def test_060_host_quota(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
global app
nuke_rules()
priority_level = 7 # Severely Limited
given_quota = 10000 # 10k
# Remove any existing quota
uvmContext.hostTable().removeQuota(remote_control.client_ip)
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create rule to give quota
append_rule(create_quota_rule("HOST_HAS_NO_QUOTA","true","GIVE_HOST_QUOTA",given_quota))
# Create penalty for exceeding quota
append_rule(create_single_condition_rule("HOST_QUOTA_EXCEEDED","true","SET_PRIORITY",priority_level))
# Download the file so quota is exceeded
global_functions.get_download_speed(meg=1)
# quota accounting occurs every 60 seconds, so we must wait at least 60 seconds
time.sleep(60)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio )
# Remove quota
uvmContext.hostTable().removeQuota(remote_control.client_ip)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Quota Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"action", 1, #quota given
"size", given_quota,
"entity", remote_control.client_ip)
assert(found)
found = global_functions.check_events( events.get('list'), 5,
"action", 2, #quota exceeded
"entity", remote_control.client_ip)
assert(found)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.client_ip)
assert( found )
def test_052_functional_icmp_log(self):
"""
Check for ICMP (ping)
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test")
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'protocol', "1",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_031_rule_modify(self):
"""
Modify existing rule and rule to enable it
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
rule_desc = appSettings['rules']['list'][0]['description']
if rule_desc != "ATS rule":
raise unittest.SkipTest('Skipping as test test_030_rule_add is needed')
else:
appSettings['rules']['list'][0]['action'] = "log"
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_110_eventlog_smtpSSLVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
# email the file
result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False)
appSSL.stop()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1)
# print(events['list'][0])
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"addr", "*****@*****.**",
"subject", str(fname),
's_server_addr', testsiteIP,
self.shortName() + '_clean', False,
min_date=startTime)
assert( found )
def test_021_shieldOffNmap(self):
# enable logging of blocked settings
netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings['logBlockedSessions'] = True
netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
settings = app.getSettings()
settings['shieldEnabled'] = False
app.setSettings(settings)
start_time = datetime.datetime.now()
result = remote_control.run_command(
"nmap -PN -sT -T5 --min-parallelism 15 -p10000-10100 1.2.3.5 2>&1 >/dev/null"
)
assert (result == 0)
events = global_functions.get_events('Shield',
'Blocked Session Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
'c_client_addr',
remote_control.client_ip,
's_server_addr',
'1.2.3.5',
min_date=start_time)
assert (not found)
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate(
"firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(
createFirewallSingleConditionRule("SRC_ADDR",
remote_control.client_ip))
blockRackFirewall.setRules(rules)
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy(
blockRackFirewall.getAppSettings()["id"])
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager', 'All Events',
None, 100)
assert (events != None)
found = global_functions.check_events(events.get('list'), 100,
"s_server_addr",
str(test_untangle_com_ip),
"policy_id", 1, "c_client_addr",
remote_control.client_ip)
assert (found)
def test_090_checkTLSwSSLInspector(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + smtpServerHost)
test_untangle_IP = socket.gethostbyname(smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['allowTls'] = False
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
tlsSMTPResult, to_address = sendSpamMail(useTLS=True)
# print("TLS 090 : " + str(tlsSMTPResult))
appSSL.stop()
assert(tlsSMTPResult == 0)
events = global_functions.get_events(self.displayName(),'Quarantined Events',None,1)
assert( events != None )
assert( events.get('list') != None )
print(events['list'][0])
found = global_functions.check_events( events.get('list'), 5,
's_server_addr', test_untangle_IP,
's_server_port', 25,
'addr', to_address,
'c_client_addr', remote_control.client_ip)
assert( found )
def test_060_checkTLSwSSLInspector(self):
global appSSL
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' +
smtpServerHost)
