def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getosfamily() == "darwin": command = [ "/usr/bin/defaults", "-currentHost", "write", "NSGlobalDomain", "NSDocumentSaveNewDocumentsToCloud", "-bool", "yes" ] success = self.ch.executeCommand(command) else: ph = Pkghelper(self.logdispatch, self.environ) success = ph.install("unity-lens-shopping") return success
def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Eric Ball ''' success = True ph = Pkghelper(self.logdispatch, self.environ) game = "gnuchess" if ph.checkAvailable(game): success = ph.install(game) if not success: error = "Could not install gnuchess. Please check that the " + \ "package manager cache is updated and that this PC is " + \ "online, and then attempt to run unit test again." self.logdispatch.log(LogPriority.ERROR, error) return success
def setConditionsForRule(self): """ Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Eric Ball """ success = True ph = Pkghelper(self.logdispatch, self.environ) game = "gnuchess" if ph.checkAvailable(game): success = ph.install(game) if not success: error = ( "Could not install gnuchess. Please check that the " + "package manager cache is updated and that this PC is " + "online, and then attempt to run unit test again." ) self.logdispatch.log(LogPriority.ERROR, error) return success
def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getosfamily() == "darwin": command = ["/usr/bin/defaults", "-currentHost", "write", "NSGlobalDomain", "NSDocumentSaveNewDocumentsToCloud", "-bool", "yes"] success = self.ch.executeCommand(command) else: ph = Pkghelper(self.logdispatch, self.environ) success = ph.install("unity-lens-shopping") return success
def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: Eric Ball ''' success = False ph = Pkghelper(self.logdispatch, self.environ) gamelist = ['bovo', 'gnuchess'] for game in gamelist: if ph.checkAvailable(game): if ph.install(game): success = True if not success: error = "Could not install any games for presetup in unit test. " + \ "Please check that the package manager cache is updated " + \ "and that this PC is online, and then attempt to run " + \ "unit test again." self.logdispatch.log(LogPriority.ERROR, error) return success
def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getosfamily() == "darwin": success = False osxversion = str(self.environ.getosver()) if osxversion.startswith("10.10.0") or \ osxversion.startswith("10.10.1") or \ osxversion.startswith("10.10.2") or \ osxversion.startswith("10.10.3"): debug = "Using discoveryd LaunchDaemon" self.logdispatch.log(LogPriority.DEBUG, debug) service = \ "/System/Library/LaunchDaemons/com.apple.discoveryd.plist" servicename = "com.apple.networking.discoveryd" parameter = "--no-multicast" plistText = readFile(service, self.logdispatch) newPlistText = re.sub("<string>" + parameter + "</string>", "", "".join(plistText)) success = True else: debug = "Using mDNSResponder LaunchDaemon" self.logdispatch.log(LogPriority.DEBUG, debug) service = "/System/Library/LaunchDaemons/" + \ "com.apple.mDNSResponder.plist" if osxversion.startswith("10.10"): servicename = "com.apple.mDNSResponder.reloaded" parameter = "-NoMulticastAdvertisements" else: servicename = "com.apple.mDNSResponder" parameter = "-NoMulticastAdvertisements" plistText = readFile(service, self.logdispatch) newPlistText = re.sub("<string>" + parameter + "</string>", "", "".join(plistText)) success = True self.service = service if success and self.sh.auditService(service, serviceTarget=servicename): success = writeFile(service + ".stonixtmp", "".join(plistText), self.logdispatch) success = writeFile(service, newPlistText, self.logdispatch) if success and self.sh.auditService(service, serviceTarget=servicename): success = self.sh.reloadService(service, serviceTarget=servicename) else: ph = Pkghelper(self.logdispatch, self.environ) package = "avahi-daemon" service = "avahi-daemon" if (ph.determineMgr() == "yum" or ph.determineMgr() == "dnf"): package = "avahi" path = "/etc/sysconfig/network" if os.path.exists(path): tmppath = path + ".tmp" data = {"NOZEROCONF": "yes"} editor = KVEditorStonix(self.statechglogger, self.logdispatch, "conf", path, tmppath, data, "notpresent", "closedeq") if not editor.report(): if editor.fix(): if not editor.commit(): success = False else: success = False elif ph.determineMgr() == "zypper": package = "avahi" if not ph.check(package) and ph.checkAvailable(package): success = ph.install(package) if success and not self.sh.auditService(service, serviceTarget=self.serviceTarget): self.sh.enableService(service, serviceTarget=self.serviceTarget) return success
