def testThereAreNoUnownedFiles(self): """ No files on AMI that are not owned by a user """ self.assertEquals(execute( "find / -xdev \( -nouser -o -nogroup \) \( -path /tmp -o -path /var/tmp \) -prune -print 2>&1 | \ grep -vi 'No such file or directory' | \ wc -l").strip(), "0")
def testNoNewPemFilesInSalt(self): """ Pem files are forbidden in Marketplace AMIs. """ saltRoot = "/srv/salt" # Make sure no pem files creep into AMIs either self.assertEquals(execute("sudo find %s -name '*.pem' -print 2>&1 | \ grep -v 'No such file or directory' | \ wc -l " % saltRoot).strip(), '0', "Found .pem file in %s directory tree!" % saltRoot)
def testNoNewSSHPubkeysInSalt(self): """ Make sure pubkeys don't slip in in new formulas we add to our salt configuration or we'll fail the marketplace acceptance tests. """ saltRoot = "/srv/salt" # Make sure no new pubkeys creep into AMIs self.assertEquals( execute("""sudo find %s -name '*.pub' -print 2>&1 | \ grep -v 'No such file or directory' | \ wc -l""" % saltRoot).strip(), '0', "Found .pub file in %s directory tree!" % saltRoot)
def testNoNewSSHPubkeysInSalt(self): """ Make sure pubkeys don't slip in in new formulas we add to our salt configuration or we'll fail the marketplace acceptance tests. """ saltRoot = "/srv/salt" # Make sure no new pubkeys creep into AMIs self.assertEquals(execute("""sudo find %s -name '*.pub' -print 2>&1 | \ grep -v 'No such file or directory' | \ wc -l""" % saltRoot).strip(), '0', "Found .pub file in %s directory tree!" % saltRoot )
def testAllSgidFilesAreInWhitelist(self): """ All SGID files are on whitelist Ensure that no new packages we add to the AMI add sgid files without us knowing about them, since they're potential security issues. """ foundSgidFiles = execute("find / -xdev -perm +2000 2>&1 | \ grep -v 'No such file or directory'").split('\n') for sgidFile in foundSgidFiles: if len(sgidFile) > 0: self.assertTrue(sgidFile in SGID_FILE_WHITELIST, "sgid file %s not in SGID_FILE_WHITELIST" % sgidFile)