def test_iso_http_basic_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# 发送get请求,验证隔离下的http策略
print('请求地址为{}'.format(self.http_url))
content = http_check.http_get(self.http_url)
print('验证隔离下的http策略请求内容为:{}'.format(content))
assert content == http_content
def teardown_method(self):
clr_env.clear_env('gw')
clr_env.clear_met_acl('gw')
fun.cmd(self.case1_step7["step2"][0], 'gw')
fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'], domain_rmb, base_path)
clr_env.verifymod_teardown_met(base_path)
def test_vlan_bond_a1(self):
# 开启switch开关并检查是否开启成功
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 下发vlan配置
fun.send(rbmExc, message.setvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], 'vlan', 100)
assert self.case1_step2[key][1] in re
# 测试从设备端ping vlanA设备正常
resA_cmd = 'ping ' + vlanAOpeIp + ' -c 4'
print('从设备端ping vlanA设备的命令是:{}'.format(resA_cmd))
resA = fun.cmd(resA_cmd, 'gw')
print('从设备端ping vlanA的结果为:{}'.format(resA))
assert '0% packet loss' in resA
# 测试从vlanA ping设备正常
dutA_cmd = 'ping ' + gwInternetIp + ' -c 4'
print('从vlanA ping设备的命令是:{}'.format(dutA_cmd))
dutA = fun.cmd(dutA_cmd, 'vlanA')
print('从vlanA ping设备的结果为:{}'.format(dutA))
assert '0% packet loss' in dutA
# 测试从设备端ping vlanB设备正常
resB_cmd = 'ping ' + vlanBOpeIp + ' -c 4'
print('从设备端ping vlanB设备的命令是:{}'.format(resB_cmd))
resB = fun.cmd(resB_cmd, 'gw')
print('从设备端ping vlanB设备的结果为:{}'.format(resB))
assert '0% packet loss' in resB
# 测试从vlanB ping设备正常
dutB_cmd = 'ping ' + gwInternetIp + ' -c 4'
print('从vlanB ping设备的命令是:{}'.format(dutB_cmd))
dutB = fun.cmd(dutB_cmd, 'vlanB')
print('从vlanB ping设备的结果为:{}'.format(dutB))
assert '0% packet loss' in dutB
# 还原环境,移除vlan的配置,且关闭vlan的开关
# 关闭switch开关并检查是否关闭成功
for key in self.case1_step11:
fun.cmd(self.case1_step11[key][0], 'gw')
re = fun.cmd(self.case1_step11[key][1], 'gw')
assert self.case1_step11[key][2] in re
# 清空vlan配置
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0],
'gw',
self.case1_step2[key][1],
'vlan',
100,
flag='不存在')
assert self.case1_step2[key][1] not in re
def test_nginx_test_a1(self):
# 清空环境
for i in self.clr_env:
fun.cmd(i, 'gw')
for i in range(100):
# fun.cmd('systemctl reload nginx_fstack', 'gw')
fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
ff = fun.cmd('ff_netstat -an', 'gw')
print('ff结果为:{}'.format(ff))
assert proxy_ip in ff
fun.send(rbmExc, message.mailcheck1['SetMailCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
# 配置清空
fun.send(rbmExc, message.delsmtp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
fun.send(rbmExc, message.delpop3['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
print('已经执行了{}次'.format(i + 1))
def teardown_class(self):
# 回收环境
clr_env.clear_env()
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
fun.rbm_close()
fun.ssh_close('gw')
def test_http_check_get_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print('添加策略_re: ', re)
assert self.case1_step1[key][1] in re
# 数据检查
fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print("需包含字符串:", self.case1_step2[key][1])
print('httpCheck_re: ', re)
assert self.case1_step2[key][1] in re
# 发送get请求,不包含黑名单内容的普通请求
content = http_check.http_get(url)
print('get普通请求的请求内容为:{}'.format(content))
assert content == http_content
result = fun.search('/opt', 'sh', 'gw')
print('---------fun.search: \n', result)
def test_rabbitmq(self):
#清空环境
for i in self.clr_env:
fun.cmd(i, 'gw_s')
agent_config = fun.cmd('cat /etc/jsac/agentjsac.config', 'gw_s')
print(agent_config)
agent_list = agent_config.split('\n')
for i in agent_list:
str_domain = re.findall(
"DeviceDomain = (\w*\d*.\w*\d*.\w*\d*.\w*\d*.\w*\d*)", i)
if str_domain:
domain = str_domain
print(domain)
#下发配置
fun.send('ManageExchange', 'AddAclPolicy', domain, base_path)
#检查配置下发是否成功
re = fun.cmd(self.case_step['step1'][0], 'gw_s')
