def checking_encrypted_communication(): # Check whether we can log in using TLS print_log("Checking login/whoami using TLS", fill=log_length) print_crit_check(check_login()) # Check whether we can log in w/o TLS print_log("Checking login/whoami w/o TLS not allowed", fill=log_length) print_check(not check_login(tls=False))
def check_fileserver_size_mount(): # Get output of df -h and extract fileserver-pool line df = get_process_output("df -h").splitlines() lines = [l for l in df if l.startswith("fileserver-pool 12G")] # Check whether df -h contains fileserver-pool line print_log("Checking df -h combined size") print_check(len(lines) > 0) # Check whether fileserver-pool line mentions a mount at /mnt/fileserver-pool print_log("Checking pool mounted") print_crit_check( len(lines) > 0 and lines[0].endswith('/mnt/fileserver-pool'))
def check_hdds_size(): def get_block_device_size(dev): # Get block device size in bytes out = get_process_output("lsblk -brno SIZE /dev/{}".format(dev)) # Convert from bytes to GiB return int(out.splitlines()[0]) / (2**30) # Get all block devices in fileserver-pool out = get_process_output("zpool status -L fileserver-pool") out = out[out.find('config:'):out.find('errors:')] devs = [l[5:8] for l in out.splitlines() if l.startswith('\t ')] # Check whether we have the right number of them print_log("Checking correct number of block devices") print_check(len(devs) == 7) # Check whether no block device is larger than 2GiB print_log("Checking block devices sizes") print_check(all(map(lambda x: x <= 2, map(get_block_device_size, devs))))
def check_passwd(): def change_pw(old_password, new_password): # Execute passwd as test1 user cmd = "runuser -l root1 -c \"echo \\\"{0}\\n{1}\\n{1}\\\" | passwd\" 2>&1" out = get_process_output(cmd.format(old_password, new_password)) return "password updated successfully" in out # Try to use passwd print_log("Checking passwd works", fill=log_length) success = change_pw("test1", "test2") print_check(success) if not success: return # Try to log in using old, then new password print_log("Checking password changed", fill=log_length) success = not check_login("test1") and check_login("test2") print_check(success) # Reset password for next test run change_pw("test2", "test1")
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import get_page, read_config # noqa # pylint: disable=import-error from test_helpers import print_log, print_check, set_log_length # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error secret = "<title>Nagios: nagios.psa-team10.in.tum.de</title>" auth = (read_config('nagios-username'), read_config('nagios-password')) set_log_length(50) print_log("Checking Nagios available in PSA network") page = get_page('nagios.psa-team10.in.tum.de/nagios/', auth=auth) print_check(secret in page) print_test_summary()
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import exists_mount # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error # Set the test_log length to 50 chars set_log_length(50) src = '192.168.10.6:/mnt/fileserver-pool/services/webapp/status-monitor' dst = '/mnt/status-monitor' print_log("Checking mount for webapp (on VM5)") print_check(exists_mount(src, dst)) print_test_summary()
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import exists_mount # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error # Set the test_log length to 50 chars set_log_length(50) src = '192.168.10.6:/mnt/fileserver-pool/services/website/{}' dst = 'var/www/{}' print_log("Checking mount for 1st website (on VM1)") print_check(exists_mount(src.format('web1'), dst.format('web1'))) print_log("Checking mount for 2nd website (on VM1)") print_check(exists_mount(src.format('web2'), dst.format('web2'))) print_log("Checking mount for 3rd website (on VM1)") print_check(exists_mount(src.format('web3'), dst.format('web3'))) print_test_summary()
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import get_process_output, exists_mount # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error print_log("Checking accessing a file on fileserver") secret = get_process_output("su -c \"cat /home/rech/.fileserver_test\" rech") print_check('my_secret' in secret) print_log("Checking (auto)mount entry in df") src = '192.168.10.6:/mnt/fileserver-pool/home/rech' dst = '/home/rech' print_check(exists_mount(src, dst)) print_test_summary()
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import exists_mount # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error # Set the test_log length to 50 chars set_log_length(50) src = '192.168.10.6:/mnt/fileserver-pool/services/database/slave' dst = '/var/lib/mysql' print_log("Checking mount for database slave (on VM4)") print_check(exists_mount(src, dst)) print_test_summary()
import sys import tempfile from smb.SMBConnection import SMBConnection sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import read_config # noqa # pylint: disable=import-error from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error # Read password from configuration file password = read_config('samba-rech-password') print_log("Checking samba server reachable") con = SMBConnection("rech", password, "local_name", "local_machine") try: con.connect("192.168.10.6", 445) except Exception: con = None print_crit_check(con is not None) print_log("Checking home shared over samba") shares = list(map(lambda x: x.name, con.listShares())) print_crit_check('rech' in shares) print_log("Checking files listed in samba") files = map(lambda x: x.filename, con.listPath('rech', '/')) print_check('.fileserver_test' in files) print_log("Checking file read over samba") f = tempfile.NamedTemporaryFile() con.retrieveFile('rech', '/.fileserver_test', f) f.seek(0) # pysmb starts at end of file
