def test_failed_last_scan_key_error_agent_version(info_mock): """ Test last_scan function when a ErrorKey appears """ result = last_scan('001') assert isinstance(result, dict) assert set(result.keys()) == {'start', 'end'}
def test_syscheck_last_scan_internal_error(glob_mock, version): """Test function `last_scan` from syscheck module. It will expect a WazuhInternalError. Parameters ---------- version : dict Dict with the Wazuh version to be applied. Raises ------ WazuhInternalError Raised when there is not a valid database file. """ with patch('wazuh.syscheck.Agent.get_basic_information', return_value=version): with pytest.raises(WazuhInternalError): last_scan(['001'])
def test_last_scan(wazuh_conn_mock, connec_mock, db_mock, version, agent_id): """ Test last_scan function """ with patch('wazuh.syscheck.Agent.get_basic_information', return_value=version): with patch("wazuh.syscheck.glob", return_value=[join(common.database_path_agents, agent_id)+".db"]): result = last_scan(agent_id) assert isinstance(result, dict) assert set(result.keys()) == {'start', 'end'}
def test_syscheck_last_scan(socket_mock, wdb_conn_mock, is_file_mock, db_mock, agent_id, wazuh_version): """Test function `last_scan` from syscheck module. Parameters ---------- agent_id : list Agent ID. wazuh_version : dict Dict with the Wazuh version to be applied. """ with patch('wazuh.syscheck.Agent.get_basic_information', return_value=wazuh_version): with patch('wazuh.syscheck.glob', return_value=[os.path.join(common.database_path_agents, '{}.db'.format(agent_id[0]))]): result = last_scan(agent_id) assert isinstance(result, AffectedItemsWazuhResult) assert isinstance(result.affected_items, list) assert result.total_affected_items == 1
def found_terminator(self): response = b''.join(self.received_data) error = 0 cmd = self.f.decrypt(response[:common.cluster_sync_msg_size]).decode() self.command = cmd.split(" ") logging.debug("Command received: {0}".format(self.command)) if not check_cluster_cmd(self.command, self.node_type): logging.error( "Received invalid cluster command {0} from {1}".format( self.command[0], self.addr)) error = 1 res = "Received invalid cluster command {0}".format( self.command[0]) if error == 0: if self.command[0] == list_requests_cluster['node']: res = get_node() elif self.command[0] == list_requests_cluster['zip']: zip_bytes = self.f.decrypt( response[common.cluster_sync_msg_size:]) res = extract_zip(zip_bytes) self.restart = res['restart'] elif self.command[0] == list_requests_agents['RESTART_AGENTS']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") if (len(args) == 2): agents = args[0].split("-") restart_all = ast.literal_eval(args[1]) else: agents = None restart_all = ast.literal_eval(args[0]) cluster_depth = ast.literal_eval(self.command[1]) - 1 res = Agent.restart_agents(agents, restart_all, cluster_depth) elif self.command[0] == list_requests_agents[ 'AGENTS_UPGRADE_RESULT']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") try: agent = args[0] timeout = args[1] res = Agent.get_upgrade_result(agent, timeout) except Exception as e: res = str(e) elif self.command[0] == list_requests_agents['AGENTS_UPGRADE']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") agent_id = args[0] wpk_repo = ast.literal_eval(args[1]) version = ast.literal_eval(args[2]) force = ast.literal_eval(args[3]) chunk_size = ast.literal_eval(args[4]) try: res = Agent.upgrade_agent(agent_id, wpk_repo, version, force, chunk_size) except Exception as e: res = str(e) elif self.command[0] == list_requests_agents[ 'AGENTS_UPGRADE_CUSTOM']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") agent_id = args[0] file_path = ast.literal_eval(args[1]) installer = ast.literal_eval(args[2]) try: res = Agent.upgrade_agent_custom(agent_id, file_path, installer) except Exception as e: res = str(e) elif self.command[0] == list_requests_syscheck[ 'SYSCHECK_LAST_SCAN']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) agent = args.split(" ") res = syscheck.last_scan(agent[0]) elif self.command[0] == list_requests_syscheck['SYSCHECK_RUN']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") if (len(args) == 2): agents = args[0] all_agents = ast.literal_eval(args[1]) else: agents = None all_agents = ast.literal_eval(args[0]) cluster_depth = ast.literal_eval(self.command[1]) - 1 res = syscheck.run(agents, all_agents, cluster_depth) elif self.command[0] == list_requests_syscheck['SYSCHECK_CLEAR']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") if (len(args) == 2): agents = args[0] all_agents = ast.literal_eval(args[1]) else: agents = None all_agents = ast.literal_eval(args[0]) cluster_depth = ast.literal_eval(self.command[1]) - 1 res = syscheck.clear(agents, all_agents, cluster_depth) elif self.command[0] == list_requests_rootcheck['ROOTCHECK_PCI']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") index = 0 agents = None if (len(args) == 5): agents = args[0] index = index + 1 offset = ast.literal_eval(args[index]) index = index + 1 limit = ast.literal_eval(args[index]) index = index + 1 sort = ast.literal_eval(args[index]) index = index + 1 search = ast.literal_eval(args[index]) res = args res = rootcheck.get_pci(agents, offset, limit, sort, search) elif self.command[0] == list_requests_rootcheck['ROOTCHECK_CIS']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") index = 0 agents = None if (len(args) == 5): agents = args[0] index = index + 1 offset = ast.literal_eval(args[index]) index = index + 1 limit = ast.literal_eval(args[index]) index = index + 1 sort = ast.literal_eval(args[index]) index = index + 1 search = ast.literal_eval(args[index]) res = args res = rootcheck.get_cis(agents, offset, limit, sort, search) elif self.command[0] == list_requests_rootcheck[ 'ROOTCHECK_LAST_SCAN']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) agent = args.split(" ") res = rootcheck.last_scan(agent[0]) elif self.command[0] == list_requests_rootcheck['ROOTCHECK_RUN']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") if (len(args) == 2): agents = args[0] all_agents = ast.literal_eval(args[1]) else: agents = None all_agents = ast.literal_eval(args[0]) cluster_depth = ast.literal_eval(self.command[1]) - 1 res = rootcheck.run(agents, all_agents, cluster_depth) elif self.command[0] == list_requests_rootcheck['ROOTCHECK_CLEAR']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") if (len(args) == 2): agents = args[0] all_agents = ast.literal_eval(args[1]) else: agents = None all_agents = ast.literal_eval(args[0]) cluster_depth = ast.literal_eval(self.command[1]) - 1 res = rootcheck.clear(agents, all_agents, cluster_depth) elif self.command[0] == list_requests_managers['MANAGERS_STATUS']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 res = manager.managers_status(cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers['MANAGERS_LOGS']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 type_log = args[0] category = args[1] months = ast.literal_eval(args[2]) offset = ast.literal_eval(args[3]) limit = ast.literal_eval(args[4]) sort = ast.literal_eval(args[5]) search = ast.literal_eval(args[6]) res = manager.managers_ossec_log(type_log=type_log, category=category, months=months, offset=offset, limit=limit, sort=sort, search=search, cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers[ 'MANAGERS_LOGS_SUMMARY']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 months = ast.literal_eval(args[0]) res = manager.managers_ossec_log_summary( months=months, cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers[ 'MANAGERS_STATS_TOTALS']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 year = ast.literal_eval(args[0]) month = ast.literal_eval(args[1]) day = ast.literal_eval(args[2]) res = stats.totals(year=year, month=month, day=day, cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers[ 'MANAGERS_STATS_HOURLY']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 res = stats.hourly(cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers[ 'MANAGERS_STATS_WEEKLY']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 res = stats.weekly(cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers[ 'MANAGERS_OSSEC_CONF']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 section = args[0] field = ast.literal_eval(args[1]) res = manager.managers_get_ossec_conf( section=section, field=field, cluster_depth=cluster_depth) elif self.command[0] == list_requests_managers['MANAGERS_INFO']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 res = myWazuh.managers_get_ossec_init( cluster_depth=cluster_depth) elif self.command[0] == list_requests_cluster['CLUSTER_CONFIG']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") cluster_depth = ast.literal_eval(self.command[1]) - 1 res = get_config_distributed(cluster_depth=cluster_depth) elif self.command[0] == list_requests_cluster['MASTER_FORW']: args = self.f.decrypt(response[common.cluster_sync_msg_size:]) args = args.split(" ") args_list = [] if args[0] in all_list_requests.values(): agent_id = None request_type = args[0] if (len(args) > 1): args_list = args[1:] elif len(args) > 1 and args[1] in all_list_requests.values(): agent_id = args[0].split("-") request_type = args[1] if (len(args) > 2): args_list = args[2:] res = distributed_api_request(request_type=request_type, agent_id=agent_id, args=args_list, cluster_depth=1, affected_nodes=None, from_cluster=True) elif self.command[0] == list_requests_cluster['ready']: res = "Starting to sync client's files" # execute an independent process to "crontab" the sync interval kill(child_pid, SIGUSR1) elif self.command[0] == list_requests_cluster['data']: res = "Saving data from actual master" actual_master_data = json.loads( self.f.decrypt( response[common.cluster_sync_msg_size:]).decode()) if save_actual_master_data_on_db(actual_master_data): restart_manager() logging.debug("Command {0} executed for {1}".format( self.command[0], self.addr)) self.data = json.dumps({'error': error, 'data': res}) self.handle_write()
def test_failed_last_scan_not_agent_db(glob_mock, info_mock): """Test failed last_scan function when agent don't exist.""" with pytest.raises(exception.WazuhException, match=".* 1600 .*"): last_scan('001')