class zzzTestRuleDisableCamera(RuleTest):
def setUp(self):
'''
@change: Breen Malmberg - 06102015 - updated self.cmd and paths to work
with updated unit test functionality
'''
RuleTest.setUp(self)
self.rule = DisableCamera(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.cmd = 'chmod a+r '
self.paths = ['/System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/QuickTimeUSBVDCDigitizer',
'/System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC',
'/System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC',
'/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC',
'/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera']
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
@change: Breen Malmberg - 06102015 - changed this method to reflect
the new functionality of DisableCamera.py
'''
success = True
for path in self.paths:
if os.path.exists(path):
self.ch.executeCommand(self.cmd + path)
error = self.ch.getErrorString()
if error:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestRuleSetSSCorners(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = SetSSCorners(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
success = True
self.cmdhelper = CommandHelper(self.logdispatch)
optdict = {"wvous-tr-corner": 6}
cmd = 'defaults write ' + '\"' + self.environ.geteuidhome() + '/Library/Preferences/com.apple.dock.plist\" '
for item in optdict:
self.cmdhelper.executeCommand(cmd + item + ' -int ' + str(optdict[item]))
errout = self.cmdhelper.getErrorString()
if errout:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestDisableAFPFileSharing(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableAFPFileSharing(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.cmdhelper = CommandHelper(self.logdispatch)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
success = True
try:
cmd = '/bin/launchctl enable system/com.apple.AppleFileServer'
self.cmdhelper.executeCommand(cmd)
retcode = self.cmdhelper.getReturnCode()
if retcode != 0:
errstr = self.cmdhelper.getErrorString()
self.logdispatch.log(LogPriority.DEBUG, errstr)
success = False
except Exception:
raise
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class MacOSUser(ManageUser):
"""
Class to manage users on Mac OS.
@method findUniqueUid
@method setUserShell
@method setUserComment
@method setUserUid
@method setUserPriGid
@method setUserHomeDir
@method addUserToGroup
@method rmUserFromGroup
@method setUserPassword
@method setUserLoginKeychainPassword
@method createHomeDirectory
@method rmUser
@method rmUserHome
@author: Roy Nielsen
"""
def __init__(self, userName="", userShell="/bin/bash",
userComment="", userUid=1000, userPriGid=20,
userHomeDir="/tmp", logger=False):
super(MacOSUser, self).__init__(userName, userShell,
userComment, userUid, userPriGid,
userHomeDir, logger)
self.module_version = '20160225.125554.540679'
self.dscl = "/usr/bin/dscl"
self.cmdh = CommandHelper(self.logger)
#----------------------------------------------------------------------
def createStandardUser(self, userName, password):
"""
Creates a user that has the "next" uid in line to be used, then puts
in in a group of the same id. Uses /bin/bash as the standard shell.
The userComment is left empty. Primary use is managing a user
during test automation, when requiring a "user" context.
It does not set a login keychain password as that is created on first
login to the GUI.
@author: Roy Nielsen
"""
self.createBasicUser(userName)
newUserID = self.findUniqueUid()
newUserGID = newUserID
self.setUserUid(userName, newUserID)
self.setUserPriGid(userName, newUserID)
self.setUserHomeDir(userName)
self.setUserShell(userName, "/bin/bash")
self.setUserPassword(userName, password)
#####
# Don't need to set the user login keychain password as it should be
# created on first login.
#----------------------------------------------------------------------
def setDscl(self, directory=".", action="", object="", property="", value=""):
"""
Using dscl to set a value in a directory...
@author: Roy Nielsen
"""
success = False
reterr = ""
if directory and action and object and property and value:
cmd = [self.dscl, directory, action, object, property, value]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise DsclError("Error trying to set a value with dscl (" + \
str(reterr).strip() + ")")
return success
def getDscl(self, directory="", action="", dirobj="", property=""):
"""
Using dscl to retrieve a value from the directory
@author: Roy Nielsen
"""
success = False
reterr = ""
retval = ""
#####
# FIRST VALIDATE INPUT!!
if isinstance(directory, basestring) and re.match("^[/\.][A-Za-z0-9/]*", directory):
success = True
else:
success = False
if isinstance(action, basestring) and re.match("^[-]*[a-z]+", action) and success:
success = True
else:
success = False
if isinstance(dirobj, basestring) and re.match("^[A-Za-z0=9/]+", dirobj) and success:
success = True
else:
success = False
if isinstance(property, basestring) and re.match("^[A-Za-z0-9]+", property) and success:
success = True
else:
success = False
#####
# Now do the directory lookup.
if success:
cmd = [self.dscl, directory, action, object, property]
self.cmdh.executeCommand(cmd)
retval = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if reterr:
raise DsclError("Error trying to get a value with dscl (" + \
str(reterr).strip() + ")")
return ("\n").join(retval)
def findUniqueUid(self):
"""
We need to make sure to find an unused uid (unique ID) for the user,
$ dscl . -list /Users UniqueID
will list all the existing users, an unused number above 500 is good.
