From 4bcf9b7e622f0df3ca0f5ab791b1910db1044eb3 Mon Sep 17 00:00:00 2001 From: camila Date: Mon, 13 Dec 2021 22:24:56 -0300 Subject: [PATCH 01/25] rm: delete unused function --- .../test_registry_responses_win32.py | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index d16810c9d2..b57c61230a 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -123,20 +123,6 @@ def get_sync_msgs(tout, new_data=True): return events -def find_path_in_event_list(path, event_list): - """Function that looks for a key path in a list of json events. - Params: - path (str): Path of the registry key. - event_list (list): List containing the events in JSON format. - Returns: - The event that matches the specified path. None if no event was found. - """ - for event in event_list: - if event['path'] == path: - return event - return None - - def find_value_in_event_list(key_path, value_name, event_list): """Function that looks for a key path and value_name in a list of json events. Params: From 321b48c56aa5f76512d4163180e69cb9b77fc980 Mon Sep 17 00:00:00 2001 From: camila Date: Mon, 13 Dec 2021 22:27:21 -0300 Subject: [PATCH 02/25] rm: tags to apply fixture --- .../test_synchronization/test_registry_responses_win32.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index b57c61230a..386b5d27ad 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -168,10 +168,10 @@ def remove_key_and_restart(request): # tests -@pytest.mark.parametrize('tags_to_apply', [{'registry_sync_responses'}]) + @pytest.mark.parametrize('key_name', [':subkey1', 'subkey2:', ':subkey3:']) @pytest.mark.parametrize('value_name', [':value1', 'value2:', ':value3:']) -def test_registry_sync_after_restart(key_name, value_name, tags_to_apply, get_configuration, configure_environment, +def test_registry_sync_after_restart(key_name, value_name, get_configuration, configure_environment, remove_key_and_restart): ''' description: Check if the 'wazuh-syscheckd' daemon synchronizes the registry DB when a modification @@ -190,9 +190,6 @@ def test_registry_sync_after_restart(key_name, value_name, tags_to_apply, get_co - value_name: type: str brief: Name of the value that will be created in the test. - - tags_to_apply: - type: set - brief: Run test if matches with a configuration identifier, skip otherwise. - get_configuration: type: fixture brief: Get configurations from the module. @@ -220,7 +217,6 @@ def test_registry_sync_after_restart(key_name, value_name, tags_to_apply, get_co - scheduled - time_travel ''' - check_apply_test(tags_to_apply, get_configuration['tags']) key_path = os.path.join(monitored_key, key_name) value_path = os.path.join(key, key_path, value_name) From 30943d1c0e2b2fdde35e924dedae7b70a69cc794 Mon Sep 17 00:00:00 2001 From: camila Date: Mon, 13 Dec 2021 22:40:57 -0300 Subject: [PATCH 03/25] rf: refactor remove_key_and_restart --- .../test_registry_responses_win32.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 386b5d27ad..0bfbb9f3f4 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -148,11 +148,15 @@ def extra_configuration_after_yield(): @pytest.fixture(scope='function', params=configurations) -def remove_key_and_restart(request): - """Fixture that removes the test key and restart the agent. The aim of this +def create_key(request): + """Fixture that create the test key And then delete the key and truncate the file. The aim of this fixture is to avoid false positives if the manager still has the test key in it's DB. """ + control_service('stop') + fim.create_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) + + yield fim.delete_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) control_service('stop') truncate_file(fim.LOG_FILE_PATH) @@ -172,7 +176,7 @@ def remove_key_and_restart(request): @pytest.mark.parametrize('key_name', [':subkey1', 'subkey2:', ':subkey3:']) @pytest.mark.parametrize('value_name', [':value1', 'value2:', ':value3:']) def test_registry_sync_after_restart(key_name, value_name, get_configuration, configure_environment, - remove_key_and_restart): + create_key): ''' description: Check if the 'wazuh-syscheckd' daemon synchronizes the registry DB when a modification is performed while the agent is down. For this purpose, the test will monitor a key and @@ -196,9 +200,9 @@ def test_registry_sync_after_restart(key_name, value_name, get_configuration, co - configure_environment: type: fixture brief: Configure a custom environment for testing. - - remove_key_and_restart: + - create_key: type: fixture - brief: Remove the test key and restart the agent. + brief: Create the test key. assertions: - Verify that FIM sync events generated include the monitored value path and @@ -221,8 +225,6 @@ def test_registry_sync_after_restart(key_name, value_name, get_configuration, co value_path = os.path.join(key, key_path, value_name) # stops syscheckd - control_service('stop') - fim.create_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) key_handle = fim.create_registry(fim.registry_parser[key], key_path, fim.KEY_WOW64_64KEY) fim.modify_registry_value(key_handle, value_name, fim.REG_SZ, 'This is a test with syscheckd down.') From 35c61102990a289f0f8677c09fee1973c252533e Mon Sep 17 00:00:00 2001 From: camila Date: Tue, 14 Dec 2021 15:36:51 -0300 Subject: [PATCH 04/25] add: Add new estructure in order to not duplicate code --- .../wazuh_testing/fim_module/__init__.py | 0 .../fim_module/fim_synchronization.py | 17 ++++++++++++++++ .../wazuh_testing/fim_module/fim_variables.py | 1 + .../test_registry_responses_win32.py | 20 +------------------ 4 files changed, 19 insertions(+), 19 deletions(-) create mode 100644 deps/wazuh_testing/wazuh_testing/fim_module/__init__.py create mode 100644 deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py create mode 100644 deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/__init__.py b/deps/wazuh_testing/wazuh_testing/fim_module/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py new file mode 100644 index 0000000000..9803adb06c --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py @@ -0,0 +1,17 @@ +def find_value_in_event_list(key_path, value_name, event_list): + """Function that looks for a key path and value_name in a list of json events. + Params: + path (str): Path of the registry key. + value_name (str): Name of the value + event_list (list): List containing the events in JSON format. + Returns: + The event that matches the specified path. None if no event was found. + """ + for event in event_list: + if 'value_name' not in event.keys(): + continue + + if event['path'] == key_path and event['value_name'] == value_name: + return event + + return None \ No newline at end of file diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py new file mode 100644 index 0000000000..c915beea9c --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -0,0 +1 @@ +max_events = 20 \ No newline at end of file diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 0bfbb9f3f4..c467d6b2f8 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -62,6 +62,7 @@ from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.services import control_service from wazuh_testing.tools.file import truncate_file +from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list # Marks @@ -123,25 +124,6 @@ def get_sync_msgs(tout, new_data=True): return events -def find_value_in_event_list(key_path, value_name, event_list): - """Function that looks for a key path and value_name in a list of json events. - Params: - path (str): Path of the registry key. - value_name (str): Name of the value - event_list (list): List containing the events in JSON format. - Returns: - The event that matches the specified path. None if no event was found. - """ - for event in event_list: - if 'value_name' not in event.keys(): - continue - - if event['path'] == key_path and event['value_name'] == value_name: - return event - - return None - - def extra_configuration_after_yield(): """Remove the registry key when the test ends""" fim.delete_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) From f53667d4ff27aac699fe97c8218fec0d7ba9e301 Mon Sep 17 00:00:00 2001 From: camila Date: Tue, 14 Dec 2021 23:42:39 -0300 Subject: [PATCH 05/25] add: add new conftest to fim --- .../wazuh_testing/fim_module/fim_variables.py | 18 +++++++++- tests/integration/test_fim/conftest.py | 34 +++++++++++++++++++ .../test_registry_responses_win32.py | 25 +------------- 3 files changed, 52 insertions(+), 25 deletions(-) create mode 100644 tests/integration/test_fim/conftest.py diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index c915beea9c..38ba515a90 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -1 +1,17 @@ -max_events = 20 \ No newline at end of file +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +''' +The purpose of this file is to contain all the variables necessary for FIM in order to be easier to maintain if one of them changes in the future +''' + +# variables + +# key variables +WINDOWS_HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" +MONITORED_KEY = "SOFTWARE\\random_key" + +# value key +SYNC_INTERVAL = 'SYNC_INTERVAL' +SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 \ No newline at end of file diff --git a/tests/integration/test_fim/conftest.py b/tests/integration/test_fim/conftest.py new file mode 100644 index 0000000000..6bbb8551a2 --- /dev/null +++ b/tests/integration/test_fim/conftest.py @@ -0,0 +1,34 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +import pytest +from wazuh_testing import global_parameters +from wazuh_testing.tools.services import control_service +from wazuh_testing.fim import create_registry, registry_parser, KEY_WOW64_64KEY, delete_registry, LOG_FILE_PATH, callback_detect_registry_integrity_clear_event +from wazuh_testing.tools.file import truncate_file +from wazuh_testing.fim_module.fim_variables import WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, SYNC_INTERVAL_VALUE +from wazuh_testing.tools.monitoring import FileMonitor + + +@pytest.fixture(scope='function') +def create_key(request): + """Fixture that create the test key And then delete the key and truncate the file. The aim of this + fixture is to avoid false positives if the manager still has the test key + in it's DB. + """ + control_service('stop') + create_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], MONITORED_KEY, KEY_WOW64_64KEY) + + yield + delete_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], MONITORED_KEY, KEY_WOW64_64KEY) + control_service('stop') + truncate_file(LOG_FILE_PATH) + file_monitor = FileMonitor(LOG_FILE_PATH) + setattr(request.module, 'wazuh_log_monitor', file_monitor) + control_service('start') + + # wait until the sync is done. + file_monitor.start(timeout= SYNC_INTERVAL_VALUE + global_parameters.default_timeout, + callback=callback_detect_registry_integrity_clear_event, + error_message='Did not receive expected "integrity clear" event') diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index c467d6b2f8..30522e721b 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -58,7 +58,7 @@ import pytest import wazuh_testing.fim as fim from wazuh_testing import global_parameters -from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test +from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.services import control_service from wazuh_testing.tools.file import truncate_file @@ -129,29 +129,6 @@ def extra_configuration_after_yield(): fim.delete_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) -@pytest.fixture(scope='function', params=configurations) -def create_key(request): - """Fixture that create the test key And then delete the key and truncate the file. The aim of this - fixture is to avoid false positives if the manager still has the test key - in it's DB. - """ - control_service('stop') - fim.create_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) - - yield - fim.delete_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) - control_service('stop') - truncate_file(fim.LOG_FILE_PATH) - file_monitor = FileMonitor(fim.LOG_FILE_PATH) - setattr(request.module, 'wazuh_log_monitor', file_monitor) - control_service('start') - - # wait until the sync is done. - wazuh_log_monitor.start(timeout=sync_interval + global_parameters.default_timeout, - callback=fim.callback_detect_registry_integrity_clear_event, - error_message='Did not receive expected "integrity clear" event') - - # tests From 7db04671e792467a44a44727b6f5eb256c780c0d Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 10:37:13 -0300 Subject: [PATCH 06/25] add: add a file that contains variables in order to not harcoded code --- .../wazuh_testing/fim_module/fim_variables.py | 8 +++++- .../test_registry_responses_win32.py | 27 +++++++------------ 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 38ba515a90..7fa487df04 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -11,7 +11,13 @@ # key variables WINDOWS_HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" MONITORED_KEY = "SOFTWARE\\random_key" +WINDOWS_REGISTRY = 'WINDOWS_REGISTRY' + # value key SYNC_INTERVAL = 'SYNC_INTERVAL' -SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 \ No newline at end of file +SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 + + +# FIM modules +SCHEDULE_MODE = 'scheduled' \ No newline at end of file diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 30522e721b..a76f055e7e 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -63,26 +63,24 @@ from wazuh_testing.tools.services import control_service from wazuh_testing.tools.file import truncate_file from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list +from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, MAX_EVENTS_VALUE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY + # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] # variables -key = "HKEY_LOCAL_MACHINE" -monitored_key = "SOFTWARE\\random_key" -sync_interval = 20 -max_events = 20 test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') configurations_path = os.path.join(test_data_path, 'wazuh_conf_registry_responses_win32.yaml') -conf_params = {'WINDOWS_REGISTRY': os.path.join(key, monitored_key), 'SYNC_INTERVAL': sync_interval} +conf_params = {WINDOWS_REGISTRY: os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY), SYNC_INTERVAL: SYNC_INTERVAL_VALUE} wazuh_log_monitor = FileMonitor(fim.LOG_FILE_PATH) # configurations -conf_params, conf_metadata = fim.generate_params(extra_params=conf_params, modes=['scheduled']) +conf_params, conf_metadata = fim.generate_params(extra_params=conf_params, modes=[SCHEDULE_MODE]) configurations = load_wazuh_configurations(configurations_path, __name__, params=conf_params, metadata=conf_metadata) @@ -109,7 +107,7 @@ def get_sync_msgs(tout, new_data=True): callback=fim.callback_dbsync_no_data, error_message='Did not receive expected ' '"db sync no data" event') - for _ in range(0, max_events): + for _ in range(0, MAX_EVENTS_VALUE): try: sync_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=fim.callback_detect_registry_integrity_state_event, @@ -124,11 +122,6 @@ def get_sync_msgs(tout, new_data=True): return events -def extra_configuration_after_yield(): - """Remove the registry key when the test ends""" - fim.delete_registry(fim.registry_parser[key], monitored_key, fim.KEY_WOW64_64KEY) - - # tests @@ -180,16 +173,16 @@ def test_registry_sync_after_restart(key_name, value_name, get_configuration, co - scheduled - time_travel ''' - key_path = os.path.join(monitored_key, key_name) - value_path = os.path.join(key, key_path, value_name) + key_path = os.path.join(MONITORED_KEY, key_name) + value_path = os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path, value_name) # stops syscheckd - key_handle = fim.create_registry(fim.registry_parser[key], key_path, fim.KEY_WOW64_64KEY) + key_handle = fim.create_registry(fim.registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], key_path, fim.KEY_WOW64_64KEY) fim.modify_registry_value(key_handle, value_name, fim.REG_SZ, 'This is a test with syscheckd down.') control_service('start') - events = get_sync_msgs(sync_interval) + events = get_sync_msgs(SYNC_INTERVAL_VALUE) assert find_value_in_event_list( - os.path.join(key, key_path), value_name, events) is not None, f"No sync event was found for {value_path}" + os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path), value_name, events) is not None, f"No sync event was found for {value_path}" From d02e8b288f10a0d1f92a7cdc7fe2ebcb7c45989a Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 10:58:30 -0300 Subject: [PATCH 07/25] rf: delete all the harcoded code in test registry responses --- .../wazuh_testing/fim_module/fim_variables.py | 4 ++-- .../wazuh_testing/wazuh_variables.py | 17 +++++++++++++++++ tests/integration/test_fim/conftest.py | 9 +++++---- .../test_registry_responses_win32.py | 7 ++++--- 4 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 deps/wazuh_testing/wazuh_testing/wazuh_variables.py diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 7fa487df04..459f28c915 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -9,8 +9,8 @@ # variables # key variables -WINDOWS_HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" -MONITORED_KEY = "SOFTWARE\\random_key" +WINDOWS_HKEY_LOCAL_MACHINE = 'HKEY_LOCAL_MACHINE' +MONITORED_KEY = 'SOFTWARE\\random_key' WINDOWS_REGISTRY = 'WINDOWS_REGISTRY' diff --git a/deps/wazuh_testing/wazuh_testing/wazuh_variables.py b/deps/wazuh_testing/wazuh_testing/wazuh_variables.py new file mode 100644 index 0000000000..184b9e02c6 --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/wazuh_variables.py @@ -0,0 +1,17 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +''' +The purpose of this file is to contain all the variables necessary for Wazuh in order to be easier to maintain if one of them changes in the future +''' +# local internal options +WINDOWS_DEBUG = 'windows.debug' +VERBOSE_DEBUG_OUTPUT = 2 + +WAZUH_SERVICES_STOP = 'stop' +WAZUH_SERVICES_START = 'start' + +# configurations +DATA = 'data' +WAZUH_LOG_MONITOR = 'wazuh_log_monitor' \ No newline at end of file diff --git a/tests/integration/test_fim/conftest.py b/tests/integration/test_fim/conftest.py index 6bbb8551a2..7e084fcb1d 100644 --- a/tests/integration/test_fim/conftest.py +++ b/tests/integration/test_fim/conftest.py @@ -8,6 +8,7 @@ from wazuh_testing.fim import create_registry, registry_parser, KEY_WOW64_64KEY, delete_registry, LOG_FILE_PATH, callback_detect_registry_integrity_clear_event from wazuh_testing.tools.file import truncate_file from wazuh_testing.fim_module.fim_variables import WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, SYNC_INTERVAL_VALUE +from wazuh_testing.wazuh_variables import WAZUH_SERVICES_START, WAZUH_SERVICES_STOP, WAZUH_LOG_MONITOR from wazuh_testing.tools.monitoring import FileMonitor @@ -17,16 +18,16 @@ def create_key(request): fixture is to avoid false positives if the manager still has the test key in it's DB. """ - control_service('stop') + control_service(WAZUH_SERVICES_STOP) create_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], MONITORED_KEY, KEY_WOW64_64KEY) yield delete_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], MONITORED_KEY, KEY_WOW64_64KEY) - control_service('stop') + control_service(WAZUH_SERVICES_STOP) truncate_file(LOG_FILE_PATH) file_monitor = FileMonitor(LOG_FILE_PATH) - setattr(request.module, 'wazuh_log_monitor', file_monitor) - control_service('start') + setattr(request.module, WAZUH_LOG_MONITOR, file_monitor) + control_service(WAZUH_SERVICES_START) # wait until the sync is done. file_monitor.start(timeout= SYNC_INTERVAL_VALUE + global_parameters.default_timeout, diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index a76f055e7e..5ad7df50a6 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -64,6 +64,7 @@ from wazuh_testing.tools.file import truncate_file from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, MAX_EVENTS_VALUE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY +from wazuh_testing.wazuh_variables import DATA, WAZUH_SERVICES_STOP, WAZUH_SERVICES_START # Marks @@ -73,8 +74,8 @@ # variables -test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -configurations_path = os.path.join(test_data_path, 'wazuh_conf_registry_responses_win32.yaml') +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) +configurations_path = os.path.join(test_data_path, YAML_CONF_REGISTRY_RESPONSE) conf_params = {WINDOWS_REGISTRY: os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY), SYNC_INTERVAL: SYNC_INTERVAL_VALUE} wazuh_log_monitor = FileMonitor(fim.LOG_FILE_PATH) @@ -180,7 +181,7 @@ def test_registry_sync_after_restart(key_name, value_name, get_configuration, co key_handle = fim.create_registry(fim.registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], key_path, fim.KEY_WOW64_64KEY) fim.modify_registry_value(key_handle, value_name, fim.REG_SZ, 'This is a test with syscheckd down.') - control_service('start') + control_service(WAZUH_SERVICES_START) events = get_sync_msgs(SYNC_INTERVAL_VALUE) From 9636d752dba4778f1299b5d1ef44eafdffede212 Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 11:31:44 -0300 Subject: [PATCH 08/25] Add: add auto-configuration local internal options --- .../test_synchronization/test_registry_responses_win32.