def test_record_diff_char_sets(self):
"""
Check tlog-rec preserves non-English I/O in recordings
"""
logfile = '{}-ru_RU'.format(mklogfile(self.tempdir))
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
shell.sendline('export LANG=ru_RU.utf8')
shell.sendline('badcommand')
shell.sendline('exit')
check_outfile('найдена', logfile)
check_recording(shell, 'найдена', logfile)
shell.close()
logfile = '{}-el_GR'.format(mklogfile(self.tempdir))
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
shell.sendline('export LANG=el_GR.utf8')
shell.sendline('badcommand')
shell.sendline('exit')
check_outfile('βρέθηκε', logfile)
check_recording(shell, 'βρέθηκε', logfile)
shell.close()
logfile = '{}-en_US'.format(mklogfile(self.tempdir))
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
shell.sendline('export LANG=en_US.utf8')
shell.sendline('echo Watérmân')
shell.sendline('exit')
check_outfile('Watérmân', logfile)
check_recording(shell, 'Watérmân', logfile)
shell.expect('Watérmân')
shell.close()
def test_record_diff_char_sets(self):
"""
Check tlog-rec preserves non-English I/O in recordings
"""
logfile = '{}-ru_RU'.format(mklogfile(self.tempdir))
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
shell.sendline('export LANG=ru_RU.utf8')
shell.sendline('badcommand')
shell.sendline('exit')
check_outfile('найдена', logfile)
check_recording(shell, 'найдена', logfile)
shell.close()
logfile = '{}-el_GR'.format(mklogfile(self.tempdir))
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
shell.sendline('export LANG=el_GR.utf8')
shell.sendline('badcommand')
shell.sendline('exit')
check_outfile('βρέθηκε', logfile)
check_recording(shell, 'βρέθηκε', logfile)
shell.close()
logfile = '{}-en_US'.format(mklogfile(self.tempdir))
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
shell.sendline('export LANG=en_US.utf8')
shell.sendline('echo Watérmân')
shell.sendline('exit')
check_outfile('Watérmân', logfile)
check_recording(shell, 'Watérmân', logfile)
shell.expect('Watérmân')
shell.close()
def test_record_as_admin_user(self):
"""
Check tlog-rec preserves sudo activity of admin user in
recordings
"""
logfile = mklogfile(self.tempdir)
cfg = '''
%wheel ALL=(ALL) NOPASSWD: ALL
'''
mkcfgfile('/etc/sudoers.d/01_wheel_nopass', cfg)
shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('whoami')
shell.expect(self.admin1)
shell.sendline('sleep 2')
shell.sendline('echo test1223')
shell.expect('test1223')
shell.sendline('sudo ls -ltr /var/log/audit')
shell.expect('audit.log')
shell.sendline('exit')
check_outfile('test1223', logfile)
check_recording(shell, 'test1223', logfile)
shell.close()
shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost')
check_recording(shell, 'audit.log', logfile)
shell.close()
def test_play_from_file_match(self):
"""
File reader matching functionality test
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} whoami'.format(logfile))
time.sleep(5)
shell.sendline('tlog-rec -o {} lsblk'.format(logfile))
time.sleep(5)
shell.sendline('tlog-rec -o {} ls -l /usr/bin'.format(logfile))
time.sleep(5)
rec_ids = []
recording = read_tlog_recording_file(logfile)
for msg in recording:
rec = msg['rec']
if rec not in rec_ids:
rec_ids.append(rec)
shell.sendline('tlog-play -i {} -m {}'.format(logfile, rec_ids[0]))
shell.expect(self.user1)
shell.sendline('tlog-play -i {} -m {}'.format(logfile, rec_ids[1]))
shell.expect('MOUNTPOINT')
shell.sendline('tlog-play -i {} -m {}'.format(logfile, rec_ids[2]))
shell.expect('uname')
def test_conf_text_var(self, session_env_config_setup):
""" Validate configuration settings are overwritten
by TLOG_REC_SESSION_CONF_TEXT variable
"""
logfile = mklogfile(self.tempdir)
msg = inspect.stack()[0][3]
tmp_notice_msg = "temp"
tmp_conf_file = TMP_TLOG_REC_SESSION_CONF
# system wide configuration file
sessionclass_system = TlogRecSessionConfig(writer="journal")
sessionclass_system.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
# temporary configuration file
sessionclass_tmp = TlogRecSessionConfig(writer="file",
file_writer_path=logfile,
notice=tmp_notice_msg)
sessionclass_tmp.generate_config(tmp_conf_file)
# validate the notice override
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline(f'export TLOG_REC_SESSION_CONF_FILE={tmp_conf_file}')
shell.sendline('export TLOG_REC_SESSION_CONF_TEXT='
'\'{"notice":"TEXT Notice"}\'')
shell.sendline(TLOG_REC_SESSION_PROG)
shell.expect("TEXT Notice")
shell.sendline(f'echo {msg}')
shell.expect(msg)
shell.sendline('exit')
shell.close()
def test_conf_file_var(self, session_env_config_setup):
