def test_060_host_quota(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') global app nuke_rules() priority_level = 7 # Severely Limited given_quota = 10000 # 10k # Remove any existing quota uvmContext.hostTable().removeQuota(remote_control.client_ip) # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed() # Create rule to give quota append_rule(create_quota_rule("HOST_HAS_NO_QUOTA","true","GIVE_HOST_QUOTA",given_quota)) # Create penalty for exceeding quota append_rule(create_single_condition_rule("HOST_QUOTA_EXCEEDED","true","SET_PRIORITY",priority_level)) # Download the file so quota is exceeded global_functions.get_download_speed(meg=1) # quota accounting occurs every 60 seconds, so we must wait at least 60 seconds time.sleep(60) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed() print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio ) # Remove quota uvmContext.hostTable().removeQuota(remote_control.client_ip) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control','Quota Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "action", 1, #quota given "size", given_quota, "entity", remote_control.client_ip) assert(found) found = global_functions.check_events( events.get('list'), 5, "action", 2, #quota exceeded "entity", remote_control.client_ip) assert(found) events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert( found )
def test_023_childShouldNotEffectParent(self): # add a child that blocks everything blockRackId = addRack(name="Block Rack", parentId=default_policy_id) blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId) assert (blockRackFirewall != None) # add a block rule for the client IP rules = blockRackFirewall.getRules() rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip)); blockRackFirewall.setRules(rules); # client should still be online result = remote_control.is_online() assert (result == 0) uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] ) assert (removeRack(blockRackId)) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") events = global_functions.get_events('Policy Manager','All Events',None,100) assert(events != None) found = global_functions.check_events( events.get('list'), 100, "s_server_addr", str(test_untangle_com_ip), "policy_id", 1, "c_client_addr", remote_control.client_ip) assert( found )
def test_030_checkUserRegistrationScript(self): """ checkUserRegistration """ # remove leading and trailing spaces. http_admin = global_functions.get_http_url() assert(http_admin) test_name = "randomName-" + "".join( [random.choice(string.ascii_letters) for i in range(15)] ) test_name_lower = test_name.lower() result = register_username(http_admin, test_name) user_list = get_list_of_username_mapped() # print('test_name %s' % test_name) # print('result %s' % result) # print('user_list %s' % user_list) found_username = find_name_in_host_table(test_name_lower) assert(found_username) assert (result == 0) assert (test_name_lower in user_list) events = global_functions.get_events('Directory Connector','API Events',None,1) assert(events != None) found_in_reports = global_functions.check_events( events.get('list'), 5, "login_name",test_name_lower, "client_addr", remote_control.client_ip) assert( found_in_reports )
def test_600_web_searches(self): """check the web searches log correctly""" termTests = [{ "host": "www.bing.com", "uri": "/search?q=oneterm&qs=n&form=QBRE", "term": "oneterm" },{ "host": "www.bing.com", "uri": "/search?q=two+terms&qs=n&form=QBRE", "term": "two terms" },{ "host": "www.bing.com", "uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE", "term": '"quoted terms"' }] host = "www.bing.com" uri = "/search?q=oneterm&qs=n&form=QBRE" for t in termTests: fname = sys._getframe().f_code.co_name eventTime = datetime.datetime.now() result1 = remote_control.run_command("wget -q -O - 'http://%s%s' 2>&1 >/dev/null" % ( t["host"], t["uri"] ) ) events = global_functions.get_events(self.displayName(),'All Query Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", t["host"], "term", t["term"]) assert( found )
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_106_eventlog_smtpVirusPassList(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsite) addPassSite(testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" % (fname, fname)) if result != 0: nukePassSites() assert( False ) # download the email script result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") if result != 0: nukePassSites() assert( False ) result = remote_control.run_command("chmod 775 /tmp/email_script.py") if result != 0: nukePassSites() assert( False ) # email the file result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar" % (testsiteIP, fname)) nukePassSites() assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Email Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), self.shortName() + '_clean', True, min_date=startTime ) assert( found )
