def modify_feed(test_values, request):
"""
Modify the MSU OVAL feed, setting a test field value
"""
backup_data = read_json_file(custom_msu_json_feed_path)
modified_data = dict(backup_data)
# Insert key:value pair as string, since otherwise, you could not insert lists or dictionaries as a key
modified_string_data = vd.insert_data_json_feed(data=modified_data,
field_name=test_values[0],
field_value=test_values[1],
append_data=None)
write_file(custom_msu_json_feed_path, modified_string_data)
vd.clean_vuln_and_sys_programs_tables()
control_service('restart', daemon='wazuh-modulesd')
vd.set_system(system='Windows10')
yield
write_json_file(custom_msu_json_feed_path, backup_data)
vd.clean_vuln_and_sys_programs_tables()
truncate_file(LOG_FILE_PATH)
def modify_feed(test_data, request):
"""
Modify the redhat OVAL feed, setting a test field value
"""
backup_data = file.read_xml_file(file_path=custom_redhat_oval_feed_path,
namespaces=vd.XML_FEED_NAMESPACES,
xml_header=True)
modified_data = replace_regex(pattern=test_data['pattern'],
new_value=test_data['update'],
data=str(backup_data),
replace_group=True)
file.write_file(file_path=custom_redhat_oval_feed_path, data=modified_data)
vd.clean_vuln_and_sys_programs_tables()
control_service('restart', daemon='wazuh-modulesd')
vd.set_system(system='RHEL8')
yield
file.write_file(file_path=custom_redhat_oval_feed_path, data=backup_data)
vd.clean_vuln_and_sys_programs_tables()
file.truncate_file(LOG_FILE_PATH)
def modify_feed(test_values, request):
"""
Modify the Debian OVAL feed, setting a test tag value
"""
backup_data = file.read_xml_file(file_path=custom_debian_oval_feed_path, namespaces=vd.XML_FEED_NAMESPACES,
xml_header=True)
modified_data = insert_xml_tag(pattern=insert_pattern, tag=test_values[0], value=test_values[1],
data=str(backup_data))
file.write_file(file_path=custom_debian_oval_feed_path, data=modified_data)
vd.clean_vuln_and_sys_programs_tables()
control_service('restart', daemon='wazuh-modulesd')
vd.set_system(system='BUSTER')
yield
file.write_file(file_path=custom_debian_oval_feed_path, data=backup_data)
vd.clean_vuln_and_sys_programs_tables()
truncate_file(LOG_FILE_PATH)
def modify_feed(test_values, request):
"""Modify the Arch Linux JSON feed by setting a test tag value."""
backup_data = read_json_file(custom_archlinux_json_feed_path)
modified_data = deepcopy(backup_data)
modified_data[0]['replace_this'] = test_values[1]
modified_string = json.dumps(modified_data, indent=4)
new_key = test_values[0]
if isinstance(new_key, str):
new_key = f'"{new_key}"'
else:
new_key = str(new_key)
modified_string = modified_string.replace('"replace_this"', new_key)
write_file(custom_archlinux_json_feed_path, modified_string)
vd.clean_vuln_and_sys_programs_tables()
control_service('restart', daemon='wazuh-modulesd')
vd.set_system(system='ARCH')
yield
write_json_file(custom_archlinux_json_feed_path, backup_data)
vd.clean_vuln_and_sys_programs_tables()
file.truncate_file(LOG_FILE_PATH)
def remove_tag_feed(request):
"""
It allows to modify the feed by removing a certain tag and loading the new feed configuration
"""
backup_data = file.read_xml_file(file_path=custom_canonical_oval_feed_path,
namespaces=vd.XML_FEED_NAMESPACES)
data_removed_tag = replace_regex(request.param['pattern'], '',
str(backup_data))
file.write_file(file_path=custom_canonical_oval_feed_path,
data=data_removed_tag)
vd.clean_vuln_and_sys_programs_tables()
control_service('restart', daemon='wazuh-modulesd')
vd.set_system(system='BIONIC')
yield request.param
file.write_file(file_path=custom_canonical_oval_feed_path,
data=backup_data)
vd.clean_vuln_and_sys_programs_tables()
file.truncate_file(LOG_FILE_PATH)
def modify_feed(test_data, request):
"""Modify the Arch Linux feed by setting a test field value."""
