def test_iso_http_basic_a1(self): # 下发配置 fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'], FrontDomain, base_path) fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'], BackDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case1_step1: re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100) print(re) assert self.case1_step1[key][1] in re for key in self.case1_step11: re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100) print(re) assert self.case1_step11[key][1] in re # 发送get请求,验证隔离下的http策略 print('请求地址为{}'.format(self.http_url)) content = http_check.http_get(self.http_url) print('验证隔离下的http策略请求内容为:{}'.format(content)) assert content == http_content
def teardown_method(self): clr_env.clear_env('gw') clr_env.clear_met_acl('gw') fun.cmd(self.case1_step7["step2"][0], 'gw') fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'], domain_rmb, base_path) clr_env.verifymod_teardown_met(base_path)
def test_vlan_bond_a1(self): # 开启switch开关并检查是否开启成功 for key in self.case1_step1: fun.cmd(self.case1_step1[key][0], 'gw') re = fun.cmd(self.case1_step1[key][1], 'gw') assert self.case1_step1[key][2] in re # 下发vlan配置 fun.send(rbmExc, message.setvlan['SetVlan'], rbmDomain, base_path) # 检查配置下发是否成功 for key in self.case1_step2: re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], 'vlan', 100) assert self.case1_step2[key][1] in re # 测试从设备端ping vlanA设备正常 resA_cmd = 'ping ' + vlanAOpeIp + ' -c 4' print('从设备端ping vlanA设备的命令是:{}'.format(resA_cmd)) resA = fun.cmd(resA_cmd, 'gw') print('从设备端ping vlanA的结果为:{}'.format(resA)) assert '0% packet loss' in resA # 测试从vlanA ping设备正常 dutA_cmd = 'ping ' + gwInternetIp + ' -c 4' print('从vlanA ping设备的命令是:{}'.format(dutA_cmd)) dutA = fun.cmd(dutA_cmd, 'vlanA') print('从vlanA ping设备的结果为:{}'.format(dutA)) assert '0% packet loss' in dutA # 测试从设备端ping vlanB设备正常 resB_cmd = 'ping ' + vlanBOpeIp + ' -c 4' print('从设备端ping vlanB设备的命令是:{}'.format(resB_cmd)) resB = fun.cmd(resB_cmd, 'gw') print('从设备端ping vlanB设备的结果为:{}'.format(resB)) assert '0% packet loss' in resB # 测试从vlanB ping设备正常 dutB_cmd = 'ping ' + gwInternetIp + ' -c 4' print('从vlanB ping设备的命令是:{}'.format(dutB_cmd)) dutB = fun.cmd(dutB_cmd, 'vlanB') print('从vlanB ping设备的结果为:{}'.format(dutB)) assert '0% packet loss' in dutB # 还原环境,移除vlan的配置,且关闭vlan的开关 # 关闭switch开关并检查是否关闭成功 for key in self.case1_step11: fun.cmd(self.case1_step11[key][0], 'gw') re = fun.cmd(self.case1_step11[key][1], 'gw') assert self.case1_step11[key][2] in re # 清空vlan配置 fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path) # 检查配置下发是否成功 for key in self.case1_step2: re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], 'vlan', 100, flag='不存在') assert self.case1_step2[key][1] not in re
def test_nginx_test_a1(self): # 清空环境 for i in self.clr_env: fun.cmd(i, 'gw') for i in range(100): # fun.cmd('systemctl reload nginx_fstack', 'gw') fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') ff = fun.cmd('ff_netstat -an', 'gw') print('ff结果为:{}'.format(ff)) assert proxy_ip in ff fun.send(rbmExc, message.mailcheck1['SetMailCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') # 配置清空 fun.send(rbmExc, message.delsmtp['DelAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.send(rbmExc, message.delpop3['DelAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') print('已经执行了{}次'.format(i + 1))
def teardown_class(self): # 回收环境 clr_env.clear_env() fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path) fun.rbm_close() fun.ssh_close('gw')
def test_http_check_get_a1(self): # 下发配置 fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case1_step1: re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100) print('添加策略_re: ', re) assert self.case1_step1[key][1] in re # 数据检查 fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') for key in self.case1_step2: re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '配置', 100) print("需包含字符串:", self.case1_step2[key][1]) print('httpCheck_re: ', re) assert self.case1_step2[key][1] in re # 发送get请求,不包含黑名单内容的普通请求 content = http_check.http_get(url) print('get普通请求的请求内容为:{}'.format(content)) assert content == http_content result = fun.search('/opt', 'sh', 'gw') print('---------fun.search: \n', result)