@author: Roy Nielsen
"""
success = False
maxUserID = 0
newUserID = 0
userList = self.getDscl(".", "-list", "/Users", "UniqueID")
#####
# Sort the list, add one to the highest value and return that
# value
for user in str(userList).split("\n"):
if int(user.split()[1]) > maxUserID:
maxUserID = int(user.split()[1])
newUserID = str(int(maxUserID + 1))
return newUserID
#----------------------------------------------------------------------
def uidTaken(self, uid):
"""
See if the UID requested has been taken. Only approve uid's over 1k
$ dscl . -list /Users UniqueID
@author: Roy Nielsen
"""
uidList = []
success = False
userList = self.getDscl(".", "-list", "/Users", "UniqueID")
#####
# Sort the list, add one to the highest value and return that
# value
for user in str(userList).split("\n"):
uidList.append(str(user.split()[1]))
if str(uid) in uidList:
success = True
return success
#----------------------------------------------------------------------
def createBasicUser(self, userName=""):
"""
Create a username with just a moniker. Allow the system to take care of
the rest.
Only allow usernames with letters and numbers.
On the MacOS platform, all other steps must also be done.
@author: Roy Nielsen
"""
success = False
reterr = ""
if isinstance(userName, basestring)\
and re.match("^[A-Za-z][A-Za-z0-9]*$", userName):
cmd = [self.dscl, ".", "-create", "/Users/" + str(userName)]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise DsclError("Error trying to set a value with dscl (" + \
str(reterr).strip() + ")")
return success
#----------------------------------------------------------------------
def setUserShell(self, user="", shell=""):
"""
dscl . -create /Users/luser UserShell /bin/bash
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user) and self.isSaneUserShell(shell):
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"UserShell", str(shell))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserComment(self, user="", comment=""):
"""
dscl . -create /Users/luser RealName "Real A. Name"
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user) and comment:
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"RealName", str(comment))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserUid(self, user="", uid=""):
"""
dscl . -create /Users/luser UniqueID "503"
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user) and uid:
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"UniqueID", str(uid))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserPriGid(self, user="", priGid=""):
"""
dscl . -create /Users/luser PrimaryGroupID 20
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user) and priGid:
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"PrimaryGroupID", str(priGid))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserHomeDir(self, user="", userHome=""):
"""
Create a "local" home directory
dscl . -create /Users/luser NFSHomeDirectory /Users/luser
better yet:
createhomedir -l -u <username>
@author: Roy Nielsen
"""
success = False
#####
# Creating a non-standard userHome is not currently permitted
#if self.saneUserName(user) and self.saneUserHomeDir(userHome):
if self.isSaneUserName(user):
isSetDSCL = self.setDscl(".", "-create", "/Users/" + str(user),
"NFSHomeDirectory", str("/Users/" + str(user)))
if isSetDSCL:
success = True
return success
#----------------------------------------------------------------------
def createHomeDirectory(self, user=""):
"""
createhomedir -c -u luser
This should use the system "User Template" for standard system user
settings.
@author: Roy Nielsen
"""
success = False
reterr = ""
if user:
cmd = ["/usr/sbin/createhomedir", "-c", " -u", + str(user)]
self.cmdh.executeCommand(cmd)
self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise CreateHomeDirError("Error trying to create user home (" + \
str(reterr).strip() + ")")
return success
#----------------------------------------------------------------------
def addUserToGroup(self, user="", group=""):
"""
dscl . -append /Groups/admin GroupMembership luser
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user) and self.isSaneGroupName(group):
isSetDSCL = self.setDscl(".", "-append", "/Groups/" + str(group),
"GroupMembership", str(user))
if isSetDSCL:
success = True
return success
#----------------------------------------------------------------------
def rmUserFromGroup(self, user="", group=""):
"""
"""
success = False
if self.isSaneUserName(user) and self.isSaneGroupName(group):
isSetDSCL = self.setDscl(".", "-delete", "/Groups/" + str(group),
"GroupMembership", str(user))
if isSetDSCL:
success = True
return success
#----------------------------------------------------------------------
def setUserPassword(self, user="", password=""):
"""
dscl . -passwd /Users/luser password
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user) and isinstance(password, basestring):
isSetDSCL = self.setDscl("."", -passwd", "/Users/" + str(user),
password)
if not isSetDSCL:
success = False
else:
success = True
return success
#----------------------------------------------------------------------
def setUserLoginKeychainPassword(self, user="", password=""):
"""
Use the "security" command to set the login keychain. If it has not
been created, create the login keychain.
Needs research.. Not sure if a sudo'd admin can use the security
command to change another user's keychain password...
possibly:
security set-keychain-password -o oldpassword -p newpassword file.keychain
where file.keychain is the default login.keychain of another user?
@author: Roy Nielsen
"""
pass
"""
self.sec = "/usr/bin/security"
success = False
keychainpath = ""
if self.isSaneUserName(user) and isinstance(password, basestring):
pass
#####
# Input validation
#####
# Check if login keychain exists
#####
# if it does not exist, create it
if not os.path.exists(keychainpath):
cmd = ["Create Keychain Command Here"]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
self.logger.log(lp.INFO, "Unsuccessful attempt to create the " + \
"keychain...(" + str(reterr) + ")")
#####
# else set the login keychain password
pass
"""
#----------------------------------------------------------------------
def rmUser(self, user=""):
"""
dscl . delete /Users/<user>
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user):
cmd = [self.dscl, ".", "-delete", "/Users/" + str(user)]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise Exception("Error trying to remove a user (" + \
str(reterr).strip() + ")")
return success
#----------------------------------------------------------------------
def rmUserHome(self, user=""):
"""
Remove the user home... right now only default location, but should
look up the user home in the directory service and remove that
specifically.