backup_data = read_json_file(custom_archlinux_json_feed_path)
modified_data = json.dumps(dict(backup_data[0]), indent=4)
for item in backup_data[1:]:
modified_data += ",\n" + json.dumps(dict(item), indent=4)
modified_string_data = replace_regex(pattern=test_data['pattern'], new_value=test_data['update'],
data=modified_data, replace_group=True)
modified_string_data = f"[\n{modified_string_data}\n]"
write_file(custom_archlinux_json_feed_path, modified_string_data)
vd.clean_vuln_and_sys_programs_tables()
control_service('restart', daemon='wazuh-modulesd')
vd.set_system(system='Windows10')
yield
write_json_file(custom_archlinux_json_feed_path, backup_data)
vd.clean_vuln_and_sys_programs_tables()
truncate_file(LOG_FILE_PATH)
def test_keep_running(get_local_internal_options,
configure_local_internal_options, get_configuration,
configure_environment, create_file_structure_module,
restart_logcollector):
"""Check if logcollector keeps running once a log is rotated.
To do this, logcollector is configured to monitor a log file, then data is added to the log and it is rotated.
Finally, write data back to the rotated log and check that logcollector continues to monitor it.
Args:
get_local_internal_options (fixture): Get internal configuration.
configure_local_internal_options (fixture): Set internal configuration for testing.
get_configuration (fixture): Get configurations from the module.
configure_environment (fixture): Configure a custom environment for testing.
generate_log_file (fixture): Generate a log file for testing.
restart_logcollector (fixture): Reset log file and start a new monitor.
"""
config = get_configuration['metadata']
# Ensure that the file is being analyzed
message = fr"INFO: \(\d*\): Analyzing file: '{config['location']}'."
callback_message = monitoring.make_callback(
pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
wazuh_log_monitor.start(
timeout=global_parameters.default_timeout,
error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
callback=callback_message)
# Add another MiB of data to log
logcollector.add_log_data(
log_path=config['location'],
log_line_message=f"{config['log_line_before']}{config['mode']}",
size_kib=1024)
message = f"DEBUG: Reading syslog message: '{config['log_line_before']}{config['mode']}'"
callback_message = monitoring.make_callback(
pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
wazuh_log_monitor.start(
timeout=global_parameters.default_timeout,
error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
callback=callback_message)
if config['mode'] == 'rotate':
file.remove_file(config['location'])
file.write_file(config['location'], '')
# Ensure that the rotation has been completed:
message = f"DEBUG: File inode changed. {config['location']}"
callback_message = monitoring.make_callback(
pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
wazuh_log_monitor.start(timeout=global_parameters.default_timeout,
error_message=logcollector.
GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
callback=callback_message)
else:
file.truncate_file(config['location'])
# Ensure that the truncate has been completed:
message = f"DEBUG: File size reduced. {config['location']}"
callback_message = monitoring.make_callback(
pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
wazuh_log_monitor.start(timeout=global_parameters.default_timeout,
error_message=logcollector.
GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
callback=callback_message)
# Add a MiB of data to rotated/truncated log
logcollector.add_log_data(
log_path=config['location'],
log_line_message=f"{config['log_line_after']}{config['mode']}",
size_kib=1024)
message = f"DEBUG: Reading syslog message: '{config['log_line_after']}{config['mode']}'"
callback_message = monitoring.make_callback(
pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
wazuh_log_monitor.start(
timeout=global_parameters.default_timeout,
error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
callback=callback_message)