From c2475490514ec2573697b6707a82feb8fd4936b0 Mon Sep 17 00:00:00 2001 From: Naga Sugguna Date: Wed, 11 Dec 2019 20:57:07 +0000 Subject: [PATCH 1/1] [VAL-80] Lynis Signed-off-by: Naga Sugguna Change-Id: I8fd644e28c8d255b9365f726151933a9bcb74f03 --- bluval/bluval-rec.yaml | 5 ++++ docker/os/Dockerfile | 4 +++ tests/os/lynis/lynis.robot | 64 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 tests/os/lynis/lynis.robot diff --git a/bluval/bluval-rec.yaml b/bluval/bluval-rec.yaml index b611dd6..8bc3203 100644 --- a/bluval/bluval-rec.yaml +++ b/bluval/bluval-rec.yaml @@ -35,6 +35,11 @@ blueprint: name: cyclictest what: cyclictest optional: "True" + - + name: lynis + what: lynis + optional: "True" + docker: &docker_base - name: docker_bench diff --git a/docker/os/Dockerfile b/docker/os/Dockerfile index 19947ac..58bed23 100644 --- a/docker/os/Dockerfile +++ b/docker/os/Dockerfile @@ -49,12 +49,16 @@ RUN make autotools && \ make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \ make install 2>&1 | tee ../install-log.txt RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp +WORKDIR /root/src +RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis # Copy binaries into the final container and install robot framework FROM ubuntu:18.04 COPY --from=build /wheels /wheels COPY --from=build /opt/akraino/validation /opt/akraino/validation COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz +COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz + RUN apt-get update && apt-get -y install \ python3-pip python3.6 && \ diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot new file mode 100644 index 0000000..8d0069a --- /dev/null +++ b/tests/os/lynis/lynis.robot @@ -0,0 +1,64 @@ +############################################################################## +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +*** Settings *** +Documentation Validation, Auditing Hardening Compliance +Library SSHLibrary +Library OperatingSystem +Library BuiltIn +Library Process +Suite Setup Run Keywords +... Open Connection And Log In +... Install Lynis +Test Teardown Download Logs +Suite Teardown Run Keywords +... Uninstall Lynis +... Close All Connections + +*** Variables *** +${FULL_SUITE} ${SUITE_NAME.replace(' ','_')} + +*** Test Cases *** +Run Lynis Audit System + [Documentation] Run Lynis + ${log} = Set Variable ${OUTPUT DIR}${/}${FULL_SUITE}.${TEST NAME.replace(' ','_')}.log + ${stdout} ${rc} = Execute Command cd lynis && sudo ./lynis audit system --quick return_rc=True + Append To File ${log} ${stdout}${\n} + Should Be Equal As Integers ${rc} 0 + + +*** Keywords *** +Open Connection And Log In + Open Connection ${HOST} + Login With Public Key ${USERNAME} ${SSH_KEYFILE} + +Install Lynis + [Documentation] Install Lynis + Put File /opt/akraino/lynis-remote.tar.gz + Execute Command tar xzf lynis-remote.tar.gz && sudo chown -R 0:0 lynis + +Uninstall Lynis + [Documentation] Uninstall Lynis + Execute Command rm lynis-remote.tar.gz + Execute Command rm -rf ~/lynis /var/log/lynis.log /var/log/lynis-report.dat sudo=True + +Download Logs + [Documentation] Downloading logs and removing them + SSHLibrary.Get File /var/log/lynis.log ${OUTPUT DIR}/lynis.log + Execute Command rm /var/log/lynis.log sudo=True + SSHLibrary.Get File /var/log/lynis-report.dat ${OUTPUT DIR}/lynis-report.dat + Execute Command rm /var/log/lynis-report.dat sudo=True \ No newline at end of file -- 2.16.6