def test_054_functional_udp_block(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999998", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="udp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() result = remote_control.run_command("host www.companysecret.com 4.2.2.1 > /dev/null") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_110_eventlog_smtpSSLVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name # download the email script result = remote_control.run_command("wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") assert (result == 0) result = remote_control.run_command("chmod 775 /tmp/email_script.py") assert (result == 0) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() # email the file result = remote_control.run_command("/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname),nowait=False) appSSL.stop() assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Email Events',None,1) # print(events['list'][0]) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), 's_server_addr', testsiteIP, self.shortName() + '_clean', False, min_date=startTime) assert( found )
def test_031_rule_modify(self): """ Modify existing rule and rule to enable it """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') rule_desc = appSettings['rules']['list'][0]['description'] if rule_desc != "ATS rule": raise unittest.SkipTest('Skipping as test test_030_rule_add is needed') else: appSettings['rules']['list'][0]['action'] = "log" app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_090_checkTLSwSSLInspector(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) test_untangle_IP = socket.gethostbyname(smtpServerHost) appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['allowTls'] = False appData['smtpConfig']['strength'] = 30 app.setSettings(appData) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0,createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() tlsSMTPResult, to_address = sendSpamMail(useTLS=True) # print("TLS 090 : " + str(tlsSMTPResult)) appSSL.stop() assert(tlsSMTPResult == 0) events = global_functions.get_events(self.displayName(),'Quarantined Events',None,1) assert( events != None ) assert( events.get('list') != None ) print(events['list'][0]) found = global_functions.check_events( events.get('list'), 5, 's_server_addr', test_untangle_IP, 's_server_port', 25, 'addr', to_address, 'c_client_addr', remote_control.client_ip) assert( found )
def test_060_app_stats(self): """ Checks that the scan, detect, and block stats are properly incremented """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # clear out the signature list appSettings['signatures']['list'] = [] appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999999", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="tcp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() app.forceUpdateStats() pre_events_scan = global_functions.get_app_metric_value(app,"scan") pre_events_detect = global_functions.get_app_metric_value(app,"detect") pre_events_block = global_functions.get_app_metric_value(app,"block") startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") time.sleep(10) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) post_events_scan = global_functions.get_app_metric_value(app,"scan") post_events_detect = global_functions.get_app_metric_value(app,"detect") post_events_block = global_functions.get_app_metric_value(app,"block") del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found) print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan))) print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect))) print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block))) # assert(pre_events_scan < post_events_scan) assert(pre_events_detect < post_events_detect) assert(pre_events_block < post_events_block)
def test_030_checkSslInspectorInspectorEventLog(self): remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName)) events = global_functions.get_events('SSL Inspector','All Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "ssl_inspector_status","INSPECTED", "ssl_inspector_detail",testedServerName) assert( found )
def test_020_backupNow(self): global app boxUID = uvmContext.getServerUID() app.sendBackup() events = global_functions.get_events('Configuration Backup','Backup Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'success', True ) assert( found )
def test_040_checkWebFilterEventLog(self): addBlockedUrl(testedServerName) remote_control.run_command('curl -s -4 --connect-timeout 10 --trace /tmp/ssl_test_040.trace --output /tmp/ssl_test_040.output --insecure https://%s' % (testedServerName)) nukeBlockedUrls() events = global_functions.get_events('Web Filter','Blocked Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testedServerName, "web_filter_blocked", True) assert( found )
def test_101_eventlog_httpNonVirus(self): fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget -q -O - http://" + testsite + "/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname) assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testsite, "uri", ("/test/test.zip?arg=%s" % fname), self.shortName() + '_clean', True ) assert( found )