""" Validate configuration settings are overwritten
by TLOG_REC_SESSION_CONF_FILE variable
"""
logfile = mklogfile(self.tempdir)
msg = inspect.stack()[0][3]
input_notice = "Test NOTICE"
tmp_conf_file = TMP_TLOG_REC_SESSION_CONF
# system wide journal configuration file
sessionclass_system = TlogRecSessionConfig(writer="journal")
sessionclass_system.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
# temporary configuration file to override with
sessionclass_tmp = TlogRecSessionConfig(writer="file",
file_writer_path=logfile,
notice=input_notice)
sessionclass_tmp.generate_config(tmp_conf_file)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline(f'export TLOG_REC_SESSION_CONF_FILE={tmp_conf_file}')
shell.sendline(TLOG_REC_SESSION_PROG)
# validate the notice override
shell.expect(input_notice)
shell.sendline(f'echo {msg}')
shell.expect(msg)
shell.sendline('exit')
check_recording(shell, msg, logfile)
shell.close()
def test_record_as_admin_user(self):
"""
Check tlog-rec preserves sudo activity of admin user in
recordings
"""
logfile = mklogfile(self.tempdir)
cfg = '''
%wheel ALL=(ALL) NOPASSWD: ALL
'''
mkcfgfile('/etc/sudoers.d/01_wheel_nopass', cfg)
shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('whoami')
shell.expect(self.admin1)
shell.sendline('sleep 2')
shell.sendline('echo test1223')
shell.expect('test1223')
shell.sendline('sudo ls -ltr /var/log/audit')
shell.expect('audit.log')
shell.sendline('exit')
check_outfile('test1223', logfile)
check_recording(shell, 'test1223', logfile)
shell.close()
shell = ssh_pexpect(self.admin1, 'Secret123', 'localhost')
check_recording(shell, 'audit.log', logfile)
shell.close()
def test_play_output_file(self):
"""
Ensure tlog-play will redirect output to file
"""
outputfile = mklogfile(self.tempdir)
recordedtext = 'output_test'
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline(f'tlog-rec -w journal echo {recordedtext}')
time.sleep(5)
entry = journal_find_last()
message = entry['MESSAGE']
rec = ast.literal_eval(message)['rec']
tlog_rec = 'TLOG_REC={}'.format(rec)
playcmd = f'tlog-play -r journal -M {tlog_rec} > {outputfile}'
shell2 = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell2.sendline(playcmd)
time.sleep(5)
with open(outputfile) as f:
read_data = f.read()
assert recordedtext in read_data
f.closed
def test_play_from_file(self):
"""
Check tlog-play can playback session from file
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
mkrecording(shell, logfile)
shell.sendline('tlog-play -i {}'.format(logfile))
shell.expect('localhost')
def test_play_from_file(self):
"""
Check tlog-play can playback session from file
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
mkrecording(shell, logfile)
shell.sendline('tlog-play -i {}'.format(logfile))
shell.expect('KNOWN BUGS')
def test_record_command_to_file(self):
"""
Check tlog-rec preserves output when reording to file
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} whoami'.format(logfile))
check_outfile('out_txt\":\"{}'.format(self.user1), logfile)
check_recording(shell, self.user1, logfile)
shell.close()
def test_record_command_to_file(self):
"""
Check tlog-rec preserves output when reording to file
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} whoami'.format(logfile))
check_outfile('out_txt\":\"{}'.format(self.user1), logfile)
check_recording(shell, self.user1, logfile)
shell.close()
def test_record_binary_output(self):
"""
Check tlog-rec preserves binary output in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
reccmd = 'cat /usr/bin/gzip'
shell.sendline('tlog-rec -o {} {}'.format(logfile, reccmd))
shell.expect(r'\u0000')
check_recording(shell, r'\u0000', logfile)
shell.close()
def test_record_binary_output(self):
"""
Check tlog-rec preserves binary output in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
reccmd = 'cat /usr/bin/gzip'
shell.sendline('tlog-rec -o {} {}'.format(logfile, reccmd))
shell.expect(r'\u0000')
check_recording(shell, r'\u0000', logfile)
shell.close()
def test_record_fast_input_with_limit_burst(self):
"""
Check tlog-rec allows limited burst of fast output
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-burst=100'
shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
shell.close()
def test_record_fast_input_with_limit_burst(self):
"""
Check tlog-rec allows limited burst of fast output
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-burst=100'
shell.sendline('tlog-rec {} '
'-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
shell.close()
def test_record_fast_input_with_limit_action_pass(self):
"""
