def main():
try:
env = get_controls()['002']['env']
env['filename'] = quote(env['filename'])
ssh = get_transport('SSH')
data = ssh.execute_show(
'stat --printf="%a %U %G" {filename}'.format(**env))
if not data:
return Status.NOT_APPLICABLE, 'File not found'
else:
data = data.split()
if data[0] != env['permissions']:
return Status.NOT_COMPLIANT, None
try:
if data[1] != env['owner']:
return Status.NOT_COMPLIANT, None
elif data[2] != env['group']:
return Status.NOT_COMPLIANT, None
except KeyError:
pass
return Status.COMPLIANT, None
except (TransportConnectionError, RemoteHostCommandError):
return Status.NOT_APPLICABLE, 'No SSH connection'
except Exception as e_info:
return Status.ERROR, str(e_info)
def test_002_permissions_1(run_docker):
env = get_controls()['002']['env']
env['filename'] = quote(env['filename'])
ssh = get_transport('SSH')
ssh.execute('chmod {permissions} {filename}'.format(**env))
ssh.execute('chown {owner}:{group} {filename}'.format(**env))
assert test.main()[0] == Status.COMPLIANT
def test_init_database(change_dir, create_new_database):
init_database()
assert os.path.exists(DB_NAME)
with sqlite3.connect(DB_NAME) as db:
curr = db.cursor()
curr.execute("SELECT name FROM sqlite_master where type = 'table'")
tables = curr.fetchall()
tables = list(map(list, tables)) # Converting a list
tables = set(sum(tables, [])) # to a linear set
assert tables == REQUIRED_TABLES
assert not curr.execute("""SELECT * FROM scandata""").fetchall()
# Converting to form to compare
required_controls = {
int(id_): dict(title=p['title'],
descr=p['descr'],
req=p['req'],
prescription=p['prescription'])
for id_, p in get_controls().items()
}
controls = {
id_: dict(title=title, descr=descr, req=req, prescription=presc)
for id_, title, descr, req, presc in curr.execute(
"SELECT * FROM control").fetchall()
}
assert controls == required_controls
def test_002_permissions_2(run_docker):
env = get_controls()['002']['env']
env['filename'] = quote(env['filename'])
ssh = get_transport('SSH')
ssh.execute('chmod {permissions} {filename}'.format(
permissions=int(env['permissions']) ^ 1,
filename=env['filename']))
assert test.main()[0] == Status.NOT_COMPLIANT
def test_000_file_exist_2(run_docker):
env = get_controls()['000']['env']
env['filename'] = quote(env['filename'])
ssh = get_transport('SSH')
try:
ssh.execute('rm -f {filename}'.format(**env))
except Exception:
pass
assert test.main()[0] == Status.NOT_COMPLIANT
def test_001_database_exist_1(run_docker):
env = get_controls()['001']['env']
sql = get_transport('MySQL')
sql.sqlexec('CREATE DATABASE IF NOT EXISTS {db_name}'.format(**env))
sql.connect(database=env['db_name'])
sql.sqlexec("""CREATE TABLE IF NOT EXISTS {table_name} (
name VARCHAR(20), owner VARCHAR(20))""".format(**env))
sql.sqlexec(
"INSERT INTO {table_name} VALUES ('Dolly', 'Me')".format(**env))
assert test.main()[0] == Status.COMPLIANT
def main():
try:
env = get_controls()['000']['env']
ssh = get_transport('SSH')
ssh.get_file(env['filename'])
except SSHFileNotFound:
return Status.NOT_COMPLIANT, None
except TransportConnectionError:
return Status.NOT_APPLICABLE, 'No connection'
except Exception as e_info:
return Status.ERROR, str(e_info)
return Status.COMPLIANT, None
def main():
try:
env = get_controls()['001']['env']
sql = get_transport('MySQL')
databases = [db['Database'] for db in sql.sqlexec('SHOW DATABASES')]
if env['db_name'] not in databases:
return Status.NOT_COMPLIANT, None
tables = [
table['Tables_in_{db_name}'.format(**env)]
for table in sql.sqlexec('SHOW TABLES FROM {db_name}'.format(
**env))
]
if env['table_name'] not in tables:
return Status.NOT_COMPLIANT, None
sql.connect(env['db_name'])
if sql.sqlexec('SELECT * FROM {table_name}'.format(**env)):
return Status.COMPLIANT, None
return Status.NOT_COMPLIANT, None
except TransportConnectionError:
return Status.NOT_APPLICABLE, 'No connection'
except Exception as e_info:
return Status.ERROR, str(e_info)
def test_000_file_exist_1(run_docker):
env = get_controls()['000']['env']
env['filename'] = quote(env['filename'])
ssh = get_transport('SSH')
ssh.execute('touch "{filename}"'.format(**env))
assert test.main()[0] == Status.COMPLIANT
def test_001_database_exist_2(run_docker):
env = get_controls()['001']['env']
sql = get_transport('MySQL')
sql.sqlexec('DROP DATABASE IF EXISTS {db_name}'.format(**env))
assert test.main()[0] == Status.NOT_COMPLIANT