Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrated openvas and openscap security tools to autotest #131

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions security_tools/openscap_scanner/control
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
AUTHOR = " Anup Kumar, [email protected] "
NAME = "openscap_scanner"
TEST_CATEGORY = "Functional"
TEST_CLASS = "Security Tools"
TEST_TYPE = "client"
TIME = 'SHORT'
DOC = '''
Security Scan through openvas
'''
path = '/usr/local/autotest_base/autotest-client-tests/security_tools'
job.run_test('openscap_scanner',test_path=path)
198 changes: 198 additions & 0 deletions security_tools/openscap_scanner/openscap.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
#!/usr/bin/env python

"""
The contents of this file are classes and functions to automate opescap
from the source and scan the target system for predefined security compliance
Author: Anup Kumar <[email protected]>
"""
import re
import sys
import os
import time
import csv
import logging


class openscap(object):

def __init__(self):

self.output_file = 'output_file'
self.openscap_dir = 'openscap'
self.oval_eval_file = 'ssg-centos7-ds.xml'

def openscap_setup(self, reinstall=0):
"""
Function will install the Build dependencies
"""
build_cmd = "autogen.sh"
config_cmd = "configure"
mk_cmd = "make"
install_log = "openscap_setup_log"
logging.info("Installing the build related package")

pkg_list = (
"dbus-devel",
"GConf2-devel",
"libacl-devel",
"libblkid-devel",
"libcap-devel",
"libcurl-devel",
"libgcrypt-devel",
"libselinux-devel",
"python-devel",
"libxml2-devel",
"git",
"libxslt-devel",
"make",
"openldap-devel",
"perl-devel",
"pcre-devel",
"rpm-devel",
"perl-XML-Parser",
"perl-XML-XPath",
"swig",
"bzip2-devel")

for pkg in pkg_list:
os.system(
"yum %s -y %s >%s" %
(('install', 'reinstall')[reinstall], pkg, self.output_file))

# install openvas from source
check_oscap = os.system("which oscap > %s" % self.output_file)
if check_oscap != 0:
try:
mycwd = os.getcwd()
logging.info("installing the oscap tools from git source")
os.system("git clone https://github.com/OpenSCAP/openscap.git")
os.chdir(self.openscap_dir)
os.system("/bin/bash %s > %s" % (build_cmd, install_log))
os.system("/bin/bash %s > %s" % (config_cmd, install_log))
os.system("%s > %s" % (mk_cmd, install_log))
os.system("%s install > %s" % (mk_cmd, install_log))
logging.debug("oscap tools Installed successfully")
os.chdir(mycwd)

except OSError as err:
logging.info("OPENSCAP Failed to Install")
logging.debug(err)
sys.exit()
else:
logging.debug("oscap tools are available to scan")

def openscap_oval_scan(self):
"""
Function will Used to Scan the Target Based on OVAL definition
"""
f1 = os.popen("cat /etc/os-release").read()
d_name = re.search('ID="(\S+)"', f1).group(1)
v_id = re.search('VERSION_ID="(\S+)"', f1).group(1)
arch_os_ver = os.popen(
"uname -r").read().rstrip('\n').split('.')[-1]
full_name = "".join([d_name, v_id])
self.full_project = "-".join([full_name, arch_os_ver])

self.cmd_output = "openscap_output-%s-%s" % (
self.full_project, time.strftime('%Y-%m-%d'))
self.xml_result = "openscap_results-%s-%s.xml" % (
self.full_project, time.strftime('%Y-%m-%d'))
self.html_report = "openscap_report-%s-%s.html" % (
self.full_project, time.strftime('%Y-%m-%d'))
try:
logging.info("Check the system compliance based on oval file")
os.popen(
"oscap oval eval --results %s --report %s %s > %s" %
(self.xml_result, self.html_report, self.oval_eval_file, self.cmd_output))

except IOError as err:
logging.info("Openscap Failed to Scan the Target")
logging.debug(err)
sys.exit()
logging.debug(
"OSCAP Scan result generated in %s xml file" %
self.xml_result)
logging.debug(
"OSCAP Scan report available in %s html file" %
self.html_report)