@author: Roy Nielsen
"""
success = False
if self.isSaneUserName(user):
#####
#
# ***** WARNING WILL ROBINSON *****
#
# Please refactor to do a lookup of the user in the directory
# service, and use the home directory specified there..
#
try:
shutil.rmtree("/Users/" + str(user))
except IOError or OSError, err:
self.logger.log(lp.INFO, "Exception trying to remove user home...")
self.logger.log(lp.INFO, "Exception: " + str(err))
raise err
else:
success = True
return success
class zzzTestRuleDisableCamera(RuleTest):
def setUp(self):
'''
@change: Breen Malmberg - 06102015 - updated self.cmd and paths to work
with updated unit test functionality
'''
RuleTest.setUp(self)
self.rule = DisableCamera(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.cmd = 'chmod a+r '
self.paths = [
'/System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/QuickTimeUSBVDCDigitizer',
'/System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC',
'/System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC',
'/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC',
'/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera'
]
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
@change: Breen Malmberg - 06102015 - changed this method to reflect
the new functionality of DisableCamera.py
'''
success = True
for path in self.paths:
if os.path.exists(path):
self.ch.executeCommand(self.cmd + path)
error = self.ch.getErrorString()
if error:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestDisableAFPFileSharing(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableAFPFileSharing(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.cmdhelper = CommandHelper(self.logdispatch)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
success = True
try:
cmd = '/bin/launchctl enable system/com.apple.AppleFileServer'
self.cmdhelper.executeCommand(cmd)
retcode = self.cmdhelper.getReturnCode()
if retcode != 0:
errstr = self.cmdhelper.getErrorString()
self.logdispatch.log(LogPriority.DEBUG, errstr)
success = False
except Exception:
raise
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''check on whether report was correct
:param self: essential if you override this definition
:param pCompliance: the self.iscompliant value of rule
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''check on whether fix was correct
:param self: essential if you override this definition
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''check on whether undo was correct
:param self: essential if you override this definition
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestDisableAFPFileSharing(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableAFPFileSharing(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.cmdhelper = CommandHelper(self.logdispatch)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
'''
success = True
try:
afpfile = '/System/Library/LaunchDaemons/com.apple.AppleFileSharing.plist'
cmd = 'defaults write ' + afpfile + ' Disabled -bool False'
self.cmdhelper.executeCommand(cmd)
errout = self.cmdhelper.getErrorString()
if errout:
success = False
except Exception:
raise
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestRuleNoCoreDumps(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = NoCoreDumps(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.logger = self.logdispatch
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.checkUndo = True
self.ch = CommandHelper(self.logger)
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
"""
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
"""
success = True
if self.environ.getosfamily() == "linux":
if not self.setLinuxConditions():
success = False
elif self.environ.getostype() == "mac":
if not self.setMacConditions():
success = False
return success
def setMacConditions(self):
success = True
self.ch.executeCommand("/usr/bin/launchctl limit core")
retcode = self.ch.getReturnCode()
if retcode != 0:
self.detailedresults += "\nFailed to run launchctl command to get current value of core dumps configuration"
errmsg = self.ch.getErrorString()
self.logger.log(LogPriority.DEBUG, errmsg)
else:
output = self.ch.getOutputString()
if output:
if not re.search("1", output):
self.ch.executeCommand("/usr/bin/launchctl limit core 1 1")
def setLinuxConditions(self):
success = True
path1 = "/etc/security/limits.conf"
if os.path.exists(path1):
lookfor1 = "(^\*)\s+hard\s+core\s+0?"