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 5ad7df50a6..10ffc97caf 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -61,10 +61,9 @@ from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.services import control_service -from wazuh_testing.tools.file import truncate_file from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, MAX_EVENTS_VALUE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY -from wazuh_testing.wazuh_variables import DATA, WAZUH_SERVICES_STOP, WAZUH_SERVICES_START +from wazuh_testing.wazuh_variables import DATA, WAZUH_SERVICES_START, WINDOWS_DEBUG, VERBOSE_DEBUG_OUTPUT # Marks @@ -83,6 +82,7 @@ conf_params, conf_metadata = fim.generate_params(extra_params=conf_params, modes=[SCHEDULE_MODE]) configurations = load_wazuh_configurations(configurations_path, __name__, params=conf_params, metadata=conf_metadata) +local_internal_options = {WINDOWS_DEBUG: VERBOSE_DEBUG_OUTPUT} # fixtures @@ -128,8 +128,8 @@ def get_sync_msgs(tout, new_data=True): @pytest.mark.parametrize('key_name', [':subkey1', 'subkey2:', ':subkey3:']) @pytest.mark.parametrize('value_name', [':value1', 'value2:', ':value3:']) -def test_registry_sync_after_restart(key_name, value_name, get_configuration, configure_environment, - create_key): +def test_registry_sync_after_restart(key_name, value_name, configure_local_internal_options_module, + get_configuration, configure_environment, create_key): ''' description: Check if the 'wazuh-syscheckd' daemon synchronizes the registry DB when a modification is performed while the agent is down. For this purpose, the test will monitor a key and From 4bd47ab2ae0495ef0621195bb4f28fd31fa7f599 Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 11:58:29 -0300 Subject: [PATCH 09/25] Add: add copyright --- .../wazuh_testing/fim_module/fim_synchronization.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py index 9803adb06c..67bc2a375e 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py @@ -1,3 +1,7 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + def find_value_in_event_list(key_path, value_name, event_list): """Function that looks for a key path and value_name in a list of json events. Params: From f42701dcb1297b842a57b5ad11a4a831fac9439b Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 14:58:42 -0300 Subject: [PATCH 10/25] mv: Move get_sync_msgs function to fim_synchronization --- .../fim_module/fim_synchronization.py | 37 +++++++++++++++++++ .../test_registry_responses_win32.py | 34 +---------------- 2 files changed, 39 insertions(+), 32 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py index 67bc2a375e..bded97b804 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py @@ -2,6 +2,43 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +import wazuh_testing.fim as fim +from wazuh_testing import global_parameters +from wazuh_testing.fim_module.fim_variables import MAX_EVENTS_VALUE +from wazuh_testing.tools.monitoring import FileMonitor + + +def get_sync_msgs(tout, new_data=True): + """Look for as many synchronization events as possible. + This function will look for the synchronization messages until a Timeout is raised or 'max_events' is reached. + Params: + tout (int): Timeout that will be used to get the dbsync_no_data message. + new_data (bool): Specifies if the test will wait the event `dbsync_no_data` + Returns: + A list with all the events in json format. + """ + wazuh_log_monitor = FileMonitor(fim.LOG_FILE_PATH) + events = [] + if new_data: + wazuh_log_monitor.start(timeout=tout, + callback=fim.callback_dbsync_no_data, + error_message='Did not receive expected ' + '"db sync no data" event') + for _ in range(0, MAX_EVENTS_VALUE): + try: + sync_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + callback=fim.callback_detect_registry_integrity_state_event, + accum_results=1, + error_message='Did not receive expected ' + 'Sending integrity control message"').result() + except TimeoutError: + break + + events.append(sync_event) + + return events + + def find_value_in_event_list(key_path, value_name, event_list): """Function that looks for a key path and value_name in a list of json events. Params: diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 10ffc97caf..a917b62f0e 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -61,7 +61,7 @@ from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.services import control_service -from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list +from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list, get_sync_msgs from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, MAX_EVENTS_VALUE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY from wazuh_testing.wazuh_variables import DATA, WAZUH_SERVICES_START, WINDOWS_DEBUG, VERBOSE_DEBUG_OUTPUT @@ -76,7 +76,7 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) configurations_path = os.path.join(test_data_path, YAML_CONF_REGISTRY_RESPONSE) conf_params = {WINDOWS_REGISTRY: os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY), SYNC_INTERVAL: SYNC_INTERVAL_VALUE} -wazuh_log_monitor = FileMonitor(fim.LOG_FILE_PATH) + # configurations @@ -93,36 +93,6 @@ def get_configuration(request): return request.param -def get_sync_msgs(tout, new_data=True): - """Look for as many synchronization events as possible. - This function will look for the synchronization messages until a Timeout is raised or 'max_events' is reached. - Params: - tout (int): Timeout that will be used to get the dbsync_no_data message. - new_data (bool): Specifies if the test will wait the event `dbsync_no_data` - Returns: - A list with all the events in json format. - """ - events = [] - if new_data: - wazuh_log_monitor.start(timeout=tout, - callback=fim.callback_dbsync_no_data, - error_message='Did not receive expected ' - '"db sync no data" event') - for _ in range(0, MAX_EVENTS_VALUE): - try: - sync_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=fim.callback_detect_registry_integrity_state_event, - accum_results=1, - error_message='Did not receive expected ' - 'Sending integrity control message"').result() - except TimeoutError: - break - - events.append(sync_event) - - return events - - # tests From 3456bea7e5709ff0ef245f32308fb9d09584641c Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 15:01:58 -0300 Subject: [PATCH 11/25] rf: refactor import about fim module --- .../wazuh_testing/fim_module/fim_synchronization.py | 10 +++++----- .../test_registry_responses_win32.py | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py index bded97b804..cca142fe9c 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py @@ -2,7 +2,7 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -import wazuh_testing.fim as fim +from wazuh_testing.fim import LOG_FILE_PATH, callback_dbsync_no_data, callback_detect_registry_integrity_state_event from wazuh_testing import global_parameters from wazuh_testing.fim_module.fim_variables import MAX_EVENTS_VALUE from wazuh_testing.tools.monitoring import FileMonitor @@ -17,17 +17,17 @@ def get_sync_msgs(tout, new_data=True): Returns: A list with all the events in json format. """ - wazuh_log_monitor = FileMonitor(fim.LOG_FILE_PATH) + wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) events = [] if new_data: wazuh_log_monitor.start(timeout=tout, - callback=fim.callback_dbsync_no_data, + callback=callback_dbsync_no_data, error_message='Did not receive expected ' '"db sync no data" event') for _ in range(0, MAX_EVENTS_VALUE): try: sync_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=fim.callback_detect_registry_integrity_state_event, + callback=callback_detect_registry_integrity_state_event, accum_results=1, error_message='Did not receive expected ' 'Sending integrity control message"').result() @@ -38,7 +38,7 @@ def get_sync_msgs(tout, new_data=True): return events - + def find_value_in_event_list(key_path, value_name, event_list): """Function that looks for a key path and value_name in a list of json events. Params: diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index a917b62f0e..cc6c43effc 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -56,7 +56,7 @@ ''' import os import pytest -import wazuh_testing.fim as fim +from wazuh_testing.fim import generate_params, create_registry, modify_registry_value, registry_parser, KEY_WOW64_64KEY, REG_SZ from wazuh_testing import global_parameters from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor @@ -80,7 +80,7 @@ # configurations -conf_params, conf_metadata = fim.generate_params(extra_params=conf_params, modes=[SCHEDULE_MODE]) +conf_params, conf_metadata = generate_params(extra_params=conf_params, modes=[SCHEDULE_MODE]) configurations = load_wazuh_configurations(configurations_path, __name__, params=conf_params, metadata=conf_metadata) local_internal_options = {WINDOWS_DEBUG: VERBOSE_DEBUG_OUTPUT} @@ -148,9 +148,9 @@ def test_registry_sync_after_restart(key_name, value_name, configure_local_inter value_path = os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path, value_name) # stops syscheckd - key_handle = fim.create_registry(fim.registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], key_path, fim.KEY_WOW64_64KEY) + key_handle = create_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], key_path, KEY_WOW64_64KEY) - fim.modify_registry_value(key_handle, value_name, fim.REG_SZ, 'This is a test with syscheckd down.') + modify_registry_value(key_handle, value_name, REG_SZ, 'This is a test with syscheckd down.') control_service(WAZUH_SERVICES_START) events = get_sync_msgs(SYNC_INTERVAL_VALUE) From b10cbf38b95c3eefbfd2e0be9d5eb0b3b081ca04 Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 16:13:50 -0300 Subject: [PATCH 12/25] add: add yaml_conf_registry variable --- deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 459f28c915..48b5e7ad05 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -20,4 +20,7 @@ # FIM modules -SCHEDULE_MODE = 'scheduled' \ No newline at end of file +SCHEDULE_MODE = 'scheduled' + +# YAML Configuration +YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml' \ No newline at end of file From 4d09c2c1589b0dad67027f3f5fe5aaceb68c9a93 Mon Sep 17 00:00:00 2001 From: camila Date: Wed, 15 Dec 2021 17:10:12 -0300 Subject: [PATCH 13/25] Fix error on import --- .../test_synchronization/test_registry_responses_win32.