def test_rabbitmq(self): #清空环境 for i in self.clr_env: fun.cmd(i, 'gw_s') agent_config = fun.cmd('cat /etc/jsac/agentjsac.config', 'gw_s') print(agent_config) agent_list = agent_config.split('\n') for i in agent_list: str_domain = re.findall( "DeviceDomain = (\w*\d*.\w*\d*.\w*\d*.\w*\d*.\w*\d*)", i) if str_domain: domain = str_domain print(domain) #下发配置 fun.send('ManageExchange', 'AddAclPolicy', domain, base_path) #检查配置下发是否成功 re = fun.cmd(self.case_step['step1'][0], 'gw_s') print(re) assert self.case_step['step1'][1] in re '''
def test_ftp_check_delete_a1(self): # 下发配置 fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case1_step1: re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100) print(re) assert self.case1_step1[key][1] in re for key in self.case1_step11: re = fun.wait_data(self.case1_step11[key][0], 'gw', self.case1_step11[key][1], '配置', 100) print(re) assert self.case1_step11[key][1] in re fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') for key in self.case1_step2: re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '配置', 100) print(re) assert self.case1_step2[key][1] in re # 1、登录ftp服务器,用户为白名单用户 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) assert '220' in fp.getwelcome() # 2、登录ftp服务器,上传文件(上传命令被禁止) fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result1 = con_ftp.uploadFile(fp, self.upremotePath, self.uplocalPath) print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.uplocalPath, result1)) assert result1 == 0 # 3、登录ftp服务器,下载文件扩展名为白名单(下载命令被禁止) fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result2 = con_ftp.downFile(fp, self.downremotePath, self.downlocalPath) print('ftp下载(下载命令被禁止)文件扩展名{}为白名单结果为:{}'.format(self.downremotePath, result2)) assert result2 == 0 # 4、 登录ftp服务器,删除(删除命令被禁止)目录下的文件 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result3 = con_ftp.deleallFile(fp, delePath) print('ftp删除(删除命令被禁止){}的结果为:{}'.format(delePath, result3)) assert result3 == 0
def test_customapp_app_action_deny(self): # 下发配置 fun.send(rbmExc, message.add_app_action_deny_front['AddCustomAppPolicy'], FrontDomain, base_path) fun.send(rbmExc, message.add_app_action_deny_back['AddCustomAppPolicy'], BackDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程') assert front_res1 == 1 fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程') assert back_res1 == 1 fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程') assert front_res1 == 1 # 检查配置下发是否成功 for key in self.case4_step1: re = fun.wait_data(self.case4_step1[key][0], 'FrontDut', self.case4_step1[key][1], '前置机配置', 100) assert self.case4_step1[key][1] in re for key in self.case4_step2: re = fun.wait_data(self.case4_step2[key][0], 'FrontDut', self.case4_step2[key][1], '前置机配置', 100) assert self.case4_step2[key][1] in re for key in self.case0_step1: re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100) assert self.case0_step1[key][1] in re # 发送请求,检测定制应用通信策略是否生效 status_code = http_check.http_get(url,flag=1) print('url:', url) print('验证应用动作为拒绝,默认动作、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code),',请求被禁止。') assert status_code == 0 # 文件查看audit日志 # fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300, flag='存在') fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300) for key in self.case4_step3: re = fun.cmd(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1 ", 'FrontDut') print('re:', re) assert self.case4_step3[key][0] in re #移除策略 fun.send(rbmExc, message.del_app_action_front['DelCustomAppPolicy'], FrontDomain, base_path) fun.send(rbmExc, message.del_app_action_back['DelCustomAppPolicy'], BackDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程') assert front_res1 == 1 fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程') assert back_res1 == 1 #检查配置移除是否成功 for key in self.case4_step4: re = fun.wait_data(self.case4_step4[key][0], 'FrontDut', self.case4_step4[key][1], '前置机配置', 100,flag='不存在') assert self.case4_step4[key][1] not in re for key in self.case0_step1: re = fun.wait_data(self.case0_step1[key][0], 'BackDut', self.case0_step1[key][1], '后置机配置', 100, flag='不存在') assert self.case0_step1[key][1] not in re
def teardown_method(self): clr_env.clear_env('gw') clr_env.clear_met_acl('gw') fun.send(rbmExc, message.verifymod_expired_DelAuthCert['DelAuthCert'], domain_rmb, base_path) fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'], domain_rmb, base_path) clr_env.verifymod_teardown_met(base_path)