def test_102_admin_login_event(self): uvmContext.adminManager().logAdminLoginEvent( "admin", True, "127.0.1.1", True, 'X' ) events = global_functions.get_events('Administration','Admin Login Events',None,10) assert(events != None) for i in events.get('list'): print(i) found = global_functions.check_events( events.get('list'), 10, 'client_addr', "127.0.1.1", 'reason', 'X', 'local', True, 'succeeded', True, 'login', 'admin' ) assert( found )
def test_100_eventlog_httpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget -q -O - http://" + testsite + "/virus/eicar.zip?arg=%s 2>&1 | grep -q blocked" % fname) assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testsite, "uri", ("/virus/eicar.zip?arg=%s" % fname), self.shortName() + '_clean', False ) assert( found )
def test_021_check_for_mailshell(self): if (not self.canRelay): raise unittest.SkipTest('Unable to relay through ' + global_functions.TEST_SERVER_HOST) events = global_functions.get_events(self.displayName(),'Quarantined Events',None,8) if events != None: assert( events.get('list') != None ) found = False for event in events['list']: if 'MAILSHELL_SCORE_' in event['spam_blocker_tests_string']: found = True break assert(found) else: raise unittest.SkipTest('No events to check for MAIL_SHELL')
def test_103_eventlog_ftpNonVirus(self): ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip") assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "uri", "test.zip", self.shortName() + '_clean', True ) assert( found )
def test_100_eventlog_httpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget -q -O - http://" + testsite + "/virus/eicar.zip?arg=%s 2>&1 | grep -q blocked" % fname) assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host", testsite, "uri", ("/virus/eicar.zip?arg=%s" % fname), self.shortName() + '_clean', False ) assert( found )
def test_102_reports_all_urls(self): """check the All Web Events report""" fname = sys._getframe().f_code.co_name self.block_url_list_clear(); # specify an argument so it isn't confused with other events result1 = remote_control.run_command("wget -q -O - http://test.untangle.com/test/testPage1.html?arg=%s 2>&1 >/dev/null" % fname) events = global_functions.get_events(self.displayName(),'All Web Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host","test.untangle.com", "uri", ("/test/testPage1.html?arg=%s" % fname), 'web_filter_blocked', False, 'web_filter_flagged', False ) assert( found )
def test_103_eventlog_ftpNonVirus(self): ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /dev/null ftp://" + global_functions.ftp_server + "/test.zip") assert (result == 0) events = global_functions.get_events(self.displayName(),'Clean Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "uri", "test.zip", self.shortName() + '_clean', True ) assert( found )
def test_102_admin_login_event(self): uvmContext.adminManager().logAdminLoginEvent("admin", True, "127.0.1.1", True, 'X') events = global_functions.get_events('Administration', 'Admin Login Events', None, 10) assert (events != None) for i in events.get('list'): print(i) found = global_functions.check_events(events.get('list'), 10, 'client_addr', "127.0.1.1", 'reason', 'X', 'local', True, 'succeeded', True, 'login', 'admin') assert (found)
def test_023_eventlog_blockedAd(self): fname = sys._getframe().f_code.co_name # specify an argument so it isn't confused with other events eventTime = datetime.datetime.now() result = remote_control.run_command("wget -4 -q -O /dev/null http://ads.pubmatic.com/AdServer/js/showad.js?arg=%s" % fname) assert ( result != 0 ) events = global_functions.get_events('Ad Blocker','Blocked Ad Events',None,1) assert( events != None ) found = global_functions.check_events( events.get('list'), 5, 'host', 'ads.pubmatic.com', 'uri', ("/AdServer/js/showad.js?arg=%s" % fname), 'ad_blocker_action', 'B' ) assert( found )
def test_100_eventlog_Block_Google(self): touchProtoRule("Google",True,True) result = remote_control.run_command("wget -O /dev/null -4 -t 2 --timeout=5 http://www.google.com/") assert (result != 0) time.sleep(1) events = global_functions.get_events('Application Control','Blocked Sessions',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "application_control_application", "GOOGLE", "application_control_category", "Web Services", "application_control_blocked", True, "application_control_flagged", True) assert( found )
def test_050_severely_limited_web_filter_flagged(self): global app, app_web_filter nuke_rules(self._app) pre_count = global_functions.get_app_metric_value(app, "prioritize") priority_level = 7 # This test might need web filter for http to start # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed( download_server="test.untangle.com") # Create WEB_FILTER_FLAGGED based rule to limit bandwidth append_rule( self._app, create_single_condition_rule("WEB_FILTER_FLAGGED", "true", "SET_PRIORITY", priority_level)) # Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology settingsWF = app_web_filter.getSettings() i = 0 untangleCats = ["Computer,", "Security"] for webCategories in settingsWF['categories']['list']: if any(x in webCategories['name'] for x in untangleCats): settingsWF['categories']['list'][i]['flagged'] = "true" i += 1 app_web_filter.setSettings(settingsWF) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed( download_server="test.untangle.com") print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1, wget_speed_pre * limited_acceptance_ratio) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control', 'Prioritized Sessions', None, 5) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert (found) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app, "prioritize") assert (pre_count < post_count)
