-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #955 from wazuh/941-configured-symlinks
Add new cases for symbolic links tests
- Loading branch information
Showing
7 changed files
with
573 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85 changes: 85 additions & 0 deletions
85
...test_fim/test_files/test_follow_symbolic_link/test_change_target_with_nested_directory.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
# Copyright (C) 2015-2020, Wazuh Inc. | ||
# Created by Wazuh, Inc. <info@wazuh.com>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
import os | ||
|
||
import pytest | ||
from test_fim.test_files.test_follow_symbolic_link.common import configurations_path, testdir1, \ | ||
modify_symlink, testdir_link, wait_for_symlink_check, wait_for_audit, testdir2 | ||
# noinspection PyUnresolvedReferences | ||
from test_fim.test_files.test_follow_symbolic_link.common import test_directories, extra_configuration_before_yield, \ | ||
extra_configuration_after_yield | ||
|
||
from wazuh_testing import logger, global_parameters | ||
from wazuh_testing.fim import (generate_params, create_file, REGULAR, callback_detect_event, | ||
check_time_travel, LOG_FILE_PATH) | ||
from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test | ||
from wazuh_testing.tools.monitoring import FileMonitor | ||
|
||
# Marks | ||
|
||
pytestmark = [pytest.mark.linux, pytest.mark.sunos5, pytest.mark.darwin, pytest.mark.tier(level=1)] | ||
|
||
# configurations | ||
|
||
conf_params, conf_metadata = generate_params(extra_params={'FOLLOW_MODE': 'yes'}, | ||
modes=['scheduled']) | ||
configurations = load_wazuh_configurations(configurations_path, __name__, | ||
params=conf_params, | ||
metadata=conf_metadata | ||
) | ||
|
||
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) | ||
|
||
|
||
# fixtures | ||
|
||
@pytest.fixture(scope='module', params=configurations) | ||
def get_configuration(request): | ||
"""Get configurations from the module.""" | ||
return request.param | ||
|
||
|
||
# tests | ||
|
||
@pytest.mark.parametrize('tags_to_apply, previous_target, new_target', [ | ||
({'nested_dir'}, testdir1, testdir2) | ||
]) | ||
def test_symbolic_change_target_inside_folder(tags_to_apply, previous_target, new_target, get_configuration, | ||
configure_environment, restart_syscheckd, wait_for_fim_start): | ||
""" | ||
Check if syscheck stops detecting events from previous target when pointing to a new folder | ||
CHECK: Having a symbolic link pointing to a folder which contains another monitored directory. Changing the target | ||
should not trigger 'added' events for the monitored subdirectory on the next scan. | ||
Parameters | ||
---------- | ||
previous_target : str | ||
Previous symlink target (path) | ||
new_target : str | ||
New symlink target (path). | ||
""" | ||
check_apply_test(tags_to_apply, get_configuration['tags']) | ||
scheduled = get_configuration['metadata']['fim_mode'] == 'scheduled' | ||
whodata = get_configuration['metadata']['fim_mode'] == 'whodata' | ||
file1 = 'new_file' | ||
symlink = 'symlink3' | ||
|
||
# Check create event | ||
create_file(REGULAR, previous_target, file1, content='') | ||
check_time_travel(scheduled, monitor=wazuh_log_monitor) | ||
wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event, | ||
error_message='Did not receive expected "Sending FIM event: ..." event') | ||
|
||
# Change the target to another file and wait the symcheck to update the link information | ||
modify_symlink(new_target, os.path.join(testdir_link, symlink)) | ||
wait_for_symlink_check(wazuh_log_monitor) | ||
wait_for_audit(whodata, wazuh_log_monitor) | ||
|
||
# Verify that no events are generated | ||
check_time_travel(scheduled, monitor=wazuh_log_monitor) | ||
with pytest.raises(TimeoutError): | ||
event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event) | ||
logger.error(f'Unexpected event {event.result()}') | ||
raise AttributeError(f'Unexpected event {event.result()}') |
108 changes: 108 additions & 0 deletions
108
tests/integration/test_fim/test_files/test_follow_symbolic_link/test_symlink_and_dir.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
