class zzzTestRuleDisableCamera(RuleTest): def setUp(self): ''' @change: Breen Malmberg - 06102015 - updated self.cmd and paths to work with updated unit test functionality ''' RuleTest.setUp(self) self.rule = DisableCamera(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.cmd = 'chmod a+r ' self.paths = ['/System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/QuickTimeUSBVDCDigitizer', '/System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC', '/System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC', '/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC', '/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera'] def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch @change: Breen Malmberg - 06102015 - changed this method to reflect the new functionality of DisableCamera.py ''' success = True for path in self.paths: if os.path.exists(path): self.ch.executeCommand(self.cmd + path) error = self.ch.getErrorString() if error: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleSetSSCorners(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = SetSSCorners(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Breen Malmberg ''' success = True self.cmdhelper = CommandHelper(self.logdispatch) optdict = {"wvous-tr-corner": 6} cmd = 'defaults write ' + '\"' + self.environ.geteuidhome() + '/Library/Preferences/com.apple.dock.plist\" ' for item in optdict: self.cmdhelper.executeCommand(cmd + item + ' -int ' + str(optdict[item])) errout = self.cmdhelper.getErrorString() if errout: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Breen Malmberg ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Breen Malmberg ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Breen Malmberg ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestDisableAFPFileSharing(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisableAFPFileSharing(self.config, self.environ, self.logdispatch, self.statechglogger) self.cmdhelper = CommandHelper(self.logdispatch) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Breen Malmberg ''' success = True try: cmd = '/bin/launchctl enable system/com.apple.AppleFileServer' self.cmdhelper.executeCommand(cmd) retcode = self.cmdhelper.getReturnCode() if retcode != 0: errstr = self.cmdhelper.getErrorString() self.logdispatch.log(LogPriority.DEBUG, errstr) success = False except Exception: raise return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class MacOSUser(ManageUser): """ Class to manage users on Mac OS. @method findUniqueUid @method setUserShell @method setUserComment @method setUserUid @method setUserPriGid @method setUserHomeDir @method addUserToGroup @method rmUserFromGroup @method setUserPassword @method setUserLoginKeychainPassword @method createHomeDirectory @method rmUser @method rmUserHome @author: Roy Nielsen """ def __init__(self, userName="", userShell="/bin/bash", userComment="", userUid=1000, userPriGid=20, userHomeDir="/tmp", logger=False): super(MacOSUser, self).__init__(userName, userShell, userComment, userUid, userPriGid, userHomeDir, logger) self.module_version = '20160225.125554.540679' self.dscl = "/usr/bin/dscl" self.cmdh = CommandHelper(self.logger) #---------------------------------------------------------------------- def createStandardUser(self, userName, password): """ Creates a user that has the "next" uid in line to be used, then puts in in a group of the same id. Uses /bin/bash as the standard shell. The userComment is left empty. Primary use is managing a user during test automation, when requiring a "user" context. It does not set a login keychain password as that is created on first login to the GUI. @author: Roy Nielsen """ self.createBasicUser(userName) newUserID = self.findUniqueUid() newUserGID = newUserID self.setUserUid(userName, newUserID) self.setUserPriGid(userName, newUserID) self.setUserHomeDir(userName) self.setUserShell(userName, "/bin/bash") self.setUserPassword(userName, password) ##### # Don't need to set the user login keychain password as it should be # created on first login. #---------------------------------------------------------------------- def setDscl(self, directory=".", action="", object="", property="", value=""): """ Using dscl to set a value in a directory... @author: Roy Nielsen """ success = False reterr = "" if directory and action and object and property and value: cmd = [self.dscl, directory, action, object, property, value] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise DsclError("Error trying to set a value with dscl (" + \ str(reterr).strip() + ")") return success def getDscl(self, directory="", action="", dirobj="", property=""): """ Using dscl to retrieve a value from the directory @author: Roy Nielsen """ success = False reterr = "" retval = "" ##### # FIRST VALIDATE INPUT!! if isinstance(directory, basestring) and re.match("^[/\.][A-Za-z0-9/]*", directory): success = True else: success = False if isinstance(action, basestring) and re.match("^[-]*[a-z]+", action) and success: success = True else: success = False if isinstance(dirobj, basestring) and re.match("^[A-Za-z0=9/]+", dirobj) and success: success = True else: success = False if isinstance(property, basestring) and re.match("^[A-Za-z0-9]+", property) and success: success = True else: success = False ##### # Now do the directory lookup. if success: cmd = [self.dscl, directory, action, object, property] self.cmdh.executeCommand(cmd) retval = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if reterr: raise DsclError("Error trying to get a value with dscl (" + \ str(reterr).strip() + ")") return ("\n").join(retval) def