return False def email_received(imap, msg, limit_from_addr_to=None): imap.close() imap.select() if limit_from_addr_to is None: _, data = imap.search(None, 'ALL') else: _, data = imap.search(None, 'FROM', limit_from_addr_to) msgs = [imap.fetch(n, '(UID BODY[TEXT])') for n in data[0].split()[-10:]] msgs = [msg[1][0][1].decode('utf-8') for msg in msgs] return any(rmsg for rmsg in msgs if msg in rmsg) print_log("[Firewall] Port 25 (SMTP) open") print_crit_check(is_port_open(server, 25)) print_log("[Firewall] Port 143 (IMAP) open") print_crit_check(is_port_open(server, 143)) print() print_log("[IMAP] Connection possible") try: imap = IMAP4(host=server) print_check('OK' in imap.noop()) except IMAP4.error: print_crit_check(False) print_log("[IMAP] STARTTLS successful")
#!/usr/bin/env python3.7 import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error from test_helpers import get_process_output # noqa # pylint: disable=import-error print_log("Checking netplan dhcp") with open('/etc/netplan/psa.yaml', 'r') as f: netplan = f.read() print_crit_check('dhcp4: true' in netplan) print_log("Checking IP address assigned") ip = get_process_output("ip -o -f inet addr show dev enp0s8 dynamic") print_crit_check("inet 192.168.10." in ip) print_log("Checking subnet mask specified") print_check("/24 brd" in ip) print_log("Checking routes specified") routes = get_process_output("ip route list proto dhcp dev enp0s8") print_check("192.168.0.0/16 via 192.168.10.2" in routes) print_test_summary()
sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import get_vm_name # noqa # pylint: disable=import-error from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error from test_helpers import get_process_output, get_process_returncode # noqa # pylint: disable=import-error # Declare constants server_dns, server_ip = 'dns.psa-team10.in.tum.de.', '192.168.10.2' vm1_dns, vm1_ip = 'vm1.psa-team10.in.tum.de.', '192.168.10.1' team_dns, team_ip = 'psa-team10.in.tum.de.', '192.168.10.1' team_one_dns, team_one_ip = 'dns.psa-team01.in.tum.de.', '192.168.1.3' tum_proxy_dns, tum_proxy_ip = 'proxy.in.tum.de.', '131.159.0.2' # First, check whether bind9 is even active if same VM if get_vm_name() == 'vm02': print_log("Checking bind9 active") cmd = "systemctl is-active --quiet bind9.service" print_crit_check(get_process_returncode(cmd) == 0) cmd = "host {0} " + server_ip # Do tests for team domain names print_log("Checking dns A record") print_check(server_ip in get_process_output(cmd.format(server_dns))) print_log("Checking team A record") print_check(team_ip in get_process_output(cmd.format(team_dns))) print_log("Checking vm1 A record") print_check(vm1_ip in get_process_output(cmd.format(vm1_dns))) # Do tests for other team's domain names print_log("Checking other team's records")
files = os.listdir(path) log_pattern = r'^(' + re.escape(name) + r'(\.(\d)+)?)$' logs = filter_list_by_regex(files, log_pattern, group=1) logs = [(path + file) for file in logs] lines = [] for log in logs: with open(log, 'r') as log_file: lines += log_file.readlines() if filter_ips: ip_pattern = r'((\d?\d?\d\.){3}\d?\d?\d)' lines = filter_list_by_regex(lines, ip_pattern, group=1) return logs, lines # First, check whether nginx is even active print_log("Checking nginx active") cmd = "systemctl is-active --quiet nginx.service" print_crit_check(get_process_returncode(cmd) == 0) # Checking logfiles print_log("Checking IPs in access log") _, access_logs = get_logs(access_log_path, access_log_name, filter_ips=True) print_check(len(access_logs) == 0) print_log("Checking IPs in error log") # Generating error to make sure error log isn't empty get_page(main_hostname + '/idontexist.filetype') _, error_logs = get_logs(error_log_path, error_log_name, filter_ips=True) print_check(len(error_logs) > 0) # Check logrotate access_files, access_logs = get_logs(access_log_path, access_log_name)
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import get_page # noqa # pylint: disable=import-error from test_helpers import print_log, print_check # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_test_summary # noqa # pylint: disable=import-error set_log_length(65) print_log("Checking available in PSA network") page = get_page('status.psa-team10.in.tum.de') print_check("<title>Status app</title>" in page) print_log("Checking available externally") print_check("<title>Status app</title>" in get_page('psa.in.tum.de:61015')) print_test_summary()
def generate_token(c): test_token = secrets.token_urlsafe(48)[0:48] with c.cursor() as cur: sql = ("select * from {0}.{1} where test_secret = %s;".format( localhost_db, localhost_test_table)) read_tokens = sql_query(cur, sql, (test_token, )) if not test_token in read_tokens: return test_token else: return generate_token(c) # First, check whether mariadb is even active print_log("Checking database server active", fill=log_fill) cmd = "systemctl is-active --quiet mariadb.service" print_crit_check(get_process_returncode(cmd) == 0) # Try logging in with readonly user print_log("Checking readonly user can log in", fill=log_fill) readonly_con = pymysql.connect(host='localhost', user=readonly_user, password=readonly_pwd) print_crit_check(True) # We just logged in using the readonly user, so it exists print_log("Checking readonly user exists", fill=log_fill) print_check(True) with readonly_con.cursor() as read_cursor:
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import exists_mount # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error from test_helpers import print_test_summary # noqa # pylint: disable=import-error # Set the test_log length to 50 chars set_log_length(50) src = '192.168.10.6:/mnt/fileserver-pool/services/database/master' dst = '/var/lib/mysql' print_log("Checking mount database master (on VM3)") print_check(exists_mount(src, dst)) print_test_summary()
def install_helpers(helpers, week): msg = "Installing {0} helper file(s) for {1}".format(len(helpers), week) print_log(msg) install_files(helpers, '/root/helpers') print_check(True)
def install_tests(tests, week): print_log("Installing {0} test file(s) for {1}".format(len(tests), week)) install_files(tests, '/root/tests') print_check(True)
# Keys for checking whether page was served correctly main_key = 'PSA-T10-1' cgi_key = "Hello world from user rech!" cname_key = 'PSA-T10-2' alt_ip_key = 'PSA-T10-3' # Logging access_log_path = '/var/log/nginx/' access_log_name = 'access.log' error_log_path = '/var/log/nginx/' error_log_name = 'error.log' # Check whether DNS resolves to specified IPs log_msg = "Checking DNS for {0}" cmd = "host {0}" print_log(log_msg.format("the main hostname")) out = get_process_output(cmd.format(main_hostname)) print_crit_check(main_ip in out) print_log(log_msg.format("the cname hostname")) out = get_process_output(cmd.format(cname_hostname)) print_check(main_ip in out) print_log(log_msg.format("the alt. hostname")) out = get_process_output(cmd.format(alt_ip_hostname)) print_check(alt_ip in out) print_log("Checking resolving to different IPs") cond = (get_process_output(cmd.format(main_hostname)) != get_process_output( cmd.format(alt_ip_hostname))) print_check(cond) # Check whether different hostnames return the correct keys log_msg = "Checking hostname honored ({0})"
def check_anonymous_bind(): # Use anonymous bind to try and get uid & matrNr, then only matrNr cmd = "ldapsearch -H {0} -b \"{1}\" -x uid=root1 uid{2}" out1 = get_process_output(cmd.format(ldap_host, ldap_base_dn, ", matrNr")) out2 = get_process_output(cmd.format(ldap_host, ldap_base_dn, '')) # The 2nd command should have worked and the 1st not return "uid: root1" in out2 and not "matrNr: 1938351754" in out1 if not is_interactive(): sleep(int(get_vm_name()[2:]) * 15) # Check encrypted communication w/ server checking_encrypted_communication() # Check organizational units print_log("Checking organizational units", fill=log_length) print_check(check_organizational_units()) # Check existing user print_log("Checking Praktikum users exist", fill=log_length) print_check(check_existing_users()) # Check csv user print_log("Checking csv users exist", fill=log_length) print_check(check_csv_users()) # Check csv user details print_log("Checking csv users attributes", fill=log_length) print_check(check_csv_attributes()) # Check csv user certificate print_log("Checking csv users have certificate", fill=log_length) print_check(check_csv_certificate()) # Check passwd check_passwd()
import sys sys.path.append(sys.path[0] + '/../99_helpers/') from test_helpers import get_page, get_process_returncode, Cursor # noqa # pylint: disable=import-error from test_helpers import print_log, print_check, run_remote_test # noqa # pylint: disable=import-error from test_helpers import set_log_length, print_test_summary # noqa # pylint: disable=import-error set_log_length(65) print_log("Checking testrunner active") rc = get_process_returncode("systemctl is-active --quiet dash-testrunner") print_check(rc == 0) print_log("Checking server active") rc = get_process_returncode("systemctl is-active --quiet dash-server") print_check(rc == 0) print_log("Checking nginx proxy active") rc = get_process_returncode("systemctl is-active --quiet nginx") print_check(rc == 0) print_log("Checking website online") page = get_page('localhost') print_check("<title>Status app</title>" in page) print_log("Checking all tests executed at least once in last hour") with Cursor() as c: sql = ('''select test, vm from run_on where not exists ''' '''( select * from test_results ''' '''where test_results.test = run_on.test ''' '''and test_results.vm = run_on.vm '''
set_log_length(70) readonly_user = '******' readonly_pwd = read_config('database-readonly-pw') test_db = 'test_db1' test_table = 'test_table' def sql_query(c, sql, args=()): c.execute(sql, args) return [tup[0] for tup in c.fetchall()] # Get the test_token if len(sys.argv) == 1 and len(sys.argv[1]) != 48: print_log("Test token specified") print_crit_check(False) test_token = sys.argv[1] # First, check whether mariadb is even active print_log("Checking replication server active") cmd = "systemctl is-active --quiet mariadb.service" print_check(get_process_returncode(cmd) == 0) # Try logging in with readonly user print_log("Checking readonly user can log in to replication") readonly_con = pymysql.connect( host='localhost', user=readonly_user, password=readonly_pwd,