Python view_output示例，utils.view_output Python示例

示例#1

0

显示文件

文件： cis9.py 项目： ysoldak/syco

__version__ = "1.0.0"
__status__ = "Production"


from utils import check_empty, check_equal, check_equal_re, check_equals, check_not_empty, check_return_code, print_header, view_output, print_warning, print_info

#
print_header("9 System Maintenance")

#
print_header("9.1 Verify System File Permissions)")

#
print_header("9.1.1 Verify System File Permissions (Not Scored)")
print_warning("Check manually for changed files.")
view_output("rpm -Va --nomtime --nosize --nomd5 --nolinkto")

#
print_header("9.1.2 Verify Permissions on /etc/passwd (Scored)")
check_equal('stat -c "%a %u %g" /etc/passwd | egrep "644 0 0"', "644 0 0")

#
print_header("9.1.3 Verify Permissions on /etc/shadow (Scored)")
check_equal('stat -c "%a %u %g" /etc/shadow | egrep "0 0 0"', "0 0 0")

#
print_header("9.1.4 Verify Permissions on /etc/gshadow (Scored)")
check_equal('stat -c "%a %u %g" /etc/gshadow | egrep "0 0 0"', "0 0 0")

#
print_header("9.1.5 Verify Permissions on /etc/group (Scored)")

示例#2

0

显示文件

check_equal("grep '/var/log/audit ' /etc/fstab", "/var/log/audit")

#
print_header("1.1.9 Create Separate Partition for /home (Scored)")
check_equal("grep '/home ' /etc/fstab", "/home")

#
print_header("1.1.10 Add nodev Option to /home (Scored)")
check_equal("grep /home /etc/fstab", "nodev")
check_equal("mount | grep /home", "nodev")

#
print_header(
    "1.1.11 Add nodev Option to Removable Media Partitions (Not Scored)")
print_warning("Check manually for nodev on removable media.")
view_output("cat /etc/fstab")

#
print_header(
    "1.1.12 Add noexec Option to Removable Media Partitions (Not Scored)")
print_warning("Check manually for noexec on removable media.")
view_output("cat /etc/fstab")

#
print_header(
    "1.1.13 Add nosuid Option to Removable Media Partitions (Not Scored)")
print_warning("Check manually for nosuid on removable media.")
view_output("cat /etc/fstab")

#
print_header("1.1.14 Add nodev Option to /dev/shm Partition (Scored)")

示例#3

0

显示文件

文件： cis5.py 项目： ysoldak/syco

print_header("5.1.1 Install the rsyslog package (Scored)")
check_equal_re("rpm -q rsyslog", "rsyslog.*")

#
print_header("5.1.2 Activate the rsyslog Service (Scored)")
check_equal("rpm -q syslog", "package syslog is not installed")
check_empty("chkconfig --list | grep syslog")
check_equal_re("chkconfig --list rsyslog",
               "rsyslog.*0:off.*1:off.*2:on.*3:on.*4:on.*5:on.*6:off")

#
print_header("5.1.3 Configure /etc/rsyslog.conf (Not Scored)")
print_warning(
    "Manually review the contents of the /etc/rsyslog.conf file to ensure appropriate logging is set. "
)
view_output("ls -l /var/log/")

#
print_header("5.1.4 Create and Set Permissions on rsyslog Log Files (Scored)")
print_header(" TODO - Ensure that the log files are logging information")

#
print_header(
    "5.1.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored)")
expect = "^*.*[^I][^I]*@{0}".format(config.general.get_log_server_hostname1())
check_equal("grep '%s' /etc/rsyslog.conf" % expect, expect)

expect = "^*.*[^I][^I]*@{0}".format(config.general.get_log_server_hostname2())
check_equal("grep '%s' /etc/rsyslog.conf" % expect, expect)
#
check_empty('rpm -q rsyslog|grep  "package rsyslog is not installed"')

示例#4

0

显示文件

文件： cis5.py 项目： Nemie/syco

#
print_header("5.1.2 Activate the rsyslog Service (Scored)")
check_equal(
    "rpm -q syslog",
    "package syslog is not installed"
)
check_empty("chkconfig --list | grep syslog")
check_equal_re(
    "chkconfig --list rsyslog",
    "rsyslog.*0:off.*1:off.*2:on.*3:on.*4:on.*5:on.*6:off"
)