if (not mail_app):
raise unittest.SkipTest('Unable download mailsendder app')
ip_address_testuntangle = socket.gethostbyname(smtpServerHost)
appSSL.start()
tlsSMTPResult = sendPhishMail(mailfrom="test060",
host=smtpServerHost,
useTLS=True)
# print("TLS : " + str(tlsSMTPResult))
appSSL.stop()
assert (tlsSMTPResult == 0)
events = global_functions.get_events('Phish Blocker',
'All Phish Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, 'c_server_addr', ip_address_testuntangle,
's_server_port', 25, 'addr', '*****@*****.**',
'c_client_addr', remote_control.client_ip, 'phish_blocker_action',
'D')
def test_610_web_search_rules(self):
"""check the https web rule searches log correctly"""
term = "boobs"
termTests = [{
"host": "www.bing.com",
"uri": ("/search?q=%s&qs=n&form=QBRE" % term),
}, {
"host": "search.yahoo.com",
"uri": ("/search?p=%s" % term),
}, {
"host": "www.google.com",
"uri": ("/search?hl=en&q=%s" % term),
}]
search_term_rule_add(term)
for t in termTests:
eventTime = datetime.datetime.now()
result = remote_control.run_command(
"curl -s -4 -o /dev/null -A 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' --connect-timeout 10 --insecure 'https://%s%s'"
% (t["host"], t["uri"]))
assert (result == 0)
events = global_functions.get_events("Web Filter",
'All Search Events', None, 1)
found = global_functions.check_events(events.get('list'), 5,
"host", t["host"], "term",
term, 'blocked', True,
'flagged', True)
assert (found)
search_term_rules_clear()
def test_020_testHttpPatternLog(self):
nukepatterns(self._app)
addPatterns(
self._app,
definition=
"http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\\x09-\\x0d -~]* http/[01]\\.[019]",
protocol="HTTP",
category="Web",
description="HyperText Transfer Protocol")
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
nukepatterns(self._app)
assert (result == 0)
time.sleep(3)
events = global_functions.get_events('Application Control Lite',
'All Events', None, 5)
assert (events != None)
print(events)
found = global_functions.check_events(
events.get('list'), 5, 'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'HTTP',
'application_control_lite_blocked', False)
assert (found)
def test_054_functional_udp_block(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999998",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="udp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
result = remote_control.run_command("host www.companysecret.com 4.2.2.1 > /dev/null")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_020_severely_limited_tcp(self):
nuke_rules(self._app)
priority_level = 7
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(
download_server=target_server)
# Create SRC_ADDR based rule to limit bandwidth
append_rule(
self._app,
create_single_condition_rule("SRC_ADDR", remote_control.client_ip,
"SET_PRIORITY", priority_level))
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(
download_server=target_server)
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control',
'Prioritized Sessions', None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"bandwidth_control_priority",
priority_level, "c_client_addr",
remote_control.client_ip)
assert (found)
def test_030_checkUserRegistrationScript(self):
"""
checkUserRegistration
"""
# remove leading and trailing spaces.
http_admin = global_functions.get_http_url()
assert (http_admin)
test_name = "randomName-" + "".join(
[random.choice(string.ascii_letters) for i in range(15)])
test_name_lower = test_name.lower()
result = register_username(http_admin, test_name)
user_list = get_list_of_username_mapped()
# print('test_name %s' % test_name)
# print('result %s' % result)
# print('user_list %s' % user_list)
found_username = find_name_in_host_table(test_name_lower)
assert (found_username)
assert (result == 0)
assert (test_name_lower in user_list)
events = global_functions.get_events('Directory Connector',
'API Events', None, 1)
assert (events != None)
found_in_reports = global_functions.check_events(
events.get('list'), 5, "login_name", test_name_lower,
"client_addr", remote_control.client_ip)
assert (found_in_reports)
def test_110_eventlog_smtpSSLVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
# email the file
result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False)
appSSL.stop()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1)
# print(events['list'][0])
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"addr", "*****@*****.**",
"subject", str(fname),
's_server_addr', testsiteIP,
self.shortName() + '_clean', False,
min_date=startTime)
assert( found )
def test_030_checkUserRegistrationScript(self):
"""
checkUserRegistration
"""