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index cc6c43effc..7fcb2fec9f 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -62,7 +62,7 @@ from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.services import control_service from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list, get_sync_msgs -from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, MAX_EVENTS_VALUE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY +from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, YAML_CONF_REGISTRY_RESPONSE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY from wazuh_testing.wazuh_variables import DATA, WAZUH_SERVICES_START, WINDOWS_DEBUG, VERBOSE_DEBUG_OUTPUT From a7075ebd360ef4578d8b8fd33e3b7935b3314c23 Mon Sep 17 00:00:00 2001 From: camila Date: Thu, 16 Dec 2021 15:36:57 -0300 Subject: [PATCH 14/25] rf: refactor tests sync disabled win32 --- .../wazuh_testing/fim_module/fim_variables.py | 12 +- .../data/wazuh_disabled_sync_conf_win32.yaml | 71 ----------- .../data/wazuh_sync_conf_win32.yaml | 25 ++++ .../test_sync_disabled_win32.py | 115 +++--------------- 4 files changed, 56 insertions(+), 167 deletions(-) delete mode 100644 tests/integration/test_fim/test_synchronization/data/wazuh_disabled_sync_conf_win32.yaml create mode 100644 tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 48b5e7ad05..cb0d822ecb 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -18,9 +18,19 @@ SYNC_INTERVAL = 'SYNC_INTERVAL' SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 +# Folders variables +TEST_DIR_1 = 'testdir1' +TEST_DIRECTORIES = 'TEST_DIRECTORIES' # FIM modules SCHEDULE_MODE = 'scheduled' # YAML Configuration -YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml' \ No newline at end of file +YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml' +YAML_CONF_SYNC_WIN32 = 'wazuh_sync_conf_win32.yaml' + +# Synchronization options +SYNCHRONIZATION_ENABLED = 'SYNCHRONIZATION_ENABLED' + +# Callbacks message +INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$' \ No newline at end of file diff --git a/tests/integration/test_fim/test_synchronization/data/wazuh_disabled_sync_conf_win32.yaml b/tests/integration/test_fim/test_synchronization/data/wazuh_disabled_sync_conf_win32.yaml deleted file mode 100644 index 9b6b7054ac..0000000000 --- a/tests/integration/test_fim/test_synchronization/data/wazuh_disabled_sync_conf_win32.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Configuration for sync disabled -- tags: - - sync_disabled - apply_to_modules: - - test_sync_disabled_win32 - sections: - - section: syscheck - elements: - - disabled: - value: 'no' - - synchronization: - elements: - - enabled: - value: 'no' - - directories: - value: TEST_DIRECTORIES - attributes: - - FIM_MODE - - windows_registry: - value: TEST_REGISTRIES - attributes: - - arch: "both" -# Configuration for registry sync disabled -- tags: - - sync_registry_disabled - apply_to_modules: - - test_sync_disabled_win32 - sections: - - section: syscheck - elements: - - disabled: - value: 'no' - - synchronization: - elements: - - enabled: - value: 'yes' - - registry_enabled: - value: 'no' - - directories: - value: TEST_DIRECTORIES - attributes: - - FIM_MODE - - windows_registry: - value: TEST_REGISTRIES - attributes: - - arch: "both" -# Configuration for registry sync enabled -- tags: - - sync_registry_enabled - apply_to_modules: - - test_sync_disabled_win32 - sections: - - section: syscheck - elements: - - disabled: - value: 'no' - - synchronization: - elements: - - enabled: - value: 'yes' - - registry_enabled: - value: 'yes' - - directories: - value: TEST_DIRECTORIES - attributes: - - FIM_MODE - - windows_registry: - value: TEST_REGISTRIES - attributes: - - arch: "both" diff --git a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml new file mode 100644 index 0000000000..d9f9a2f6b3 --- /dev/null +++ b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml @@ -0,0 +1,25 @@ + +# Configuration for sync disabled +- tags: + - sync_disabled + apply_to_modules: + - test_sync_disabled_win32 + sections: + - section: syscheck + elements: + - disabled: + value: 'no' + - synchronization: + elements: + - enabled: + value: SYNCHRONIZATION_ENABLED + - registry_enabled: + value: SYNCHRONIZATION_REGISTRY_ENABLED + - directories: + value: TEST_DIRECTORIES + attributes: + - FIM_MODE + - windows_registry: + value: TEST_REGISTRIES + attributes: + - arch: "both" \ No newline at end of file diff --git a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py index 2214ff7a09..1af7509a7d 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py @@ -58,40 +58,41 @@ import pytest from wazuh_testing import global_parameters -from wazuh_testing.fim import LOG_FILE_PATH, callback_detect_integrity_event, generate_params +from wazuh_testing.fim import LOG_FILE_PATH, generate_params from wazuh_testing.tools import PREFIX -from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test -from wazuh_testing.tools.monitoring import FileMonitor - +from wazuh_testing.tools.configuration import load_wazuh_configurations +from wazuh_testing.tools.monitoring import FileMonitor, callback_generator +from wazuh_testing.wazuh_variables import DATA +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, + TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE) # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] # variables -test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -key = "HKEY_LOCAL_MACHINE" -subkey = "SOFTWARE\\test" +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) + -configurations_path = os.path.join(test_data_path, 'wazuh_disabled_sync_conf_win32.yaml') +configurations_path = os.path.join(test_data_path, YAML_CONF_SYNC_WIN32) -test_directories = [os.path.join(PREFIX, 'testdir1')] -test_regs = [os.path.join(key, subkey)] +test_directories = [os.path.join(PREFIX, TEST_DIR_1)] +test_regs = [os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY)] wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) -conf_params = {'TEST_DIRECTORIES': test_directories[0], - 'TEST_REGISTRIES': test_regs[0]} +conf_params = {TEST_DIRECTORIES: test_directories[0], + TEST_REGISTRIES: test_regs[0], + SYNCHRONIZATION_ENABLED: 'no'} # configurations -p, m = generate_params(extra_params=conf_params, modes=['scheduled', 'realtime', 'whodata']) +parameters, metadata = generate_params(extra_params=conf_params) -configurations = load_wazuh_configurations(configurations_path, __name__, params=p, metadata=m) +configurations = load_wazuh_configurations(configurations_path, __name__, params=parameters, metadata=metadata) # fixtures - @pytest.fixture(scope='module', params=configurations) def get_configuration(request): """Get configurations from the module.""" @@ -100,84 +101,8 @@ def get_configuration(request): # Tests - -@pytest.mark.parametrize('tags_to_apply, file_sync, registry_sync, ', [ - ({'sync_disabled'}, False, False), - ({'sync_registry_disabled'}, True, False), - ({'sync_registry_enabled'}, True, True) -]) -def test_sync_disabled(tags_to_apply, file_sync, registry_sync, - get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start_sync_disabled): - ''' - description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop - the file/registry synchronization. For this purpose, the test will monitor a directory/key. - Finally, it will verify that no FIM 'integrity' event is generated when the synchronization - is disabled, and verify that the FIM 'integrity' event generated corresponds with a - file or a registry when the synchronization is enabled, depending on the test case. - - wazuh_min_version: 4.2.0 - - parameters: - - tags_to_apply: - type: set - brief: Run test if matches with a configuration identifier, skip otherwise. - - file_sync: - type: bool - brief: True if file synchronization is enabled. False otherwise. - - registry_sync: - type: bool - brief: True if registry synchronization is enabled. False otherwise. - - get_configuration: - type: fixture - brief: Get configurations from the module. - - configure_environment: - type: fixture - brief: Configure a custom environment for testing. - - restart_syscheckd: - type: fixture - brief: Clear the 'ossec.log' file and start a new monitor. - - wait_for_fim_start_sync_disabled: - type: fixture - brief: Wait for end of initial FIM scan. - - assertions: - - Verify that no FIM 'integrity' events are generated when the value - of the 'enabled' tag is set yo 'no' (synchronization disabled). - - Verify that FIM 'integrity' events generated correspond to a file/registry depending on - the value of the 'enabled' and the 'registry_enabled' tags (synchronization enabled). - - input_description: Different test cases are contained in external YAML file (wazuh_disabled_sync_conf_win32.yaml) - which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with - the testing directory/key to be monitored defined in this module. - - expected_output: - - r'.