From 0097ffb035179120fc3c4649c4a6cbf2b2dcfaec Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 07:57:09 -0300 Subject: [PATCH 01/79] add: Add limit EPS test #2947 --- .../wazuh_testing/modules/eps/__init__.py | 21 ++ .../modules/eps/event_monitor.py | 120 ++++++++++ .../wazuh_testing/processes/__init__.py | 10 + .../wazuh_testing/scripts/simulate_agents.py | 49 +++-- .../wazuh_testing/tools/__init__.py | 4 + .../wazuh_testing/tools/agent_simulator.py | 20 +- .../wazuh_testing/tools/configuration.py | 18 ++ requirements.txt | 6 +- .../test_analysisd/test_eps/conftest.py | 159 ++++++++++++++ .../data/configuration_simulate_agent.yaml | 10 + .../configuration_disabled.yaml | 49 +++++ .../configuration_enabled.yaml | 49 +++++ .../configuration_invalid_values.yaml | 49 +++++ .../configuration_no_eps_configuration.yaml | 38 ++++ ...process_old_events_instead_new_events.yaml | 49 +++++ ...start_dropping_events_when_queue_full.yaml | 49 +++++ ...art_queuing_events_when_limit_reached.yaml | 49 +++++ .../configuration_stop_processing_events.yaml | 49 +++++ .../configuration_without_maximun.yaml | 47 ++++ .../configuration_without_timeframe.yaml | 47 ++++ ...nfiguration_without_timeframe_maximun.yaml | 45 ++++ .../data/test_cases/cases_disabled.yaml | 8 + .../data/test_cases/cases_enabled.yaml | 8 + .../data/test_cases/cases_invalid_values.yaml | 35 +++ .../cases_no_eps_configuration.yaml | 8 + ...cases_process_old_events_multi_thread.yaml | 8 + .../cases_process_old_events_one_thread.yaml | 8 + .../cases_start_dropping_events.yaml | 8 + .../cases_start_queueing_events.yaml | 8 + .../test_cases/cases_stop_process_events.yaml | 8 + .../test_cases/cases_without_maximun.yaml | 6 + .../test_cases/cases_without_timeframe.yaml | 6 + .../cases_without_timeframe_maximun.yaml | 6 + .../test_analysisd/test_eps/test_disabled.py | 76 +++++++ .../test_analysisd/test_eps/test_enabled.py | 75 +++++++ .../test_eps/test_invalid_configuration.py | 200 +++++++++++++++++ .../test_eps/test_invalid_values.py | 78 +++++++ .../test_eps/test_no_eps_configuration.py | 136 ++++++++++++ ...t_process_old_events_instead_new_events.py | 206 ++++++++++++++++++ ...t_start_dropping_events_when_queue_full.py | 114 ++++++++++ ...start_queuing_events_when_limit_reached.py | 111 ++++++++++ .../test_eps/test_stop_processing_events.py | 94 ++++++++ 42 files changed, 2124 insertions(+), 20 deletions(-) create mode 100644 deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py create mode 100644 deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py create mode 100644 tests/integration/test_analysisd/test_eps/conftest.py create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximun.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximun.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml create mode 100644 tests/integration/test_analysisd/test_eps/test_disabled.py create mode 100644 tests/integration/test_analysisd/test_eps/test_enabled.py create mode 100644 tests/integration/test_analysisd/test_eps/test_invalid_configuration.py create mode 100644 tests/integration/test_analysisd/test_eps/test_invalid_values.py create mode 100644 tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py create mode 100644 tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py create mode 100644 tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py create mode 100644 tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py create mode 100644 tests/integration/test_analysisd/test_eps/test_stop_processing_events.py diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py new file mode 100644 index 0000000000..085e57c960 --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -0,0 +1,21 @@ +import os +import json +from datetime import datetime, timedelta +from copy import deepcopy + +from wazuh_testing.tools.time import parse_date_time_format + + +# Timeouts +T_5 = 5 +T_10 = 10 +T_15 = 15 +T_20 = 20 +T_60 = 60 + +ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' +MAILD_PREFIX = r'.*wazuh-maild.*' +# wazuh-analysisd.state file default update configuration +ANALYSISD_STATE_INTERNAL_DEFAULT = '5' +PERCENTAGE_PROCESS_MSGS = 0.95 +QUEUE_SIZE = 16384 \ No newline at end of file diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py new file mode 100644 index 0000000000..90d4bc4605 --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -0,0 +1,120 @@ +import re +from datetime import datetime + +from wazuh_testing.modules import eps as eps +from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE, ALERT_LOGS_PATH +from wazuh_testing.tools.monitoring import FileMonitor + + +def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): + """Create a callback function from a text pattern. + + It already contains the vulnerability-detector prefix. + + Args: + pattern (str): String to match on the log. + prefix (str): regular expression used as prefix before the pattern. + + Returns: + lambda: function that returns if there's a match in the file + + Examples: + >>> callback_bionic_update_started = make_vuln_callback("Starting Ubuntu Bionic database update") + """ + pattern = r'\s+'.join(pattern.split()) + regex = re.compile(r'{}{}'.format(prefix, pattern)) + + return lambda line: regex.match(line) is not None + + +def check_analysisd_event(file_monitor=None, callback='', error_message=None, update_position=True, + timeout=eps.T_60, prefix=eps.ANALYSISD_PREFIX, accum_results=1, + file_to_monitor=LOG_FILE_PATH): + """Check if a analysisd event occurs + + Args: + file_monitor (FileMonitor): FileMonitor object to monitor the file content. + callback (str): log regex to check in Wazuh log + error_message (str): error message to show in case of expected event does not occur + update_position (boolean): filter configuration parameter to search in Wazuh log + timeout (str): timeout to check the event in Wazuh log + prefix (str): log pattern regex + accum_results (int): Accumulation of matches. + """ + file_monitor = FileMonitor(file_to_monitor) if file_monitor is None else file_monitor + error_message = f"Could not find this event in {file_to_monitor}: {callback}" if error_message is None else \ + error_message + + file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, + callback=make_analysisd_callback(callback, prefix), error_message=error_message) + + +def check_eps_disabled(): + """Check if the eps module is disabled""" + check_analysisd_event(callback=fr'.*INFO: EPS limit disabled.*', timeout=eps.T_10) + + +def check_eps_enabled(maximun, timeframe): + """Check if the eps module is enable""" + check_analysisd_event(callback=fr".*INFO: EPS limit enabled, EPS: '{maximun}', timeframe: '{timeframe}'", + timeout=eps.T_10) + + +def check_configuration_error(): + """Check the configuration error event in ossec.log""" + check_analysisd_event(timeout=eps.T_10, callback=r".* \(\d+\): Configuration error at.*", + error_message="Could not find the event 'Configuration error at 'etc/ossec.conf' " + 'in ossec.log', prefix=eps.MAILD_PREFIX) + + +def get_words_from_file(words, filename): + """Get the words from file + + Args: + wordss (str): Word to find in the file + Returns: + str: Line that match in file + """ + with open(filename, 'r') as file: + for _, line in enumerate(file): + # search string + if words in line: + return line + + +def get_analysisd_state(word): + """Get the value of word in wazuh-analysisd.state + + Args: + word (str): Word to find in the file + """ + line = get_words_from_file(word, ANALYSISD_STATE) + return float(line.split("\'")[1::2][0]) + + +def get_alert_timestamp(start_log, end_log): + """Get the timestamp of the alert if exist in the alerts.log file between two string + + Args: + start_log (str): Start message to find + end_log (str): End message to find + """ + with open(ALERT_LOGS_PATH, 'r') as file: + str_file = file.read() + index1 = str_file.find(end_log) + index2 = str_file[0: index1].rfind(start_log) + str_alert = str_file[index2: index1] + timestamp = str_alert[str_alert.find(start_log) + len(start_log):str_alert.find(': ')] + + return datetime.fromtimestamp(float(timestamp)).strftime('%Y-%m-%d %H:%M:%S') + + +def get_msg_with_number(message): + """Check if the alerts.log file contains the message + + Args: + message (str): Message to find + """ + check_analysisd_event(timeout=eps.T_20, callback=message, + error_message="Could not find the event in alerts.log", prefix="", \ + file_to_monitor=ALERT_LOGS_PATH) \ No newline at end of file diff --git a/deps/wazuh_testing/wazuh_testing/processes/__init__.py b/deps/wazuh_testing/wazuh_testing/processes/__init__.py index ebd1aec370..ce74feeba8 100644 --- a/deps/wazuh_testing/wazuh_testing/processes/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/processes/__init__.py @@ -4,3 +4,13 @@ def check_if_modulesd_is_running(): """Check if modulesd daemon is running""" assert check_if_process_is_running('wazuh-modulesd'), 'wazuh-modulesd is not running. It may have crashed' + + +def check_if_deamon_is_running(daemon): + """Check if the specified daemon is running""" + assert check_if_process_is_running(daemon), f"{daemon} is not running. It may have crashed" + + +def check_if_deamon_is_not_running(daemon): + """Check if the specified daemon is running""" + assert check_if_process_is_running(daemon) == False, f"{daemon} is running. It may have crashed" diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index 14e91d0a04..2f06ae8d72 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -41,13 +41,16 @@ def process_script_parameters(args): args (argparse.Namespace): Script args. """ # Add keepalive and receive_message modules if they are not specified in script parameters - if 'keepalive' not in args.modules: - args.modules.append('keepalive') - args.modules_eps.append('0') + if None == args.disable_keepalive: + if 'keepalive' not in args.modules: + args.modules.append('keepalive') + args.modules_eps.append('0') - if 'receive_messages' not in args.modules: - args.modules.append('receive_messages') - args.modules_eps.append('0') + + if None == args.disable_receive: + if 'receive_messages' not in args.modules: + args.modules.append('receive_messages') + args.modules_eps.append('0') def set_agent_modules_and_eps(agent, active_modules, modules_eps): @@ -129,13 +132,14 @@ def create_agents(args): return agents -def create_injectors(agents, manager_address, protocol): +def create_injectors(agents, manager_address, protocol, limit_msg): """Create injectos objects from list of agents and connection parameters. Args: agents (list): List of agents to create the injectors (1 injector/agent). manager_address (str): Manager IP address to connect the agents. protocol (str): TCP or UDP protocol to connect the agents to the manager. + limit_msg (int): Maximun amount of message to be sent. Returns: list: List of injector objects. @@ -146,12 +150,12 @@ def create_injectors(agents, manager_address, protocol): for agent in agents: sender = ag.Sender(manager_address, protocol=protocol) - injectors.append(ag.Injector(sender, agent)) + injectors.append(ag.Injector(sender, agent, limit_msg)) return injectors -def start(injector, time_alive): +def start(injector, time_alive, flag_disable_keepalive): """Start the injector process for a specified time. Args: @@ -160,7 +164,10 @@ def start(injector, time_alive): """ try: injector.run() - sleep(time_alive) + if not flag_disable_keepalive: + sleep(time_alive) + else: + injector.wait() finally: stop(injector) @@ -174,7 +181,7 @@ def stop(injector): injector.stop_receive() -def run(injectors, time_alive): +def run(injectors, time_alive, flag_disable_keepalive): """Run each injector in a separated process. Args: @@ -184,7 +191,7 @@ def run(injectors, time_alive): processes = [] for injector in injectors: - processes.append(Process(target=start, args=(injector, time_alive))) + processes.append(Process(target=start, args=(injector, time_alive, flag_disable_keepalive))) for agent_process in processes: agent_process.start() @@ -322,6 +329,18 @@ def main(): help='Waiting time in seconds between agent registration and the sending of events.', required=False, default=0, dest='waiting_connection_time') + arg_parser.add_argument('-e', '--limit-msg', metavar='', type=int, + help='Amount of message to sent.', + required=False, default=None, dest='limit_msg') + + arg_parser.add_argument('-k', '--disable-keepalive', metavar='', type=bool, + help='Disable keepalive module', + required=False, default=False, dest='disable_keepalive') + + arg_parser.add_argument('-d', '--disable-receive', metavar='', type=bool, + help='Disable receive message module', + required=False, default=False, dest='disable_receive') + args = arg_parser.parse_args() process_script_parameters(args) @@ -333,10 +352,10 @@ def main(): # Waiting time to prevent CPU overload when registering many agents (registration + event generation). sleep(args.waiting_connection_time) - injectors = create_injectors(agents, args.manager_address, args.agent_protocol) + injectors = create_injectors(agents, args.manager_address, args.agent_protocol, args.limit_msg) - run(injectors, args.simulation_time) + run(injectors, args.simulation_time, args.disable_keepalive) if __name__ == "__main__": - main() + main() \ No newline at end of file diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index 9584356065..f8d0457a22 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -77,6 +77,9 @@ else: HOSTS_FILE_PATH = os.path.join('/', 'etc', 'hosts') GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') + ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') + SIMULATE_AGENT = os.path.join('deps','wazuh_testing','wazuh_testing','scripts','simulate_agents.py') + WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: import grp @@ -126,6 +129,7 @@ def get_service(): CLIENT_CUSTOM_CERT_PATH = os.path.join(_data_path, 'sslmanager.cert') WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs') +ALERT_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts') ALERT_FILE_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts', 'alerts.json') ALERT_LOGS_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts', 'alerts.log') CLUSTER_LOGS_PATH = os.path.join(WAZUH_LOGS_PATH, 'cluster.log') diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 3b2089b780..c012a8e660 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -1527,6 +1527,7 @@ class Injector: thread_number (int): total number of threads created. This may change depending on the modules used in the agent. threads (list): list containing all the threads created. + limit_msg (int): Maximun amount of message to be sent. Examples: To create an Injector, you need to create an agent, a sender and then, create the injector using both of them. @@ -1538,16 +1539,17 @@ class Injector: >>> injector.run() """ - def __init__(self, sender, agent): + def __init__(self, sender, agent, limit): self.sender = sender self.agent = agent + self.limit_msg = limit self.thread_number = 0 self.threads = [] for module, config in self.agent.modules.items(): if config["status"] == "enabled": self.threads.append( InjectorThread(self.thread_number, f"Thread-{self.agent.id}{module}", self.sender, - self.agent, module)) + self.agent, module, self.limit_msg)) self.thread_number += 1 def run(self): @@ -1566,6 +1568,11 @@ def stop_receive(self): self.sender.socket.close() + def wait(self): + for thread in range(self.thread_number): + self.threads[thread].join() + + class InjectorThread(threading.Thread): """This class creates a thread who will create and send the events to the manager for each module. @@ -1576,8 +1583,9 @@ class InjectorThread(threading.Thread): agent (Agent): agent owner of the injector and the sender. module (str): module used to send events (fim, syscollector, etc). stop_thread (int): 0 if the thread is running, 1 if it is stopped. + limit_msg (int): Maximun amount of message to be sent. """ - def __init__(self, thread_id, name, sender, agent, module): + def __init__(self, thread_id, name, sender, agent, module, limit_msg): super(InjectorThread, self).__init__() self.thread_id = thread_id self.name = name @@ -1586,6 +1594,7 @@ def __init__(self, thread_id, name, sender, agent, module): self.totalMessages = 0 self.module = module self.stop_thread = 0 + self.limit_msg = limit_msg def keep_alive(self): """Send a keep alive message from the agent to the manager.""" @@ -1668,6 +1677,11 @@ def run_module(self, module): char_size = getsizeof(event_msg[0]) - getsizeof('') event_msg += 'A' * (dummy_message_size//char_size) + # Add message limitiation + if self.totalMessages >= self.limit_msg: + self.stop_thread = 1 + break + event = self.agent.create_event(event_msg) self.sender.send_event(event) self.totalMessages += 1 diff --git a/deps/wazuh_testing/wazuh_testing/tools/configuration.py b/deps/wazuh_testing/wazuh_testing/tools/configuration.py index 79166ce962..e0e75b4787 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/configuration.py +++ b/deps/wazuh_testing/wazuh_testing/tools/configuration.py @@ -742,3 +742,21 @@ def update_configuration_template(configurations, old_values, new_values): configurations_to_update = configurations_to_update.replace(old_value, new_value) return json.loads(configurations_to_update) + + +def get_simulate_agent_configuration(data_file_path): + """Load simulate agent configuration file. + + Args: + data_file_path (str): Test case template file path. + + Returns: + dict: Configurations names. + """ + configuration_file = file.read_yaml(data_file_path) + configuration_parameters = {} + + for test_case in configuration_file: + configuration_parameters.update(test_case['configuration_parameters']) + + return configuration_parameters diff --git a/requirements.txt b/requirements.txt index 44203663d8..4895c7e182 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,14 +21,16 @@ py~=1.10.0 pycryptodome>=3.9.8 pyOpenSSL==19.1.0 pytest-html==3.1.1 -pytest==6.2.5 +pytest==6.2.2 ; python_version <= "3.9" +pytest==7.1.2 ; python_version >= "3.10" pyyaml==5.4 requests==2.23.0 scipy>=1.0; platform_system == "Linux" or platform_system == "Darwin" or platform_system=='Windows' seaborn>=0.11.1; platform_system == "Linux" or platform_system == "Darwin" or platform_system=='Windows' setuptools~=56.0.0 testinfra==5.0.0 -jq>=1.1.2; platform_system == "Linux" or platform_system == "Darwin" +jq==1.1.2 ; (platform_system == "Linux" or platform_system == "Darwin") and python_version <= "3.9" +jq==1.2.2 ; python_version >= "3.10" cryptography==3.3.2; platform_system == "Linux" or platform_system == "Darwin" or platform_system=='Windows' urllib3 numpydoc>=1.1.0 diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py new file mode 100644 index 0000000000..712a0ac7ea --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -0,0 +1,159 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +import os +import re +import subprocess +import socket +import shutil +from typing import List +import pytest + +from wazuh_testing.tools.services import control_service +from wazuh_testing.tools import configuration, SIMULATE_AGENT, ARCHIVES_LOG_FILE_PATH, ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_PATH, WAZUH_INTERNAL_OPTIONS + + +@pytest.fixture(scope='function') +def restart_analysisd_function(): + """Restart wazuh-analysisd daemon before starting a test, and stop it after finishing""" + control_service('restart', daemon='wazuh-analysisd') + yield + control_service('stop', daemon='wazuh-analysisd') + + +@pytest.fixture(scope='session') +def configure_local_internal_options_eps(request): + """Fixture to configure the local internal options file.""" + # Define local internal options for vulnerability detector tests + local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0',\ + 'analysisd.state_interval': f"{request.param[0]}"} + + # Backup the old local internal options + backup_local_internal_options = configuration.get_wazuh_local_internal_options() + + # Set the new local internal options configuration + configuration.set_wazuh_local_internal_options(configuration.create_local_internal_options(local_internal_options)) + + yield + + # Backup the old local internal options cofiguration + configuration.set_wazuh_local_internal_options(backup_local_internal_options) + + +@pytest.fixture(scope='function') +def set_wazuh_configuration_eps(configuration, set_wazuh_configuration, configure_local_internal_options_eps): + """Set wazuh configuration + + Args: + configuration (dict): Configuration template data to write in the ossec.conf. + set_wazuh_configuration (fixture): Set the wazuh configuration according to the configuration data. + configure_local_internal_options_eps (fixture): Set the local_internal_options.conf file. + """ + yield + + +@pytest.fixture(scope='function') +def simulate_agent(request): + """Fixture to execute the script simulate_agent.py""" + #Get IP address of the host + hostname = socket.gethostname() + IPAddr = socket.gethostbyname(hostname) + + file_excecute = os.path.abspath(SIMULATE_AGENT) + subprocess.call(f"python3 {file_excecute} -a {IPAddr} -n {request.param['num_agent']} \ + -m {request.param['modules']} -s {request.param['eps']} -t {request.param['time']} \ + -f {request.param['msg_size']} -e {request.param['total_msg']} \ + -k {request.param['keepalive_disabled']} -d {request.param['receive_msg_disabled']}", shell=True) + + + yield + + +def delete_folder_content(folder): + """Delete alerts folder content execution""" + for filename in os.listdir(folder): + filepath = os.path.join(folder, filename) + try: + shutil.rmtree(filepath) + except OSError: + os.remove(filepath) + + +@pytest.fixture(scope='function') +def delete_alerts_folder(): + """Delete alerts folder content before and after execution""" + + delete_folder_content(ALERT_PATH) + + yield + + delete_folder_content(ALERT_PATH) + + +def get_wazuh_internal_options() -> List[str]: + """Get current `internal_options.conf` file content. + + Returns + List of str: A list containing all the lines of the `ossec.conf` file. + """ + with open(WAZUH_INTERNAL_OPTIONS) as f: + lines = f.readlines() + return lines + + +def set_wazuh_internal_options(wazuh_local_internal_options: List[str]): + """Set up Wazuh `local_internal_options.conf` file content. + + Returns + List of str: A list containing all the lines of the `local_interal_options.conf` file. + """ + with open(WAZUH_INTERNAL_OPTIONS, 'w') as f: + f.writelines(wazuh_local_internal_options) + + +def change_internal_options(param, value, value_regex='[0-9]*'): + """Change the value of a given parameter in internal_options. + + Args: + param (str): parameter to change. + value (obj): new value. + value_regex (str, optional): regex to match value in local_internal_options.conf. Default '[0-9]*' + """ + add_pattern = True + with open(WAZUH_INTERNAL_OPTIONS, "r") as sources: + lines = sources.readlines() + + with open(WAZUH_INTERNAL_OPTIONS, "w") as sources: + for line in lines: + sources.write( + re.sub(f'{param}={value_regex}', f'{param}={value}', line)) + if param in line: + add_pattern = False + + if add_pattern: + with open(WAZUH_INTERNAL_OPTIONS, "a") as sources: + sources.write(f'\n\n{param}={value}') + + +@pytest.fixture(scope='session') +def configure_internal_options_eps(): + """Fixture to configure the internal options file.""" + + # Backup the old local internal options + backup_internal_options = get_wazuh_internal_options() + + change_internal_options('analysisd.event_threads', '1') + change_internal_options('analysisd.syscheck_threads', '1') + change_internal_options('analysisd.syscollector_threads', '1') + change_internal_options('analysisd.rootcheck_threads', '1') + change_internal_options('analysisd.sca_threads', '1') + change_internal_options('analysisd.hostinfo_threads', '1') + change_internal_options('analysisd.winevt_threads', '1') + change_internal_options('analysisd.rule_matching_threads', '1') + change_internal_options('analysisd.dbsync_threads', '1') + change_internal_options('remoted.worker_pool', '1') + + yield + + # Backup the old local internal options cofiguration + set_wazuh_internal_options(backup_internal_options) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml new file mode 100644 index 0000000000..103a7b217c --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml @@ -0,0 +1,10 @@ +- name: 'Simulate agent params configuration' + description: 'Simulate agent params configuration' + configuration_parameters: + num_agent: '1' + modules: 'logcollector' + eps: '10000' + time: '15' + msg_size: '1' + keepalive_disabled: 'True' + receive_msg_disabled: 'True' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml new file mode 100644 index 0000000000..80e983476d --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml @@ -0,0 +1,38 @@ +- sections: + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml new file mode 100644 index 0000000000..3a2efc06f5 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml @@ -0,0 +1,49 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximun.yaml new file mode 100644 index 0000000000..8a486df331 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximun.yaml @@ -0,0 +1,47 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - timeframe: + value: TIMEFRAME + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml new file mode 100644 index 0000000000..34664d09b7 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml @@ -0,0 +1,47 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUN + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximun.yaml new file mode 100644 index 0000000000..dafbd9a40c --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximun.yaml @@ -0,0 +1,45 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + + - section: remote + elements: + - connection: + value: 'secure' + - port: + value: '1514' + - protocol: + value: 'TCP' + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'osquery' + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml new file mode 100644 index 0000000000..fb74cd4c3d --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits disabled' + description: 'EPS Limits disabled' + configuration_parameters: + MAXIMUN: '0' + TIMEFRAME: '5' + metadata: + maximun: 0 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml new file mode 100644 index 0000000000..431925290b --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits enabled' + description: 'EPS Limits enabled' + configuration_parameters: + MAXIMUN: '10' + TIMEFRAME: '5' + metadata: + maximun: 10 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml new file mode 100644 index 0000000000..53d0df843a --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml @@ -0,0 +1,35 @@ +- name: 'EPS Limits with maximun values over the maximun allowed' + description: 'EPS Limits with maximun values over the maximun allowed' + configuration_parameters: + MAXIMUN: '100001' + TIMEFRAME: '5' + metadata: + maximun: 100001 + timeframe: 5 + +- name: 'EPS Limits with timeframe values over the timeframe allowed' + description: 'EPS Limits with timeframe values over the timeframe allowed' + configuration_parameters: + MAXIMUN: '10' + TIMEFRAME: '3601' + metadata: + maximun: 10 + timeframe: 3601 + +- name: 'EPS Limits with timeframe value 0' + description: 'EPS Limits with timeframe value 0' + configuration_parameters: + MAXIMUN: '10' + TIMEFRAME: '0' + metadata: + maximun: 10 + timeframe: 0 + +- name: 'EPS Limits with maximun and timeframe values 0' + description: 'EPS Limits with maximun and timeframe values 0' + configuration_parameters: + MAXIMUN: '0' + TIMEFRAME: '0' + metadata: + maximun: 0 + timeframe: 0 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml new file mode 100644 index 0000000000..58af1f1f3c --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits disables' + description: 'EPS Limits disables' + configuration_parameters: + MAXIMUN: '0' + TIMEFRAME: '5' + metadata: + maximun: 0 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml new file mode 100644 index 0000000000..6eaac1df8a --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits process old events instead of new ones - Multithread' + description: 'EPS Limits process old events instead of new ones - Multithread' + configuration_parameters: + MAXIMUN: '10' + TIMEFRAME: '5' + metadata: + maximun: 10 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml new file mode 100644 index 0000000000..f019ae79b7 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits process old events instead of new ones - One thread' + description: 'EPS Limits process old events instead of new ones - One thread' + configuration_parameters: + MAXIMUN: '100' + TIMEFRAME: '5' + metadata: + maximun: 100 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml new file mode 100644 index 0000000000..b0c5c2e8ff --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits start dropping events' + description: 'EPS Limits start dropping events' + configuration_parameters: + MAXIMUN: '1' + TIMEFRAME: '5' + metadata: + maximun: 1 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml new file mode 100644 index 0000000000..479e83d025 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits start queueing events' + description: 'EPS Limits start queueing events' + configuration_parameters: + MAXIMUN: '100' + TIMEFRAME: '5' + metadata: + maximun: 100 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml new file mode 100644 index 0000000000..aa82ebfa68 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml @@ -0,0 +1,8 @@ +- name: 'EPS Limits stop processing events' + description: 'EPS Limits stop processing events' + configuration_parameters: + MAXIMUN: '100' + TIMEFRAME: '5' + metadata: + maximun: 100 + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml new file mode 100644 index 0000000000..02f401a024 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml @@ -0,0 +1,6 @@ +- name: 'EPS Limits without maximun value' + description: 'EPS Limits without maximun value' + configuration_parameters: + TIMEFRAME: '5' + metadata: + timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml new file mode 100644 index 0000000000..04923c0ed0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml @@ -0,0 +1,6 @@ +- name: 'EPS Limits without timeframe value' + description: 'EPS Limits without timeframe value' + configuration_parameters: + MAXIMUN: '500' + metadata: + maximun: 500 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml new file mode 100644 index 0000000000..04923c0ed0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml @@ -0,0 +1,6 @@ +- name: 'EPS Limits without timeframe value' + description: 'EPS Limits without timeframe value' + configuration_parameters: + MAXIMUN: '500' + metadata: + maximun: 500 diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py new file mode 100644 index 0000000000..783d8cdbbd --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -0,0 +1,76 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_deamon_is_running + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') + +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_disabled.yaml') + +# Disabled test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_disabled(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function): + ''' + description: Check that limits EPS is not started when `maximum` is set to a value equal to 0, or with an empty + value, and `timeframe` is set to a value greater than 0 and lower than 3600. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check in the log that the EPS limits is disabled. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + + assertions: + - Verify that when the `maximum` value is set to 0 or with an empty value and, `timeframe` value is set to a + value greater than 0 and lower than 3600, the module EPS limits is not running. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_disabled.yaml` file provides the module configuration for this test. + + expected_output: + - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' + ''' + evm.check_eps_disabled() + # Check that wazuh-analysisd is running + check_if_deamon_is_running('wazuh-analysisd') diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py new file mode 100644 index 0000000000..d93d742aff --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -0,0 +1,75 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_deamon_is_running + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_enabled.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_enabled.yaml') + +# Enabled test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_enabled(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function): + ''' + description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, + and `timeframe` is set to a value greater than 0 and lower than 3600. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check in the log that the EPS limits is enabled. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + + assertions: + - Verify that when the `maximum` value is set to a values greater than 0 and lower than 100000 and, `timeframe` + value is set to a value greater than 0 and lower than 3600, the module EPS limits is running. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_enabled.yaml` file provides the module configuration for this test. + + expected_output: + - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' + ''' + evm.check_eps_enabled(metadata['maximun'], metadata['timeframe']) + # Check that wazuh-analysisd is running + check_if_deamon_is_running('wazuh-analysisd') diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py new file mode 100644 index 0000000000..40c306ffac --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -0,0 +1,200 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.tools.services import control_service +from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_deamon_is_not_running + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_maximun.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_maximun.yaml') + +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe.yaml') + +t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximun.yaml') +t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe_maximun.yaml') + +# Test configurations without maximun value (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# Test configurations without timeframe value (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, + t2_configuration_metadata) + +# Test configurations without timeframe and maximun values (t3) +t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path) +t3_configurations = load_configuration_template(t3_configurations_path, t3_configuration_parameters, + t3_configuration_metadata) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_without_maximun(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_after_finishing): + ''' + description: Check that wazuh manager is not started when `maximum` value is not present in the + configuration file. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check that wazuh manager does not start. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_after_finishing: + type: fixture + brief: Restart wazuh modules after finishing the test module. + + assertions: + - The error message appears when the `maximum` and/or `timeframe` values have invalid values. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_invalid_value.yaml` file provides the module configuration for this test. + + expected_output: + - r'.*: Configuration error at.*' + ''' + try: + control_service('restart') + except ValueError: + evm.check_configuration_error() + # Check that wazuh-analysisd is not running + check_if_deamon_is_not_running('wazuh-analysisd') + + +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_after_finishing): + ''' + description: Check that wazuh manager is not started when `timeframe` value is not present in the + configuration file + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check that wazuh manager does not start. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_after_finishing: + type: fixture + brief: Restart wazuh modules after finishing the test module. + + assertions: + - The error message appears when the `maximum` and/or `timeframe` values have invalid values. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_invalid_value.yaml` file provides the module configuration for this test. + + expected_output: + - r'.*: Configuration error at.*' + ''' + try: + control_service('restart') + except ValueError: + evm.check_configuration_error() + # Check that wazuh-analysisd is not running + check_if_deamon_is_not_running('wazuh-analysisd') + + +@pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_without_timeframe_maximun(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_after_finishing): + ''' + description: Check that wazuh manager is not started when `maximum` and/or `timeframe` are not present in the + configuration file. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check that wazuh manager does not start. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_after_finishing: + type: fixture + brief: Restart wazuh modules after finishing the test module. + + assertions: + - The error message appears when the `maximum` and/or `timeframe` values have invalid values. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_invalid_value.yaml` file provides the module configuration for this test. + + expected_output: + - r'.*: Configuration error at.*' + ''' + try: + control_service('restart') + except ValueError: + evm.check_configuration_error() + # Check that wazuh-analysisd is not running + check_if_deamon_is_not_running('wazuh-analysisd') diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py new file mode 100644 index 0000000000..245df33ddd --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -0,0 +1,78 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.tools.services import control_service +from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_deamon_is_not_running + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_invalid_values.yaml') + +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_invalid_values.yaml') + +# Invalid value test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_invalid_values(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_after_finishing): + ''' + description: Check that wazuh manager is not started when an invalid value is set to `maximum` and/or `timeframe`. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check that wazuh manager does not start. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_after_finishing: + type: fixture + brief: Restart wazuh modules after finishing the test module. + + assertions: + - The error message appears when the `maximum` and/or `timeframe` values have invalid values. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_invalid_value.yaml` file provides the module configuration for this test. + + expected_output: + - r'.*: Configuration error at.*' + ''' + try: + control_service('restart') + except ValueError: + evm.check_configuration_error() + # Check that wazuh-analysisd is not running + check_if_deamon_is_not_running('wazuh-analysisd') diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py new file mode 100644 index 0000000000..02990fbe4e --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -0,0 +1,136 @@ +import os +from time import sleep +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ +get_simulate_agent_configuration +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT, PERCENTAGE_PROCESS_MSGS + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_no_eps_configuration.yaml') +configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, + 'configuration_simulate_agent.