findUniqueUid(self): """ We need to make sure to find an unused uid (unique ID) for the user, $ dscl . -list /Users UniqueID will list all the existing users, an unused number above 500 is good. @author: Roy Nielsen """ success = False maxUserID = 0 newUserID = 0 userList = self.getDscl(".", "-list", "/Users", "UniqueID") ##### # Sort the list, add one to the highest value and return that # value for user in str(userList).split("\n"): if int(user.split()[1]) > maxUserID: maxUserID = int(user.split()[1]) newUserID = str(int(maxUserID + 1)) return newUserID #---------------------------------------------------------------------- def uidTaken(self, uid): """ See if the UID requested has been taken. Only approve uid's over 1k $ dscl . -list /Users UniqueID @author: Roy Nielsen """ uidList = [] success = False userList = self.getDscl(".", "-list", "/Users", "UniqueID") ##### # Sort the list, add one to the highest value and return that # value for user in str(userList).split("\n"): uidList.append(str(user.split()[1])) if str(uid) in uidList: success = True return success #---------------------------------------------------------------------- def createBasicUser(self, userName=""): """ Create a username with just a moniker. Allow the system to take care of the rest. Only allow usernames with letters and numbers. On the MacOS platform, all other steps must also be done. @author: Roy Nielsen """ success = False reterr = "" if isinstance(userName, basestring)\ and re.match("^[A-Za-z][A-Za-z0-9]*$", userName): cmd = [self.dscl, ".", "-create", "/Users/" + str(userName)] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise DsclError("Error trying to set a value with dscl (" + \ str(reterr).strip() + ")") return success #---------------------------------------------------------------------- def setUserShell(self, user="", shell=""): """ dscl . -create /Users/luser UserShell /bin/bash @author: Roy Nielsen """ success = False if self.isSaneUserName(user) and self.isSaneUserShell(shell): isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "UserShell", str(shell)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserComment(self, user="", comment=""): """ dscl . -create /Users/luser RealName "Real A. Name" @author: Roy Nielsen """ success = False if self.isSaneUserName(user) and comment: isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "RealName", str(comment)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserUid(self, user="", uid=""): """ dscl . -create /Users/luser UniqueID "503" @author: Roy Nielsen """ success = False if self.isSaneUserName(user) and uid: isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "UniqueID", str(uid)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserPriGid(self, user="", priGid=""): """ dscl . -create /Users/luser PrimaryGroupID 20 @author: Roy Nielsen """ success = False if self.isSaneUserName(user) and priGid: isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "PrimaryGroupID", str(priGid)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserHomeDir(self, user="", userHome=""): """ Create a "local" home directory dscl . -create /Users/luser NFSHomeDirectory /Users/luser better yet: createhomedir -l -u <username> @author: Roy Nielsen """ success = False ##### # Creating a non-standard userHome is not currently permitted #if self.saneUserName(user) and self.saneUserHomeDir(userHome): if self.isSaneUserName(user): isSetDSCL = self.setDscl(".", "-create", "/Users/" + str(user), "NFSHomeDirectory", str("/Users/" + str(user))) if isSetDSCL: success = True return success #---------------------------------------------------------------------- def createHomeDirectory(self, user=""): """ createhomedir -c -u luser This should use the system "User Template" for standard system user settings. @author: Roy Nielsen """ success = False reterr = "" if user: cmd = ["/usr/sbin/createhomedir", "-c", " -u", + str(user)] self.cmdh.executeCommand(cmd) self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise CreateHomeDirError("Error trying to create user home (" + \ str(reterr).strip() + ")") return success #---------------------------------------------------------------------- def addUserToGroup(self, user="", group=""): """ dscl . -append /Groups/admin GroupMembership luser @author: Roy Nielsen """ success = False if self.isSaneUserName(user) and self.isSaneGroupName(group): isSetDSCL = self.setDscl(".", "-append", "/Groups/" + str(group), "GroupMembership", str(user)) if isSetDSCL: success = True return success #---------------------------------------------------------------------- def rmUserFromGroup(self, user="", group=""): """ """ success = False if self.isSaneUserName(user) and self.isSaneGroupName(group): isSetDSCL = self.setDscl(".", "-delete", "/Groups/" + str(group), "GroupMembership", str(user)) if isSetDSCL: success = True return success #---------------------------------------------------------------------- def setUserPassword(self, user="", password=""): """ dscl . -passwd /Users/luser password @author: Roy Nielsen """ success = False if self.isSaneUserName(user) and isinstance(password, basestring): isSetDSCL = self.setDscl("."", -passwd", "/Users/" + str(user), password) if not isSetDSCL: success = False else: success = True return success #---------------------------------------------------------------------- def setUserLoginKeychainPassword(self, user="", password=""): """ Use the "security" command to set the login keychain. If it has not been created, create the login keychain. Needs research.. Not sure if a sudo'd admin can use the security command to change another user's keychain password... possibly: security set-keychain-password -o oldpassword -p newpassword file.keychain where file.keychain is the default login.keychain of another user? @author: Roy Nielsen """ pass """ self.sec = "/usr/bin/security" success = False keychainpath = "" if self.isSaneUserName(user) and isinstance(password, basestring): pass ##### # Input validation ##### # Check if login keychain exists ##### # if it does not exist, create it if not os.path.exists(keychainpath): cmd = ["Create Keychain Command Here"] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: self.logger.log(lp.INFO, "Unsuccessful attempt to create the " + \ "keychain...