# remove leading and trailing spaces.
http_admin = global_functions.get_http_url()
assert(http_admin)
test_name = "randomName-" + "".join( [random.choice(string.ascii_letters) for i in range(15)] )
test_name_lower = test_name.lower()
result = register_username(http_admin, test_name)
user_list = get_list_of_username_mapped()
# print('test_name %s' % test_name)
# print('result %s' % result)
# print('user_list %s' % user_list)
found_username = find_name_in_host_table(test_name_lower)
assert(found_username)
assert (result == 0)
assert (test_name_lower in user_list)
events = global_functions.get_events('Directory Connector','API Events',None,1)
assert(events != None)
found_in_reports = global_functions.check_events( events.get('list'), 5,
"login_name",test_name_lower,
"client_addr", remote_control.client_ip)
assert( found_in_reports )
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip));
blockRackFirewall.setRules(rules);
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] )
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager','All Events',None,100)
assert(events != None)
found = global_functions.check_events( events.get('list'), 100,
"s_server_addr", str(test_untangle_com_ip),
"policy_id", 1,
"c_client_addr", remote_control.client_ip)
assert( found )
def test_031_rule_modify(self):
"""
Modify existing rule and rule to enable it
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
rule_desc = appSettings['rules']['list'][0]['description']
if rule_desc != "ATS rule":
raise unittest.SkipTest('Skipping as test test_030_rule_add is needed')
else:
appSettings['rules']['list'][0]['action'] = "log"
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_080_nmap_log(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest(
"IperfServer test client unreachable, skipping alternate port forwarding test"
)
startTime = datetime.datetime.now()
# start nmap on client
remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1",
host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 5)
found = global_functions.check_events(events.get('list'),
5,
'msg',
"NMAP",
'blocked',
False,
min_date=startTime)
def test_620_web_search_block(self):
"""test that search events are blocked and show up in 'Blocked Search Events'"""
term = "boobs"
termTests = [{
"host": "www.bing.com",
"uri": ("/search?q=%s&qs=n&form=QBRE" % term),
}, {
"host": "search.yahoo.com",
"uri": ("/search?p=%s" % term),
}, {
"host": "www.google.com",
"uri": ("/search?hl=en&q=%s" % term),
}]
search_term_rule_add(term)
for t in termTests:
result = remote_control.run_command(
"curl -s -4 -o /dev/null -A 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' --connect-timeout 10 --insecure 'https://%s%s'"
% (t["host"], t["uri"]))
assert (result == 0)
events = global_functions.get_events("Web Filter",
"Blocked Search Events", None,
1)
found = global_functions.check_events(events.get('list'), 5,
"host", t["host"], "term",
term, "blocked", True,
"flagged", True)
assert (found)
search_term_rules_clear()
def test_025_ping_test_wan_offline(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest.SkipTest(
"Need at least two WANS for test_025_addPingFailTestForWans")
nuke_rules()
orig_offline_count = offline_wan_count()
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
build_wan_test(wanIndex, "ping", pingHost="192.168.244.1")
wait_for_wan_offline()
offline_count = offline_wan_count()
assert (offline_count > orig_offline_count)
result = remote_control.is_online()
assert (result == 0)
events = global_functions.get_events('WAN Failover', 'Outage Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 2, "action",
"DISCONNECTED")
assert (found)
def test_052_functional_icmp_log(self):
"""
Check for ICMP (ping)
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test")
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'protocol', "1",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_103_eventlog_ftpNonVirus(self):
ftp_result = subprocess.call(
["ping", "-c", "1", global_functions.ftp_server],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" +
global_functions.ftp_server +
"/test.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Clean Ftp Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, "uri",
"test.zip",
self.shortName() + '_clean',
True)
assert (found)
def test_106_eventlog_smtpVirusPassList(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsite)
addPassSite(testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" % (fname, fname))
if result != 0:
nukePassSites()
assert( False )
# download the email script
result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py")
if result != 0:
nukePassSites()
assert( False )
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
