def LoadChecks(self):
"""Load the checks, returning the names of the checks that were loaded."""
checks.CheckRegistry.Clear()
check_configs = ("sshd.yaml", "sw.yaml", "unix_login.yaml")
cfg_dir = os.path.join(config.CONFIG["Test.data_dir"], "checks")
chk_files = [os.path.join(cfg_dir, f) for f in check_configs]
checks.LoadChecksFromFiles(chk_files)
return checks.CheckRegistry.checks.keys()
def setUp(self):
super(ProcessHostDataTests, self).setUp()
registered = checks.CheckRegistry.checks.keys()
if "SW-CHECK" not in registered:
checks.LoadChecksFromFiles([os.path.join(CHECKS_DIR, "sw.yaml")])
if "SSHD-CHECK" not in registered:
checks.LoadChecksFromFiles([os.path.join(CHECKS_DIR, "sshd.yaml")])
self.netcat = checks.CheckResult(
check_id="SW-CHECK",
anomaly=[
rdf_anomaly.Anomaly(
finding=["netcat-traditional 1.10-40 is installed"],
symptom="Found: l337 software installed",
type="ANALYSIS_ANOMALY")
])
self.sshd = checks.CheckResult(
check_id="SSHD-CHECK",
anomaly=[
rdf_anomaly.Anomaly(finding=["Configured protocols: 2,1"],
symptom="Found: Sshd allows protocol 1.",
type="ANALYSIS_ANOMALY")
])
self.windows = checks.CheckResult(
check_id="SW-CHECK",
anomaly=[
rdf_anomaly.Anomaly(finding=["Java 6.0.240 is installed"],
symptom="Found: Old Java installation.",
type="ANALYSIS_ANOMALY"),
rdf_anomaly.Anomaly(finding=["Adware 2.1.1 is installed"],
symptom="Found: Malicious software.",
type="ANALYSIS_ANOMALY")
])
self.data = {
"WMIInstalledSoftware": self.SetArtifactData(parsed=GetWMIData()),
"DebianPackagesStatus": self.SetArtifactData(parsed=GetDPKGData()),
"SshdConfigFile": self.SetArtifactData(parsed=GetSSHDConfig())
}
def LoadCheck(cls, cfg_file, *check_ids):
"""Loads checks from a file once per Test class.
LoadCheck will read a file containing a check configuration and instantiate
the checks from it. Specific checks can be selected by providing the check
ids that should be loaded from the file.
Checks are stored as a class attribute to prevent re-loading as each test
method is set up.
Args:
cfg_file: A path to the file that should be read.
*check_ids: A list of check ids that should be loaded from the file.
Returns:
The loaded check objects.
"""
if HostCheckTest.loaded_checks is None:
HostCheckTest.loaded_checks = {}
cfg = os.path.join(config.CONFIG["Test.srcdir"], "grr", "checks",
cfg_file)
if check_ids:
key = "%s:%s" % (cfg, ",".join(check_ids))
if key in HostCheckTest.loaded_checks:
return HostCheckTest.loaded_checks[key]
loaded = []
for chk_id in check_ids:
loaded.append(checks.LoadCheckFromFile(cfg, chk_id))
HostCheckTest.loaded_checks[key] = loaded
return loaded
else:
key = "%s:*" % cfg_file
if key in HostCheckTest.loaded_checks:
return HostCheckTest.loaded_checks[key]
else:
result = checks.LoadChecksFromFiles([cfg])
HostCheckTest.loaded_checks[key] = result
return result
def testLoadFromFiles(self):
check_defs = [os.path.join(CHECKS_DIR, "sshd.yaml")]
checks.LoadChecksFromFiles(check_defs)
self.assertTrue(checks.CheckRegistry.checks.get("SSHD-CHECK"))
