예제 #1
0
def modify_feed(test_values, request):
    """
    Modify the MSU OVAL feed, setting a test field value
    """
    backup_data = read_json_file(custom_msu_json_feed_path)

    modified_data = dict(backup_data)

    # Insert key:value pair as string, since otherwise, you could not insert lists or dictionaries as a key
    modified_string_data = vd.insert_data_json_feed(data=modified_data,
                                                    field_name=test_values[0],
                                                    field_value=test_values[1],
                                                    append_data=None)

    write_file(custom_msu_json_feed_path, modified_string_data)

    vd.clean_vuln_and_sys_programs_tables()

    control_service('restart', daemon='wazuh-modulesd')

    vd.set_system(system='Windows10')

    yield

    write_json_file(custom_msu_json_feed_path, backup_data)

    vd.clean_vuln_and_sys_programs_tables()

    truncate_file(LOG_FILE_PATH)
예제 #2
0
def modify_feed(test_data, request):
    """
    Modify the redhat OVAL feed, setting a test field value
    """
    backup_data = file.read_xml_file(file_path=custom_redhat_oval_feed_path,
                                     namespaces=vd.XML_FEED_NAMESPACES,
                                     xml_header=True)

    modified_data = replace_regex(pattern=test_data['pattern'],
                                  new_value=test_data['update'],
                                  data=str(backup_data),
                                  replace_group=True)

    file.write_file(file_path=custom_redhat_oval_feed_path, data=modified_data)

    vd.clean_vuln_and_sys_programs_tables()

    control_service('restart', daemon='wazuh-modulesd')

    vd.set_system(system='RHEL8')

    yield

    file.write_file(file_path=custom_redhat_oval_feed_path, data=backup_data)

    vd.clean_vuln_and_sys_programs_tables()

    file.truncate_file(LOG_FILE_PATH)
def modify_feed(test_values, request):
    """
    Modify the Debian OVAL feed, setting a test tag value
    """
    backup_data = file.read_xml_file(file_path=custom_debian_oval_feed_path, namespaces=vd.XML_FEED_NAMESPACES,
                                     xml_header=True)

    modified_data = insert_xml_tag(pattern=insert_pattern, tag=test_values[0], value=test_values[1],
                                   data=str(backup_data))

    file.write_file(file_path=custom_debian_oval_feed_path, data=modified_data)

    vd.clean_vuln_and_sys_programs_tables()

    control_service('restart', daemon='wazuh-modulesd')

    vd.set_system(system='BUSTER')

    yield

    file.write_file(file_path=custom_debian_oval_feed_path, data=backup_data)

    vd.clean_vuln_and_sys_programs_tables()

    truncate_file(LOG_FILE_PATH)
def modify_feed(test_values, request):
    """Modify the Arch Linux JSON feed by setting a test tag value."""

    backup_data = read_json_file(custom_archlinux_json_feed_path)
    modified_data = deepcopy(backup_data)

    modified_data[0]['replace_this'] = test_values[1]
    modified_string = json.dumps(modified_data, indent=4)

    new_key = test_values[0]
    if isinstance(new_key, str):
        new_key = f'"{new_key}"'
    else:
        new_key = str(new_key)

    modified_string = modified_string.replace('"replace_this"', new_key)

    write_file(custom_archlinux_json_feed_path, modified_string)

    vd.clean_vuln_and_sys_programs_tables()
    control_service('restart', daemon='wazuh-modulesd')
    vd.set_system(system='ARCH')

    yield

    write_json_file(custom_archlinux_json_feed_path, backup_data)
    vd.clean_vuln_and_sys_programs_tables()
    file.truncate_file(LOG_FILE_PATH)
def remove_tag_feed(request):
    """
    It allows to modify the feed by removing a certain tag and loading the new feed configuration
    """
    backup_data = file.read_xml_file(file_path=custom_canonical_oval_feed_path,
                                     namespaces=vd.XML_FEED_NAMESPACES)

    data_removed_tag = replace_regex(request.param['pattern'], '',
                                     str(backup_data))

    file.write_file(file_path=custom_canonical_oval_feed_path,
                    data=data_removed_tag)

    vd.clean_vuln_and_sys_programs_tables()

    control_service('restart', daemon='wazuh-modulesd')