def verifymod_teardown_met(base_path): start = time.time() fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'], rbmDomain, base_path) fun.cmd('ipauth-jsac --clear', 'gw') print( "=========================== verifymod_teardown_met 结束 耗时:{}s ==================================" .format(time.time() - start))
def test_ftp_check_upload_a2(self): # 下发配置 fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case2_step1: re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100) print(re) assert self.case2_step1[key][1] in re for key in self.case2_step11: re = fun.wait_data(self.case2_step11[key][0], 'gw', self.case2_step11[key][1], '配置', 100) print(re) assert self.case2_step11[key][1] in re fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') for key in self.case2_step2: re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100) print(re) assert self.case2_step2[key][1] in re # 登录ftp服务器,上传文件扩展名为白名单 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result1 = con_ftp.uploadFile(fp, self.case2_upremotePath, self.case2_uplocalPath) print('第一个ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case2_uplocalPath, result1)) assert result1 == 1 # 登录ftp服务器,上传文件扩展名为白名单 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result2 = con_ftp.uploadFile(fp, self.case2_allow_upremotePath, self.case2_allow_uplocalPath) print('第二个ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case2_allow_uplocalPath, result2)) assert result2 == 1 # 登录ftp服务器,上传文件扩展名为非白名单 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result3 = con_ftp.uploadFile(fp, self.case2_deny_upremotePath, self.case2_deny_uplocalPath) print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case2_deny_uplocalPath, result3)) assert result3 == 0
def test_customapp_default_action_allow(self): # 下发配置 fun.send(rbmExc, message.add_app_default_action_front['AddCustomAppPolicy'], FrontDomain, base_path) fun.send(rbmExc, message.add_app_default_action_back['AddCustomAppPolicy'], BackDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程') assert front_res1 ==1 fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程') assert back_res1 == 1 fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程') assert front_res1 == 1 # 检查配置下发是否成功 for key in self.case1_step1: # re = fun.cmd(self.case1_step1[key][0], 'FrontDut') # print(re) re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '前置机配置', 100) assert self.case1_step1[key][1] in re for key in self.case1_step2: # re = fun.cmd(self.case1_step2[key][0], 'FrontDut') # print(re) re = fun.wait_data(self.case1_step2[key][0], 'FrontDut', self.case1_step2[key][1], '前置机配置', 100) assert self.case1_step2[key][1] in re for key in self.case0_step1: re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100) assert self.case0_step1[key][1] in re # 发送请求,检测定制应用通信策略是否生效 status_code = http_check.http_get(url,flag=1) print('url:', url) print('验证默认动作为允许,应用、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code)) assert status_code == 200 #移除策略 fun.send(rbmExc, message.del_app_upstream_front['DelCustomAppPolicy'], FrontDomain, base_path) fun.send(rbmExc, message.del_app_upstream_back['DelCustomAppPolicy'], BackDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程') assert front_res1 == 1 fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程') assert back_res1 == 1 # 检查配置移除是否成功 for key in self.case1_step3: # re = fun.cmd(self.case1_step1[key][0], 'FrontDut') # print(re) re = fun.wait_data(self.case1_step3[key][0], 'FrontDut', self.case1_step3[key][1], '前置机配置', 100,flag='不存在') assert self.case1_step3[key][1] not in re for key in self.case0_step1: re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100,flag='不存在') assert self.case0_step1[key][1] not in re