Check tlog-rec ignores logging limits
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-action=pass'
shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_record_fast_input_with_latency(self):
"""
Check tlog-rec caches data some time before logging
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--latency=9'
shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_record_fast_input_with_payload(self):
"""
Check tlog-rec limits output payload size
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--payload=128'
shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_record_fast_input(self):
"""
Check tlog-rec preserves fast flooded I/O in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
for num in range(0, 2000):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
for num in range(0, 2000, 100):
check_recording(shell, 'test_{}'.format(num), logfile)
shell.close()
def test_record_fast_input_with_limit_action_drop(self):
"""
Check tlog-rec drops output when logging limit reached
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-action=drop'
cmd = 'cat /usr/share/dict/linux.words'
shell.sendline('tlog-rec {} ' '-o {} {}'.format(opts, logfile, cmd))
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
check_recording_missing(shell, 'Byronite', logfile)
check_recording_missing(shell, 'zygote', logfile)
def test_session_record_with_different_shell(self):
"""
Check tlog-rec-session can specify different shell
"""
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(shell="/usr/bin/tcsh",
writer="file",
file_writer_path=logfile)
sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
shell.sendline('echo $SHELL')
check_recording(shell, '/usr/bin/tcsh', logfile)
shell.sendline('exit')
def test_record_fast_input(self):
"""
Check tlog-rec preserves fast flooded I/O in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {} /bin/bash'.format(logfile))
for num in range(0, 2000):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
for num in range(0, 2000, 100):
check_recording(shell, 'test_{}'.format(num), logfile)
shell.close()
def test_record_fast_input_with_latency(self):
"""
Check tlog-rec caches data some time before logging
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--latency=9'
shell.sendline('tlog-rec {} '
'-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_record_fast_input_with_payload(self):
"""
Check tlog-rec limits output payload size
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--payload=128'
shell.sendline('tlog-rec {} '
'-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_record_fast_input_with_limit_action_drop(self):
"""
Check tlog-rec drops output when logging limit reached
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-action=drop'
cmd = 'cat /usr/share/dict/linux.words'
shell.sendline('tlog-rec {} '
'-o {} {}'.format(opts, logfile, cmd))
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
check_recording_missing(shell, 'Byronite', logfile)
check_recording_missing(shell, 'zygote', logfile)
def test_record_fast_input_with_limit_action_delay(self):
"""
Check tlog-rec delays recording when logging limit reached
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-action=delay'
shell.sendline('tlog-rec {} ' '-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
check_outfile('test_199', logfile, maxchecks=100)
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_record_fast_input_with_limit_action_pass(self):
"""
Check tlog-rec ignores logging limits
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
opts = '--limit-rate=10 --limit-action=pass'
shell.sendline('tlog-rec {} '
'-o {} /bin/bash'.format(opts, logfile))
for num in range(0, 200):
shell.sendline('echo test_{}'.format(num))
shell.sendline('exit')
check_recording(shell, 'test_199', logfile)
shell.close()
def test_session_record_to_file(self):
"""
Check tlog-rec-session preserves session in a file
"""
myname = inspect.stack()[0][3]
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(writer="file",
file_writer_path=logfile)
sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
shell.sendline('echo {}'.format(myname))
shell.sendline('exit')
check_recording(shell, myname, logfile)
shell.close()
def test_session_record_fast_input_with_latency(self):
"""
Check tlog-rec-session caches data some time before logging
"""
myname = inspect.stack()[0][3]
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(writer="file",
file_writer_path=logfile,
latency=15)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
for num in range(0, 200):
shell.sendline('echo {}_{}'.format(myname, num))
