Пример #1
0
class Main():
    """TODO: Doku."""
    def __init__(self) -> None:
        """TODO: Doku."""
        self.cfg = Config(CONFIG_PATH)
        self.cfg_log = Config(LOG_CONFIG_PATH)

        loglevel = self.cfg_log.get_value("LOG", "level")
        to_stdout = self.cfg_log.get_value("LOG", "to_stdout")
        to_files = self.cfg_log.get_value("LOG", "to_files")
        logpath = self.cfg_log.get_value("LOG", "filepath")
        logfile = self.cfg_log.get_value("LOG", "filename")
        self.log = Log(str(loglevel), bool(to_stdout), bool(to_files),
                       str(logpath), str(logfile))

        info("starting easywall")

        self.easywall = Easywall(self.cfg)
        self.event_handler = ModifiedHandler(self.apply)
        self.observer = Observer()
        self.stop_flag = False

        info("easywall has been started")

    def apply(self, filename: str) -> None:
        """TODO: Doku."""
        info("starting apply process from easywall")
        delete_file_if_exists(filename)
        self.easywall.apply()

    def start_observer(self) -> None:
        """
        Keep the main process running until it should be stopped.

        if someone is pressing ctrl + C the software will initiate the stop process
        """
        self.observer.schedule(self.event_handler, ".")
        self.observer.start()

        try:
            while not self.stop_flag:
                sleep(2)
        except KeyboardInterrupt:
            info("KeyboardInterrupt received, starting shutdown")
        finally:
            self.shutdown()

    def shutdown(self) -> None:
        """Stop all threads and shut the software down gracefully."""
        info("starting shutdown")

        self.observer.stop()
        delete_file_if_exists(".acceptance")
        self.observer.join()

        info("shutdown completed")
        self.log.close_logging()
Пример #2
0
class TestRulesHandler(unittest.TestCase):
    """
    TODO: Doku
    """
    def setUp(self) -> None:
        self.config_file = "test_easywall.ini"
        content = """[LOG]
level = info
to_files = no
to_stdout = yes
filepath = /var/log
filename = easywall.log

[IPTABLES]
log_blocked_connections = yes
log_blocked_connections_log_limit = 60
log_blacklist_connections = yes
log_blacklist_connections_log_limit = 60
drop_broadcast_packets = yes
drop_multicast_packets = yes
drop_anycast_packets = yes
ssh_brute_force_prevention = yes
ssh_brute_force_prevention_log = yes
ssh_brute_force_prevention_connection_limit = 5
ssh_brute_force_prevention_log_limit = 60
icmp_flood_prevention = yes
icmp_flood_prevention_log = yes
icmp_flood_prevention_connection_limit = 5
icmp_flood_prevention_log_limit = 60
drop_invalid_packets = yes
drop_invalid_packets_log = yes
drop_invalid_packets_log_limit = 60
port_scan_prevention = yes
port_scan_prevention_log = yes
port_scan_prevention_log_limit = 60

[IPV6]
enabled = true
icmp_allow_router_advertisement = yes
icmp_allow_neighbor_advertisement = yes

[ACCEPTANCE]
enabled = yes
duration = 1
timestamp =

[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore

"""
        create_file_if_not_exists(self.config_file)
        write_into_file(self.config_file, content)
        self.cfg = Config(self.config_file)
        self.easywall = Easywall(self.cfg)
        self.easywall.rules.ensure_files_exist()

    def tearDown(self) -> None:
        delete_file_if_exists(self.config_file)

    def test_init(self) -> None:
        """
        TODO: Doku
        """
        self.easywall = Easywall(self.cfg)

    def test_apply_not_accepted(self) -> None:
        """
        TODO: Doku
        """
        self.easywall.apply()

    def test_apply_accepted(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(self.easywall.acceptance.filename, "true")
        self.easywall.apply()

    def test_apply_blacklist(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/blacklist".format(self.easywall.rules.rulesfolder),
            """192.168.233.254
1.2.4.5
2001:db8:a0b:12f0::1
""")
        self.easywall.apply_blacklist()

    def test_apply_whitelist(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/whitelist".format(self.easywall.rules.rulesfolder),
            """192.168.233.254
1.2.4.5
2001:db8:a0b:12f0::1
""")
        self.easywall.apply_whitelist()

    def test_apply_rules_port_range(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/udp".format(self.easywall.rules.rulesfolder),
            "1234:1237")
        self.easywall.apply_rules("udp")

    def test_apply_custom_rules(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/custom".format(self.easywall.rules.rulesfolder),
            "1234")
        self.easywall.apply_custom_rules()

    def test_apply_ssh_port(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/tcp".format(self.easywall.rules.rulesfolder), "22#ssh")
        self.easywall.apply_rules("tcp")

    def test_apply_forwarding(self) -> None:
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/forwarding".format(self.easywall.rules.rulesfolder),
            "tcp:1234:1235")
        self.easywall.apply_forwarding()
Пример #3
0
class Main(object):
    """
    TODO: Doku
    """
    def __init__(self):
        self.cfg = Config(CONFIG_PATH)

        loglevel = self.cfg.get_value("LOG", "level")
        to_stdout = self.cfg.get_value("LOG", "to_stdout")
        to_files = self.cfg.get_value("LOG", "to_files")
        logpath = self.cfg.get_value("LOG", "filepath")
        logfile = self.cfg.get_value("LOG", "filename")
        self.log = Log(loglevel, to_stdout, to_files, logpath, logfile)

        info("starting easywall")

        self.is_first_run = not folder_exists("rules")
        self.rules_handler = RulesHandler()
        if self.is_first_run:
            self.rules_handler.rules_firstrun()
        self.easywall = Easywall(self.cfg)
        self.event_handler = ModifiedHandler(self.apply)
        self.observer = Observer()
        self.stop_flag = False

