def test_060_hostquota(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
global app
nukeRules()
priority_level = 7 # Severely Limited
given_quota = 10000 # 10k
# Remove any existing quota
uvmContext.hostTable().removeQuota(remote_control.clientIP)
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create rule to give quota
appendRule(createBandwidthQuotaRule("HOST_HAS_NO_QUOTA","true","GIVE_HOST_QUOTA",given_quota))
# Create penalty for exceeding quota
appendRule(createBandwidthSingleConditionRule("HOST_QUOTA_EXCEEDED","true","SET_PRIORITY",priority_level))
# Download the file so quota is exceeded
global_functions.get_download_speed()
# quota accounting occurs every 60 seconds, so we must wait at least 60 seconds
time.sleep(60)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
printResults( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limitedAcceptanceRatio )
# Remove quota
uvmContext.hostTable().removeQuota(remote_control.clientIP)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limitedAcceptanceRatio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Quota Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"action", 1, #quota given
"size", given_quota,
"entity", remote_control.clientIP)
assert(found)
found = global_functions.check_events( events.get('list'), 5,
"action", 2, #quota exceeded
"entity", remote_control.clientIP)
assert(found)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.clientIP)
assert( found )
def test_048_contentLengthAddrRule(self):
global app
nukeRules()
priority_level = 7
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create DST_ADDR based rule to limit bandwidth
appendRule(createBandwidthSingleConditionRule("HTTP_CONTENT_LENGTH",">3000000","SET_PRIORITY",priority_level))
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
printResults( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limitedAcceptanceRatio )
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limitedAcceptanceRatio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.clientIP)
assert( found )
def test_047_hostnameRule(self):
global app
nukeRules()
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create HTTP_HOST based rule to limit bandwidth
appendRule(createBandwidthSingleConditionRule("HTTP_HOST","test.untangle.com","SET_PRIORITY",priority_level))
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
printResults( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limitedAcceptanceRatio )
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limitedAcceptanceRatio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.clientIP)
assert( found )
def test_035_dstAddrRule(self):
global app
nukeRules()
priority_level = 7
# Get the IP address of test.untangle.com. We could hardcoded this IP.
test_untangle_IP = socket.gethostbyname("test.untangle.com")
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create DST_ADDR based rule to limit bandwidth
appendRule(createBandwidthSingleConditionRule("DST_ADDR",test_untangle_IP,"SET_PRIORITY",priority_level))
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
printResults( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limitedAcceptanceRatio )
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limitedAcceptanceRatio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.clientIP)
assert( found )
def test_021_shieldOffNmap(self):
# enable logging of blocked settings
netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings['logBlockedSessions'] = True
netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
settings = app.getSettings()
settings['shieldEnabled'] = False
app.setSettings(settings)
start_time = datetime.now()
result = remote_control.run_command(
"nmap -PN -sT -T5 --min-parallelism 15 -p10000-10100 1.2.3.5 2>&1 >/dev/null"
)
assert (result == 0)
events = global_functions.get_events('Shield',
'Blocked Session Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
'c_client_addr',
remote_control.clientIP,
's_server_addr',
'1.2.3.5',
min_date=start_time)
assert (not found)
def test_021_captureTrafficCheck(self):
global app, appData
appData['captureRules']['list'] = []
appData['captureRules']['list'].append(createCaptureNonWanNicRule(1))
app.setSettings(appData)
result = remote_control.run_command(
"wget -4 -t 2 --timeout=5 -a /tmp/capture_test_021.log http://test.untangle.com/"
)
assert (result == 0)
events = global_functions.get_events('Captive Portal',
'All Session Events', None, 100)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'c_server_addr',
test_untangle_com_ip,
'c_client_addr',
remote_control.clientIP,
'captive_portal_blocked', True)
assert (found)
