def test_start_stop(self):
collector = HunterCollector()
collector.start_service(threaded=True)
wait_for_log_count('started Hunt Manager(test_query)', 1)
# verify the rule was loaded
self.assertEquals(log_count('loading hunt from'), 1)
self.assertEquals(log_count('loaded Hunt(query_test_1[test_query])'),
1)
# wait for the hunt to execute
wait_for_log_count('executing query', 1)
# we should have sqlite update for both the last_executed_time and last_end_time fields
with open_hunt_db('test_query') as db:
c = db.cursor()
c.execute(
"SELECT last_executed_time, last_end_time FROM hunt WHERE hunt_name = ?",
('query_test_1', ))
row = c.fetchone()
self.assertIsNotNone(row)
self.assertTrue(isinstance(
row[0], datetime.datetime)) # last_executed_time
self.assertTrue(isinstance(row[1],
datetime.datetime)) # last_end_time
collector.stop_service()
collector.wait_service()
def test_reload_hunts_on_sighup(self):
collector = HunterCollector()
collector.start_service(threaded=True)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
os.kill(os.getpid(), signal.SIGHUP)
wait_for_log_count('received signal to reload hunts', 1)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 2)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
collector.stop_service()
collector.wait_service()
def test_hunt_execution(self):
collector = HunterCollector()
collector.start_service(threaded=True)
# testing that the execution order works
wait_for_log_count('unit test execute marker: Hunt(unit_test_2[test])',
4)
self.assertEquals(
log_count('unit test execute marker: Hunt(unit_test_1[test])'), 1)
self.assertTrue(log_count('next hunt is Hunt(unit_test_2[test])') > 0)
collector.stop_service()
collector.wait_service()
def test_reload_hunts_on_deleted(self):
saq.CONFIG['service_hunter']['update_frequency'] = '1'
collector = HunterCollector()
collector.start_service(threaded=True)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
os.remove(os.path.join(self.temp_rules_dir, 'test_1.ini'))
wait_for_log_count('detected modification to', 1, 5)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
self.assertTrue(log_count('loaded Hunt(unit_test_1[test]) from') == 1)
collector.stop_service()
collector.wait_service()
def test_reload_hunts_on_modified(self):
saq.CONFIG['service_hunter']['update_frequency'] = '1'
collector = HunterCollector()
collector.start_service(threaded=True)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
with open(os.path.join(self.temp_rules_dir, 'test_1.ini'), 'a') as fp:
fp.write('\n\n; modified')
wait_for_log_count('detected modification to', 1, 5)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 2)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
collector.stop_service()
collector.wait_service()
def test_reload_hunts_on_new(self):
saq.CONFIG['service_hunter']['update_frequency'] = '1'
collector = HunterCollector()
collector.start_service(threaded=True)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
with open(os.path.join(self.temp_rules_dir, 'test_3.ini'), 'a') as fp:
fp.write("""
[rule]
enabled = yes
name = unit_test_3
description = Unit Test Description 3
type = test
frequency = 00:00:10
tags = tag1, tag2""")
wait_for_log_count('detected new hunt ini', 1, 5)
wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 2)
wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
wait_for_log_count('loaded Hunt(unit_test_3[test]) from', 1)
collector.stop_service()
collector.wait_service()
def test_start_stop(self):
collector = HunterCollector()
collector.start_service(threaded=True)
wait_for_log_count('started Hunt Manager(test)', 1)
collector.stop_service()
collector.wait_service()