shell.sendline('exit')
check_recording(shell, '{}_199'.format(myname), logfile)
shell.close()
def test_play_at_speed_x2(self):
"""
Check tlog-play can playback session at 2x speed
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
mkrecording(shell, logfile, sleep=15)
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} --speed=2'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('localhost')
time_stop = time.time()
assert time_stop - time_start < 9
def test_play_at_speed_x2(self):
"""
Check tlog-play can playback session at 2x speed
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
mkrecording(shell, logfile, sleep=15)
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} --speed=2'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('KNOWN BUGS')
time_stop = time.time()
assert time_stop-time_start < 9
def test_session_record_fast_input_with_payload(self):
"""
Check tlog-rec limits output payload size
"""
myname = inspect.stack()[0][3]
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(writer="file",
file_writer_path=logfile,
payload=128)
sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
for num in range(0, 200):
shell.sendline('echo {}_{}'.format(myname, num))
shell.sendline('exit')
check_recording(shell, '{}_199'.format(myname), logfile)
shell.close()
def test_play_at_goto_points(self):
"""
Check tlog-play can start playback session from goto points
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('echo start')
time.sleep(5)
shell.sendline('echo test_1')
shell.expect('test_1')
time.sleep(5)
shell.sendline('echo test_2')
shell.expect('test_2')
time.sleep(5)
shell.sendline('echo test_3')
shell.expect('test_3')
shell.sendline('echo end')
shell.sendline('exit')
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} -g start'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('end')
time_stop = time.time()
assert time_stop-time_start > 15
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} -g end'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('end')
time_stop = time.time()
assert time_stop-time_start < 2
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} -g 11'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('end')
time_stop = time.time()
assert time_stop-time_start < 8
shell.close()
def test_play_at_goto_points(self):
"""
Check tlog-play can start playback session from goto points
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('echo start')
time.sleep(5)
shell.sendline('echo test_1')
shell.expect('test_1')
time.sleep(5)
shell.sendline('echo test_2')
shell.expect('test_2')
time.sleep(5)
shell.sendline('echo test_3')
shell.expect('test_3')
shell.sendline('echo end')
shell.sendline('exit')
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} -g start'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('end')
time_stop = time.time()
assert time_stop - time_start > 15
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} -g end'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('end')
time_stop = time.time()
assert time_stop - time_start < 2
shell.close()
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
opts = '-i {} -g 11'.format(logfile)
shell.sendline('tlog-play {}'.format(opts))
shell.expect('end')
time_stop = time.time()
assert time_stop - time_start < 8
shell.close()
def test_record_interactive_session(self):
"""
Check tlog-rec preserves activity during interactive
session in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('whoami')
shell.expect(self.user1)
shell.sendline('sleep 2')
shell.sendline('echo test123')
shell.expect('test123')
shell.sendline('echo test1123out>/tmp/pexpect.test1123out')
check_outfile('test1123out', logfile)
check_recording(shell, 'test1123out', logfile)
shell.close()
def test_record_interactive_session(self):
"""
Check tlog-rec preserves activity during interactive
session in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('whoami')
shell.expect(self.user1)
shell.sendline('sleep 2')
shell.sendline('echo test123')
shell.expect('test123')
shell.sendline('echo test1123out>/tmp/pexpect.test1123out')
check_outfile('test1123out', logfile)
check_recording(shell, 'test1123out', logfile)
shell.close()
def test_session_record_fast_input_with_limit_action_delay(self):
"""
Check tlog-rec-session delays recording when logging limit reached
"""
myname = inspect.stack()[0][3]
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(writer="file",
file_writer_path=logfile,
limit_rate=500,
limit_action="delay")
sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