def test_udp_flood(self): # 下发配置并检查结果 print("1.网关设备开启netflow流量上报开关、fwlog抗攻击日志上报开关,下发udp协议的acl qos多桶限速策略,使用defconf --show、tupleacl --get查看开关开启,acl策略存在") fun.cmd(self.flood2_udp["fwlog"][0],'gw') fun.cmd(self.flood2_udp["netflow"][0],'gw') for key in self.case_step: re0 = fun.cmd(self.case_step[key][0], 'gw') print(re0) assert self.case_step[key][1] in re0 assert self.case_step[key][2] in re0 fun.send(Exc_rmb,message.AddAclPolicy_UDP['AddAclPolicy'], domain_rmb, base_path) for key in self.case2_step1: re0 = fun.cmd(self.case2_step1[key][0], 'gw') print(re0) assert self.case2_step1[key][1] in re0 # 客户端发送攻击命令 print("2.使用hping3工具发送UDP Flood攻击命令hping3 -q -n --udp --keep -p 攻击端口 --flood 服务端ip -c 10000 --faster,返回结果icmp mode set") print('udp flood命令为:',self.flood2_udp["hping3"][0]) fun.cmd(f"hping3 -q -n --udp --keep -p {port_attack} --flood {pcap_dip} -c 10000 --faster > /opt/udp_flood.txt", 'c') re = fun.wait_data('cat /opt/udp_flood.txt', 'c', self.flood2_udp["txt"][0], '检查UDP FLOOD攻击发送', 100) assert self.flood2_udp["txt"][0] in re print('hping3 UDP Flood攻击命令下发成功') # 检查抗攻击日志 print("3.检查/var/log/jsac.agentjsac.info.log日志中ReportDdosEvent上报结果,检查到有UDP Flood字段说明日志上报正确") fun.wait_data('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw',self.case2_step2['step1'][0], '检查UDP Flood', 300, flag='存在') for key in self.case2_step2: re = fun.cmd('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw') print('re:', re) assert self.case2_step2[key][0] in re # 移除udp策略 print("4.移除acl策略,使用tupleacl --get查看结果,使用tupleacl --get查看无策略") fun.send(Exc_rmb, message.DelAclPolicy['DelAclPolicy'], domain_rmb, base_path) for key in self.case2_step1: re0 = fun.cmd(self.case2_step1[key][0], 'gw') print(re0) assert self.case2_step1[key][1] not in re0 print("5.网关设备关闭netflow流量上报开关、fwlog抗攻击日志上报开关,使用defconf --show查看开关关闭") fun.cmd(self.flood2_udp["fwlog"][1],'gw') fun.cmd(self.flood2_udp["netflow"][1],'gw') for key in self.case_step1: re0 = fun.cmd(self.case_step1[key][0], 'gw') print(re0) assert self.case_step1[key][1] in re0 assert self.case_step1[key][2] in re0 #删除/opt/*flood.txt文件 fun.cmd("rm -f /opt/*txt*", 'c') re1 = fun.cmd("ls /opt/ |grep txt", 'c') print('客户端txt文件查询结果是:', re1) assert self.flood2_udp["txt"][1] not in re1
def test_ddos_syn_flood(self): # 下发配置并检查结果 print("1.开启ddos防御开关、fwlog抗攻击日志上报开关,使用defconf --show查看开关开启") fun.cmd(self.ddos2_ack["fwlog"][0], 'gw') fun.send(Exc_rmb, message.setddos_open['SetDdosEnable'], domain_rmb, base_path) for key in self.case_step: re0 = fun.cmd(self.case_step[key][0], 'gw') print(re0) assert self.case_step[key][1] in re0 assert self.case_step[key][2] in re0 assert self.case_step[key][3] in re0 assert self.case_step[key][4] in re0 # 客户端发送攻击命令 print("2.使用hping3工具发送SYN Flood攻击命令hping3 -S 目的ip -p 攻击端口 --faster -c 6000,返回结果S set") fun.cmd(self.ddos3_syn["hping3"][0], 'c') # fun.cmd(f"hping3 -i u1000 -SA -p {port_attack} {pcap_dip} --rand-source --tcp-timestamp", 'c') re = fun.wait_data(self.ddos3_syn["hping3"][1], 'c', self.ddos3_syn["hping3"][2], '检查ACK FLOOD攻击发送', 100) assert self.ddos3_syn["hping3"][2] in re print('hping3 Syn Flood攻击命令下发成功') # 客户端发送http请求 print("3.使用curl工具发送正常http请求,返回结果为Welcome to nginx!表示http请求成功") print(self.ddos3_syn["curl"][0]) fun.cmd(self.ddos3_syn["curl"][0], 'c') re = fun.wait_data(self.ddos3_syn["curl"][1], 'c', self.ddos3_syn["curl"][2], '检查http请求', 100) assert self.ddos3_syn["curl"][2] in re print('正常http请求发送成功') # 检查抗攻击日志 print("4.检查/var/log/jsac.agentjsac.info.log日志中ReportDdosEvent上报结果,检查到有Syn Flood字段说明日志上报正确") fun.wait_data('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw', self.case3_step1['step1'][0], '检查Syn Flood', 300, flag='存在') for key in self.case3_step1: re = fun.cmd('grep -n ReportDdosEvent /var/log/jsac.agentjsac.info.log |tail -1', 'gw') print('re:', re) assert self.case3_step1[key][0] in re print("5.网关设备关闭ddos防御开关、fwlog抗攻击日志上报开关,使用defconf --show查看开关关闭") fun.cmd(self.ddos1_rst["fwlog"][1], 'gw') fun.send(Exc_rmb, message.setddos_close['SetDdosEnable'], domain_rmb, base_path) for key in self.case_step1: re0 = fun.cmd(self.case_step1[key][0], 'gw') print(re0) assert self.case_step1[key][1] in re0 assert self.case_step1[key][2] in re0 assert self.case_step1[key][3] in re0 assert self.case_step1[key][4] in re0 # 删除/opt/ddos_*.txt文件 fun.cmd("rm -f /opt/*txt*", 'c') re1 = fun.cmd("ls /opt/ |grep txt", 'c') print('客户端txt文件查询结果是:', re1) assert self.ddos3_syn["txt"][0] not in re1 assert self.ddos3_syn["txt"][1] not in re1
def test_add_MIME_allow(self): # 下发配置 fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
def teardown_class(self): # 回收环境 clr_env.clear_env() fun.pid_kill('8889', process='python3', gw='vlanA') fun.pid_kill('8889', process='python3', gw='gw') fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path) fun.rbm_close() fun.ssh_close('gw') fun.ssh_close('vlanA') fun.ssh_close('vlanB')
