From 358463f84c6b9b60f091f750159137f0d734daa7 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Tue, 3 Jan 2023 09:31:22 -0300 Subject: [PATCH] feat(#3562): update test and add new test cases --- ...ion_windows_system_folder_redirection.yaml | 3 + ...ses_windows_system_folder_redirection.yaml | 111 +++++++++++++++++- .../test_windows_system_folder_redirection.py | 26 ++-- 3 files changed, 122 insertions(+), 18 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/configuration_template/configuration_windows_system_folder_redirection.yaml b/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/configuration_template/configuration_windows_system_folder_redirection.yaml index f0b7771a04..86d9a8db1a 100644 --- a/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/configuration_template/configuration_windows_system_folder_redirection.yaml +++ b/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/configuration_template/configuration_windows_system_folder_redirection.yaml @@ -10,6 +10,9 @@ attributes: - realtime: REALTIME - whodata: WHODATA + - recursion_level: 0 + - windows_audit_interval: + value: 500 - section: sca elements: diff --git a/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/test_cases/cases_windows_system_folder_redirection.yaml b/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/test_cases/cases_windows_system_folder_redirection.yaml index 7cbd4130bc..5d039b0906 100644 --- a/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/test_cases/cases_windows_system_folder_redirection.yaml +++ b/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/test_cases/cases_windows_system_folder_redirection.yaml @@ -1,9 +1,116 @@ -- name: report_changes_found_scheduled +- name: monitor /Windows/System32 - scheduled description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) configuration_parameters: INTERVAL: 3 REALTIME: 'no' WHODATA: 'no' + TEST_DIRECTORIES: '%WINDIR%\System32' + fim_mode: scheduled metadata: - folder: \%WINDIR%/Sysnative + folder: system32 fim_mode: scheduled + redirected: false + +- name: monitor /Windows/System32 - realtime + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 10000 + REALTIME: 'yes' + WHODATA: 'no' + TEST_DIRECTORIES: '%WINDIR%\System32' + fim_mode: realtime + metadata: + folder: system32 + fim_mode: realtime + redirected: false + +- name: monitor /Windows/System32 - whodata + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 10000 + REALTIME: 'no' + WHODATA: 'yes' + TEST_DIRECTORIES: '%WINDIR%\System32' + fim_mode: whodata + metadata: + folder: system32 + fim_mode: whodata + redirected: false + +- name: monitor /Windows/Sysnative - scheduled + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 3 + REALTIME: 'no' + WHODATA: 'no' + TEST_DIRECTORIES: '%WINDIR%\Sysnative' + fim_mode: scheduled + metadata: + folder: system32 + fim_mode: scheduled + redirected: true + +- name: monitor /Windows/Sysnative - realtime + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 10000 + REALTIME: 'yes' + WHODATA: 'no' + TEST_DIRECTORIES: '%WINDIR%\Sysnative' + fim_mode: realtime + metadata: + folder: system32 + fim_mode: realtime + redirected: true + +- name: monitor /Windows/Sysnative - whodata + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 10000 + REALTIME: 'no' + WHODATA: 'yes' + TEST_DIRECTORIES: '%WINDIR%\Sysnative' + fim_mode: whodata + metadata: + folder: system32 + fim_mode: whodata + redirected: true + +- name: monitor SyWOW64 - scheduled + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 3 + REALTIME: 'no' + WHODATA: 'no' + TEST_DIRECTORIES: '%WINDIR%\SysWOW64' + fim_mode: scheduled + metadata: + folder: syswow64 + fim_mode: scheduled + redirected: false + +- name: monitor SysWOW64 - realtime + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 10000 + REALTIME: 'yes' + WHODATA: 'no' + TEST_DIRECTORIES: '%WINDIR%\SysWOW64' + fim_mode: realtime + metadata: + folder: syswow64 + fim_mode: realtime + redirected: false + +- name: monitor SysWOW64 - whodata + description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode) + configuration_parameters: + INTERVAL: 10000 + REALTIME: 'no' + WHODATA: 'yes' + TEST_DIRECTORIES: '%WINDIR%\SysWOW64' + fim_mode: whodata + metadata: + folder: syswow64 + fim_mode: whodata + redirected: false \ No newline at end of file diff --git a/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/test_windows_system_folder_redirection.py b/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/test_windows_system_folder_redirection.py index 4270c082a5..fe9cc4ca21 100644 --- a/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/test_windows_system_folder_redirection.py +++ b/tests/integration/test_fim/test_files/test_windows_system_folder_redirection/test_windows_system_folder_redirection.py @@ -70,14 +70,14 @@ import pytest from wazuh_testing import global_parameters, LOG_FILE_PATH, T_10 from wazuh_testing.tools import PREFIX, configuration -from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback -from wazuh_testing.modules.fim import CB_FIM_PATH_CONVERTED, ERR_MSG_FIM_PATH_CONVERTED_EVENT +from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options +from wazuh_testing.modules.fim.event_monitor import check_fim_event, CB_FIM_PATH_CONVERTED from wazuh_testing.modules.fim.utils import regular_file_cud # Marks -pytestmark = [pytest.mark.linux, pytest.mark.tier(level=1)] +pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)] # Reference paths @@ -89,16 +89,14 @@ test_cases_path = os.path.join(TEST_CASES_PATH, 'cases_windows_system_folder_redirection.yaml') configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_windows_system_folder_redirection.yaml') - -# variables -wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) - - # Test configurations configuration_parameters, configuration_metadata, test_case_ids = configuration.get_test_cases_data(test_cases_path) configurations = configuration.load_configuration_template(configurations_path, configuration_parameters, configuration_metadata) +# variables +wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) + # tests @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) @@ -134,9 +132,6 @@ def test_windows_folder_redirection(configuration, metadata, set_wazuh_configura - restart_syscheck_function: type: fixture brief: restart syscheckd daemon, and truncate the ossec.log. - - create_monitored_folders - type: fixture - brief: Create folders to be monitored, delete after test. - wait_for_fim_start_function: type: fixture brief: check that the starting fim scan is detected. @@ -161,12 +156,11 @@ def test_windows_folder_redirection(configuration, metadata, set_wazuh_configura - scheduled ''' file_list = [f"regular_file"] - folder = os.path.join(PREFIX, metadata['folder']) + folder = os.path.join(PREFIX, 'windows', metadata['folder']) wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) - wazuh_log_monitor.start(timeout=T_10, callback=generate_monitoring_callback(CB_FIM_PATH_CONVERTED), - error_message=ERR_MSG_FIM_PATH_CONVERTED_EVENT) - + if metadata['redirected']: + check_fim_event(callback=CB_FIM_PATH_CONVERTED, timeout=T_10) regular_file_cud(folder, wazuh_log_monitor, file_list=file_list, time_travel=False, - min_timeout=global_parameters.default_timeout*4, triggers_event=True) + min_timeout=300, triggers_event=True, escaped=True)