def setUp(self):
RuleTest.setUp(self)
self.rule = SecureMTA(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
if self.environ.operatingsystem == "Mac OS X":
self.isMac = True
else:
self.isMac = False
if not self.isMac:
self.ph = Pkghelper(self.logdispatch, self.environ)
self.origState = [False, False, False, False]
self.smPath = "/etc/mail/sendmail.cf"
self.smTmp = "/tmp/" + os.path.split(self.smPath)[1] + ".utmp"
self.pfPathlist = [
'/etc/postfix/main.cf', '/private/etc/postfix/main.cf',
'/usr/lib/postfix/main.cf'
]
self.pfPath = ""
for path in self.pfPathlist:
if os.path.exists(path):
self.pfPath = path
if self.pfPath == "":
self.pfPath = "/etc/postfix/main.cf"
self.pfTmp = "/tmp/" + os.path.split(self.pfPath)[1] + ".utmp"
def setUp(self):
RuleTest.setUp(self)
self.rule = SystemAccounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.rule.ci.updatecurrvalue(True)
def setUp(self):
RuleTest.setUp(self)
self.rule = RestrictMounting(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.sh = ServiceHelper(self.environ, self.logdispatch)
def setUp(self):
RuleTest.setUp(self)
self.rule = SetTFTPDSecureMode(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.logger = self.logdispatch
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logger, self.environ)
def setUp(self):
RuleTest.setUp(self)
self.rule = RemoveSoftware(self.config, self.environ, self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.checkUndo = True
def setUp(self):
RuleTest.setUp(self)
self.rule = DisablePrelinking(self.config,
self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.prelinkInstalled = False
def setUp(self):
RuleTest.setUp(self)
self.rule = AuditFirefoxUsage(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ch = CommandHelper(self.logdispatch)
self.ph = Pkghelper(self.logdispatch, self.environ)
self.initMozDir = False
self.moveMozDir = False
self.mozPath = "/root/.mozilla/firefox"
self.profilePath = "/root/.mozilla/firefox/profiles.ini"
def setLinuxConditions(self):
success = True
self.ph = Pkghelper(self.logger, self.environ)
if not self.messupNetconfigFile():
success = False
if not self.messupSysctl():
success = False
if not self.messupModprobeFiles():
success = False
if not self.messupInterfaceFile():
success = False
if self.ph.manager == "apt-get":
if not self.messupSSHDFile():
success = False
return success
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
success = True
if self.environ.getosfamily() == "darwin":
command = [
"/usr/bin/defaults", "-currentHost", "write", "NSGlobalDomain",
"NSDocumentSaveNewDocumentsToCloud", "-bool", "yes"
]
success = self.ch.executeCommand(command)
else:
ph = Pkghelper(self.logdispatch, self.environ)
success = ph.install("unity-lens-shopping")
return success
def setConditionsForRule(self):
'''
Configure system for the unit test
@param self: essential if you override this definition
@return: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = True
ph = Pkghelper(self.logdispatch, self.environ)
game = "gnuchess"
if ph.checkAvailable(game):
success = ph.install(game)
if not success:
error = "Could not install gnuchess. Please check that the " + \
"package manager cache is updated and that this PC is " + \
"online, and then attempt to run unit test again."
self.logdispatch.log(LogPriority.ERROR, error)
return success
def setUp(self):
'''
:returns: None
@author: ekkehard j. koch, Breen Malmberg
'''
RuleTest.setUp(self)
self.rule = DisableUbuntuDataCollection(self.config, self.environ,
self.logdispatch,
self.statechglogger)
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.ph = Pkghelper(self.logdispatch, self.environ)
self.datacollectionpkgs = [
"popularity-contest", "apport", "ubuntu-report"
]
self.teardownpkgs = []
def setUp(self):
RuleTest.setUp(self)
self.rule = ForceIdleLogout(self.config, self.environ,
self.logdispatch, self.statechglogger)
self.logger = self.logdispatch
self.rulename = self.rule.rulename
self.rulenumber = self.rule.rulenumber
self.rule.filci.updatecurrvalue(True)
self.checkUndo = True
self.cmdhelper = CommandHelper(self.logger)
self.ph = Pkghelper(self.logger, self.environ)
self.gnomesettingpath = "/etc/dconf/db/local.d/00-autologout"
self.gnomelockpath = "/etc/dconf/db/local.d/locks/autologout"
self.undotimeout = ""
self.undoforcelogout = ""
self.kdesddm = False
myos = self.environ.getostype().lower()
if re.search("red hat", myos) or re.search("centos", myos):
self.gconf = "GConf2"
else:
self.gconf = "gconf2"
self.timeoutci = self.rule.timeoutci.getcurrvalue()
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: Eric Ball
'''
success = False
ph = Pkghelper(self.logdispatch, self.environ)
gamelist = ['bovo', 'gnuchess']
for game in gamelist:
if ph.checkAvailable(game):
if ph.install(game):
success = True
if not success:
error = "Could not install any games for presetup in unit test. " + \
"Please check that the package manager cache is updated " + \
"and that this PC is online, and then attempt to run " + \
"unit test again."
