Agamotto is a module that provides helper functions for testing the configuration of a running server
Project description
Agamotto
Agamotto is a helper module to make it easier to test a running system with Python.
Why not use serverspec? I work in a Python shop and want our devs to be able to easily write their own tests. Making the test suite use the same language they use daily removes a potential friction point.
Installation
pip install agamottoUsage
import agamotto
import unittest2 as unittest
class TestKnownSecurityIssues(unittest.TestCase):
def testBashHasCVE_2014_6271Fix(self):
"""Confirm that fix has been installed for CVE-2014-6271 Bash Code
Injection Vulnerability via Specially Crafted Environment Variables
"""
self.assertFalse(agamotto.process.stdoutContains("(env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\") 2>&1",
'vulnerable'), 'Bash is vulnerable to CVE-2014-6271')
def testBashHasCVE_2014_7169Fix(self):
"""Confirm that fix has been installed for CVE-2014-7169 Bash Code
Injection Vulnerability via Specially Crafted Environment Variables
"""
self.assertFalse(agamotto.process.stdoutContains("env X='() { (a)=>\' bash -c \"echo echo vuln\"; [[ \"$(cat echo)\" == \"vuln\" ]] && echo \"still vulnerable :(\" 2>&1",
'still vulnerable'), 'Bash is vulnerable to CVE-2014-7169')
def testNoAccountsHaveEmptyPasswords(self):
"""/etc/shadow has : separated fields. Check the password field ($2) and
make sure no accounts have a blank password.
"""
self.assertEquals(agamotto.process.execute(
'sudo awk -F: \'($2 == "") {print}\' /etc/shadow | wc -l').strip(), '0',
"found accounts with blank password")
def testRootIsTheOnlyUidZeroAccount(self):
"""/etc/passwd stores the UID in field 3. Make sure only one account entry
has uid 0.
"""
self.assertEquals(agamotto.process.execute(
'awk -F: \'($3 == "0") {print}\' /etc/passwd').strip(),
'root:x:0:0:root:/root:/bin/bash')
if __name__ == '__main__':
unittest.main()Then run py.test.
Caveats
We’re a CentOS shop. This hasn’t even been tested on stock RHEL, let alone Debian or Ubuntu. Pull requests adding that functionality are welcome, of course.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file agamotto-0.5.1.tar.gz.
File metadata
- Download URL: agamotto-0.5.1.tar.gz
- Upload date:
- Size: 9.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f0413a8b6dc3cf201a7433532f1ea99235238f989dfab684c6cfbf4fa9cb882b |
|
| MD5 | b6b44fd3cb00a955d3362a50bc9b2b90 |
|
| BLAKE2b-256 | d9bc319981b7ff71d78a7f27f250c1a39d23e6ca85f39c5958a9c39068edb3c2 |
File details
Details for the file agamotto-0.5.1-py2.py3-none-any.whl.
File metadata
- Download URL: agamotto-0.5.1-py2.py3-none-any.whl
- Upload date:
- Size: 14.9 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b4f2ea5f4cfdbf4a517851710067a9366d02f0424fd15ff6ec6294377bd9aff6 |
|
| MD5 | 0def3214d8d8f8962d45b50d06c5101c |
|
| BLAKE2b-256 | 9fb4f41ee6d2a58f3e63c24dd42a8c23642f538d823bdc3688a8b655767616df |