print(re)
assert self.case_step['step1'][1] in re
'''
def test_ftp_check_delete_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 1、登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,上传文件(上传命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.upremotePath, self.uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.uplocalPath, result1))
assert result1 == 0
# 3、登录ftp服务器,下载文件扩展名为白名单(下载命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.downremotePath, self.downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为白名单结果为:{}'.format(self.downremotePath,
result2))
assert result2 == 0
# 4、 登录ftp服务器,删除(删除命令被禁止)目录下的文件
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.deleallFile(fp, delePath)
print('ftp删除(删除命令被禁止){}的结果为:{}'.format(delePath, result3))
assert result3 == 0
def test_customapp_app_action_deny(self):
# 下发配置
fun.send(rbmExc, message.add_app_action_deny_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.add_app_action_deny_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert back_res1 == 1
fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 == 1
# 检查配置下发是否成功
for key in self.case4_step1:
re = fun.wait_data(self.case4_step1[key][0], 'FrontDut', self.case4_step1[key][1], '前置机配置', 100)
assert self.case4_step1[key][1] in re
for key in self.case4_step2:
re = fun.wait_data(self.case4_step2[key][0], 'FrontDut', self.case4_step2[key][1], '前置机配置', 100)
assert self.case4_step2[key][1] in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100)
assert self.case0_step1[key][1] in re
# 发送请求,检测定制应用通信策略是否生效
status_code = http_check.http_get(url,flag=1)
print('url:', url)
print('验证应用动作为拒绝,默认动作、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code),',请求被禁止。')
assert status_code == 0
# 文件查看audit日志
# fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300, flag='存在')
fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300)
for key in self.case4_step3:
re = fun.cmd(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1 ", 'FrontDut')
print('re:', re)
assert self.case4_step3[key][0] in re
#移除策略
fun.send(rbmExc, message.del_app_action_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.del_app_action_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res1 == 1
#检查配置移除是否成功
for key in self.case4_step4:
re = fun.wait_data(self.case4_step4[key][0], 'FrontDut', self.case4_step4[key][1], '前置机配置', 100,flag='不存在')
assert self.case4_step4[key][1] not in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0], 'BackDut', self.case0_step1[key][1], '后置机配置', 100, flag='不存在')
assert self.case0_step1[key][1] not in re
def teardown_method(self):
clr_env.clear_env('gw')
clr_env.clear_met_acl('gw')
fun.send(rbmExc, message.verifymod_expired_DelAuthCert['DelAuthCert'],
domain_rmb, base_path)
fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'],
domain_rmb, base_path)
clr_env.verifymod_teardown_met(base_path)
def verifymod_teardown_met(base_path):
start = time.time()
fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'],
rbmDomain, base_path)
fun.cmd('ipauth-jsac --clear', 'gw')
print(
"=========================== verifymod_teardown_met 结束 耗时:{}s =================================="
.format(time.time() - start))
def test_ftp_check_upload_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.case2_upremotePath,
self.case2_uplocalPath)
print('第一个ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case2_uplocalPath,
result1))
assert result1 == 1
# 登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.uploadFile(fp, self.case2_allow_upremotePath,
self.case2_allow_uplocalPath)
print('第二个ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case2_allow_uplocalPath,
result2))
assert result2 == 1
# 登录ftp服务器,上传文件扩展名为非白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.uploadFile(fp, self.case2_deny_upremotePath,
self.case2_deny_uplocalPath)