*Sending integrity control message' - - tags: - - scheduled - - time_travel - - realtime - - who_data - ''' - check_apply_test(tags_to_apply, get_configuration['tags']) - if not file_sync: - # The file synchronization event shouldn't be triggered - with pytest.raises(TimeoutError): - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_detect_integrity_event, update_position=True).result() - else: - # The file synchronization event should be triggered +def test_sync_disabled(get_configuration, configure_environment, wait_for_fim_start_sync_disabled): + # The file synchronization event shouldn't be triggered + with pytest.raises(TimeoutError): event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_detect_integrity_event, update_position=True).result() - assert event['component'] == 'fim_file', 'Wrong event component' - - if not registry_sync: - # The registry synchronization event shouldn't be triggered - with pytest.raises(TimeoutError): - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, - callback=callback_detect_integrity_event).result() - else: - # The registry synchronization event should be triggered - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, - callback=callback_detect_integrity_event).result() - assert event['component'] == 'fim_registry', 'Wrong event component' + callback=callback_generator(INTEGRITY_CONTROL_MESSAGE), update_position=True).result() From 910e97a86ec1981fc14172de91dc298597813a71 Mon Sep 17 00:00:00 2001 From: camila Date: Thu, 16 Dec 2021 17:35:34 -0300 Subject: [PATCH 15/25] add: test registrires variable --- deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py | 2 ++ .../test_synchronization/test_sync_disabled_win32.py | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index cb0d822ecb..ec32c68b69 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -21,6 +21,7 @@ # Folders variables TEST_DIR_1 = 'testdir1' TEST_DIRECTORIES = 'TEST_DIRECTORIES' +TEST_REGISTRIES = 'TEST_REGISTRIES' # FIM modules SCHEDULE_MODE = 'scheduled' @@ -31,6 +32,7 @@ # Synchronization options SYNCHRONIZATION_ENABLED = 'SYNCHRONIZATION_ENABLED' +SYNCHRONIZATION_REGISTRY_ENABLED = 'SYNCHRONIZATION_REGISTRY_ENABLED' # Callbacks message INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$' \ No newline at end of file diff --git a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py index 1af7509a7d..16a4a1817e 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py @@ -64,7 +64,7 @@ from wazuh_testing.tools.monitoring import FileMonitor, callback_generator from wazuh_testing.wazuh_variables import DATA from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, - TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE) + TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, SYNCHRONIZATION_REGISTRY_ENABLED) # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] @@ -82,7 +82,8 @@ conf_params = {TEST_DIRECTORIES: test_directories[0], TEST_REGISTRIES: test_regs[0], - SYNCHRONIZATION_ENABLED: 'no'} + SYNCHRONIZATION_ENABLED: 'no', + SYNCHRONIZATION_REGISTRY_ENABLED: 'no'} # configurations From 3896e19483cd5573d95f1a9d2e3d7bf0da57341a Mon Sep 17 00:00:00 2001 From: camila Date: Thu, 16 Dec 2021 22:54:39 -0300 Subject: [PATCH 16/25] add: add new test to check synchronization enabled --- .../data/wazuh_sync_conf_win32.yaml | 1 + .../test_sync_disabled_win32.py | 40 ++++- .../test_sync_enabled_win32.py | 150 ++++++++++++++++++ 3 files changed, 189 insertions(+), 2 deletions(-) create mode 100644 tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py diff --git a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml index d9f9a2f6b3..038905b1c5 100644 --- a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml +++ b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml @@ -4,6 +4,7 @@ - sync_disabled apply_to_modules: - test_sync_disabled_win32 + - test_sync_enabled_win32 sections: - section: syscheck elements: diff --git a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py index 16a4a1817e..85234a8910 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py @@ -10,7 +10,7 @@ brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these files are modified. Specifically, these tests will check if FIM disables the synchronization of file/registry on Windows systems when the 'enabled' tag of the synchronization option is - set to 'no', and vice versa. + set to 'no'. The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured files for changes to the checksums, permissions, and ownership. @@ -102,7 +102,43 @@ def get_configuration(request): # Tests -def test_sync_disabled(get_configuration, configure_environment, wait_for_fim_start_sync_disabled): +def test_sync_disabled(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start_sync_disabled): + ''' + description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop + the file/registry synchronization. For this purpose, the test will monitor a directory/key. + Finally, it will verify that no FIM 'integrity' event is generated when the synchronization + is disablede. + + wazuh_min_version: 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_syscheckd: + type: fixture + brief: Clear the 'ossec.log' file and start a new monitor. + - wait_for_fim_start_sync_disabled: + type: fixture + brief: Wait for end of initial FIM scan. + assertions: + - Verify that no FIM 'integrity' events are generated when the value + of the 'enabled' tag is set to 'no' (synchronization disabled). + + input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) + which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with + the testing directory/key to be monitored defined in this module. + expected_output: + - r'.*Sending integrity control message' + tags: + - scheduled + - time_travel + - realtime + - who_data + ''' # The file synchronization event shouldn't be triggered with pytest.raises(TimeoutError): event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, diff --git a/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py new file mode 100644 index 0000000000..669cd1c93e --- /dev/null +++ b/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py @@ -0,0 +1,150 @@ +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these + files are modified. Specifically, these tests will check if FIM enable the synchronization + of file/registry on Windows systems when the 'enabled' tag of the synchronization option is + set to 'yes'. + The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured + files for changes to the checksums, permissions, and ownership. + +tier: 1 + +modules: + - fim + +components: + - agent + +daemons: + - wazuh-syscheckd + +os_platform: + - windows + +os_version: + - Windows 10 + - Windows 8 + - Windows 7 + - Windows Server 2019 + - Windows Server 2016 + - Windows Server 2012 + - Windows Server 2003 + - Windows XP + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#synchronization + +pytest_args: + - fim_mode: + realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems. + whodata: Implies real-time monitoring but adding the 'who-data' information. + - tier: + 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. + 1: Only level 1 tests are performed, they check functionalities of medium complexity. + 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. + +tags: + - fim_synchronization +''' + +import os + +import pytest +from wazuh_testing import global_parameters +from wazuh_testing.fim import LOG_FILE_PATH, generate_params, callback_detect_integrity_event +from wazuh_testing.tools import PREFIX +from wazuh_testing.tools.configuration import load_wazuh_configurations +from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.wazuh_variables import DATA +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, + TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, SYNCHRONIZATION_REGISTRY_ENABLED) +# Marks + +pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] + +# variables +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) + + +configurations_path = os.path.join(test_data_path, YAML_CONF_SYNC_WIN32) + +test_directories = [os.path.join(PREFIX, TEST_DIR_1)] +test_regs = [os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY)] + +wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) + +conf_params = {TEST_DIRECTORIES: test_directories[0], + TEST_REGISTRIES: test_regs[0], + SYNCHRONIZATION_ENABLED: 'yes', + SYNCHRONIZATION_REGISTRY_ENABLED: 'yes'} + +# configurations + +parameters, metadata = generate_params(extra_params=conf_params) + +configurations = load_wazuh_configurations(configurations_path, __name__, params=parameters, metadata=metadata) + + +# fixtures + +@pytest.fixture(scope='module', params=configurations) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +# Tests + +def test_sync_disabled(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start_sync_disabled): + ''' + description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop + the file/registry synchronization. For this purpose, the test will monitor a directory/key. + Finally, it will verify that the FIM 'integrity' event generated corresponds with a + file or a registry when the synchronization is enabled, depending on the test case. + wazuh_min_version: 4.2.0 + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_syscheckd: + type: fixture + brief: Clear the 'ossec.log' file and start a new monitor. + - wait_for_fim_start_sync_disabled: + type: fixture + brief: Wait for end of initial FIM scan. + assertions: + - Verify that FIM 'integrity' events generated correspond to a file/registry depending on + the value of the 'enabled' and the 'registry_enabled' tags (synchronization enabled). + input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) + which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with + the testing directory/key to be monitored defined in this module. + expected_output: + - r'.*Sending integrity control message' + tags: + - scheduled + - time_travel + - realtime + - who_data + ''' + # The file synchronization event should be triggered + event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_detect_integrity_event, update_position=True).result() + + assert event['component'] == 'fim_file', 'Wrong event component' + + # The registry synchronization event should be triggered + event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, + callback=callback_detect_integrity_event).result() + + assert event['component'] == 'fim_registry', 'Wrong event component' From ea6b1ad118476318443683e35a853b0a68c7321c Mon Sep 17 00:00:00 2001 From: camila Date: Thu, 16 Dec 2021 23:15:23 -0300 Subject: [PATCH 17/25] add: add new test to check registry synchronization enabled --- .../test_sync_registry_disabled_win32.py | 151 ++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py diff --git a/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py new file mode 100644 index 0000000000..301e297f19 --- /dev/null +++ b/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py @@ -0,0 +1,151 @@ +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these + files are modified. Specifically, these tests will check if FIM disables the synchronization + of file/registry on Windows systems when the 'enabled' tag of the synchronization registry option is + set to 'no'. + The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured + files for changes to the checksums, permissions, and ownership. + +tier: 1 + +modules: + - fim + +components: + - agent + +daemons: + - wazuh-syscheckd + +os_platform: + - windows + +os_version: + - Windows 10 + - Windows 8 + - Windows 7 + - Windows Server 2019 + - Windows Server 2016 + - Windows Server 2012 + - Windows Server 2003 + - Windows XP + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#synchronization + +pytest_args: + - fim_mode: + realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems. + whodata: Implies real-time monitoring but adding the 'who-data' information. + - tier: + 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. + 1: Only level 1 tests are performed, they check functionalities of medium complexity. + 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. + +tags: + - fim_synchronization +''' + +import os + +import pytest +from wazuh_testing import global_parameters +from wazuh_testing.fim import LOG_FILE_PATH, generate_params, callback_detect_integrity_event +from wazuh_testing.tools import PREFIX +from wazuh_testing.tools.configuration import load_wazuh_configurations +from wazuh_testing.tools.monitoring import FileMonitor, callback_generator +from wazuh_testing.wazuh_variables import DATA +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, + TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, SYNCHRONIZATION_REGISTRY_ENABLED) +# Marks + +pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] + +# variables +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) + + +configurations_path = os.path.join(test_data_path, YAML_CONF_SYNC_WIN32) + +test_directories = [os.path.join(PREFIX, TEST_DIR_1)] +test_regs = [os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY)] + +wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) + +conf_params = {TEST_DIRECTORIES: test_directories[0], + TEST_REGISTRIES: test_regs[0], + SYNCHRONIZATION_ENABLED: 'yes', + SYNCHRONIZATION_REGISTRY_ENABLED: 'no'} + +# configurations + +parameters, metadata = generate_params(extra_params=conf_params) + +configurations = load_wazuh_configurations(configurations_path, __name__, params=parameters, metadata=metadata) + + +# fixtures + +@pytest.fixture(scope='module', params=configurations) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +# Tests + +def test_sync_disabled(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start_sync_disabled): + ''' + description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop + the file/registry synchronization. For this purpose, the test will monitor a directory/key. + Finally, it will verify that no FIM 'integrity' event is generated when the registry + synchronization is disablede. + + wazuh_min_version: 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_syscheckd: + type: fixture + brief: Clear the 'ossec.log' file and start a new monitor. + - wait_for_fim_start_sync_disabled: + type: fixture + brief: Wait for end of initial FIM scan. + assertions: + - Verify that no FIM 'integrity' events are generated when the value + of the 'enabled' tag is set to 'no' (registry synchronization disabled). + + input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) + which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with + the testing directory/key to be monitored defined in this module. + expected_output: + - r'.*Sending integrity control message' + tags: + - scheduled + - time_travel + - realtime + - who_data + ''' + # The file synchronization event should be triggered + event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_detect_integrity_event, update_position=True).result() + assert event['component'] == 'fim_file', 'Wrong event component' + + # The registry synchronization event shouldn't be triggered + with pytest.raises(TimeoutError): + event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, + callback=callback_generator(INTEGRITY_CONTROL_MESSAGE)).result() \ No newline at end of file From 8308a8161bb8f8460c6155c624d6059db9050b7c Mon Sep 17 00:00:00 2001 From: camila Date: Thu, 16 Dec 2021 23:20:27 -0300 Subject: [PATCH 18/25] add: add test_sync_registry_disabled to configuration yaml --- .../test_synchronization/data/wazuh_sync_conf_win32.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml index 038905b1c5..ff4a1eb4f8 100644 --- a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml +++ b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml @@ -5,6 +5,7 @@ apply_to_modules: - test_sync_disabled_win32 - test_sync_enabled_win32 + - test_sync_registry_disabled_win32 sections: - section: syscheck elements: From 424f6f008fa0da099b47fb9e6b16c6713eee23ed Mon Sep 17 00:00:00 2001 From: camila Date: Fri, 17 Dec 2021 00:57:51 -0300 Subject: [PATCH 19/25] add: add test sync regestry enabled --- .../fim_module/fim_synchronization.py | 8 +- .../wazuh_testing/fim_module/fim_variables.py | 3 +- .../data/wazuh_sync_conf_win32.yaml | 1 + .../test_sync_registry_enabled_win32.py | 147 ++++++++++++++++++ 4 files changed, 154 insertions(+), 5 deletions(-) create mode 100644 tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py index cca142fe9c..9b0f5904da 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py @@ -2,10 +2,10 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -from wazuh_testing.fim import LOG_FILE_PATH, callback_dbsync_no_data, callback_detect_registry_integrity_state_event +from wazuh_testing.fim import LOG_FILE_PATH, callback_detect_registry_integrity_state_event from wazuh_testing import global_parameters -from wazuh_testing.fim_module.fim_variables import MAX_EVENTS_VALUE -from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.fim_module.fim_variables import MAX_EVENTS_VALUE, REGISTRY_DBSYNC_NO_DATA +from wazuh_testing.tools.monitoring import FileMonitor, callback_generator def get_sync_msgs(tout, new_data=True): @@ -21,7 +21,7 @@ def get_sync_msgs(tout, new_data=True): events = [] if new_data: wazuh_log_monitor.start(timeout=tout, - callback=callback_dbsync_no_data, + callback=callback_generator(REGISTRY_DBSYNC_NO_DATA), error_message='Did not receive expected ' '"db sync no data" event') for _ in range(0, MAX_EVENTS_VALUE): diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index ec32c68b69..300417aca3 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -35,4 +35,5 @@ SYNCHRONIZATION_REGISTRY_ENABLED = 'SYNCHRONIZATION_REGISTRY_ENABLED' # Callbacks message -INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$' \ No newline at end of file +INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$' +REGISTRY_DBSYNC_NO_DATA = r'.*#!-fim_registry dbsync no_data (.+)' diff --git a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml index ff4a1eb4f8..c0d6b4e811 100644 --- a/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml +++ b/tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml @@ -6,6 +6,7 @@ - test_sync_disabled_win32 - test_sync_enabled_win32 - test_sync_registry_disabled_win32 + - test_sync_registry_enabled_win32 sections: - section: syscheck elements: diff --git a/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py new file mode 100644 index 0000000000..c290034c10 --- /dev/null +++ b/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py @@ -0,0 +1,147 @@ +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these + files are modified. Specifically, these tests will check if FIM enables the synchronization + of file/registry on Windows systems when the 'enabled' tag of the synchronization registry option is + set to 'yes'. + The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured + files for changes to the checksums, permissions, and ownership. + +tier: 1 + +modules: + - fim + +components: + - agent + +daemons: + - wazuh-syscheckd + +os_platform: + - windows + +os_version: + - Windows 10 + - Windows 8 + - Windows 7 + - Windows Server 2019 + - Windows Server 2016 + - Windows Server 2012 + - Windows Server 2003 + - Windows XP + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#synchronization + +pytest_args: + - fim_mode: + realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems. + whodata: Implies real-time monitoring but adding the 'who-data' information. + - tier: + 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. + 1: Only level 1 tests are performed, they check functionalities of medium complexity. + 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. + +tags: + - fim_synchronization +''' + +import os + +import pytest +from wazuh_testing import global_parameters +from wazuh_testing.fim import LOG_FILE_PATH, generate_params, callback_detect_integrity_event +from wazuh_testing.tools import PREFIX +from wazuh_testing.tools.configuration import load_wazuh_configurations +from wazuh_testing.tools.monitoring import FileMonitor, callback_generator +from wazuh_testing.wazuh_variables import DATA +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, + TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, SYNCHRONIZATION_REGISTRY_ENABLED) +# Marks + +pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] + +# variables +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) + + +configurations_path = os.path.join(test_data_path, YAML_CONF_SYNC_WIN32) + +test_directories = [os.path.join(PREFIX, TEST_DIR_1)] +test_regs = [os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY)] + +wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) + +conf_params = {TEST_DIRECTORIES: test_directories[0], + TEST_REGISTRIES: test_regs[0], + SYNCHRONIZATION_ENABLED: 'no', + SYNCHRONIZATION_REGISTRY_ENABLED: 'yes'} + +# configurations + +parameters, metadata = generate_params(extra_params=conf_params) + +configurations = load_wazuh_configurations(configurations_path, __name__, params=parameters, metadata=metadata) + + +# fixtures + +@pytest.fixture(scope='module', params=configurations) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +# Tests + +def test_sync_disabled(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start_sync_disabled): + ''' + description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop + the file/registry synchronization. For this purpose, the test will monitor a directory/key. + Finally, it will verify that no FIM 'integrity' event is generated when the synchronization + is disablede and registry synchronization is enabled. + + wazuh_min_version: 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_syscheckd: + type: fixture + brief: Clear the 'ossec.log' file and start a new monitor. + - wait_for_fim_start_sync_disabled: + type: fixture + brief: Wait for end of initial FIM scan. + assertions: + - Verify that no FIM 'integrity' events are generated when the value + of the 'enabled' tag is set to 'no' (synchronization disabled). + + input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) + which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with + the testing directory/key to be monitored defined in this module. + expected_output: + - r'.