def reload_new_conf(report_value, reg1, reg2):
""""
Return a new ossec configuration with a changed report_value
Parameters
----------
report_value: str
Value that will be used for the report_changes option.
reg1: str
Registry path that will be written in the configuration for WINDOWS_REGISTRY_1.
reg2: str
Registry path that will be written in the configuration for WINDOWS_REGISTRY_2.
"""
new_conf_params = {
'WINDOWS_REGISTRY_1': reg1,
'WINDOWS_REGISTRY_2': reg2,
'REPORT_CHANGES_1': report_value,
'REPORT_CHANGES_2': report_value
}
conf_params, conf_metadata = generate_params(extra_params=new_conf_params,
modes=['scheduled'])
new_conf = load_wazuh_configurations(configurations_path,
__name__,
params=conf_params,
metadata=conf_metadata)
# Load the third configuration in the yaml
restart_wazuh_with_new_conf(
set_section_wazuh_conf(new_conf[2].get('sections')))
# Wait for FIM scan to finish
detect_initial_scan(wazuh_log_monitor)
def change_conf(dir_value):
p, m = generate_params(extra_params={'DIRECTORY': dir_value},
apply_to_all=({'SKIP': skip} for skip in ['yes', 'no']),
modes=['scheduled'])
return load_wazuh_configurations(configurations_path, __name__,
params=p,
metadata=m
)
def change_conf(report_value):
""""Return a new ossec configuration with a changed report_value"""
conf_params, conf_metadata = generate_params(extra_params={'REPORT_CHANGES': {'report_changes': report_value},
'TEST_DIRECTORIES': directory_str,
'NODIFF_FILE': nodiff_file,
'MODULE_NAME': __name__})
return load_wazuh_configurations(configurations_path, __name__,
params=conf_params,
metadata=conf_metadata
)
def override_wazuh_conf(configuration):
"""Apply custom settings on ossec.conf file.
Settings are obtained from values located under "configuration" section of tests found in a YAML file.
For this purpose, it stops the wazuh-agentd service, applies the settings and starts it again.
Args:
configuration (dict): New parameters to be applied.
Raises:
ValueError: If wazuh-agentd daemon cannot be started again.
"""
# Stop Wazuh
control_service('stop', daemon='wazuh-agentd')
# Configuration for testing
temp = get_temp_yaml(configuration)
conf = load_wazuh_configurations(
temp,
__name__,
)
os.remove(temp)
test_config = set_section_wazuh_conf(conf[0]['sections'])
# Set new configuration
write_wazuh_conf(test_config)
# reset_client_keys
ag.clean_client_keys_file()
clean_log_file()
ag.clean_password_file()
if configuration.get('password'):
parser = ag.AgentAuthParser()
parser.add_password(password=configuration['password']['value'],
isFile=True,
path=configuration.get('authorization_pass_path'))
# Start Wazuh
control_service('start', daemon='wazuh-agentd')
subdir = 'subdir'
test_directories = [testdir]
for n in range(5):
testdir = (os.path.join(testdir, subdir + str(n + 1)))
test_directories.append(testdir)
tag = 'Sample_tag'
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
# configurations
conf_params, conf_metadata = generate_params(extra_params={'TAGS': tag})
configurations = load_wazuh_configurations(configurations_path,
__name__,
params=conf_params,
metadata=conf_metadata)
# fixtures
@pytest.fixture(scope='module', params=configurations)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
# functions
def apply_test(directory: str, attributes: list, trigger: bool,
# Marks
pytestmark = pytest.mark.tier(level=0)
# Variables
test_directories = []
testdir = os.path.join(PREFIX, 'testdir1')
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml')
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
# Configurations
p, m = generate_params(extra_params={'TEST_DIRECTORIES': '', 'MODULE_NAME': __name__})
configuration1 = load_wazuh_configurations(configurations_path, __name__, params=p, metadata=m)
p, m = generate_params(extra_params={'TEST_DIRECTORIES': testdir, 'MODULE_NAME': __name__})
configuration2 = load_wazuh_configurations(configurations_path, __name__, params=p, metadata=m)
# Merge both list of configurations into the final one to avoid skips and configuration issues
configurations = configuration1 + configuration2
# Fixtures
@pytest.fixture(scope='module', params=configurations)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
# variables
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml')
test_directories = [os.path.join(PREFIX, 'testdir1'), os.path.join(PREFIX, 'testdir2')]
directory_str = ','.join(test_directories)
force_restart_after_restoring = True
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
# configurations
configurations = load_wazuh_configurations(configurations_path, __name__,
params=[{'TEST_DIRECTORIES': directory_str}],
metadata=[{'test_directories': directory_str}]
)
# fixtures
@pytest.fixture(scope='module', params=configurations)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
# tests
@pytest.mark.parametrize('tags_to_apply', [
({'invalid_no_regex', 'invalid_scan', 'invalid_file_limit'})
"update": f"{item}<metadata>",
"description": f"Add {item} character before <metadata>",
"expected_fail": False
})
test_data.append({
"pattern": r'(.*)(<)(metadata>.*)',
"update": item,
"description": f"Replace '<' with '{item}' in <metadata>",
"expected_fail": True
})
test_data_ids = [item['description'] for item in test_data]
# Configuration data
configurations = load_wazuh_configurations(configurations_path,
__name__,
params=parameters)
@pytest.fixture(scope='module', params=configurations, ids=ids)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
@pytest.fixture
def modify_feed(test_data, request):
"""
Modify the redhat OVAL feed, setting a test field value
"""
backup_data = file.read_xml_file(file_path=custom_redhat_oval_feed_path,
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'data')
configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml')
test_directories = [
os.path.join('/', 'testdir1'),
os.path.join('/', 'testdir2'),
os.path.join('/', 'testdir3')
]
testdir1, testdir2, testdir3 = test_directories
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
# Configurations
configurations = load_wazuh_configurations(configurations_path, __name__)
# Fixture
@pytest.fixture(scope='module', params=configurations)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
# Test
@pytest.mark.parametrize('tags_to_apply, folder, audit_key',
[({'config1'}, '/testdir2', 'wazuh_fim')])
'allowed-ips': '127.0.0.0.0',
'denied-ips': '192.168.1.1'
}, {
'allowed-ips': 'Testing',
'denied-ips': '192.168.1.1'
}, {
'allowed-ips': '127.0.0.0/7890',
'denied-ips': '192.168.1.1'
}, {
'allowed-ips': '127.0.0.0/7890',
'denied-ips': '192.168.1.1.1'
}]
configurations = load_wazuh_configurations(
configurations_path,
"test_basic_configuration_allowed_denied_ips",
params=parameters,
metadata=metadata)
configuration_ids = [f"{x['ALLOWED']}_{x['DENIED']}" for x in parameters]
# fixtures
@pytest.fixture(scope="module", params=configurations, ids=configuration_ids)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
def test_allowed_ips_invalid(get_configuration, configure_environment,
restart_remoted):
"""Test if `wazuh-remoted` fails when invalid `allowed-ips` label value is set.
