Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new FIM test to verify checks in configuration #4373

Merged
merged 1 commit into from
Jul 28, 2023
Merged

Add new FIM test to verify checks in configuration #4373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 13 additions & 12 deletions deps/wazuh_testing/wazuh_testing/modules/fim/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -696,8 +696,8 @@ def get_fim_mode_param(mode, key='FIM_MODE'):
return None, None


def regular_file_cud(folder, log_monitor, file_list=['testfile0'], min_timeout=1, options=None,
triggers_event=True, encoding=None, validators_after_create=None, validators_after_update=None,
def regular_file_cud(folder, log_monitor, file_list=['testfile0'], min_timeout=1, options=None, triggers_event=True,
triggers_modified_event=True, encoding=None, validators_after_create=None, validators_after_update=None,
validators_after_delete=None, validators_after_cud=None, event_mode=None, escaped=False):
"""Check if creation, update and delete events are detected by syscheck.

Expand Down Expand Up @@ -746,16 +746,17 @@ def regular_file_cud(folder, log_monitor, file_list=['testfile0'], min_timeout=1
logger.info("'added' {} detected as expected.\n".format("events" if len(file_list) > 1 else "event"))

# Modify previous text files
for name, content in file_list.items():
modify_file_content(folder, name, is_binary=isinstance(content, bytes))

event_checker = EventChecker(log_monitor=log_monitor, folder=folder, file_list=file_list, options=options,
custom_validator=custom_validator, encoding=encoding,
callback=ev.callback_detect_file_modified_event)
event_checker.fetch_and_check('modified', min_timeout=min_timeout, triggers_event=triggers_event,
event_mode=event_mode, escaped=escaped)
if triggers_event:
logger.info("'modified' {} detected as expected.\n".format("events" if len(file_list) > 1 else "event"))
if triggers_modified_event:
for name, content in file_list.items():
modify_file_content(folder, name, is_binary=isinstance(content, bytes))

event_checker = EventChecker(log_monitor=log_monitor, folder=folder, file_list=file_list, options=options,
custom_validator=custom_validator, encoding=encoding,
callback=ev.callback_detect_file_modified_event)
event_checker.fetch_and_check('modified', min_timeout=min_timeout, triggers_event=triggers_event,
event_mode=event_mode, escaped=escaped)
if triggers_event:
logger.info("'modified' {} detected as expected.\n".format("events" if len(file_list) > 1 else "event"))

# Delete previous text files
for name in file_list:
Expand Down
167 changes: 167 additions & 0 deletions tests/integration/test_fim/test_files/test_file_checks/data/wazuh_check_all.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
---
# Configuration for check_all=yes
- tags:
- check_all_yes
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "yes"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
# Configuration for check_all=no
- tags:
- check_all_no
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "no"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
# Configuration for conjuction
- tags:
- check_just_one_no
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "yes"
- check_sha1sum: "no"
- directories:
value: DIRECTORY_2
attributes:
- FIM_MODE
- check_all: "yes"
- check_md5sum: "no"
- directories:
value: DIRECTORY_3
attributes:
- FIM_MODE
- check_all: "yes"
- check_sha256sum: "no"
- directories:
value: DIRECTORY_4
attributes:
- FIM_MODE
- check_all: "yes"
- check_size: "no"
- directories:
value: DIRECTORY_5
attributes:
- FIM_MODE
- check_all: "yes"
- check_mtime: "no"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
# Configuration for test checksum all
- tags:
- check_just_one_yes
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "no"
- check_sha1sum: "yes"
- directories:
value: DIRECTORY_2
attributes:
- FIM_MODE
- check_all: "no"
- check_md5sum: "yes"
- directories:
value: DIRECTORY_3
attributes:
- FIM_MODE
- check_all: "no"
- check_sha256sum: "yes"
- directories:
value: DIRECTORY_4
attributes:
- FIM_MODE
- check_all: "no"
- check_size: "yes"
- directories:
value: DIRECTORY_5
attributes:
- FIM_MODE
- check_all: "no"
- check_mtime: "yes"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
Loading
Loading