*Sending integrity control message' + tags: + - scheduled + - time_travel + - realtime + - who_data + ''' + # The file synchronization event shouldn't be triggered + with pytest.raises(TimeoutError): + event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_generator(INTEGRITY_CONTROL_MESSAGE), update_position=True).result() + \ No newline at end of file From e931afbe85abfe95756c012ff55e01bd7b7bafd7 Mon Sep 17 00:00:00 2001 From: camila Date: Fri, 17 Dec 2021 09:56:23 -0300 Subject: [PATCH 20/25] changes to respect PIP / 8 --- deps/wazuh_testing/wazuh_testing/fim.py | 7 ------- .../fim_module/fim_synchronization.py | 2 +- .../wazuh_testing/fim_module/fim_variables.py | 3 ++- .../wazuh_testing/wazuh_variables.py | 5 +++-- tests/integration/test_fim/conftest.py | 9 +++++---- .../test_registry_responses_win32.py | 15 +++++++++------ .../test_sync_disabled_win32.py | 10 ++++++---- .../test_sync_enabled_win32.py | 9 +++++---- .../test_sync_registry_disabled_win32.py | 14 ++++++++------ .../test_sync_registry_enabled_win32.py | 16 +++++++++------- 10 files changed, 48 insertions(+), 42 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim.py b/deps/wazuh_testing/wazuh_testing/fim.py index a0db616954..c34cfcbf1f 100644 --- a/deps/wazuh_testing/wazuh_testing/fim.py +++ b/deps/wazuh_testing/wazuh_testing/fim.py @@ -1339,13 +1339,6 @@ def callback_detect_max_files_per_second(line): return match is not None -def callback_dbsync_no_data(line): - match = re.match(r'.*#!-fim_registry dbsync no_data (.+)', line) - if match: - return match.group(1) - return None - - def callback_detect_end_runtime_wildcards(line): match = re.match(r".*Configuration wildcards update finalize\.", line) return match is not None diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py index 9b0f5904da..a62d4b044c 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py @@ -55,4 +55,4 @@ def find_value_in_event_list(key_path, value_name, event_list): if event['path'] == key_path and event['value_name'] == value_name: return event - return None \ No newline at end of file + return None diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 300417aca3..4996c89457 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -3,7 +3,8 @@ # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 ''' -The purpose of this file is to contain all the variables necessary for FIM in order to be easier to maintain if one of them changes in the future +The purpose of this file is to contain all the variables necessary for FIM in order to be easier to +maintain if one of them changes in the future. ''' # variables diff --git a/deps/wazuh_testing/wazuh_testing/wazuh_variables.py b/deps/wazuh_testing/wazuh_testing/wazuh_variables.py index 184b9e02c6..eae4ad339a 100644 --- a/deps/wazuh_testing/wazuh_testing/wazuh_variables.py +++ b/deps/wazuh_testing/wazuh_testing/wazuh_variables.py @@ -3,7 +3,8 @@ # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 ''' -The purpose of this file is to contain all the variables necessary for Wazuh in order to be easier to maintain if one of them changes in the future +The purpose of this file is to contain all the variables necessary for Wazuh in order to be easier +to maintain if one of them changes in the future. ''' # local internal options WINDOWS_DEBUG = 'windows.debug' @@ -14,4 +15,4 @@ # configurations DATA = 'data' -WAZUH_LOG_MONITOR = 'wazuh_log_monitor' \ No newline at end of file +WAZUH_LOG_MONITOR = 'wazuh_log_monitor' diff --git a/tests/integration/test_fim/conftest.py b/tests/integration/test_fim/conftest.py index 7e084fcb1d..7c821808aa 100644 --- a/tests/integration/test_fim/conftest.py +++ b/tests/integration/test_fim/conftest.py @@ -5,7 +5,8 @@ import pytest from wazuh_testing import global_parameters from wazuh_testing.tools.services import control_service -from wazuh_testing.fim import create_registry, registry_parser, KEY_WOW64_64KEY, delete_registry, LOG_FILE_PATH, callback_detect_registry_integrity_clear_event +from wazuh_testing.fim import (create_registry, registry_parser, KEY_WOW64_64KEY, delete_registry, + LOG_FILE_PATH, callback_detect_registry_integrity_clear_event) from wazuh_testing.tools.file import truncate_file from wazuh_testing.fim_module.fim_variables import WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, SYNC_INTERVAL_VALUE from wazuh_testing.wazuh_variables import WAZUH_SERVICES_START, WAZUH_SERVICES_STOP, WAZUH_LOG_MONITOR @@ -30,6 +31,6 @@ def create_key(request): control_service(WAZUH_SERVICES_START) # wait until the sync is done. - file_monitor.start(timeout= SYNC_INTERVAL_VALUE + global_parameters.default_timeout, - callback=callback_detect_registry_integrity_clear_event, - error_message='Did not receive expected "integrity clear" event') + file_monitor.start(timeout=SYNC_INTERVAL_VALUE + global_parameters.default_timeout, + callback=callback_detect_registry_integrity_clear_event, + error_message='Did not receive expected "integrity clear" event') diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 7fcb2fec9f..07ebc443a0 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -56,13 +56,15 @@ ''' import os import pytest -from wazuh_testing.fim import generate_params, create_registry, modify_registry_value, registry_parser, KEY_WOW64_64KEY, REG_SZ -from wazuh_testing import global_parameters +from wazuh_testing.fim import (generate_params, create_registry, modify_registry_value, registry_parser, + KEY_WOW64_64KEY, REG_SZ) from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.services import control_service from wazuh_testing.fim_module.fim_synchronization import find_value_in_event_list, get_sync_msgs -from wazuh_testing.fim_module.fim_variables import SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, YAML_CONF_REGISTRY_RESPONSE, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY +from wazuh_testing.fim_module.fim_variables import (SCHEDULE_MODE, WINDOWS_REGISTRY, SYNC_INTERVAL, SYNC_INTERVAL_VALUE, + YAML_CONF_REGISTRY_RESPONSE, WINDOWS_HKEY_LOCAL_MACHINE, + MONITORED_KEY) from wazuh_testing.wazuh_variables import DATA, WAZUH_SERVICES_START, WINDOWS_DEBUG, VERBOSE_DEBUG_OUTPUT @@ -75,7 +77,8 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), DATA) configurations_path = os.path.join(test_data_path, YAML_CONF_REGISTRY_RESPONSE) -conf_params = {WINDOWS_REGISTRY: os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY), SYNC_INTERVAL: SYNC_INTERVAL_VALUE} +conf_params = {WINDOWS_REGISTRY: os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY), + SYNC_INTERVAL: SYNC_INTERVAL_VALUE} # configurations @@ -155,5 +158,5 @@ def test_registry_sync_after_restart(key_name, value_name, configure_local_inter events = get_sync_msgs(SYNC_INTERVAL_VALUE) - assert find_value_in_event_list( - os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path), value_name, events) is not None, f"No sync event was found for {value_path}" + assert (find_value_in_event_list(os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path), value_name, events) + is not None, f"No sync event was found for {value_path}") diff --git a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py index 85234a8910..a7c651d79b 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_disabled_win32.py @@ -63,8 +63,10 @@ from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor, callback_generator from wazuh_testing.wazuh_variables import DATA -from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, - TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, SYNCHRONIZATION_REGISTRY_ENABLED) +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, + YAML_CONF_SYNC_WIN32, TEST_DIRECTORIES, TEST_REGISTRIES, + SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, + SYNCHRONIZATION_REGISTRY_ENABLED) # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] @@ -127,7 +129,6 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec assertions: - Verify that no FIM 'integrity' events are generated when the value of the 'enabled' tag is set to 'no' (synchronization disabled). - input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with the testing directory/key to be monitored defined in this module. @@ -142,4 +143,5 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec # The file synchronization event shouldn't be triggered with pytest.raises(TimeoutError): event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_generator(INTEGRITY_CONTROL_MESSAGE), update_position=True).result() + callback=callback_generator(INTEGRITY_CONTROL_MESSAGE), + update_position=True).result() diff --git a/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py index 669cd1c93e..f41b29e0dc 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_enabled_win32.py @@ -64,8 +64,9 @@ from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.wazuh_variables import DATA -from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, - TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, SYNCHRONIZATION_REGISTRY_ENABLED) +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, + YAML_CONF_SYNC_WIN32, TEST_DIRECTORIES, TEST_REGISTRIES, + SYNCHRONIZATION_ENABLED, SYNCHRONIZATION_REGISTRY_ENABLED) # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] @@ -140,11 +141,11 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec # The file synchronization event should be triggered event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_integrity_event, update_position=True).result() - + assert event['component'] == 'fim_file', 'Wrong event component' # The registry synchronization event should be triggered event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, callback=callback_detect_integrity_event).result() - + assert event['component'] == 'fim_registry', 'Wrong event component' diff --git a/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py index 301e297f19..c8a800110b 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_registry_disabled_win32.py @@ -64,8 +64,10 @@ from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor, callback_generator from