# Get all network interfaces ips using netifaces
array_interfaces_ip = []
network_interfaces = netifaces.interfaces()
for interface in network_interfaces:
try:
ip = netifaces.ifaddresses(interface)[netifaces.AF_INET][0]['addr']
array_interfaces_ip.append(ip)
except KeyError:
pass
for local_ip in array_interfaces_ip:
parameters.append({'LOCAL_IP': local_ip})
metadata.append({'local_ip': local_ip})
configurations = load_wazuh_configurations(configurations_path, "test_basic_configuration_local_ip",
params=parameters, metadata=metadata)
configuration_ids = [f"{x['LOCAL_IP']}" for x in parameters]
# fixtures
@pytest.fixture(scope="module", params=configurations, ids=configuration_ids)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
def test_local_ip_valid(get_configuration, configure_environment, restart_remoted):
"""Check if the `local_ip` option could be configured using different valid IPs without errors.
Check if the API answer for manager connection coincides with the option selected on `ossec.conf`.
'connection': 'secure',
'port': '1514',
'queue_size': '1'
}, {
'connection': 'secure',
'port': '1514',
'queue_size': '1200'
}, {
'connection': 'secure',
'port': '1514',
'queue_size': '262144'
}]
configurations = load_wazuh_configurations(
configurations_path,
"test_basic_configuration_queue_size",
params=parameters,
metadata=metadata)
configuration_ids = [
f"{x['CONNECTION'], x['PORT'], x['QUEUE_SIZE']}" for x in parameters
]
# fixtures
@pytest.fixture(scope="module", params=configurations, ids=configuration_ids)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
def test_queue_size_valid(get_configuration, configure_environment,
path (str): path to the file.
Returns:
dict: dictionary containing the test info.
"""
with open(path) as f:
return yaml.safe_load(f)
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'data')
message_tests = load_tests(os.path.join(test_data_path,
'enroll_messages.yaml'))
configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml')
configurations = load_wazuh_configurations(configurations_path,
__name__,
params=None,
metadata=None)
# Variables
log_monitor_paths = []
receiver_sockets_params = [(("localhost", 1515), 'AF_INET', 'SSL_TLSv1_2')]
monitored_sockets_params = [('wazuh-modulesd', None, True),
('wazuh-db', None, True),
('wazuh-authd', None, True)]
receiver_sockets, monitored_sockets, log_monitors = None, None, None # Set in the fixtures
# Tests
# Marks
pytestmark = pytest.mark.tier(level=0)
# variables
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'data')
configurations_path = os.path.join(test_data_path, 'wazuh_run_on_start.yaml')
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
config_wildcards_values = [{'RUN_ON_START': 'yes'}, {'RUN_ON_START': 'no'}]
config_wildcards_metadata = [{'run_on_start': 'yes'}, {'run_on_start': 'no'}]
# Configuration data
configurations = load_wazuh_configurations(configurations_path,
__name__,
params=config_wildcards_values,
metadata=config_wildcards_metadata)
# fixtures
@pytest.fixture(scope='module',
params=configurations,
ids=["run_on_start_yes", "run_on_start_no"])
def get_configuration(request):
"""Get configurations from the module."""
return request.param
# Tests
def test_run_on_start(get_configuration, configure_environment,
'connection': 'secure',
'port': '1514',
'rids_closing_time': '30h'
}, {
'connection': 'secure',
'port': '1514',
'rids_closing_time': '1d'
}, {
'connection': 'secure',
'port': '1514',
'rids_closing_time': '30d'
}]
configurations = load_wazuh_configurations(
configurations_path,
"test_basic_configuration_rids_closing_time",
params=parameters,
metadata=metadata)
configuration_ids = [
f"{x['CONNECTION'], x['PORT'], x['RIDS_CLOSING_TIME']}" for x in parameters
]
# fixtures
@pytest.fixture(scope="module", params=configurations, ids=configuration_ids)
def get_configuration(request):
"""Get configurations from the module."""
return request.param
def test_rids_closing_time_valid(get_configuration, configure_environment,