def test_041_trigger_rule_untag_host(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_trigger_rule("TAG_HOST", "localAddr", "test-tag", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*") settings['triggerRules']['list'] = [ new_rule ] uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip ) tag_test = entry.get('tagsString') uvmContext.eventManager().setSettings( orig_settings ) new_rule = create_trigger_rule("UNTAG_HOST", "localAddr", "test*", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*") settings['triggerRules']['list'] = [ new_rule ] uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip ) tag_test2 = entry.get('tagsString') uvmContext.eventManager().setSettings( orig_settings ) assert( tag_test != None ) assert( "test-tag" in tag_test ) assert( tag_test2 == None or "test-tag" not in tag_test2)
def test_050_alert_rule(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*") settings['alertRules']['list'].append( new_rule ) uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) events = global_functions.get_events('Events','Alert Events',None,10) found = global_functions.check_events( events.get('list'), 5, 'description', 'test alert rule' ) uvmContext.eventManager().setSettings( orig_settings ) assert(events != None) assert ( found )
def test_060_customized_email_alert(self): """Create custom email template and verify alert email is received correctly""" #get settings, backup original settings email_settings = uvmContext.eventManager().getSettings() orig_email_settings = copy.deepcopy(email_settings) admin_settings = uvmContext.adminManager().getSettings() orig_admin_settings = copy.deepcopy(admin_settings) #change admin email to verify sent email new_admin_email = global_functions.random_email() admin_settings["users"]["list"][0]["emailAddress"] = new_admin_email uvmContext.adminManager().setSettings(admin_settings) #set custom email template subject and body new_email_subject = "NEW EMAIL SUBJECT TEST" new_email_body = "NEW EMAIL BODY TEST" email_settings["emailSubject"] = new_email_subject email_settings["emailBody"] = new_email_body #set new alert rule for easy trigger of email new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*", sendEmail=True) email_settings['alertRules']['list'].append(new_rule) #set new settings uvmContext.eventManager().setSettings(email_settings) #send a session remote_control.is_online() time.sleep(4) #check email sent is correct emailFound = False timeout = 5 alertEmail = "" while not emailFound and timeout > 0: timeout -= 1 time.sleep(1) alertEmail = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + new_admin_email + " 2>&1 | grep TEST" ,stdout=True) if (alertEmail != ""): emailFound = True #set settings back uvmContext.eventManager().setSettings(orig_email_settings) uvmContext.adminManager().setSettings(orig_admin_settings) assert(emailFound)
def test_040_remote_syslog(self): if (not can_syslog): raise unittest.SkipTest('Unable to syslog through ' + syslog_server_host) firewall_app = None if (uvmContext.appManager().isInstantiated("firewall")): print("App %s already installed" % "firewall") firewall_app = uvmContext.appManager().app("firewall") else: firewall_app = uvmContext.appManager().instantiate( "firewall", default_policy_id) # Install firewall rule to generate syslog events rules = firewall_app.getRules() rules["list"].append( create_firewall_rule("SRC_ADDR", remote_control.client_ip)) firewall_app.setRules(rules) rules = firewall_app.getRules() # Get rule ID for rule in rules['list']: if rule['enabled'] and rule['block']: targetRuleId = rule['ruleId'] break # Setup syslog to send events to syslog host in /config/events/syslog syslogSettings = uvmContext.eventManager().getSettings() syslogSettings["syslogEnabled"] = True syslogSettings["syslogPort"] = 514 syslogSettings["syslogProtocol"] = "UDP" syslogSettings["syslogHost"] = syslog_server_host uvmContext.eventManager().setSettings(syslogSettings) # create some traffic (blocked by firewall and thus create a syslog event) exactly_now = datetime.now() exactly_now_minus1 = datetime.now() - timedelta(minutes=1) exactly_now_plus1 = datetime.now() + timedelta(minutes=1) timestamp = exactly_now.strftime('%Y-%m-%d %H:%M') timestamp_minus1 = exactly_now_minus1.strftime('%Y-%m-%d %H:%M') timestamp_now_plus1 = exactly_now_plus1.strftime('%Y-%m-%d %H:%M') result = remote_control.is_online(tries=1) # flush out events self._app.flushEvents() # remove the firewall rule aet syslog back to original settings self._app.setSettings(orig_settings) rules["list"] = [] firewall_app.setRules(rules) # remove firewall if firewall_app != None: uvmContext.appManager().destroy( firewall_app.getAppSettings()["id"]) firewall_app = None # parse the output and look for a rule that matches the expected values tries = 5 found_count = 0 timestamp_variations = [ str('\"timeStamp\":\"%s' % timestamp_minus1), str('\"timeStamp\":\"%s' % timestamp_now_plus1) ] strings_to_find = [ '\"blocked\":true', str('\"ruleId\":%i' % targetRuleId), str('\"timeStamp\":\"%s' % timestamp) ] num_string_find = len(strings_to_find) while (tries > 0 and found_count < num_string_find): # get syslog results on server rsyslogResult = remote_control.run_command( "sudo tail -n 200 /var/log/syslog | grep 'FirewallEvent'", host=syslog_server_host, stdout=True) tries -= 1 for line in rsyslogResult.splitlines(): print("\nchecking line: %s " % line) found_count = 0 for string in strings_to_find: if not string in line: print("missing: %s" % string) if ('timeStamp' in string): # Allow +/- one minute in timestamp if (timestamp_variations[0] in line) or (timestamp_variations[1] in line): print("found: time with varation %s or %s" % (timestamp_variations[0], timestamp_variations[1])) found_count += 1 else: break else: # continue break else: found_count += 1 print("found: %s" % string) # break if all the strings have been found. if found_count == num_string_find: break time.sleep(2) # Disable syslog syslogSettings = uvmContext.eventManager().getSettings() syslogSettings["syslogEnabled"] = False uvmContext.eventManager().setSettings(syslogSettings) assert (found_count == num_string_find)
def test_040_remote_syslog(self): if (not can_syslog): raise unittest.SkipTest('Unable to syslog through ' + syslog_server_host) firewall_app = None if (uvmContext.appManager().isInstantiated("firewall")): print("App %s already installed" % "firewall") firewall_app = uvmContext.appManager().app("firewall") else: firewall_app = uvmContext.appManager().instantiate("firewall", default_policy_id) # Install firewall rule to generate syslog events rules = firewall_app.getRules() rules["list"].append(create_firewall_rule("SRC_ADDR",remote_control.client_ip)); firewall_app.setRules(rules); rules = firewall_app.getRules() # Get rule ID for rule in rules['list']: if rule['enabled'] and rule['block']: targetRuleId = rule['ruleId'] break # Setup syslog to send events to syslog host in /config/events/syslog syslogSettings = uvmContext.eventManager().getSettings() syslogSettings["syslogEnabled"] = True syslogSettings["syslogPort"] = 514 syslogSettings["syslogProtocol"] = "UDP" syslogSettings["syslogHost"] = syslog_server_host uvmContext.eventManager().setSettings( syslogSettings ) # create some traffic (blocked by firewall and thus create a syslog event) exactly_now = datetime.now() exactly_now_minus1 = datetime.now() - timedelta(minutes=1) exactly_now_plus1 = datetime.now() + timedelta(minutes=1) timestamp = exactly_now.strftime('%Y-%m-%d %H:%M') timestamp_minus1 = exactly_now_minus1.strftime('%Y-%m-%d %H:%M') timestamp_now_plus1 = exactly_now_plus1.strftime('%Y-%m-%d %H:%M') result = remote_control.is_online(tries=1) # flush out events app.flushEvents() # remove the firewall rule aet syslog back to original settings app.setSettings(orig_settings) rules["list"]=[]; firewall_app.setRules(rules); # remove firewall if firewall_app != None: uvmContext.appManager().destroy( firewall_app.getAppSettings()["id"] ) firewall_app = None # parse the output and look for a rule that matches the expected values tries = 5 found_count = 0 timestamp_variations = [str('\"timeStamp\":\"%s' % timestamp_minus1),str('\"timeStamp\":\"%s' % timestamp_now_plus1)] strings_to_find = ['\"blocked\":true',str('\"ruleId\":%i' % targetRuleId),str('\"timeStamp\":\"%s' % timestamp)] num_string_find = len(strings_to_find) while (tries > 0 and found_count < num_string_find): # get syslog results on server rsyslogResult = remote_control.run_command("sudo tail -n 200 /var/log/syslog | grep 'FirewallEvent'", host=syslog_server_host, stdout=True) tries -= 1 for line in rsyslogResult.splitlines(): print("\nchecking line: %s " % line) found_count = 0 for string in strings_to_find: if not string in line: print("missing: %s" % string) if ('timeStamp' in string): # Allow +/- one minute in timestamp if (timestamp_variations [0] in line) or (timestamp_variations [1] in line): print("found: time with varation %s or %s" % (timestamp_variations [0],timestamp_variations [1])) found_count += 1 else: break else: # continue break else: found_count += 1 print("found: %s" % string) # break if all the strings have been found. if found_count == num_string_find: break time.sleep(2) # Disable syslog syslogSettings = uvmContext.eventManager().getSettings() syslogSettings["syslogEnabled"] = False uvmContext.eventManager().setSettings( syslogSettings ) assert(found_count == num_string_find)