def test_rootcheck_run(close_mock, send_mock, connect_mock, agent_list,
                       status_list, expected_result):
    """Test function `run` from rootcheck module.

    Parameters
    ----------
    agent_list : list
        List of agent IDs.
    status_list : list
        List of agent statuses.
    expected_result : list
        List of dicts with expected results for every test.
    """
    with patch('wazuh.rootcheck.Agent.get_basic_information',
               side_effect=status_list):
        result = rootcheck.run(agent_list=agent_list)
        for args, kwargs in callable_list:
            assert (isinstance(a, str) for a in args)
            assert (isinstance(k, str) for k in kwargs)
        assert isinstance(result, rootcheck.AffectedItemsWazuhResult)
        assert result.affected_items == expected_result['affected_items']
        assert result.total_affected_items == expected_result[
            'total_affected_items']
        if result.failed_items:
            assert next(iter(result.failed_items.values())
                        ) == expected_result['failed_items']
        else:
            assert result.failed_items == expected_result['failed_items']
        assert result.total_failed_items == expected_result[
            'total_failed_items']
Esempio n. 2
0
def test_rootcheck_run(close_mock, send_mock, connect_mock, agent_init__mock,
                       agent_exit__mock, agent_list, failed_items, status_list,
                       expected_result):
    """Test function `run` from rootcheck module.

    Parameters
    ----------
    agent_list : list
        List of agent IDs.
    failed_items : list
        List with the WazuhDBQueryAgents response.
    status_list : list
        List of agent statuses.
    expected_result : list
        List of dicts with expected results for every test.
    """
    with patch('wazuh.rootcheck.WazuhDBQueryAgents.run',
               return_value=failed_items[0]):
        result = rootcheck.run(agent_list=agent_list)
        for args, kwargs in callable_list:
            assert (isinstance(a, str) for a in args)
            assert (isinstance(k, str) for k in kwargs)
        assert isinstance(result, rootcheck.AffectedItemsWazuhResult)
        assert result.affected_items == expected_result['affected_items']
        assert result.total_affected_items == expected_result[
            'total_affected_items']
        if result.failed_items:
            assert next(iter(result.failed_items.values())
                        ) == expected_result['failed_items']
        else:
            assert result.failed_items == expected_result['failed_items']
        assert result.total_failed_items == expected_result[
            'total_failed_items']
Esempio n. 3
0
    def found_terminator(self):
        response = b''.join(self.received_data)
        error = 0
        cmd = self.f.decrypt(response[:common.cluster_sync_msg_size]).decode()
        self.command = cmd.split(" ")

        logging.debug("Command received: {0}".format(self.command))

        if not check_cluster_cmd(self.command, self.node_type):
            logging.error(
                "Received invalid cluster command {0} from {1}".format(
                    self.command[0], self.addr))
            error = 1
            res = "Received invalid cluster command {0}".format(
                self.command[0])