print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case2_deny_uplocalPath,
result3))
assert result3 == 0
def test_customapp_default_action_allow(self):
# 下发配置
fun.send(rbmExc, message.add_app_default_action_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.add_app_default_action_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 ==1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert back_res1 == 1
fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
# re = fun.cmd(self.case1_step1[key][0], 'FrontDut')
# print(re)
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '前置机配置', 100)
assert self.case1_step1[key][1] in re
for key in self.case1_step2:
# re = fun.cmd(self.case1_step2[key][0], 'FrontDut')
# print(re)
re = fun.wait_data(self.case1_step2[key][0], 'FrontDut', self.case1_step2[key][1], '前置机配置', 100)
assert self.case1_step2[key][1] in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100)
assert self.case0_step1[key][1] in re
# 发送请求,检测定制应用通信策略是否生效
status_code = http_check.http_get(url,flag=1)
print('url:', url)
print('验证默认动作为允许,应用、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code))
assert status_code == 200
#移除策略
fun.send(rbmExc, message.del_app_upstream_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.del_app_upstream_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert back_res1 == 1
# 检查配置移除是否成功
for key in self.case1_step3:
# re = fun.cmd(self.case1_step1[key][0], 'FrontDut')
# print(re)
re = fun.wait_data(self.case1_step3[key][0], 'FrontDut', self.case1_step3[key][1], '前置机配置', 100,flag='不存在')
assert self.case1_step3[key][1] not in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100,flag='不存在')
assert self.case0_step1[key][1] not in re
def test_udp_flood(self):
# 下发配置并检查结果
print("1.网关设备开启netflow流量上报开关、fwlog抗攻击日志上报开关,下发udp协议的acl qos多桶限速策略,使用defconf --show、tupleacl --get查看开关开启,acl策略存在")
fun.cmd(self.flood2_udp["fwlog"][0],'gw')
fun.cmd(self.flood2_udp["netflow"][0],'gw')
for key in self.case_step:
re0 = fun.cmd(self.case_step[key][0], 'gw')
print(re0)
assert self.case_step[key][1] in re0
assert self.case_step[key][2] in re0
fun.send(Exc_rmb,message.AddAclPolicy_UDP['AddAclPolicy'], domain_rmb, base_path)
for key in self.case2_step1:
re0 = fun.cmd(self.case2_step1[key][0], 'gw')
print(re0)
assert self.case2_step1[key][1] in re0
# 客户端发送攻击命令
print("2.使用hping3工具发送UDP Flood攻击命令hping3 -q -n --udp --keep -p 攻击端口 --flood 服务端ip -c 10000 --faster,返回结果icmp mode set")
print('udp flood命令为:',self.flood2_udp["hping3"][0])
fun.cmd(f"hping3 -q -n --udp --keep -p {port_attack} --flood {pcap_dip} -c 10000 --faster > /opt/udp_flood.txt", 'c')
re = fun.wait_data('cat /opt/udp_flood.txt', 'c', self.flood2_udp["txt"][0], '检查UDP FLOOD攻击发送', 100)
assert self.flood2_udp["txt"][0] in re
print('hping3 UDP Flood攻击命令下发成功')
# 检查抗攻击日志
print("3.检查/var/log/jsac.agentjsac.info.log日志中ReportDdosEvent上报结果,检查到有UDP Flood字段说明日志上报正确")
fun.wait_data('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw',self.case2_step2['step1'][0], '检查UDP Flood', 300, flag='存在')
for key in self.case2_step2:
re = fun.cmd('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw')
print('re:', re)
assert self.case2_step2[key][0] in re
# 移除udp策略
print("4.移除acl策略,使用tupleacl --get查看结果,使用tupleacl --get查看无策略")
fun.send(Exc_rmb, message.DelAclPolicy['DelAclPolicy'], domain_rmb, base_path)
for key in self.case2_step1:
re0 = fun.cmd(self.case2_step1[key][0], 'gw')
print(re0)
assert self.case2_step1[key][1] not in re0
print("5.网关设备关闭netflow流量上报开关、fwlog抗攻击日志上报开关,使用defconf --show查看开关关闭")
fun.cmd(self.flood2_udp["fwlog"][1],'gw')
fun.cmd(self.flood2_udp["netflow"][1],'gw')
for key in self.case_step1:
re0 = fun.cmd(self.case_step1[key][0], 'gw')