if result != 0:
nukePassSites()
assert( False )
# email the file
result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar" % (testsiteIP, fname))
nukePassSites()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Email Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"addr", "*****@*****.**",
"subject", str(fname),
self.shortName() + '_clean', True,
min_date=startTime )
assert( found )
def test_105_eventlog_smtpNonVirus(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsite)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
print("fname: %s" % fname)
result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" %
(fname, fname))
assert (result == 0)
# download the email script
result = remote_control.run_command(
"wget -q -O /tmp/email_script.py http://" + testsite +
"/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# email the file
result = remote_control.run_command(
"/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/attachment-%s"
% (testsiteIP, fname, fname))
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Clean Email Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
"addr",
"*****@*****.**",
"subject",
str(fname),
self.shortName() + '_clean',
True,
min_date=startTime)
assert (found)
def test_104_eventlog_smtpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command(
"wget -q -O /tmp/email_script.py http://" + testsite +
"/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# email the file
result = remote_control.run_command(
"/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar"
% (testsiteIP, fname))
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Infected Email Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
"addr",
"*****@*****.**",
"subject",
str(fname),
self.shortName() + '_clean',
False,
min_date=startTime)
assert (found)
def test_020_smtpTest(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' +
smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
# Get the IP address of test.untangle.com
test_untangle_IP = socket.gethostbyname(smtpServerHost)
result, to_address = sendSpamMail()
events = global_functions.get_events(self.displayName(),
'Quarantined Events', None, 1)
assert (events != None)
assert (events.get('list') != None)
print(events['list'][0])
found = global_functions.check_events(events.get('list'), 10,
's_server_addr',
test_untangle_IP,
's_server_port', 25, 'addr',
to_address, 'c_client_addr',
remote_control.client_ip)
assert (found)
def test_090_checkTLSwSSLInspector(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' +
smtpServerHost)
test_untangle_IP = socket.gethostbyname(smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['allowTls'] = False
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0, createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
tlsSMTPResult, to_address = sendSpamMail(useTLS=True)
# print("TLS 090 : " + str(tlsSMTPResult))
appSSL.stop()
assert (tlsSMTPResult == 0)
events = global_functions.get_events(self.displayName(),
'Quarantined Events', None, 1)
assert (events != None)
assert (events.get('list') != None)
print(events['list'][0])
found = global_functions.check_events(events.get('list'), 5,
's_server_addr',
test_untangle_IP,
's_server_port', 25, 'addr',
to_address, 'c_client_addr',
remote_control.client_ip)
assert (found)
def test_600_web_searches(self):
"""check the web searches log correctly"""
termTests = [{
"host": "www.bing.com",
"uri": "/search?q=oneterm&qs=n&form=QBRE",
"term": "oneterm"
},{
"host": "www.bing.com",
"uri": "/search?q=two+terms&qs=n&form=QBRE",
"term": "two terms"
},{
"host": "www.bing.com",
"uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE",
"term": '"quoted terms"'
}]
host = "www.bing.com"
uri = "/search?q=oneterm&qs=n&form=QBRE"
for t in termTests:
fname = sys._getframe().f_code.co_name
eventTime = datetime.datetime.now()
result1 = remote_control.run_command("wget -q -O - 'http://%s%s' 2>&1 >/dev/null" % ( t["host"], t["uri"] ) )
events = global_functions.get_events(self.displayName(),'All Query Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", t["host"],
"term", t["term"])
assert( found )
def test_054_functional_udp_block(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999998",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="udp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
result = remote_control.run_command("host www.companysecret.com 4.2.2.1 > /dev/null")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_030_smtpMarkPhishBlockerTest(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' +
smtpServerHost)
if (not mail_app):
raise unittest.SkipTest('Unable download mailsendder app')
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 5