# logout user to clean up test.
# wget http://<internal IP>/capture/logout
result = remote_control.run_command(
"wget -4 -t 2 --timeout=5 -O /tmp/capture_test_021b.out http://" +
global_functions.get_lan_ip() + "/capture/logout")
assert (result == 0)
search = remote_control.run_command(
"grep -q 'logged out' /tmp/capture_test_021b.out")
assert (search == 0)
def test_055_functional_icmp_block(self):
"""
Functional, ICMP block
"""
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
startTime = datetime.now()
dest_ip_address = remote_control.run_command(
"host test.untangle.com | grep 'has address' | cut -d' ' -f4",
None, True)
signature = self.intrusion_prevention_interface.create_signature(
msg="ICMP Block", type="icmp", dest_ip=dest_ip_address, block=True)
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"signature", "add", signature))
app.reconfigure()
result = remote_control.run_command("ping -c 5 " + dest_ip_address +
" > /dev/null")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 1)
found = global_functions.check_events(events.get('list'),
5,
'msg',
signature['msg'],
'blocked',
True,
min_date=startTime)
assert (found)
def test_090_checkTLSwSSLInspector(self):
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through ' +
smtpServerHost)
test_untangle_IP = socket.gethostbyname(smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['allowTls'] = False
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0, createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
tlsSMTPResult, to_address = sendSpamMail(useTLS=True)
# print("TLS 090 : " + str(tlsSMTPResult))
appSSL.stop()
assert (tlsSMTPResult == 0)
events = global_functions.get_events(self.displayName(),
'Quarantined Events', None, 1)
assert (events != None)
assert (events.get('list') != None)
print(events['list'][0])
found = global_functions.check_events(events.get('list'), 5,
's_server_addr',
test_untangle_IP,
's_server_port', 25, 'addr',
to_address, 'c_client_addr',
remote_control.clientIP)
assert (found)
def test_105_eventlog_smtpNonVirus(self):
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through ' + testsite)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
print("fname: %s" % fname)
result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" %
(fname, fname))
assert (result == 0)
# download the email script
result = remote_control.run_command(
"wget -q -O /tmp/email_script.py http://" + testsite +
"/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# email the file
result = remote_control.run_command(
"/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/attachment-%s"
% (testsiteIP, fname, fname))
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Clean Email Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
"addr",
"*****@*****.**",
"subject",
str(fname),
self.shortName() + '_clean',
True,
min_date=startTime)
assert (found)
def test_103_eventlog_ftpNonVirus(self):
ftp_result = subprocess.call(
["ping", "-c", "1", global_functions.ftp_server],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest2.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" +
global_functions.ftp_server +
"/test.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Clean Ftp Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, "uri",
"test.zip",
self.shortName() + '_clean',
True)
assert (found)
def test_104_eventlog_smtpVirus(self):
if platform.machine().startswith('arm'):
raise unittest2.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command(
"wget -q -O /tmp/email_script.py http://" + testsite +
"/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# email the file
result = remote_control.run_command(
"/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar"
% (testsiteIP, fname))
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Infected Email Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
"addr",
"*****@*****.**",
"subject",
str(fname),
self.shortName() + '_clean',
False,
min_date=startTime)
assert (found)
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.clientIP));
blockRackFirewall.setRules(rules);
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] )
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager','All Events',None,100)
assert(events != None)
found = global_functions.check_events( events.get('list'), 100,
"s_server_addr", str(test_untangle_com_ip),
"policy_id", 1,
"c_client_addr", remote_control.clientIP)
assert( found )
def test_102_eventlog_ftpVirus(self):
if platform.machine().startswith('arm'):
raise unittest2.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(
["ping", "-c", "1", global_functions.ftp_server],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest2.SkipTest("FTP server not available")
fname = sys._getframe().f_code.co_name
result = remote_control.run_command(
"wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" +
global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
events = global_functions.get_events(self.displayName(),
'Infected Ftp Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, "uri",
"fedexvirus.zip",
self.shortName() + '_clean',
False)
assert (found)
def test_600_web_searches(self):
"""check the web searches log correctly"""
termTests = [{
"host": "www.bing.com",
"uri": "/search?q=oneterm&qs=n&form=QBRE",
"term": "oneterm"
}, {
"host": "www.bing.com",
"uri": "/search?q=two+terms&qs=n&form=QBRE",
"term": "two terms"
}, {
"host": "www.bing.com",
"uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE",
"term": '"quoted terms"'
}]
host = "www.bing.com"
uri = "/search?q=oneterm&qs=n&form=QBRE"
for t in termTests:
fname = sys._getframe().f_code.co_name
eventTime = datetime.datetime.now()
result1 = remote_control.run_command(
"wget -q -O - 'http://%s%s' 2>&1 >/dev/null" %
(t["host"], t["uri"]))
events = global_functions.get_events(self.displayName(),
'All Query Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"host", t["host"], "term",
t["term"])
assert (found)
def test_030_checkUserRegistrationScript(self):
"""
checkUserRegistration
"""
