def test_denied_ips_syslog(get_configuration, configure_environment,
restart_remoted):
"""Check that `wazuh-remoted` block messages from `denied-ips`.
Check if the API answer for manager connection coincides with the option selected on `ossec.conf`.
Raises:
AssertionError: if `wazuh-remoted` does not show in `ossec.log` expected error message or API answer different
of expected configuration.
"""
cfg = get_configuration['metadata']
log_callback = remote.callback_detect_syslog_allowed_ips(
cfg['allowed-ips'])
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="Wazuh remoted didn't start as expected.")
remote.send_syslog_message(
message='Feb 22 13:08:48 Remoted Syslog Denied testing',
port=514,
protocol=remote.UDP)
log_callback = remote.callback_detect_syslog_denied_ips(cfg['denied-ips'])
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected output for denied-ips has not been produced"
)
# Check that API query return the selected configuration
api.compare_config_api_response([cfg], 'remote')
def test_configuration_command(get_local_internal_options,
configure_local_internal_options,
get_configuration, configure_environment,
restart_logcollector):
"""Check if the Wazuh run correctly with the specified command monitoring configuration.
Ensure command monitoring allow the specified attributes. Also, in the case of the manager instance, check if the API
answer for localfile block coincides.
Raises:
TimeoutError: If the command monitoring callback is not generated.
AssertError: In the case of a server instance, the API response is different that the real configuration.
"""
cfg = get_configuration['metadata']
log_callback = logcollector.callback_monitoring_command(cfg['log_format'],
cfg['command'],
prefix=prefix)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING)
if wazuh_component == 'wazuh-manager':
api.wait_until_api_ready()
api.compare_config_api_response([cfg], 'localfile')
def check_ignore_binaries_valid(cfg):
"""Check if the Wazuh runs correctly with the specified ignore_binaries field value.
Ensure logcollector allows the specified ignore_binaries attribute. Also, in the case of the manager instance,
check if the API answer for localfile block coincides.
Args:
cfg (dict): Dictionary with the localfile configuration.
Raises:
TimeoutError: In the case of Windows system, the callback for an invalid location pattern is not generated.
AssertError: In the case of a server instance, the API response is different than the real configuration.
"""
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
if sys.platform == 'win32':
log_callback = logcollector.callback_invalid_location_pattern(
cfg['location'], prefix=prefix)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message=logcollector.GENERIC_CALLBACK_ERROR_INVALID_LOCATION)
if wazuh_component == 'wazuh-manager':
real_configuration = cfg.copy()
real_configuration.pop('valid_value')
api.wait_until_api_ready()
api.compare_config_api_response([real_configuration], 'localfile')
else:
if sys.platform == 'win32':
assert get_process_cmd('wazuh-agent.exe') != 'None'
else:
assert check_if_process_is_running('wazuh-logcollector')
def test_invalid_protocol(get_configuration, configure_environment,
restart_remoted):
"""Test if `wazuh-remoted` set properly protocol values.
For a secure connection, if a pair of protocols is provided, in case one of them is invalid, it should be used
the valid protocol. Otherwise, if none of them is valid, TCP should be used.
For a syslog connection if more than one protocol is provided only TCP should be used.
Raises:
AssertionError: if `wazuh-remoted` does not show in `ossec.log` expected warning messages or does not
set properly protocol values.
"""
cfg = get_configuration['metadata']
protocol_field = cfg['protocol'].split(',')
valid_invalid_protocols = remote.get_protocols(protocol_field)
valid_protocol = valid_invalid_protocols[0]
invalid_protocol_list = valid_invalid_protocols[1]
for invalid_protocol in invalid_protocol_list:
log_callback = remote.callback_ignored_invalid_protocol(
invalid_protocol)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
if len(valid_protocol) == 0:
log_callback = remote.callback_error_getting_protocol()
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
elif len(valid_protocol) == 1:
log_callback = remote.callback_detect_remoted_started(
cfg['port'], valid_protocol[0], cfg['connection'])
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
else:
used_protocol = 'TCP,UDP'
if cfg['connection'] == 'syslog':
used_protocol = 'TCP'
log_callback = remote.callback_detect_remoted_started(
cfg['port'], used_protocol, cfg['connection'])
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
real_configuration = cfg.copy()
real_configuration['protocol'] = cfg['protocol'].split(',')
# Check that API query return the selected configuration
compare_config_api_response([real_configuration], 'remote')
def check_configuration_age_valid(cfg):
"""Check if the Wazuh module runs correctly and analyze the desired file.