class zzzTestRuleSecureMTA(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = SecureMTA(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) if self.environ.operatingsystem == "Mac OS X": self.isMac = True else: self.isMac = False if not self.isMac: self.ph = Pkghelper(self.logdispatch, self.environ) self.origState = [False, False, False, False] self.smPath = "/etc/mail/sendmail.cf" self.smTmp = "/tmp/" + os.path.split(self.smPath)[1] + ".utmp" self.pfPathlist = [ '/etc/postfix/main.cf', '/private/etc/postfix/main.cf', '/usr/lib/postfix/main.cf' ] self.pfPath = "" for path in self.pfPathlist: if os.path.exists(path): self.pfPath = path if self.pfPath == "": self.pfPath = "/etc/postfix/main.cf" self.pfTmp = "/tmp/" + os.path.split(self.pfPath)[1] + ".utmp" def tearDown(self): if os.path.exists(self.smTmp): os.rename(self.smTmp, self.smPath) if os.path.exists(self.pfTmp): os.rename(self.pfTmp, self.pfPath) def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True # origState variables are not currently used if not self.isMac: if self.ph.check("sendmail"): self.origState[0] = True if self.ph.check("postfix"): self.origState[1] = True if os.path.exists(self.smPath): self.origState[2] = True os.rename(self.smPath, self.smTmp) if os.path.exists(self.pfPath): self.origState[3] = True os.rename(self.pfPath, self.pfTmp) return success def testFalseFalseFalseFalse(self): if not self.isMac: if self.ph.check("sendmail"): self.ph.remove("sendmail") if self.ph.check("postfix"): self.ph.remove("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueFalseFalseFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if self.ph.check("postfix"): self.ph.remove("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueTrueFalseFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueTrueTrueFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if not os.path.exists(self.smPath): open(self.smPath, "w") if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueTrueTrueTrue(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if not os.path.exists(self.smPath): open(self.smPath, "w") if not os.path.exists(self.pfPath): open(self.pfPath, "w") self.simpleRuleTest() def testTrueFalseTrueFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if self.ph.check("postfix"): self.ph.remove("postfix") if not os.path.exists(self.smPath): open(self.smPath, "w") if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testFalseTrueFalseFalse(self): if not self.isMac: if self.ph.check("sendmail"): self.ph.remove("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testFalseTrueFalseTrue(self): if not self.isMac: if self.ph.check("sendmail"): self.ph.remove("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if not os.path.exists(self.pfPath): open(self.pfPath, "w") self.simpleRuleTest() def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleForceIdleLogout(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = ForceIdleLogout(self.config, self.environ, self.logdispatch, self.statechglogger) self.logger = self.logdispatch self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.rule.filci.updatecurrvalue(True) self.checkUndo = True self.cmdhelper = CommandHelper(self.logger) self.ph = Pkghelper(self.logger, self.environ) self.gnomesettingpath = "/etc/dconf/db/local.d/00-autologout" self.gnomelockpath = "/etc/dconf/db/local.d/locks/autologout" self.undotimeout = "" self.undoforcelogout = "" self.kdesddm = False myos = self.environ.getostype().lower() if re.search("red hat", myos) or re.search("centos", myos): self.gconf = "GConf2" else: self.gconf = "gconf2" self.timeoutci = self.rule.timeoutci.getcurrvalue() def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.osfamily == 'linux': try: self.seconds = self.timeoutci * 60 except (TypeError): debug = "FORCEIDLELOGOUTTIMEOUT value is not " + \ "valid!\n" self.logger.log(LogPriority.DEBUG, debug) return False self.kdesddm = self.ph.check("sddm") self.gnomesettingpath = "/etc/dconf/db/local.d/00-autologout" desktopmgr = False desktopmgrs = [ "gdm", "gdm3", "kdm", "kde-workspace", "sddm", "patterns-kde-kde_yast" ] if self.ph.check("gdm") or self.ph.check("gdm3"): desktopmgr = True if self.ph.check("kdm") or self.ph.check("kde-workspace")or \ self.ph.check("sddm") or self.ph.check("patterns-kde-kde_yast"): desktopmgr = True if not desktopmgr: for mgr in desktopmgrs: if self.ph.checkAvailable(mgr): if self.ph.install(mgr): desktopmgr = True if not desktopmgr: success = False debug = "Unable to install a desktop manager for testing\n" self.logger.log(LogPriority.DEBUG, debug) success = self.setgnome() success = self.setkde() elif self.environ.getosfamily() == 'darwin': if not self.setosx(): success = False return success def setgnome(self): ''' @author: dwalker @return: bool - success ''' debug = "" if self.environ.geteuid() != 0: debug = "Unable to set gnome conditions in unit " + \ "test because user is not root." success = True if os.path.exists('/etc/dconf/db/local.d'): if os.path.exists(self.gnomesettingpath): if not os.remove(self.gnomesettingpath): success = False debug = "Unable to remove " + self.gnomesettingpath + \ " for unit test preconditions\n" self.logger.log(LogPriority.DEBUG, debug) if self.ph.check(self.gconf): get = "/usr/bin/gconftool-2 --direct --config-source " + \ "xml:readwrite:/etc/gconf/gconf.xml.mandatory --get " set = "/usr/bin/gconftool-2 --direct --config-source " + \ "xml:readwrite:/etc/gconf/gconf.xml.mandatory --set " unset = "/usr/bin/gconftool-2 --direct --config-source " + \ "xml/readwrite:/etc/gconf/gconf.xml.mandatory --unset " idletimecmd = get + "/desktop/gnome/session/max_idle_time" if self.cmdhelper.executeCommand(idletimecmd): output = self.cmdhelper.getOutput() if