def setUp(self):
RuleTest.setUp(self)
self.rule = EnableKernelAuditing(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = STIGConfigurePasswordPolicy(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.passidentifier = "mil.disa.STIG.passwordpolicy.alacarte"
self.secidentifier = "mil.disa.STIG.Security_Privacy.alacarte"
self.applicable = {'type': 'white',
'os': {'Mac OS X': ['10.10.0', 'r', '10.14.10']},
'fisma': 'high'}
if search("10\.10.*", self.environ.getosver()):
self.rule.pwprofile = "/Users/vagrant/stonix/src/stonix_resources/files/" + \
"U_Apple_OS_X_10-10_Workstation_V1R2_STIG_Passcode_Policy.mobileconfig"
self.rule.secprofile = "/Users/vagrant/stonix/src/stonix_resources/files/" + \
"U_Apple_OS_X_10-10_Workstation_V1R2_STIG_Security_Privacy_Policy.mobileconfig"
elif search("10\.11\.*", self.environ.getosver()):
self.rule.pwprofile = "/Users/vagrant/stonix/src/stonix_resources/files/" + \
"U_Apple_OS_X_10-11_V1R1_STIG_Passcode_Policy.mobileconfig"
self.rule.secprofile = "/Users/vagrant/stonix/src/stonix_resources/files/" + \
"U_Apple_OS_X_10-11_V1R1_STIG_Security_and_Privacy_Policy.mobileconfig"
else:
self.rule.pwprofile = "/Users/vagrant/stonix/src/stonix_resources/files/" + \
"U_Apple_macOS_10-12_V1R1_STIG_Passcode_Policy.mobileconfig"
self.rule.secprofile = "/Users/vagrant/stonix/src/stonix_resources/files/" + \
"U_Apple_macOS_10-12_V1R1_STIG_Security_and_Privacy_Policy.mobileconfig"
self.rule.pwci.updatecurrvalue(True)
def setUp(self):
RuleTest.setUp(self)
self.rule = InstalledSoftwareVerification(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = AuditSSHKeys(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ignoreresults = True
def setUp(self):
RuleTest.setUp(self)
self.rule = MinimizeServices(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = ConfigureAIDE(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.rule.ci.updatecurrvalue(True)
def setUp(self):
RuleTest.setUp(self)
self.rule = BlockSystemAccounts(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = NoCachedFDEKeys(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = NoLegacyPlusAccts(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = ConsoleRootOnly(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableAdminLoginOverride(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictAccessToKernelMessageBuffer(
self.config, self.environ, self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = CheckPartitioning(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SetDefaultUserUmask(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = PasswordExpiration(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = PreventXListen(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictAdminSSH(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SecureHomeDir(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = ConfigureLinuxFirewall(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.logger = self.logdispatch
self.ch = CommandHelper(self.logger)
self.servicehelper = ServiceHelper(self.environ, self.logger)
self.checkUndo = True
self.isfirewalld = False
self.isufw = False
if os.path.exists('/bin/firewall-cmd'):
self.isfirewalld = True
if os.path.exists('/usr/sbin/ufw'):
self.isufw = True
# mostly pertains to RHEL6, Centos6
self.iptables = "/usr/sbin/iptables"
if not os.path.exists(self.iptables):
self.iptables = '/sbin/iptables'
self.ip6tables = "/usr/sbin/ip6tables"
if not os.path.exists(self.ip6tables):
self.ip6tables = '/sbin/ip6tables'
if os.path.exists("/usr/sbin/iptables-restore"):
self.iprestore = "/usr/sbin/iptables-restore"
elif os.path.exists("/sbin/iptables-restore"):
self.iprestore = "/sbin/iptables-restore"
if os.path.exists("/usr/sbin/ip6tables-restore"):
self.ip6restore = "/usr/sbin/ip6tables-restore"
elif os.path.exists("/sbin/ip6tables-restore"):
self.ip6restore = "/sbin/ip6tables-restore"
self.scriptType = ""
def setUp(self):
RuleTest.setUp(self)
self.rule = XinetdAccessControl(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = AuditNetworkSniffing(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableSerialLoginPrompts(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = SecureMTA(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
if self.environ.operatingsystem == "Mac OS X":
self.isMac = True
else:
self.isMac = False
if not self.isMac:
self.ph = Pkghelper(self.logdispatch, self.environ)
self.origState = [False, False, False, False]
self.smPath = "/etc/mail/sendmail.cf"
self.smTmp = "/tmp/" + os.path.split(self.smPath)[1] + ".utmp"
self.pfPathlist = [
'/etc/postfix/main.cf', '/private/etc/postfix/main.cf',
'/usr/lib/postfix/main.cf'
]
self.pfPath = ""
for path in self.pfPathlist:
if os.path.exists(path):
self.pfPath = path
if self.pfPath == "":
self.pfPath = "/etc/postfix/main.cf"
self.pfTmp = "/tmp/" + os.path.split(self.pfPath)[1] + ".utmp"
def setUp(self):
RuleTest.setUp(self)
self.rule = FilePermissions(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
"""
:return:
"""
RuleTest.setUp(self)
self.rule = LinuxPackageSigning(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.checkUndo = True
self.rule.localize()
self.backup = ""
self.confpath = ""