contents = readFile(path1, self.logger)
if contents:
tempstring = ""
for line in contents:
if not re.search(lookfor1, line.strip()):
tempstring += line
if not writeFile(path1, tempstring, self.logger):
debug = "unable to write incorrect contents to " + path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
if checkPerms(path1, [0, 0, 0o644], self.logger):
if not setPerms(path1, [0, 0, 0o777], self.logger):
debug = "Unable to set incorrect permissions on " + path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
success = False
else:
debug = "successfully set incorrect permissions on " + path1 + "\n"
self.logger.log(LogPriority.DEBUG, debug)
self.ch.executeCommand("/sbin/sysctl fs.suid_dumpable")
retcode = self.ch.getReturnCode()
if retcode != 0:
self.detailedresults += "Failed to get value of core dumps configuration with sysctl command\n"
errmsg = self.ch.getErrorString()
self.logger.log(LogPriority.DEBUG, errmsg)
success = False
else:
output = self.ch.getOutputString()
if output.strip() != "fs.suid_dumpable = 1":
if not self.ch.executeCommand("/sbin/sysctl -w fs.suid_dumpable=1"):
debug = "Unable to set incorrect value for fs.suid_dumpable"
self.logger.log(LogPriority.DEBUG, debug)
success = False
elif not self.ch.executeCommand("/sbin/sysctl -p"):
debug = "Unable to set incorrect value for fs.suid_dumpable"
self.logger.log(LogPriority.DEBUG, debug)
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
"""
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
"""
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
"""
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
"""
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
"""
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
"""
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestReqPassSysPref(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = ReqPassSysPref(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.cmdhelper = CommandHelper(self.logdispatch)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
success = True
setuplist = ["system.preferences", "system.preferences.accessibility",
"system.preferences.accounts", "system.preferences.datetime",
"system.preferences.energysaver", "system.preferences.location",
"system.preferences.network", "system.preferences.nvram",
"system.preferences.parental-controls", "system.preferences.printing",
"system.preferences.security", "system.preferences.security.remotepair",
"system.preferences.sharing", "system.preferences.softwareupdate",
"system.preferences.startupdisk", "system.preferences.timemachine",
"system.preferences.version-cue"]
plistfile = "/System/Library/Security/authorization.plist"
plistbuddy = "/usr/libexec/PlistBuddy"
for option in setuplist:
self.cmdhelper.executeCommand(plistbuddy + " -c 'Set rights:" + option + ":shared 1 " + plistfile)
errorout = self.cmdhelper.getErrorString()
if errorout:
if re.search("Does Not Exist", errorout):
self.cmdhelper.executeCommand(plistbuddy + " -c 'Add rights:" + option + ":shared bool true " + plistfile)
erradd = self.cmdhelper.getErrorString()
if erradd:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestRuleSetSSCorners(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = SetSSCorners(self.config, self.environ, self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
"""
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
"""
success = True
self.cmdhelper = CommandHelper(self.logdispatch)
optdict = {"wvous-tr-corner": 6}
cmd = "defaults write " + '"' + self.environ.geteuidhome() + '/Library/Preferences/com.apple.dock.plist" '
for item in optdict:
self.cmdhelper.executeCommand(cmd + item + " -int " + str(optdict[item]))
errout = self.cmdhelper.getErrorString()
if errout:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
"""
check on whether report was correct
@param self: essential if you override this definition
@param pCompliance: the self.iscompliant value of rule
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
"""
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
"""
check on whether fix was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
"""
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
"""
check on whether undo was correct
@param self: essential if you override this definition
@param pRuleSuccess: did report run successfully
@return: boolean - If successful True; If failure False
@author: Breen Malmberg
"""
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".")
success = True
return success
class MacOSUser(ManageUser):
'''Class to manage users on Mac OS.
@method findUniqueUid
@method setUserShell
@method setUserComment
@method setUserUid
@method setUserPriGid
@method setUserHomeDir
@method addUserToGroup
@method rmUserFromGroup
@method setUserPassword
@method setUserLoginKeychainPassword
@method createHomeDirectory
@method rmUser
@method rmUserHome
@author: Roy Nielsen
'''
def __init__(self,
userName="",
userShell="/bin/bash",
userComment="",
userUid=1000,
userPriGid=20,
userHomeDir="/tmp",
logger=False):
super(MacOSUser,
self).__init__(userName, userShell, userComment, userUid,
userPriGid, userHomeDir, logger)
self.module_version = '20160225.125554.540679'
self.dscl = "/usr/bin/dscl"
self.cmdh = CommandHelper(self.logger)
#----------------------------------------------------------------------
def createStandardUser(self, userName, password):
'''Creates a user that has the "next" uid in line to be used, then puts
in in a group of the same id. Uses /bin/bash as the standard shell.
The userComment is left empty. Primary use is managing a user
during test automation, when requiring a "user" context.
It does not set a login keychain password as that is created on first
login to the GUI.
@author: Roy Nielsen
:param userName:
:param password:
'''
self.createBasicUser(userName)
newUserID = self.findUniqueUid()
newUserGID = newUserID
self.setUserUid(userName, newUserID)
self.setUserPriGid(userName, newUserID)
self.setUserHomeDir(userName)
self.setUserShell(userName, "/bin/bash")
self.setUserPassword(userName, password)
#####
# Don't need to set the user login keychain password as it should be
# created on first login.
#----------------------------------------------------------------------
def setDscl(self,
directory=".",
action="",
object="",
property="",
value=""):
'''Using dscl to set a value in a directory...
@author: Roy Nielsen
:param directory: (Default value = ".")
:param action: (Default value = "")
:param object: (Default value = "")
:param property: (Default value = "")
:param value: (Default value = "")
'''
success = False
reterr = ""
if directory and action and object and property and value:
cmd = [self.dscl, directory, action, object, property, value]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise DsclError("Error trying to set a value with dscl (" + \
str(reterr).strip() + ")")
return success
def getDscl(self, directory="", action="", dirobj="", property=""):
'''Using dscl to retrieve a value from the directory
@author: Roy Nielsen
:param directory: (Default value = "")
:param action: (Default value = "")
:param dirobj: (Default value = "")
:param property: (Default value = "")
'''
success = False
reterr = ""
retval = ""
#####
# FIRST VALIDATE INPUT!!
if isinstance(directory, str) and re.match("^[/\.][A-Za-z0-9/]*",
directory):
success = True
else:
success = False
if isinstance(action, str) and re.match("^[-]*[a-z]+",
action) and success:
success = True
else:
success = False
if isinstance(dirobj, str) and re.match("^[A-Za-z0=9/]+",
dirobj) and success:
success = True
else:
success = False
if isinstance(property, str) and re.match("^[A-Za-z0-9]+",
property) and success:
success = True
else:
success = False
#####
# Now do the directory lookup.
if success:
cmd = [self.dscl, directory, action, object, property]
self.cmdh.executeCommand(cmd)
retval = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if reterr:
raise DsclError("Error trying to get a value with dscl (" + \
str(reterr).strip() + ")")
return ("\n").join(retval)
def findUniqueUid(self):
'''We need to make sure to find an unused uid (unique ID) for the user,
$ dscl . -list /Users UniqueID
will list all the existing users, an unused number above 500 is good.