def teardown_method(self): clr_env.clear_env('gw') clr_env.clear_met_acl('gw') fun.cmd(self.case3_step3["step1"][0], 'gw') fun.cmd(self.case1_step6["step1"][1], 'gw') fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'], domain_rmb, base_path) clr_env.verifymod_teardown_met(base_path) fun.cmd("rm -f /opt/verifymod*.txt", 'c') re1 = fun.cmd("ls /opt/ |grep txt", 'c') assert self.case3_step2["step2"][0] not in re1
def test_vlan_gw_issue_a1(self): # 对一个接口配置多个正确的vlan fun.send(rbmExc, message.setvlan_right['SetVlan'], rbmDomain, base_path) # 检查配置下发是否成功 for key in self.case1_step1: re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], 'vlan', 100) assert self.case1_step1[key][1] in re # 对一个接口配置多个错误的vlan fun.send(rbmExc, message.setvlan_error['SetVlan'], rbmDomain, base_path) # 检查配置下发是否成功 for key in self.case1_step2: re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], 'vlan', 100,flag='不存在') assert self.case1_step2[key][1] not in re # 对一个接口配置多个vlan,部分正确,部分错误 fun.send(rbmExc, message.setvlan_part['SetVlan'], rbmDomain, base_path) # 检查配置下发是否成功 for key in self.case1_step3: re = fun.wait_data(self.case1_step3[key][0], 'gw', self.case1_step3[key][1], 'vlan', 100,flag='不存在') assert self.case1_step3[key][1] not in re #清空环境,还原配置 fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path) # 检查配置下发是否成功 for key in self.vlan_clear: re = fun.cmd(self.vlan_clear[key][0], 'gw') assert self.vlan_clear[key][1] in re
def test_report_acl_labelPassPac_count_protocol_ICMP(self): # 开启acl命中统计开关并检查结果 fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'], domain_rmb, base_path) for key in self.case3_step1: print('ip:',baseinfo.gwManageIp) re = fun.cmd(self.case3_step1[key][0],'gw') print('re:',re) assert self.case3_step1[key][1] in re # 下发acl策略并检查结果-----查询失败问题待调查 fun.send(Exc_rmb, message.AddAclPolicy_labelPassPac['AddAclPolicy'], domain_rmb, base_path) # for key in self.case3_step2: # print('ip:',baseinfo.gwManageIp) # re = fun.cmd(self.case3_step2[key][0],'gw',thread=1) # print('key:',self.case3_step2[key][0]) # print('re:',re) # assert self.case3_step2[key][1] in re # 服务端抓取报文 cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \ self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3] pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap) print('pre_cfg:', pre_cfg) fun.cmd(pre_cfg, 's', thread=1) print('step wait') time.sleep(20) # 客户端发送正常请求报文 c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg["send"][1], self.pkt3_cfg["send"][2] send_cmd = fun.pkt_send(c_iface, c_num, c_pcap) print('send_cmd:', send_cmd) fun.cmd(send_cmd, 'c',thread=1) print('tcpreplay命令发送成功') # jsac.agentjsac.info.log文件查看命中统计数 fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step1'][0], '检查拒绝数', 300, flag='存在') fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step2'][0], '检查拒绝数', 300, flag='存在') for key in self.case3_step3: re = fun.cmd(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1 ",'gw') print('re:', re) assert self.case3_step3['step1'][0] in re # 检查报文是否存在 fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt3_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在') pcap_file = fun.search('/opt/pkt', 'pcap', 's') print('pcap_file:',pcap_file) assert cap_pcap in pcap_file print('服务端抓到报文:{}'.format(self.read_3)) print('step wait') # 关闭acl命中统计开关并检查结果 fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'], domain_rmb, base_path) for key in self.case3_step4: re = fun.cmd(self.case3_step4[key][0], 'gw') print('re:', re) assert self.case3_step4[key][1] in re # 移除掉acl策略并检查结果 fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'], domain_rmb, base_path)