output: try: if int(output[0].strip()) == self.seconds: timeout = int(self.seconds) + 5 idletimecmd = set + "--type integer /desktop/gnome/session/max_idle_time " + \ str(timeout) if not self.cmdhelper.executeCommand(idletimecmd): success = False debug = "Unable to set incorrect timeout value for " + \ "unit test preconditions\n" self.logger.log(LogPriority.DEBUG, debug) except (IndexError): debug = "No output to display timeout value\n" self.logger.log(LogPriority.DEBUG, debug) else: success = False debug = "Unable to obtain the timeout value\n" self.logger.log(LogPriority.DEBUG, debug) idleactcmd = get + "/desktop/gnome/session/max_idle_action" if self.cmdhelper.executeCommand(idleactcmd): output = self.cmdhelper.getOutput() if output: if re.search("forced-logout", output[0]): idleact = unset + "/desktop/gnome/session/max_idle_action" if not self.cmdhelper.executeCommand(idleact): success = False debug = "Unable to unset max_idle_action for " + \ "unit test preconditions\n" self.logger.log(LogPriority.DEBUG, debug) return success def setkde(self): ''' @author: dwalker @return: bool - success ''' success = True debug = "" if self.kdesddm: self.kdecheck = ".config/kdeglobals" self.rcpath = ".config/kscreenlockerrc" self.kdeprops = {"ScreenSaver": {"Timeout": str(self.seconds)}} else: self.kdecheck = ".kde" self.rcpath = ".kde/share/config/kscreensaverrc" self.kdeprops = { "ScreenSaver": { "AutoLogout": "true", "AutoLogoutTimeout": str(self.seconds) } } contents = readFile("/etc/passwd", self.logger) for line in contents: username = "" homepath = "" temp = line.split(":") try: username = temp[0] homepath = temp[5] except (IndexError): continue kdeparent = os.path.join(homepath, self.kdecheck) kdefile = os.path.join(homepath, self.rcpath) if not os.path.exists(kdeparent): continue elif os.path.exists(kdefile): if self.searchFile(kdefile): if not self.messFile(kdefile): success = False debug = "Unable to set incorrect values for kde " + \ "for user " + username + " in " + \ "unit test preconditions\n" self.logger.log(LogPriority.DEBUG, debug) return success def searchFile(self, filehandle): '''temporary method to separate the code to find directives from the rest of the code. Will put back all in one method eventually @author: dwalker @return: bool @param filehandle: string ''' self.editor = "" kvt = "tagconf" intent = "present" tpath = filehandle + ".tmp" conftype = "closedeq" self.editor = KVEditorStonix(self.statechglogger, self.logger, kvt, filehandle, tpath, self.kdeprops, intent, conftype) if not self.editor.report(): return False else: return True def messFile(self, filehandle): success = True self.editor = "" garbagevalue = "" while True: garbagevalue = randint(0, 200) if garbagevalue != self.timeoutci: break kvt = "tagconf" intent = "present" tpath = filehandle + ".tmp" conftype = "closedeq" if self.kdesddm: self.kdecheck = ".config/kdeglobals" self.rcpath = ".config/kscreenlockerrc" self.kdeprops = {"ScreenSaver": {"Timeout": str(garbagevalue)}} else: self.kdecheck = ".kde" self.rcpath = ".kde/share/config/kscreensaverrc" self.kdeprops = { "ScreenSaver": { "AutoLogout": "true", "AutoLogoutTimeout": str(garbagevalue) } } self.editor = KVEditorStonix(self.statechglogger, self.logger, kvt, filehandle, tpath, self.kdeprops, intent, conftype) self.editor.report() if not self.editor.fix(): success = False elif not self.editor.commit(): success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleDisableRemoveableStorage(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisableRemoveableStorage(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.rule.storageci.updatecurrvalue(True) self.logger = self.logdispatch self.ignoreresults = True def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getostype() == "Mac OS X": success = self.setConditionsForMac() else: success = self.setConditionsForLinux() return success def setConditionsForMac(self): ''' Method to configure mac non compliant for unit test @author: dwalker @return: boolean ''' success = True daemonpath = os.path.abspath(os.path.join(os.path.dirname(sys.argv[0]))) + "/src/stonix_resources/disablestorage" plistpath = "/Library/LaunchDaemons/gov.lanl.stonix.disablestorage.plist" self.rule.daemonpath = daemonpath if re.search("^10.11", self.environ.getosver()): usb = "IOUSBMassStorageDriver" else: usb = "IOUSBMassStorageClass" kernelmods = [usb, "IOFireWireFamily", "AppleThunderboltUTDM", "AppleSDXC"] check = "/usr/sbin/kextstat" load = "/sbin/kextload" '''Remove plist file for launch job if exists''' if os.path.exists(plistpath): os.remove(plistpath) '''Remove daemon file if exists''' if os.path.exists(daemonpath): os.remove(daemonpath) for kmod in kernelmods: cmd = check + "| grep " + kmod self.ch.executeCommand(cmd) if self.ch.getReturnCode() != 0: '''kernel mod is not loaded, load to make non-compliant''' cmd = load + " /System/Library/Extensions/" + kmod + ".kext" if not self.ch.executeCommand(cmd): debug = "Unable to load kernel module " + kmod + " for unit test\n" self.logdispatch.log(LogPriority.DEBUG, debug) success = False return success def setConditionsForLinux(self): ''' Method to configure