def setUp(self): RuleTest.setUp(self) self.rule = SecureMTA(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) if self.environ.operatingsystem == "Mac OS X": self.isMac = True else: self.isMac = False if not self.isMac: self.ph = Pkghelper(self.logdispatch, self.environ) self.origState = [False, False, False, False] self.smPath = "/etc/mail/sendmail.cf" self.smTmp = "/tmp/" + os.path.split(self.smPath)[1] + ".utmp" self.pfPathlist = [ '/etc/postfix/main.cf', '/private/etc/postfix/main.cf', '/usr/lib/postfix/main.cf' ] self.pfPath = "" for path in self.pfPathlist: if os.path.exists(path): self.pfPath = path if self.pfPath == "": self.pfPath = "/etc/postfix/main.cf" self.pfTmp = "/tmp/" + os.path.split(self.pfPath)[1] + ".utmp"
def setUp(self): RuleTest.setUp(self) self.rule = SystemAccounting(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.rule.ci.updatecurrvalue(True)
def setUp(self): RuleTest.setUp(self) self.rule = RestrictMounting(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.sh = ServiceHelper(self.environ, self.logdispatch)
def setUp(self): RuleTest.setUp(self) self.rule = SetTFTPDSecureMode(self.config, self.environ, self.logdispatch, self.statechglogger) self.logger = self.logdispatch self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logger, self.environ)
def setUp(self): RuleTest.setUp(self) self.rule = RemoveSoftware(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.checkUndo = True
def setUp(self): RuleTest.setUp(self) self.rule = DisablePrelinking(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.prelinkInstalled = False
def setUp(self): RuleTest.setUp(self) self.rule = AuditFirefoxUsage(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ch = CommandHelper(self.logdispatch) self.ph = Pkghelper(self.logdispatch, self.environ) self.initMozDir = False self.moveMozDir = False self.mozPath = "/root/.mozilla/firefox" self.profilePath = "/root/.mozilla/firefox/profiles.ini"
def setLinuxConditions(self): success = True self.ph = Pkghelper(self.logger, self.environ) if not self.messupNetconfigFile(): success = False if not self.messupSysctl(): success = False if not self.messupModprobeFiles(): success = False if not self.messupInterfaceFile(): success = False if self.ph.manager == "apt-get": if not self.messupSSHDFile(): success = False return success
def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getosfamily() == "darwin": command = [ "/usr/bin/defaults", "-currentHost", "write", "NSGlobalDomain", "NSDocumentSaveNewDocumentsToCloud", "-bool", "yes" ] success = self.ch.executeCommand(command) else: ph = Pkghelper(self.logdispatch, self.environ) success = ph.install("unity-lens-shopping") return success
def setConditionsForRule(self): ''' Configure system for the unit test @param self: essential if you override this definition @return: boolean - If successful True; If failure False @author: Eric Ball ''' success = True ph = Pkghelper(self.logdispatch, self.environ) game = "gnuchess" if ph.checkAvailable(game): success = ph.install(game) if not success: error = "Could not install gnuchess. Please check that the " + \ "package manager cache is updated and that this PC is " + \ "online, and then attempt to run unit test again." self.logdispatch.log(LogPriority.ERROR, error) return success
def setUp(self): ''' :returns: None @author: ekkehard j. koch, Breen Malmberg ''' RuleTest.setUp(self) self.rule = DisableUbuntuDataCollection(self.config, self.environ, self.logdispatch, self.statechglogger) self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.ph = Pkghelper(self.logdispatch, self.environ) self.datacollectionpkgs = [ "popularity-contest", "apport", "ubuntu-report" ] self.teardownpkgs = []
def setUp(self): RuleTest.setUp(self) self.rule = ForceIdleLogout(self.config, self.environ, self.logdispatch, self.statechglogger) self.logger = self.logdispatch self.rulename = self.rule.rulename self.rulenumber = self.rule.rulenumber self.rule.filci.updatecurrvalue(True) self.checkUndo = True self.cmdhelper = CommandHelper(self.logger) self.ph = Pkghelper(self.logger, self.environ) self.gnomesettingpath = "/etc/dconf/db/local.d/00-autologout" self.gnomelockpath = "/etc/dconf/db/local.d/locks/autologout" self.undotimeout = "" self.undoforcelogout = "" self.kdesddm = False myos = self.environ.getostype().lower() if re.search("red hat", myos) or re.search("centos", myos): self.gconf = "GConf2" else: self.gconf = "gconf2" self.timeoutci = self.rule.timeoutci.getcurrvalue()