    vd.set_system(system='BIONIC')

    yield request.param

    file.write_file(file_path=custom_canonical_oval_feed_path,
                    data=backup_data)

    vd.clean_vuln_and_sys_programs_tables()

    file.truncate_file(LOG_FILE_PATH)
def modify_feed(test_data, request):
    """Modify the Arch Linux feed by setting a test field value."""
    backup_data = read_json_file(custom_archlinux_json_feed_path)
    modified_data = json.dumps(dict(backup_data[0]), indent=4)

    for item in backup_data[1:]:
        modified_data += ",\n" + json.dumps(dict(item), indent=4)

    modified_string_data = replace_regex(pattern=test_data['pattern'], new_value=test_data['update'],
                                         data=modified_data, replace_group=True)
    modified_string_data = f"[\n{modified_string_data}\n]"

    write_file(custom_archlinux_json_feed_path, modified_string_data)

    vd.clean_vuln_and_sys_programs_tables()
    control_service('restart', daemon='wazuh-modulesd')
    vd.set_system(system='Windows10')

    yield

    write_json_file(custom_archlinux_json_feed_path, backup_data)
    vd.clean_vuln_and_sys_programs_tables()
    truncate_file(LOG_FILE_PATH)
예제 #7
0
def test_keep_running(get_local_internal_options,
                      configure_local_internal_options, get_configuration,
                      configure_environment, create_file_structure_module,
                      restart_logcollector):
    """Check if logcollector keeps running once a log is rotated.

    To do this, logcollector is configured to monitor a log file, then data is added to the log and it is rotated.
    Finally, write data back to the rotated log and check that logcollector continues to monitor it.

    Args:
        get_local_internal_options (fixture): Get internal configuration.
        configure_local_internal_options (fixture): Set internal configuration for testing.
        get_configuration (fixture): Get configurations from the module.
        configure_environment (fixture): Configure a custom environment for testing.
        generate_log_file (fixture): Generate a log file for testing.
        restart_logcollector (fixture): Reset log file and start a new monitor.
    """
    config = get_configuration['metadata']

    # Ensure that the file is being analyzed
    message = fr"INFO: \(\d*\): Analyzing file: '{config['location']}'."
    callback_message = monitoring.make_callback(
        pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
    wazuh_log_monitor.start(
        timeout=global_parameters.default_timeout,
        error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
        callback=callback_message)

    # Add another MiB of data to log
    logcollector.add_log_data(
        log_path=config['location'],
        log_line_message=f"{config['log_line_before']}{config['mode']}",
        size_kib=1024)

    message = f"DEBUG: Reading syslog message: '{config['log_line_before']}{config['mode']}'"
    callback_message = monitoring.make_callback(
        pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
    wazuh_log_monitor.start(
        timeout=global_parameters.default_timeout,
        error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
        callback=callback_message)

    if config['mode'] == 'rotate':
        file.remove_file(config['location'])
        file.write_file(config['location'], '')
        # Ensure that the rotation has been completed:
        message = f"DEBUG: File inode changed. {config['location']}"
        callback_message = monitoring.make_callback(
            pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
        wazuh_log_monitor.start(timeout=global_parameters.default_timeout,
                                error_message=logcollector.
                                GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
                                callback=callback_message)
    else:
        file.truncate_file(config['location'])
        # Ensure that the truncate has been completed:
        message = f"DEBUG: File size reduced. {config['location']}"
        callback_message = monitoring.make_callback(
            pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
        wazuh_log_monitor.start(timeout=global_parameters.default_timeout,
                                error_message=logcollector.
                                GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
                                callback=callback_message)

    # Add a MiB of data to rotated/truncated log
    logcollector.add_log_data(
        log_path=config['location'],
        log_line_message=f"{config['log_line_after']}{config['mode']}",
        size_kib=1024)

    message = f"DEBUG: Reading syslog message: '{config['log_line_after']}{config['mode']}'"
    callback_message = monitoring.make_callback(
        pattern=message, prefix=LOG_COLLECTOR_DETECTOR_PREFIX)
    wazuh_log_monitor.start(
        timeout=global_parameters.default_timeout,
        error_message=logcollector.GENERIC_CALLBACK_ERROR_COMMAND_MONITORING,
        callback=callback_message)