for num in range(0, 200):
shell.sendline('echo {}_{}'.format(myname, num))
shell.sendline('exit')
check_recording(shell, '{}_199'.format(myname), logfile)
shell.close()
def test_record_as_unprivileged_user(self):
"""
Check tlog-rec preserves unauthorized activity of
unprivileged user in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('whoami')
shell.expect(self.user1)
shell.sendline('echo test1123out')
shell.sendline('sleep 2')
shell.sendline('ls -ltr /var/log/audit')
check_recording(shell, 'test1123out', logfile)
check_recording(shell, 'Permission denied', logfile)
shell.sendline('exit')
shell.close()
def test_record_as_unprivileged_user(self):
"""
Check tlog-rec preserves unauthorized activity of
unprivileged user in recordings
"""
logfile = mklogfile(self.tempdir)
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(logfile))
shell.sendline('whoami')
shell.expect(self.user1)
shell.sendline('echo test1123out')
shell.sendline('sleep 2')
shell.sendline('ls -ltr /var/log/audit')
check_recording(shell, 'test1123out', logfile)
check_recording(shell, 'Permission denied', logfile)
shell.sendline('exit')
shell.close()
def test_session_record_fast_input_with_limit_action_drop(self):
"""
Check tlog-rec-session drops output when logging limit reached
"""
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(writer="file",
file_writer_path=logfile,
limit_rate=10,
limit_action="drop")
sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
shell.sendline('cat /usr/share/dict/linux.words')
time.sleep(1)
shell.sendline('exit')
shell.close()
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
check_recording_missing(shell, 'Byronite', logfile)
check_recording_missing(shell, 'zygote', logfile)
def test_session_record_user_in_utmp(self, utempter_enabled):
"""
Check tlog-rec-session preserves session in a file
"""
if not utempter_enabled:
pytest.skip('utempter not enabled, skipping test')
myname = inspect.stack()[0][3]
whoami = '{} pts'.format(self.user)
logfile = mklogfile(self.tempdir)
sessionclass = TlogRecSessionConfig(writer="file",
file_writer_path=logfile)
sessionclass.generate_config(SYSTEM_TLOG_REC_SESSION_CONF)
shell = ssh_pexpect(self.user, 'Secret123', 'localhost')
shell.sendline('echo {}'.format(myname))
shell.sendline('who am i')
shell.sendline('exit')
check_recording(shell, myname, logfile)
check_recording(shell, whoami, logfile)
shell.close()
def test_play_follow_running_session(self):
"""
Check tlog-play can follow a live running session
"""
logfile = mklogfile(self.tempdir)
shell1 = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell2 = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell2.logfile = sys.stdout
shell1.sendline('tlog-rec -o {}'.format(logfile))
time.sleep(1)
shell2.sendline('tlog-play -i {} -f'.format(logfile))
shell1.sendline('echo line1')
shell2.expect('line1')
time.sleep(2)
shell1.sendline('echo line2')
shell2.expect('line2')
time.sleep(2)
shell1.sendline('echo line3')
shell2.expect('line3')
shell1.close()
shell2.close()
def test_play_follow_running_session(self):
"""
Check tlog-play can follow a live running session
"""
logfile = mklogfile(self.tempdir)
shell1 = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell2 = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell2.logfile = sys.stdout
shell1.sendline('tlog-rec -o {}'.format(logfile))
time.sleep(1)
shell2.sendline('tlog-play -i {} -f'.format(logfile))
shell1.sendline('echo line1')
shell2.expect('line1')
time.sleep(2)
shell1.sendline('echo line2')
shell2.expect('line2')
time.sleep(2)
shell1.sendline('echo line3')
shell2.expect('line3')
shell1.close()
shell2.close()
def test_conf_file_var(self, rec_env_config_setup):
""" Validate configuration settings are overwritten
by TLOG_REC_CONF_FILE variable
"""
logfile = mklogfile(self.tempdir)
msg = inspect.stack()[0][3]
tmp_conf_file = TMP_TLOG_REC_CONF
# system wide configuration file
recclass_system = TlogRecConfig(writer="journal")
recclass_system.generate_config(SYSTEM_TLOG_REC_CONF)
# temporary configuration file to override with
recclass_tmp = TlogRecConfig(writer="file", file_writer_path=logfile)
recclass_tmp.generate_config(tmp_conf_file)
# validate the file writer override
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
shell.sendline(f'export TLOG_REC_CONF_FILE={tmp_conf_file}')
shell.sendline(TLOG_REC_PROG + f"-c echo {msg}")
check_recording(shell, msg, logfile)
shell.close()
class TestTlogPlayControl:
""" Tests for tlog-play running key controls usage """
user1 = 'tlitestlocaluser1'
tempdir = mkdtemp(prefix='/tmp/TestTlogPlay.')