mac non compliant for unit test @author: dwalker @return: boolean ''' success = True self.ph = Pkghelper(self.logger, self.environ) # check compliance of grub file(s) if files exist if re.search("Red Hat", self.environ.getostype()) and \ re.search("^6", self.environ.getosver()): self.grubperms = [0, 0, 0o600] elif self.ph.manager is "apt-get": self.grubperms = [0, 0, 0o400] else: self.grubperms = [0, 0, 0o644] grubfiles = ["/boot/grub2/grub.cfg", "/boot/grub/grub.cfg" "/boot/grub/grub.conf"] for grub in grubfiles: if os.path.exists(grub): if self.grubperms: if checkPerms(grub, self.grubperms, self.logger): if not setPerms(grub, [0, 0, 0o777], self.logger): success = False contents = readFile(grub, self.logger) if contents: for line in contents: if re.search("^kernel", line.strip()) or re.search("^linux", line.strip()) \ or re.search("^linux16", line.strip()): if re.search("\s+nousb\s*", line): if not re.sub("nousb", "", line): success = False if re.search("\s+usbcore\.authorized_default=0\s*", line): if not re.sub("usbcore\.authorized_default=0", "", line): success = False pcmcialist = ['pcmcia-cs', 'kernel-pcmcia-cs', 'pcmciautils'] # check for existence of certain usb packages, non-compliant # if any exist for item in pcmcialist: if not self.ph.check(item): self.ph.install(item) removeables = [] found1 = True blacklist = {"blacklist usb_storage": False, "install usbcore /bin/true": False, "install usb-storage /bin/true": False, "blacklist uas": False, "blacklist firewire-ohci": False, "blacklist firewire-sbp2": False} if os.path.exists("/etc/modprobe.d"): dirs = glob.glob("/etc/modprobe.d/*") for directory in dirs: if os.path.isdir(directory): continue tempstring = "" contents = readFile(directory, self.logger) for line in contents: if line.strip() in blacklist: continue else: tempstring += line if not writeFile(directory, tempstring, self.logger): success = False if os.path.exists("/etc/modprobe.conf"): contents = readFile("/etc/modprobe.conf", self.logger) tempstring = "" for line in contents: if line.strip() in blacklist: continue else: tempstring += line if not writeFile("/etc/modprobe.conf", tempstring, self.logger): success = False udevfile = "/etc/udev/rules.d/10-local.rules" if os.path.exists(udevfile): if checkPerms(udevfile, [0, 0, 0o644], self.logger): if not setPerms(udevfile, [0 ,0, 0o777], self.logger): success = False contents = readFile(udevfile, self.logger) tempstring = "" for line in contents: if re.search("ACTION\=\=\"add\"\, SUBSYSTEMS\=\=\"usb\"\, RUN\+\=\"/bin/sh \-c \'for host in /sys/bus/usb/devices/usb\*\; do echo 0 \> \$host/authorized\_default\; done\'\"", line.strip()): continue else: tempstring += line if not writeFile(udevfile, tempstring, self.logger): success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleDisablePrelinking(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisablePrelinking(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.prelinkInstalled = False def tearDown(self): if not self.prelinkInstalled: self.ph.remove("prelink") def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.ph.check("prelink"): self.prelinkInstalled = True elif self.ph.checkAvailable("prelink"): self.ph.install("prelink") else: return True path = "/usr/sbin/prelink" cmd = [path, "/bin/ls"] if os.path.exists(path): self.ch.executeCommand(cmd) if re.search("debian|ubuntu", self.environ.getostype().lower()): path = "/etc/default/prelink" else: path = "/etc/sysconfig/prelink" if os.path.exists(path): tmppath = path + ".tmp" data = {"PRELINKING": "yes"} self.editor = KVEditorStonix(self.statechglogger, self.logdispatch, "conf", path, tmppath, data, "present", "closedeq") if not self.editor.report(): if self.editor.fix(): if not self.editor.commit(): success = False self.logdispatch.log(LogPriority.ERROR, "KVEditor failed to commit.") else: success = False self.logdispatch.log(LogPriority.ERROR, "KVEditor failed to fix.") else: writeFile(path, "PRELINKING=yes", self.logdispatch) return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleSecureMTA(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = SecureMTA(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) if self.environ.operatingsystem == "Mac OS X": self.isMac = True else: self.isMac = False if not self.isMac: self.ph = Pkghelper(self.logdispatch, self.environ) self.origState = [False, False, False, False] self.smPath = "/etc/mail/sendmail.cf" self.smTmp = "/tmp/" + os.path.split(self.smPath)[1] + ".utmp" self.pfPathlist = ['/etc/postfix/main.cf', '/private/etc/postfix/main.cf', '/usr/lib/postfix/main.cf'] self.pfPath = "" for path in self.pfPathlist: if os.path.exists(path): self.pfPath = path if self.pfPath == "": self.pfPath = "/etc/postfix/main.cf" self.pfTmp = "/tmp/" + os.path.split(self.pfPath)[1] + ".utmp" def tearDown(self): if not self.isMac: if self.origState[0] is True and not self.ph.check("sendmail"): self.ph.install("sendmail") elif self.origState[0] is False and self.ph.check("sendmail"): self.ph.remove("sendmail") if self.origState[1] is True and not self.ph.check("postfix"): self.ph.install("postfix") elif self.origState[1] is False and self.ph.check("postfix"): self.ph.remove("postfix") if