Ensure logcollector is running with the specified configuration, analyzing the designated file and,
in the case of the Wazuh server, check if the API answer for localfile configuration block coincides
the selected configuration.
Args:
cfg (dict): Dictionary with the localfile configuration.
Raises:
TimeoutError: If the "Analyzing file" callback is not generated.
AssertError: In the case of a server instance, the API response is different from real configuration.
"""
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
log_callback = logcollector.callback_analyzing_file(cfg['location'],
prefix=prefix)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message=logcollector.GENERIC_CALLBACK_ERROR_ANALYZING_FILE)
if wazuh_component == 'wazuh-manager':
real_configuration = cfg.copy()
real_configuration.pop('valid_value')
api.wait_until_api_ready()
api.compare_config_api_response([real_configuration], 'localfile')
def test_connection_valid(get_configuration, configure_environment,
restart_remoted):
"""Check that "connection" option could be configured as "secure" or "syslog" without errors.
This option specifies a type of incoming connection to accept: secure or syslog. Also, check if multiple
ports can be used with all valid connection values. Also, check if the API answer for manager connection coincides with the option selected on `ossec.conf`.
Raises:
AssertionError: if API answer is different of expected configuration."""
cfg = get_configuration['metadata']
used_protocol = cfg['protocol']
if (cfg['protocol'] == 'TCP,UDP'
or cfg['protocol'] == 'UDP,TCP') and cfg['connection'] == 'syslog':
log_callback = remote.callback_warning_syslog_tcp_udp()
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
used_protocol = 'TCP'
log_callback = remote.callback_detect_remoted_started(
cfg['port'], used_protocol, cfg['connection'])
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
real_configuration = cfg.copy()
real_configuration['protocol'] = cfg['protocol'].split(',')
compare_config_api_response([real_configuration], 'remote')
def check_configuration_out_format_valid(cfg):
"""Check if the Wazuh run correctly with the specified out format field.
Ensure logcollector allows the specified out format attribute.
Args:
cfg (dict): Dictionary with the localfile configuration.
Raises:
TimeoutError: If the callback for the socket target is not generated.
AssertError: In the case of a server instance, the API response is different than the real configuration.
"""
log_callback = logcollector.callback_socket_target(cfg['location'],
cfg['target'],
prefix=prefix)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET)
if wazuh_component == 'wazuh-manager':
real_configuration = dict(
(key, cfg[key]) for key in ('location', 'target', 'log_format'))
real_configuration['out_format'] = {
'target': cfg['target_out_format'],
'item': cfg['out_format']
}
api.wait_until_api_ready()
api.compare_config_api_response([real_configuration], 'localfile')
def test_local_ip_valid(get_configuration, configure_environment, restart_remoted):
"""Check if the `local_ip` option could be configured using different valid IPs without errors.
Check if the API answer for manager connection coincides with the option selected on `ossec.conf`.
Raises:
AssertionError: if API answer is different of expected configuration.
"""
cfg = get_configuration['metadata']
# Check that API query return the selected configuration
compare_config_api_response([cfg], 'remote')
def test_queue_size_valid(get_configuration, configure_environment,
restart_remoted):
"""Check that `queue_size` option could be configured with valid values (any number between 1 and 262144) without
errors.
Check if the API answer for manager connection coincides with the option selected on `ossec.conf` and expected
warning message is shown in `ossec.log`.
Raises:
AssertionError: if API answer is different of expected configuration.
