From: Tapio Tallgren Date: Wed, 13 May 2020 14:25:00 +0000 (+0000) Subject: Merge "bluval-eliot.yaml added for ELIOT BP" X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=validation.git;a=commitdiff_plain;h=64e22511e4009dc66de30a3a5c5296e4995f0f34;hp=28d28eaeeb555b3a94263ba232ec338fddcd3cd6 Merge "bluval-eliot.yaml added for ELIOT BP" --- diff --git a/docker/os/Dockerfile b/docker/os/Dockerfile index c4d5938..2e7f36a 100644 --- a/docker/os/Dockerfile +++ b/docker/os/Dockerfile @@ -31,6 +31,8 @@ RUN apt-get update && apt-get -y install \ wget \ golint \ sqlite3 \ + openssh-client \ + sshpass \ debian-goodies \ build-essential \ pkg-config \ @@ -60,13 +62,13 @@ RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-rem # Fetches vuls databases (invalidate cache using unique timestamp) SHELL ["/bin/bash", "-c"] RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \ - wget https://dl.google.com/go/go1.12.6.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \ + wget https://dl.google.com/go/go1.14.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \ cd /root/ && \ - tar -xzf go1.12.6.linux-$HOST_ARCH.tar.gz -C /root/ && \ - rm go1.12.6.linux-$HOST_ARCH.tar.gz && \ + tar -xzf go1.14.linux-$HOST_ARCH.tar.gz -C /root/ && \ + rm go1.14.linux-$HOST_ARCH.tar.gz && \ export GOROOT=/root/go && \ - export GOPATH=/root/go/src && \ - export PATH=$PATH:/root/go/bin:/root/go/src/bin && \ + export GOPATH=/root/go/src/github.com && \ + export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \ mkdir -p /root/go/src/github.com/future-architect && \ cd /root/go/src/github.com/future-architect && \ git clone https://github.com/future-architect/vuls && \ @@ -88,8 +90,8 @@ ADD db.tar.gz /opt/akraino/validation/tests/os/vuls/ ADD db.tar.gz.timestamp /root/ RUN \ export GOROOT=/root/go && \ - export GOPATH=/root/go/src && \ - export PATH=$PATH:/root/go/bin:/root/go/src/bin && \ + export GOPATH=/root/go/src/github.com && \ + export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \ for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -quiet -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \ goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \ goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \ @@ -106,7 +108,7 @@ COPY --from=build /opt/akraino/validation /opt/akraino/validation COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz COPY --from=build /root/go/bin /root/go/bin -COPY --from=build /root/go/src/bin /root/go/src/bin +COPY --from=build /root/go/src/github.com/bin /root/go/src/github.com/bin RUN apt-get update && apt-get -y install \ python3-pip python3.6 && \ diff --git a/tests/k8s/kube-hunter/kube-hunter.resource b/tests/k8s/kube-hunter/kube-hunter.resource index 6651ddc..65a154d 100644 --- a/tests/k8s/kube-hunter/kube-hunter.resource +++ b/tests/k8s/kube-hunter/kube-hunter.resource @@ -33,7 +33,7 @@ ${REPORTDIR} ${LOG_PATH}/${SUITE_NAME.replace(' ','_')} *** Keywords *** Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL Get Cluster Address ${result}= Run Process kubectl config view --minify diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot index de05d8d..a51af7f 100644 --- a/tests/os/lynis/lynis.robot +++ b/tests/os/lynis/lynis.robot @@ -47,7 +47,7 @@ Run Lynis Audit System *** Keywords *** Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL Install Lynis [Documentation] Install Lynis diff --git a/tests/os/vuls/vuls.robot b/tests/os/vuls/vuls.robot index d79fab9..6095ffb 100644 --- a/tests/os/vuls/vuls.robot +++ b/tests/os/vuls/vuls.robot @@ -20,13 +20,15 @@ Library SSHLibrary Library OperatingSystem Library BuiltIn Suite Setup Open Connection And Log In -Suite Teardown Close All Connections +Suite Teardown Run Keywords +... Cleanup ssh +... Close All Connections *** Test Cases *** Run Vuls test Set Environment Variable GOROOT /root/go - Set Environment Variable GOPATH /root/go/src - Set Environment Variable PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin:/root/go/src/bin + Set Environment Variable GOPATH /root/go/src/github.com + Set Environment Variable PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin:/root/go/src/github.com/bin Set Environment Variable LC_ALL en_US.UTF-8 Set Environment Variable LANG en_US.UTF-8 @@ -41,6 +43,8 @@ Run Vuls test ${os} = SSHLibrary.Execute Command source /etc/os-release && echo $ID + Run Keyword IF '${SSH_KEYFILE}' == 'None' Create ssh_keyfile + ${rc} = Run And Return Rc vuls scan -config ${CURDIR}/config.toml -ssh-config Should Be Equal As Integers ${rc} 0 @@ -65,6 +69,19 @@ Run vuls for centos Append To File ${LOG_PATH}/vuls.log ${output}${\n} Set Global Variable ${LOG} ${output} +Create ssh_keyfile + ${rc} = Run And Return Rc ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N "" + Should Be Equal As Integers ${rc} 0 + + ${rc} = Run and Return Rc sshpass -p '${PASSWORD}' ssh-copy-id -i /root/.ssh/id_rsa.pub '${USERNAME}'@'${HOST}' + Should Be Equal As Integers ${rc} 0 + +Cleanup ssh + ${rc} ${idssh} = Run And Return Rc And Output cat /root/.ssh/id_rsa.pub + Should Be Equal As Integers ${rc} 0 + ${rc} = Run And Return Rc ssh '${USERNAME}'@'${HOST}' "sed -i 's#${idssh}##' ~/.ssh/authorized_keys" + Should Be Equal As Integers ${rc} 0 + Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL diff --git a/tests/variables.yaml b/tests/variables.yaml index 7e10871..4ba17b4 100644 --- a/tests/variables.yaml +++ b/tests/variables.yaml @@ -31,7 +31,8 @@ ### Input variables cluster's master host host: 172.28.17.206 # cluster's master host address username: cloudadmin # login name to connect to cluster -ssh_keyfile: /root/.ssh/id_rsa # Identity file for authentication +password: cloudpassword # login password to connect to cluster +ssh_keyfile: ssh_keyfile # Identity file for authentication ### bluval.py adds/modifies following, before passing to robot. ### while debugging from CLI user has to modify these