def test_033_block_by_Hostname(self): entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip ) self.rules_clear() self.rule_add("DST_PORT","53",action="pass") # allow DNS otherwise bridged configs fail self.rule_add("HOST_HOSTNAME",entry['hostname']) result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q blocked") assert (result == 0) events = global_functions.get_events(self.displayName(),'Blocked Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "hostname",entry['hostname'], self.eventAppName() + '_blocked', True, self.eventAppName() + '_flagged', True ) assert( found )
def test_101_eventlog_httpNonVirus(self): fname = sys._getframe().f_code.co_name result = remote_control.run_command( "wget -q -O - http://" + testsite + "/test/test.zip?arg=%s 2>&1 | grep -q text123" % fname) assert (result == 0) events = global_functions.get_events(self.displayName(), 'Clean Web Events', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, "host", testsite, "uri", ("/test/test.zip?arg=%s" % fname), self.shortName() + '_clean', True) assert (found)
def test_101_reports_flagged_url(self): """check the Flagged Web Events report""" fname = sys._getframe().f_code.co_name self.block_url_list_clear(); self.block_url_list_add("test.untangle.com/test/testPage1.html", blocked=False, flagged=True) # specify an argument so it isn't confused with other events result1 = remote_control.run_command("wget -q -O - http://test.untangle.com/test/testPage1.html?arg=%s 2>&1 >/dev/null" % fname) events = global_functions.get_events(self.displayName(),'Flagged Web Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "host","test.untangle.com", "uri", ("/test/testPage1.html?arg=%s" % fname), 'web_filter_blocked', False, 'web_filter_flagged', True ) assert( found )
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest( "IperfServer test client unreachable, skipping alternate port forwarding test" ) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert( 0, create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) self.do_wait_for_daemon_ready() startTime = datetime.datetime.now() # Ensure the icmp request includes the string ISSPNGRQ in it so we are sure to trigger a detected scan event # see sid: 2100465 "GPL SCAN ISS Pinger" remote_control.run_command("ping -c 1 -p 495353504e475251 " + wan_ip + " >/dev/null 2>&1", host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 5) found = global_functions.check_events(events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert (found)
def test_080_multiple_rule_conditions_matching(self): """Verify that conditions are AND logic""" self.rules_clear() self.multiple_rule_add("DST_ADDR",global_functions.test_server_ip,"DST_PORT","443") result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com 2>&1 | grep -q Hi") assert (result == 0) result = remote_control.run_command("wget --no-check-certificate -q -4 -t 2 -O - https://test.untangle.com 2>&1 | grep -q blocked") self.rules_clear() assert (result == 0) events = global_functions.get_events(self.displayName(),'All Web Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 1, "host","test.untangle.com", self.eventAppName() + '_blocked', True, self.eventAppName() + '_flagged', True ) assert( found )
def test_102_eventlog_ftpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "uri", "fedexvirus.zip", self.shortName() + '_clean', False ) assert( found )
def test_050_alert_rule(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*") settings['alertRules']['list'].append( new_rule ) uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) events = global_functions.get_events('Events','Alert Events',None,10) found = global_functions.check_events( events.get('list'), 5, 'description', 'test alert rule' ) uvmContext.eventManager().setSettings( orig_settings ) assert(events != None) assert ( found )
def test_021_check_for_mailshell(self): if (not self.canRelay): raise unittest.SkipTest('Unable to relay through ' + global_functions.TEST_SERVER_HOST) events = global_functions.get_events(self.displayName(), 'Quarantined Events', None, 8) if events != None: assert (events.get('list') != None) found = False for event in events['list']: if 'MAILSHELL_SCORE_' in event['spam_blocker_tests_string']: found = True break assert (found) else: raise unittest.SkipTest('No events to check for MAIL_SHELL')