self.logdispatch.log(LogPriority.ERROR, error)
return success
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: dwalker
'''
success = True
pfdata = {
'inet_interfaces': 'localhost',
'default_process_limit': '100',
'smtpd_client_connection_count_limit': '10',
'smtpd_client_connection_rate_limit': '30',
'queue_minfree': '20971520',
'header_size_limit': '51200',
'message_size_limit': '10485760',
'smtpd_recipient_limit': '100',
'smtpd_banner': '$myhostname ESMTP',
'mynetworks_style': 'host',
'smtpd_recipient_restrictions':
'permit_mynetworks, reject_unauth_destination',
'relayhost': MAILRELAYSERVER
}
if not self.isMac:
smdata = {
"O SmtpGreetingMessage": "",
"O PrivacyOptions": "goaway"
}
self.ph = Pkghelper(self.logdispatch, self.environ)
self.origState = [False, False, False, False]
self.smPath = "/etc/mail/sendmail.cf"
self.smTmp = self.smPath + ".stonixUT"
self.pfPathlist = [
'/etc/postfix/main.cf', '/usr/lib/postfix/main.cf'
]
self.postfixpkg = "postfix"
self.pfPath = ""
for path in self.pfPathlist:
if os.path.exists(path):
self.pfPath = path
break
self.pfTmp = self.pfPath + ".stonixUT"
#if postfix file exists, remove any correct contents
if self.pfPath:
self.postfixed = KVEditorStonix(self.statechglogger,
self.logger, "conf",
self.pfPath, self.pfTmp,
pfdata, "notpresent", "openeq")
if not self.postfixed.report():
if self.postfixed.removeables:
print("kveditor has removeables\n")
if not self.postfixed.fix():
success = False
if os.path.exists(self.smPath):
self.sndmailed = KVEditorStonix(self.statechglogger,
self.logger, "conf",
self.smPath, self.smTmp,
smdata, "notpresent",
"closedeq")
if not self.sndmailed.report():
if self.postfixed.removeables:
if not self.postfixed.fix():
success = False
#remove postfix if installed
if self.ph.check("postfix"):
if not self.ph.remove("postfix"):
success = False
#remove sendmail if installed
if not self.ph.checkAvailable("postfix"):
if self.ph.check("sendmail"):
if not self.ph.remove("sendmail"):
success = False
else:
self.pfPath = "/private/etc/postfix/main.cf"
self.pfTmp = self.pfPath + ".stonixUT"
if os.path.exists(self.pfPath):
self.postfixed = KVEditorStonix(self.statechglogger,
self.logger, "conf",
self.pfPath, self.pfTmp,
pfdata, "notpresent", "openeq")
if not self.postfixed.report():
if self.postfixed.removeables:
if not self.postfixed.fix():
success = False
# if self.ph.check("sendmail"):
# self.origState[0] = True
# if self.ph.check(self.postfixpkg):
# self.origState[1] = True
# if os.path.exists(self.smPath):
# self.origState[2] = True
# os.rename(self.smPath, self.smTmp)
# if os.path.exists(self.pfPath):
# self.origState[3] = True
# os.rename(self.pfPath, self.pfTmp)
return success
def setConditionsForRule(self):
'''Configure system for the unit test
:param self: essential if you override this definition
:returns: boolean - If successful True; If failure False
@author: ekkehard j. koch
'''
success = True
if self.environ.getosfamily() == "darwin":
success = False
osxversion = str(self.environ.getosver())
if osxversion.startswith("10.10.0") or \
osxversion.startswith("10.10.1") or \
osxversion.startswith("10.10.2") or \
osxversion.startswith("10.10.3"):
debug = "Using discoveryd LaunchDaemon"
self.logdispatch.log(LogPriority.DEBUG, debug)
service = \
"/System/Library/LaunchDaemons/com.apple.discoveryd.plist"
servicename = "com.apple.networking.discoveryd"
parameter = "--no-multicast"
plistText = readFile(service, self.logdispatch)
newPlistText = re.sub("<string>" + parameter + "</string>", "",
"".join(plistText))
success = True
else:
debug = "Using mDNSResponder LaunchDaemon"
self.logdispatch.log(LogPriority.DEBUG, debug)
service = "/System/Library/LaunchDaemons/" + \
"com.apple.mDNSResponder.plist"
if osxversion.startswith("10.10"):
servicename = "com.apple.mDNSResponder.reloaded"
parameter = "-NoMulticastAdvertisements"
else:
servicename = "com.apple.mDNSResponder"
parameter = "-NoMulticastAdvertisements"
plistText = readFile(service, self.logdispatch)
newPlistText = re.sub("<string>" + parameter + "</string>", "",
