def test_ftp_check_delete_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 1、登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,上传文件(上传命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.upremotePath, self.uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.uplocalPath, result1))
assert result1 == 0
# 3、登录ftp服务器,下载文件扩展名为白名单(下载命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.downremotePath, self.downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为白名单结果为:{}'.format(self.downremotePath,
result2))
assert result2 == 0
# 4、 登录ftp服务器,删除(删除命令被禁止)目录下的文件
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.deleallFile(fp, delePath)
print('ftp删除(删除命令被禁止){}的结果为:{}'.format(delePath, result3))
assert result3 == 0
def test_iso_ftp_large_file_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addftp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# 登录ftp服务器,下载一个100M大小的文件
fp = con_ftp.connect_ftp(proxy_ip, self.ftp_proxy_port, self.ftp_user, self.ftp_pass)
print('欢迎语是:{}'.format(fp.getwelcome()))
result = con_ftp.downFile(fp, self.case2_downremotePath, self.case2_downlocalPath)
print('ftp走隔离下载一个100M大小的文件结果为:{}'.format(result))
assert result == 1
# 移除策略,清空环境
fun.send(rbmExc, message.delftp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delftp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
def test_iso_ftp_check_alltype_a1(self):
# 下发配置
print('1、下发ftp的隔离代理:代理ip为前置机安全卡的ip,port为8887,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该包含代理ip和port,netstat -anp |grep tcp应该可以查看到监听ip和端口')
fun.send(rbmExc, message.addftp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addftp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
# 检查配置下发是否成功
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
print('2、下发ftp的用户白名单:test;上传文件扩展名白名单:txt;下载文件扩展名白名单:txt;命令控制白名单:不包含RETR,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该包含:allow-user、allow-upload、allow-download、allow-cmd,用户白名单test、下载扩展名白名单txt,上传扩展名白名单txt,以及不包含命令RETR')
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
assert add_res2 == 1
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'FrontDut', self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
for key in self.case1_step22:
re = fun.wait_data(self.case1_step22[key][0], 'FrontDut', self.case1_step22[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case1_step22[key][1] not in re
# 1、登录ftp服务器,用户为白名单用户
print('3、控制台走ftp隔离登录ftp服务器,登录用户为白名单test,查看登录是否成功;登录成功')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,用户为非白名单用户
print('4、控制台走ftp隔离登录ftp服务器,登录用户为非白名单lwq,查看登录是否成功;登录失败')
fp2 = con_ftp.connect_ftp(proxy_ip, self.port, self.deny_user, self.password)
print('ftp非白名单用户{}结果为:{}'.format(self.deny_user,fp2))
assert fp2 == 0
# 3、登录ftp服务器,上传文件扩展名为白名单
print('5、控制台走ftp隔离登录ftp服务器,上传文件扩展名为白名单txt,查看文件是否上传成功;上传成功')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.case1_upremotePath, self.case1_uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case1_uplocalPath,result1))
assert result1 == 1
# 4、登录ftp服务器,上传文件扩展名为非白名单
print('6、控制台走ftp隔离登录ftp服务器,上传文件扩展名为非白名单pdf,查看文件是否上传成功;上传失败')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.uploadFile(fp, self.case1_deny_upremotePath, self.case1_deny_uplocalPath)
print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_uplocalPath,result2))
assert result2 == 0
# 5、登录ftp服务器,下载文件扩展名为白名单(下载命令被禁止)
print('7、控制台走ftp隔离登录ftp服务器,下载文件扩展名为白名单txt(下载命令被禁止),查看文件是否下载成功;下载失败')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.downFile(fp, self.case1_downremotePath, self.case1_downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为白名单结果为:{}'.format(self.case1_downremotePath,result3))
assert result3 == 0
#6、 登录ftp服务器,下载文件扩展名为非白名单(下载命令被禁止)
print('8、控制台走ftp隔离登录ftp服务器,下载文件扩展名为非白名单pdf(下载命令被禁止),查看文件是否下载成功;下载失败')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result4 = con_ftp.downFile(fp, self.case1_deny_downremotePath, self.case1_deny_downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_downremotePath,result4))
assert result4 == 0
# 移除策略,还原环境
print('9、移除ftp的隔离策略,清空环境,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该不包含代理ip和port')
fun.send(rbmExc, message.delftp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delftp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
# 检查ftp传输策略是否清空
print('10、移除ftp传输策略,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该不包含:ftp协议')