if not self.rule.suse:
try:
self.confpaths = self.rule.repos
except:
pass
for p in self.confpaths:
if os.path.exists(p):
self.confpath = p
self.backup = p + ".stonixtest"
copy2(p, self.backup)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableTouchID(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = InstallCasperSuite(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableAdminLoginOverride(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableSerialLoginPrompts(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = SymlinkDangerFiles(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SecureMTA(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
if self.environ.operatingsystem == "Mac OS X":
self.isMac = True
else:
self.isMac = False
if not self.isMac:
self.ph = Pkghelper(self.logdispatch, self.environ)
self.origState = [False, False, False, False]
self.smPath = "/etc/mail/sendmail.cf"
self.smTmp = "/tmp/" + os.path.split(self.smPath)[1] + ".utmp"
self.pfPathlist = ['/etc/postfix/main.cf',
'/private/etc/postfix/main.cf',
'/usr/lib/postfix/main.cf']
self.pfPath = ""
for path in self.pfPathlist:
if os.path.exists(path):
self.pfPath = path
if self.pfPath == "":
self.pfPath = "/etc/postfix/main.cf"
self.pfTmp = "/tmp/" + os.path.split(self.pfPath)[1] + ".utmp"
def setUp(self):
RuleTest.setUp(self)
self.rule = InstallCasperSuite(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = NetworkTuning(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.fh = FileHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = BootSecurity(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.checkUndo = True
def setUp(self):
RuleTest.setUp(self)
self.rule = SoftwarePatching(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = ConfigureGatekeeper(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SecureDHCPServer(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableGUILogon(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.sh = ServiceHelper(self.environ, self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableBluetooth(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = InstalledSoftwareVerification(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
def setUp(self):
RuleTest.setUp(self)
self.rule = ConfigureKerberos(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.fh = FileHelper(self.logdispatch, self.statechglogger)
if self.environ.getosfamily() == 'darwin':
self.files = {"kerb5.conf":
{"path": "/etc/krb5.conf",
"remove": True,
"content": None,
"permissions": None,
"owner": None,
"group": None,
"eventid": str(self.rulenumber).zfill(4) +
"kerb5ut"},
"edu.mit.Kerberos":
{"path": "/Library/Preferences/edu.mit.Kerberos",
"remove": False,
"content": "test",
"permissions": None,
"owner": None,
"group": None,
"eventid": str(self.rulenumber).zfill(4) +
"Kerberosut"},
"edu.mit.Kerberos.krb5kdc.launchd":
{"path": "/Library/Preferences/edu.mit.Kerberos.krb5kdc.launchd",
"remove": False,
"content": "test",
"permissions": None,
"owner": None,
"group": None,
"eventid": str(self.rulenumber).zfill(4) +
"krb5kdcut"},
"edu.mit.Kerberos.kadmind.launchd":
{"path": "/Library/Preferences/edu.mit.Kerberos.kadmind.launchd",
"remove": False,
"content": "test",
"permissions": None,
"owner": None,
"group": None,
"eventid": str(self.rulenumber).zfill(4) +
"kadmindut"},
}
else:
self.files = {"kerb5.conf":
{"path": "/etc/krb5.conf",
"remove": True,
"content": None,
"permissions": None,
"owner": None,
"group": None,
"eventid": str(self.rulenumber).zfill(4) +
"kerb5ut"}}
def setUp(self):
RuleTest.setUp(self)
self.rule = SecureApacheWebserver(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = NoCachedFDEKeys(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SystemIntegrityProtection(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SystemAccounting(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = AuditNetworkSniffing(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableInteractiveStartup(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = EnableKernelAuditing(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = VerifyAccPerms(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableWeakAuthentication(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = NoLegacyPlusAccts(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = AuditSSHKeys(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ignoreresults = True
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableGuestAccess(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.dc = "/usr/bin/defaults"
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableSIRIandContinuityFeatures(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictAdminSSH(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = RemoveBadDotFiles(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SetRootDefaults(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = MinimizeServices(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = DisableScreenSavers(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictMounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.sh = ServiceHelper(self.environ, self.logdispatch)