self.origState[2] is True and os.path.exists(self.smTmp): smDir = os.path.split(self.smPath)[0] if not os.path.exists(smDir): os.makedirs(smDir) os.rename(self.smTmp, self.smPath) elif self.origState[2] is False and os.path.exists(self.smPath): os.remove(self.smPath) if self.origState[3] is True and os.path.exists(self.pfTmp): pfDir = os.path.split(self.pfPath)[0] if not os.path.exists(pfDir): os.makedirs(pfDir) os.rename(self.pfTmp, self.pfPath) elif self.origState[3] is False and os.path.exists(self.pfPath): os.remove(self.pfPath) def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if not self.isMac: if self.ph.check("sendmail"): self.origState[0] = True if self.ph.check("postfix"): self.origState[1] = True if os.path.exists(self.smPath): self.origState[2] = True os.rename(self.smPath, self.smTmp) if os.path.exists(self.pfPath): self.origState[3] = True os.rename(self.pfPath, self.pfTmp) return success def testFalseFalseFalseFalse(self): if not self.isMac: if self.ph.check("sendmail"): self.ph.remove("sendmail") if self.ph.check("postfix"): self.ph.remove("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueFalseFalseFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if self.ph.check("postfix"): self.ph.remove("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueTrueFalseFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueTrueTrueFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if not os.path.exists(self.smPath): open(self.smPath, "w") if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testTrueTrueTrueTrue(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if not os.path.exists(self.smPath): open(self.smPath, "w") if not os.path.exists(self.pfPath): open(self.pfPath, "w") self.simpleRuleTest() def testTrueFalseTrueFalse(self): if not self.isMac: if not self.ph.check("sendmail"): self.ph.install("sendmail") if self.ph.check("postfix"): self.ph.remove("postfix") if not os.path.exists(self.smPath): open(self.smPath, "w") if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testFalseTrueFalseFalse(self): if not self.isMac: if self.ph.check("sendmail"): self.ph.remove("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if os.path.exists(self.pfPath): os.remove(self.pfPath) self.simpleRuleTest() def testFalseTrueFalseTrue(self): if not self.isMac: if self.ph.check("sendmail"): self.ph.remove("sendmail") if not self.ph.check("postfix"): self.ph.install("postfix") if os.path.exists(self.smPath): os.remove(self.smPath) if not os.path.exists(self.pfPath): open(self.pfPath, "w") self.simpleRuleTest() def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleRemoveSoftware(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = RemoveSoftware(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.checkUndo = True def tearDown(self): for pkg in self.installed: self.ph.install(pkg) def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: dwalker ''' success = True self.rule.ci.updatecurrvalue(True) self.installed = [] default = [ "squid", "telnet-server", "rsh-server", "rsh", "rsh-client", "talk", "talk-server", "talkd", "tftp-server", "tftp", "tftpd" ] for pkg in default: if not self.ph.check(pkg) and self.ph.checkAvailable(pkg): self.ph.install(pkg) elif self.ph.check(pkg) and self.ph.checkAvailable(pkg): self.installed.append(pkg) return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: dwalker ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: dwalker ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: dwalker ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleDisableUbuntuDataCollection(RuleTest): def setUp(self): ''' :returns: None @author: ekkehard j. koch, Breen Malmberg ''' RuleTest.setUp(self) self.rule = DisableUbuntuDataCollection(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ph = Pkghelper(self.logdispatch, self.environ) self.datacollectionpkgs = [ "popularity-contest", "apport", "ubuntu-report" ] self.teardownpkgs = [] def tearDown(self): ''' :returns: None ''' for pkg in self.teardownpkgs: self.ph.remove(pkg) self.teardownpkgs.remove(pkg) def runTest(self): ''' :returns: None ''' self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :returns: success :rtype: bool @author: ekkehard j. koch, Breen Malmberg ''' success = True self.rule.enabledCI.updatecurrvalue(True) for pkg in self.datacollectionpkgs: if not self.ph.check(pkg): self.ph.install(pkg) self.teardownpkgs.append(pkg) return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: success :rtype: bool @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param pRuleSuccess: did report run successfully :returns: success :rtype: bool @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param pRuleSuccess: did report run successfully :returns: success :rtype: bool @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleDisableRemoveableStorage(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisableRemoveableStorage(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.rule.storageci.updatecurrvalue(True) self.logger = self.logdispatch self.ignoreresults = True def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getostype() == "Mac