def test_http_check_uri_a2(self): # 下发配置 fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case2_step1: re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100) print(re) assert self.case2_step1[key][1] in re fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') for key in self.case2_step2: re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100) print(re) assert self.case2_step2[key][1] in re # 发送get请求,不包含黑名单内容的普通请求 content = http_check.http_get(url) print('多个黑名单时get普通请求的请求内容为:{}'.format(content)) assert content == http_content # 发送post请求,不包含黑名单内容的普通请求 content = http_check.http_post(url) print('多个黑名单时get普通请求的请求内容为:{}'.format(content)) assert content == http_content # 发送get请求,请求内容包含第一个黑名单 status_code = http_check.http_get(self.case2_uri1,self.data) print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code)) assert status_code == 403 # 发送post请求,请求内容包含第一个黑名单 status_code = http_check.http_post(self.case2_uri1, self.data) print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code)) assert status_code == 403 # 发送get请求,请求内容包含第二个黑名单 status_code = http_check.http_get(self.case2_uri2, self.data) print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code)) assert status_code == 403 # 发送post请求,请求内容包含第二个黑名单 status_code = http_check.http_post(self.case2_uri2, self.data) print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code)) assert status_code == 403
def test_ddos_sameSipDip_syn_flood(self): # 下发配置并检查结果 fun.send(Exc_rmb, message.setddos_open['SetDdosEnable'], domain_rmb, base_path) for key in self.case1_step: re0 = fun.cmd(self.case1_step[key][0], 'gw') assert self.case1_step[key][2] in re0 for key in self.case1_step: re1 = fun.cmd(self.case1_step[key][1], 'gw') assert self.case1_step[key][2] in re1 # 服务端抓取报文 cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \ self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3] pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap) fun.cmd(pre_cfg, 's', thread=1) print('step wait') time.sleep(20) # 服务端开启http服务 fun.cmd(f"python2.7 -m SimpleHTTPServer {port_d}", 's', thread=1) # 客户端发送攻击命令 fun.cmd( f"hping3 -I {ciface} -a {pcap_dip} -S {pcap_dip} -p {port_attack} -i u1000", 'c', thread=1) fun_result = fun.cmd('ps -ef | grep hping3', 'c') print(fun_result) #检查hping3命令是否发送成功 assert self.pkt1_cfg["hping3"][0] in fun_result print('hping3攻击命令下发成功') # if self.pkt1_cfg["hping3"][0] in fun_result: # print('hping3攻击命令下发成功') # else: # print('!!!hping3攻击命令下发失败!!!') # exit() # 客户端发送http请求 fun.cmd(f"curl http://{pcap_dip}:{port_d}", 'c', thread=1) time.sleep(5) # 检查报文是否存在 pcap_file = fun.search('/opt/pkt', 'pcap', 's') assert cap_pcap in pcap_file print('服务端抓到报文:{}'.format(self.read_1))
def test_http_check_post_a2(self): # 下发配置 fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert add_res1 == 1 # 检查配置下发是否成功 for key in self.case2_step1: re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100) print(re) assert self.case2_step1[key][1] in re fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert add_res2 == 1 for key in self.case2_step2: re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100) print(re) assert self.case2_step2[key][1] in re # 发送post请求,不包含黑名单内容的普通请求 content = http_check.http_post(url) print('多个黑名单时post普通请求的请求内容为:{}'.format(content)) assert content == http_content # 发送post请求,请求内容不包含黑名单内容 content = http_check.http_post(url, self.data) print('多个黑名单时post请求内容不包含黑名单的请求应返回的内容为:{}'.format(content)) assert content == http_content # 发送post请求,请求内容包含第一个黑名单 status_code = http_check.http_post(url, self.case2_data1) print('多个黑名单时post请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code)) assert status_code == 403 # 发送post请求,请求内容包含第二个黑名单 status_code = http_check.http_post(url, self.case2_data2) print('多个黑名单时post请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code)) assert status_code == 403 # 移除策略,还原环境 fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert del_res1 == 1 # 检查代理是否成功移除 for key in self.case2_step1: re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100, flag='不存在') assert self.case2_step1[key][1] not in re # 检查网页访问策略是否清空 fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert del_res2 == 1 for key in self.delcheck: re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在') assert self.delcheck[key][1] not in re