print(re0)
assert self.case_step1[key][1] in re0
assert self.case_step1[key][2] in re0
#删除/opt/*flood.txt文件
fun.cmd("rm -f /opt/*txt*", 'c')
re1 = fun.cmd("ls /opt/ |grep txt", 'c')
print('客户端txt文件查询结果是:', re1)
assert self.flood2_udp["txt"][1] not in re1
def test_ddos_syn_flood(self):
# 下发配置并检查结果
print("1.开启ddos防御开关、fwlog抗攻击日志上报开关,使用defconf --show查看开关开启")
fun.cmd(self.ddos2_ack["fwlog"][0], 'gw')
fun.send(Exc_rmb, message.setddos_open['SetDdosEnable'], domain_rmb, base_path)
for key in self.case_step:
re0 = fun.cmd(self.case_step[key][0], 'gw')
print(re0)
assert self.case_step[key][1] in re0
assert self.case_step[key][2] in re0
assert self.case_step[key][3] in re0
assert self.case_step[key][4] in re0
# 客户端发送攻击命令
print("2.使用hping3工具发送SYN Flood攻击命令hping3 -S 目的ip -p 攻击端口 --faster -c 6000,返回结果S set")
fun.cmd(self.ddos3_syn["hping3"][0], 'c')
# fun.cmd(f"hping3 -i u1000 -SA -p {port_attack} {pcap_dip} --rand-source --tcp-timestamp", 'c')
re = fun.wait_data(self.ddos3_syn["hping3"][1], 'c', self.ddos3_syn["hping3"][2], '检查ACK FLOOD攻击发送', 100)
assert self.ddos3_syn["hping3"][2] in re
print('hping3 Syn Flood攻击命令下发成功')
# 客户端发送http请求
print("3.使用curl工具发送正常http请求,返回结果为Welcome to nginx!表示http请求成功")
print(self.ddos3_syn["curl"][0])
fun.cmd(self.ddos3_syn["curl"][0], 'c')
re = fun.wait_data(self.ddos3_syn["curl"][1], 'c', self.ddos3_syn["curl"][2], '检查http请求', 100)
assert self.ddos3_syn["curl"][2] in re
print('正常http请求发送成功')
# 检查抗攻击日志
print("4.检查/var/log/jsac.agentjsac.info.log日志中ReportDdosEvent上报结果,检查到有Syn Flood字段说明日志上报正确")
fun.wait_data('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw',
self.case3_step1['step1'][0], '检查Syn Flood', 300, flag='存在')
for key in self.case3_step1:
re = fun.cmd('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw')
print('re:', re)
assert self.case3_step1[key][0] in re
print("5.网关设备关闭ddos防御开关、fwlog抗攻击日志上报开关,使用defconf --show查看开关关闭")
fun.cmd(self.ddos1_rst["fwlog"][1], 'gw')
fun.send(Exc_rmb, message.setddos_close['SetDdosEnable'], domain_rmb, base_path)
for key in self.case_step1:
re0 = fun.cmd(self.case_step1[key][0], 'gw')
print(re0)
assert self.case_step1[key][1] in re0
assert self.case_step1[key][2] in re0
assert self.case_step1[key][3] in re0
assert self.case_step1[key][4] in re0
# 删除/opt/ddos_*.txt文件
fun.cmd("rm -f /opt/*txt*", 'c')
re1 = fun.cmd("ls /opt/ |grep txt", 'c')
print('客户端txt文件查询结果是:', re1)
assert self.ddos3_syn["txt"][0] not in re1
assert self.ddos3_syn["txt"][1] not in re1
def test_add_MIME_allow(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
def teardown_class(self):
# 回收环境
clr_env.clear_env()
fun.pid_kill('8889', process='python3', gw='vlanA')
fun.pid_kill('8889', process='python3', gw='gw')
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
fun.rbm_close()
fun.ssh_close('gw')
fun.ssh_close('vlanA')
fun.ssh_close('vlanB')
def teardown_method(self):
clr_env.clear_env('gw')
clr_env.clear_met_acl('gw')
fun.cmd(self.case3_step3["step1"][0], 'gw')
fun.cmd(self.case1_step6["step1"][1], 'gw')
fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'],
domain_rmb, base_path)
clr_env.verifymod_teardown_met(base_path)
fun.cmd("rm -f /opt/verifymod*.txt", 'c')
re1 = fun.cmd("ls /opt/ |grep txt", 'c')
assert self.case3_step2["step2"][0] not in re1
def test_vlan_gw_issue_a1(self):
# 对一个接口配置多个正确的vlan
fun.send(rbmExc, message.setvlan_right['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], 'vlan', 100)
assert self.case1_step1[key][1] in re
# 对一个接口配置多个错误的vlan
fun.send(rbmExc, message.setvlan_error['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], 'vlan', 100,flag='不存在')
assert self.case1_step2[key][1] not in re
# 对一个接口配置多个vlan,部分正确,部分错误
fun.send(rbmExc, message.setvlan_part['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step3:
re = fun.wait_data(self.case1_step3[key][0], 'gw', self.case1_step3[key][1], 'vlan', 100,flag='不存在')
assert self.case1_step3[key][1] not in re
#清空环境,还原配置
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.vlan_clear:
re = fun.cmd(self.vlan_clear[key][0], 'gw')
assert self.vlan_clear[key][1] in re
def test_report_acl_labelPassPac_count_protocol_ICMP(self):
# 开启acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'], domain_rmb, base_path)
for key in self.case3_step1:
print('ip:',baseinfo.gwManageIp)
re = fun.cmd(self.case3_step1[key][0],'gw')
print('re:',re)
assert self.case3_step1[key][1] in re
# 下发acl策略并检查结果-----查询失败问题待调查
fun.send(Exc_rmb, message.AddAclPolicy_labelPassPac['AddAclPolicy'], domain_rmb, base_path)
# for key in self.case3_step2:
# print('ip:',baseinfo.gwManageIp)
# re = fun.cmd(self.case3_step2[key][0],'gw',thread=1)
# print('key:',self.case3_step2[key][0])
# print('re:',re)
# assert self.case3_step2[key][1] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \
self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 客户端发送正常请求报文
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg["send"][1], self.pkt3_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c',thread=1)
print('tcpreplay命令发送成功')
# jsac.agentjsac.info.log文件查看命中统计数
fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step1'][0], '检查拒绝数', 300, flag='存在')
fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step2'][0], '检查拒绝数', 300, flag='存在')
for key in self.case3_step3:
re = fun.cmd(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1 ",'gw')
print('re:', re)
assert self.case3_step3['step1'][0] in re
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt3_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
print('pcap_file:',pcap_file)
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_3))
print('step wait')
# 关闭acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'], domain_rmb, base_path)
for key in self.case3_step4:
re = fun.cmd(self.case3_step4[key][0], 'gw')
print('re:', re)
assert self.case3_step4[key][1] in re
# 移除掉acl策略并检查结果
fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'], domain_rmb, base_path)
def test_http_check_uri_a2(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 发送get请求,不包含黑名单内容的普通请求
content = http_check.http_get(url)
print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送post请求,不包含黑名单内容的普通请求
content = http_check.http_post(url)
print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送get请求,请求内容包含第一个黑名单
status_code = http_check.http_get(self.case2_uri1,self.data)
print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送post请求,请求内容包含第一个黑名单
status_code = http_check.http_post(self.case2_uri1, self.data)
print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送get请求,请求内容包含第二个黑名单
status_code = http_check.http_get(self.case2_uri2, self.data)
print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送post请求,请求内容包含第二个黑名单
status_code = http_check.http_post(self.case2_uri2, self.data)
print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
def test_ddos_sameSipDip_syn_flood(self):
# 下发配置并检查结果
fun.send(Exc_rmb, message.setddos_open['SetDdosEnable'], domain_rmb,
base_path)
for key in self.case1_step:
re0 = fun.cmd(self.case1_step[key][0], 'gw')
assert self.case1_step[key][2] in re0
for key in self.case1_step:
re1 = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re1
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 服务端开启http服务
fun.cmd(f"python2.7 -m SimpleHTTPServer {port_d}", 's', thread=1)
# 客户端发送攻击命令
fun.cmd(
f"hping3 -I {ciface} -a {pcap_dip} -S {pcap_dip} -p {port_attack} -i u1000",
'c',
thread=1)
fun_result = fun.cmd('ps -ef | grep hping3', 'c')
print(fun_result)
#检查hping3命令是否发送成功
assert self.pkt1_cfg["hping3"][0] in fun_result
print('hping3攻击命令下发成功')
