class Main(): """TODO: Doku.""" def __init__(self) -> None: """TODO: Doku.""" self.cfg = Config(CONFIG_PATH) self.cfg_log = Config(LOG_CONFIG_PATH) loglevel = self.cfg_log.get_value("LOG", "level") to_stdout = self.cfg_log.get_value("LOG", "to_stdout") to_files = self.cfg_log.get_value("LOG", "to_files") logpath = self.cfg_log.get_value("LOG", "filepath") logfile = self.cfg_log.get_value("LOG", "filename") self.log = Log(str(loglevel), bool(to_stdout), bool(to_files), str(logpath), str(logfile)) info("starting easywall") self.easywall = Easywall(self.cfg) self.event_handler = ModifiedHandler(self.apply) self.observer = Observer() self.stop_flag = False info("easywall has been started") def apply(self, filename: str) -> None: """TODO: Doku.""" info("starting apply process from easywall") delete_file_if_exists(filename) self.easywall.apply() def start_observer(self) -> None: """ Keep the main process running until it should be stopped. if someone is pressing ctrl + C the software will initiate the stop process """ self.observer.schedule(self.event_handler, ".") self.observer.start() try: while not self.stop_flag: sleep(2) except KeyboardInterrupt: info("KeyboardInterrupt received, starting shutdown") finally: self.shutdown() def shutdown(self) -> None: """Stop all threads and shut the software down gracefully.""" info("starting shutdown") self.observer.stop() delete_file_if_exists(".acceptance") self.observer.join() info("shutdown completed") self.log.close_logging()
class TestRulesHandler(unittest.TestCase): """ TODO: Doku """ def setUp(self) -> None: self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = no to_stdout = yes filepath = /var/log filename = easywall.log [IPTABLES] log_blocked_connections = yes log_blocked_connections_log_limit = 60 log_blacklist_connections = yes log_blacklist_connections_log_limit = 60 drop_broadcast_packets = yes drop_multicast_packets = yes drop_anycast_packets = yes ssh_brute_force_prevention = yes ssh_brute_force_prevention_log = yes ssh_brute_force_prevention_connection_limit = 5 ssh_brute_force_prevention_log_limit = 60 icmp_flood_prevention = yes icmp_flood_prevention_log = yes icmp_flood_prevention_connection_limit = 5 icmp_flood_prevention_log_limit = 60 drop_invalid_packets = yes drop_invalid_packets_log = yes drop_invalid_packets_log_limit = 60 port_scan_prevention = yes port_scan_prevention_log = yes port_scan_prevention_log_limit = 60 [IPV6] enabled = true icmp_allow_router_advertisement = yes icmp_allow_neighbor_advertisement = yes [ACCEPTANCE] enabled = yes duration = 1 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.ensure_files_exist() def tearDown(self) -> None: delete_file_if_exists(self.config_file) def test_init(self) -> None: """ TODO: Doku """ self.easywall = Easywall(self.cfg) def test_apply_not_accepted(self) -> None: """ TODO: Doku """ self.easywall.apply() def test_apply_accepted(self) -> None: """ TODO: Doku """ write_into_file(self.easywall.acceptance.filename, "true") self.easywall.apply() def test_apply_blacklist(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/blacklist".format(self.easywall.rules.rulesfolder), """192.168.233.254 1.2.4.5 2001:db8:a0b:12f0::1 """) self.easywall.apply_blacklist() def test_apply_whitelist(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/whitelist".format(self.easywall.rules.rulesfolder), """192.168.233.254 1.2.4.5 2001:db8:a0b:12f0::1 """) self.easywall.apply_whitelist() def test_apply_rules_port_range(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/udp".format(self.easywall.rules.rulesfolder), "1234:1237") self.easywall.apply_rules("udp") def test_apply_custom_rules(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/custom".format(self.easywall.rules.rulesfolder), "1234") self.easywall.apply_custom_rules() def test_apply_ssh_port(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/tcp".format(self.easywall.rules.rulesfolder), "22#ssh") self.easywall.apply_rules("tcp") def test_apply_forwarding(self) -> None: """ TODO: Doku """ write_into_file( "{}/current/forwarding".format(self.easywall.rules.rulesfolder), "tcp:1234:1235") self.easywall.apply_forwarding()