"""
cfg = get_configuration['metadata']
compare_config_api_response([cfg], 'remote')
def test_allowed_denied_ips_syslog(get_configuration, configure_environment,
restart_remoted):
"""Check that "allowed-ips" and "denied-ips" could be configured without errors for syslog connection.
Raises:
AssertionError: if `wazuh-remoted` does not show in `ossec.log` expected error message.
"""
cfg = get_configuration['metadata']
log_callback = remote.callback_detect_syslog_allowed_ips(
cfg['allowed-ips'])
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="Wazuh remoted didn't start as expected.")
compare_config_api_response([cfg], 'remote')
def test_big_queue_size(get_configuration, configure_environment,
restart_remoted):
"""Test if warning message appears in case `queue_size` is greater than 262144.
Check that the API answer for manager connection coincides with the option selected on `ossec.conf`.
Raises:
AssertionError: if `wazuh-remoted` does not show in `ossec.log` expected warning messages or if API answer is
different of expected configuration.
"""
cfg = get_configuration['metadata']
log_callback = remote.callback_queue_size_too_big()
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
compare_config_api_response([cfg], 'remote')
def test_configuration_location(get_configuration, configure_environment,
restart_logcollector):
"""Check if Wazuh runs correctly with the specified location field value.
Ensure logcollector allows the specified locations. Also, in the case of the manager instance, check if the API
answer for localfile block coincides.
Raises:
TimeoutError: If the "Analyzing file" callback is not generated.
AssertError: In the case of a server instance, the API response is different that the real configuration.
"""
cfg = get_configuration['metadata']
if wazuh_component == 'wazuh-manager':
api.wait_until_api_ready()
api.compare_config_api_response([cfg], 'localfile')
else:
if sys.platform == 'win32':
assert get_process_cmd('wazuh-agent.exe') != 'None'
else:
assert check_if_process_is_running('wazuh-logcollector')
def test_ipv6_secure(get_configuration, configure_environment,
restart_remoted):
"""Check that when `ipv6` can be configured to `yes` without errors.
In case of `secure` connection IPv4 should be used. Also, check if the API answer for
manager connection coincides with the option selected on `ossec.conf`.
Raises:
AssertionError: if `wazuh-remoted` does not show in `ossec.log` expected warning message or
if API answer is different of expected configuration."""
cfg = get_configuration['metadata']
if cfg['connection'] == 'secure':
log_callback = remote.callback_warning_secure_ipv6()
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected error output has not been produced")
# Check that API query return the selected configuration
compare_config_api_response([cfg], 'remote')
def check_log_format_valid(cfg):
"""Check if Wazuh run correctly with the specified log formats.
Ensure logcollector allows the specified log formats. Also, in the case of the manager instance, check if the API
answer for localfile block coincides.
Raises:
TimeoutError: If the "Analyzing file" callback is not generated.
AssertError: In the case of a server instance, the API response is different that the real configuration.
"""
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
if cfg['log_format'] not in log_format_not_print_analyzing_info:
log_callback = logcollector.callback_analyzing_file(cfg['location'],
prefix=prefix)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message=logcollector.GENERIC_CALLBACK_ERROR_ANALYZING_FILE)
elif 'command' in cfg['log_format']:
log_callback = logcollector.callback_monitoring_command(
cfg['log_format'], cfg['command'], prefix=prefix)
wazuh_log_monitor.start(timeout=5,
callback=log_callback,
error_message=logcollector.
GENERIC_CALLBACK_ERROR_COMMAND_MONITORING)
elif cfg['log_format'] == 'djb-multilog':
log_callback = logcollector.callback_monitoring_djb_multilog(
cfg['location'], prefix=prefix)
wazuh_log_monitor.start(
timeout=5,
callback=log_callback,
error_message="The expected multilog djb log has not been produced"
)
if wazuh_component == 'wazuh-manager':
real_configuration = cfg.copy()
real_configuration.pop('valid_value')
api.wait_until_api_ready()
api.compare_config_api_response([real_configuration], 'localfile')