@author: Roy Nielsen
'''
success = False
maxUserID = 0
newUserID = 0
userList = self.getDscl(".", "-list", "/Users", "UniqueID")
#####
# Sort the list, add one to the highest value and return that
# value
for user in str(userList).split("\n"):
if int(user.split()[1]) > maxUserID:
maxUserID = int(user.split()[1])
newUserID = str(int(maxUserID + 1))
return newUserID
#----------------------------------------------------------------------
def uidTaken(self, uid):
'''See if the UID requested has been taken. Only approve uid's over 1k
$ dscl . -list /Users UniqueID
@author: Roy Nielsen
:param uid:
'''
uidList = []
success = False
userList = self.getDscl(".", "-list", "/Users", "UniqueID")
#####
# Sort the list, add one to the highest value and return that
# value
for user in str(userList).split("\n"):
uidList.append(str(user.split()[1]))
if str(uid) in uidList:
success = True
return success
#----------------------------------------------------------------------
def createBasicUser(self, userName=""):
'''Create a username with just a moniker. Allow the system to take care of
the rest.
Only allow usernames with letters and numbers.
On the MacOS platform, all other steps must also be done.
@author: Roy Nielsen
:param userName: (Default value = "")
'''
success = False
reterr = ""
if isinstance(userName, str)\
and re.match("^[A-Za-z][A-Za-z0-9]*$", userName):
cmd = [self.dscl, ".", "-create", "/Users/" + str(userName)]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise DsclError("Error trying to set a value with dscl (" + \
str(reterr).strip() + ")")
return success
#----------------------------------------------------------------------
def setUserShell(self, user="", shell=""):
'''dscl . -create /Users/luser UserShell /bin/bash
@author: Roy Nielsen
:param user: (Default value = "")
:param shell: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and self.isSaneUserShell(shell):
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"UserShell", str(shell))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserComment(self, user="", comment=""):
'''dscl . -create /Users/luser RealName "Real A. Name"
@author: Roy Nielsen
:param user: (Default value = "")
:param comment: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and comment:
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"RealName", str(comment))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserUid(self, user="", uid=""):
'''dscl . -create /Users/luser UniqueID "503"
@author: Roy Nielsen
:param user: (Default value = "")
:param uid: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and uid:
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"UniqueID", str(uid))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserPriGid(self, user="", priGid=""):
'''dscl . -create /Users/luser PrimaryGroupID 20
@author: Roy Nielsen
:param user: (Default value = "")
:param priGid: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and priGid:
isSetDSL = self.setDscl(".", "-create", "/Users/" + str(user),
"PrimaryGroupID", str(priGid))
if isSetDSL:
success = True
return success
#----------------------------------------------------------------------
def setUserHomeDir(self, user="", userHome=""):
'''Create a "local" home directory
dscl . -create /Users/luser NFSHomeDirectory /Users/luser
better yet:
createhomedir -l -u <username>
@author: Roy Nielsen
:param user: (Default value = "")
:param userHome: (Default value = "")
'''
success = False
#####
# Creating a non-standard userHome is not currently permitted
#if self.saneUserName(user) and self.saneUserHomeDir(userHome):
if self.isSaneUserName(user):
isSetDSCL = self.setDscl(".", "-create", "/Users/" + str(user),
"NFSHomeDirectory",
str("/Users/" + str(user)))
if isSetDSCL:
success = True
return success
#----------------------------------------------------------------------
def createHomeDirectory(self, user=""):
'''createhomedir -c -u luser
This should use the system "User Template" for standard system user
settings.
@author: Roy Nielsen
:param user: (Default value = "")
'''
success = False
reterr = ""
if user:
cmd = ["/usr/sbin/createhomedir", "-c", " -u", +str(user)]
self.cmdh.executeCommand(cmd)
self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise CreateHomeDirError("Error trying to create user home (" + \
str(reterr).strip() + ")")
return success
#----------------------------------------------------------------------
def addUserToGroup(self, user="", group=""):
'''dscl . -append /Groups/admin GroupMembership luser
@author: Roy Nielsen
:param user: (Default value = "")
:param group: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and self.isSaneGroupName(group):
isSetDSCL = self.setDscl(".", "-append", "/Groups/" + str(group),
"GroupMembership", str(user))
if isSetDSCL:
success = True
return success
#----------------------------------------------------------------------
def rmUserFromGroup(self, user="", group=""):
'''
:param user: (Default value = "")
:param group: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and self.isSaneGroupName(group):
isSetDSCL = self.setDscl(".", "-delete", "/Groups/" + str(group),
"GroupMembership", str(user))
if isSetDSCL:
success = True
return success
#----------------------------------------------------------------------
def setUserPassword(self, user="", password=""):
'''dscl . -passwd /Users/luser password
@author: Roy Nielsen
:param user: (Default value = "")
:param password: (Default value = "")
'''
success = False
if self.isSaneUserName(user) and isinstance(password, str):
isSetDSCL = self.setDscl("."