os.chmod(
tempdir, stat.S_IRWXU + stat.S_IRWXG + stat.S_IRWXO + stat.S_ISUID +
stat.S_ISGID + stat.S_ISVTX)
ctl_log = mklogfile(tempdir)
@classmethod
def setup_class(cls):
""" create sample recorded session for key control tests """
shell = ssh_pexpect(cls.user1, 'Secret123', 'localhost')
shell.sendline('tlog-rec -o {}'.format(cls.ctl_log))
shell.sendline('echo start')
time.sleep(10)
shell.sendline('echo testime_stop')
time.sleep(10)
shell.sendline('echo test2')
time.sleep(10)
shell.sendline('echo test3')
time.sleep(10)
shell.sendline('echo end')
shell.sendline('exit')
shell.close()
def test_play_key_ctl_goto_end(self):
"""
Check tlog-play key control goes to end of session
"""
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
shell.sendline('tlog-play -i {}'.format(self.ctl_log))
time.sleep(1)
shell.sendline('G')
shell.expect('end')
time_stop = time.time()
assert time_stop - time_start < 3
shell.close()
def test_play_key_ctl_next_packet(self):
"""
Check tlog-play key control skips to next packet
"""
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
shell.sendline('tlog-play -i {}'.format(self.ctl_log))
time.sleep(1)
shell.sendline('.')
time.sleep(1)
shell.sendline('.')
time.sleep(1)
shell.sendline('.')
time.sleep(1)
shell.sendline('.')
shell.expect('end')
time_stop = time.time()
assert time_stop - time_start < 5
shell.close()
def test_play_key_ctl_double_speed(self):
"""
Check tlog-play key control doubles playback speed
"""
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
shell.sendline('tlog-play -i {}'.format(self.ctl_log))
time.sleep(1)
shell.sendline('}')
time.sleep(1)
shell.sendline('}')
shell.expect('end')
time_stop = time.time()
assert time_stop - time_start < 15
shell.close()
def test_play_key_ctl_quit(self):
"""
Check tlog-play key control quits playback
"""
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
shell.sendline('tlog-play -i {}'.format(self.ctl_log))
time.sleep(1)
shell.sendline('q')
time_stop = time.time()
assert time_stop - time_start < 2
shell.close()
def test_play_key_ctl_halve_speed(self):
"""
Check tlog-play key control halves speed
The double speed steps are there as necessary pre-req steps
"""
shell = ssh_pexpect(self.user1, 'Secret123', 'localhost')
time_start = time.time()
shell.sendline('tlog-play -i {}'.format(self.ctl_log))
time.sleep(1)
shell.sendline('}')
time.sleep(1)
shell.sendline('}')
time.sleep(1)
shell.sendline('{')
time.sleep(1)
shell.sendline('{')
shell.expect('end', timeout=40)
time_stop = time.time()
assert time_stop - time_start > 30
shell.close()