# if self.pkt1_cfg["hping3"][0] in fun_result:
# print('hping3攻击命令下发成功')
# else:
# print('!!!hping3攻击命令下发失败!!!')
# exit()
# 客户端发送http请求
fun.cmd(f"curl http://{pcap_dip}:{port_d}", 'c', thread=1)
time.sleep(5)
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
def test_http_check_post_a2(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 发送post请求,不包含黑名单内容的普通请求
content = http_check.http_post(url)
print('多个黑名单时post普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送post请求,请求内容不包含黑名单内容
content = http_check.http_post(url, self.data)
print('多个黑名单时post请求内容不包含黑名单的请求应返回的内容为:{}'.format(content))
assert content == http_content
# 发送post请求,请求内容包含第一个黑名单
status_code = http_check.http_post(url, self.case2_data1)
print('多个黑名单时post请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送post请求,请求内容包含第二个黑名单
status_code = http_check.http_post(url, self.case2_data2)
print('多个黑名单时post请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 移除策略,还原环境
fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100, flag='不存在')
assert self.case2_step1[key][1] not in re
# 检查网页访问策略是否清空
fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re
def test_ftp_check_upload_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res2 == 1
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.case1_upremotePath, self.case1_uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case1_uplocalPath, result1))
assert result1 == 1
# 登录ftp服务器,上传文件扩展名为非白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.uploadFile(fp, self.case1_deny_upremotePath, self.case1_deny_uplocalPath)
print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_uplocalPath, result2))
assert result2 == 0
# 移除策略,还原环境
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100, flag='不存在')
assert self.case1_step1[key][1] not in re
# 检查ftp传输策略是否清空
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re
def test_ftp_check_user_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('ftp第一个白名单用户{}欢迎语是:{}'.format(self.username, fp.getwelcome()))
assert '220' in fp.getwelcome()
fp = con_ftp.connect_ftp(self.host, self.port, self.case2_allow_user,
self.password)
print('ftp第二个白名单用户{}欢迎语是:{}'.format(self.case2_allow_user,
fp.getwelcome()))
assert '220' in fp.getwelcome()
# 登录ftp服务器,用户为非白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.case2_deny_user,
self.password)
print('ftp非白名单用户{}结果为:{}'.format(self.case2_deny_user, fp))
assert fp == 0
def test_report_acl_labelRejectPac_count(self):
# 开启acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'],
domain_rmb, base_path)
for key in self.case2_step1:
print('ip:', baseinfo.gwManageIp)
re = fun.cmd(self.case2_step1[key][0], 'gw')
print('re:', re)
assert self.case2_step1[key][1] in re
# 下发acl策略并检查结果-----查询失败问题待调查
fun.send(Exc_rmb, message.AddAclPolicy_labelRejectPac['AddAclPolicy'],
domain_rmb, base_path)
# for key in self.case2_step2:
# print('ip:',baseinfo.gwManageIp)
# re = fun.cmd(self.case2_step2[key][0],'gw',thread=1)
# print('key:',self.case2_step2[key][0])
# print('re:',re)
# assert self.case2_step2[key][1] in re
# 客户端发送正常请求报文
c_iface, c_num, c_pcap = self.pkt2_cfg["send"][0], self.pkt2_cfg[
"send"][1], self.pkt2_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
print('tcpreplay命令发送成功')
# jsac.agentjsac.info.log文件查看命中统计数
fun.wait_data(
f"grep -n ReportAclCount /var/log/jsac.agentjsac.info.log |tail -1",
'gw',
self.case2_step3['step1'][0],
'检查拒绝数',
300,
flag='存在')
for key in self.case2_step3:
re = fun.cmd(
"grep -n LabelRejectPac /var/log/jsac.agentjsac.info.log |tail -1 ",
'gw')
print('re:', re)
assert self.case2_step3[key][0] in re
# 关闭acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'],
domain_rmb, base_path)
for key in self.case2_step4:
re = fun.cmd(self.case2_step4[key][0], 'gw')
print('re:', re)
assert self.case2_step4[key][1] in re
# 移除掉acl策略并检查结果
fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'],
domain_rmb, base_path)
def test_verifymod_set_timeout(self):
# 开启认证服务
print('1.开启认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询服务进程有/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、服务有监听443端口说明服务开启成功')
fun.send(rbmExc, message.verifymod_switch_start['ManageAuthServer'], domain_rmb, base_path)
# 检查配置下发是否成功
for key in self.case1_step1:
