-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Onboarding MDE for Linux to LISA #3113
base: main
Are you sure you want to change the base?
Changes from 4 commits
7577bcb
61b0bbc
0a001c4
5ac45d1
49560a6
a7d6c14
749d8d4
dd10768
bf68667
9e1e46f
9118563
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
name: azure default | ||
include: | ||
- path: ./debug.yml | ||
variable: | ||
- name: origin | ||
value: tiers/tier.yml | ||
- name: case | ||
value: verify_cpu_count | ||
- name: location | ||
value: "westus3" | ||
- name: keep_environment | ||
value: "no" | ||
- name: resource_group_name | ||
value: "" | ||
- name: marketplace_image | ||
value: "" | ||
- name: vhd | ||
value: "" | ||
- name: vm_size | ||
value: "" | ||
- name: deploy | ||
value: true | ||
- name: wait_delete | ||
value: false | ||
- name: concurrency | ||
value: 5 | ||
- name: admin_private_key_file | ||
value: "" | ||
is_secret: true | ||
- name: admin_password | ||
value: "" | ||
is_secret: true | ||
- name: case | ||
value: verify_cpu_count | ||
concurrency: $(concurrency) | ||
notifier: | ||
- type: html | ||
- type: env_stats | ||
platform: | ||
- type: azure | ||
admin_private_key_file: $(admin_private_key_file) | ||
admin_password: $(admin_password) | ||
keep_environment: $(keep_environment) | ||
azure: | ||
resource_group_name: "lisa-test-zakhter" | ||
deploy: $(deploy) | ||
subscription_id: $(subscription_id) | ||
wait_delete: $(wait_delete) | ||
requirement: | ||
core_count: | ||
min: 2 | ||
azure: | ||
#marketplace: "Debian:debian-10-daily:10-gen2:0.20231218.1599" #$(marketplace_image) | ||
marketplace: $(marketplace_image) | ||
vhd: $(vhd) | ||
location: $(location) | ||
vm_size: $(vm_size) | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,150 @@ | ||
import os | ||
import time | ||
import requests | ||
|
||
from typing import Any | ||
from pathlib import Path, PurePath | ||
|
||
from assertpy import assert_that | ||
|
||
from lisa import ( | ||
Logger, | ||
Node, | ||
TestCaseMetadata, | ||
TestSuite, | ||
TestSuiteMetadata, | ||
simple_requirement, | ||
) | ||
from lisa.operating_system import BSD | ||
from lisa.sut_orchestrator.azure.tools import mdatp | ||
from lisa.testsuite import TestResult | ||
from lisa.tools import RemoteCopy, Whoami, Curl | ||
from lisa import CustomScriptBuilder, CustomScript | ||
from lisa.util import LisaException | ||
|
||
|
||
@TestSuiteMetadata( | ||
area="vm_extension", | ||
category="functional", | ||
description=""" | ||
MDE Test Suite | ||
zeeshan1995 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
""", | ||
) | ||
class MDE(TestSuite): | ||
|
||
def before_case(self, log: Logger, **kwargs: Any) -> None: | ||
response = requests.get("https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh") | ||
if response.ok: | ||
script = response.text | ||
import tempfile | ||
_, self.mde_installer = tempfile.mkstemp(prefix='mde_installer', suffix='.sh') | ||
with open(self.mde_installer, 'w') as writer: | ||
writer.write(script) | ||
self._echo_script = CustomScriptBuilder(Path(os.path.dirname(self.mde_installer)), | ||
[os.path.basename(self.mde_installer)]) | ||
else: | ||
log.error('Unable to download mde_installer.sh script') | ||
|
||
@TestCaseMetadata( | ||
description=""" | ||
Verify MDE installation | ||
""", | ||
priority=1, | ||
requirement=simple_requirement(min_core_count=2, | ||
min_memory_mb=1024, | ||
unsupported_os=[BSD]) | ||
) | ||
def verify_install(self, node: Node, log: Logger, result: TestResult) -> None: | ||
script: CustomScript = node.tools[self._echo_script] | ||
log.info('Installing MDE') | ||
result1 = script.run(parameters="--install", sudo=True) | ||