appData['smtpConfig']['msgAction'] = "MARK"
app.setSettings(appData)
# Get the IP address of test.untangle.com
ip_address_testuntangle = socket.gethostbyname(smtpServerHost)
timeout = 12
found = False
email_index = 20
while (not found and timeout > 0):
time.sleep(3)
email_index += 1
from_address = "test0" + str(email_index)
sendPhishMail(mailfrom=from_address)
events = global_functions.get_events('Phish Blocker',
'All Phish Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, 'c_server_addr',
ip_address_testuntangle, 's_server_port', 25, 'addr',
'*****@*****.**', 'c_client_addr',
remote_control.client_ip, 'phish_blocker_action', 'M')
timeout -= 1
assert (found)
def test_025_ftpVirusBlocked(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(
["ping", "-c", "1", global_functions.ftp_server],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
remote_control.run_command("rm -f /tmp/temp_025_ftpVirusBlocked_file")
result = remote_control.run_command(
"wget --user="******" --password='******' -q -O /tmp/temp_025_ftpVirusBlocked_file ftp://" +
global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
md5TestNum = remote_control.run_command(
"\"md5sum /tmp/temp_025_ftpVirusBlocked_file | awk '{print $1}'\"",
stdout=True)
print("md5StdNum <%s> vs md5TestNum <%s>" % (md5StdNum, md5TestNum))
assert (md5StdNum != md5TestNum)
events = global_functions.get_events(self.displayName(),
'Infected Ftp Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, "s_server_addr",
global_functions.ftp_server, "c_client_addr",
remote_control.client_ip, "uri", "fedexvirus.zip",
self.shortName() + '_clean', False)
assert (found)
def test_102_eventlog_ftpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(
["ping", "-c", "1", global_functions.ftp_server],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command(
"wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" +
global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Infected Ftp Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, "uri",
"fedexvirus.zip",
self.shortName() + '_clean',
False)
assert (found)
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# clear out the signature list
appSettings['signatures']['list'] = []
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999999",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="tcp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
app.forceUpdateStats()
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_detect = global_functions.get_app_metric_value(app,"detect")
pre_events_block = global_functions.get_app_metric_value(app,"block")
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
time.sleep(10)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_detect = global_functions.get_app_metric_value(app,"detect")
post_events_block = global_functions.get_app_metric_value(app,"block")
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert(pre_events_detect < post_events_detect)
assert(pre_events_block < post_events_block)
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# clear out the signature list
appSettings['signatures']['list'] = []
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999999",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="tcp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
app.forceUpdateStats()
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_detect = global_functions.get_app_metric_value(app,"detect")
pre_events_block = global_functions.get_app_metric_value(app,"block")
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
time.sleep(10)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_detect = global_functions.get_app_metric_value(app,"detect")
post_events_block = global_functions.get_app_metric_value(app,"block")
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert(pre_events_detect < post_events_detect)
assert(pre_events_block < post_events_block)
def test_030_checkSslInspectorInspectorEventLog(self):
remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName))
events = global_functions.get_events('SSL Inspector','All Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"ssl_inspector_status","INSPECTED",
"ssl_inspector_detail",testedServerName)
assert( found )
def test_020_backupNow(self):
self._app.sendBackup()
events = global_functions.get_events('Configuration Backup',
'Backup Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, 'success',
True)
assert (found)
def test_022_notBlocked(self):
result = remote_control.run_command(
"wget -4 -q -O /dev/null http://www.google.com")
assert (result == 0)
events = global_functions.get_events('Ad Blocker', 'All Ad Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, 'host',
'www.google.com', 'uri', ("/"),
'ad_blocker_action', 'P')