def test_ftp_check_upload_a1(self): # 下发配置 fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert add_res1 == 1 # 检查配置下发是否成功 for key in self.case1_step1: re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100) print(re) assert self.case1_step1[key][1] in re for key in self.case1_step11: re = fun.wait_data(self.case1_step11[key][0], 'gw', self.case1_step11[key][1], '配置', 100) print(re) assert self.case1_step11[key][1] in re fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert add_res2 == 1 for key in self.case1_step2: re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '配置', 100) print(re) assert self.case1_step2[key][1] in re # 登录ftp服务器,上传文件扩展名为白名单 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result1 = con_ftp.uploadFile(fp, self.case1_upremotePath, self.case1_uplocalPath) print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case1_uplocalPath, result1)) assert result1 == 1 # 登录ftp服务器,上传文件扩展名为非白名单 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('欢迎语是:{}'.format(fp.getwelcome())) result2 = con_ftp.uploadFile(fp, self.case1_deny_upremotePath, self.case1_deny_uplocalPath) print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_uplocalPath, result2)) assert result2 == 0 # 移除策略,还原环境 fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert del_res1 == 1 # 检查代理是否成功移除 for key in self.case1_step1: re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100, flag='不存在') assert self.case1_step1[key][1] not in re # 检查ftp传输策略是否清空 fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') assert del_res2 == 1 for key in self.delcheck: re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在') assert self.delcheck[key][1] not in re
def test_ftp_check_user_a2(self): # 下发配置 fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case2_step1: re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100) print(re) assert self.case2_step1[key][1] in re for key in self.case2_step11: re = fun.wait_data(self.case2_step11[key][0], 'gw', self.case2_step11[key][1], '配置', 100) print(re) assert self.case2_step11[key][1] in re fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process') for key in self.case2_step2: re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100) print(re) assert self.case2_step2[key][1] in re # 登录ftp服务器,用户为白名单用户 fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password) print('ftp第一个白名单用户{}欢迎语是:{}'.format(self.username, fp.getwelcome())) assert '220' in fp.getwelcome() fp = con_ftp.connect_ftp(self.host, self.port, self.case2_allow_user, self.password) print('ftp第二个白名单用户{}欢迎语是:{}'.format(self.case2_allow_user, fp.getwelcome())) assert '220' in fp.getwelcome() # 登录ftp服务器,用户为非白名单用户 fp = con_ftp.connect_ftp(self.host, self.port, self.case2_deny_user, self.password) print('ftp非白名单用户{}结果为:{}'.format(self.case2_deny_user, fp)) assert fp == 0
def test_report_acl_labelRejectPac_count(self): # 开启acl命中统计开关并检查结果 fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'], domain_rmb, base_path) for key in self.case2_step1: print('ip:', baseinfo.gwManageIp) re = fun.cmd(self.case2_step1[key][0], 'gw') print('re:', re) assert self.case2_step1[key][1] in re # 下发acl策略并检查结果-----查询失败问题待调查 fun.send(Exc_rmb, message.AddAclPolicy_labelRejectPac['AddAclPolicy'], domain_rmb, base_path) # for key in self.case2_step2: # print('ip:',baseinfo.gwManageIp) # re = fun.cmd(self.case2_step2[key][0],'gw',thread=1) # print('key:',self.case2_step2[key][0]) # print('re:',re) # assert self.case2_step2[key][1] in re # 客户端发送正常请求报文 c_iface, c_num, c_pcap = self.pkt2_cfg["send"][0], self.pkt2_cfg[ "send"][1], self.pkt2_cfg["send"][2] send_cmd = fun.pkt_send(c_iface, c_num, c_pcap) print('send_cmd:', send_cmd) fun.cmd(send_cmd, 'c') print('tcpreplay命令发送成功') # jsac.agentjsac.info.log文件查看命中统计数 fun.wait_data( f"grep -n ReportAclCount /var/log/jsac.agentjsac.info.log |tail -1", 'gw', self.case2_step3['step1'][0], '检查拒绝数', 300, flag='存在') for key in self.case2_step3: re = fun.cmd( "grep -n LabelRejectPac /var/log/jsac.agentjsac.info.log |tail -1 ", 'gw') print('re:', re) assert self.case2_step3[key][0] in re # 关闭acl命中统计开关并检查结果 fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'], domain_rmb, base_path) for key in self.case2_step4: re = fun.cmd(self.case2_step4[key][0], 'gw') print('re:', re) assert self.case2_step4[key][1] in re # 移除掉acl策略并检查结果 fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'], domain_rmb, base_path)
