def test_firewall_enabled_pos():
with mock.patch('iptc.Table') as ipt:
chain0 = mock.Mock()
chain0.name = 'INPUT'
chain0.rules = [object(), object()]
ipt.return_value = [chain0]
assert is_firewall_enabled() is True
def test_firewall_enabled_neg():
with mock.patch('iptc.Table') as ipt:
chain0 = mock.Mock()
chain0.name = 'INPUT'
chain0.rules = []
ipt.return_value = [chain0]
assert is_firewall_enabled() is False
def send_ping(debug=False, dev=False):
can_read_cert()
payload = {
'device_operating_system_version': platform.release(),
'fqdn': socket.getfqdn(),
'ipv4_address': get_primary_ip(),
'uptime': get_uptime(),
'scan_info': get_open_ports(),
'netstat': security_helper.netstat_scan(),
'processes': security_helper.process_scan(),
'firewall_enabled': security_helper.is_firewall_enabled(),
'firewall_rules': security_helper.get_firewall_rules(),
'app_armor_enabled': security_helper.is_app_armor_enabled()
}
rpi_metadata = rpi_helper.detect_raspberry_pi()
if rpi_metadata['is_raspberry_pi']:
payload['device_manufacturer'] = 'Raspberry Pi'
payload['device_model'] = rpi_metadata['hardware_model']
if debug:
print("[GATHER] Ping: {}".format(payload))
ping = requests.post('{}/v0.2/ping'.format(MTLS_ENDPOINT),
cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH),
json=payload,
headers={
'SSL-CLIENT-SUBJECT-DN': 'CN=' + get_device_id(),
'SSL-CLIENT-VERIFY': 'SUCCESS'
} if dev else {})
if debug:
print("[RECEIVED] Ping: {}".format(ping.status_code))
print("[RECEIVED] Ping: {}".format(ping.content))
if not ping.ok:
print('Ping failed.')
return
pong = ping.json()
security_helper.block_ports(pong.get('block_ports', []))
security_helper.block_networks(pong.get('block_networks', []))
def test_firewall_enabled_neg():
with mock.patch('agent.iptc_helper.dump_chain') as dump_chain:
dump_chain.return_value = []
assert is_firewall_enabled() is False
def test_firewall_enabled_pos():
with mock.patch('agent.iptc_helper.dump_chain') as dump_chain:
dump_chain.return_value = [{'dst': 'DROP'}]
assert is_firewall_enabled() is True
def test_firewall_enabled_neg():
with mock.patch('agent.iptc_helper.get_policy') as get_policy:
get_policy.return_value = 'ACCEPT'
assert is_firewall_enabled() is False
def test_firewall_enabled_pos():
with mock.patch('agent.iptc_helper.get_policy') as get_policy:
get_policy.return_value = 'DROP'
assert is_firewall_enabled() is True