OS X": success = self.setConditionsForMac() else: success = self.setConditionsForLinux() return success def setConditionsForMac(self): '''Method to configure mac non compliant for unit test @author: dwalker :returns: boolean ''' success = True daemonpath = os.path.abspath(os.path.join(os.path.dirname(sys.argv[0]))) + "/src/stonix_resources/disablestorage.py" plistpath = "/Library/LaunchDaemons/gov.lanl.stonix.disablestorage.plist" self.rule.daemonpath = daemonpath if re.search("^10.11", self.environ.getosver()): usb = "IOUSBMassStorageDriver" else: usb = "IOUSBMassStorageClass" kernelmods = [usb, "IOFireWireFamily", "AppleThunderboltUTDM", "AppleSDXC"] check = "/usr/sbin/kextstat" load = "/sbin/kextload" '''Remove plist file for launch job if exists''' if os.path.exists(plistpath): os.remove(plistpath) '''Remove daemon file if exists''' if os.path.exists(daemonpath): os.remove(daemonpath) for kmod in kernelmods: cmd = check + "| grep " + kmod self.ch.executeCommand(cmd) if self.ch.getReturnCode() != 0: '''kernel mod is not loaded, load to make non-compliant''' cmd = load + " /System/Library/Extensions/" + kmod + ".kext" if not self.ch.executeCommand(cmd): debug = "Unable to load kernel module " + kmod + " for unit test\n" self.logdispatch.log(LogPriority.DEBUG, debug) success = False return success def setConditionsForLinux(self): '''Method to configure mac non compliant for unit test @author: dwalker :returns: boolean ''' success = True self.ph = Pkghelper(self.logger, self.environ) # check compliance of grub file(s) if files exist if re.search("Red Hat", self.environ.getostype()) and \ re.search("^6", self.environ.getosver()): self.grubperms = [0, 0, 0o600] elif self.ph.manager is "apt-get": self.grubperms = [0, 0, 0o400] else: self.grubperms = [0, 0, 0o644] grubfiles = ["/boot/grub2/grub.cfg", "/boot/grub/grub.cfg" "/boot/grub/grub.conf"] for grub in grubfiles: if os.path.exists(grub): if self.grubperms: if checkPerms(grub, self.grubperms, self.logger): if not setPerms(grub, [0, 0, 0o777], self.logger): success = False contents = readFile(grub, self.logger) if contents: for line in contents: if re.search("^kernel", line.strip()) or re.search("^linux", line.strip()) \ or re.search("^linux16", line.strip()): if re.search("\s+nousb\s*", line): if not re.sub("nousb", "", line): success = False if re.search("\s+usbcore\.authorized_default=0\s*", line): if not re.sub("usbcore\.authorized_default=0", "", line): success = False pcmcialist = ['pcmcia-cs', 'kernel-pcmcia-cs', 'pcmciautils'] # check for existence of certain usb packages, non-compliant # if any exist for item in pcmcialist: if not self.ph.check(item): self.ph.install(item) removeables = [] found1 = True blacklist = {"blacklist usb_storage": False, "install usbcore /bin/true": False, "install usb-storage /bin/true": False, "blacklist uas": False, "blacklist firewire-ohci": False, "blacklist firewire-sbp2": False} if os.path.exists("/etc/modprobe.d"): dirs = glob.glob("/etc/modprobe.d/*") for directory in dirs: if os.path.isdir(directory): continue tempstring = "" contents = readFile(directory, self.logger) for line in contents: if line.strip() in blacklist: continue else: tempstring += line if not writeFile(directory, tempstring, self.logger): success = False if os.path.exists("/etc/modprobe.conf"): contents = readFile("/etc/modprobe.conf", self.logger) tempstring = "" for line in contents: if line.strip() in blacklist: continue else: tempstring += line if not writeFile("/etc/modprobe.conf", tempstring, self.logger): success = False udevfile = "/etc/udev/rules.d/10-local.rules" if os.path.exists(udevfile): if checkPerms(udevfile, [0, 0, 0o644], self.logger): if not setPerms(udevfile, [0 ,0, 0o777], self.logger): success = False contents = readFile(udevfile, self.logger) tempstring = "" for line in contents: if re.search("ACTION\=\=\"add\"\, SUBSYSTEMS\=\=\"usb\"\, RUN\+\=\"/bin/sh \-c \'for host in /sys/bus/usb/devices/usb\*\; do echo 0 \> \$host/authorized\_default\; done\'\"", line.strip()): continue else: tempstring += line if not writeFile(udevfile, tempstring, self.logger): success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): '''check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + \ str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): '''check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): '''check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + \ str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleRemoveSoftware(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = RemoveSoftware(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.checkUndo = True def tearDown(self): for pkg in self.installed: self.ph.install(pkg) def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: dwalker ''' success = True self.rule.ci.updatecurrvalue(True) self.installed = [] default = ["squid", "telnet-server", "rsh-server", "rsh", "rsh-client", "talk", "talk-server", "talkd", "tftp-server", "tftp", "tftpd"] for pkg in default: if not self.ph.check(pkg) and self.ph.checkAvailable(pkg): self.ph.install(pkg) elif self.ph.check(pkg) and self.ph.checkAvailable(pkg): self.installed.append(pkg) return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: dwalker ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: dwalker ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: dwalker ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleDisableUbuntuDataCollection(RuleTest): def setUp(self): ''' @return: None @author: ekkehard j. koch, Breen Malmberg ''' RuleTest.setUp(self) self.rule = DisableUbuntuDataCollection(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ph = Pkghelper(self.logdispatch, self.environ) self.datacollectionpkgs = ["popularity-contest", "apport", "ubuntu-report"] self.teardownpkgs = [] def tearDown(self): ''' @return: None ''' for pkg in self.teardownpkgs: self.ph.remove(pkg) self.teardownpkgs.remove(pkg) def runTest(self): ''' @return: None ''' self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @return: success @rtype: bool @author: ekkehard j. koch, Breen Malmberg ''' success = True self.rule.enabledCI.updatecurrvalue(True) for pkg in self.datacollectionpkgs: if not self.ph.check(pkg): self.ph.install(pkg) self.teardownpkgs.append(pkg) return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: success @rtype: bool @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param pRuleSuccess: did report run successfully @return: success @rtype: bool @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param pRuleSuccess: did report run successfully @return: success @rtype: bool @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleSystemAccounting(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = SystemAccounting(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.rule.ci.updatecurrvalue(True) def tearDown(self): pass def runTest(self): result = self.simpleRuleTest() self.assertTrue( result, "SystemAccounting(9): rule.iscompliant() is " + "'False' after rule.fix() and rule.report() have " + "run. This may be due to a proxy error; if the " + "proper proxy is not set in localize.py, set it and " + "run this test again.") def test_default_sysstat_empty(self): """ test correction of /etc/default/sysstat if it has no entry in it :return: """ file = "/etc/default/sysstat" backup = "/etc/default/sysstat.stonix_test_bak" if os.path.isfile(file): self._backup_file(file) f = open(file, "w") f.write("") f.close() self.rule._set_paths() self.assertFalse(self.rule._report_configuration()) self.rule._fix_configuration() self.assertTrue(self.rule._report_configuration()) self._restore_file(backup) else: return True def test_default_sysstat_comment(self): """ test correction of /etc/default/sysstat if it has the entry commented out :return: """ file = "/etc/default/sysstat" backup = "/etc/default/sysstat.stonix_test_bak" if os.path.isfile(file): self._backup_file(file) f = open(file, "w") f.write('# ENABLED="true"') f.close() self.rule._set_paths() self.assertFalse(self.rule._report_configuration()) self.rule._fix_configuration() self.assertTrue(self.rule._report_configuration()) self._restore_file(backup) else: return True def test_default_sysstat_wrongvalue(self): """ test correction of /etc/default/sysstat if it has the entry set to the wrong value :return: """ file = "/etc/default/sysstat" backup = "/etc/default/sysstat.stonix_test_bak" if os.path.isfile(file): self._backup_file(file) f = open(file, "w") f.write('ENABLED="false"') f.close() self.rule._set_paths() self.assertFalse(self.rule._report_configuration()) self.rule._fix_configuration() self.assertTrue(self.rule._report_configuration()) self._restore_file(backup) else: return True def test_default_sysstat_rightvalue(self): """ test correction of /etc/default/sysstat if it has the entry set to the right value :return: """ file = "/etc/default/sysstat" backup = "/etc/default/sysstat.stonix_test_bak" if os.path.isfile(file): self._backup_file(file) f = open(file, "w") f.write('ENABLED="true"') f.close() self.rule._set_paths() self.assertTrue(self.rule._report_configuration()) self.rule._fix_configuration() self.assertTrue(self.rule._report_configuration()) self._restore_file(backup) else: return True def test_installation_installed(self): """ test installation report/fix if package already installed applies to Linux only :return: """ if self.rule.ostype == "Mac OS X": return True package = "sysstat" if self.ph.check(package): self.rule._set_paths() self.assertTrue(self.rule._report_installation()) self.rule._fix_installation() self.assertTrue(self.rule._report_installation()) else: return True def test_installation_missing(self): """ test installation report/fix if package not installed applies to Linux only :return: """ if self.rule.ostype == "Mac OS X": return True package = "sysstat" if not self.ph.check(package): self.rule._set_paths() self.assertFalse(self.rule._report_installation()) self.rule._fix_installation() self.assertTrue(self.rule._report_installation()) else: return True def test_set_paths(self): """ test that all paths and necessary variables for the class are able to be properly determined and set once package is installed :return: """ package = "sysstat" self.ph.install(package) self.rule._set_paths() self.assertTrue(self.rule.sysstat_package) self.assertTrue(self.rule.sysstat_service_file) self.assertTrue(self.rule.sa1) self.assertTrue(self.rule.sa2) self.assertTrue(self.rule.sysstat_service_contents) self.assertTrue(self.rule.sysstat_cron_contents) self.assertTrue(self.rule.ostype) self.ph.remove(package) def _restore_file(self, backup): """ :param backup: :return: """ if os.path.isfile(backup): if re.search("\.stonix_test_bak", backup): shutil.copy2(backup, backup.replace(".stonix_test_bak", "")) def _backup_file(self, original): """ :param original: :return: """ if os.path.isfile(original): shutil.copy2(original, original + ".stonix_test_bak") def setConditionsForRule(self): """Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: Breen Malmberg """ success = True self.rule.ci.updatecurrvalue(True) return success def checkReportForRule(self, pCompliance, pRuleSuccess): """check on whether report was correct :param self: essential if you override this definition :param pCompliance: the self.iscompliant value of rule :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: Breen Malmberg """ self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): """check on whether fix was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: Breen Malmberg """ self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): """check on whether undo was correct :param self: essential if you override this definition :param pRuleSuccess: did report run successfully :returns: boolean - If successful True; If failure False @author: Breen Malmberg """ self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getosfamily() == "darwin": success = False osxversion = str(self.environ.getosver()) if osxversion.startswith("10.10.0") or \ osxversion.startswith("10.10.1") or \ osxversion.startswith("10.10.2") or \ osxversion.startswith("10.10.3"): debug = "Using discoveryd LaunchDaemon" self.logdispatch.log(LogPriority.DEBUG, debug) service = \ "/System/Library/LaunchDaemons/com.apple.discoveryd.plist" servicename = "com.apple.networking.discoveryd" parameter = "--no-multicast" plistText = readFile(service, self.logdispatch) newPlistText = re.sub("<string>" + parameter + "</string>", "", "".join(plistText)) success = True else: debug = "Using mDNSResponder LaunchDaemon" self.logdispatch.log(LogPriority.DEBUG, debug) service = "/System/Library/LaunchDaemons/" + \ "com.apple.mDNSResponder.plist" if osxversion.startswith("10.10"): servicename = "com.apple.mDNSResponder.reloaded" parameter = "-NoMulticastAdvertisements" else: servicename = "com.apple.mDNSResponder" parameter = "-NoMulticastAdvertisements" plistText = readFile(service, self.logdispatch) newPlistText = re.sub("<string>" + parameter + "</string>", "", "".join(plistText)) success = True self.service = service if success and self.sh.auditService(service, serviceTarget=servicename): success = writeFile(service + ".stonixtmp", "".join(plistText), self.logdispatch) success = writeFile(service, newPlistText, self.logdispatch) if success and self.sh.auditService(service, serviceTarget=servicename): success = self.sh.reloadService(service, serviceTarget=servicename) else: ph = Pkghelper(self.logdispatch, self.environ) package = "avahi-daemon" service = "avahi-daemon" if (ph.determineMgr() == "yum" or ph.determineMgr() == "dnf"): package = "avahi" path = "/etc/sysconfig/network" if os.path.exists(path): tmppath = path + ".tmp" data = {"NOZEROCONF": "yes"} editor = KVEditorStonix(self.statechglogger, self.logdispatch, "conf", path, tmppath, data, "notpresent", "closedeq") if not editor.report(): if editor.fix(): if not editor.commit(): success = False else: success = False elif ph.determineMgr() == "zypper": package = "avahi" if not ph.check(package) and ph.checkAvailable(package): success = ph.install(package) if success and not self.sh.auditService( service, serviceTarget=self.serviceTarget): self.sh.enableService(service, serviceTarget=self.serviceTarget) return success
class zzzTestRuleDisablePrelinking(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = DisablePrelinking(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.prelinkInstalled = False def tearDown(self): if not self.prelinkInstalled: self.ph.remove("prelink") def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.ph.check("prelink"): self.prelinkInstalled = True elif self.ph.checkAvailable("prelink"): self.ph.install("prelink") else: return True path = "/usr/sbin/prelink" cmd = [path, "/bin/ls"] if os.path.exists(path): self.ch.executeCommand(cmd) if re.search("debian|ubuntu", self.environ.getostype().lower()): path = "/etc/default/prelink" else: path = "/etc/sysconfig/prelink" if os.path.exists(path): tmppath = path + ".tmp" data = {"PRELINKING": "yes"} self.editor = KVEditorStonix(self.statechglogger, self.logdispatch, "conf", path, tmppath, data, "present", "closedeq") if not self.editor.report(): if self.editor.fix(): if not self.editor.commit(): success = False self.logdispatch.log(LogPriority.ERROR, "KVEditor failed to commit.") else: success = False self.logdispatch.log(LogPriority.ERROR, "KVEditor failed to fix.") else: writeFile(path, "PRELINKING=yes", self.logdispatch) return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success