", -passwd", "/Users/" + str(user),
password)
if not isSetDSCL:
success = False
else:
success = True
return success
#----------------------------------------------------------------------
def setUserLoginKeychainPassword(self, user="", password=""):
'''Use the "security" command to set the login keychain. If it has not
been created, create the login keychain.
Needs research.. Not sure if a sudo'd admin can use the security
command to change another user's keychain password...
possibly:
security set-keychain-password -o oldpassword -p newpassword file.keychain
where file.keychain is the default login.keychain of another user?
@author: Roy Nielsen
:param user: (Default value = "")
:param password: (Default value = "")
'''
pass
"""
self.sec = "/usr/bin/security"
success = False
keychainpath = ""
if self.isSaneUserName(user) and isinstance(password, str):
pass
#####
# Input validation
#####
# Check if login keychain exists
#####
# if it does not exist, create it
if not os.path.exists(keychainpath):
cmd = ["Create Keychain Command Here"]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
self.logger.log(lp.INFO, "Unsuccessful attempt to create the " + \
"keychain...(" + str(reterr) + ")")
#####
# else set the login keychain password
pass
"""
#----------------------------------------------------------------------
def rmUser(self, user=""):
'''dscl . delete /Users/<user>
@author: Roy Nielsen
:param user: (Default value = "")
'''
success = False
if self.isSaneUserName(user):
cmd = [self.dscl, ".", "-delete", "/Users/" + str(user)]
self.cmdh.executeCommand(cmd)
output = self.cmdh.getOutput()
reterr = self.cmdh.getErrorString()
if not reterr:
success = True
else:
raise Exception("Error trying to remove a user (" + \
str(reterr).strip() + ")")
return success
#----------------------------------------------------------------------
def rmUserHome(self, user=""):
'''Remove the user home... right now only default location, but should
look up the user home in the directory service and remove that
specifically.
@author: Roy Nielsen
:param user: (Default value = "")
'''
success = False
if self.isSaneUserName(user):
#####
#
# ***** WARNING WILL ROBINSON *****
#
# Please refactor to do a lookup of the user in the directory
# service, and use the home directory specified there..
#
try:
shutil.rmtree("/Users/" + str(user))
except IOError or OSError as err:
self.logger.log(lp.INFO,
"Exception trying to remove user home...")
self.logger.log(lp.INFO, "Exception: " + str(err))
raise err
else:
success = True
return success
#----------------------------------------------------------------------
def validateUser(self,
userName=False,
userShell=False,
userComment=False,
userUid=False,
userPriGid=False,
userHomeDir=False):
'''Future functionality... validate that the passed in parameters to the
class instanciation match.
@author:
:param userName: (Default value = False)
:param userShell: (Default value = False)
:param userComment: (Default value = False)
:param userUid: (Default value = False)
:param userPriGid: (Default value = False)
:param userHomeDir: (Default value = False)
'''
sane = False
#####
# Look up all user attributes and check that they are accurate.
# Only check the "SANE" parameters passed in.
if self.isSaneUserName(userName):
self.userName = userName
sane = True
else:
raise BadUserInfoError("Need a valid user name...")
if self.isSaneUserShell(userShell) and sane:
self.userShell = userShell
elif not userShell:
pass
else:
sane = False
if self.isSaneUserComment(userComment) and sane:
self.userComment = userComment
elif not userComment:
pass
else:
sane = False
if self.isSaneUserUid(str(userUid)) and sane:
self.userUid = self.userUid
elif not userUid:
pass
else:
sane = False
if self.isSaneUserPriGid(str(userPriGid)) and sane:
self.userUid = userUid
elif not userPriGid:
pass
else:
sane = False
if self.isSaneUserHomeDir(userHomeDir) and sane:
self.userHomeDir = userHomeDir
elif not userHomeDir:
pass
else:
sane = False
return sane
#----------------------------------------------------------------------
def getUser(self, userName=""):
'''
:param userName: (Default value = "")
'''
userInfo = False
if self.isSaneUserName(userName):
output = self.getDscl(".", "read", "/Users/" + str(userName),
"RecordName")
try:
userInfo = output.split()[1]
except (KeyError, IndexError) as err:
self.logger.log(lp.INFO, "Error attempting to find user" + \
str(userName) + " in the " + \
"directory service.")
else:
raise BadUserInfoError("Need a valid user name...")
return userInfo
#----------------------------------------------------------------------
def getUserShell(self, userName=""):
'''
:param userName: (Default value = "")
'''
userShell = False
if self.isSaneUserName(userName):
output = self.getDscl(".", "read", "/Users/" + str(userName),
"UserShell")
try:
userShell = output.split()[1]
except (KeyError, IndexError) as err:
self.logger.log(lp.INFO, "Error attempting to find user" + \
str(userName) + " in the " + \
"directory service.")
