def setUp(self): RuleTest.setUp(self) self.rule = RestrictMounting(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.sh = ServiceHelper(self.environ, self.logdispatch)
class zzzTestRuleRestrictMounting(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = RestrictMounting(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.sh = ServiceHelper(self.environ, self.logdispatch) def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Eric Ball ''' success = True # Enable CIs datatype = "bool" key = "RESTRICTCONSOLEACCESS" instructions = "Unit test" default = True self.rule.consoleCi = self.rule.initCi(datatype, key, instructions, default) key = "DISABLEAUTOFS" self.rule.autofsCi = self.rule.initCi(datatype, key, instructions, default) key = "DISABLEGNOMEAUTOMOUNT" self.rule.gnomeCi = self.rule.initCi(datatype, key, instructions, default) self.path1 = "/etc/security/console.perms.d/50-default.perms" self.path2 = "/etc/security/console.perms" self.data1 = ["<floppy>=/dev/fd[0-1]* \\", "<scanner>=/dev/scanner* /dev/usb/scanner*", "<flash>=/mnt/flash* /dev/flash*", "# permission definitions", "<console> 0660 <floppy> 0660 root.floppy", "<console> 0600 <scanner> 0600 root", "<console> 0600 <flash> 0600 root.disk"] self.data2 = ["<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+", "<xconsole>=:[0-9]+\.[0-9]+ :[0-9]+"] if os.path.exists(self.path1): self.tmpfile1 = self.path1 + ".tmp" os.rename(self.path1, self.tmpfile1) try: defaultPermsFile = open(self.path1, "w") except IOError: debug = "Could not open file " + self.path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False try: defaultPermsFile.writelines(self.data1) except IOError: debug = "Could not write to file " + self.path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False if os.path.exists(self.path2): self.tmpfile2 = self.path2 + ".tmp" os.rename(self.path2, self.tmpfile2) try: permsFile = open(self.path2, "w") except IOError: debug = "Could not open file " + self.path2 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False try: permsFile.writelines(self.data2) except IOError: debug = "Could not write to file " + self.path2 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False # If autofs is installed, enable and start it. If it is not # installed, it will not be tested. if self.ph.check("autofs"): if not self.sh.enableservice("autofs"): debug = "Could not enable autofs\n" self.logger.log(LogPriority.DEBUG, debug) success = False cmd = ["gconftool-2", "--direct", "--config-source", "xml:readwrite:/etc/gconf/gconf.xml.mandatory", "--type", "bool", "--set", "/desktop/gnome/volume_manager/automount_media", "true"] cmdSuccess = self.ch.executeCommand(cmd) cmd = ["gconftool-2", "--direct", "--config-source", "xml:readwrite:/etc/gconf/gconf.xml.mandatory", "--type", "bool", "--set", "/desktop/gnome/volume_manager/automount_drives", "true"] cmdSuccess &= self.ch.executeCommand(cmd) if not cmdSuccess: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' # Cleanup: put original perms files back if os.path.exists(self.path1) and os.path.exists(self.tmpfile1): os.remove(self.path1) os.rename(self.tmpfile1, self.path1) if os.path.exists(self.path2) and os.path.exists(self.tmpfile2): os.remove(self.path2) os.rename(self.tmpfile2, self.path2) self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success
class zzzTestRuleRestrictMounting(RuleTest): def setUp(self): RuleTest.setUp(self) self.rule = RestrictMounting(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.sh = ServiceHelper(self.environ, self.logdispatch) def tearDown(self): pass def runTest(self): self.simpleRuleTest() def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Eric Ball ''' success = True # Enable CIs datatype = "bool" key = "RESTRICTCONSOLEACCESS" instructions = "Unit test" default = True self.rule.consoleCi = self.rule.initCi(datatype, key, instructions, default) key = "DISABLEAUTOFS" self.rule.autofsCi = self.rule.initCi(datatype, key, instructions, default) key = "DISABLEGNOMEAUTOMOUNT" self.rule.gnomeCi = self.rule.initCi(datatype, key, instructions, default) self.path1 = "/etc/security/console.perms.d/50-default.perms" self.path2 = "/etc/security/console.perms" self.data1 = [ "<floppy>=/dev/fd[0-1]* \\", "<scanner>=/dev/scanner* /dev/usb/scanner*", "<flash>=/mnt/flash* /dev/flash*", "# permission definitions", "<console> 0660 <floppy> 0660 root.floppy", "<console> 0600 <scanner> 0600 root", "<console> 0600 <flash> 0600 root.disk" ] self.data2 = [ "<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+", "<xconsole>=:[0-9]+\.[0-9]+ :[0-9]+" ] if os.path.exists(self.path1): self.tmpfile1 = self.path1 + ".tmp" os.rename(self.path1, self.tmpfile1) try: defaultPermsFile = open(self.path1, "w") except IOError: debug = "Could not open file " + self.path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False try: defaultPermsFile.writelines(self.data1) except IOError: debug = "Could not write to file " + self.path1 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False if os.path.exists(self.path2): self.tmpfile2 = self.path2 + ".tmp" os.rename(self.path2, self.tmpfile2) try: permsFile = open(self.path2, "w") except IOError: debug = "Could not open file " + self.path2 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False try: permsFile.writelines(self.data2) except IOError: debug = "Could not write to file " + self.path2 + "\n" self.logger.log(LogPriority.DEBUG, debug) success = False # If autofs is installed, enable and start it. If it is not # installed, it will not be tested. if self.ph.check("autofs"): if not self.sh.enableservice("autofs"): debug = "Could not enable autofs\n" self.logger.log(LogPriority.DEBUG, debug) success = False cmd = [ "gconftool-2", "--direct", "--config-source", "xml:readwrite:/etc/gconf/gconf.xml.mandatory", "--type", "bool", "--set", "/desktop/gnome/volume_manager/automount_media", "true" ] cmdSuccess = self.ch.executeCommand(cmd) cmd = [ "gconftool-2", "--direct", "--config-source", "xml:readwrite:/etc/gconf/gconf.xml.mandatory", "--type", "bool", "--set", "/desktop/gnome/volume_manager/automount_drives", "true" ] cmdSuccess &= self.ch.executeCommand(cmd) if not cmdSuccess: success = False return success def checkReportForRule(self, pCompliance, pRuleSuccess): ''' check on whether report was correct @param self: essential if you override this definition @param pCompliance: the self.iscompliant value of rule @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pCompliance = " + str(pCompliance) + ".") self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkFixForRule(self, pRuleSuccess): ''' check on whether fix was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' # Cleanup: put original perms files back if os.path.exists(self.path1) and os.path.exists(self.tmpfile1): os.remove(self.path1) os.rename(self.tmpfile1, self.path1) if os.path.exists(self.path2) and os.path.exists(self.tmpfile2): os.remove(self.path2) os.rename(self.tmpfile2, self.path2) self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success def checkUndoForRule(self, pRuleSuccess): ''' check on whether undo was correct @param self: essential if you override this definition @param pRuleSuccess: did report run successfully @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' self.logdispatch.log(LogPriority.DEBUG, "pRuleSuccess = " + str(pRuleSuccess) + ".") success = True return success