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_no_eps_configuration.yaml') + +# Enabled test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# Get simulate agent configurations (t1) +params_disabled_eps = get_simulate_agent_configuration(configurations_simulate_agent_path) +timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] +total_msg = 1000 # of 1Kb message of 16384 Kb of queue size +params_disabled_eps.update({'total_msg': total_msg}) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_disabled(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function): + ''' + description: Check that limits EPS is disabled when it is not configured. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check in the log that the EPS limits is disabled. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + + assertions: + - Verify that when the `maximum` value is set to 0 or with an empty value and, `timeframe` value is set to a + value greater than 0 and lower than 3600, the module EPS limits is not running. + + input_description: + - The `cases_no_eps_configuration.yaml` file provides the module configuration for this test. + + expected_output: + - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' + ''' + evm.check_eps_disabled() + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('simulate_agent', [params_disabled_eps], indirect=True) +def test_without_eps_setting(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): + ''' + description: Check that limits EPS is disabled when it is not configured and the received events are similar or + equal to the processed events. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check in the log that the EPS limits is disabled. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + - simulate_agent: + type: fixture + brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + + assertions: + - Verify the events_received are equal or greater than a porcentage of events_processed. + + input_description: + - The `cases_disabled.yaml` file provides the module configuration for this test. + + expected_output: + - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' + ''' + # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values + sleep(metadata['timeframe'] / 2) + events_processed = evm.get_analysisd_state('events_processed') + events_received = evm.get_analysisd_state('events_received') + # There are some internal event that are processed but not are reflected in events_received, That why it has been used PERCENTAGE_PROCESS_MSGS variable + assert events_processed >= events_received * PERCENTAGE_PROCESS_MSGS and \ + events_processed > 0, 'The events_processed value is similar to events_received' diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py new file mode 100644 index 0000000000..46aab15107 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -0,0 +1,206 @@ +import os +from time import sleep +from datetime import datetime +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ +get_simulate_agent_configuration +from wazuh_testing.modules.eps import event_monitor as evm + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_process_old_events_instead_new_events.yaml') +configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, + 'configuration_simulate_agent.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_one_thread.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_multi_thread.yaml') + +# Process old events instead of new ones test configurations multi thread (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# Process old events instead of new ones test configurations one thread (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(configurations_path, t2_configuration_parameters, + t2_configuration_metadata) + +# Get simulate agent configurations (t1) +params_process_old_events_one_thread = get_simulate_agent_configuration(configurations_simulate_agent_path) +timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] +total_msg = 10000 # of 1Kb message of 16384 Kb of queue size +params_process_old_events_one_thread.update({'total_msg': total_msg}) + +# Get simulate agent configurations (t2) +params_process_old_events_multithread = get_simulate_agent_configuration(configurations_simulate_agent_path) +maximun_eps_t2 = [metadata['maximun'] for metadata in t2_configuration_metadata] +timeframe_eps_t2 = [metadata['timeframe'] for metadata in t2_configuration_metadata] +# It is sent `width_frame` time frame width to reduce test time execution +frame_width = 3 +total_msg = maximun_eps_t2[0] * timeframe_eps_t2[0] * frame_width +params_process_old_events_multithread.update({'total_msg': total_msg}) + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('simulate_agent', [params_process_old_events_one_thread], indirect=True) +def test_process_old_events_one_thread(configuration, metadata, set_wazuh_configuration_eps, + configure_internal_options_eps, truncate_monitored_files, + delete_alerts_folder, restart_wazuh_daemon_function, simulate_agent): + ''' + description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving + average frees up some space. To do this, read the alerts.log file and find the numerated alerts + messages and gets the timestamp. The oldest message must have lower timestamp. To do so, first it must + set the `internal_options.conf` file to work with one thread, otherwise the message are not in the + increasing order. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Execute agent simulated script. + - Check alerts.log file. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - configure_internal_options_eps: + type: fixture + brief: Set the wazuh internal option configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - delete_alerts_folder: + type: fixture + brief: Delete all the content od the /var/log/alerts folder. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + - simulate_agent: + type: fixture + brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + + assertions: + - The timestamp of the oldest numerated messages have to be lower than he new messages. + + input_description: + - The `cases_process_old_events_one_thread.yaml` file provides the module configuration for this test. + ''' + # Set logcollector message that the agent sents + logcollector_message = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' + # Set the alerts start message + start_alert_msg = '** Alert ' + # Initial timestamp to compare + timestamp_bkp = datetime.fromtimestamp(float(0.0)).strftime('%Y-%m-%d %H:%M:%S') + # Factor to iterate the alerts.log file to reduce the test execution time + time_events_processed = 5 + + # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values + sleep(metadata['timeframe'] / 2) + events_processed = int(evm.get_analysisd_state('events_processed')) + events_received = int(evm.get_analysisd_state('events_received')) + + # Check that the timestamp of the message in the alerts.log is lower than the next one + # In order to reduce the test time execution, It will check {time_events_processed} consecutive timeframe + # by checking events_processed * time_events_processed + if(events_processed * time_events_processed <= events_received): + for index in range((events_processed * time_events_processed) - 1): + # Get the timestamp of the log + timestamp = evm.get_alert_timestamp(start_alert_msg, f"{logcollector_message} {index}") + # Check that the timestamp of the first message y lower than the previous one + assert timestamp >= timestamp_bkp, 'The timestamp of the previous message has to be lower than the '\ + 'next one' + # Store the timestamp to be compared with the next one + timestamp_bkp = timestamp + else: + raise Exception('Not enough messages were sent. Please increase the `total_msg` for ' \ + 'this test.') + + +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) +@pytest.mark.parametrize('simulate_agent', [params_process_old_events_multithread], indirect=True) +def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, delete_alerts_folder, + restart_wazuh_daemon_function, simulate_agent): + ''' + description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving + average frees up some space. To do this, read the alerts.log file and find the numerated alerts + messages with the FileMonitor tool. To do so, it iterates the `n` frames of `maximun` * `timeframe` and + checks if the message number belongs to the respective frame. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Execute agent simulated script. + - Check alerts.log file. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - configure_internal_options_eps: + type: fixture + brief: Set the wazuh internal option configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - delete_alerts_folder: + type: fixture + brief: Delete all the content od the /var/log/alerts folder. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + - simulate_agent: + type: fixture + brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + + assertions: + - The timestamp of the oldest numerated messages have to be lower than he new messages. + + input_description: + - The `cases_process_old_events_multi_thread.yaml` file provides the module configuration for this test. + ''' + # Set logcollector message that the agent sents + logcollector_message = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' + # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values + sleep(metadata['timeframe'] / 2) + events_received = evm.get_analysisd_state('events_received') + index = 0 + frame = metadata['timeframe'] * metadata['maximun'] + # Iterate over each frame to find the respective numerated message belongs to the frame + while (index + 1) * frame <= events_received: + start_index = index * frame + end_index = (index + 1) * frame + # Iterate over the frame to find the respective numerated message + for msg_number in range(start_index, end_index): + evm.get_msg_with_number(fr".*{logcollector_message} {msg_number}") + index += 1 diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py new file mode 100644 index 0000000000..bd5ea25e34 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -0,0 +1,114 @@ +import os +from time import sleep +from datetime import datetime +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ +get_simulate_agent_configuration +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_start_dropping_events_when_queue_full.yaml') +configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, + 'configuration_simulate_agent.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_start_dropping_events.yaml') + + +# Start dropping events test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# Get simulate agent configurations (t1) +params_start_dropping_events_when_queue_full = get_simulate_agent_configuration(configurations_simulate_agent_path) +timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] +total_msg = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 +expected_msg_dropped = total_msg - QUEUE_SIZE +params_start_dropping_events_when_queue_full.update({'total_msg': total_msg}) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('simulate_agent', [params_start_dropping_events_when_queue_full], indirect=True) +def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function, + simulate_agent): + ''' + description: Check that the `events_dropped` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must + be greater than 1 and, `event_queue_usage` is equal to 1 + than 1.0. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Execute agent simulated script. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + - simulate_agent: + type: fixture + brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + + assertions: + - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal + than `maximun` * `timeframe` and greater than a percentage of `maximun` * `timeframe` to confirm that + `events_processed` is not null. The `events_received` value must be greater than `events_processed` and, + the `events_dropped` value greater than 0 and finaly, `event_queue_usage` is equal to 1.0. + + input_description: + - The `cases_start_queueing_events.yaml` file provides the module configuration for this test. + ''' + # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values + sleep(metadata['timeframe'] / 2) + events_processed = evm.get_analysisd_state('events_processed') + events_received = evm.get_analysisd_state('events_received') + events_dropped = evm.get_analysisd_state('events_dropped') + event_queue_usage = evm.get_analysisd_state('event_queue_usage') + + # Check that processed events reach the EPS limit + assert events_processed <= float(metadata['maximun'] * metadata['timeframe']) and \ + events_processed >= float(metadata['maximun'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximun * timeframe' + + # Check that events continue receiving although the EPS limit was reached + assert events_received > events_processed, 'events_received must be bigger than events_processed' + + # Check that there is no event dropped and the queue usage is less than 1.0 (100%). This means the queue is not full + assert events_dropped >= int(expected_msg_dropped * PERCENTAGE_PROCESS_MSGS) \ + and events_dropped <= int(expected_msg_dropped * (1 + (1 - PERCENTAGE_PROCESS_MSGS))), 'events_dropped must be '\ + 'in the range of (total_msg - QUEUE_SIZE)' + + # Check that there is no event dropped and the queue usage is less than 1.0 (100%). This means the queue is not full + assert event_queue_usage == 1.0, 'event_queue_usage must be 1.0' + + # Check that events_dropped are in the range of events_received - events_processed + assert events_processed <= events_received - events_dropped, 'events_processed must be lower than' \ + 'events_received - events_dropped' \ No newline at end of file diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py new file mode 100644 index 0000000000..9f784aced0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -0,0 +1,111 @@ +import os +from time import sleep +from datetime import datetime +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ +get_simulate_agent_configuration +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_start_queuing_events_when_limit_reached.yaml') +configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, + 'configuration_simulate_agent.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_start_queueing_events.yaml') + +# Start queueing events test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# Get simulate agent configurations (t1) +params_start_queuing_events_when_limit_reached = get_simulate_agent_configuration(configurations_simulate_agent_path) +maximun_eps = [metadata['maximun'] for metadata in t1_configuration_metadata] +timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] +# It is sent `width_frame` time frame width to reduce test time execution +width_frame = 3 +total_msg = maximun_eps[0] * timeframe_eps_t1[0] * width_frame +if total_msg > QUEUE_SIZE: + total_msg = QUEUE_SIZE - 1 +params_start_queuing_events_when_limit_reached.update({'total_msg': total_msg}) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('simulate_agent', [params_start_queuing_events_when_limit_reached], indirect=True) +def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function, + simulate_agent): + ''' + description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must + be lower or equal than `maximun` * `timeframe` and, the `events_received` value must be greater than + `events_processed` and, the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is lower + than 1.0. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Execute agent simulated script. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + - simulate_agent: + type: fixture + brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + + assertions: + - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal + than `maximun` * `timeframe` and greater than a percentage of `maximun` * `timeframe` to confirm that + `events_processed` is not null. The `events_received` value must be greater than `events_processed` and, + the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is lower than 1.0. + + input_description: + - The `cases_start_queueing_events.yaml` file provides the module configuration for this test. + ''' + # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values + sleep(metadata['timeframe'] / 2) + events_processed = evm.get_analysisd_state('events_processed') + events_received = evm.get_analysisd_state('events_received') + events_dropped = evm.get_analysisd_state('events_dropped') + event_queue_usage = evm.get_analysisd_state('event_queue_usage') + + # Check that processed events reach the EPS limit + assert events_processed <= float(metadata['maximun'] * metadata['timeframe']) and \ + events_processed >= float(metadata['maximun'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximun * timeframe' + + # Check that events continue receiving although the EPS limit was reached + assert events_received > events_processed, 'events_received must be bigger than events_processed' + + # Check that there are not events dropped and the queue usage is less than 1.0 (100%). + # This means the queue is not full + assert events_dropped == 0 and event_queue_usage < 1.0 and event_queue_usage > 0.0, 'events_dropped must be 0 ' \ + 'and event_queue_usage less than 1.0' diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py new file mode 100644 index 0000000000..85fe1d1722 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -0,0 +1,94 @@ +import os +from time import sleep +from datetime import datetime +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ +get_simulate_agent_configuration +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_stop_processing_events.yaml') +configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, + 'configuration_simulate_agent.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_stop_process_events.yaml') + +# Stop processing events test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# Get simulate agent configurations (t1) +params_stop_processing_events = get_simulate_agent_configuration(configurations_simulate_agent_path) +maximun_eps = [metadata['maximun'] for metadata in t1_configuration_metadata] +timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] +total_msg = maximun_eps[0] * timeframe_eps_t1[0] * 3 +if total_msg > QUEUE_SIZE: + total_msg = QUEUE_SIZE - 1 +params_stop_processing_events.update({'total_msg': total_msg}) + + +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('simulate_agent', [params_stop_processing_events], indirect=True) +def test_stops_processing_events(configuration, metadata, set_wazuh_configuration_eps, truncate_monitored_files, + restart_wazuh_daemon_function, simulate_agent): + ''' + description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must + be lower or equal than `maximun` * `timeframe` + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Execute agent simulated script. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + - simulate_agent: + type: fixture + brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + + assertions: + - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal + than `maximun` * `timeframe` and greater than a percentage of `maximun` * `timeframe` to confirm that + `events_processed` is not null. + + input_description: + - The `cases_stop_process_events.yaml` file provides the module configuration for this test. + ''' + # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values + sleep(metadata['timeframe'] / 2) + events_processed = evm.get_analysisd_state('events_processed') + + # Check that processed events reach the EPS limit + assert events_processed <= float(metadata['maximun'] * metadata['timeframe']) and \ + events_processed >= float(metadata['maximun'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximun * timeframe' From aaf5985adfe3e75f3d75c6aca6823bdec02811c5 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 08:38:06 -0300 Subject: [PATCH 02/79] add: Add message number error event #2947 --- deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 90d4bc4605..190f606e48 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -116,5 +116,5 @@ def get_msg_with_number(message): message (str): Message to find """ check_analysisd_event(timeout=eps.T_20, callback=message, - error_message="Could not find the event in alerts.log", prefix="", \ + error_message=fr"Could not find the event: {message}", prefix="", \ file_to_monitor=ALERT_LOGS_PATH) \ No newline at end of file From 9490d8b49549821fbc0b7f7b7a86d11637bb102f Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 08:56:08 -0300 Subject: [PATCH 03/79] refac: Refactor agent_simulator.py to get message with number #2947 --- .../wazuh_testing/tools/agent_simulator.py | 27 ++++++++++++++++--- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index c012a8e660..ad2b7fb9b7 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -478,6 +478,8 @@ def process_message(self, sender, message): kind, checksum, name = msg_decoded_list[1:4] if kind == 'file' and "merged.mg" in name: self.update_checksum(checksum) + elif '#!-force_reconnect' in msg_decoded_list[0]: + sender.reconnect(self.startup_msg) def process_command(self, sender, message_list): """Process agent received commands through the socket. @@ -675,7 +677,8 @@ def init_syscollector(self): def init_rootcheck(self): """Initialize rootcheck module.""" if self.rootcheck is None: - self.rootcheck = Rootcheck(os = self.os, agent_name = self.name, agent_id = self.id, rootcheck_sample = self.rootcheck_sample) + self.rootcheck = Rootcheck(os=self.os, agent_name=self.name, agent_id=self.id, + rootcheck_sample=self.rootcheck_sample) def init_fim(self): """Initialize fim module.""" @@ -1014,6 +1017,7 @@ class Logcollector: def __init__(self): self.logcollector_tag = 'syslog' self.logcollector_mq = 'x' + self.message_counter = 0 def generate_event(self): """Generate logcollector event @@ -1023,8 +1027,10 @@ def generate_event(self): """ log = 'Mar 24 10:12:36 centos8 sshd[12249]: Invalid user random_user from 172.17.1.1 port 56550' - message = f"{self.logcollector_mq}:{self.logcollector_tag}:{log}" + message_counter_info = f"Message number: {self.message_counter}" + message = f"{self.logcollector_mq}:{self.logcollector_tag}:{log}:{message_counter_info}" + self.message_counter = self.message_counter + 1 return message @@ -1491,12 +1497,24 @@ def __init__(self, manager_address, manager_port='1514', protocol=TCP): self.manager_address = manager_address self.manager_port = manager_port self.protocol = protocol.upper() + self.socket = None + self.connect() + + def connect(self): if is_tcp(self.protocol): self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.connect((self.manager_address, int(self.manager_port))) if is_udp(self.protocol): self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + def reconnect(self, event): + if is_tcp(self.protocol): + self.socket.shutdown(socket.SHUT_RDWR) + self.socket.close() + self.connect() + if event: + self.send_event(event) + def send_event(self, event): if is_tcp(self.protocol): length = pack('= self.limit_msg: self.stop_thread = 1 break - + event = self.agent.create_event(event_msg) self.sender.send_event(event) self.totalMessages += 1 sent_messages += 1 if self.totalMessages % eps == 0: sleep(1.0 - ((time() - start_time) % 1.0)) + if frequency > 1: sleep(frequency - ((time() - start_time) % frequency)) From a810b0cb52c1eac5a73868e74e85f7e6696d3d85 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 10:00:55 -0300 Subject: [PATCH 04/79] refact: Refactor variable names #2947 --- .../modules/eps/event_monitor.py | 4 ++-- .../wazuh_testing/scripts/simulate_agents.py | 12 +++++----- .../wazuh_testing/tools/agent_simulator.py | 4 ++-- .../configuration_disabled.yaml | 2 +- .../configuration_enabled.yaml | 2 +- .../configuration_invalid_values.yaml | 2 +- ...process_old_events_instead_new_events.yaml | 2 +- ...start_dropping_events_when_queue_full.yaml | 2 +- ...art_queuing_events_when_limit_reached.yaml | 2 +- .../configuration_stop_processing_events.yaml | 2 +- ...aml => configuration_without_maximum.yaml} | 0 .../configuration_without_timeframe.yaml | 2 +- ...figuration_without_timeframe_maximum.yaml} | 0 .../data/test_cases/cases_disabled.yaml | 4 ++-- .../data/test_cases/cases_enabled.yaml | 4 ++-- .../data/test_cases/cases_invalid_values.yaml | 24 +++++++++---------- .../cases_no_eps_configuration.yaml | 4 ++-- ...cases_process_old_events_multi_thread.yaml | 4 ++-- .../cases_process_old_events_one_thread.yaml | 4 ++-- .../cases_start_dropping_events.yaml | 4 ++-- .../cases_start_queueing_events.yaml | 4 ++-- .../test_cases/cases_stop_process_events.yaml | 4 ++-- .../test_cases/cases_without_maximun.yaml | 4 ++-- .../test_cases/cases_without_timeframe.yaml | 4 ++-- .../cases_without_timeframe_maximun.yaml | 4 ++-- .../test_analysisd/test_eps/test_enabled.py | 4 ++-- .../test_eps/test_invalid_configuration.py | 16 ++++++------- .../test_eps/test_invalid_values.py | 2 +- .../test_eps/test_no_eps_configuration.py | 2 +- ...t_process_old_events_instead_new_events.py | 13 +++++----- ...t_start_dropping_events_when_queue_full.py | 10 ++++---- ...start_queuing_events_when_limit_reached.py | 18 +++++++------- .../test_eps/test_stop_processing_events.py | 14 +++++------ .../agent_connection/test_keep_alive.py | 4 ++-- 34 files changed, 94 insertions(+), 93 deletions(-) rename tests/integration/test_analysisd/test_eps/data/configuration_template/{configuration_without_maximun.yaml => configuration_without_maximum.yaml} (100%) rename tests/integration/test_analysisd/test_eps/data/configuration_template/{configuration_without_timeframe_maximun.yaml => configuration_without_timeframe_maximum.yaml} (100%) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 190f606e48..8a7a43a6af 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -54,9 +54,9 @@ def check_eps_disabled(): check_analysisd_event(callback=fr'.