else:
raise BadUserInfoError("Need a valid user name...")
return userShell
#----------------------------------------------------------------------
def getUserComment(self, userName=""):
'''
:param userName: (Default value = "")
'''
userComment = False
if self.isSaneUserName(userName):
#####
# Need to process the output to get the right information due to a
# spurrious "\n" in the output
output = self.getDscl(".", "read", "/Users/" + str(userName),
"RealName")
try:
userComment = output[1]
except (KeyError, IndexError) as err:
self.logger.log(lp.INFO, "Error attempting to find user" + \
str(userName) + " in the " + \
"directory service.")
else:
raise BadUserInfoError("Need a valid user name...")
return userComment
#----------------------------------------------------------------------
def getUserUid(self, userName=""):
'''
:param userName: (Default value = "")
'''
userUid = False
if self.isSaneUserName(userName):
output = self.getDscl(".", "read", "/Users/" + str(userName),
"UniqueID")
#####
# Process to get out the right information....
try:
userUid = output.split()[1]
except (KeyError, IndexError) as err:
self.logger.log(lp.INFO, "Error attempting to find user" + \
str(userName) + " in the " + \
"directory service.")
else:
raise BadUserInfoError("Need a valid user name...")
return userUid
#----------------------------------------------------------------------
def getUserPriGid(self, userName=""):
'''
:param userName: (Default value = "")
'''
userPriGid = False
if self.isSaneUserName(userName):
output = self.getDscl(".", "read", "/Users/" + str(userName),
"PrimaryGroupID")
#####
# Process to get out the right information....
try:
userPriGid = output.split()[1]
except (KeyError, IndexError) as err:
self.logger.log(lp.INFO, "Error attempting to find user" + \
str(userName) + " in the " + \
"directory service.")
else:
raise BadUserInfoError("Need a valid user name...")
return userPriGid
#----------------------------------------------------------------------
def getUserHomeDir(self, userName=""):
'''
:param userName: (Default value = "")
'''
userHomeDir = False
if self.isSaneUserName(userName):
output = self.getDscl(".", "read", "/Users/" + str(userName),
"NFSHomeDirectory")
#####
# Process to get out the right information....
try:
userHomeDir = output.split()[1]
except (KeyError, IndexError) as err:
self.logger.log(lp.INFO, "Error attempting to find user" + \
str(userName) + " in the " + \
"directory service.")
else:
raise BadUserInfoError("Need a valid user name...")
return userHomeDir
#----------------------------------------------------------------------
def isUserInstalled(self, user=""):
'''Check if the user "user" is installed
@author Roy Nielsen
:param user: (Default value = "")
'''
success = False
if self.isSaneUserName(user):
cmd = [self.dscl, ".", "-read", "/Users/" + str(user)]
self.runWith.setCommand(cmd)
self.runWith.communicate()
retval, reterr, retcode = self.runWith.getNlogReturns()
if not reterr:
success = True
return success
#----------------------------------------------------------------------
def isUserInGroup(self, userName="", groupName=""):
'''Check if this user is in this group
@author: Roy Nielsen
:param userName: (Default value = "")
:param groupName: (Default value = "")
'''
success = False
if self.isSaneUserName(userName) and self.isSaneGroupName(groupName):
output = self.getDscl(".", "read", "/Groups/" + groupName, "users")
users = output.split()[:-1]
if userName in users:
success = True
return success
#----------------------------------------------------------------------
def fixUserHome(self, userName=""):
'''Get the user information from the local directory and fix the user
ownership and group of the user's home directory to reflect
what is in the local directory service.
@author: Roy Nielsen
:param userName: (Default value = "")
'''
success = False
if self.isSaneUserName(userName):
#####
# Acquire the user data based on the username first.
try:
userUid = self.getUserUid(userName)
userPriGid = self.getUserPriGid(userName)
userHomeDir = self.getUserHomeDir(userName)
except BadUserInfoError as err:
self.logger.log(lp.INFO, "Exception trying to find: \"" + \
str(userName) + "\" user information")
self.logger.log(lp.INFO, "err: " + str(err))
else:
success = True
if success:
try:
for root, dirs, files in os.walk(userHomeDir):
for d in dirs:
os.chown(os.path.join(root, d), userUid, userPriGid)
for f in files:
os.chown(os.path.join(root, d, f), userUid, userPriGid)
except:
success = False
self.logger.log(lp.INFO, "Exception attempting to chown...")