class Main(object): """ TODO: Doku """ def __init__(self): self.cfg = Config(CONFIG_PATH) loglevel = self.cfg.get_value("LOG", "level") to_stdout = self.cfg.get_value("LOG", "to_stdout") to_files = self.cfg.get_value("LOG", "to_files") logpath = self.cfg.get_value("LOG", "filepath") logfile = self.cfg.get_value("LOG", "filename") self.log = Log(loglevel, to_stdout, to_files, logpath, logfile) info("starting easywall") self.is_first_run = not folder_exists("rules") self.rules_handler = RulesHandler() if self.is_first_run: self.rules_handler.rules_firstrun() self.easywall = Easywall(self.cfg) self.event_handler = ModifiedHandler(self.apply) self.observer = Observer() self.stop_flag = False info("easywall has been started") def apply(self, filename: str) -> None: """ TODO: Doku """ info("starting apply process from easywall") delete_file_if_exists(filename) self.easywall.apply() def start_observer(self) -> None: """ this function is called to keep the main process running if someone is pressing ctrl + C the software will initiate the stop process """ self.observer.schedule(self.event_handler, ".") self.observer.start() try: while not self.stop_flag: sleep(2) except KeyboardInterrupt: info("KeyboardInterrupt received, starting shutdown") finally: self.shutdown() def shutdown(self) -> None: """ the function stops all threads and shuts the software down gracefully """ info("starting shutdown") self.observer.stop() delete_file_if_exists(".acceptance") self.observer.join() info("shutdown completed") self.log.close_logging()
class TestRulesHandler(unittest.TestCase): """ TODO: Doku """ def setUp(self): self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = false to_stdout = true filepath = filename = [IPV6] enabled = true [ACCEPTANCE] enabled = true duration = 1 [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.rules_firstrun() def tearDown(self): delete_file_if_exists(self.config_file) def test_init(self): """ TODO: Doku """ self.easywall = Easywall(self.cfg) def test_apply_not_accepted(self): """ TODO: Doku """ self.easywall.apply() def test_apply_accepted(self): """ TODO: Doku """ write_into_file(self.easywall.acceptance.filename, "true") self.easywall.apply() def test_apply_blacklist(self): """ TODO: Doku """ write_into_file( "{}/current/blacklist".format(self.easywall.rules.rulesfolder), """192.168.233.254 1.2.4.5 2001:db8:a0b:12f0::1 """) self.easywall.apply_blacklist() def test_apply_whitelist(self): """ TODO: Doku """ write_into_file( "{}/current/whitelist".format(self.easywall.rules.rulesfolder), """192.168.233.254 1.2.4.5 2001:db8:a0b:12f0::1 """) self.easywall.apply_whitelist() def test_apply_rules_port_range(self): """ TODO: Doku """ write_into_file( "{}/current/udp".format(self.easywall.rules.rulesfolder), "1234:1237") self.easywall.apply_rules("udp") def test_apply_custom_rules(self): """ TODO: Doku """ write_into_file( "{}/current/custom".format(self.easywall.rules.rulesfolder), "1234") self.easywall.apply_custom_rules()
class TestEasywall(unittest.TestCase): """TODO: Doku.""" def setUp(self) -> None: """TODO: Doku.""" prepare_configuration() self.cfg = Config(CONFIG_PATH) self.easywall = Easywall(self.cfg) self.rules = RulesHandler() def tearDown(self) -> None: """TODO: Doku.""" restore_configuration() def test_init(self) -> None: """TODO: Doku.""" self.easywall = Easywall(self.cfg) def test_apply_not_accepted(self) -> None: """TODO: Doku.""" self.easywall.apply() def test_apply_accepted(self) -> None: """TODO: Doku.""" write_into_file(self.easywall.acceptance.filename, "true") self.easywall.apply() def test_apply_blacklist(self) -> None: """TODO: Doku.""" blacklist = ["192.168.233.254", "1.2.4.5", "2001:db8:a0b:12f0::1"] self.rules.save_new_rules("blacklist", blacklist) self.rules.apply_new_rules() self.easywall.apply_blacklist() def test_apply_whitelist(self) -> None: """TODO: Doku.""" whitelist = ["192.168.233.254", "1.2.4.5", "2001:db8:a0b:12f0::1"] self.rules.save_new_rules("whitelist", whitelist) self.rules.apply_new_rules() self.easywall.apply_whitelist() def test_apply_rules_port_range(self) -> None: """TODO: Doku.""" udp: list = [] entry: dict = {} entry["description"] = "test" entry["port"] = "8080:8085" entry["ssh"] = False udp.append(entry) self.rules.save_new_rules("udp", udp) self.rules.apply_new_rules() self.easywall.apply_rules("udp") def test_apply_custom_rules(self) -> None: """TODO: Doku.""" custom = ["1234"] self.rules.save_new_rules("custom", custom) self.rules.apply_new_rules() self.easywall.apply_custom_rules() def test_apply_ssh_port(self) -> None: """TODO: Doku.""" tcp: list = [] entry: dict = {} entry["description"] = "SSH" entry["port"] = "22" entry["ssh"] = True tcp.append(entry) self.rules.save_new_rules("tcp", tcp) self.rules.apply_new_rules() self.easywall.apply_rules("tcp") def test_apply_forwarding(self) -> None: """TODO: Doku.""" forwarding = ["tcp:1234:1235"] self.rules.save_new_rules("forwarding", forwarding) self.rules.apply_new_rules() self.easywall.apply_forwarding()