[VAL-80] Lynis 19/2119/3
authorNaga Sugguna <ns156u@att.com>
Wed, 11 Dec 2019 20:57:07 +0000 (20:57 +0000)
committerNaga Sugguna <ns156u@att.com>
Fri, 13 Dec 2019 20:26:06 +0000 (20:26 +0000)
Signed-off-by: Naga Sugguna <ns156u@att.com>
Change-Id: I8fd644e28c8d255b9365f726151933a9bcb74f03

bluval/bluval-rec.yaml
docker/os/Dockerfile
tests/os/lynis/lynis.robot [new file with mode: 0644]

index b611dd6..8bc3203 100644 (file)
@@ -35,6 +35,11 @@ blueprint:
             name: cyclictest
             what: cyclictest
             optional: "True"
+        -
+            name: lynis
+            what: lynis
+            optional: "True"
+
     docker: &docker_base
         -
             name: docker_bench
index 19947ac..58bed23 100644 (file)
@@ -49,12 +49,16 @@ RUN make autotools && \
     make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \
     make install 2>&1 | tee ../install-log.txt
 RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp
+WORKDIR /root/src
+RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis
 
 # Copy binaries into the final container and install robot framework
 FROM ubuntu:18.04
 COPY --from=build /wheels /wheels
 COPY --from=build /opt/akraino/validation /opt/akraino/validation
 COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
+COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
+
 
 RUN apt-get update && apt-get -y install \
     python3-pip python3.6 && \
diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot
new file mode 100644 (file)
index 0000000..8d0069a
--- /dev/null
@@ -0,0 +1,64 @@
+##############################################################################
+# Copyright (c) 2019 AT&T Intellectual Property.                             #
+# Copyright (c) 2019 Nokia.                                                  #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License");            #
+# you maynot use this file except in compliance with the License.            #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+*** Settings ***
+Documentation     Validation, Auditing Hardening Compliance
+Library           SSHLibrary
+Library           OperatingSystem
+Library           BuiltIn
+Library           Process
+Suite Setup       Run Keywords
+...               Open Connection And Log In
+...               Install Lynis
+Test Teardown     Download Logs
+Suite Teardown    Run Keywords
+...               Uninstall Lynis
+...               Close All Connections
+
+*** Variables ***
+${FULL_SUITE}  ${SUITE_NAME.replace(' ','_')}
+
+*** Test Cases ***
+Run Lynis Audit System
+    [Documentation]  Run Lynis
+    ${log} =  Set Variable  ${OUTPUT DIR}${/}${FULL_SUITE}.${TEST NAME.replace(' ','_')}.log
+    ${stdout}    ${rc} =  Execute Command  cd lynis && sudo ./lynis audit system --quick  return_rc=True
+    Append To File  ${log}  ${stdout}${\n}
+    Should Be Equal As Integers  ${rc} 0
+
+
+*** Keywords ***
+Open Connection And Log In
+    Open Connection  ${HOST}
+    Login With Public Key  ${USERNAME}  ${SSH_KEYFILE}
+
+Install Lynis
+    [Documentation]  Install Lynis
+    Put File  /opt/akraino/lynis-remote.tar.gz
+    Execute Command  tar xzf lynis-remote.tar.gz && sudo chown -R 0:0 lynis
+
+Uninstall Lynis
+    [Documentation]  Uninstall Lynis
+    Execute Command  rm lynis-remote.tar.gz
+    Execute Command  rm -rf ~/lynis /var/log/lynis.log /var/log/lynis-report.dat  sudo=True
+
+Download Logs
+    [Documentation]  Downloading logs and removing them
+    SSHLibrary.Get File  /var/log/lynis.log  ${OUTPUT DIR}/lynis.log
+    Execute Command  rm /var/log/lynis.log  sudo=True
+    SSHLibrary.Get File  /var/log/lynis-report.dat  ${OUTPUT DIR}/lynis-report.dat
+    Execute Command  rm /var/log/lynis-report.dat  sudo=True
\ No newline at end of file