ParseFiles(None, pathspecs, files)) self.assertLen(results, 2) self.assertCountEqual(["forwarder", "telnet"], [r.name for r in results]) for rslt in results: self.assertFalse(rslt.start_on) self.assertFalse(rslt.stop_on) self.assertFalse(rslt.stop_after) if rslt.name == "telnet": self.assertFalse(rslt.start_mode) self.assertFalse(rslt.start_after) self.assertFalse(rslt.starts) else: self.assertEqual( rslt.start_mode, rdf_client.LinuxServiceInformation.StartMode.XINETD) self.assertCountEqual(["xinetd"], list(rslt.start_after)) self.assertTrue(rslt.starts)
def testSkipBadLSBInit(self): """Bad Init entries fail gracefully.""" empty = "" snippet = r"""# Provides: sshd""" unfinished = """ ### BEGIN INIT INFO what are you thinking? """ data = { "/tmp/empty": empty.encode("utf-8"), "/tmp/snippet": snippet.encode("utf-8"), "/tmp/unfinished": unfinished.encode("utf-8"), } pathspecs, files = artifact_test_lib.GenPathspecFileData(data) parser = linux_service_parser.LinuxLSBInitParser() results = list(parser.ParseFiles(None, pathspecs, files)) self.assertFalse(results)
def testParseLSBInit(self): """Init entries return accurate LinuxServiceInformation values.""" configs = parsers_test_lib.GenInit("sshd", "OpenBSD Secure Shell server") pathspecs, files = artifact_test_lib.GenPathspecFileData(configs) parser = linux_service_parser.LinuxLSBInitParser() results = list(parser.ParseFiles(None, pathspecs, files)) self.assertIsInstance(results[0], rdf_client.LinuxServiceInformation) result = results[0] self.assertEqual("sshd", result.name) self.assertEqual("OpenBSD Secure Shell server", result.description) self.assertEqual("INIT", result.start_mode) self.assertCountEqual([2, 3, 4, 5], result.start_on) self.assertCountEqual([1], result.stop_on) self.assertCountEqual([ "umountfs", "umountnfs", "sendsigs", "rsyslog", "sysklogd", "syslog-ng", "dsyslog", "inetutils-syslogd" ], result.start_after) self.assertCountEqual( ["rsyslog", "sysklogd", "syslog-ng", "dsyslog", "inetutils-syslogd"], result.stop_after)
def testParseMultiple(self): """Tests for the ParseMultiple() method.""" parser = linux_pam_parser.PAMParser() # Parse the simplest 'normal' config we can. # e.g. a single entry for 'telnet' with no includes etc. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( TELNET_ONLY_CONFIG) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) self.assertCountEqual(TELNET_ONLY_CONFIG_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertEqual([], out[0].external_config) # Parse the simplest 'normal' config we can but with an effectively # empty /etc/pam.conf file. # e.g. a single entry for 'telnet' with no includes etc. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( TELNET_WITH_PAMCONF) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) entry = out[0].entries[0] self.assertEqual( ('telnet', 'auth', '[success=ok new_authtok_reqd=ok ignore=ignore default=bad]', 'testing.so', 'module arguments'), self._EntryToTuple(entry)) self.assertCountEqual(TELNET_WITH_PAMCONF_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertEqual([], out[0].external_config) # Parse a simple old-style pam config. i.e. Just /etc/pam.conf. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( PAM_CONF_SIMPLE) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) self.assertCountEqual(PAM_CONF_SIMPLE_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertEqual([], out[0].external_config) # Parse a simple old-style pam config overriding a 'new' style config. # i.e. Configs in /etc/pam.conf override everything else. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( PAM_CONF_OVERRIDE) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) self.assertCountEqual(PAM_CONF_OVERRIDE_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertEqual([], out[0].external_config) # Parse a complex old-style pam config overriding a 'new' style config but # the /etc/pam.conf includes parts from the /etc/pam.d dir. # i.e. Configs in /etc/pam.conf override everything else but imports stuff. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( PAM_CONF_OVERRIDE_COMPLEX) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) self.assertCountEqual(PAM_CONF_OVERRIDE_COMPLEX_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertEqual([], out[0].external_config) # Parse a normal-looking pam configuration. # i.e. A no-op of a /etc/pam.conf with multiple files under /etc/pam.d # that have includes etc. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( PAM_CONF_TYPICAL) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) self.assertCountEqual(PAM_CONF_TYPICAL_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertEqual([], out[0].external_config) # Parse a config which has references to external or missing files. pathspecs, file_objs = artifact_test_lib.GenPathspecFileData( PAM_CONF_EXTERNAL_REF) out = list(parser.ParseFiles(self.kb, pathspecs, file_objs)) self.assertLen(out, 1) self.assertIsInstance(out[0], rdf_config_file.PamConfig) self.assertCountEqual(PAM_CONF_EXTERNAL_REF_EXPECTED, self._EntriesToTuples(out[0].entries)) self.assertCountEqual(PAM_CONF_EXTERNAL_REF_ERRORS, list(out[0].external_config))