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'FrontDut', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re
def test_iso_ftp_check_delete_a2(self):
# 下发配置
print(
'1、下发ftp的隔离代理:代理ip为前置机安全卡的ip,port为8887,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该包含代理ip和port,netstat -anp |grep tcp应该可以查看到监听ip和端口'
)
fun.send(rbmExc, message.addftp_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addftp_back['AddCustomAppPolicy'], BackDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
# 检查配置下发是否成功
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
print(
'2、下发ftp的命令控制白名单:包含RETR、DELE,不包含STOR,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该包含:allow-cmd、RETR、DELE,且不包含:STOR'
)
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], FrontDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
assert add_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'FrontDut',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
for key in self.case2_step22:
re = fun.wait_data(self.case2_step22[key][0],
'FrontDut',
self.case2_step22[key][1],
'配置',
100,
flag='不存在')
print(re)
assert self.case2_step22[key][1] not in re
# 1、登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,上传文件(上传命令被禁止)
print('3、控制台走ftp隔离登录ftp服务器,上传文件(上传命令被禁止),查看文件是否上传成功;上传失败')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.upremotePath, self.uplocalPath)
print('ftp上传(上传命令被禁止)文件{}的结果为:{}'.format(self.uplocalPath, result1))
assert result1 == 0
# 3、登录ftp服务器,下载文件(允许下载命令)
print('4、控制台走ftp隔离登录ftp服务器,下载文件,查看文件是否下载成功(允许下载命令);下载成功')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.downremotePath, self.downlocalPath)
print('ftp下载(允许下载命令)文件{}的结果为:{}'.format(self.downremotePath, result2))
assert result2 == 1
time.sleep(30)
# 4、 登录ftp服务器,删除目录下的文件(允许删除命令)
print('5、控制台走ftp隔离登录ftp服务器,删除文件(允许删除命令),查看文件是否删除成功;删除成功')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.deleallFile(fp, delePath)
print('ftp删除(允许删除命令)文件{}的结果为:{}'.format(delePath, result3))
assert result3 == 1
# 移除策略,还原环境
print(
'6、移除ftp的隔离策略,清空环境,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该不包含代理ip和port'
)
fun.send(rbmExc, message.delftp_front['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.delftp_back['DelCustomAppPolicy'], BackDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0],
'FrontDut',
self.case1_step1[key][1],
'配置',
100,
flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
# 检查ftp传输策略是否清空
print(
'7、移除ftp传输策略,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该不包含:ftp协议'
)
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], FrontDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0],
'FrontDut',
self.delcheck[key][1],
'配置',
100,
flag='不存在')
assert self.delcheck[key][1] not in re
def test_ftp_check_alltype_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res2 == 1
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 1、登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,用户为非白名单用户
fp2 = con_ftp.connect_ftp(self.host, self.port, self.deny_user, self.password)
print('ftp非白名单用户{}结果为:{}'.format(self.deny_user,fp2))
assert fp2 == 0
# 3、登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.case1_upremotePath, self.case1_uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case1_uplocalPath,result1))
assert result1 == 1
# 4、登录ftp服务器,上传文件扩展名为非白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.uploadFile(fp, self.case1_deny_upremotePath, self.case1_deny_uplocalPath)
print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_uplocalPath,result2))
assert result2 == 0
# 5、登录ftp服务器,下载文件扩展名为白名单(下载命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.downFile(fp, self.case1_downremotePath, self.case1_downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为白名单结果为:{}'.format(self.case1_downremotePath,result3))
assert result3 == 0
#6、 登录ftp服务器,下载文件扩展名为非白名单(下载命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result4 = con_ftp.downFile(fp, self.case1_deny_downremotePath, self.case1_deny_downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_downremotePath,result4))
assert result4 == 0
# 移除策略,还原环境
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100, flag='不存在')
assert self.case1_step1[key][1] not in re
# 检查ftp传输策略是否清空
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re