*INFO: EPS limit disabled.*', timeout=eps.T_10) -def check_eps_enabled(maximun, timeframe): +def check_eps_enabled(maximum, timeframe): """Check if the eps module is enable""" - check_analysisd_event(callback=fr".*INFO: EPS limit enabled, EPS: '{maximun}', timeframe: '{timeframe}'", + check_analysisd_event(callback=fr".*INFO: EPS limit enabled, EPS: '{maximum}', timeframe: '{timeframe}'", timeout=eps.T_10) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index 2f06ae8d72..d7aee4f7f2 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -41,13 +41,13 @@ def process_script_parameters(args): args (argparse.Namespace): Script args. """ # Add keepalive and receive_message modules if they are not specified in script parameters - if None == args.disable_keepalive: + if args.disable_keepalive is None: if 'keepalive' not in args.modules: args.modules.append('keepalive') args.modules_eps.append('0') - if None == args.disable_receive: + if args.disable_receive is None: if 'receive_messages' not in args.modules: args.modules.append('receive_messages') args.modules_eps.append('0') @@ -139,7 +139,7 @@ def create_injectors(agents, manager_address, protocol, limit_msg): agents (list): List of agents to create the injectors (1 injector/agent). manager_address (str): Manager IP address to connect the agents. protocol (str): TCP or UDP protocol to connect the agents to the manager. - limit_msg (int): Maximun amount of message to be sent. + limit_msg (int): Maximum amount of message to be sent. Returns: list: List of injector objects. @@ -164,10 +164,10 @@ def start(injector, time_alive, flag_disable_keepalive): """ try: injector.run() - if not flag_disable_keepalive: - sleep(time_alive) - else: + if flag_disable_keepalive: injector.wait() + else: + sleep(time_alive) finally: stop(injector) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index ad2b7fb9b7..2c0e3797a2 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -1545,7 +1545,7 @@ class Injector: thread_number (int): total number of threads created. This may change depending on the modules used in the agent. threads (list): list containing all the threads created. - limit_msg (int): Maximun amount of message to be sent. + limit_msg (int): Maximum amount of message to be sent. Examples: To create an Injector, you need to create an agent, a sender and then, create the injector using both of them. @@ -1601,7 +1601,7 @@ class InjectorThread(threading.Thread): agent (Agent): agent owner of the injector and the sender. module (str): module used to send events (fim, syscollector, etc). stop_thread (int): 0 if the thread is running, 1 if it is stopped. - limit_msg (int): Maximun amount of message to be sent. + limit_msg (int): Maximum amount of message to be sent. """ def __init__(self, thread_id, name, sender, agent, module, limit_msg): super(InjectorThread, self).__init__() diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml index 3a2efc06f5..2e4d7c48db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximun.yaml rename to tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml index 34664d09b7..4e7d122b45 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml @@ -6,7 +6,7 @@ - eps: elements: - maximum: - value: MAXIMUN + value: MAXIMUM - section: remote elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximun.yaml rename to tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml index fb74cd4c3d..60d51ee746 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits disabled' description: 'EPS Limits disabled' configuration_parameters: - MAXIMUN: '0' + MAXIMUM: '0' TIMEFRAME: '5' metadata: - maximun: 0 + maximum: 0 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml index 431925290b..c82c4e05cf 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits enabled' description: 'EPS Limits enabled' configuration_parameters: - MAXIMUN: '10' + MAXIMUM: '10' TIMEFRAME: '5' metadata: - maximun: 10 + maximum: 10 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml index 53d0df843a..879a05264e 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml @@ -1,35 +1,35 @@ -- name: 'EPS Limits with maximun values over the maximun allowed' - description: 'EPS Limits with maximun values over the maximun allowed' +- name: 'EPS Limits with maximum values over the maximum allowed' + description: 'EPS Limits with maximum values over the maximum allowed' configuration_parameters: - MAXIMUN: '100001' + MAXIMUM: '100001' TIMEFRAME: '5' metadata: - maximun: 100001 + maximum: 100001 timeframe: 5 - name: 'EPS Limits with timeframe values over the timeframe allowed' description: 'EPS Limits with timeframe values over the timeframe allowed' configuration_parameters: - MAXIMUN: '10' + MAXIMUM: '10' TIMEFRAME: '3601' metadata: - maximun: 10 + maximum: 10 timeframe: 3601 - name: 'EPS Limits with timeframe value 0' description: 'EPS Limits with timeframe value 0' configuration_parameters: - MAXIMUN: '10' + MAXIMUM: '10' TIMEFRAME: '0' metadata: - maximun: 10 + maximum: 10 timeframe: 0 -- name: 'EPS Limits with maximun and timeframe values 0' - description: 'EPS Limits with maximun and timeframe values 0' +- name: 'EPS Limits with maximum and timeframe values 0' + description: 'EPS Limits with maximum and timeframe values 0' configuration_parameters: - MAXIMUN: '0' + MAXIMUM: '0' TIMEFRAME: '0' metadata: - maximun: 0 + maximum: 0 timeframe: 0 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml index 58af1f1f3c..3894a9b309 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits disables' description: 'EPS Limits disables' configuration_parameters: - MAXIMUN: '0' + MAXIMUM: '0' TIMEFRAME: '5' metadata: - maximun: 0 + maximum: 0 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml index 6eaac1df8a..3b759629b3 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits process old events instead of new ones - Multithread' description: 'EPS Limits process old events instead of new ones - Multithread' configuration_parameters: - MAXIMUN: '10' + MAXIMUM: '10' TIMEFRAME: '5' metadata: - maximun: 10 + maximum: 10 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml index f019ae79b7..5ac863a975 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits process old events instead of new ones - One thread' description: 'EPS Limits process old events instead of new ones - One thread' configuration_parameters: - MAXIMUN: '100' + MAXIMUM: '100' TIMEFRAME: '5' metadata: - maximun: 100 + maximum: 100 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml index b0c5c2e8ff..d00da949c3 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits start dropping events' description: 'EPS Limits start dropping events' configuration_parameters: - MAXIMUN: '1' + MAXIMUM: '1' TIMEFRAME: '5' metadata: - maximun: 1 + maximum: 1 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml index 479e83d025..f2873d7292 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits start queueing events' description: 'EPS Limits start queueing events' configuration_parameters: - MAXIMUN: '100' + MAXIMUM: '100' TIMEFRAME: '5' metadata: - maximun: 100 + maximum: 100 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml index aa82ebfa68..d0f59dffec 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml @@ -1,8 +1,8 @@ - name: 'EPS Limits stop processing events' description: 'EPS Limits stop processing events' configuration_parameters: - MAXIMUN: '100' + MAXIMUM: '100' TIMEFRAME: '5' metadata: - maximun: 100 + maximum: 100 timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml index 02f401a024..c06afd775a 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits without maximun value' - description: 'EPS Limits without maximun value' +- name: 'EPS Limits without maximum value' + description: 'EPS Limits without maximum value' configuration_parameters: TIMEFRAME: '5' metadata: diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml index 04923c0ed0..1f3c895eb2 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml @@ -1,6 +1,6 @@ - name: 'EPS Limits without timeframe value' description: 'EPS Limits without timeframe value' configuration_parameters: - MAXIMUN: '500' + MAXIMUM: '500' metadata: - maximun: 500 + maximum: 500 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml index 04923c0ed0..1f3c895eb2 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml @@ -1,6 +1,6 @@ - name: 'EPS Limits without timeframe value' description: 'EPS Limits without timeframe value' configuration_parameters: - MAXIMUN: '500' + MAXIMUM: '500' metadata: - maximun: 500 + maximum: 500 diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index d93d742aff..219c698ff1 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -63,13 +63,13 @@ def test_enabled(configuration, metadata, set_wazuh_configuration_eps, - Verify that when the `maximum` value is set to a values greater than 0 and lower than 100000 and, `timeframe` value is set to a value greater than 0 and lower than 3600, the module EPS limits is running. - Verify that the wazuh-analysisd daemon is running. - + input_description: - The `cases_enabled.yaml` file provides the module configuration for this test. expected_output: - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' ''' - evm.check_eps_enabled(metadata['maximun'], metadata['timeframe']) + evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) # Check that wazuh-analysisd is running check_if_deamon_is_running('wazuh-analysisd') diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 40c306ffac..1bd508b97f 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -16,16 +16,16 @@ TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') # Configuration and cases data -t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_maximun.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_maximun.yaml') +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_maximum.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_maximum.yaml') t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe.yaml') t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe.yaml') -t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximun.yaml') -t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe_maximun.yaml') +t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximum.yaml') +t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe_maximum.yaml') -# Test configurations without maximun value (t1) +# Test configurations without maximum value (t1) t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata) @@ -35,7 +35,7 @@ t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, t2_configuration_metadata) -# Test configurations without timeframe and maximun values (t3) +# Test configurations without timeframe and maximum values (t3) t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path) t3_configurations = load_configuration_template(t3_configurations_path, t3_configuration_parameters, t3_configuration_metadata) @@ -43,7 +43,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_maximun(configuration, metadata, set_wazuh_configuration_eps, +def test_without_maximum(configuration, metadata, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` value is not present in the @@ -149,7 +149,7 @@ def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, @pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe_maximun(configuration, metadata, set_wazuh_configuration_eps, +def test_without_timeframe_maximum(configuration, metadata, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` and/or `timeframe` are not present in the diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index 245df33ddd..26a9fa424a 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -29,7 +29,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_invalid_values(configuration, metadata, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_after_finishing): + truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when an invalid value is set to `maximum` and/or `timeframe`. diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index 02990fbe4e..e4a8b6378c 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -35,7 +35,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_disabled(configuration, metadata, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_function): + truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is disabled when it is not configured. diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 46aab15107..3cb2dc34bf 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -40,13 +40,14 @@ # Get simulate agent configurations (t2) params_process_old_events_multithread = get_simulate_agent_configuration(configurations_simulate_agent_path) -maximun_eps_t2 = [metadata['maximun'] for metadata in t2_configuration_metadata] +maximum_eps_t2 = [metadata['maximum'] for metadata in t2_configuration_metadata] timeframe_eps_t2 = [metadata['timeframe'] for metadata in t2_configuration_metadata] # It is sent `width_frame` time frame width to reduce test time execution frame_width = 3 -total_msg = maximun_eps_t2[0] * timeframe_eps_t2[0] * frame_width +total_msg = maximum_eps_t2[0] * timeframe_eps_t2[0] * frame_width