# remove leading and trailing spaces.
http_admin = global_functions.get_http_url()
assert (http_admin)
test_name = "randomName-" + "".join(
[random.choice(string.letters) for i in xrange(15)])
test_name_lower = test_name.lower()
result = register_username(http_admin, test_name)
user_list = get_list_of_username_mapped()
# print 'test_name %s' % test_name
# print 'result %s' % result
# print 'user_list %s' % user_list
found_username = find_name_in_host_table(test_name_lower)
assert (found_username)
assert (result == 0)
assert (test_name_lower in user_list)
events = global_functions.get_events('Directory Connector',
'API Events', None, 1)
assert (events != None)
found_in_reports = global_functions.check_events(
events.get('list'), 5, "login_name", test_name_lower,
"client_addr", remote_control.clientIP)
assert (found_in_reports)
def test_110_eventlog_smtpSSLVirus(self):
if platform.machine().startswith('arm'):
raise unittest2.SkipTest("local scanner not available on ARM")
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through ' + testsiteIP)
startTime = datetime.now()
fname = sys._getframe().f_code.co_name
# download the email script
result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py")
assert (result == 0)
result = remote_control.run_command("chmod 775 /tmp/email_script.py")
assert (result == 0)
# Turn on SSL Inspector
appSSLData['processEncryptedMailTraffic'] = True
appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25"))
appSSL.setSettings(appSSLData)
appSSL.start()
# email the file
result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False)
appSSL.stop()
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1)
# print events['list'][0]
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"addr", "*****@*****.**",
"subject", str(fname),
's_server_addr', testsiteIP,
self.shortName() + '_clean', False,
min_date=startTime)
assert( found )
def test_020_smtpTest(self):
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through ' +
smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
# Get the IP address of test.untangle.com
test_untangle_IP = socket.gethostbyname(smtpServerHost)
result, to_address = sendSpamMail()
events = global_functions.get_events(self.displayName(),
'Quarantined Events', None, 1)
assert (events != None)
assert (events.get('list') != None)
print(events['list'][0])
found = global_functions.check_events(events.get('list'), 10,
's_server_addr',
test_untangle_IP,
's_server_port', 25, 'addr',
to_address, 'c_client_addr',
remote_control.clientIP)
assert (found)
def test_020_severely_limited_tcp(self):
global app
nuke_rules()
priority_level = 7
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create SRC_ADDR based rule to limit bandwidth
append_rule(
create_single_condition_rule("SRC_ADDR", remote_control.clientIP,
"SET_PRIORITY", priority_level))
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control',
'Prioritized Sessions', None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"bandwidth_control_priority",
priority_level, "c_client_addr",
remote_control.clientIP)
assert (found)
def test_054_functional_udp_block(self):
"""
Functional, UDP block
"""
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
startTime = datetime.now()
signature = self.intrusion_prevention_interface.create_signature(
msg="UDP Block",
type="udp",
block=True,
directive="content:\"CompanySecret\"; nocase;")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"signature", "add", signature))
app.reconfigure()
result = remote_control.run_command(
"host www.companysecret.com 4.2.2.1 > /dev/null")
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 1)
found = global_functions.check_events(events.get('list'),
5,
'msg',
signature['msg'],
'blocked',
True,
min_date=startTime)
assert (found)
def test_030_adminQuarantine(self):
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through ' +
smtpServerHost)
# send some spam
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 30
app.setSettings(appData)
result, to_address = sendSpamMail()
events = global_functions.get_events(self.displayName(),
'Quarantined Events', None, 1)
if (events == None):
raise unittest2.SkipTest(
