def test_indexing_disabled2(self):
test_list = []
line = DirectiveInfo(DirectiveLine("Options", ["None"]), 0, 'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.indexing_disabled())
def test_keepalive_set1(self):
test_list = []
line = DirectiveInfo(DirectiveLine("KeepAlive", ["On"]), 0, 'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.keepalive_set())
def test_symlinks_disabled4(self):
test_list = []
line = DirectiveInfo(DirectiveLine("Options", ["+FollowSymLinks"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.symlinks_disabled())
def test_maxclients_set3(self):
test_list = []
line = DirectiveInfo(DirectiveLine("MaxClients", ["22"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.maxclients_set())
def test_ssi_disabled6(self):
test_list = []
line = DirectiveInfo(DirectiveLine("Options", ["+Includes"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.ssi_disabled())
def test_http_header_limited2(self):
test_list = []
line = DirectiveInfo(DirectiveLine("LimitRequestFields", ["0"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.http_header_limited())
def test_http_message_limited4(self):
test_list = []
line = DirectiveInfo(DirectiveLine("LimitRequestBody", ["2"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.http_message_limited())
def test_http_header_field_limited3(self):
test_list = []
line = DirectiveInfo(DirectiveLine("LimitRequestFieldSize", ["8190"]),
0, 'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.http_header_field_limited())
def test_multiviews_disabled4(self):
test_list = []
line = DirectiveInfo(DirectiveLine("Options", ["-Multiview"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.multiviews_disabled())
def test_timeout_set4(self):
test_list = []
line = DirectiveInfo(DirectiveLine("Timeout", ["301"]), 0, 'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.timeout_set())
def test_maxspareservers_set4(self):
test_list = []
line = DirectiveInfo(DirectiveLine("MaxSpareServers", ["9"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.maxspareservers_set())
def test_ports_configured3(self):
test_list = []
line = DirectiveInfo(DirectiveLine("Listen", ["0.0.0.0"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.ports_configured())
def test_keepalivetimeout_set4(self):
test_list = []
line = DirectiveInfo(DirectiveLine("KeepAliveTimeout", ["16"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.keepalivetimeout_set())
def test_startservers_set_set6(self):
test_list = []
line = DirectiveInfo(DirectiveLine("StartServers", ["11"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.startservers_set())
def test_minspareservers_set2(self):
test_list = []
line = DirectiveInfo(DirectiveLine("MinSpareServers", ["4"]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.minspareservers_set())
def test_ssi_disabled2(self):
"""
Check case where all Options have value "None"
"""
test_list = []
line = DirectiveInfo(DirectiveLine("Options", ["None"]), 0, 'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.ssi_disabled())
def test_override_denied2(self):
test_list = []
line = DirectiveInfo(DirectiveLine("<Directory", ["/>"]), 0,
'file.txt')
test_list.append(line)
line = DirectiveInfo(DirectiveLine("AllowOverride", ["All"]), 0,
'file.txt')
test_list.append(line)
line = DirectiveInfo(DirectiveLine("</Directory>", [""]), 0,
'file.txt')
test_list.append(line)
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.override_denied())
class ApacheAuditor: #the class which audits configuration files
def __init__(self):
self.parser = ApacheParser()
self.config_auditor = None
self.directive_list = None
def audit(self):
"""
Entry fucntion to the auditor creates other auditing objects and uses
them to audit componenets Apache configuration for STIG compliance.
:returns: string -- filename of the log file
"""
self.directive_list = self.parser.build_directives_list(DEFAULT_CONFIG)
self.config_auditor = ApacheConfigAuditor(self.directive_list)
self.system_auditor = ApacheSystemAuditor()
files = []
filename = self.config_auditor.audit()
if filename != 0:
files.append(filename)
filename = self.config_auditor.audit()
if filename != 0:
files.append(filename)
output = self.build_output(files=files)
return output
def build_output(self, files, filename="ApacheLog.txt"):
"""
Concatenates all the log files in files list into single file
with name filename.
:returns: string -- filename of the log file
"""
out_log = open(filename, 'w')
for file in files:
in_log = open(file, 'r')
for line in in_log:
out_log.write(line)
in_log.close()
out_log.close()
return filename
def audit(self):
"""
Entry fucntion to the auditor creates other auditing objects and uses
them to audit componenets Apache configuration for STIG compliance.
:returns: string -- filename of the log file
"""
self.directive_list = self.parser.build_directives_list(DEFAULT_CONFIG)
self.config_auditor = ApacheConfigAuditor(self.directive_list)
self.system_auditor = ApacheSystemAuditor()
files = []
filename = self.config_auditor.audit()
if filename != 0:
files.append(filename)
filename = self.config_auditor.audit()
if filename != 0:
files.append(filename)
output = self.build_output(files=files)
return output
def test_multiviews_disabled1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.multiviews_disabled())
def test_http_line_limited1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.http_line_limited())
def test_startservers_set_set1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.startservers_set())
def test_indexing_disabled1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.indexing_disabled())
def test_is_valid_address(self):
auditor = ApacheConfigAuditor()
address1 = "0.0.0.0"
address2 = "0.0.0.0:0"
address3 = "0.0.0.1:0"
address4 = "1.1.1.1"
address5 = "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"
address6 = "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:3"
address8 = "[0:0:0:0:0:0:0]:1" # How to check.
address9 = "[::1]"
address10 = "[::]"
address11 = "[::]:20"
address12 = "[::1]:20"
self.assertFalse(auditor.is_valid_address(address1))
self.assertFalse(auditor.is_valid_address(address2))
self.assertTrue(auditor.is_valid_address(address3))
self.assertFalse(auditor.is_valid_address(address4))
self.assertFalse(auditor.is_valid_address(address5))
self.assertTrue(auditor.is_valid_address(address6))
self.assertFalse(auditor.is_valid_address(address8))
self.assertFalse(auditor.is_valid_address(address9))
self.assertFalse(auditor.is_valid_address(address10))
self.assertFalse(auditor.is_valid_address(address11))
self.assertTrue(auditor.is_valid_address(address12))
def test_override_denied1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.override_denied())
def test_keepalive_set1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.keepalive_set())
def test_symlinks_disabled1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.symlinks_disabled())
def test_ports_configured1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertFalse(auditor.ports_configured())
def test_timeout_set1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.timeout_set())
def test_maxspareservers_set1(self):
test_list = []
auditor = ApacheConfigAuditor(test_list)
self.assertTrue(auditor.maxspareservers_set())