def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: Eric Ball ''' success = False ph = Pkghelper(self.logdispatch, self.environ) gamelist = ['bovo', 'gnuchess'] for game in gamelist: if ph.checkAvailable(game): if ph.install(game): success = True if not success: error = "Could not install any games for presetup in unit test. " + \ "Please check that the package manager cache is updated " + \ "and that this PC is online, and then attempt to run " + \ "unit test again." self.logdispatch.log(LogPriority.ERROR, error) return success
def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: dwalker ''' success = True pfdata = { 'inet_interfaces': 'localhost', 'default_process_limit': '100', 'smtpd_client_connection_count_limit': '10', 'smtpd_client_connection_rate_limit': '30', 'queue_minfree': '20971520', 'header_size_limit': '51200', 'message_size_limit': '10485760', 'smtpd_recipient_limit': '100', 'smtpd_banner': '$myhostname ESMTP', 'mynetworks_style': 'host', 'smtpd_recipient_restrictions': 'permit_mynetworks, reject_unauth_destination', 'relayhost': MAILRELAYSERVER } if not self.isMac: smdata = { "O SmtpGreetingMessage": "", "O PrivacyOptions": "goaway" } self.ph = Pkghelper(self.logdispatch, self.environ) self.origState = [False, False, False, False] self.smPath = "/etc/mail/sendmail.cf" self.smTmp = self.smPath + ".stonixUT" self.pfPathlist = [ '/etc/postfix/main.cf', '/usr/lib/postfix/main.cf' ] self.postfixpkg = "postfix" self.pfPath = "" for path in self.pfPathlist: if os.path.exists(path): self.pfPath = path break self.pfTmp = self.pfPath + ".stonixUT" #if postfix file exists, remove any correct contents if self.pfPath: self.postfixed = KVEditorStonix(self.statechglogger, self.logger, "conf", self.pfPath, self.pfTmp, pfdata, "notpresent", "openeq") if not self.postfixed.report(): if self.postfixed.removeables: print("kveditor has removeables\n") if not self.postfixed.fix(): success = False if os.path.exists(self.smPath): self.sndmailed = KVEditorStonix(self.statechglogger, self.logger, "conf", self.smPath, self.smTmp, smdata, "notpresent", "closedeq") if not self.sndmailed.report(): if self.postfixed.removeables: if not self.postfixed.fix(): success = False #remove postfix if installed if self.ph.check("postfix"): if not self.ph.remove("postfix"): success = False #remove sendmail if installed if not self.ph.checkAvailable("postfix"): if self.ph.check("sendmail"): if not self.ph.remove("sendmail"): success = False else: self.pfPath = "/private/etc/postfix/main.cf" self.pfTmp = self.pfPath + ".stonixUT" if os.path.exists(self.pfPath): self.postfixed = KVEditorStonix(self.statechglogger, self.logger, "conf", self.pfPath, self.pfTmp, pfdata, "notpresent", "openeq") if not self.postfixed.report(): if self.postfixed.removeables: if not self.postfixed.fix(): success = False # if self.ph.check("sendmail"): # self.origState[0] = True # if self.ph.check(self.postfixpkg): # self.origState[1] = True # if os.path.exists(self.smPath): # self.origState[2] = True # os.rename(self.smPath, self.smTmp) # if os.path.exists(self.pfPath): # self.origState[3] = True # os.rename(self.pfPath, self.pfTmp) return success
def setConditionsForRule(self): '''Configure system for the unit test :param self: essential if you override this definition :returns: boolean - If successful True; If failure False @author: ekkehard j. koch ''' success = True if self.environ.getosfamily() == "darwin": success = False osxversion = str(self.environ.getosver()) if osxversion.startswith("10.10.0") or \ osxversion.startswith("10.10.1") or \ osxversion.startswith("10.10.2") or \ osxversion.startswith("10.10.3"): debug = "Using discoveryd LaunchDaemon" self.logdispatch.log(LogPriority.DEBUG, debug) service = \ "/System/Library/LaunchDaemons/com.apple.discoveryd.plist" servicename = "com.apple.networking.discoveryd" parameter = "--no-multicast" plistText = readFile(service, self.logdispatch) newPlistText = re.sub("<string>" + parameter + "</string>", "", "".join(plistText)) success = True else: debug = "Using mDNSResponder LaunchDaemon" self.logdispatch.log(LogPriority.DEBUG, debug) service = "/System/Library/LaunchDaemons/" + \ "com.apple.mDNSResponder.plist" if