Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to wodle sections for ossec.conf generator tool #1048

Merged
merged 1 commit into from
Feb 8, 2021
Merged

Add support to wodle sections for ossec.conf generator tool #1048

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 35 additions & 2 deletions deps/wazuh_testing/wazuh_testing/tools/configuration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,12 +314,46 @@ def to_str_list(elementTree: ET.ElementTree) -> List[str]:
"""
return ET.tostringlist(elementTree.getroot(), encoding="unicode")

def find_module_config(wazuh_conf: ET.ElementTree, section: str, attributes: List[dict]) -> ET.ElementTree:
"""
Check if a certain configuration section exists in ossec.conf and returns the corresponding block if exists.
(This extra function has been necessary to implement it to configure the wodle blocks, since they have the same
section but different attributes).

Parameters
----------
wazuh_conf: ElementTree
An ElementTree object with all the data of the ossec.conf
section: str
Name of the tag or configuration section to search for. For example: vulnerability_detector
attributes: list<dict>
List with section attributes. Needed to check if the section exists with all the searched attributes
and values. For example (wodle section) [{'name': 'syscollector'}]

Returns
-------
ElementTree
An ElementTree object with the section data found in ossec.conf. None if nothing was found.
"""
if attributes is None:
return wazuh_conf.find(section)
else:
attributes_query = ''.join([f"[@{attribute}='{value}']" for index, _ in enumerate(attributes)
for attribute, value in attributes[index].items()])
query = f"{section}{attributes_query}"

try:
return wazuh_conf.find(query)
except AttributeError:
return None

# Get Wazuh configuration as a list of str
raw_wazuh_conf = get_wazuh_conf() if template is None else template
# Generate a ElementTree representation of the previous list to work with its sections
wazuh_conf = to_elementTree(purge_multiple_root_elements(raw_wazuh_conf))
for section in sections:
section_conf = wazuh_conf.find(section['section'])
attributes = section.get('attributes')
section_conf = find_module_config(wazuh_conf, section['section'], attributes)
# Create section if it does not exist, clean otherwise
if not section_conf:
section_conf = ET.SubElement(wazuh_conf.getroot(), section['section'])
Expand All @@ -333,7 +367,6 @@ def to_str_list(elementTree: ET.ElementTree) -> List[str]:
section_conf.tail = prev_tail

# Insert section attributes
attributes = section.get('attributes')
if attributes:
for attribute in attributes:
if attribute is not None and isinstance(attribute, dict): # noqa: E501
Expand Down