'Unable to run admin quarantine since there are no quarantine events'
)
# Get adminstrative quarantine list of email addresses
addressFound = False
curQuarantine = appSP.getQuarantineMaintenenceView()
curQuarantineList = curQuarantine.listInboxes()
for checkAddress in curQuarantineList['list']:
print(checkAddress)
if (checkAddress['address']
== to_address) and (checkAddress['totalMails'] > 0):
addressFound = True
assert (addressFound)
def test_020_testBasicWebCache(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
pre_events_hit = global_functions.get_app_metric_value(app, "hit")
app.clearSquidCache()
for x in range(0, 10):
result = remote_control.run_command(
"wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/"
)
time.sleep(1)
assert (result == 0)
time.sleep(65) # summary-events only written every 60 seconds
events = global_functions.get_events('Web Cache', 'Web Cache Events',
None, 1)
assert (events != None)
# verify at least one hit
assert (events['list'][0])
assert (events['list'][0]['hits'])
# Check to see if the faceplate counters have incremented.
post_events_hit = global_functions.get_app_metric_value(app, "hit")
assert (pre_events_hit < post_events_hit)
def test_025_ping_test_wan_offline(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest(
"Need at least two WANS for test_025_addPingFailTestForWans")
nuke_rules()
orig_offline_count = offline_wan_count()
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
build_wan_test(wanIndex, "ping", pingHost="192.168.244.1")
wait_for_wan_offline()
offline_count = offline_wan_count()
assert (offline_count > orig_offline_count)
result = remote_control.is_online()
assert (result == 0)
events = global_functions.get_events('WAN Failover', 'Outage Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 2, "action",
"DISCONNECTED")
assert (found)
def test_030_smtpMarkPhishBlockerTest(self):
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through' +
smtpServerHost)
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 5
appData['smtpConfig']['msgAction'] = "MARK"
app.setSettings(appData)
# Get the IP address of test.untangle.com
ip_address_testuntangle = socket.gethostbyname(smtpServerHost)
timeout = 12
found = False
email_index = 20
while (not found and timeout > 0):
time.sleep(3)
email_index += 1
from_address = "test0" + str(email_index)
sendPhishMail(mailfrom=from_address)
events = global_functions.get_events('Phish Blocker',
'All Phish Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, 'c_server_addr',
ip_address_testuntangle, 's_server_port', 25, 'addr',
'*****@*****.**', 'c_client_addr',
remote_control.clientIP, 'phish_blocker_action', 'M')
timeout -= 1
assert (found)
def test_025_ftpVirusBlocked(self):
if platform.machine().startswith('arm'):
raise unittest2.SkipTest("local scanner not available on ARM")
ftp_result = subprocess.call(
["ping", "-c", "1", global_functions.ftp_server],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if (ftp_result != 0):
raise unittest2.SkipTest("FTP server not available")
remote_control.run_command("rm -f /tmp/temp_022_ftpVirusBlocked_file")
result = remote_control.run_command(
"wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" +
global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
md5TestNum = remote_control.run_command(
"\"md5sum /tmp/temp_022_ftpVirusBlocked_file | awk '{print $1}'\"",
stdout=True)
print("md5StdNum <%s> vs md5TestNum <%s>" % (md5StdNum, md5TestNum))
assert (md5StdNum != md5TestNum)
events = global_functions.get_events(self.displayName(),
'Infected Ftp Events', None, 1)
assert (events != None)
found = global_functions.check_events(
events.get('list'), 5, "s_server_addr",
global_functions.ftp_server, "c_client_addr",
remote_control.clientIP, "uri", "fedexvirus.zip",
self.shortName() + '_clean', False)
assert (found)
def test_070_bypass_udp_block(self):
"""
UDP blocked but bypassed so UDP should work
"""
raise unittest2.SkipTest(
'test correctly fails - disabling for 13.0 - NGFW-10144')
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
tracerouteExists = remote_control.run_command(
"test -x /usr/sbin/traceroute")
if tracerouteExists != 0:
raise unittest2.SkipTest(
"Traceroute app needs to be installed on client")