def test_100_eventlog_Block_Google(self): touchProtoRule("Google", True, True) result = remote_control.run_command( "wget -O /dev/null -4 -t 2 --timeout=5 http://www.google.com/") assert (result != 0) time.sleep(1) events = global_functions.get_events('Application Control', 'Blocked Sessions', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, "application_control_application", "GOOGLE", "application_control_category", "Web Services", "application_control_blocked", True, "application_control_flagged", True) assert (found)
def test_102_eventlog_ftpVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") ftp_result = subprocess.call(["ping","-c","1",global_functions.ftp_server ],stdout=subprocess.PIPE,stderr=subprocess.PIPE) if (ftp_result != 0): raise unittest.SkipTest("FTP server not available") fname = sys._getframe().f_code.co_name result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/temp_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) events = global_functions.get_events(self.displayName(),'Infected Ftp Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "uri", "fedexvirus.zip", self.shortName() + '_clean', False ) assert( found )
def test_200_scanFileExtension(self): """test that "Scan" option in advanced tab is scanned, using zip file""" #find 'zip' file extension and enable scan option enableFileExtensionScan("zip") remote_control.run_command("wget -q -O - http://test.untangle.com/test/test.zip 2>&1") events = global_functions.get_events(self.displayName(),'Scanned Web Events',None,1) assert(events != None) found = global_functions.check_events(events.get("list"), 50, 'host', 'test.untangle.com', 'c_client_addr', remote_control.client_ip, 'uri', '/test/test.zip') assert(found)
def test_050_alert_rule(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*") settings['alertRules']['list'].append( new_rule ) uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) events = global_functions.get_events('Events','Alert Events',None,10) found = global_functions.check_events( events.get('list'), 5, 'description', 'test alert rule' ) uvmContext.eventManager().setSettings( orig_settings ) assert(events != None) assert ( found )
def test_200_scanFileExtension(self): """test that "Scan" option in advanced tab is scanned, using zip file""" #find 'zip' file extension and enable scan option enableFileExtensionScan("zip") remote_control.run_command("wget -q -O - http://test.untangle.com/test/test.zip 2>&1") events = global_functions.get_events(self.displayName(),'Scanned Web Events',None,1) assert(events != None) found = global_functions.check_events(events.get("list"), 50, 'host', 'test.untangle.com', 'c_client_addr', remote_control.client_ip, 'uri', '/test/test.zip') assert(found)
def test_023_eventlog_blockedAd(self): fname = sys._getframe().f_code.co_name # specify an argument so it isn't confused with other events eventTime = datetime.datetime.now() result = remote_control.run_command( "wget -4 -q -O /dev/null http://ads.pubmatic.com/AdServer/js/showad.js?arg=%s" % fname) assert (result != 0) events = global_functions.get_events('Ad Blocker', 'Blocked Ad Events', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, 'host', 'ads.pubmatic.com', 'uri', ("/AdServer/js/showad.js?arg=%s" % fname), 'ad_blocker_action', 'B') assert (found)
def test_070_penalty_rule(self): global app nuke_rules(self._app) tag_time = 2000000 # remove tags entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip) entry['tags']['list'] = [] entry = uvmContext.hostTable().setHostTableEntry( remote_control.client_ip, entry) # Create penalty rule append_rule( self._app, create_penalty_rule("SRC_ADDR", remote_control.client_ip, "TAG_HOST", "penalty-box", tag_time)) # go to test.untangle.com result = remote_control.is_online() # Look for tag entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip) print(entry['tags']['list']) found = False for tag in entry['tags']['list']: if tag['name'] == 'penalty-box': found = True assert (found) # remove tags entry['tags']['list'] = [] entry = uvmContext.hostTable().setHostTableEntry( remote_control.client_ip, entry) # check penalty box events = global_functions.get_events('Hosts', 'Hosts Events', None, 50) assert (events != None) event = global_functions.find_event(events.get('list'), 50, "address", remote_control.client_ip, "key", "tags") print(event) assert ((event != None))
def test_900_logEventLog(self): rules_clear() rule_append( create_rule_single_condition("DST_PORT", "80", blocked=False, flagged=False)) result = remote_control.is_online() assert (result == 0) events = global_functions.get_events('Firewall', 'All Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 's_server_port', 80, 'firewall_blocked', False, 'firewall_flagged', False)
def test_040_balanced(self): if (len(index_of_wans) < 2): raise unittest.SkipTest("Need at least two WANS for test_040_routedByIPWan") # Set weighting to default set_wan_weight("all", 50) # Test balanced # send netcat UDP to random IPs result = remote_control.run_command("for i in \`seq 100\` ; do echo \"test\" | netcat -u -w1 -q1 1.2.3.\$i 7 >/dev/null ; done",stdout=False) events = global_functions.get_events('Network','All Sessions',None,20) assert(events != None) for wanIndexTup in index_of_wans: found = global_functions.check_events( events.get('list'), 20, "server_intf", wanIndexTup[0], "c_client_addr", remote_control.client_ip, "s_server_port", 7) assert(found)
