From 237ee22584e11d6d48f7e51868881c8af3476be4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?=
 <victorrebollop@gmail.com>
Date: Fri, 16 Dec 2022 10:38:37 +0100
Subject: [PATCH] fix(#3657): fix Yara and Virustotal E2E tests

* fix(#3657): yara installation in centOS manager

* fix(#3657): yara installation

* fix(#3657): increase virustotal timeout to 60

* style(#3657): fix configuration yara playbook

* docs(#3657): include PR 3660 to changelog

* style(#3657): fix overindentation

* fix(#3657): increase E2E virustotal timeout

* docs(#3657): fix changelog duplicated line

* docs(#3657): collapse 3660 entries of the changelog
---
 CHANGELOG.md                                  |  1 +
 .../data/playbooks/generate_events.yaml       |  2 +-
 .../data/playbooks/configuration.yaml         | 60 +++++++++++++------
 3 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a563d5b2c3..69940f4d31 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ Release report: TBD
 
 ### Added
 
+- Fix Yara and VirusTotal E2E basic usage tests ([#3660](https://github.com/wazuh/wazuh-qa/pull/3660))
 - Add new test to check if syslog message are parsed correctrly in the `archives.json` file ([#3609](https://github.com/wazuh/wazuh-qa/pull/3609)) \- (Framework + Tests)
 - Add new logging tests for analysisd EPS limitation ([#3509](https://github.com/wazuh/wazuh-qa/pull/3509)) \- (Framework + Tests)
 - New testing suite for checking analysisd EPS limitation ([#2947](https://github.com/wazuh/wazuh-qa/pull/3181)) \- (Framework + Tests)
diff --git a/tests/end_to_end/test_basic_cases/test_virustotal_integration/data/playbooks/generate_events.yaml b/tests/end_to_end/test_basic_cases/test_virustotal_integration/data/playbooks/generate_events.yaml
index fe490d0122..3e226ae91a 100644
--- a/tests/end_to_end/test_basic_cases/test_virustotal_integration/data/playbooks/generate_events.yaml
+++ b/tests/end_to_end/test_basic_cases/test_virustotal_integration/data/playbooks/generate_events.yaml
@@ -21,7 +21,7 @@
             timestamp: \d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+
             custom_regex: "{\"timestamp\":\"{{ timestamp }}\",\"rule\":{\"level\":{{ rule_level }},\
                            \"description\":\"{{ rule_description }}\",\"id\":\"{{ rule_id }}\".*}"
-            timeout: 30
+            timeout: 90
 
       always:
 
diff --git a/tests/end_to_end/test_basic_cases/test_yara_integration/data/playbooks/configuration.yaml b/tests/end_to_end/test_basic_cases/test_yara_integration/data/playbooks/configuration.yaml
index d1f3238b51..b5af6072dd 100644
--- a/tests/end_to_end/test_basic_cases/test_yara_integration/data/playbooks/configuration.yaml
+++ b/tests/end_to_end/test_basic_cases/test_yara_integration/data/playbooks/configuration.yaml
@@ -23,27 +23,49 @@
         chown root:wazuh /var/ossec/active-response/bin/yara.sh
         chmod 0750 /var/ossec/active-response/bin/yara.sh
 
-    - name: Check if epel-release is installed
-      shell: rpm -qa epel-release
-      register: check_epel_release
+    - name: Check if Yara is installed
+      become: true
+      shell: yara -v
+      register: yara_check
+      ignore_errors: true
 
-    - name: Install epel-release
-      package:
-        name:
-          - epel-release
-        state: present
-      when: '"epel" not in check_epel_release.stdout'
+    - name: Install Yara
+      block:
+        - name: Update system's packages
+          become: true
+          package:
+            name: "*"
+            state: latest
 
-    - name: Check if yara is installed
-      shell: rpm -qa yara
-      register: check_yara
+        - name: Install Yara dependencies
+          become: true
+          package:
+            name:
+              - gcc
+              - make
+              - libtool
+              - pcre-devel
+              - openssl-devel
+            state: present
 
-    - name: Install Yara on CentOS
-      package:
-        name:
-          - yara
-        state: present
-      when: '"yara" not in check_yara.stdout'
+        - name: Download Yara
+          become: true
+          get_url:
+            url: https://github.com/VirusTotal/yara/archive/v{{ yara_version | default('4.2.3') }}.tar.gz
+            dest: /tmp/v{{ yara_version | default('4.2.3')}}.tar.gz
+
+        - name: Uncompress Yara file
+          become: true
+          unarchive:
+            src: /tmp/v{{ yara_version | default('4.2.3')}}.tar.gz
+            dest: /tmp
+            remote_src: true
+
+        - name: Compile and install Yara
+          become: true
+          shell: cd /tmp/yara-{{ yara_version | default('4.2.3')}} && ./bootstrap.sh && ./configure && make &&
+                 make install
+      when: yara_check.rc != 0
 
     - name: Check if jq is installed
       shell: rpm -qa jq
@@ -110,7 +132,7 @@
           <command>
           <name>yara</name>
           <executable>yara.sh</executable>
-          <extra_args>-yara_path /usr/bin -yara_rules /tmp/yara/rules/yara_rules.yar</extra_args>
+          <extra_args>-yara_path /usr/local/bin/ -yara_rules /tmp/yara/rules/yara_rules.yar</extra_args>
           <timeout_allowed>no</timeout_allowed>
           </command>
           <active-response>