Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to wodle sections for ossec.conf generator tool #1048

Merged
merged 1 commit into from
Feb 8, 2021
Merged

Add support to wodle sections for ossec.conf generator tool #1048

merged 1 commit into from
Feb 8, 2021

Conversation

jmv74211
Copy link
Contributor

@jmv74211 jmv74211 commented Feb 8, 2021

Related issue
close #1045

Description

This PR adds support to wodle sections in the ossec.conf generator tool.

The main problem was the query that was made when comparing different sections.

With the current implementation, the first wodle block of the ossec.conf configuration was being replaced, resulting in repeated blocks (since the first one that was the ciscat one was always eliminated).

I have added a new comparer that now also takes into account the attributes of the sections.

Regards.

Checks

  • Python codebase satisfies PEP-8 style style guide. pycodestyle --max-line-length=120 --show-source --show-pep8 file.py

Case 1: wodle test 1

Test config

  sections:
  - section: wodle
    attributes:
      - name: 'syscollector'
    elements:
      - disabled:
          value: 'yes'

**Resulting ossec.conf **

<wodle name="syscollector">
    <disabled>yes</disabled>
</wodle>

Case 2: wodle test 2

Test config

  sections:
  - section: wodle
    attributes:
      - name: 'syscollector'
    elements:
      - disabled:
          value: 'no'
      - scan_on_start:
          value: 'no'
      - hardware:
          value: 'no'
      - os:
          value: 'yes'
      - network:
          value: 'no'

**Resulting ossec.conf **

  <wodle name="syscollector">
    <disabled>no</disabled>
    <scan_on_start>no</scan_on_start>
    <hardware>no</hardware>
    <os>yes</os>
    <network>no</network>
  </wodle>

Case 3: No wodle config

Test config

  sections:
  - section: vulnerability-detector
    elements:
    - enabled:
        value: 'yes'
    - run_on_start:
        value: 'no'
    - interval:
        value: '5'
    - provider:
        attributes:
        - name: 'nvd'
        elements:
        - enabled:
            value: 'yes'
        - path:
            value: NVD_JSON_PATH
        - update_interval:
            value: '10s'

**Resulting ossec.conf **

  <vulnerability-detector>
    <enabled>yes</enabled>
    <run_on_start>no</run_on_start>
    <interval>5</interval>
    <provider name="nvd"><enabled>yes</enabled>
        <path>/root/wazuh-qa/tests/integration/test_vulnerability_detector/test_scan_results/data/real_nvd_feed.json</path>
        <update_interval>10s</update_interval>
    </provider>
  </vulnerability-detector>

@jmv74211 jmv74211 self-assigned this Feb 8, 2021
@BraulioV BraulioV merged commit c7fc2e9 into master Feb 8, 2021
@BraulioV BraulioV deleted the 1045-fix-ossec-conf-generator branch February 8, 2021 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BraulioV BraulioV BraulioV approved these changes

Assignees

@jmv74211 jmv74211

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ossec conf generator does not correctly combine configuration for syscollector in integration test
2 participants
@jmv74211 @BraulioV