def test_054_functional_udp_block(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') appSettings['signatures']['list'].append( create_signature(gid="1", sid="1999998", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="udp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert( 0, create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() result = remote_control.run_command( "host www.companysecret.com 4.2.2.1 > /dev/null") app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 5) found = global_functions.check_events(events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert (found)
def test_040_testFtpPatternBlock(self): nukepatterns() addPatterns(definition="^220[\x09-\x0d -~]*ftp", protocol="FTP", blocked=True, category="Web", description="File Transfer Protocol") result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 ftp://test.untangle.com") assert (result != 0) time.sleep(3); events = global_functions.get_events('Application Control Lite','All Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'FTP', 'application_control_lite_blocked', True ) assert( found )
def test_060_testDnsUdpPatternBlock(self): nukepatterns() addPatterns(definition="^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c]", protocol="DNS", blocked=True, category="Web", description="Domain Name System") result = remote_control.run_command("host -R 1 www.google.com 8.8.8.8") assert (result != 0) time.sleep(3); events = global_functions.get_events('Application Control Lite','All Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'DNS', 'application_control_lite_blocked', True ) assert( found )
def test_030_testHttpPatternBlocked(self): nukepatterns() addPatterns(definition="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\\x09-\\x0d -~]* http/[01]\\.[019]", protocol="HTTP", blocked=True, category="Web", description="HyperText Transfer Protocol") result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") assert (result != 0) time.sleep(3); events = global_functions.get_events('Application Control Lite','All Events',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'application_control_lite_protocol', 'HTTP', 'application_control_lite_blocked', True ) assert( found )
def test_110_eventlog_smtpSSLVirus(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name # download the email script result = remote_control.run_command( "wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") assert (result == 0) result = remote_control.run_command("chmod 775 /tmp/email_script.py") assert (result == 0) # Turn on SSL Inspector appSSLData['processEncryptedMailTraffic'] = True appSSLData['ignoreRules']['list'].insert(0, createSSLInspectRule("25")) appSSL.setSettings(appSSLData) appSSL.start() # email the file result = remote_control.run_command( "/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar --starttls" % (testsiteIP, fname), nowait=False) appSSL.stop() assert (result == 0) events = global_functions.get_events(self.displayName(), 'Infected Email Events', None, 1) # print(events['list'][0]) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), 's_server_addr', testsiteIP, self.shortName() + '_clean', False, min_date=startTime) assert (found)
def test_060_queryEventLog(self): termTests = [{ "host": "www.bing.com", "uri": "/search?q=oneterm&qs=n&form=QBRE", "term": "oneterm" }, { "host": "www.bing.com", "uri": "/search?q=two+terms&qs=n&form=QBRE", "term": "two terms" }, { "host": "www.bing.com", "uri": "/search?q=%22quoted+terms%22&qs=n&form=QBRE", "term": '"quoted terms"' }, { "host": "search.yahoo.com", "uri": "/search?p=oneterm", "term": "oneterm" }, { "host": "search.yahoo.com", "uri": "/search?p=%22quoted+terms%22", "term": '"quoted terms"' }, { "host": "search.yahoo.com", "uri": "/search?p=two+terms", "term": "two terms" }] host = "www.bing.com" uri = "/search?q=oneterm&qs=n&form=QBRE" for t in termTests: eventTime = datetime.datetime.now() result = remote_control.run_command( "curl -s -4 -o /dev/null -A 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' --connect-timeout 10 --insecure 'https://%s%s'" % (t["host"], t["uri"])) assert (result == 0) events = global_functions.get_events('Web Filter', 'All Search Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "host", t["host"], "term", t["term"]) assert (found)
