def test_indexing_disabled2(self): test_list = [] line = DirectiveInfo(DirectiveLine("Options", ["None"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.indexing_disabled())
def test_keepalive_set1(self): test_list = [] line = DirectiveInfo(DirectiveLine("KeepAlive", ["On"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.keepalive_set())
def test_symlinks_disabled4(self): test_list = [] line = DirectiveInfo(DirectiveLine("Options", ["+FollowSymLinks"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.symlinks_disabled())
def test_maxclients_set3(self): test_list = [] line = DirectiveInfo(DirectiveLine("MaxClients", ["22"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.maxclients_set())
def test_ssi_disabled6(self): test_list = [] line = DirectiveInfo(DirectiveLine("Options", ["+Includes"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.ssi_disabled())
def test_http_header_limited2(self): test_list = [] line = DirectiveInfo(DirectiveLine("LimitRequestFields", ["0"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.http_header_limited())
def test_http_message_limited4(self): test_list = [] line = DirectiveInfo(DirectiveLine("LimitRequestBody", ["2"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.http_message_limited())
def test_http_header_field_limited3(self): test_list = [] line = DirectiveInfo(DirectiveLine("LimitRequestFieldSize", ["8190"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.http_header_field_limited())
def test_multiviews_disabled4(self): test_list = [] line = DirectiveInfo(DirectiveLine("Options", ["-Multiview"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.multiviews_disabled())
def test_timeout_set4(self): test_list = [] line = DirectiveInfo(DirectiveLine("Timeout", ["301"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.timeout_set())
def test_maxspareservers_set4(self): test_list = [] line = DirectiveInfo(DirectiveLine("MaxSpareServers", ["9"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.maxspareservers_set())
def test_ports_configured3(self): test_list = [] line = DirectiveInfo(DirectiveLine("Listen", ["0.0.0.0"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.ports_configured())
def test_keepalivetimeout_set4(self): test_list = [] line = DirectiveInfo(DirectiveLine("KeepAliveTimeout", ["16"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.keepalivetimeout_set())
def test_startservers_set_set6(self): test_list = [] line = DirectiveInfo(DirectiveLine("StartServers", ["11"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.startservers_set())
def test_minspareservers_set2(self): test_list = [] line = DirectiveInfo(DirectiveLine("MinSpareServers", ["4"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.minspareservers_set())
def test_ssi_disabled2(self): """ Check case where all Options have value "None" """ test_list = [] line = DirectiveInfo(DirectiveLine("Options", ["None"]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.ssi_disabled())
def test_override_denied2(self): test_list = [] line = DirectiveInfo(DirectiveLine("<Directory", ["/>"]), 0, 'file.txt') test_list.append(line) line = DirectiveInfo(DirectiveLine("AllowOverride", ["All"]), 0, 'file.txt') test_list.append(line) line = DirectiveInfo(DirectiveLine("</Directory>", [""]), 0, 'file.txt') test_list.append(line) auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.override_denied())
class ApacheAuditor: #the class which audits configuration files def __init__(self): self.parser = ApacheParser() self.config_auditor = None self.directive_list = None def audit(self): """ Entry fucntion to the auditor creates other auditing objects and uses them to audit componenets Apache configuration for STIG compliance. :returns: string -- filename of the log file """ self.directive_list = self.parser.build_directives_list(DEFAULT_CONFIG) self.config_auditor = ApacheConfigAuditor(self.directive_list) self.system_auditor = ApacheSystemAuditor() files = [] filename = self.config_auditor.audit() if filename != 0: files.append(filename) filename = self.config_auditor.audit() if filename != 0: files.append(filename) output = self.build_output(files=files) return output def build_output(self, files, filename="ApacheLog.txt"): """ Concatenates all the log files in files list into single file with name filename. :returns: string -- filename of the log file """ out_log = open(filename, 'w') for file in files: in_log = open(file, 'r') for line in in_log: out_log.write(line) in_log.close() out_log.close() return filename
def audit(self): """ Entry fucntion to the auditor creates other auditing objects and uses them to audit componenets Apache configuration for STIG compliance. :returns: string -- filename of the log file """ self.directive_list = self.parser.build_directives_list(DEFAULT_CONFIG) self.config_auditor = ApacheConfigAuditor(self.directive_list) self.system_auditor = ApacheSystemAuditor() files = [] filename = self.config_auditor.audit() if filename != 0: files.append(filename) filename = self.config_auditor.audit() if filename != 0: files.append(filename) output = self.build_output(files=files) return output
def test_multiviews_disabled1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.multiviews_disabled())
def test_http_line_limited1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.http_line_limited())
def test_startservers_set_set1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.startservers_set())
def test_indexing_disabled1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.indexing_disabled())
def test_is_valid_address(self): auditor = ApacheConfigAuditor() address1 = "0.0.0.0" address2 = "0.0.0.0:0" address3 = "0.0.0.1:0" address4 = "1.1.1.1" address5 = "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]" address6 = "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:3" address8 = "[0:0:0:0:0:0:0]:1" # How to check. address9 = "[::1]" address10 = "[::]" address11 = "[::]:20" address12 = "[::1]:20" self.assertFalse(auditor.is_valid_address(address1)) self.assertFalse(auditor.is_valid_address(address2)) self.assertTrue(auditor.is_valid_address(address3)) self.assertFalse(auditor.is_valid_address(address4)) self.assertFalse(auditor.is_valid_address(address5)) self.assertTrue(auditor.is_valid_address(address6)) self.assertFalse(auditor.is_valid_address(address8)) self.assertFalse(auditor.is_valid_address(address9)) self.assertFalse(auditor.is_valid_address(address10)) self.assertFalse(auditor.is_valid_address(address11)) self.assertTrue(auditor.is_valid_address(address12))
def test_override_denied1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.override_denied())
def test_keepalive_set1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.keepalive_set())
def test_symlinks_disabled1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.symlinks_disabled())
def test_ports_configured1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertFalse(auditor.ports_configured())
def test_timeout_set1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.timeout_set())
def test_maxspareservers_set1(self): test_list = [] auditor = ApacheConfigAuditor(test_list) self.assertTrue(auditor.maxspareservers_set())