def test_020_backupNow(self):
global app
boxUID = uvmContext.getServerUID()
app.sendBackup()
events = global_functions.get_events('Configuration Backup','Backup Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'success', True )
assert( found )
def test_020_basic_block(self):
result = remote_control.run_command("wget -q -4 -t 2 -O - http://account.paypal-inc.tribesiren.com 2>&1 | grep -q blocked")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Blocked Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host","account.paypal-inc.tribesiren.com",
self.eventAppName() + '_blocked', True,
self.eventAppName() + '_flagged', True )
assert( found )
def test_030_test_untangle_com_reachable(self):
result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q text123")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'All Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host","test.untangle.com",
self.eventAppName() + '_blocked', False,
self.eventAppName() + '_flagged', False )
assert( found )
def test_040_checkWebFilterEventLog(self):
addBlockedUrl(testedServerName)
remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName))
nukeBlockedUrls()
events = global_functions.get_events('Web Filter','Blocked Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testedServerName,
"web_filter_blocked", True)
assert( found )
def test_101_eventlog_httpNonVirus(self):
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget -q -O - http://" + testsite + "/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testsite,
"uri", ("/test/test.zip?arg=%s" % fname),
self.shortName() + '_clean', True )
assert( found )
def test_102_admin_login_event(self):
uvmContext.adminManager().logAdminLoginEvent( "admin", True, "127.0.1.1", True, 'X' )
events = global_functions.get_events('Administration','Admin Login Events',None,10)
assert(events != None)
for i in events.get('list'):
print(i)
found = global_functions.check_events( events.get('list'), 10,
'client_addr', "127.0.1.1",
'reason', 'X',
'local', True,
'succeeded', True,
'login', 'admin' )
assert( found )
def test_103_eventlog_ftpNonVirus(self):
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"uri", "test.zip",
self.shortName() + '_clean', True )
assert( found )
def test_100_eventlog_httpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget -q -O - http://" + testsite + "/virus/eicar.zip?arg=%s 2>&1 | grep -q blocked" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testsite,
"uri", ("/virus/eicar.zip?arg=%s" % fname),
self.shortName() + '_clean', False )
assert( found )
def test_023_eventlog_blockedAd(self):
fname = sys._getframe().f_code.co_name
# specify an argument so it isn't confused with other events
eventTime = datetime.datetime.now()
result = remote_control.run_command("wget -4 -q -O /dev/null http://ads.pubmatic.com/AdServer/js/showad.js?arg=%s" % fname)
assert ( result != 0 )
events = global_functions.get_events('Ad Blocker','Blocked Ad Events',None,1)
assert( events != None )
found = global_functions.check_events( events.get('list'), 5,
'host', 'ads.pubmatic.com',
'uri', ("/AdServer/js/showad.js?arg=%s" % fname),
'ad_blocker_action', 'B' )
assert( found )
def test_100_eventlog_Block_Google(self):
touchProtoRule("Google",True,True)
result = remote_control.run_command("wget -O /dev/null -4 -t 2 --timeout=5 http://www.google.com/")
assert (result != 0)
time.sleep(1)
events = global_functions.get_events('Application Control','Blocked Sessions',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"application_control_application", "GOOGLE",
"application_control_category", "Web Services",
"application_control_blocked", True,
"application_control_flagged", True)
assert( found )
def test_102_reports_all_urls(self):
"""check the All Web Events report"""
fname = sys._getframe().f_code.co_name
self.block_url_list_clear();
# specify an argument so it isn't confused with other events
result1 = remote_control.run_command("wget -q -O - http://test.untangle.com/test/testPage1.html?arg=%s 2>&1 >/dev/null" % fname)
events = global_functions.get_events(self.displayName(),'All Web Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host","test.untangle.com",
"uri", ("/test/testPage1.html?arg=%s" % fname),
'web_filter_blocked', False,
'web_filter_flagged', False )
assert( found )
def test_050_alert_rule(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['alertRules']['list'].append( new_rule )
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
events = global_functions.get_events('Events','Alert Events',None,10)
found = global_functions.check_events( events.get('list'), 5,
'description', 'test alert rule' )
uvmContext.eventManager().setSettings( orig_settings )
assert(events != None)