def test_106_eventlog_smtpVirusPassList(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + testsite) addPassSite(self._app, testsiteIP) startTime = datetime.now() fname = sys._getframe().f_code.co_name result = remote_control.run_command("echo '%s' > /tmp/attachment-%s" % (fname, fname)) if result != 0: nukePassSites(self._app) assert (False) # download the email script result = remote_control.run_command( "wget -q -O /tmp/email_script.py http://" + testsite + "/test/email_script.py") if result != 0: nukePassSites(self._app) assert (False) result = remote_control.run_command("chmod 775 /tmp/email_script.py") if result != 0: nukePassSites(self._app) assert (False) # email the file result = remote_control.run_command( "/tmp/email_script.py --server=%s [email protected] [email protected] --subject='%s' --body='body' --file=/tmp/eicar" % (testsiteIP, fname)) nukePassSites(self._app) assert (result == 0) events = global_functions.get_events(self.displayName(), 'Clean Email Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "addr", "*****@*****.**", "subject", str(fname), self.shortName() + '_clean', True, min_date=startTime) assert (found)
def test_903_blockLocalEventLog(self): rules_clear() rule_append(create_rule_single_condition("CLIENT_COUNTRY","XL")) pre_events_block = global_functions.get_app_metric_value(app,"block") result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") assert (result != 0) events = global_functions.get_events('Firewall','Blocked Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'client_country', "XL", 'firewall_blocked', True, 'firewall_flagged', True) assert( found ) # Check to see if the faceplate counters have incremented. post_events_block = global_functions.get_app_metric_value(app,"block") assert(pre_events_block < post_events_block)
def test_040_smtpDropPhishBlockerTest(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through' + smtpServerHost) appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['strength'] = 5 appData['smtpConfig']['msgAction'] = "DROP" app.setSettings(appData) # Get the IP address of test.untangle.com ip_address_testuntangle = socket.gethostbyname(smtpServerHost) sendPhishMail(mailfrom="test040") events = global_functions.get_events('Phish Blocker', 'All Phish Events', None, 1) assert (events != None) found = global_functions.check_events( events.get('list'), 5, 'c_server_addr', ip_address_testuntangle, 's_server_port', 25, 'addr', '*****@*****.**', 'c_client_addr', remote_control.client_ip, 'phish_blocker_action', 'D') assert (found)
def check_events(self, host="", uri="", blocked=True, flagged=None): app_display_name = self.app.getAppTitle() if flagged == None: flagged = blocked if (("Monitor" in app_display_name) and blocked): blocked = False if (blocked): event_list = "Blocked Web Events" elif (flagged): event_list = "Flagged Web Events" else: event_list = "All Web Events" events = global_functions.get_events(app_display_name, event_list, None, 10) assert(events != None) found = global_functions.check_events( events.get('list'), 10, "host", host, "uri", uri, 'web_filter_blocked', blocked, 'web_filter_flagged', flagged ) return found
def test_050_severely_limited_web_filter_flagged(self): global app, app_web_filter nuke_rules() pre_count = global_functions.get_app_metric_value(app,"prioritize") priority_level = 7 # This test might need web filter for http to start # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed(download_server="test.untangle.com") # Create WEB_FILTER_FLAGGED based rule to limit bandwidth append_rule(create_single_condition_rule("WEB_FILTER_FLAGGED","true","SET_PRIORITY",priority_level)) # Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology settingsWF = app_web_filter.getSettings() i = 0 untangleCats = ["Computer,", "Security"] for webCategories in settingsWF['categories']['list']: if any(x in webCategories['name'] for x in untangleCats): settingsWF['categories']['list'][i]['flagged'] = "true" i += 1 app_web_filter.setSettings(settingsWF) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed(download_server="test.untangle.com") print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio ) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert( found ) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app,"prioritize") assert(pre_count < post_count)
def test_031_rule_modify(self): """ Modify existing rule and rule to enable it """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') rule_desc = appSettings['rules']['list'][0]['description'] if rule_desc != "ATS rule": raise unittest.SkipTest( 'Skipping as test test_030_rule_add is needed') else: appSettings['rules']['list'][0]['action'] = "log" app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command( "wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret" ) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 5) found = global_functions.check_events(events.get('list'), 5, 'msg', "CompanySecret", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert (found)
def test_904_flagLocalEventLog(self): rules_clear() rule_append( create_rule_single_condition("CLIENT_COUNTRY", "XL", blocked=False, flagged=True)) result = remote_control.run_command( "wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") assert (result == 0) events = global_functions.get_events('Firewall', 'Flagged Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'client_country', "XL", 'firewall_blocked', False, 'firewall_flagged', True) assert (found)