re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100)
assert self.case1_step1[key][1] in re1
for key in self.case1_step2:
re2 = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '检查认证监听端口', 100)
assert self.case1_step2[key][1] in re2
print('2.设置认证时效为120s,使用命令cat /etc/jsac/Initialize.conf查询到AUTHIP_DURATION = 120说明认证时效设置成功')
fun.send(rbmExc, message.verifymod_set_Timeout['ConfigAuthServer'], domain_rmb, base_path)
fun.wait_data(self.case2_step1["step1"][0], 'gw', self.case2_step1["step1"][1], '检查认证时效', 100)
for key in self.case2_step1:
re1 = fun.cmd(self.case2_step1[key][0], 'gw')
assert self.case2_step1[key][1] in re1
# 关闭认证服务
print('3.关闭认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询不到服务进程/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、且认证服务端口443也不存在')
fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'], domain_rmb, base_path)
# 检查配置下发是否成功
for key in self.case1_step1:
re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100, flag='不存在')
assert self.case1_step1[key][1] not in re1
for key in self.case1_step2:
re2 = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '检查认证监听端口', 100, flag='不存在')
assert self.case1_step2[key][1] not in re2
def test_verifymod_switch_restart(self):
# 开启认证服务
print('1.开启认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询服务进程有/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、服务端口有443说明服务开启成功')
fun.send(rbmExc, message.verifymod_switch_start['ManageAuthServer'], domain_rmb, base_path)
# 检查配置下发是否成功
for key in self.case1_step1:
re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100)
assert self.case1_step1[key][1] in re1
for key in self.case1_step2:
re2 = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '检查认证监听端口', 100)
assert self.case1_step2[key][1] in re2
print('2.重启认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询服务进程有/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、服务端口有5566说明服务重启成功')
fun.send(rbmExc, message.verifymod_switch_restart['ManageAuthServer'], domain_rmb, base_path)
for key in self.case1_step1:
re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100)
assert self.case1_step1[key][1] in re1
for key in self.case2_step1:
re2 = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '检查认证监听端口', 100)
assert self.case2_step1[key][1] in re2
# 关闭认证服务
print('3.关闭认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询不到服务进程/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、且认证服务端口5566也不存在')
fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'], domain_rmb, base_path)
# 检查配置下发是否成功
for key in self.case1_step1:
re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100, flag='不存在')
assert self.case1_step1[key][1] not in re1
for key in self.case2_step1:
re2 = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '检查认证监听端口', 100, flag='不存在')
assert self.case2_step1[key][1] not in re2
def test_rabbitmq(self):
#清空环境
for i in clr_env.clear_env:
fun.cmd(i, 'gw_s')
#下发配置
fun.send('ManageExchange', 'AddAclPolicy', 'hf.f1203.g01.cs_12.wg5')
#检查配置下发是否成功
re = fun.cmd(command.result_check_gwc[0], 'gw_s')
#assert command.case_result_gwc[0] in re
#开启接收端抓包
fun.cmd(command.pre_env[0], 'gw_c', thread=1)
time.sleep(3)
#客户端发送报文
fun.cmd(command.case_step_c[0], 'gw_s')
#解析接收端抓包
re = fun.cmd(command.result_check_c[0], 'gw_c')
assert command.case_result_c[0] in re
def test_iso_http_basic_a3(self):
# 下发配置
fun.send(rbmExc, message.addhttp_front_post['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_back_post['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
'nginx: worker process')
# 检查配置下发是否成功
for key in self.case3_step1:
re = fun.wait_data(self.case3_step1[key][0], 'FrontDut',
self.case3_step1[key][1], '配置', 100)
print(re)
assert self.case3_step1[key][1] in re
for key in self.case3_step11:
re = fun.wait_data(self.case3_step11[key][0], 'FrontDut',
self.case3_step11[key][1], '配置', 100)
print(re)
assert self.case3_step11[key][1] in re
#服务器端开启post上传服务
#发送post请求,验证post请求是否正常
print('请求地址为{}'.format(self.http_url))
content = http_check.http_post(self.http_url)
print('post普通请求的请求内容为:{}'.format(content))
# 发送post请求,验证隔离下的http策略上传一个10M大小的文件
print('上传的服务器地址为{}'.format(self.upfile_url))
result = http_check.http_upload(self.upfile_url, self.upfilename,
self.uplocalPath, self.upMIME_type)
assert result == 1
