aboutsummaryrefslogtreecommitdiffstats
path: root/testcases/SECTests
diff options
context:
space:
mode:
authorlukehinds <lukehinds@gmail.com>2016-05-26 19:53:28 +0100
committerJose Lausuch <jose.lausuch@ericsson.com>2016-05-31 13:14:11 +0000
commitc6caba5fd5261909ce0ab26b9b9dabbd35e0bf00 (patch)
tree191036d84f706e5a5650bf3f63b99de5a997547b /testcases/SECTests
parent03a5887906ce8c757f8b646b8ec65bf56f44829c (diff)
Add Apex based security scan code
JIRA: FUNCTEST-169 Performs a SCAP based security scan of all overcloud nodes, followed by report download to functest dashboard Change-Id: I9058227e19c0877e5f8913931febdd667a908cdd Signed-off-by: lukehinds <lukehinds@gmail.com>
Diffstat (limited to 'testcases/SECTests')
-rw-r--r--testcases/SECTests/OpenSCAP.py225
-rw-r--r--testcases/SECTests/connect.py103
-rw-r--r--testcases/SECTests/scripts/createfiles.py26
3 files changed, 0 insertions, 354 deletions
diff --git a/testcases/SECTests/OpenSCAP.py b/testcases/SECTests/OpenSCAP.py
deleted file mode 100644
index 40d155c1a..000000000
--- a/testcases/SECTests/OpenSCAP.py
+++ /dev/null
@@ -1,225 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# 0.1: This script installs OpenSCAP on the remote host, and scans the
-# nominated node. Post scan a report is downloaded and if '--clean' is passed
-# all trace of the scan is removed from the remote system.
-
-import os
-import datetime
-import argparse
-
-__version__ = 0.1
-__author__ = 'Luke Hinds (lhinds@redhat.com)'
-__url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'
-
-'''
-Example Run:
- python ./OpenSCAP.py --host 192.168.0.24 --port 22 --user root --password
- p6ssw0rd oval --secpolicy
- /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml --report report.html
- --results results.xml
-
-'''
-
-# Variables needed..
-pwd = os.getcwd()
-oscap = '/bin/oscap'
-currenttime = datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S')
-
-# Set up the main parser
-parser = argparse.ArgumentParser(description='OpenSCAP Python Scanner')
-
-# Main args
-# Todo add required = True
-parser.add_argument('--user',
- action='store',
- dest='user',
- help='user')
-parser.add_argument('--password',
- action='store',
- dest='password',
- help='Password')
-parser.add_argument('--host',
- action='store',
- dest='host',
- help='host',
- required=True)
-parser.add_argument('--port',
- action='store',
- dest='port"',
- help='port',
- required=True)
-parser.add_argument('--dist',
- action='store',
- dest='dist',
- help='Distribution')
-parser.add_argument('--clean',
- action='store_true',
- dest='clean',
- help='Clean all files from host')
-
-# And the subparser
-subparsers = parser.add_subparsers(
- title='subcommands',
- description='valid subcommands',
- help='additional help')
-
-
-parser_xccdf = subparsers.add_parser('xccdf')
-parser_xccdf.set_defaults(which='xccdf')
-
-parser_oval = subparsers.add_parser('oval')
-parser_oval.set_defaults(which='oval')
-
-parser_oval_collect = subparsers.add_parser('oval-collect')
-parser_oval_collect.set_defaults(which='oval-collect')
-
-parser_xccdf.add_argument(
- '--profile',
- action='store',
- dest='profile',
- help='xccdf profile')
-
-parser_oval.add_argument(
- '--results',
- action='store',
- dest='results',
- help='Report name (inc extension (.html)')
-
-parser_oval.add_argument(
- '--report',
- action='store',
- dest='report',
- help='Report name (inc extension (.html)')
-
-parser_oval.add_argument(
- '--secpolicy',
- action='store',
- dest='secpolicy',
- help='Security Policy')
-
-parserout = parser.parse_args()
-args = vars(parser.parse_args())
-
-
-def createfiles():
- import connect
- global tmpdir
- localpath = os.getcwd() + '/scripts/createfiles.py'
- remotepath = '/tmp/createfiles.py'
- com = 'python /tmp/createfiles.py'
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- localpath,
- remotepath,
- com)
- tmpdir = connect.remotescript()
-
-
-def install_pkg():
- import connect
- com = 'yum -y install openscap-scanner scap-security-guide'
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- com)
- install_pkg = connect.remotecmd()
- print install_pkg
-
-
-def run_scanner():
- import connect
-
- if args['which'] == 'xccdf':
- print 'xccdf'
- com = '{0} xccdf eval'.format(oscap)
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- com)
- elif args['which'] == 'oval':
- com = ('{0} oval eval --results {1}/{2}' +
- ' --report {1}/{3} {4}'.format(oscap,
- tmpdir.rstrip(),
- parserout.results,
- parserout.report,
- parserout.secpolicy))
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- com)
- run_tool = connect.remotecmd()
- else:
- com = '{0} oval-collect '.format(oscap)
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- com)
- run_tool = connect.remotecmd()
- print run_tool
-
-
-def post_tasks():
- import connect
- dl_folder = os.path.join(os.getcwd(), parserout.host +
- datetime.datetime.now().