def result_parsing(self):
"""
Function will generate the pass and failed compliance result
"""
tool_name = 'openscap'
os_ref = self.full_project.split('-')[0]
arch = self.full_project.split('-')[-1]
result_dir = '/root/Security_Results'
reg_report = "reg_%s-%s-%s.csv" % (tool_name,
self.full_project,
time.strftime('%Y-%m-%d'))
pass_report = "pass_%s-%s-%s.csv" % (tool_name,
self.full_project,
time.strftime('%Y-%m-%d'))
logging.info("Generating pass/fail result")

with open(reg_report, 'w') as fl, open(pass_report, 'w') as ps, open(self.cmd_output, 'r') as fh:
stripped = (line.strip() for line in fh)
reg_writer = csv.writer(fl)
pass_writer = csv.writer(ps)
reg_writer.writerow(
('Tools', 'OS_Name', 'Arch', 'Compliance_Type', 'Severity'))
pass_writer.writerow(
('Tools', 'OS_Name', 'Arch', 'Compliance_Type', 'Severity'))

for line in stripped:
if "Evaluation" not in line:
t_flag = line.split(":")[4].strip('\n')
ucase_flag = line.split(":")[1].split("-")[1].strip('\n')
data = [tool_name, os_ref, arch, ucase_flag, t_flag]
if t_flag.lstrip() == 'true':
pass_writer.writerow(data)
else:
reg_writer.writerow(data)
fh.close()
ps.close()
fl.close()
no_of_failed_comp = os.popen("cat %s | wc -l" % reg_report).read()
no_of_passed_comp = os.popen("cat %s | wc -l" % pass_report).read()
#logging.info("TOTAL FAILED COMPLIANCE:%s\nCheck \"%s\" for failed details\n" %(no_of_failed_comp, compl_fail))
#logging.info("TOTAL PASSED COMPLIANCE:%s\nCheck \"%s\" for passed details\n" %(no_of_passed_comp, compl_pass))
logging.debug(
"Open %s html file from browser for detail analysis" %
self.html_report)
logging.info("Copying the Result Common directory")
logging.info("Result path is %s" % result_dir)
if not os.path.exists(result_dir):
os.makedirs(result_dir)
os.system(
"cp %s %s %s %s" %
(reg_report,
pass_report,
self.html_report,
result_dir))

def cleanup(self):
"""
Cleanup function for unused file, data
"""
try:
logging.debug("Deleting Unused file")
os.system("rm %s" % self.output_file)
os.system("rm openscap_setup_log")
os.system("rm %s" % self.cmd_output)
logging.info("Cleanup Done")

except IOError as err:
logging.debug(err)


if __name__ == "__main__":

try:
obj = openscap()
obj.openscap_setup()
obj.openscap_oval_scan()
obj.result_parsing()

finally:
obj.cleanup()
51 changes: 51 additions & 0 deletions security_tools/openscap_scanner/openscap_scanner.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/bin/python
import os
import subprocess
import logging

from autotest.client import test
from autotest.client.shared import error


class openscap_scanner(test.test):

"""
Autotest module for running the openscap tools

"""
version = 1
nfail = 0
path = ''

def initialize(self):
"""
Sets the overall failure counter for the test.
"""
self.nfail = 0
logging.info('\n Test initialize successfully')

def run_once(self, test_path=''):
"""
Trigger test run
"""
try:
cwd = os.getcwd()
os.chdir(cwd)
ret_val = subprocess.Popen(
['./openscap.py'],
cwd="%s/openscap_scanner" %
(test_path))
ret_val.communicate()
if ret_val.returncode != 0:
self.nfail += 1

except error.CmdError as e:
self.nfail += 1
logging.error("Test Failed: %s", e)

def postprocess(self):
if self.nfail != 0:
logging.info('\n nfails is non-zero')
raise error.TestError('\nTest failed')
else:
logging.info('\n Test completed successfully ')
Loading