예제 #1
0
    def test_start_stop(self):
        collector = HunterCollector()
        collector.start_service(threaded=True)
        wait_for_log_count('started Hunt Manager(test_query)', 1)

        # verify the rule was loaded
        self.assertEquals(log_count('loading hunt from'), 1)
        self.assertEquals(log_count('loaded Hunt(query_test_1[test_query])'),
                          1)

        # wait for the hunt to execute
        wait_for_log_count('executing query', 1)

        # we should have sqlite update for both the last_executed_time and last_end_time fields
        with open_hunt_db('test_query') as db:
            c = db.cursor()
            c.execute(
                "SELECT last_executed_time, last_end_time FROM hunt WHERE hunt_name = ?",
                ('query_test_1', ))
            row = c.fetchone()
            self.assertIsNotNone(row)
            self.assertTrue(isinstance(
                row[0], datetime.datetime))  # last_executed_time
            self.assertTrue(isinstance(row[1],
                                       datetime.datetime))  # last_end_time

        collector.stop_service()
        collector.wait_service()
예제 #2
0
def manager_kwargs():
    return { 'collector': HunterCollector(),
             'hunt_type': 'splunk',
             'rule_dirs': [ 'hunts/test/splunk', ],
             'hunt_cls': SplunkHunt,
             'concurrency_limit': 1,
             'persistence_dir': os.path.join(saq.DATA_DIR, saq.CONFIG['collection']['persistence_dir'])}
예제 #3
0
 def test_reload_hunts_on_sighup(self):
     collector = HunterCollector()
     collector.start_service(threaded=True)
     wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
     wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
     os.kill(os.getpid(), signal.SIGHUP)
     wait_for_log_count('received signal to reload hunts', 1)
     wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 2)
     wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
     collector.stop_service()
     collector.wait_service()
예제 #4
0
 def test_hunt_execution(self):
     collector = HunterCollector()
     collector.start_service(threaded=True)
     # testing that the execution order works
     wait_for_log_count('unit test execute marker: Hunt(unit_test_2[test])',
                        4)
     self.assertEquals(
         log_count('unit test execute marker: Hunt(unit_test_1[test])'), 1)
     self.assertTrue(log_count('next hunt is Hunt(unit_test_2[test])') > 0)
     collector.stop_service()
     collector.wait_service()
예제 #5
0
파일: test_hunter.py 프로젝트: iaji/ACE-1 
 def test_reload_hunts_on_deleted(self):
     saq.CONFIG['service_hunter']['update_frequency'] = '1'
     collector = HunterCollector()
     collector.start_service(threaded=True)
     wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
     wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
     os.remove(os.path.join(self.temp_rules_dir, 'test_1.ini'))
     wait_for_log_count('detected modification to', 1, 5)
     wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
     self.assertTrue(log_count('loaded Hunt(unit_test_1[test]) from') == 1)
     collector.stop_service()
     collector.wait_service()
예제 #6
0
파일: test_hunter.py 프로젝트: iaji/ACE-1 
    def test_reload_hunts_on_modified(self):
        saq.CONFIG['service_hunter']['update_frequency'] = '1'
        collector = HunterCollector()
        collector.start_service(threaded=True)
        wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
        wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
        with open(os.path.join(self.temp_rules_dir, 'test_1.ini'), 'a') as fp:
            fp.write('\n\n; modified')

        wait_for_log_count('detected modification to', 1, 5)
        wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 2)
        wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
        collector.stop_service()
        collector.wait_service()
예제 #7
0
def manager_kwargs():
    return {
        'collector':
        HunterCollector(),
        'hunt_type':
        'test_query',
        'rule_dirs': [
            'hunts/test/query',
        ],
        'hunt_cls':
        TestQueryHunt,
        'concurrency_limit':
        1,
        'persistence_dir':
        os.path.join(saq.DATA_DIR,
                     saq.CONFIG['collection']['persistence_dir']),
        'update_frequency':
        60
    }
예제 #8
0
파일: test_hunter.py 프로젝트: iaji/ACE-1 
 def manager_kwargs(self):
     return {
         'collector':
         HunterCollector(),
         'hunt_type':
         'test',
         'rule_dirs': [
             self.temp_rules_dir,
         ],
         'hunt_cls':
         TestHunt,
         'concurrency_limit':
         1,
         'persistence_dir':
         os.path.join(saq.DATA_DIR,
                      saq.CONFIG['collection']['persistence_dir']),
         'update_frequency':
         60
     }
예제 #9
0
파일: test_hunter.py 프로젝트: iaji/ACE-1 
    def test_reload_hunts_on_new(self):
        saq.CONFIG['service_hunter']['update_frequency'] = '1'
        collector = HunterCollector()
        collector.start_service(threaded=True)
        wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 1)
        wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 1)
        with open(os.path.join(self.temp_rules_dir, 'test_3.ini'), 'a') as fp:
            fp.write("""
[rule]
enabled = yes
name = unit_test_3
description = Unit Test Description 3
type = test
frequency = 00:00:10
tags = tag1, tag2""")

        wait_for_log_count('detected new hunt ini', 1, 5)
        wait_for_log_count('loaded Hunt(unit_test_1[test]) from', 2)
        wait_for_log_count('loaded Hunt(unit_test_2[test]) from', 2)
        wait_for_log_count('loaded Hunt(unit_test_3[test]) from', 1)
        collector.stop_service()
        collector.wait_service()
예제 #10
0
 def test_start_stop(self):
     collector = HunterCollector()
     collector.start_service(threaded=True)
     wait_for_log_count('started Hunt Manager(test)', 1)
     collector.stop_service()
     collector.wait_service()