-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
merge: 4.4 into revert-3270-revert-3146-fix-wdb-getconfig
- Loading branch information
Showing
220 changed files
with
11,203 additions
and
338 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,7 +27,8 @@ | |
'qa_ctl/deployment/dockerfiles/qa_ctl/*', | ||
'qa_ctl/deployment/vagrantfile_template.txt', | ||
'qa_ctl/provisioning/wazuh_deployment/templates/preloaded_vars.conf.j2', | ||
'data/qactl_conf_validator_schema.json' | ||
'data/qactl_conf_validator_schema.json', | ||
'data/all_disabled_ossec.conf' | ||
] | ||
|
||
scripts_list = [ | ||
|
@@ -42,7 +43,8 @@ | |
'qa-ctl=wazuh_testing.scripts.qa_ctl:main', | ||
'check-files=wazuh_testing.scripts.check_files:main' | ||
'add-agents-client-keys=wazuh_testing.scripts.add_agents_client_keys:main', | ||
'unsync-agents=wazuh_testing.scripts.unsync_agents:main' | ||
'unsync-agents=wazuh_testing.scripts.unsync_agents:main', | ||
'stress_results_comparator=wazuh_testing.scripts.stress_results_comparator:main' | ||
] | ||
|
||
|
||
|
@@ -56,16 +58,17 @@ def get_files_from_directory(directory): | |
|
||
package_data_list.extend(get_files_from_directory('wazuh_testing/qa_docs/search_ui')) | ||
|
||
setup(name='wazuh_testing', | ||
version='4.4.0', | ||
description='Wazuh testing utilities to help programmers automate tests', | ||
url='https:/wazuh', | ||
author='Wazuh', | ||
author_email='[email protected]', | ||
license='GPLv2', | ||
packages=find_packages(), | ||
package_data={'wazuh_testing': package_data_list}, | ||
entry_points={'console_scripts': scripts_list}, | ||
include_package_data=True, | ||
zip_safe=False | ||
) | ||
setup( | ||
name='wazuh_testing', | ||
version='4.4.0', | ||
description='Wazuh testing utilities to help programmers automate tests', | ||
url='https:/wazuh', | ||
author='Wazuh', | ||
author_email='[email protected]', | ||
license='GPLv2', | ||
packages=find_packages(), | ||
package_data={'wazuh_testing': package_data_list}, | ||
entry_points={'console_scripts': scripts_list}, | ||
include_package_data=True, | ||
zip_safe=False | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
deps/wazuh_testing/wazuh_testing/data/all_disabled_ossec.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
<ossec_config> | ||
<global> | ||
<alerts_log>yes</alerts_log> | ||
</global> | ||
|
||
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs --> | ||
<logging> | ||
<log_format>plain</log_format> | ||
</logging> | ||
|
||
<remote> | ||
<connection>secure</connection> | ||
<port>1514</port> | ||
<protocol>tcp</protocol> | ||
<queue_size>131072</queue_size> | ||
</remote> | ||
|
||
<!-- Policy monitoring --> | ||
<rootcheck> | ||
<disabled>yes</disabled> | ||
</rootcheck> | ||
|
||
<wodle name="cis-cat"> | ||
<disabled>yes</disabled> | ||
</wodle> | ||
|
||
<!-- Osquery integration --> | ||
<wodle name="osquery"> | ||
<disabled>yes</disabled> | ||
</wodle> | ||
|
||
<!-- System inventory --> | ||
<wodle name="syscollector"> | ||
<disabled>yes</disabled> | ||
</wodle> | ||
|
||
<sca> | ||
<enabled>no</enabled> | ||
</sca> | ||
|
||
<vulnerability-detector> | ||
<enabled>no</enabled> | ||
</vulnerability-detector> | ||
|
||
<!-- File integrity monitoring --> | ||
<syscheck> | ||
<disabled>yes</disabled> | ||
</syscheck> | ||
|
||
<ruleset> | ||
<!-- Default ruleset --> | ||
<decoder_dir>ruleset/decoders</decoder_dir> | ||
<rule_dir>ruleset/rules</rule_dir> | ||
<rule_exclude>0215-policy_rules.xml</rule_exclude> | ||
<list>etc/lists/audit-keys</list> | ||
<list>etc/lists/amazon/aws-eventnames</list> | ||
<list>etc/lists/security-eventchannel</list> | ||
|
||
<!-- User-defined ruleset --> | ||
<decoder_dir>etc/decoders</decoder_dir> | ||
<rule_dir>etc/rules</rule_dir> | ||
</ruleset> | ||
|
||
<rule_test> | ||
<enabled>yes</enabled> | ||
<threads>1</threads> | ||
<max_sessions>64</max_sessions> | ||
<session_timeout>15m</session_timeout> | ||
</rule_test> | ||
|
||
<!-- Configuration for wazuh-authd --> | ||
<auth> | ||
<disabled>no</disabled> | ||
<port>1515</port> | ||
<use_source_ip>no</use_source_ip> | ||
<purge>yes</purge> | ||
<use_password>no</use_password> | ||
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers> | ||
<!-- <ssl_agent_ca></ssl_agent_ca> --> | ||
<ssl_verify_host>no</ssl_verify_host> | ||
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert> | ||
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key> | ||
<ssl_auto_negotiate>no</ssl_auto_negotiate> | ||
</auth> | ||
|
||