- strftime('%Y-%m-%d_%H-%M-%S'))
- os.mkdir(dl_folder, 0755)
- reportfile = '{0}/{1}'.format(tmpdir.rstrip(), parserout.report)
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- dl_folder,
- reportfile,
- parserout.report,
- parserout.results)
- run_tool = connect.download_reports()
- print run_tool
-
-
-def removepkg():
- import connect
- com = 'yum -y remove openscap-scanner scap-security-guide'
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- com)
- yumremove = connect.remotecmd()
- print yumremove
-
-
-def cleandir():
- import connect
- com = 'rm -r {0}'.format(tmpdir.rstrip())
- connect = connect.connectionManager(parserout.host,
- parserout.user,
- parserout.password,
- com)
- deldir = connect.remotecmd()
- print deldir
-
-
-if __name__ == '__main__':
- print 'Creating temp file structure...\n'
- createfiles()
- print 'Install OpenSCAP scanner...\n'
- install_pkg()
- print 'Running scan...\n'
- run_scanner()
- print 'Post installation tasks...\n'
- post_tasks()
- if parserout.clean:
- print 'Cleaning down environment...\n'
- print 'Removing OpenSCAP...\n'
- removepkg()
- print 'Deleting tmp file and reports (remote)...\n'
- cleandir()
diff --git a/testcases/SECTests/connect.py b/testcases/SECTests/connect.py
deleted file mode 100644
index f766eabf9..000000000
--- a/testcases/SECTests/connect.py
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# 0.1: OpenSCAP paramiko connection functions
-
-import paramiko
-
-__version__ = 0.1
-__author__ = 'Luke Hinds (lhinds@redhat.com)'
-__url__ = 'http:/https://wiki.opnfv.org/display/security'
-
-
-class connectionManager:
- def __init__(self, hostname, user, password, *args):
- self.hostname = hostname
- self.user = user
- self.password = password
- self.args = args
-
- def remotescript(self):
- localpath = self.args[0]
- remotepath = self.args[1]
- com = self.args[2]
-
- client = paramiko.SSHClient()
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- client.connect(self.hostname, 22, self.user, self.password)
-
- sftp = client.open_sftp()
- sftp.put(localpath, remotepath)
-
- output = ""
- stdin, stdout, stderr = client.exec_command(com)
- stdout = stdout.readlines()
- sftp.remove(remotepath)
- client.close()
-
- # Spool it back (can be improved at later point)
- for line in stdout:
- output = output + line
- if output != "":
- return output
-
- def remotecmd(self):
- com = self.args[0]
- client = paramiko.SSHClient()
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- client.connect(self.hostname, 22, self.user, self.password)
- output = ""
- stdin, stdout, stderr = client.exec_command(com)
- stdout = stdout.readlines()
- client.close()
-
- # Spool it back (can be improved at later point)
- for line in stdout:
- output = output + line
- if output != "":
- return output
- else:
- print "There was no output for this command"
-
- def run_tool(self):
- # dist = self.args[0]
- # report = self.args[1]
- com = self.args[2]
- client = paramiko.SSHClient()
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- client.connect(self.hostname, 22, self.user, self.password)
-
- output = ""
- stdin, stdout, stderr = client.exec_command(com)
- stdout = stdout.readlines()
- client.close()
-
- # Spool it back (can be improved at later point)
- for line in stdout:
- output = output + line
- if output != "":
- return output
-
- def download_reports(self):
- dl_folder = self.args[0]
- reportfile = self.args[1]
- reportname = self.args[2]
- resultsname = self.args[3]
- transport = paramiko.Transport((self.hostname, 22))
- transport.connect(username=self.user, password=self.password)
- sftp = paramiko.SFTPClient.from_transport(transport)
-
- # Download the reportfile (html) and the results (xml)
- print 'Downloading \"{0}\"...'.format(reportname)
- sftp.get(reportfile, ('{0}/{1}'.format(dl_folder, reportname)))
- print 'Downloading \"{0}\"...'.format(resultsname)
- sftp.get(reportfile, ('{0}/{1}'.format(dl_folder, resultsname)))
- sftp.close()
- transport.close()
diff --git a/testcases/SECTests/scripts/createfiles.py b/testcases/SECTests/scripts/createfiles.py
deleted file mode 100644
index b828901a5..000000000
--- a/testcases/SECTests/scripts/createfiles.py
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# 0.1: This script creates the needed local files into a tmp directory. Should
-# '--clean' be passed, all files will be removed, post scan.
-
-
-import os
-import tempfile
-
-files = ['results.xml', 'report.html', 'syschar.xml']
-
-
-directory_name = tempfile.mkdtemp()
-
-for i in files:
- os.system("touch %s/%s" % (directory_name, i))
-
-print directory_name