# Copyright (C) 2015-2020, Wazuh Inc. | ||
# Created by Wazuh, Inc. <info@wazuh.com>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
import os | ||
|
||
import pytest | ||
|
||
from wazuh_testing import global_parameters, logger | ||
from wazuh_testing.fim import SYMLINK, REGULAR, LOG_FILE_PATH, generate_params, create_file, change_internal_options, \ | ||
callback_detect_event, check_time_travel | ||
from wazuh_testing.tools import PREFIX | ||
from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test | ||
from wazuh_testing.tools.monitoring import FileMonitor | ||
|
||
from test_fim.test_files.test_follow_symbolic_link.common import wait_for_symlink_check, wait_for_audit, symlink_interval, \ | ||
modify_symlink | ||
|
||
|
||
# Marks | ||
|
||
pytestmark = [pytest.mark.linux, pytest.mark.sunos5, pytest.mark.darwin, pytest.mark.tier(level=1)] | ||
|
||
|
||
# Variables | ||
|
||
test_directories = [os.path.join(PREFIX, 'testdir'), os.path.join(PREFIX, 'testdir_target')] | ||
testdir = test_directories[0] | ||
testdir_link = os.path.join(PREFIX, 'testdir_link') | ||
testdir_target = test_directories[1] | ||
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') | ||
configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml') | ||
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) | ||
|
||
|
||
# Configurations | ||
|
||
conf_params, conf_metadata = generate_params(extra_params={'FOLLOW_MODE': 'yes'}) | ||
configurations = load_wazuh_configurations(configurations_path, __name__, params=conf_params, metadata=conf_metadata) | ||
|
||
|
||
# Fixtures | ||
|
||
@pytest.fixture(scope='module', params=configurations) | ||
def get_configuration(request): | ||
"""Get configurations from the module.""" | ||
return request.param | ||
|
||
|
||
# Functions | ||
|
||
def extra_configuration_before_yield(): | ||
"""Create files and symlinks""" | ||
create_file(REGULAR, testdir_target, 'regular1') | ||
create_file(SYMLINK, PREFIX, 'testdir_link', target=testdir) | ||
# Set symlink_scan_interval to a given value | ||
change_internal_options(param='syscheck.symlink_scan_interval', value=symlink_interval) | ||
|
||
|
||
def extra_configuration_after_yield(): | ||
"""Set symlink_scan_interval to default value and remove symbolic link""" | ||
os.remove(testdir_link) | ||
change_internal_options(param='syscheck.symlink_scan_interval', value=600) | ||
|
||
|
||
# Tests | ||
|
||
@pytest.mark.parametrize('tags_to_apply', [ | ||
{'symlink_and_dir'}, | ||
]) | ||
def test_symlink_dir_inside_monitored_dir(tags_to_apply, get_configuration, configure_environment, restart_syscheckd, | ||
wait_for_fim_start): | ||
""" | ||
Monitor a directory and a symbolic link to it, change the target of the symbolic link. | ||
The directory must be scanned silently, preventing events from triggering until it has finished. | ||
Parameters | ||
---------- | ||
tags_to_apply : set | ||
Run test if matches with a configuration identifier, skip otherwise. | ||
""" | ||
check_apply_test(tags_to_apply, get_configuration['tags']) | ||
scheduled = get_configuration['metadata']['fim_mode'] == 'scheduled' | ||
whodata = get_configuration['metadata']['fim_mode'] == 'whodata' | ||
|
||
# Modify the symbolic link and expect no events | ||
modify_symlink(testdir_target, testdir_link) | ||
|
||
# Wait for both audit and the symlink check to run | ||
wait_for_symlink_check(wazuh_log_monitor) | ||
wait_for_audit(whodata, wazuh_log_monitor) | ||
|
||
check_time_travel(scheduled, monitor=wazuh_log_monitor) | ||
|
||
with pytest.raises(TimeoutError): | ||
event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event) | ||
logger.error(f'Unexpected event {event.result()}') | ||
raise AttributeError(f'Unexpected event {event.result()}') | ||
|
||
# Create a file in the pointed folder and expect events | ||
create_file(REGULAR, testdir_link, 'regular2') | ||
|
||
check_time_travel(scheduled, monitor=wazuh_log_monitor) | ||
|
||
wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event, | ||
error_message='Did not receive expected ' | ||
'"Sending FIM event: ..." event') |
Oops, something went wrong.