(" + str(reterr) + ")") ##### # else set the login keychain password pass """ #---------------------------------------------------------------------- def rmUser(self, user=""): """ dscl . delete /Users/<user> @author: Roy Nielsen """ success = False if self.isSaneUserName(user): cmd = [self.dscl, ".", "-delete", "/Users/" + str(user)] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise Exception("Error trying to remove a user (" + \ str(reterr).strip() + ")") return success #---------------------------------------------------------------------- def rmUserHome(self, user=""): """ Remove the user home... right now only default location, but should look up the user home in the directory service and remove that specifically. @author: Roy Nielsen """ success = False if self.isSaneUserName(user): ##### # # ***** WARNING WILL ROBINSON ***** # # Please refactor to do a lookup of the user in the directory # service, and use the home directory specified there.. # try: shutil.rmtree("/Users/" + str(user)) except IOError or OSError, err: self.logger.log(lp.INFO, "Exception trying to remove user home...") self.logger.log(lp.INFO, "Exception: " + str(err)) raise err else: success = True return success
class zzzTestRuleDisableCamera(RuleTest): def setUp(self): ''' @change: Breen Malmberg - 06102015 - updated self.cmd and paths to work with updated unit test functionality ''' RuleTest.setUp(self) self.rule = DisableCamera(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.cmd = 'chmod a+r ' self.paths = [ '/System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/QuickTimeUSBVDCDigitizer', '/System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC', '/System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC', '/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC', '/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera' ] def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch @change: Breen Malmberg - 06102015 - changed this method to reflect the new functionality of DisableCamera.py ''' success = True for path in self.paths: if os.path.exists(path): self.ch.executeCommand(self.cmd + path) error = self.ch.getErrorString() if error: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestDisableAFPFileSharing(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisableAFPFileSharing(self.config, self.environ, self.logdispatch, self.statechglogger) self.cmdhelper = CommandHelper(self.logdispatch) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: Breen Malmberg ''' success = True try: cmd = '/bin/launchctl enable system/com.apple.AppleFileServer' self.cmdhelper.executeCommand(cmd) retcode = self.cmdhelper.getReturnCode() if retcode != 0: errstr = self.cmdhelper.getErrorString() self.logdispatch.log(LogPriority.DEBUG, errstr) success = False except Exception: raise return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestDisableAFPFileSharing(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisableAFPFileSharing(self.config, self.environ, self.logdispatch, self.statechglogger) self.cmdhelper = CommandHelper(self.logdispatch) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Breen Malmberg ''' success = True try: afpfile = '/System/Library/LaunchDaemons/com.apple.AppleFileSharing.plist' cmd = 'defaults write ' + afpfile + ' Disabled -bool False' self.cmdhelper.executeCommand(cmd) errout = self.cmdhelper.getErrorString() if errout: success = False except Exception: raise return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleNoCoreDumps(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = NoCoreDumps(self.config, self.environ, self.logdispatch, self.statechglogger) self.logger = self.logdispatch self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.checkUndo = True self.ch = CommandHelper(self.logger) def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): """ Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Ekkehard J. Koch """ success = True if self.environ.getosfamily() == "linux": if not self.setLinuxConditions(): success = False elif self.environ.getostype() == "mac": if not self.setMacConditions(): success = False return success def setMacConditions(self): success = True self.ch.executeCommand("/usr/bin/launchctl limit core") retcode = self.ch.getReturnCode() if retcode != 0: self.detailedresults += "\nFailed to run launchctl command to get current value of core dumps configuration" errmsg = self.ch.getErrorString() self.logger.log(LogPriority.DEBUG, errmsg) else: output = self.ch.getOutputString() if output: if not re.search("1", output): self.ch.executeCommand("/usr/bin/launchctl limit core 1 1") def setLinuxConditions(self): success = True path1 = "/etc/security/limits.conf" if os.path.exists(path1): lookfor1 = "(^\*)\s+hard\s+core\s+0?" contents = readFile(path1, self.logger) if contents: tempstring = "" for line in contents: if not re.search(lookfor1, line.strip()): tempstring += line if not