osxversion.startswith("10.10"): servicename = "com.apple.mDNSResponder.reloaded" parameter = "-NoMulticastAdvertisements" else: servicename = "com.apple.mDNSResponder" parameter = "-NoMulticastAdvertisements" plistText = readFile(service, self.logdispatch) newPlistText = re.sub("<string>" + parameter + "</string>", "", "".join(plistText)) success = True self.service = service if success and self.sh.auditService(service, serviceTarget=servicename): success = writeFile(service + ".stonixtmp", "".join(plistText), self.logdispatch) success = writeFile(service, newPlistText, self.logdispatch) if success and self.sh.auditService(service, serviceTarget=servicename): success = self.sh.reloadService(service, serviceTarget=servicename) else: ph = Pkghelper(self.logdispatch, self.environ) package = "avahi-daemon" service = "avahi-daemon" if (ph.determineMgr() == "yum" or ph.determineMgr() == "dnf"): package = "avahi" path = "/etc/sysconfig/network" if os.path.exists(path): tmppath = path + ".tmp" data = {"NOZEROCONF": "yes"} editor = KVEditorStonix(self.statechglogger, self.logdispatch, "conf", path, tmppath, data, "notpresent", "closedeq") if not editor.report(): if editor.fix(): if not editor.commit(): success = False else: success = False elif ph.determineMgr() == "zypper": package = "avahi" if not ph.check(package) and ph.checkAvailable(package): success = ph.install(package) if success and not self.sh.auditService( service, serviceTarget=self.serviceTarget): self.sh.enableService(service, serviceTarget=self.serviceTarget) return success
def setConditionsForLinux(self): '''Method to configure mac non compliant for unit test @author: dwalker :returns: boolean ''' success = True self.ph = Pkghelper(self.logger, self.environ) # check compliance of grub file(s) if files exist if re.search("Red Hat", self.environ.getostype()) and \ re.search("^6", self.environ.getosver()): self.grubperms = [0, 0, 0o600] elif self.ph.manager is "apt-get": self.grubperms = [0, 0, 0o400] else: self.grubperms = [0, 0, 0o644] grubfiles = ["/boot/grub2/grub.cfg", "/boot/grub/grub.cfg" "/boot/grub/grub.conf"] for grub in grubfiles: if os.path.exists(grub): if self.grubperms: if checkPerms(grub, self.grubperms, self.logger): if not setPerms(grub, [0, 0, 0o777], self.logger): success = False contents = readFile(grub, self.logger) if contents: for line in contents: if re.search("^kernel", line.strip()) or re.search("^linux", line.strip()) \ or re.search("^linux16", line.strip()): if re.search("\s+nousb\s*", line): if not re.sub("nousb", "", line): success = False if re.search("\s+usbcore\.authorized_default=0\s*", line): if not re.sub("usbcore\.authorized_default=0", "", line): success = False pcmcialist = ['pcmcia-cs', 'kernel-pcmcia-cs', 'pcmciautils'] # check for existence of certain usb packages, non-compliant # if any exist for item in pcmcialist: if not self.ph.check(item): self.ph.install(item) removeables = [] found1 = True blacklist = {"blacklist usb_storage": False, "install usbcore /bin/true": False, "install usb-storage /bin/true": False, "blacklist uas": False, "blacklist firewire-ohci": False, "blacklist firewire-sbp2": False} if os.path.exists("/etc/modprobe.d"): dirs = glob.glob("/etc/modprobe.d/*") for directory in dirs: if os.path.isdir(directory): continue tempstring = "" contents = readFile(directory, self.logger) for line in contents: if line.strip() in blacklist: continue else: tempstring += line if not writeFile(directory, tempstring, self.logger): success = False if os.path.exists("/etc/modprobe.conf"): contents = readFile("/etc/modprobe.conf", self.logger) tempstring = "" for line in contents: if line.strip() in blacklist: continue else: tempstring += line if not writeFile("/etc/modprobe.conf", tempstring, self.logger): success = False udevfile = "/etc/udev/rules.d/10-local.rules" if os.path.exists(udevfile): if checkPerms(udevfile, [0, 0, 0o644], self.logger): if not setPerms(udevfile, [0 ,0, 0o777], self.logger): success = False contents = readFile(udevfile, self.logger) tempstring = "" for line in contents: if re.search("ACTION\=\=\"add\"\, SUBSYSTEMS\=\=\"usb\"\, RUN\+\=\"/bin/sh \-c \'for host in /sys/bus/usb/devices/usb\*\; do echo 0 \> \$host/authorized\_default\; done\'\"", line.strip()): continue else: tempstring += line if not writeFile(udevfile, tempstring, self.logger): success = False return success