        info("easywall has been started")

    def apply(self, filename: str) -> None:
        """
        TODO: Doku
        """
        info("starting apply process from easywall")
        delete_file_if_exists(filename)
        self.easywall.apply()

    def start_observer(self) -> None:
        """
        this function is called to keep the main process running
        if someone is pressing ctrl + C the software will initiate the stop process
        """
        self.observer.schedule(self.event_handler, ".")
        self.observer.start()

        try:
            while not self.stop_flag:
                sleep(2)
        except KeyboardInterrupt:
            info("KeyboardInterrupt received, starting shutdown")
        finally:
            self.shutdown()

    def shutdown(self) -> None:
        """
        the function stops all threads and shuts the software down gracefully
        """
        info("starting shutdown")

        self.observer.stop()
        delete_file_if_exists(".acceptance")
        self.observer.join()

        info("shutdown completed")
        self.log.close_logging()
Пример #4
0
class TestRulesHandler(unittest.TestCase):
    """
    TODO: Doku
    """
    def setUp(self):
        self.config_file = "test_easywall.ini"
        content = """[LOG]
level = info
to_files = false
to_stdout = true
filepath =
filename =

[IPV6]
enabled = true

[ACCEPTANCE]
enabled = true
duration = 1

[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore

[BACKUP]
filepath = ./backup
ipv4filename = iptables_v4_backup
ipv6filename = iptables_v6_backup
        """
        create_file_if_not_exists(self.config_file)
        write_into_file(self.config_file, content)
        self.cfg = Config(self.config_file)
        self.easywall = Easywall(self.cfg)
        self.easywall.rules.rules_firstrun()

    def tearDown(self):
        delete_file_if_exists(self.config_file)

    def test_init(self):
        """
        TODO: Doku
        """
        self.easywall = Easywall(self.cfg)

    def test_apply_not_accepted(self):
        """
        TODO: Doku
        """
        self.easywall.apply()

    def test_apply_accepted(self):
        """
        TODO: Doku
        """
        write_into_file(self.easywall.acceptance.filename, "true")
        self.easywall.apply()

    def test_apply_blacklist(self):
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/blacklist".format(self.easywall.rules.rulesfolder),
            """192.168.233.254
1.2.4.5
2001:db8:a0b:12f0::1
""")
        self.easywall.apply_blacklist()

    def test_apply_whitelist(self):
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/whitelist".format(self.easywall.rules.rulesfolder),
            """192.168.233.254
1.2.4.5
2001:db8:a0b:12f0::1
""")
        self.easywall.apply_whitelist()

    def test_apply_rules_port_range(self):
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/udp".format(self.easywall.rules.rulesfolder),
            "1234:1237")
        self.easywall.apply_rules("udp")

    def test_apply_custom_rules(self):
        """
        TODO: Doku
        """
        write_into_file(
            "{}/current/custom".format(self.easywall.rules.rulesfolder),
            "1234")
        self.easywall.apply_custom_rules()
Пример #5
0
class TestEasywall(unittest.TestCase):
    """TODO: Doku."""
    def setUp(self) -> None:
        """TODO: Doku."""
        prepare_configuration()
        self.cfg = Config(CONFIG_PATH)
        self.easywall = Easywall(self.cfg)
        self.rules = RulesHandler()

    def tearDown(self) -> None:
        """TODO: Doku."""
        restore_configuration()

    def test_init(self) -> None:
        """TODO: Doku."""
        self.easywall = Easywall(self.cfg)

    def test_apply_not_accepted(self) -> None:
        """TODO: Doku."""
        self.easywall.apply()

    def test_apply_accepted(self) -> None:
        """TODO: Doku."""
        write_into_file(self.easywall.acceptance.filename, "true")
        self.easywall.apply()

    def test_apply_blacklist(self) -> None:
        """TODO: Doku."""
        blacklist = ["192.168.233.254", "1.2.4.5", "2001:db8:a0b:12f0::1"]
        self.rules.save_new_rules("blacklist", blacklist)
        self.rules.apply_new_rules()
        self.easywall.apply_blacklist()

    def test_apply_whitelist(self) -> None:
        """TODO: Doku."""
        whitelist = ["192.168.233.254", "1.2.4.5", "2001:db8:a0b:12f0::1"]
        self.rules.save_new_rules("whitelist", whitelist)
        self.rules.apply_new_rules()
        self.easywall.apply_whitelist()

    def test_apply_rules_port_range(self) -> None:
        """TODO: Doku."""
        udp: list = []
        entry: dict = {}
        entry["description"] = "test"
        entry["port"] = "8080:8085"
        entry["ssh"] = False
        udp.append(entry)
        self.rules.save_new_rules("udp", udp)
        self.rules.apply_new_rules()
        self.easywall.apply_rules("udp")

    def test_apply_custom_rules(self) -> None:
        """TODO: Doku."""
        custom = ["1234"]
        self.rules.save_new_rules("custom", custom)
        self.rules.apply_new_rules()
        self.easywall.apply_custom_rules()

    def test_apply_ssh_port(self) -> None:
        """TODO: Doku."""
        tcp: list = []
        entry: dict = {}
        entry["description"] = "SSH"
        entry["port"] = "22"
        entry["ssh"] = True
        tcp.append(entry)
        self.rules.save_new_rules("tcp", tcp)
        self.rules.apply_new_rules()
        self.easywall.apply_rules("tcp")

    def test_apply_forwarding(self) -> None:
        """TODO: Doku."""
        forwarding = ["tcp:1234:1235"]
        self.rules.save_new_rules("forwarding", forwarding)
        self.rules.apply_new_rules()
        self.easywall.apply_forwarding()