assert ( found )
def test_200_scanFileExtension(self):
"""test that "Scan" option in advanced tab is scanned, using zip file"""
#find 'zip' file extension and enable scan option
enableFileExtensionScan("zip")
remote_control.run_command("wget -q -O - http://test.untangle.com/test/test.zip 2>&1")
events = global_functions.get_events(self.displayName(),'Scanned Web Events',None,1)
assert(events != None)
found = global_functions.check_events(events.get("list"), 50,
'host', 'test.untangle.com',
'c_client_addr', remote_control.client_ip,
'uri', '/test/test.zip')
assert(found)
def test_102_eventlog_ftpVirus(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"uri", "fedexvirus.zip",
self.shortName() + '_clean', False )
assert( found )
def test_060_testDnsUdpPatternBlock(self):
nukepatterns()
addPatterns(definition="^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c]",
protocol="DNS",
blocked=True,
category="Web",
description="Domain Name System")
result = remote_control.run_command("host -R 1 www.google.com 8.8.8.8")
assert (result != 0)
time.sleep(3);
events = global_functions.get_events('Application Control Lite','All Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'DNS',
'application_control_lite_blocked', True )
assert( found )
def test_030_testHttpPatternBlocked(self):
nukepatterns()
addPatterns(definition="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\\x09-\\x0d -~]* http/[01]\\.[019]",
protocol="HTTP",
blocked=True,
category="Web",
description="HyperText Transfer Protocol")
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
time.sleep(3);
events = global_functions.get_events('Application Control Lite','All Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'HTTP',
'application_control_lite_blocked', True )
assert( found )
def test_040_testFtpPatternBlock(self):
nukepatterns()
addPatterns(definition="^220[\x09-\x0d -~]*ftp",
protocol="FTP",
blocked=True,
category="Web",
description="File Transfer Protocol")
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 ftp://test.untangle.com")
assert (result != 0)
time.sleep(3);
events = global_functions.get_events('Application Control Lite','All Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'application_control_lite_protocol', 'FTP',
'application_control_lite_blocked', True )
assert( found )
def check_events(self, host="", uri="", blocked=True, flagged=None):
app_display_name = self.app.getAppTitle()
if flagged == None:
flagged = blocked
if (("Monitor" in app_display_name) and blocked):
blocked = False
if (blocked):
event_list = "Blocked Web Events"
elif (flagged):
event_list = "Flagged Web Events"
else:
event_list = "All Web Events"
events = global_functions.get_events(app_display_name, event_list, None, 10)
assert(events != None)
found = global_functions.check_events( events.get('list'), 10,
"host", host,
"uri", uri,
'web_filter_blocked', blocked,
'web_filter_flagged', flagged )
return found
def test_050_severely_limited_web_filter_flagged(self):
global app, app_web_filter
nuke_rules()
pre_count = global_functions.get_app_metric_value(app,"prioritize")
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(download_server="test.untangle.com")
# Create WEB_FILTER_FLAGGED based rule to limit bandwidth
append_rule(create_single_condition_rule("WEB_FILTER_FLAGGED","true","SET_PRIORITY",priority_level))
# Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology
settingsWF = app_web_filter.getSettings()
i = 0
untangleCats = ["Computer,", "Security"]
for webCategories in settingsWF['categories']['list']:
if any(x in webCategories['name'] for x in untangleCats):
settingsWF['categories']['list'][i]['flagged'] = "true"
i += 1
app_web_filter.setSettings(settingsWF)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(download_server="test.untangle.com")
print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio )
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.client_ip)
assert( found )
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app,"prioritize")
assert(pre_count < post_count)
def test_025_ftpVirusBlocked(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest.SkipTest("FTP server not available")
remote_control.run_command("rm -f /tmp/temp_022_ftpVirusBlocked_file")
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
md5TestNum = remote_control.run_command("\"md5sum /tmp/temp_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True)
print("md5StdNum <%s> vs md5TestNum <%s>" % (md5StdNum, md5TestNum))
assert (md5StdNum != md5TestNum)
events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"s_server_addr", global_functions.ftp_server,
"c_client_addr", remote_control.client_ip,
"uri", "fedexvirus.zip",
self.shortName() + '_clean', False )
assert( found )