writeFile(path1, tempstring, self.logger): debug = "unable to write incorrect contents to " + path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False if checkPerms(path1, [0, 0, 0o644], self.logger): if not setPerms(path1, [0, 0, 0o777], self.logger): debug = "Unable to set incorrect permissions on " + path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False else: debug = "successfully set incorrect permissions on " + path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) self.ch.executeCommand("/sbin/sysctl fs.suid_dumpable") retcode = self.ch.getReturnCode() if retcode != 0: self.detailedresults += "Failed to get value of core dumps configuration with sysctl command\n" errmsg = self.ch.getErrorString() self.logger.log(LogPriority.DEBUG, errmsg) success = False else: output = self.ch.getOutputString() if output.strip() != "fs.suid_dumpable = 1": if not self.ch.executeCommand("/sbin/sysctl -w fs.suid_dumpable=1"): debug = "Unable to set incorrect value for fs.suid_dumpable" self.logger.log(LogPriority.DEBUG, debug) success = False elif not self.ch.executeCommand("/sbin/sysctl -p"): debug = "Unable to set incorrect value for fs.suid_dumpable" self.logger.log(LogPriority.DEBUG, debug) success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): """ check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Ekkehard J. Koch """ self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): """ check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Ekkehard J. Koch """ self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): """ check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Ekkehard J. Koch """ self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestReqPassSysPref(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = ReqPassSysPref(self.config, self.environ, self.logdispatch, self.statechglogger) self.cmdhelper = CommandHelper(self.logdispatch) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True setuplist = ["system.preferences", "system.preferences.accessibility", "system.preferences.accounts", "system.preferences.datetime", "system.preferences.energysaver", "system.preferences.location", "system.preferences.network", "system.preferences.nvram", "system.preferences.parental-controls", "system.preferences.printing", "system.preferences.security", "system.preferences.security.remotepair", "system.preferences.sharing", "system.preferences.softwareupdate", "system.preferences.startupdisk", "system.preferences.timemachine", "system.preferences.version-cue"] plistfile = "/System/Library/Security/authorization.plist" plistbuddy = "/usr/libexec/PlistBuddy" for option in setuplist: self.cmdhelper.executeCommand(plistbuddy + " -c 'Set rights:" + option + ":shared 1 " + plistfile) errorout = self.cmdhelper.getErrorString() if errorout: if re.search("Does Not Exist", errorout): self.cmdhelper.executeCommand(plistbuddy + " -c 'Add rights:" + option + ":shared bool true " + plistfile) erradd = self.cmdhelper.getErrorString() if erradd: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleSetSSCorners(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = SetSSCorners(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): """ Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Breen Malmberg """ success = True self.cmdhelper = CommandHelper(self.logdispatch) optdict = {"wvous-tr-corner": 6} cmd = "defaults write " + '"' + self.environ.geteuidhome() + '/Library/Preferences/com.apple.dock.plist" ' for item in optdict: self.cmdhelper.executeCommand(cmd + item + " -int " + str(optdict[item])) errout = self.cmdhelper.getErrorString() if errout: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): """ check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Breen Malmberg """ self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): """ check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Breen Malmberg """ self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): """ check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: Breen Malmberg """ self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class MacOSUser(ManageUser): '''Class to manage users on Mac OS. @method findUniqueUid @method setUserShell @method setUserComment @method setUserUid @method setUserPriGid @method setUserHomeDir @method addUserToGroup @method rmUserFromGroup @method setUserPassword @method setUserLoginKeychainPassword @method createHomeDirectory @method rmUser @method rmUserHome @author: Roy Nielsen ''' def __init__(self, userName="", userShell="/bin/bash", userComment="", userUid=1000, userPriGid=20, userHomeDir="/tmp", logger=False): super(MacOSUser, self).__init__(userName, userShell, userComment, userUid, userPriGid, userHomeDir, logger) self.module_version = '20160225.125554.540679' self.dscl = "/usr/bin/dscl" self.cmdh = CommandHelper(self.logger) #---------------------------------------------------------------------- def createStandardUser(self, userName, password): '''Creates a user that has the "next" uid in line to be used, then puts in in a group of the same id. Uses /bin/bash as the standard shell. The userComment is left empty. Primary use is managing a user during test automation, when requiring a "user" context. It does not set a login keychain password as that is created on first login to the GUI. @author: Roy Nielsen :param userName: :param password: ''' self.createBasicUser(userName) newUserID = self.findUniqueUid() newUserGID = newUserID self.setUserUid(userName, newUserID) self.setUserPriGid(userName, newUserID) self.setUserHomeDir(userName) self.setUserShell(userName, "/bin/bash") self.setUserPassword(userName, password) ##### # Don't