wazuh_testing.wazuh_variables import DATA -from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, - TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, SYNCHRONIZATION_REGISTRY_ENABLED) +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, + YAML_CONF_SYNC_WIN32, TEST_DIRECTORIES, TEST_REGISTRIES, + SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, + SYNCHRONIZATION_REGISTRY_ENABLED) # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] @@ -107,7 +109,7 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec ''' description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop the file/registry synchronization. For this purpose, the test will monitor a directory/key. - Finally, it will verify that no FIM 'integrity' event is generated when the registry + Finally, it will verify that no FIM 'integrity' event is generated when the registry synchronization is disablede. wazuh_min_version: 4.2.0 @@ -128,7 +130,7 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec assertions: - Verify that no FIM 'integrity' events are generated when the value of the 'enabled' tag is set to 'no' (registry synchronization disabled). - + input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with the testing directory/key to be monitored defined in this module. @@ -147,5 +149,5 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec # The registry synchronization event shouldn't be triggered with pytest.raises(TimeoutError): - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, - callback=callback_generator(INTEGRITY_CONTROL_MESSAGE)).result() \ No newline at end of file + event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, update_position=True, + callback=callback_generator(INTEGRITY_CONTROL_MESSAGE)).result() diff --git a/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py index c290034c10..891aa00413 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py @@ -59,13 +59,15 @@ import pytest from wazuh_testing import global_parameters -from wazuh_testing.fim import LOG_FILE_PATH, generate_params, callback_detect_integrity_event +from wazuh_testing.fim import LOG_FILE_PATH, generate_params from wazuh_testing.tools import PREFIX from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor, callback_generator from wazuh_testing.wazuh_variables import DATA -from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, YAML_CONF_SYNC_WIN32, - TEST_DIRECTORIES, TEST_REGISTRIES, SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, SYNCHRONIZATION_REGISTRY_ENABLED) +from wazuh_testing.fim_module.fim_variables import (TEST_DIR_1, WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, + YAML_CONF_SYNC_WIN32, TEST_DIRECTORIES, TEST_REGISTRIES, + SYNCHRONIZATION_ENABLED, INTEGRITY_CONTROL_MESSAGE, + SYNCHRONIZATION_REGISTRY_ENABLED) # Marks pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] @@ -128,7 +130,7 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec assertions: - Verify that no FIM 'integrity' events are generated when the value of the 'enabled' tag is set to 'no' (synchronization disabled). - + input_description: Different test cases are contained in external YAML file (wazuh_sync_conf_win32.yaml) which includes configuration settings for the 'wazuh-syscheckd' daemon. That is combined with the testing directory/key to be monitored defined in this module. @@ -142,6 +144,6 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec ''' # The file synchronization event shouldn't be triggered with pytest.raises(TimeoutError): - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_generator(INTEGRITY_CONTROL_MESSAGE), update_position=True).result() - \ No newline at end of file + event = (wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_generator(INTEGRITY_CONTROL_MESSAGE), + update_position=True).result()) From ce3c796c954944e0eb033f47ef5bb735d7f2dd8f Mon Sep 17 00:00:00 2001 From: camila Date: Fri, 17 Dec 2021 17:36:51 -0300 Subject: [PATCH 21/25] solved warnings --- .../test_synchronization/test_registry_responses_win32.py | 8 ++++++-- .../test_sync_registry_enabled_win32.py | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 07ebc443a0..0e8bc20126 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -120,6 +120,9 @@ def test_registry_sync_after_restart(key_name, value_name, configure_local_inter - value_name: type: str brief: Name of the value that will be created in the test. + - configure_local_internal_options_module: + type: fixture + brief: Configure the local internal options file. - get_configuration: type: fixture brief: Get configurations from the module. @@ -158,5 +161,6 @@ def test_registry_sync_after_restart(key_name, value_name, configure_local_inter events = get_sync_msgs(SYNC_INTERVAL_VALUE) - assert (find_value_in_event_list(os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path), value_name, events) - is not None, f"No sync event was found for {value_path}") + assert find_value_in_event_list( + os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, key_path), value_name, + events) is not None, f"No sync event was found for {value_path}" diff --git a/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py b/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py index 891aa00413..3175f909c9 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_registry_enabled_win32.py @@ -110,7 +110,7 @@ def test_sync_disabled(get_configuration, configure_environment, restart_syschec description: Check if the 'wazuh-syscheckd' daemon uses the value of the 'enabled' tag to start/stop the file/registry synchronization. For this purpose, the test will monitor a directory/key. Finally, it will verify that no FIM 'integrity' event is generated when the synchronization - is disablede and registry synchronization is enabled. + is disabled and registry synchronization is enabled. wazuh_min_version: 4.2.0 From 204185275c1bf0daf43048dca6ab91504f4967fe Mon Sep 17 00:00:00 2001 From: camila Date: Mon, 20 Dec 2021 16:09:58 -0300 Subject: [PATCH 22/25] rf: Fix typo in comments --- .../wazuh_testing/fim_module/fim_variables.py | 8 ++++---- deps/wazuh_testing/wazuh_testing/wazuh_variables.py | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 4996c89457..6bafa35a18 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -7,15 +7,15 @@ maintain if one of them changes in the future. ''' -# variables +# Variables -# key variables +# Key variables WINDOWS_HKEY_LOCAL_MACHINE = 'HKEY_LOCAL_MACHINE' MONITORED_KEY = 'SOFTWARE\\random_key' WINDOWS_REGISTRY = 'WINDOWS_REGISTRY' -# value key +# Value key SYNC_INTERVAL = 'SYNC_INTERVAL' SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 @@ -27,7 +27,7 @@ # FIM modules SCHEDULE_MODE = 'scheduled' -# YAML Configuration +# Yaml Configuration YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml' YAML_CONF_SYNC_WIN32 = 'wazuh_sync_conf_win32.yaml' diff --git a/deps/wazuh_testing/wazuh_testing/wazuh_variables.py b/deps/wazuh_testing/wazuh_testing/wazuh_variables.py index eae4ad339a..7f1c52d023 100644 --- a/deps/wazuh_testing/wazuh_testing/wazuh_variables.py +++ b/deps/wazuh_testing/wazuh_testing/wazuh_variables.py @@ -6,13 +6,13 @@ The purpose of this file is to contain all the variables necessary for Wazuh in order to be easier to maintain if one of them changes in the future. ''' -# local internal options +# Local internal options WINDOWS_DEBUG = 'windows.debug' VERBOSE_DEBUG_OUTPUT = 2 WAZUH_SERVICES_STOP = 'stop' WAZUH_SERVICES_START = 'start' -# configurations +# Configurations DATA = 'data' WAZUH_LOG_MONITOR = 'wazuh_log_monitor' From 9b46cdfbba43c9ab8594f07ce33a87a150616854 Mon Sep 17 00:00:00 2001 From: camila Date: Mon, 20 Dec 2021 16:15:05 -0300 Subject: [PATCH 23/25] add: Add pr to changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a37595b484..34d2db7219 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ All notable changes to this project will be documented in this file. - Rename ossec-control in framework tests [#983](https://github.com/wazuh/wazuh-qa/pull/983) - Change names of daemons in integration tests [#973](https://github.com/wazuh/wazuh-qa/pull/973) - Rename all ossec-control references [#965](https://github.com/wazuh/wazuh-qa/pull/965) +- Refactor FIM test synchronization [#2358] (https://github.com/wazuh/wazuh-qa/pull/2358) ### Fixed - Fix an error in the Active Response tests related to the configuration file [#1080](https://github.com/wazuh/wazuh-qa/pull/1080) - Fix an error in the Agent simulator while parsing the messages received from the manager [#1084](https://github.com/wazuh/wazuh-qa/pull/1084). From 0b0686e543c0158595831b040ab9718d2cd7ee74 Mon Sep 17 00:00:00 2001 From: Pedro de Castro Date: Tue, 21 Dec 2021 08:58:30 +0100 Subject: [PATCH 24/25] Update CHANGELOG. Created version v1.0.0 --- CHANGELOG.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 34d2db7219..667ead0312 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. -## [v4.3.0] +## [v1.0.0] ### Added ### Changed - -### Fixed +- Refactor FIM test synchronization [#2358] (https://github.com/wazuh/wazuh-qa/pull/2358) ### Deleted @@ -41,7 +40,6 @@ All notable changes to this project will be documented in this file. - Rename ossec-control in framework tests [#983](https://github.com/wazuh/wazuh-qa/pull/983) - Change names of daemons in integration tests [#973](https://github.com/wazuh/wazuh-qa/pull/973) - Rename all ossec-control references [#965](https://github.com/wazuh/wazuh-qa/pull/965) -- Refactor FIM test synchronization [#2358] (https://github.com/wazuh/wazuh-qa/pull/2358) ### Fixed - Fix an error in the Active Response tests related to the configuration file [#1080](https://github.com/wazuh/wazuh-qa/pull/1080) - Fix an error in the Agent simulator while parsing the messages received from the manager [#1084](https://github.com/wazuh/wazuh-qa/pull/1084). From d70140386ca3f6a37213a4402a18921b7c18399a Mon Sep 17 00:00:00 2001 From: Pedro de Castro Date: Tue, 21 Dec 2021 09:02:30 +0100 Subject: [PATCH 25/25] Update CHANGELOG. Small corrections to entry line format. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 667ead0312..ff68bdb6d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added ### Changed -- Refactor FIM test synchronization [#2358] (https://github.com/wazuh/wazuh-qa/pull/2358) +- Refactor: FIM `test_synchronization` according to new standard. Phase 1. ([#2358](https://github.com/wazuh/wazuh-qa/pull/2358)) ### Deleted