</ossec_config> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
# Copyright (C) 2015-2022, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
import os | ||
import requests | ||
from http import HTTPStatus | ||
from tempfile import gettempdir | ||
|
||
from wazuh_testing.tools.utils import retry | ||
|
||
|
||
fetched_alerts_json_path = os.path.join(gettempdir(), 'alerts.json') | ||
|
||
|
||
@retry(Exception, attempts=3, delay=5) | ||
def get_alert_indexer_api(query, credentials, ip_address, index='wazuh-alerts-4.x-*'): | ||
"""Get an alert from the wazuh-indexer API | ||
Make a request to the wazuh-indexer API to get the last indexed alert that matches the values passed in | ||
must_match. | ||
Args: | ||
ip_address (str): wazuh-indexer IP address. | ||
index (str): Index in which to search for the alert. | ||
query (dict): Query to send to the API. | ||
credentials(dict): wazuh-indexer credentials. | ||
Returns: | ||
`obj`(map): Search results | ||
""" | ||
url = f"https://{ip_address}:9200/{index}/_search?" | ||
|
||
response = requests.get(url=url, params={'pretty': 'true'}, json=query, verify=False, | ||
auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password'])) | ||
|
||
if '"hits" : [ ]' in response.text: | ||
raise Exception('Alert not indexed') | ||
elif response.status_code != HTTPStatus.OK: | ||
raise Exception(f"The request wasn't successful.\nActual response: {response.text}") | ||
|
||
return response | ||
|
||
|
||
def delete_index_api(credentials, ip_address, index='wazuh-alerts-4.x-*'): | ||
"""Delete indices from wazuh-indexer using its API. | ||
Make a request to the wazuh-indexer API to delete indices that match a given name. | ||
Args: | ||
ip_address (str): wazuh-indexer IP address. | ||
index (str): Name of the index to be deleted. | ||
credentials(dict): wazuh-indexer credentials. | ||
Returns: | ||
obj(class): `Response <Response>` object | ||
obj(class): `NoneType` object | ||
""" | ||
url = f"https://{ip_address}:9200/" | ||
authorization = requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']) | ||
|
||
response = requests.delete(url=url+index, params={'pretty': 'true'}, verify=False, auth=authorization) | ||
|
||
if response.status_code != HTTPStatus.OK: | ||
raise Exception(f"The index(es) have not been deleted successfully. Actual response {response.text}") | ||
|
||
return response | ||
|
||
|
||
def make_query(must_match): | ||
"""Create a query according to the values passed in must_match. | ||
Args: | ||
must_match (list): Values to be matched with the indexed alert. | ||
Returns: | ||
dict: Fully formed query. | ||
""" | ||
query = { | ||
"query": { | ||
"bool": { | ||
"must": must_match | ||
} | ||
}, | ||
"size": 1, | ||
"sort": [ | ||
{ | ||
"timestamp": { | ||
"order": "desc" | ||
} | ||
} | ||
] | ||
} | ||
|
||
return query |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
import re | ||
|
||
from wazuh_testing.tools.monitoring import FileMonitor | ||
|
||
|
||
def make_callback(pattern, prefix=''): | ||
"""Create a callback function from a text pattern. | ||
Args: | ||
pattern (str): String to match on the log. | ||
prefix (str): regular expression used as prefix before the pattern. | ||
Returns: | ||
lambda: function that returns if there's a match in the file | ||
""" | ||
pattern = r'\s+'.join(pattern.split()) | ||
regex = re.compile(r'{}{}'.format(prefix, pattern)) | ||
|
||
return lambda line: regex.match(line) | ||
|
||
|
||
def check_event(file_monitor=None, callback='', error_message=None, update_position=True, timeout=20, | ||
accum_results=1, file_to_monitor=None): | ||
"""Check if an API event occurs | ||
Args: | ||
file_monitor (FileMonitor): FileMonitor object to monitor the file content. | ||
callback (str): log regex to check in the file | ||
error_message (str): error message to show in case of expected event does not occur | ||
update_position (boolean): filter configuration parameter to search in the file | ||
timeout (str): timeout to check the event in the file | ||
prefix (str): log pattern regex | ||
accum_results (int): Accumulation of matches. | ||
""" | ||
file_monitor = FileMonitor(file_to_monitor) if file_monitor is None else file_monitor | ||
error_message = f"Could not find this event in {file_to_monitor}: {callback}" if error_message is None else \ | ||
error_message | ||
|
||
result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, | ||
callback=make_callback(callback), error_message=error_message) | ||
|
||
return result |
Oops, something went wrong.