#
print_header("5.1.3 Configure /etc/rsyslog.conf (Not Scored)")
print_warning("Manually review the contents of the /etc/rsyslog.conf file to ensure appropriate logging is set. ")
view_output("ls -l /var/log/")

#
print_header("5.1.4 Create and Set Permissions on rsyslog Log Files (Scored)")
print_header(" TODO - Ensure that the log files are logging information")

#
print_header("5.1.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored)")
expect = "^*.*[^I][^I]*@{0}".format(config.general.get_log_server_hostname1())
check_equal(
    "grep '%s' /etc/rsyslog.conf" % expect,
    expect
)

expect = "^*.*[^I][^I]*@{0}".format(config.general.get_log_server_hostname2())
check_equal(

示例#5

0

显示文件

文件： cis4.py 项目： Nemie/syco

)

#
print_header("4.2.8 Enable TCP SYN Cookies (Scored)")
check_equal(
    "/sbin/sysctl net.ipv4.tcp_syncookies",
    "net.ipv4.tcp_syncookies = 1"
)

#
print_header("4.3 Wireless Networking")

#
print_header("4.3.1 Deactivate Wireless Interfaces (Not Scored)")
print_warning("Check manually for wireless interfaces.")
view_output("ifconfig -a")

#
print_header("4.4 Disable IPv6")

#
print_header("4.4.1 Configure IPv6")

#
print_header("4.4.1.1 Disable IPv6 Router Advertisements (Not Scored)")
check_equal(
    "/sbin/sysctl net.ipv6.conf.all.accept_ra",
    'error: "net.ipv6.conf.all.accept_ra" is an unknown key'
)
check_equal(
    "/sbin/sysctl net.ipv6.conf.default.accept_ra",

示例#6

0

显示文件

文件： cis4.py 项目： ysoldak/syco

            "net.ipv4.conf.all.rp_filter = 1")
check_equal("/sbin/sysctl net.ipv4.conf.default.rp_filter",
            "net.ipv4.conf.default.rp_filter = 1")

#
print_header("4.2.8 Enable TCP SYN Cookies (Scored)")
check_equal("/sbin/sysctl net.ipv4.tcp_syncookies",
            "net.ipv4.tcp_syncookies = 1")

#
print_header("4.3 Wireless Networking")

#
print_header("4.3.1 Deactivate Wireless Interfaces (Not Scored)")
print_warning("Check manually for wireless interfaces.")
view_output("ifconfig -a")

#
print_header("4.4 Disable IPv6")

#
print_header("4.4.1 Configure IPv6")

#
print_header("4.4.1.1 Disable IPv6 Router Advertisements (Not Scored)")
check_equal("/sbin/sysctl net.ipv6.conf.all.accept_ra",
            'error: "net.ipv6.conf.all.accept_ra" is an unknown key')
check_equal("/sbin/sysctl net.ipv6.conf.default.accept_ra",
            'error: "net.ipv6.conf.default.accept_ra" is an unknown key')

#

示例#7

0

显示文件

文件： cis1.py 项目： Nemie/syco

print_header("1.1.8 Create Separate Partition for /var/log/audit (Scored)")
check_equal("grep '/var/log/audit ' /etc/fstab", "/var/log/audit")

#
print_header("1.1.9 Create Separate Partition for /home (Scored)")
check_equal("grep '/home ' /etc/fstab", "/home")

#
print_header("1.1.10 Add nodev Option to /home (Scored)")
check_equal("grep /home /etc/fstab", "nodev")
check_equal("mount | grep /home", "nodev")

#
print_header("1.1.11 Add nodev Option to Removable Media Partitions (Not Scored)")
print_warning("Check manually for nodev on removable media.")
view_output("cat /etc/fstab")

#
print_header("1.1.12 Add noexec Option to Removable Media Partitions (Not Scored)")
print_warning("Check manually for noexec on removable media.")
view_output("cat /etc/fstab")

#
print_header("1.1.13 Add nosuid Option to Removable Media Partitions (Not Scored)")
print_warning("Check manually for nosuid on removable media.")
view_output("cat /etc/fstab")

#
print_header("1.1.14 Add nodev Option to /dev/shm Partition (Scored)")
check_equal("grep /dev/shm /etc/fstab | grep nodev", "nodev")
check_equal("mount | grep /dev/shm | grep nodev", "nodev")