fix(#3657): fix Yara and Virustotal E2E tests

* fix(#3657): yara installation in centOS manager * fix(#3657): yara installation * fix(#3657): increase virustotal timeout to 60 * style(#3657): fix configuration yara playbook * docs(#3657): include PR 3660 to changelog * style(#3657): fix overindentation * fix(#3657): increase E2E virustotal timeout * docs(#3657): fix changelog duplicated line * docs(#3657): collapse 3660 entries of the changelog
wazuh · Dec 16, 2022 · 237ee22 · 237ee22
1 parent 4a9c1a1
commit 237ee22
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ Release report: TBD
 
 ### Added
 
+- Fix Yara and VirusTotal E2E basic usage tests ([#3660](https:/wazuh/wazuh-qa/pull/3660))
 - Add new test to check if syslog message are parsed correctrly in the `archives.json` file ([#3609](https:/wazuh/wazuh-qa/pull/3609)) \- (Framework + Tests)
 - Add new logging tests for analysisd EPS limitation ([#3509](https:/wazuh/wazuh-qa/pull/3509)) \- (Framework + Tests)
 - New testing suite for checking analysisd EPS limitation ([#2947](https:/wazuh/wazuh-qa/pull/3181)) \- (Framework + Tests)

diff --git a/...d_to_end/test_basic_cases/test_virustotal_integration/data/playbooks/generate_events.yaml b/...d_to_end/test_basic_cases/test_virustotal_integration/data/playbooks/generate_events.yaml
@@ -21,7 +21,7 @@
  timestamp: \d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+
  custom_regex: "{\"timestamp\":\"{{ timestamp }}\",\"rule\":{\"level\":{{ rule_level }},\
  \"description\":\"{{ rule_description }}\",\"id\":\"{{ rule_id }}\".*}"
- timeout: 30
+ timeout: 90
 
  always:
 

diff --git a/tests/end_to_end/test_basic_cases/test_yara_integration/data/playbooks/configuration.yaml b/tests/end_to_end/test_basic_cases/test_yara_integration/data/playbooks/configuration.yaml
@@ -23,27 +23,49 @@
  chown root:wazuh /var/ossec/active-response/bin/yara.sh
  chmod 0750 /var/ossec/active-response/bin/yara.sh
 
- - name: Check if epel-release is installed
- shell: rpm -qa epel-release
- register: check_epel_release
+ - name: Check if Yara is installed
+ become: true
+ shell: yara -v
+ register: yara_check
+ ignore_errors: true
 
- - name: Install epel-release
- package:
- name:
- - epel-release
- state: present
- when: '"epel" not in check_epel_release.stdout'
+ - name: Install Yara
+ block:
+ - name: Update system's packages
+ become: true
+ package:
+ name: "*"
+ state: latest
 
- - name: Check if yara is installed
- shell: rpm -qa yara
- register: check_yara
+ - name: Install Yara dependencies
+ become: true
+ package:
+ name:
+ - gcc
+ - make
+ - libtool
+ - pcre-devel
+ - openssl-devel
+ state: present
 
- - name: Install Yara on CentOS
- package:
- name:
- - yara
- state: present
- when: '"yara" not in check_yara.stdout'
+ - name: Download Yara
+ become: true
+ get_url:
+ url: https:/VirusTotal/yara/archive/v{{ yara_version | default('4.2.3') }}.tar.gz
+ dest: /tmp/v{{ yara_version | default('4.2.3')}}.tar.gz
+
+ - name: Uncompress Yara file
+ become: true
+ unarchive:
+ src: /tmp/v{{ yara_version | default('4.2.3')}}.tar.gz
+ dest: /tmp
+ remote_src: true
+
+ - name: Compile and install Yara
+ become: true
+ shell: cd /tmp/yara-{{ yara_version | default('4.2.3')}} && ./bootstrap.sh && ./configure && make &&
+ make install
+ when: yara_check.rc != 0
 
  - name: Check if jq is installed
  shell: rpm -qa jq
@@ -110,7 +132,7 @@
  <command>
  <name>yara</name>
  <executable>yara.sh</executable>
- <extra_args>-yara_path /usr/bin -yara_rules /tmp/yara/rules/yara_rules.yar</extra_args>
+ <extra_args>-yara_path /usr/local/bin/ -yara_rules /tmp/yara/rules/yara_rules.yar</extra_args>
  <timeout_allowed>no</timeout_allowed>
  </command>
  <active-response>