need to set the user login keychain password as it should be # created on first login. #---------------------------------------------------------------------- def setDscl(self, directory=".", action="", object="", property="", value=""): '''Using dscl to set a value in a directory... @author: Roy Nielsen :param directory: (Default value = ".") :param action: (Default value = "") :param object: (Default value = "") :param property: (Default value = "") :param value: (Default value = "") ''' success = False reterr = "" if directory and action and object and property and value: cmd = [self.dscl, directory, action, object, property, value] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise DsclError("Error trying to set a value with dscl (" + \ str(reterr).strip() + ")") return success def getDscl(self, directory="", action="", dirobj="", property=""): '''Using dscl to retrieve a value from the directory @author: Roy Nielsen :param directory: (Default value = "") :param action: (Default value = "") :param dirobj: (Default value = "") :param property: (Default value = "") ''' success = False reterr = "" retval = "" ##### # FIRST VALIDATE INPUT!! if isinstance(directory, str) and re.match("^[/\.][A-Za-z0-9/]*", directory): success = True else: success = False if isinstance(action, str) and re.match("^[-]*[a-z]+", action) and success: success = True else: success = False if isinstance(dirobj, str) and re.match("^[A-Za-z0=9/]+", dirobj) and success: success = True else: success = False if isinstance(property, str) and re.match("^[A-Za-z0-9]+", property) and success: success = True else: success = False ##### # Now do the directory lookup. if success: cmd = [self.dscl, directory, action, object, property] self.cmdh.executeCommand(cmd) retval = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if reterr: raise DsclError("Error trying to get a value with dscl (" + \ str(reterr).strip() + ")") return ("\n").join(retval) def findUniqueUid(self): '''We need to make sure to find an unused uid (unique ID) for the user, $ dscl . -list /Users UniqueID will list all the existing users, an unused number above 500 is good. @author: Roy Nielsen ''' success = False maxUserID = 0 newUserID = 0 userList = self.getDscl(".", "-list", "/Users", "UniqueID") ##### # Sort the list, add one to the highest value and return that # value for user in str(userList).split("\n"): if int(user.split()[1]) > maxUserID: maxUserID = int(user.split()[1]) newUserID = str(int(maxUserID + 1)) return newUserID #---------------------------------------------------------------------- def uidTaken(self, uid): '''See if the UID requested has been taken. Only approve uid's over 1k $ dscl . -list /Users UniqueID @author: Roy Nielsen :param uid: ''' uidList = [] success = False userList = self.getDscl(".", "-list", "/Users", "UniqueID") ##### # Sort the list, add one to the highest value and return that # value for user in str(userList).split("\n"): uidList.append(str(user.split()[1])) if str(uid) in uidList: success = True return success #---------------------------------------------------------------------- def createBasicUser(self, userName=""): '''Create a username with just a moniker. Allow the system to take care of the rest. Only allow usernames with letters and numbers. On the MacOS platform, all other steps must also be done. @author: Roy Nielsen :param userName: (Default value = "") ''' success = False reterr = "" if isinstance(userName, str)\ and re.match("^[A-Za-z][A-Za-z0-9]*$", userName): cmd = [self.dscl, ".", "-create", "/Users/" + str(userName)] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise DsclError("Error trying to set a value with dscl (" + \ str(reterr).strip() + ")") return success #---------------------------------------------------------------------- def setUserShell(self, user="", shell=""): '''dscl . -create /Users/luser UserShell /bin/bash @author: Roy Nielsen :param user: (Default value = "") :param shell: (Default value = "") ''' success = False if self.isSaneUserName(user) and self.isSaneUserShell(shell): isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "UserShell", str(shell)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserComment(self, user="", comment=""): '''dscl . -create /Users/luser RealName "Real A. Name" @author: Roy Nielsen :param user: (Default value = "") :param comment: (Default value = "") ''' success = False if self.isSaneUserName(user) and comment: isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "RealName", str(comment)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserUid(self, user="", uid=""): '''dscl . -create /Users/luser UniqueID "503" @author: Roy Nielsen :param user: (Default value = "") :param uid: (Default value = "") ''' success = False if self.isSaneUserName(user) and uid: isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "UniqueID", str(uid)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserPriGid(self, user="", priGid=""): '''dscl . -create /Users/luser PrimaryGroupID 20 @author: Roy Nielsen :param user: (Default value = "") :param priGid: (Default value = "") ''' success = False if self.isSaneUserName(user) and priGid: isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user), "PrimaryGroupID", str(priGid)) if isSetDSL: success = True return success #---------------------------------------------------------------------- def setUserHomeDir(self, user="", userHome=""): '''Create a "local" home directory dscl . -create /Users/luser NFSHomeDirectory /Users/luser better yet: createhomedir -l -u <username> @author: Roy Nielsen :param user: (Default value = "") :param userHome: (Default value = "") ''' success = False ##### # Creating a non-standard userHome is not currently permitted #if self.saneUserName(user) and self.saneUserHomeDir(userHome): if self.isSaneUserName(user): isSetDSCL = self.setDscl(".", "-create", "/Users/" + str(user), "NFSHomeDirectory", str("/Users/" + str(user))) if isSetDSCL: success = True return success #---------------------------------------------------------------------- def createHomeDirectory(self, user=""): '''createhomedir -c -u luser This should use the system "User Template" for standard system user settings. @author: Roy Nielsen :param user: (Default value = "") ''' success = False reterr = "" if user: cmd = ["/usr/sbin/createhomedir", "-c", " -u", +str(user)] self.cmdh.executeCommand(cmd) self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise CreateHomeDirError("Error trying to create user home (" + \ str(reterr).strip() + ")") return success #---------------------------------------------------------------------- def addUserToGroup(self, user="", group=""): '''dscl . -append /Groups/admin GroupMembership luser @author: Roy Nielsen :param user: (Default value = "") :param group: (Default value = "") ''' success = False if self.isSaneUserName(user) and self.isSaneGroupName(group): isSetDSCL = self.setDscl(".", "-append", "/Groups/" + str(group), "GroupMembership", str(user)) if isSetDSCL: success = True return success #---------------------------------------------------------------------- def rmUserFromGroup(self, user="", group=""): ''' :param user: (Default value = "") :param group: (Default value = "") ''' success = False if self.isSaneUserName(user) and self.isSaneGroupName(group): isSetDSCL = self.setDscl(".", "-delete", "/Groups/" + str(group), "GroupMembership", str(user)) if isSetDSCL: success = True return success #---------------------------------------------------------------------- def setUserPassword(self, user="", password=""): '''dscl . -passwd /Users/luser password @author: Roy Nielsen :param user: (Default value = "") :param password: (Default value = "") ''' success = False if self.isSaneUserName(user) and isinstance(password, str): isSetDSCL = self.setDscl("." ", -passwd", "/Users/" + str(user), password) if not isSetDSCL: success = False else: success = True return success #---------------------------------------------------------------------- def setUserLoginKeychainPassword(self, user="", password=""): '''Use the "security" command to set the login keychain. If it has not been created, create the login keychain. Needs research.. Not sure if a sudo'd admin can use the security command to change another user's keychain password... possibly: security set-keychain-password -o oldpassword -p newpassword file.keychain where file.keychain is the default login.keychain of another user? @author: Roy Nielsen :param user: (Default value = "") :param password: (Default value = "") ''' pass """ self.sec = "/usr/bin/security" success = False keychainpath = "" if self.isSaneUserName(user) and isinstance(password, str): pass ##### # Input validation ##### # Check if login keychain exists ##### # if it does not exist, create it if not os.path.exists(keychainpath): cmd = ["Create Keychain Command Here"] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: self.logger.log(lp.INFO, "Unsuccessful attempt to create the " + \ "keychain...(" + str(reterr) + ")") ##### # else set the login keychain password pass """ #---------------------------------------------------------------------- def rmUser(self, user=""): '''dscl . delete /Users/<user> @author: Roy Nielsen :param user: (Default value = "") ''' success = False if self.isSaneUserName(user): cmd = [self.dscl, ".", "-delete", "/Users/" + str(user)] self.cmdh.executeCommand(cmd) output = self.cmdh.getOutput() reterr = self.cmdh.getErrorString() if not reterr: success = True else: raise Exception("Error trying to remove a user (" + \ str(reterr).strip() + ")") return success #---------------------------------------------------------------------- def rmUserHome(self, user=""): '''Remove the user home... right now only default location, but should look up the user home in the directory service and remove that specifically. @author: Roy Nielsen :param user: (Default value = "") ''' success = False if self.isSaneUserName(user): ##### # # ***** WARNING WILL ROBINSON ***** # # Please refactor to do a lookup of the user in the directory # service, and use the home directory specified there.. # try: shutil.rmtree("/Users/" + str(user)) except IOError or OSError as err: self.logger.log(lp.INFO, "Exception trying to remove user home...") self.logger.log(lp.INFO, "Exception: " + str(err)) raise err else: success = True return success #---------------------------------------------------------------------- def validateUser(self, userName=False, userShell=False, userComment=False, userUid=False, userPriGid=False, userHomeDir=False): '''Future functionality... validate that the passed in parameters to the class instanciation match. @author: :param userName: (Default value = False) :param userShell: (Default value = False) :param userComment: (Default value = False) :param userUid: (Default value = False) :param userPriGid: (Default value = False) :param userHomeDir: (Default value = False) ''' sane = False ##### # Look up all user attributes and check that they are accurate. # Only check the "SANE" parameters passed in. if self.isSaneUserName(userName): self.userName = userName sane = True else: raise BadUserInfoError("Need a valid user name...") if