testcases/SECTests/OpenSCAP.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (c) 2016 Red Hat
   4 # Luke Hinds (lhinds@redhat.com)
   5 # This program and the accompanying materials
   6 # are made available under the terms of the Apache License, Version 2.0
   7 # which accompanies this distribution, and is available at
   8 #
   9 # http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # 0.1: This script installs OpenSCAP on the remote host, and scans the
  12 # nominated node. Post scan a report is downloaded and if '--clean' is passed
  13 # all trace of the scan is removed from the remote system.
  14
  15 import os
  16 import datetime
  17 import argparse
  18
  19 __version__ = 0.1
  20 __author__ = 'Luke Hinds (lhinds@redhat.com)'
  21 __url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'
  22
  23 '''
  24 Example Run:
  25     python ./OpenSCAP.py --host 192.168.0.24 --port 22 --user root --password
  26     p6ssw0rd oval --secpolicy
  27     /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml --report report.html
  28     --results results.xml
  29
  30 '''
  31
  32 # Variables needed..
  33 pwd = os.getcwd()
  34 oscap = '/bin/oscap'
  35 currenttime = datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S')
  36
  37 # Set up the main parser
  38 parser = argparse.ArgumentParser(description='OpenSCAP Python Scanner')
  39
  40 # Main args
  41 # Todo  add required = True
  42 parser.add_argument('--user',
  43                     action='store',
  44                     dest='user',
  45                     help='user')
  46 parser.add_argument('--password',
  47                     action='store',
  48                     dest='password',
  49                     help='Password')
  50 parser.add_argument('--host',
  51                     action='store',
  52                     dest='host',
  53                     help='host',
  54                     required=True)
  55 parser.add_argument('--port',
  56                     action='store',
  57                     dest='port"',
  58                     help='port',
  59                    required=True)
  60 parser.add_argument('--dist',
  61                     action='store',
  62                     dest='dist',
  63                     help='Distribution')
  64 parser.add_argument('--clean',
  65                     action='store_true',
  66                     dest='clean',
  67                     help='Clean all files from host')
  68
  69 # And the subparser
  70 subparsers = parser.add_subparsers(
  71     title='subcommands',
  72     description='valid subcommands',
  73     help='additional help')
  74
  75
  76 parser_xccdf = subparsers.add_parser('xccdf')
  77 parser_xccdf.set_defaults(which='xccdf')
  78
  79 parser_oval = subparsers.add_parser('oval')
  80 parser_oval.set_defaults(which='oval')
  81
  82 parser_oval_collect = subparsers.add_parser('oval-collect')
  83 parser_oval_collect.set_defaults(which='oval-collect')
  84
  85 parser_xccdf.add_argument(
  86     '--profile',
  87     action='store',
  88     dest='profile',
  89     help='xccdf profile')
  90
  91 parser_oval.add_argument(
  92     '--results',
  93     action='store',
  94     dest='results',
  95     help='Report name (inc extension (.html)')
  96
  97 parser_oval.add_argument(
  98     '--report',
  99     action='store',
 100     dest='report',
 101     help='Report name (inc extension (.html)')
 102
 103 parser_oval.add_argument(
 104     '--secpolicy',
 105     action='store',
 106     dest='secpolicy',
 107     help='Security Policy')
 108
 109 parserout = parser.parse_args()
 110 args = vars(parser.parse_args())
 111
 112
 113 def createfiles():
 114     import connect
 115     global tmpdir
 116     localpath = os.getcwd() + '/scripts/createfiles.py'
 117     remotepath = '/tmp/createfiles.py'
 118     com = 'python /tmp/createfiles.py'
 119     connect = connect.connectionManager(parserout.host,
 120                                         parserout.user,
 121                                         parserout.password,
 122                                         localpath,
 123                                         remotepath,
 124                                         com)
 125     tmpdir = connect.remotescript()
 126
 127
 128 def install_pkg():
 129     import connect
 130     com = 'yum -y install openscap-scanner scap-security-guide'
 131     connect = connect.connectionManager(parserout.host,
 132                                         parserout.user,
 133                                         parserout.password,
 134                                         com)
 135     install_pkg = connect.remotecmd()
 136     print install_pkg
 137
 138
 139 def run_scanner():
 140     import connect
 141
 142     if args['which'] == 'xccdf':
 143         print 'xccdf'
 144         com = '{0} xccdf eval'.format(oscap)
 145         connect = connect.connectionManager(parserout.host,
 146                                             parserout.user,
 147                                             parserout.password,
 148                                             com)
 149     elif args['which'] == 'oval':
 150         com = '{0} oval eval --results {1}/{2} --report {1}/{3} {4}'.format(oscap,
 151                                                                     tmpdir.rstrip(),
 152                                                                     parserout.results,
 153                                                                     parserout.report,
 154                                                                     parserout.secpolicy)
 155         connect = connect.connectionManager(parserout.host,
 156                                             parserout.user,
 157                                             parserout.password,
 158                                             com)
 159         run_tool = connect.remotecmd()
 160     else:
 161         com = '{0} oval-collect '.format(oscap)
 162         connect = connect.connectionManager(parserout.host,
 163                                             parserout.user,
 164                                             parserout.password,
 165                                             com)
 166         run_tool = connect.remotecmd()
 167
 168
 169 def post_tasks():
 170     import connect
 171     dl_folder = os.path.join(os.getcwd(), parserout.host + datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S'))
 172     os.mkdir(dl_folder, 0755)
 173     reportfile = '{0}/{1}'.format(tmpdir.rstrip(), parserout.report)
 174     connect = connect.connectionManager(parserout.host,
 175                                         parserout.user,
 176                                         parserout.password,
 177                                         dl_folder,
 178                                         reportfile,
 179                                         parserout.report,
 180                                         parserout.results)
 181     run_tool = connect.download_reports()
 182
 183
 184 def removepkg():
 185     import connect
 186     com = 'yum -y remove openscap-scanner scap-security-guide'
 187     connect = connect.connectionManager(parserout.host,
 188                                         parserout.user,
 189                                         parserout.password,
 190                                         com)
 191     yumremove = connect.remotecmd()
 192     print yumremove
 193
 194
 195 def cleandir():
 196     import connect
 197     com = 'rm -r {0}'.format(tmpdir.rstrip())
 198     connect = connect.connectionManager(parserout.host,
 199                                         parserout.user,
 200                                         parserout.password,
 201                                         com)
 202     deldir = connect.remotecmd()
 203
 204
 205 if __name__ == '__main__':
 206     print 'Creating temp file structure...\n'
 207     createfiles()
 208     print 'Install OpenSCAP scanner...\n'
 209     install_pkg()
 210     print 'Running scan...\n'
 211     run_scanner()
 212     print 'Post installation tasks...\n'
 213     post_tasks()
 214     if parserout.clean:
 215         print 'Cleaning down environment...\n'
 216         print 'Removing OpenSCAP...\n'
 217         removepkg()
 218         print 'Deleting tmp file and reports (remote)...\n'
 219         cleandir()