Skip to content

Commit

Permalink
Merge pull request #1830 from wazuh/1599-qadocs-migrate-test-active-r…
Browse files Browse the repository at this point in the history 
…esponse

Migrate `test_active_response` documentation to QA Docs
  • Loading branch information
@mdengra
mdengra committed Sep 2, 2021
2 parents 8eeea24 + a9a785c commit 2370a46
Show file tree
Hide file tree
Showing 4 changed files with 312 additions and 31 deletions.
3 changes: 3 additions & 0 deletions docs/DocGenerator/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Project path: "../../tests/integration"
Output path: "../output"

Include paths:
- "../../tests/integration/test_active_response"
- "../../tests/integration/test_agentd"

Include regex:
Expand All @@ -15,6 +16,8 @@ Function regex:
- "^test_"

Ignore paths:
- "../../tests/integration/test_active_response/test_analysisd/data"
- "../../tests/integration/test_active_response/test_execd/data"
- "../../tests/integration/test_agentd/data"

Output fields:
Expand Down
94 changes: 90 additions & 4 deletions tests/integration/test_active_response/test_analysisd/test_os_exec.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,52 @@
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. <info@wazuh.com>.
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
'''
copyright:
Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type:
integration
description:
These tests will check if the `analysisd` daemon processes `Active Response` messages correctly.
tiers:
- 0
component:
manager
path:
tests/integration/test_active_response/test_analysisd/
daemons:
- analysisd
- execd
os_support:
- linux, rhel5
- linux, rhel6
- linux, rhel7
- linux, rhel8
- linux, amazon linux 1
- linux, amazon linux 2
- linux, debian buster
- linux, debian stretch
- linux, debian wheezy
- linux, ubuntu bionic
- linux, ubuntu xenial
- linux, ubuntu trusty
- linux, arch linux
coverage:
pytest_args:
tags:
- active_response
'''
import json
import os
import pytest
Expand Down Expand Up @@ -350,7 +395,48 @@ def validate_ar_message(message, ids, log_monitor, agent, extra_args, timeout, a

# TESTS
def test_os_exec(set_debug_mode, get_configuration, configure_environment, restart_service, configure_agents):
"""Check if Active Response message is sent in correct format depending on agent version"""
'''
description:
Check if `Active Response` message is sent in correct format depending on agent version.
wazuh_min_version:
4.2
parameters:
- set_debug_mode:
type: fixture
brief: Set execd daemon in debug mode.
- get_configuration:
type: fixture
brief: Get configurations from the module.
- configure_environment:
type: fixture
brief: Configure a custom environment for testing.
- restart_service:
type: fixture
brief: Restart Wazuh manager service and clean the ossec.log file.
- configure_agents:
type: fixture
brief: Create simulated agents for testing.
assertions:
- Validate Active Response messages in old string format.
- Validate Active Response messages in new `JSON` format.
test_input:
Different `Active Response` messages sent to Debian and Ubuntu simulated agents.
logging:
- ossec.log:
- r"Active response request received "
tags:
- simulator
'''
metadata = get_configuration.get('metadata')
protocol = metadata['protocol']
extra_args = metadata['extra_args']
Expand Down
124 changes: 111 additions & 13 deletions tests/integration/test_active_response/test_execd/test_execd_firewall_drop.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,58 @@
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. <info@wazuh.com>.
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2

'''
copyright:
Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type:
integration
description:
These tests will check if the active responses, which are executed by
the `wazuh-execd` program via scripts, run correctly.
tiers:
- 0
component:
agent
path:
tests/integration/test_active_response/test_execd/
daemons:
- execd
os_support:
- linux, rhel5
- linux, rhel6
- linux, rhel7
- linux, rhel8
- linux, amazon linux 1
- linux, amazon linux 2
- linux, debian buster
- linux, debian stretch
- linux, debian wheezy
- linux, ubuntu bionic
- linux, ubuntu xenial
- linux, ubuntu trusty
- linux, arch linux
- windows, 7
- windows, 8
- windows, 10
- windows, server 2003
- windows, server 2012
- windows, server 2016
coverage:
pytest_args:
tags:
- active_response
'''
import json
import os
import platform
Expand Down Expand Up @@ -189,15 +240,62 @@ def build_message(metadata, expected):