log.info(result1) | ||
|
||
try: | ||
output = node.tools[mdatp]._check_exists() | ||
zeeshan1995 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
except LisaException as e: | ||
log.error(e) | ||
output = False | ||
|
||
assert_that(output).described_as('Unable to install MDE').is_equal_to(True) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is the description ( |
||
|
||
@TestCaseMetadata( | ||
description=""" | ||
Verify if MDE is healthy | ||
""", | ||
priority=1, | ||
requirement=simple_requirement(min_core_count=2, | ||
min_memory_mb=1024, | ||
unsupported_os=[BSD]) | ||
) | ||
def verify_onboard(self, node: Node, log: Logger, result: TestResult) -> None: | ||
username = node.tools[Whoami].get_username() | ||
|
||
remote_copy = node.tools[RemoteCopy] | ||
remote_copy.copy_to_remote( | ||
PurePath("/home/zakhter/projects/lab/MicrosoftDefenderATPOnboardingLinuxServer.py"), PurePath(f"/home/{username}/MicrosoftDefenderATPOnboardingLinuxServer.py")) | ||
zeeshan1995 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
script: CustomScript = node.tools[self._echo_script] | ||
|
||
log.info('Onboarding MDE') | ||
result1 = script.run(parameters=f"--onboard /home/{username}/MicrosoftDefenderATPOnboardingLinuxServer.py/MicrosoftDefenderATPOnboardingLinuxServer.py", sudo=True) | ||
zeeshan1995 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
log.info(result1) | ||
|
||
output = node.tools[mdatp].get_result('health --field licensed') | ||
|
||
log.info(output) | ||
|
||
assert_that(output).is_equal_to(['true']) | ||
zeeshan1995 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
@TestCaseMetadata( | ||
description=""" | ||
Verify if MDE is healthy | ||
""", | ||
priority=1, | ||
requirement=simple_requirement(min_core_count=2, | ||
min_memory_mb=1024, | ||
unsupported_os=[BSD]) | ||
) | ||
def verify_health(self, node: Node, log: Logger, result: TestResult) -> None: | ||
output = node.tools[mdatp].get_result('health', json_out=True) | ||
|
||
log.info(output) | ||
|
||
assert_that(output['healthy']).is_equal_to(True) | ||
|
||
@TestCaseMetadata( | ||
description=""" | ||
Verify if MDE is healthy | ||
""", | ||
priority=1, | ||
requirement=simple_requirement(min_core_count=2, | ||
min_memory_mb=1024, | ||
unsupported_os=[BSD]) | ||
) | ||
def eicar_test(self, node: Node, log: Logger, result: TestResult) -> None: | ||
log.info('Running EICAR test') | ||
|
||
output = node.tools[mdatp].get_result('health --field real_time_protection_enabled') | ||
if output == ['false']: | ||
output = node.tools[mdatp].get_result('config real-time-protection --value enabled', sudo=True) | ||
assert_that(' '.join(output)).is_equal_to('Configuration property updated.') | ||
|
||
current_threat_list= node.tools[mdatp].get_result('threat list') | ||
log.info(current_threat_list) | ||
|
||
node.tools[Curl].fetch(arg="-o /tmp/eicar.com.txt", | ||
execute_arg="", | ||
url="https://secure.eicar.org/eicar.com.txt") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I hope it won't trigger any security alert? |
||
|
||
time.sleep(5) #Wait for remediation | ||
|
||
new_threat_list = node.tools[mdatp].get_result('threat list') | ||
log.info(new_threat_list) | ||
|
||
eicar_detect = ' '.join(new_threat_list).replace(' '.join(current_threat_list), '') | ||
|
||
log.info(eicar_detect) | ||
log.info(eicar_detect.find('Name: Virus:DOS/EICAR_Test_File')) | ||
assert_that('Name: Virus:DOS/EICAR_Test_File' in eicar_detect).is_equal_to(True) | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just for testing purpose. Will remove it once incorporate all the review comments