        if error == 0:
            if self.command[0] == list_requests_cluster['node']:
                res = get_node()
            elif self.command[0] == list_requests_cluster['zip']:
                zip_bytes = self.f.decrypt(
                    response[common.cluster_sync_msg_size:])
                res = extract_zip(zip_bytes)
                self.restart = res['restart']
            elif self.command[0] == list_requests_agents['RESTART_AGENTS']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                if (len(args) == 2):
                    agents = args[0].split("-")
                    restart_all = ast.literal_eval(args[1])
                else:
                    agents = None
                    restart_all = ast.literal_eval(args[0])
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = Agent.restart_agents(agents, restart_all, cluster_depth)
            elif self.command[0] == list_requests_agents[
                    'AGENTS_UPGRADE_RESULT']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                try:
                    agent = args[0]
                    timeout = args[1]
                    res = Agent.get_upgrade_result(agent, timeout)
                except Exception as e:
                    res = str(e)
            elif self.command[0] == list_requests_agents['AGENTS_UPGRADE']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                agent_id = args[0]
                wpk_repo = ast.literal_eval(args[1])
                version = ast.literal_eval(args[2])
                force = ast.literal_eval(args[3])
                chunk_size = ast.literal_eval(args[4])
                try:
                    res = Agent.upgrade_agent(agent_id, wpk_repo, version,
                                              force, chunk_size)
                except Exception as e:
                    res = str(e)
            elif self.command[0] == list_requests_agents[
                    'AGENTS_UPGRADE_CUSTOM']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                agent_id = args[0]
                file_path = ast.literal_eval(args[1])
                installer = ast.literal_eval(args[2])
                try:
                    res = Agent.upgrade_agent_custom(agent_id, file_path,
                                                     installer)
                except Exception as e:
                    res = str(e)
            elif self.command[0] == list_requests_syscheck[
                    'SYSCHECK_LAST_SCAN']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                agent = args.split(" ")
                res = syscheck.last_scan(agent[0])
            elif self.command[0] == list_requests_syscheck['SYSCHECK_RUN']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                if (len(args) == 2):
                    agents = args[0]
                    all_agents = ast.literal_eval(args[1])
                else:
                    agents = None
                    all_agents = ast.literal_eval(args[0])
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = syscheck.run(agents, all_agents, cluster_depth)
            elif self.command[0] == list_requests_syscheck['SYSCHECK_CLEAR']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                if (len(args) == 2):
                    agents = args[0]
                    all_agents = ast.literal_eval(args[1])
                else:
                    agents = None
                    all_agents = ast.literal_eval(args[0])
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = syscheck.clear(agents, all_agents, cluster_depth)
            elif self.command[0] == list_requests_rootcheck['ROOTCHECK_PCI']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                index = 0
                agents = None
                if (len(args) == 5):
                    agents = args[0]
                    index = index + 1
                offset = ast.literal_eval(args[index])
                index = index + 1
                limit = ast.literal_eval(args[index])
                index = index + 1
                sort = ast.literal_eval(args[index])
                index = index + 1
                search = ast.literal_eval(args[index])
                res = args
                res = rootcheck.get_pci(agents, offset, limit, sort, search)
            elif self.command[0] == list_requests_rootcheck['ROOTCHECK_CIS']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                index = 0
                agents = None
                if (len(args) == 5):
                    agents = args[0]
                    index = index + 1
                offset = ast.literal_eval(args[index])
                index = index + 1
                limit = ast.literal_eval(args[index])
                index = index + 1
                sort = ast.literal_eval(args[index])
                index = index + 1
                search = ast.literal_eval(args[index])
                res = args
                res = rootcheck.get_cis(agents, offset, limit, sort, search)
            elif self.command[0] == list_requests_rootcheck[
                    'ROOTCHECK_LAST_SCAN']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                agent = args.split(" ")
                res = rootcheck.last_scan(agent[0])
            elif self.command[0] == list_requests_rootcheck['ROOTCHECK_RUN']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                if (len(args) == 2):
                    agents = args[0]
                    all_agents = ast.literal_eval(args[1])
                else:
                    agents = None
                    all_agents = ast.literal_eval(args[0])
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = rootcheck.run(agents, all_agents, cluster_depth)
            elif self.command[0] == list_requests_rootcheck['ROOTCHECK_CLEAR']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                if (len(args) == 2):
                    agents = args[0]
                    all_agents = ast.literal_eval(args[1])
                else:
                    agents = None
                    all_agents = ast.literal_eval(args[0])
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = rootcheck.clear(agents, all_agents, cluster_depth)
            elif self.command[0] == list_requests_managers['MANAGERS_STATUS']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = manager.managers_status(cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers['MANAGERS_LOGS']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                type_log = args[0]
                category = args[1]
                months = ast.literal_eval(args[2])
                offset = ast.literal_eval(args[3])
                limit = ast.literal_eval(args[4])
                sort = ast.literal_eval(args[5])
                search = ast.literal_eval(args[6])
                res = manager.managers_ossec_log(type_log=type_log,
                                                 category=category,
                                                 months=months,
                                                 offset=offset,
                                                 limit=limit,
                                                 sort=sort,
                                                 search=search,
                                                 cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers[
                    'MANAGERS_LOGS_SUMMARY']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                months = ast.literal_eval(args[0])
                res = manager.managers_ossec_log_summary(
                    months=months, cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers[
                    'MANAGERS_STATS_TOTALS']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                year = ast.literal_eval(args[0])
                month = ast.literal_eval(args[1])
                day = ast.literal_eval(args[2])
                res = stats.totals(year=year,
                                   month=month,
                                   day=day,
                                   cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers[
                    'MANAGERS_STATS_HOURLY']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = stats.hourly(cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers[
                    'MANAGERS_STATS_WEEKLY']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = stats.weekly(cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers[
                    'MANAGERS_OSSEC_CONF']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                section = args[0]
                field = ast.literal_eval(args[1])
                res = manager.managers_get_ossec_conf(
                    section=section, field=field, cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_managers['MANAGERS_INFO']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = myWazuh.managers_get_ossec_init(
                    cluster_depth=cluster_depth)
            elif self.command[0] == list_requests_cluster['CLUSTER_CONFIG']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                cluster_depth = ast.literal_eval(self.command[1]) - 1
                res = get_config_distributed(cluster_depth=cluster_depth)

            elif self.command[0] == list_requests_cluster['MASTER_FORW']:
                args = self.f.decrypt(response[common.cluster_sync_msg_size:])
                args = args.split(" ")
                args_list = []
                if args[0] in all_list_requests.values():
                    agent_id = None
                    request_type = args[0]
                    if (len(args) > 1):
                        args_list = args[1:]
                elif len(args) > 1 and args[1] in all_list_requests.values():
                    agent_id = args[0].split("-")
                    request_type = args[1]
                    if (len(args) > 2):
                        args_list = args[2:]
                res = distributed_api_request(request_type=request_type,
                                              agent_id=agent_id,
                                              args=args_list,
                                              cluster_depth=1,
                                              affected_nodes=None,
                                              from_cluster=True)

            elif self.command[0] == list_requests_cluster['ready']:
                res = "Starting to sync client's files"
                # execute an independent process to "crontab" the sync interval
                kill(child_pid, SIGUSR1)
            elif self.command[0] == list_requests_cluster['data']:
                res = "Saving data from actual master"
                actual_master_data = json.loads(
                    self.f.decrypt(
                        response[common.cluster_sync_msg_size:]).decode())
                if save_actual_master_data_on_db(actual_master_data):
                    restart_manager()

            logging.debug("Command {0} executed for {1}".format(
                self.command[0], self.addr))

        self.data = json.dumps({'error': error, 'data': res})

        self.handle_write()