raise err
else:
success = True
return success
class zzzTestReqPassSysPref(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = ReqPassSysPref(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.cmdhelper = CommandHelper(self.logdispatch)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
success = True
setuplist = [
"system.preferences", "system.preferences.accessibility",
"system.preferences.accounts", "system.preferences.datetime",
"system.preferences.energysaver", "system.preferences.location",
"system.preferences.network", "system.preferences.nvram",
"system.preferences.parental-controls",
"system.preferences.printing", "system.preferences.security",
"system.preferences.security.remotepair",
"system.preferences.sharing", "system.preferences.softwareupdate",
"system.preferences.startupdisk", "system.preferences.timemachine",
"system.preferences.version-cue"
]
plistfile = "/System/Library/Security/authorization.plist"
plistbuddy = "/usr/libexec/PlistBuddy"
for option in setuplist:
self.cmdhelper.executeCommand(plistbuddy + " -c 'Set rights:" +
option + ":shared 1 " + plistfile)
errorout = self.cmdhelper.getErrorString()
if errorout:
if re.search("Does Not Exist", errorout):
self.cmdhelper.executeCommand(plistbuddy +
" -c 'Add rights:" + option +
":shared bool true " +
plistfile)
erradd = self.cmdhelper.getErrorString()
if erradd:
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''check on whether report was correct
:param self: essential if you override this definition
:param pCompliance: the self.iscompliant value of rule
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''check on whether fix was correct
:param self: essential if you override this definition
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''check on whether undo was correct
:param self: essential if you override this definition
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
class zzzTestRuleNoCoreDumps(RuleTest):
def setUp(self):
RuleTest.setUp(self)
self.rule = NoCoreDumps(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.logger = self.logdispatch
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.checkUndo = True
self.ch = CommandHelper(self.logger)
def tearDown(self):
pass
def runTest(self):
self.simpleRuleTest()
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
'''
success = True
if self.environ.getosfamily() == "linux":
if not self.setLinuxConditions():
success = False
elif self.environ.getostype() == "mac":
if not self.setMacConditions():
success = False
return success
def setMacConditions(self):
success = True
self.ch.executeCommand("/usr/bin/launchctl limit core")
retcode = self.ch.getReturnCode()
if retcode != 0:
debug = "Failed to run launchctl command to get current value of core dumps configuration\n"
debug += self.ch.getErrorString()
self.logger.log(LogPriority.DEBUG, debug)
else:
output = self.ch.getOutputString()
if output:
if not re.search("1", output):
self.ch.executeCommand("/usr/bin/launchctl limit core 1 1")
def setLinuxConditions(self):
success = True
debug = ""
path1 = "/etc/security/limits.conf"
if os.path.exists(path1):
lookfor1 = "(^\*)\s+hard\s+core\s+0?"
contents = readFile(path1, self.logger)
if contents:
tempstring = ""
for line in contents:
if not re.search(lookfor1, line.strip()):
tempstring += line
if not writeFile(path1, tempstring, self.logger):
debug = "unable to write incorrect contents to " + path1
self.logger.log(LogPriority.DEBUG, debug)
success = False
if not checkPerms(path1, [0, 0, 0o777], self.logger):
if not setPerms(path1, [0, 0, 0o777], self.logger):
debug = "Unable to set incorrect permissions on " + path1
self.logger.log(LogPriority.DEBUG, debug)
success = False
else:
debug = "successfully set incorrect permissions on " + path1
self.logger.log(LogPriority.DEBUG, debug)
sysctl = "/etc/sysctl.conf"
tmpfile = sysctl + ".tmp"
editor = KVEditorStonix(self.statechglogger, self.logger, "conf",
sysctl, tmpfile, {"fs.suid_dumpable": "1"},
"present", "openeq")
if not checkPerms(sysctl, [0, 0, 0o777], self.logger):
if not setPerms(sysctl, [0, 0, 0o777], self.logger):
debug = "Unable to set incorrect permissions on " + path1
self.logger.log(LogPriority.DEBUG, debug)
success = False
else:
debug = "successfully set incorrect permissions on " + path1
self.logger.log(LogPriority.DEBUG, debug)
if not editor.report():
if not editor.fix():
success = False
debug = "Unable to set conditions for /etc/sysctl.conf file"
self.logger.log(LogPriority.DEBUG, debug)
elif not editor.commit():
success = False
debug = "Unable to set conditions for /etc/sysctl.conf file"
self.logger.log(LogPriority.DEBUG, debug)
self.ch.executeCommand("/sbin/sysctl fs.suid_dumpable")
retcode = self.ch.getReturnCode()
if retcode != 0:
debug = "Failed to get value of core dumps configuration with sysctl command"
debug += self.ch.getErrorString()
self.logger.log(LogPriority.DEBUG, debug)
success = False
else:
output = self.ch.getOutputString()
if output.strip() != "fs.suid_dumpable = 1":
if not self.ch.executeCommand(
"/sbin/sysctl -w fs.suid_dumpable=1"):
debug = "Unable to set incorrect value for fs.suid_dumpable"
self.logger.log(LogPriority.DEBUG, debug)
success = False
elif not self.ch.executeCommand("/sbin/sysctl -q -e -p"):
debug = "Unable to set incorrect value for fs.suid_dumpable"
self.logger.log(LogPriority.DEBUG, debug)
success = False
return success
def checkReportForRule(self, pCompliance, pRuleSuccess):
'''check on whether report was correct
:param self: essential if you override this definition
:param pCompliance: the self.iscompliant value of rule
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \
str(pCompliance) + ".")
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkFixForRule(self, pRuleSuccess):
'''check on whether fix was correct
:param self: essential if you override this definition
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
def checkUndoForRule(self, pRuleSuccess):
'''check on whether undo was correct
:param self: essential if you override this definition
:param pRuleSuccess: did report run successfully
:returns: boolean - If successful True; If failure False
@author: Ekkehard J. Koch
'''
self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \
str(pRuleSuccess) + ".")
success = True
return success