def test_ftp_check_download_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert add_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 登录ftp服务器,下载文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.downFile(fp, self.case2_downremotePath,
self.case2_downlocalPath)
print('第一个ftp下载文件扩展名{}为白名单结果为:{}'.format(self.case2_downremotePath,
result1))
assert result1 == 1
# 登录ftp服务器,下载文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.case2_allow_downremotePath,
self.case2_allow_downlocalPath)
print('第二个ftp下载文件扩展名{}为白名单结果为:{}'.format(
self.case2_allow_downremotePath, result2))
assert result2 == 1
# 登录ftp服务器,下载文件扩展名为非白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.downFile(fp, self.case2_deny_downremotePath,
self.case2_deny_downlocalPath)
print('下载文件扩展名{}为非白名单结果为:{}'.format(self.case2_deny_downremotePath,
result3))
assert result3 == 0
# 移除策略,还原环境
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0],
'gw',
self.case2_step1[key][1],
'配置',
100,
flag='不存在')
assert self.case2_step1[key][1] not in re
# 检查ftp传输策略是否清空
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0],
'gw',
self.delcheck[key][1],
'配置',
100,
flag='不存在')
assert self.delcheck[key][1] not in re
def test_ftp_check_delete_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw', self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 1、登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,上传文件(上传命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.upremotePath, self.uplocalPath)
print('ftp上传(上传命令被禁止)文件{}的结果为:{}'.format(self.uplocalPath, result1))
assert result1 == 0
# 3、登录ftp服务器,下载文件(允许下载命令)
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.downremotePath, self.downlocalPath)
print('ftp下载(允许下载命令)文件{}的结果为:{}'.format(self.downremotePath, result2))
assert result2 == 1
# 4、 登录ftp服务器,删除目录下的文件(允许删除命令)
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.deleallFile(fp, delePath)
print('ftp删除(允许删除命令)文件{}的结果为:{}'.format(delePath, result3))
assert result3 == 1
# 移除策略,还原环境
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100, flag='不存在')
assert self.case2_step1[key][1] not in re
# 检查ftp传输策略是否清空
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100, flag='不存在')
assert self.case2_step2[key][1] not in re
def test_iso_ftp_check_download_a2(self):
# 下发配置
print('1、下发ftp的隔离代理:代理ip为前置机安全卡的ip,port为8887,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该包含代理ip和port,netstat -anp |grep tcp应该可以查看到监听ip和端口')
fun.send(rbmExc, message.addftp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addftp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
# 检查配置下发是否成功
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
print('2、下发ftp的下载扩展名白名单:txt、xls,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该包含:allow-download和下载扩展名白名单:txt、xls')
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
assert add_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'FrontDut', self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 登录ftp服务器,下载文件扩展名为白名单
print('3、控制台走ftp隔离登录ftp服务器,下载文件扩展名为白名单txt,查看下载是否成功;下载成功')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.downFile(fp, self.case2_downremotePath, self.case2_downlocalPath)
print('第一个ftp下载文件扩展名{}为白名单结果为:{}'.format(self.case2_downremotePath,result1))
assert result1 == 1
# 登录ftp服务器,下载文件扩展名为白名单
print('4、控制台走ftp隔离登录ftp服务器,下载文件扩展名为白名单xls,查看下载是否成功;下载成功')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.case2_allow_downremotePath, self.case2_allow_downlocalPath)
print('第二个ftp下载文件扩展名{}为白名单结果为:{}'.format(self.case2_allow_downremotePath,result2))
assert result2 == 1
# 登录ftp服务器,下载文件扩展名为非白名单
print('5、控制台走ftp隔离登录ftp服务器,下载文件扩展名为非白名单pdf,查看下载是否成功;下载失败')
fp = con_ftp.connect_ftp(proxy_ip, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.downFile(fp, self.case2_deny_downremotePath, self.case2_deny_downlocalPath)
print('下载文件扩展名{}为非白名单结果为:{}'.format(self.case2_deny_downremotePath,result3))
assert result3 == 0
# 移除策略,还原环境
print('6、移除ftp的隔离策略,清空环境,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该不包含代理ip和port')
fun.send(rbmExc, message.delftp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delftp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
# 检查ftp传输策略是否清空
print('7、移除ftp传输策略,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该不包含:ftp协议')
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'FrontDut', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re