self.isSaneUserShell(userShell) and sane: self.userShell = userShell elif not userShell: pass else: sane = False if self.isSaneUserComment(userComment) and sane: self.userComment = userComment elif not userComment: pass else: sane = False if self.isSaneUserUid(str(userUid)) and sane: self.userUid = self.userUid elif not userUid: pass else: sane = False if self.isSaneUserPriGid(str(userPriGid)) and sane: self.userUid = userUid elif not userPriGid: pass else: sane = False if self.isSaneUserHomeDir(userHomeDir) and sane: self.userHomeDir = userHomeDir elif not userHomeDir: pass else: sane = False return sane #---------------------------------------------------------------------- def getUser(self, userName=""): ''' :param userName: (Default value = "") ''' userInfo = False if self.isSaneUserName(userName): output = self.getDscl(".", "read", "/Users/" + str(userName), "RecordName") try: userInfo = output.split()[1] except (KeyError, IndexError) as err: self.logger.log(lp.INFO, "Error attempting to find user" + \ str(userName) + " in the " + \ "directory service.") else: raise BadUserInfoError("Need a valid user name...") return userInfo #---------------------------------------------------------------------- def getUserShell(self, userName=""): ''' :param userName: (Default value = "") ''' userShell = False if self.isSaneUserName(userName): output = self.getDscl(".", "read", "/Users/" + str(userName), "UserShell") try: userShell = output.split()[1] except (KeyError, IndexError) as err: self.logger.log(lp.INFO, "Error attempting to find user" + \ str(userName) + " in the " + \ "directory service.") else: raise BadUserInfoError("Need a valid user name...") return userShell #---------------------------------------------------------------------- def getUserComment(self, userName=""): ''' :param userName: (Default value = "") ''' userComment = False if self.isSaneUserName(userName): ##### # Need to process the output to get the right information due to a # spurrious "\n" in the output output = self.getDscl(".", "read", "/Users/" + str(userName), "RealName") try: userComment = output[1] except (KeyError, IndexError) as err: self.logger.log(lp.INFO, "Error attempting to find user" + \ str(userName) + " in the " + \ "directory service.") else: raise BadUserInfoError("Need a valid user name...") return userComment #---------------------------------------------------------------------- def getUserUid(self, userName=""): ''' :param userName: (Default value = "") ''' userUid = False if self.isSaneUserName(userName): output = self.getDscl(".", "read", "/Users/" + str(userName), "UniqueID") ##### # Process to get out the right information.... try: userUid = output.split()[1] except (KeyError, IndexError) as err: self.logger.log(lp.INFO, "Error attempting to find user" + \ str(userName) + " in the " + \ "directory service.") else: raise BadUserInfoError("Need a valid user name...") return userUid #---------------------------------------------------------------------- def getUserPriGid(self, userName=""): ''' :param userName: (Default value = "") ''' userPriGid = False if self.isSaneUserName(userName): output = self.getDscl(".", "read", "/Users/" + str(userName), "PrimaryGroupID") ##### # Process to get out the right information.... try: userPriGid = output.split()[1] except (KeyError, IndexError) as err: self.logger.log(lp.INFO, "Error attempting to find user" + \ str(userName) + " in the " + \ "directory service.") else: raise BadUserInfoError("Need a valid user name...") return userPriGid #---------------------------------------------------------------------- def getUserHomeDir(self, userName=""): ''' :param userName: (Default value = "") ''' userHomeDir = False if self.isSaneUserName(userName): output = self.getDscl(".", "read", "/Users/" + str(userName), "NFSHomeDirectory") ##### # Process to get out the right information.... try: userHomeDir = output.split()[1] except (KeyError, IndexError) as err: self.logger.log(lp.INFO, "Error attempting to find user" + \ str(userName) + " in the " + \ "directory service.") else: raise BadUserInfoError("Need a valid user name...") return userHomeDir #---------------------------------------------------------------------- def isUserInstalled(self, user=""): '''Check if the user "user" is installed @author Roy Nielsen :param user: (Default value = "") ''' success = False if self.isSaneUserName(user): cmd = [self.dscl, ".", "-read", "/Users/" + str(user)] self.runWith.setCommand(cmd) self.runWith.communicate() retval, reterr, retcode = self.runWith.getNlogReturns() if not reterr: success = True return success #---------------------------------------------------------------------- def isUserInGroup(self, userName="", groupName=""): '''Check if this user is in this group @author: Roy Nielsen :param userName: (Default value = "") :param groupName: (Default value = "") ''' success = False if self.isSaneUserName(userName) and self.isSaneGroupName(groupName): output = self.getDscl(".", "read", "/Groups/" + groupName, "users") users = output.split()[:-1] if userName in users: success = True return success #---------------------------------------------------------------------- def fixUserHome(self, userName=""): '''Get the user information from the local directory and fix the user ownership and group of the user's home directory to reflect what is in the local directory service. @author: Roy Nielsen :param userName: (Default value = "") ''' success = False if self.isSaneUserName(userName): ##### # Acquire the user data based on the username first. try: userUid = self.getUserUid(userName) userPriGid = self.getUserPriGid(userName) userHomeDir = self.getUserHomeDir(userName) except BadUserInfoError as err: self.logger.log(lp.INFO, "Exception trying to find: \"" + \ str(userName) + "\" user information") self.logger.log(lp.INFO, "err: " + str(err)) else: success = True if success: try: for root, dirs, files in os.walk(userHomeDir): for d in dirs: os.chown(os.path.join(root, d), userUid, userPriGid) for f in files: os.chown(os.path.join(root, d, f), userUid, userPriGid) except: success = False self.logger.log(lp.INFO, "Exception attempting to chown...") raise err else: success = True return success