def test_execd_firewall_drop(set_debug_mode, get_configuration, test_version, configure_environment,
remove_ip_from_iptables, start_agent, set_ar_conf_mode):
"""Check if firewall-drop Active Response is executed correctly.
Args:
set_debug_mode (fixture): Set execd daemon in debug mode.
test_version (fixture): Validate Wazuh version.
set_ar_conf_mode (fixture): Configure Active Responses used in tests.
start_agent (fixture): Create Remoted and Authd simulators, register agent and start it.
remove_ip_from_iptables (fixture): Remove the test IP from iptables if it exist
"""
'''
description:
Check if firewall-drop command of Active Response is executed correctly.
wazuh_min_version:
4.2
parameters:
- set_debug_mode:
type: fixture
brief: Set execd daemon in debug mode.
- get_configuration:
type: fixture
brief: Get configurations from the module.
- test_version:
type: fixture
brief: Validate Wazuh version.
- configure_environment:
type: fixture
brief: Configure a custom environment for testing.
- remove_ip_from_iptables:
type: fixture
brief: Remove the test IP from iptables if it exist.
- start_agent:
type: fixture
brief: Create Remoted and Authd simulators, register agent and start it.
- set_ar_conf_mode:
type: fixture
brief: Configure Active Responses used in tests.
assertions:
- Check that the sent IP is added to iptables.
- Check that the sent IP is removed from iptables.
test_input:
Several `firewall-drop` commands with different parameters and the expected result after running them.
logging:
- ossec.log:
- r"DEBUG: Received message "
- active-responses.log:
- r"Starting"
- r"active-response/bin/firewall-drop "
- r"Ended"
- r"Cannot read 'srcip' from data"
tags:
- active_response
'''
metadata = get_configuration['metadata']
expected = metadata['results']
ossec_log_monitor = FileMonitor(LOG_FILE_PATH)
Expand Down
122 changes: 108 additions & 14 deletions tests/integration/test_active_response/test_execd/test_execd_restart.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,58 @@
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. <info@wazuh.com>.
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2

'''
copyright:
Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type:
integration
description:
These tests will check if the active responses, which are executed by
the `wazuh-execd` program via scripts, run correctly.
tiers:
- 0
component:
agent
path:
tests/integration/test_active_response/test_execd/
daemons:
- execd
os_support:
- linux, rhel5
- linux, rhel6
- linux, rhel7
- linux, rhel8
- linux, amazon linux 1
- linux, amazon linux 2
- linux, debian buster
- linux, debian stretch
- linux, debian wheezy
- linux, ubuntu bionic
- linux, ubuntu xenial
- linux, ubuntu trusty
- linux, arch linux
- windows, 7
- windows, 8
- windows, 10
- windows, server 2003
- windows, server 2012
- windows, server 2016
coverage:
pytest_args:
tags:
- active_response
'''
import os
import platform
import pytest
Expand Down Expand Up @@ -144,16 +195,59 @@ def build_message(metadata, expected):

def test_execd_restart(set_debug_mode, get_configuration, test_version,
configure_environment, start_agent, set_ar_conf_mode):
"""Check if restart-wazuh Active Response is executed correctly.
Args:
set_debug_mode (fixture): Set execd daemon in debug mode.
get_configuration (fixture): Get configurations from the module.
test_version (fixture): Validate Wazuh version.
configure_environment (fixture): Configure a custom environment for testing.
start_agent (fixture): Create Remoted and Authd simulators, register agent and start it.
set_ar_conf_mode (fixture): Configure Active Responses used in tests.
"""
'''
description:
Check if `restart-wazuh` command of Active Response is executed correctly.
wazuh_min_version:
4.2
parameters:
- set_debug_mode:
type: fixture
brief: Set execd daemon in debug mode.
- get_configuration:
type: fixture
brief: Get configurations from the module.
- test_version:
type: fixture
brief: Validate Wazuh version.
- configure_environment:
type: fixture
brief: Configure a custom environment for testing.
- start_agent:
type: fixture
brief: Create Remoted and Authd simulators, register agent and start it.
- set_ar_conf_mode:
type: fixture
brief: Configure Active Responses used in tests.
assertions:
- Check that the active response restart-wazuh is received.
- Check that the agent is ready to restart.
test_input:
Several `restart-wazuh` commands with different parameters and the expected result after running them.
logging:
- ossec.log:
- r"DEBUG: Received message "
- r"Shutdown received. Deleting responses."
- active-responses.log:
- r"Starting"
- r"active-response/bin/restart-wazuh "
- r"Ended"
- r"Invalid input format"
tags:
- active_response
'''
metadata = get_configuration['metadata']
expected = metadata['results']
ossec_log_monitor = FileMonitor(LOG_FILE_PATH)
Expand Down

0 comments on commit 2370a46

Please sign in to comment.