"".join(plistText))
success = True
self.service = service
if success and self.sh.auditService(service,
serviceTarget=servicename):
success = writeFile(service + ".stonixtmp", "".join(plistText),
self.logdispatch)
success = writeFile(service, newPlistText, self.logdispatch)
if success and self.sh.auditService(service,
serviceTarget=servicename):
success = self.sh.reloadService(service,
serviceTarget=servicename)
else:
ph = Pkghelper(self.logdispatch, self.environ)
package = "avahi-daemon"
service = "avahi-daemon"
if (ph.determineMgr() == "yum" or ph.determineMgr() == "dnf"):
package = "avahi"
path = "/etc/sysconfig/network"
if os.path.exists(path):
tmppath = path + ".tmp"
data = {"NOZEROCONF": "yes"}
editor = KVEditorStonix(self.statechglogger,
self.logdispatch, "conf", path,
tmppath, data, "notpresent",
"closedeq")
if not editor.report():
if editor.fix():
if not editor.commit():
success = False
else:
success = False
elif ph.determineMgr() == "zypper":
package = "avahi"
if not ph.check(package) and ph.checkAvailable(package):
success = ph.install(package)
if success and not self.sh.auditService(
service, serviceTarget=self.serviceTarget):
self.sh.enableService(service,
serviceTarget=self.serviceTarget)
return success
def setConditionsForLinux(self):
'''Method to configure mac non compliant for unit test
@author: dwalker
:returns: boolean
'''
success = True
self.ph = Pkghelper(self.logger, self.environ)
# check compliance of grub file(s) if files exist
if re.search("Red Hat", self.environ.getostype()) and \
re.search("^6", self.environ.getosver()):
self.grubperms = [0, 0, 0o600]
elif self.ph.manager is "apt-get":
self.grubperms = [0, 0, 0o400]
else:
self.grubperms = [0, 0, 0o644]
grubfiles = ["/boot/grub2/grub.cfg",
"/boot/grub/grub.cfg"
"/boot/grub/grub.conf"]
for grub in grubfiles:
if os.path.exists(grub):
if self.grubperms:
if checkPerms(grub, self.grubperms, self.logger):
if not setPerms(grub, [0, 0, 0o777], self.logger):
success = False
contents = readFile(grub, self.logger)
if contents:
for line in contents:
if re.search("^kernel", line.strip()) or re.search("^linux", line.strip()) \
or re.search("^linux16", line.strip()):
if re.search("\s+nousb\s*", line):
if not re.sub("nousb", "", line):
success = False
if re.search("\s+usbcore\.authorized_default=0\s*", line):
if not re.sub("usbcore\.authorized_default=0", "", line):
success = False
pcmcialist = ['pcmcia-cs', 'kernel-pcmcia-cs', 'pcmciautils']
# check for existence of certain usb packages, non-compliant
# if any exist
for item in pcmcialist:
if not self.ph.check(item):
self.ph.install(item)
removeables = []
found1 = True
blacklist = {"blacklist usb_storage": False,
"install usbcore /bin/true": False,
"install usb-storage /bin/true": False,
"blacklist uas": False,
"blacklist firewire-ohci": False,
"blacklist firewire-sbp2": False}
if os.path.exists("/etc/modprobe.d"):
dirs = glob.glob("/etc/modprobe.d/*")
for directory in dirs:
if os.path.isdir(directory):
continue
tempstring = ""
contents = readFile(directory, self.logger)
for line in contents:
if line.strip() in blacklist:
continue
else:
tempstring += line
if not writeFile(directory, tempstring, self.logger):
success = False
if os.path.exists("/etc/modprobe.conf"):
contents = readFile("/etc/modprobe.conf", self.logger)
tempstring = ""
for line in contents:
if line.strip() in blacklist:
continue
else:
tempstring += line
if not writeFile("/etc/modprobe.conf", tempstring, self.logger):
success = False
udevfile = "/etc/udev/rules.d/10-local.rules"
if os.path.exists(udevfile):
if checkPerms(udevfile, [0, 0, 0o644], self.logger):
if not setPerms(udevfile, [0 ,0, 0o777], self.logger):
success = False
contents = readFile(udevfile, self.logger)
tempstring = ""
for line in contents:
if re.search("ACTION\=\=\"add\"\, SUBSYSTEMS\=\=\"usb\"\, RUN\+\=\"/bin/sh \-c \'for host in /sys/bus/usb/devices/usb\*\; do echo 0 \> \$host/authorized\_default\; done\'\"",
line.strip()):
continue
else:
tempstring += line
if not writeFile(udevfile, tempstring, self.logger):
success = False
return success