class zzzTestReqPassSysPref(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = ReqPassSysPref(self.config, self.environ, self.logdispatch, self.statechglogger) self.cmdhelper = CommandHelper(self.logdispatch) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True setuplist = [ "system.preferences", "system.preferences.accessibility", "system.preferences.accounts", "system.preferences.datetime", "system.preferences.energysaver", "system.preferences.location", "system.preferences.network", "system.preferences.nvram", "system.preferences.parental-controls", "system.preferences.printing", "system.preferences.security", "system.preferences.security.remotepair", "system.preferences.sharing", "system.preferences.softwareupdate", "system.preferences.startupdisk", "system.preferences.timemachine", "system.preferences.version-cue" ] plistfile = "/System/Library/Security/authorization.plist" plistbuddy = "/usr/libexec/PlistBuddy" for option in setuplist: self.cmdhelper.executeCommand(plistbuddy + " -c 'Set rights:" + option + ":shared 1 " + plistfile) errorout = self.cmdhelper.getErrorString() if errorout: if re.search("Does Not Exist", errorout): self.cmdhelper.executeCommand(plistbuddy + " -c 'Add rights:" + option + ":shared bool true " + plistfile) erradd = self.cmdhelper.getErrorString() if erradd: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleNoCoreDumps(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = NoCoreDumps(self.config, self.environ, self.logdispatch, self.statechglogger) self.logger = self.logdispatch self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.checkUndo = True self.ch = CommandHelper(self.logger) def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: Ekkehard J. Koch ''' success = True if self.environ.getosfamily() == "linux": if not self.setLinuxConditions(): success = False elif self.environ.getostype() == "mac": if not self.setMacConditions(): success = False return success def setMacConditions(self): success = True self.ch.executeCommand("/usr/bin/launchctl limit core") retcode = self.ch.getReturnCode() if retcode != 0: debug = "Failed to run launchctl command to get current value of core dumps configuration\n" debug += self.ch.getErrorString() self.logger.log(LogPriority.DEBUG, debug) else: output = self.ch.getOutputString() if output: if not re.search("1", output): self.ch.executeCommand("/usr/bin/launchctl limit core 1 1") def setLinuxConditions(self): success = True debug = "" path1 = "/etc/security/limits.conf" if os.path.exists(path1): lookfor1 = "(^\*)\s+hard\s+core\s+0?" contents = readFile(path1, self.logger) if contents: tempstring = "" for line in contents: if not re.search(lookfor1, line.strip()): tempstring += line if not writeFile(path1, tempstring, self.logger): debug = "unable to write incorrect contents to " + path1 self.logger.log(LogPriority.DEBUG, debug) success = False if not checkPerms(path1, [0, 0, 0o777], self.logger): if not setPerms(path1, [0, 0, 0o777], self.logger): debug = "Unable to set incorrect permissions on " + path1 self.logger.log(LogPriority.DEBUG, debug) success = False else: debug = "successfully set incorrect permissions on " + path1 self.logger.log(LogPriority.DEBUG, debug) sysctl = "/etc/sysctl.conf" tmpfile = sysctl + ".tmp" editor = KVEditorStonix(self.statechglogger, self.logger, "conf", sysctl, tmpfile, {"fs.suid_dumpable": "1"}, "present", "openeq") if not checkPerms(sysctl, [0, 0, 0o777], self.logger): if not setPerms(sysctl, [0, 0, 0o777], self.logger): debug = "Unable to set incorrect permissions on " + path1 self.logger.log(LogPriority.DEBUG, debug) success = False else: debug = "successfully set incorrect permissions on " + path1 self.logger.log(LogPriority.DEBUG, debug) if not editor.report(): if not editor.fix(): success = False debug = "Unable to set conditions for /etc/sysctl.conf file" self.logger.log(LogPriority.DEBUG, debug) elif not editor.commit(): success = False debug = "Unable to set conditions for /etc/sysctl.conf file" self.logger.log(LogPriority.DEBUG, debug) self.ch.executeCommand("/sbin/sysctl fs.suid_dumpable") retcode = self.ch.getReturnCode() if retcode != 0: debug = "Failed to get value of core dumps configuration with sysctl command" debug += self.ch.getErrorString() self.logger.log(LogPriority.DEBUG, debug) success = False else: output = self.ch.getOutputString() if output.strip() != "fs.suid_dumpable = 1": if not self.ch.executeCommand( "/sbin/sysctl -w fs.suid_dumpable=1"): debug = "Unable to set incorrect value for fs.suid_dumpable" self.logger.log(LogPriority.DEBUG, debug) success = False elif not self.ch.executeCommand("/sbin/sysctl -q -e -p"): debug = "Unable to set incorrect value for fs.suid_dumpable" self.logger.log(LogPriority.DEBUG, debug) success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: Ekkehard J. Koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: Ekkehard J. Koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: Ekkehard J. Koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success