# use IP address instead of hostname to avoid false positive with DNS IPS block.
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings = copy.deepcopy(orig_netsettings)
netsettings['bypassRules']['list'].append(
createBypassConditionRule("SRC_ADDR", remote_control.clientIP))
# netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
startTime = datetime.now()
rule = self.intrusion_prevention_interface.create_rule(msg="UDP Block",
type="udp",
block=True,
directive="")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"rule", "add", rule))
app.reconfigure()
result = remote_control.run_command(
"/usr/sbin/traceroute -U -m 3 -p 1234 " + test_untangle_com_ip)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 500)
assert (events != None)
found = global_functions.check_events(events.get('list'),
500,
"source_addr",
remote_control.clientIP,
"dest_addr",
test_untangle_com_ip,
"dest_port",
1234,
"protocol",
17,
"blocked",
True,
min_date=startTime)
print("found: %s" % str(found))
assert (not found)
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
signature = self.intrusion_prevention_interface.create_signature(
msg="TCP Block",
type="tcp",
block=True,
directive="content:\"CompanySecret\"; nocase;")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"signature", "add", signature))
app.reconfigure()
app.forceUpdateStats()
time.sleep(5)
pre_events_scan = global_functions.get_app_metric_value(app, "scan")
pre_events_detect = global_functions.get_app_metric_value(
app, "detect")
pre_events_block = global_functions.get_app_metric_value(app, "block")
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret"
)
time.sleep(5)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 1)
found = global_functions.check_events(events.get('list'), 5, 'msg',
signature['msg'], 'blocked',
True)
assert (found)
post_events_scan = global_functions.get_app_metric_value(app, "scan")
post_events_detect = global_functions.get_app_metric_value(
app, "detect")
post_events_block = global_functions.get_app_metric_value(app, "block")
print("pre_events_scan: %s post_events_scan: %s" %
(str(pre_events_scan), str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s" %
(str(pre_events_detect), str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s" %
(str(pre_events_block), str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert (pre_events_detect < post_events_detect)
assert (pre_events_block < post_events_block)
def test_020_backupNow(self):
global app
boxUID = uvmContext.getServerUID()
app.sendBackup()
events = global_functions.get_events('Configuration Backup',
'Backup Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5, 'success',
True)
assert (found)
def test_101_eventlog_httpNonVirus(self):
fname = sys._getframe().f_code.co_name
result = remote_control.run_command("wget -q -O - http://" + testsite + "/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname)
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Clean Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"host", testsite,
"uri", ("/test/test.zip?arg=%s" % fname),
self.shortName() + '_clean', True )
assert( found )
def test_071_bypass_tcp_block(self):
"""
TCP blocked but bypassed so TCP should work
"""
raise unittest2.SkipTest(
'test correctly fails - disabling for 13.0 - NGFW-10144')
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings = copy.deepcopy(orig_netsettings)
netsettings['bypassRules']['list'].append(
createBypassConditionRule("SRC_ADDR", remote_control.clientIP))
# netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
startTime = datetime.now()
rule = self.intrusion_prevention_interface.create_rule(msg="TCP Block",
type="tcp",
block=True,
directive="")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"rule", "add", rule))
app.reconfigure()
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 500)
assert (events != None)
found = global_functions.check_events(events.get('list'),
500,
"source_addr",
remote_control.clientIP,
"dest_addr",
test_untangle_com_ip,
"dest_port",
80,
"protocol",
6,
"blocked",
True,
min_date=startTime)
print("found: %s" % str(found))
assert (not found)
def test_030_checkSslInspectorInspectorEventLog(self):
remote_control.run_command(
'curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s'
% (testedServerName))
events = global_functions.get_events('SSL Inspector', 'All Sessions',
None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"ssl_inspector_status",
"INSPECTED",
"ssl_inspector_detail",
testedServerName)
assert (found)