def test_verifymod_set_timeout(self): # 开启认证服务 print('1.开启认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询服务进程有/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、服务有监听443端口说明服务开启成功') fun.send(rbmExc, message.verifymod_switch_start['ManageAuthServer'], domain_rmb, base_path) # 检查配置下发是否成功 for key in self.case1_step1: re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100) assert self.case1_step1[key][1] in re1 for key in self.case1_step2: re2 = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '检查认证监听端口', 100) assert self.case1_step2[key][1] in re2 print('2.设置认证时效为120s,使用命令cat /etc/jsac/Initialize.conf查询到AUTHIP_DURATION = 120说明认证时效设置成功') fun.send(rbmExc, message.verifymod_set_Timeout['ConfigAuthServer'], domain_rmb, base_path) fun.wait_data(self.case2_step1["step1"][0], 'gw', self.case2_step1["step1"][1], '检查认证时效', 100) for key in self.case2_step1: re1 = fun.cmd(self.case2_step1[key][0], 'gw') assert self.case2_step1[key][1] in re1 # 关闭认证服务 print('3.关闭认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询不到服务进程/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、且认证服务端口443也不存在') fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'], domain_rmb, base_path) # 检查配置下发是否成功 for key in self.case1_step1: re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100, flag='不存在') assert self.case1_step1[key][1] not in re1 for key in self.case1_step2: re2 = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '检查认证监听端口', 100, flag='不存在') assert self.case1_step2[key][1] not in re2
def test_verifymod_switch_restart(self): # 开启认证服务 print('1.开启认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询服务进程有/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、服务端口有443说明服务开启成功') fun.send(rbmExc, message.verifymod_switch_start['ManageAuthServer'], domain_rmb, base_path) # 检查配置下发是否成功 for key in self.case1_step1: re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100) assert self.case1_step1[key][1] in re1 for key in self.case1_step2: re2 = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '检查认证监听端口', 100) assert self.case1_step2[key][1] in re2 print('2.重启认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询服务进程有/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、服务端口有5566说明服务重启成功') fun.send(rbmExc, message.verifymod_switch_restart['ManageAuthServer'], domain_rmb, base_path) for key in self.case1_step1: re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100) assert self.case1_step1[key][1] in re1 for key in self.case2_step1: re2 = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '检查认证监听端口', 100) assert self.case2_step1[key][1] in re2 # 关闭认证服务 print('3.关闭认证服务,通过命令ps -ef | grep verifymod、netstat -ultpn查询不到服务进程/usr/local/ipauth/verifymod /etc/jsac/Initialize.conf、且认证服务端口5566也不存在') fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'], domain_rmb, base_path) # 检查配置下发是否成功 for key in self.case1_step1: re1 = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '检查认证服务进程', 100, flag='不存在') assert self.case1_step1[key][1] not in re1 for key in self.case2_step1: re2 = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '检查认证监听端口', 100, flag='不存在') assert self.case2_step1[key][1] not in re2
def test_rabbitmq(self): #清空环境 for i in clr_env.clear_env: fun.cmd(i, 'gw_s') #下发配置 fun.send('ManageExchange', 'AddAclPolicy', 'hf.f1203.g01.cs_12.wg5') #检查配置下发是否成功 re = fun.cmd(command.result_check_gwc[0], 'gw_s') #assert command.case_result_gwc[0] in re #开启接收端抓包 fun.cmd(command.pre_env[0], 'gw_c', thread=1) time.sleep(3) #客户端发送报文 fun.cmd(command.case_step_c[0], 'gw_s') #解析接收端抓包 re = fun.cmd(command.result_check_c[0], 'gw_c') assert command.case_result_c[0] in re
def test_iso_http_basic_a3(self): # 下发配置 fun.send(rbmExc, message.addhttp_front_post['AddCustomAppPolicy'], FrontDomain, base_path) fun.send(rbmExc, message.addhttp_back_post['AddCustomAppPolicy'], BackDomain, base_path) fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process') fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process') # 检查配置下发是否成功 for key in self.case3_step1: re = fun.wait_data(self.case3_step1[key][0], 'FrontDut', self.case3_step1[key][1], '配置', 100) print(re) assert self.case3_step1[key][1] in re for key in self.case3_step11: re = fun.wait_data(self.case3_step11[key][0], 'FrontDut', self.case3_step11[key][1], '配置', 100) print(re) assert self.case3_step11[key][1] in re #服务器端开启post上传服务 #发送post请求,验证post请求是否正常 print('请求地址为{}'.format(self.http_url)) content = http_check.http_post(self.http_url) print('post普通请求的请求内容为:{}'.format(content)) # 发送post请求,验证隔离下的http策略上传一个10M大小的文件 print('上传的服务器地址为{}'.format(self.upfile_url)) result = http_check.http_upload(self.upfile_url, self.upfilename, self.uplocalPath, self.upMIME_type) assert result == 1