-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2038 from wazuh/2031-qadocs-migrate-test-fim-scan…
…-skip-stats-integrity-sync Migrate `test_scan`, `test_skip`, and `test_stats_integrity_sync` of `test_fim/test_files` documentation to `qa-docs`
- Loading branch information
Showing
7 changed files
with
829 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,76 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these | ||
files are modified. Specifically, these tests will check if the 'wazuh-syscheckd' daemon runs | ||
the scans on a specific day of the week set in the 'scan_day' tag. | ||
The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured files | ||
for changes to the checksums, permissions, and ownership. | ||
tier: 1 | ||
modules: | ||
- fim | ||
components: | ||
- agent | ||
- manager | ||
daemons: | ||
- wazuh-syscheckd | ||
os_platform: | ||
- linux | ||
- windows | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
- Windows 10 | ||
- Windows 8 | ||
- Windows 7 | ||
- Windows Server 2016 | ||
- Windows Server 2012 | ||
- Windows Server 2003 | ||
- Windows XP | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#scan-day | ||
pytest_args: | ||
- fim_mode: | ||
realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems. | ||
whodata: Implies real-time monitoring but adding the 'who-data' information. | ||
- tier: | ||
0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. | ||
1: Only level 1 tests are performed, they check functionalities of medium complexity. | ||
2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. | ||
tags: | ||
- fim_scan | ||
''' | ||
import os | ||
from datetime import datetime, timedelta | ||
|
||
|
@@ -48,10 +118,49 @@ def get_configuration(request): | |
def test_scan_day(tags_to_apply, | ||
get_configuration, configure_environment, | ||
restart_syscheckd, wait_for_fim_start): | ||
"""Check if there is a scan at a certain day of the week | ||
It will only scan once a week, on the given day. | ||
""" | ||
''' | ||
description: Check if the 'wazuh-syscheckd' performs a scan on the day of the week specified in | ||
the 'scan_day' tag. For this purpose, the test will monitor a testing folder and | ||
modify the system date to the day of the scan that should be performed. Then, it | ||
will check if an FIM event, indicating that the scan is ended, is generated. Finally, | ||
the test will verify that scans are not performed on a different day of the week | ||
specified in the test case. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- tags_to_apply: | ||
type: set | ||
brief: Run test if match with a configuration identifier, skip otherwise. | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
- restart_syscheckd: | ||
type: fixture | ||
brief: Clear the 'ossec.log' file and start a new monitor. | ||
- wait_for_fim_start: | ||
type: fixture | ||
brief: Wait for realtime start, whodata start, or end of initial FIM scan. | ||
assertions: | ||
- Verify that an FIM event is generated when the system date matches | ||
the day of the week specified for the scan. | ||
- Verify that scan is not performed on a different day of the week than scheduled. | ||
input_description: A test case (scan_day) is contained in external YAML file (wazuh_conf.yaml) which | ||
includes configuration settings for the 'wazuh-syscheckd' daemon. These are combined | ||
with the testing directory to be monitored and the scan days defined in the module. | ||
expected_output: | ||
- r'.*Sending FIM event: (.+)$' (at scan ends) | ||
tags: | ||
- scheduled | ||
- time_travel | ||
''' | ||
check_apply_test(tags_to_apply, get_configuration['tags']) | ||
|
||
day_of_week = {'monday': 0, | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,77 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these files | ||
are modified. Specifically, these tests will check if the 'wazuh-syscheckd' daemon runs the scans | ||
on a specific day of the week and time, set them in the 'scan_day' and 'scan_time' tags. | ||
The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured files | ||
for changes to the checksums, permissions, and ownership. | ||
tier: 1 | ||
modules: | ||
- fim | ||
components: | ||
- agent | ||
- manager | ||
daemons: | ||
- wazuh-syscheckd | ||
os_platform: | ||
- linux | ||
- windows | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
- Windows 10 | ||
- Windows 8 | ||
- Windows 7 | ||
- Windows Server 2016 | ||
- Windows Server 2012 | ||
- Windows Server 2003 | ||
- Windows XP | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#scan-day | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#scan-time | ||
pytest_args: | ||
- fim_mode: | ||
realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems. | ||
whodata: Implies real-time monitoring but adding the 'who-data' information. | ||
- tier: | ||
0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. | ||
1: Only level 1 tests are performed, they check functionalities of medium complexity. | ||
2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. | ||
tags: | ||
- fim_scan | ||
''' | ||
import os | ||
from calendar import monthrange | ||
from datetime import datetime, timedelta | ||
|
@@ -82,11 +153,48 @@ def get_configuration(request): | |
def test_scan_day_and_time(tags_to_apply, | ||
get_configuration, configure_environment, | ||
restart_syscheckd, wait_for_fim_start): | ||
""" | ||
Check if there is a scan in a certain day and time | ||
This test must check both scan params. | ||
""" | ||
''' | ||
description: Check if the 'wazuh-syscheckd' performs a scan on the day of the week and the time specified in | ||
the 'scan_day' and 'scan_time' tags. For this purpose, the test will monitor a testing folder and | ||
modify the system date to the moment of the scan that should be performed. Then, it will check | ||
if an FIM event, indicating that the scan is ended, is generated. Finally, the test will verify | ||
that scans are not performed on a different day or time specified in the test case. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- tags_to_apply: | ||
type: set | ||
brief: Run test if match with a configuration identifier, skip otherwise. | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
- restart_syscheckd: | ||
type: fixture | ||
brief: Clear the 'ossec.log' file and start a new monitor. | ||
- wait_for_fim_start: | ||
type: fixture | ||
brief: Wait for realtime start, whodata start, or end of initial FIM scan. | ||
assertions: | ||
- Verify that an FIM event is generated when the system date matches | ||
the day of the week and the time specified for the scan. | ||
- Verify that scan is not performed on a different day or time than scheduled. | ||
input_description: A test case (scan_both) is contained in external YAML file (wazuh_conf.yaml) which | ||
includes configuration settings for the 'wazuh-syscheckd' daemon. These are combined | ||
with the testing directory to be monitored and the scan dates defined in the module. | ||
expected_output: | ||
- r'.*Sending FIM event: (.+)$' (at scan ends) | ||
tags: | ||
- scheduled | ||
- time_travel | ||
''' | ||
check_apply_test(tags_to_apply, get_configuration['tags']) | ||
|
||
day_of_week = {'monday': 0, | ||
|
Oops, something went wrong.