params_process_old_events_multithread.update({'total_msg': total_msg}) + @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_one_thread], indirect=True) @@ -138,12 +139,12 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_multithread], indirect=True) def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_configuration_eps, - truncate_monitored_files, delete_alerts_folder, - restart_wazuh_daemon_function, simulate_agent): + truncate_monitored_files, delete_alerts_folder, + restart_wazuh_daemon_function, simulate_agent): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving average frees up some space. To do this, read the alerts.log file and find the numerated alerts - messages with the FileMonitor tool. To do so, it iterates the `n` frames of `maximun` * `timeframe` and + messages with the FileMonitor tool. To do so, it iterates the `n` frames of `maximum` * `timeframe` and checks if the message number belongs to the respective frame. test_phases: @@ -195,7 +196,7 @@ def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_conf sleep(metadata['timeframe'] / 2) events_received = evm.get_analysisd_state('events_received') index = 0 - frame = metadata['timeframe'] * metadata['maximun'] + frame = metadata['timeframe'] * metadata['maximum'] # Iterate over each frame to find the respective numerated message belongs to the frame while (index + 1) * frame <= events_received: start_index = index * frame diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index bd5ea25e34..eb618d082a 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -79,7 +79,7 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazu assertions: - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal - than `maximun` * `timeframe` and greater than a percentage of `maximun` * `timeframe` to confirm that + than `maximum` * `timeframe` and greater than a percentage of `maximum` * `timeframe` to confirm that `events_processed` is not null. The `events_received` value must be greater than `events_processed` and, the `events_dropped` value greater than 0 and finaly, `event_queue_usage` is equal to 1.0. @@ -94,9 +94,9 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazu event_queue_usage = evm.get_analysisd_state('event_queue_usage') # Check that processed events reach the EPS limit - assert events_processed <= float(metadata['maximun'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximun'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximun * timeframe' + assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ + events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximum * timeframe' # Check that events continue receiving although the EPS limit was reached assert events_received > events_processed, 'events_received must be bigger than events_processed' @@ -111,4 +111,4 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazu # Check that events_dropped are in the range of events_received - events_processed assert events_processed <= events_received - events_dropped, 'events_processed must be lower than' \ - 'events_received - events_dropped' \ No newline at end of file + 'events_received - events_dropped' diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index 9f784aced0..e82271a1a4 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -29,11 +29,11 @@ # Get simulate agent configurations (t1) params_start_queuing_events_when_limit_reached = get_simulate_agent_configuration(configurations_simulate_agent_path) -maximun_eps = [metadata['maximun'] for metadata in t1_configuration_metadata] +maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] # It is sent `width_frame` time frame width to reduce test time execution width_frame = 3 -total_msg = maximun_eps[0] * timeframe_eps_t1[0] * width_frame +total_msg = maximum_eps[0] * timeframe_eps_t1[0] * width_frame if total_msg > QUEUE_SIZE: total_msg = QUEUE_SIZE - 1 params_start_queuing_events_when_limit_reached.update({'total_msg': total_msg}) @@ -43,11 +43,11 @@ @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_queuing_events_when_limit_reached], indirect=True) def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_function, - simulate_agent): + truncate_monitored_files, restart_wazuh_daemon_function, + simulate_agent): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must - be lower or equal than `maximun` * `timeframe` and, the `events_received` value must be greater than + be lower or equal than `maximum` * `timeframe` and, the `events_received` value must be greater than `events_processed` and, the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is lower than 1.0. @@ -83,7 +83,7 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wa assertions: - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal - than `maximun` * `timeframe` and greater than a percentage of `maximun` * `timeframe` to confirm that + than `maximum` * `timeframe` and greater than a percentage of `maximum` * `timeframe` to confirm that `events_processed` is not null. The `events_received` value must be greater than `events_processed` and, the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is lower than 1.0. @@ -98,9 +98,9 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wa event_queue_usage = evm.get_analysisd_state('event_queue_usage') # Check that processed events reach the EPS limit - assert events_processed <= float(metadata['maximun'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximun'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximun * timeframe' + assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ + events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximum * timeframe' # Check that events continue receiving although the EPS limit was reached assert events_received > events_processed, 'events_received must be bigger than events_processed' diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 85fe1d1722..97ff093bfe 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -29,9 +29,9 @@ # Get simulate agent configurations (t1) params_stop_processing_events = get_simulate_agent_configuration(configurations_simulate_agent_path) -maximun_eps = [metadata['maximun'] for metadata in t1_configuration_metadata] +maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = maximun_eps[0] * timeframe_eps_t1[0] * 3 +total_msg = maximum_eps[0] * timeframe_eps_t1[0] * 3 if total_msg > QUEUE_SIZE: total_msg = QUEUE_SIZE - 1 params_stop_processing_events.update({'total_msg': total_msg}) @@ -44,7 +44,7 @@ def test_stops_processing_events(configuration, metadata, set_wazuh_configuratio restart_wazuh_daemon_function, simulate_agent): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must - be lower or equal than `maximun` * `timeframe` + be lower or equal than `maximum` * `timeframe` test_phases: - Set a custom Wazuh configuration. @@ -78,7 +78,7 @@ def test_stops_processing_events(configuration, metadata, set_wazuh_configuratio assertions: - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal - than `maximun` * `timeframe` and greater than a percentage of `maximun` * `timeframe` to confirm that + than `maximum` * `timeframe` and greater than a percentage of `maximum` * `timeframe` to confirm that `events_processed` is not null. input_description: @@ -89,6 +89,6 @@ def test_stops_processing_events(configuration, metadata, set_wazuh_configuratio events_processed = evm.get_analysisd_state('events_processed') # Check that processed events reach the EPS limit - assert events_processed <= float(metadata['maximun'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximun'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximun * timeframe' + assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ + events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximum * timeframe' diff --git a/tests/reliability/agent_connection/test_keep_alive.py b/tests/reliability/agent_connection/test_keep_alive.py index 6dbc428cf0..bc67f668b1 100644 --- a/tests/reliability/agent_connection/test_keep_alive.py +++ b/tests/reliability/agent_connection/test_keep_alive.py @@ -73,7 +73,7 @@ def test_keep_alives(get_report): ''' description: Check if the communication between managers and agents works as expected. - This test ensures that ACK and keep alive does not overcome the specified maximum. The condition is checked using + This test ensures that ACK and keep alive does not overcome the specified maximum. The condition is checked using the agentd statistics data and the keep-alives received by the manager in the logs file. wazuh_min_version: 4.4.0 @@ -86,7 +86,7 @@ def test_keep_alives(get_report): assertions: - Verify agents maximum difference between ack and keepalive is less than specified maximum. - Verify that the max_difference between keeps alives of all the agents in the managers side is less that - the specified maximun. + the specified maximum. - Verify the number of keepalives of each agent is the expected. input_description: JSON environment reports From 6c11007b236f16de4776067b58cec6846bf66a18 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 10:43:29 -0300 Subject: [PATCH 05/79] refact: Refactor code style #2947 --- .../wazuh_testing/scripts/simulate_agents.py | 20 ++++++++++--------- ...aximun.yaml => cases_without_maximum.yaml} | 0 ...l => cases_without_timeframe_maximum.yaml} | 0 .../test_analysisd/test_eps/test_disabled.py | 2 +- .../test_eps/test_no_eps_configuration.py | 11 +++++----- ...t_process_old_events_instead_new_events.py | 7 +++---- ...t_start_dropping_events_when_queue_full.py | 14 ++++++------- ...start_queuing_events_when_limit_reached.py | 8 ++++---- .../test_eps/test_stop_processing_events.py | 6 +++--- 9 files changed, 35 insertions(+), 33 deletions(-) rename tests/integration/test_analysisd/test_eps/data/test_cases/{cases_without_maximun.yaml => cases_without_maximum.yaml} (100%) rename tests/integration/test_analysisd/test_eps/data/test_cases/{cases_without_timeframe_maximun.yaml => cases_without_timeframe_maximum.yaml} (100%) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index d7aee4f7f2..b105c7a078 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -41,13 +41,13 @@ def process_script_parameters(args): args (argparse.Namespace): Script args. """ # Add keepalive and receive_message modules if they are not specified in script parameters - if args.disable_keepalive is None: + if args.disable_keepalive is False: if 'keepalive' not in args.modules: args.modules.append('keepalive') args.modules_eps.append('0') - if args.disable_receive is None: + if args.disable_receive is False: if 'receive_messages' not in args.modules: args.modules.append('receive_messages') args.modules_eps.append('0') @@ -155,19 +155,20 @@ def create_injectors(agents, manager_address, protocol, limit_msg): return injectors -def start(injector, time_alive, flag_disable_keepalive): +def start(injector, time_alive, limit_msg_enable): """Start the injector process for a specified time. Args: injector (Injector): Injector object. time_alive (int): Period of time in seconds during the injector will be running. + limit_msg_enable (int): Amount of message to be sent. """ try: injector.run() - if flag_disable_keepalive: - injector.wait() - else: + if limit_msg_enable is None: sleep(time_alive) + else: + injector.wait() finally: stop(injector) @@ -181,17 +182,18 @@ def stop(injector): injector.stop_receive() -def run(injectors, time_alive, flag_disable_keepalive): +def run(injectors, time_alive, limit_msg_enable): """Run each injector in a separated process. Args: injectors (list): List of injector objects. time_alive (int): Period of time in seconds during the injector will be running. + limit_msg_enable (int): Amount of message to be sent. """ processes = [] for injector in injectors: - processes.append(Process(target=start, args=(injector, time_alive, flag_disable_keepalive))) + processes.append(Process(target=start, args=(injector, time_alive, limit_msg_enable))) for agent_process in processes: agent_process.start() @@ -354,7 +356,7 @@ def main(): injectors = create_injectors(agents, args.manager_address, args.agent_protocol, args.limit_msg) - run(injectors, args.simulation_time, args.disable_keepalive) + run(injectors, args.simulation_time, args.limit_msg) if __name__ == "__main__": diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximun.yaml rename to tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximun.yaml rename to tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index 783d8cdbbd..58d1c62fe6 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -28,7 +28,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_disabled(configuration, metadata, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_function): + truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is not started when `maximum` is set to a value equal to 0, or with an empty value, and `timeframe` is set to a value greater than 0 and lower than 3600. diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index e4a8b6378c..aaa2e07775 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -3,7 +3,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ -get_simulate_agent_configuration + get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT, PERCENTAGE_PROCESS_MSGS @@ -28,7 +28,7 @@ # Get simulate agent configurations (t1) params_disabled_eps = get_simulate_agent_configuration(configurations_simulate_agent_path) timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = 1000 # of 1Kb message of 16384 Kb of queue size +total_msg = 1000 # of 1Kb message of 16384 Kb of queue size params_disabled_eps.update({'total_msg': total_msg}) @@ -131,6 +131,7 @@ def test_without_eps_setting(configuration, metadata, set_wazuh_configuration_ep sleep(metadata['timeframe'] / 2) events_processed = evm.get_analysisd_state('events_processed') events_received = evm.get_analysisd_state('events_received') - # There are some internal event that are processed but not are reflected in events_received, That why it has been used PERCENTAGE_PROCESS_MSGS variable - assert events_processed >= events_received * PERCENTAGE_PROCESS_MSGS and \ - events_processed > 0, 'The events_processed value is similar to events_received' + # There are some internal event that are processed but not are reflected in events_received, That why it + # has been used PERCENTAGE_PROCESS_MSGS variable + assert events_processed >= events_received * PERCENTAGE_PROCESS_MSGS and events_processed > 0, 'The ' \ + 'events_processed value is similar to events_received' diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 3cb2dc34bf..ab9b356742 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -4,7 +4,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ -get_simulate_agent_configuration + get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm @@ -35,7 +35,7 @@ # Get simulate agent configurations (t1) params_process_old_events_one_thread = get_simulate_agent_configuration(configurations_simulate_agent_path) timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = 10000 # of 1Kb message of 16384 Kb of queue size +total_msg = 10000 # of 1Kb message of 16384 Kb of queue size params_process_old_events_one_thread.update({'total_msg': total_msg}) # Get simulate agent configurations (t2) @@ -131,8 +131,7 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config # Store the timestamp to be compared with the next one timestamp_bkp = timestamp else: - raise Exception('Not enough messages were sent. Please increase the `total_msg` for ' \ - 'this test.') + raise Exception('Not enough messages were sent. Please increase the `total_msg` for this test.') @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index eb618d082a..1b232de618 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -4,7 +4,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ -get_simulate_agent_configuration + get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE @@ -31,7 +31,7 @@ # Get simulate agent configurations (t1) params_start_dropping_events_when_queue_full = get_simulate_agent_configuration(configurations_simulate_agent_path) timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 +total_msg = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 expected_msg_dropped = total_msg - QUEUE_SIZE params_start_dropping_events_when_queue_full.update({'total_msg': total_msg}) @@ -95,20 +95,20 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazu # Check that processed events reach the EPS limit assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximum * timeframe' + events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximum * timeframe' # Check that events continue receiving although the EPS limit was reached assert events_received > events_processed, 'events_received must be bigger than events_processed' # Check that there is no event dropped and the queue usage is less than 1.0 (100%). This means the queue is not full assert events_dropped >= int(expected_msg_dropped * PERCENTAGE_PROCESS_MSGS) \ - and events_dropped <= int(expected_msg_dropped * (1 + (1 - PERCENTAGE_PROCESS_MSGS))), 'events_dropped must be '\ - 'in the range of (total_msg - QUEUE_SIZE)' + and events_dropped <= int(expected_msg_dropped * (1 + (1 - PERCENTAGE_PROCESS_MSGS))), 'events_dropped must '\ + 'be in the range of (total_msg - QUEUE_SIZE)' # Check that there is no event dropped and the queue usage is less than 1.0 (100%). This means the queue is not full assert event_queue_usage == 1.0, 'event_queue_usage must be 1.0' # Check that events_dropped are in the range of events_received - events_processed assert events_processed <= events_received - events_dropped, 'events_processed must be lower than' \ - 'events_received - events_dropped' + 'events_received - events_dropped' diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index e82271a1a4..0180e0cb7a 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -4,7 +4,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ -get_simulate_agent_configuration + get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE @@ -99,8 +99,8 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wa # Check that processed events reach the EPS limit assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximum * timeframe' + events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximum * timeframe' # Check that events continue receiving although the EPS limit was reached assert events_received > events_processed, 'events_received must be bigger than events_processed' @@ -108,4 +108,4 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wa # Check that there are not events dropped and the queue usage is less than 1.0 (100%). # This means the queue is not full assert events_dropped == 0 and event_queue_usage < 1.0 and event_queue_usage > 0.0, 'events_dropped must be 0 ' \ - 'and event_queue_usage less than 1.0' + 'and event_queue_usage less than 1.0' diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 97ff093bfe..9d9f65132b 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -4,7 +4,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ -get_simulate_agent_configuration + get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE @@ -90,5 +90,5 @@ def test_stops_processing_events(configuration, metadata, set_wazuh_configuratio # Check that processed events reach the EPS limit assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximum * timeframe' + events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ + 'events_processed must be lower or equal to maximum * timeframe' From 9e240e2eb69a3e6c5c8232b39ed9805f43315dcf Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 11:04:30 -0300 Subject: [PATCH 06/79] refac: Update changelog file #2947 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3828064147..e64135652b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Release report: TBD ### Added +- New tests to check EPS limits ([#2947](https://github.com/wazuh/wazuh-qa/pull/3181)) \- (Tests) - New vulnerability Detector integration tests for Ubuntu 22.04 ([#2957](https://github.com/wazuh/wazuh-qa/pull/2957)) \- (Framework + Tests) - New vulnerability Detector integration tests for Amazon Linux 2022 ([#2955](https://github.com/wazuh/wazuh-qa/pull/2955)) \- (Framework + Tests) - New vulnerability detector tests for SUSE Linux Enterpise Support ([#2945](https://github.com/wazuh/wazuh-qa/pull/2945)) \- (Framework + Tests) From f61b25ed3c3defea075ae14214093b27cc33c168 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 14:10:52 -0300 Subject: [PATCH 07/79] refact: Refactor code style #2947 --- .../wazuh_testing/modules/eps/__init__.py | 2 +- .../modules/eps/event_monitor.py | 5 ++--- .../wazuh_testing/processes/__init__.py | 2 +- .../wazuh_testing/scripts/simulate_agents.py | 3 +-- .../wazuh_testing/tools/__init__.py | 2 +- .../test_analysisd/test_eps/conftest.py | 8 +++---- .../data/configuration_simulate_agent.yaml | 6 ++--- .../configuration_disabled.yaml | 22 +++++++++---------- .../configuration_enabled.yaml | 22 +++++++++---------- .../configuration_invalid_values.yaml | 22 +++++++++---------- .../configuration_no_eps_configuration.yaml | 16 +++++++------- ...process_old_events_instead_new_events.yaml | 22 +++++++++---------- ...start_dropping_events_when_queue_full.yaml | 22 +++++++++---------- ...art_queuing_events_when_limit_reached.yaml | 22 +++++++++---------- .../configuration_stop_processing_events.yaml | 22 +++++++++---------- .../configuration_without_maximum.yaml | 20 +++++++++-------- .../configuration_without_timeframe.yaml | 18 +++++++-------- ...nfiguration_without_timeframe_maximum.yaml | 14 ++++++------ .../data/test_cases/cases_disabled.yaml | 4 ++-- .../data/test_cases/cases_invalid_values.yaml | 16 +++++++------- .../cases_no_eps_configuration.yaml | 4 ++-- ...cases_process_old_events_multi_thread.yaml | 4 ++-- .../cases_process_old_events_one_thread.yaml | 4 ++-- .../cases_start_dropping_events.yaml | 4 ++-- .../cases_start_queueing_events.yaml | 4 ++-- .../test_cases/cases_stop_process_events.yaml | 4 ++-- .../test_cases/cases_without_maximum.yaml | 4 ++-- .../test_cases/cases_without_timeframe.yaml | 4 ++-- .../cases_without_timeframe_maximum.yaml | 4 ++-- 29 files changed, 153 insertions(+), 153 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index 085e57c960..e7856fee5c 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -18,4 +18,4 @@ # wazuh-analysisd.state file default update configuration ANALYSISD_STATE_INTERNAL_DEFAULT = '5' PERCENTAGE_PROCESS_MSGS = 0.95 -QUEUE_SIZE = 16384 \ No newline at end of file +QUEUE_SIZE = 16384 diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 8a7a43a6af..dea3810bb5 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -77,7 +77,6 @@ def get_words_from_file(words, filename): """ with open(filename, 'r') as file: for _, line in enumerate(file): - # search string if words in line: return line @@ -116,5 +115,5 @@ def get_msg_with_number(message): message (str): Message to find """ check_analysisd_event(timeout=eps.T_20, callback=message, - error_message=fr"Could not find the event: {message}", prefix="", \ - file_to_monitor=ALERT_LOGS_PATH) \ No newline at end of file + error_message=fr"Could not find the event: {message}", prefix="", + file_to_monitor=ALERT_LOGS_PATH) diff --git a/deps/wazuh_testing/wazuh_testing/processes/__init__.py b/deps/wazuh_testing/wazuh_testing/processes/__init__.py index ce74feeba8..bdcbb19293 100644 --- a/deps/wazuh_testing/wazuh_testing/processes/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/processes/__init__.py @@ -13,4 +13,4 @@ def check_if_deamon_is_running(daemon): def check_if_deamon_is_not_running(daemon): """Check if the specified daemon is running""" - assert check_if_process_is_running(daemon) == False, f"{daemon} is running. It may have crashed" + assert not check_if_process_is_running(daemon), f"{daemon} is running. It may have crashed" diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index b105c7a078..258bb306c8 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -46,7 +46,6 @@ def process_script_parameters(args): args.modules.append('keepalive') args.modules_eps.append('0') - if args.disable_receive is False: if 'receive_messages' not in args.modules: args.modules.append('receive_messages') @@ -360,4 +359,4 @@ def main(): if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index f8d0457a22..b311ea0241 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -78,7 +78,7 @@ HOSTS_FILE_PATH = os.path.join('/', 'etc', 'hosts') GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') - SIMULATE_AGENT = os.path.join('deps','wazuh_testing','wazuh_testing','scripts','simulate_agents.py') + SIMULATE_AGENT = os.path.join('deps', 'wazuh_testing', 'wazuh_testing','scripts', 'simulate_agents.py') WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 712a0ac7ea..84dcefbcec 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -10,7 +10,8 @@ import pytest from wazuh_testing.tools.services import control_service -from wazuh_testing.tools import configuration, SIMULATE_AGENT, ARCHIVES_LOG_FILE_PATH, ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_PATH, WAZUH_INTERNAL_OPTIONS +from wazuh_testing.tools import configuration, SIMULATE_AGENT, ARCHIVES_LOG_FILE_PATH, \ + ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_PATH, WAZUH_INTERNAL_OPTIONS @pytest.fixture(scope='function') @@ -25,7 +26,7 @@ def restart_analysisd_function(): def configure_local_internal_options_eps(request): """Fixture to configure the local internal options file.""" # Define local internal options for vulnerability detector tests - local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0',\ + local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': f"{request.param[0]}"} # Backup the old local internal options @@ -55,7 +56,7 @@ def set_wazuh_configuration_eps(configuration, set_wazuh_configuration, configur @pytest.fixture(scope='function') def simulate_agent(request): """Fixture to execute the script simulate_agent.py""" - #Get IP address of the host + # Get IP address of the host hostname = socket.gethostname() IPAddr = socket.gethostbyname(hostname) @@ -65,7 +66,6 @@ def simulate_agent(request): -f {request.param['msg_size']} -e {request.param['total_msg']} \ -k {request.param['keepalive_disabled']} -d {request.param['receive_msg_disabled']}", shell=True) - yield diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml index 103a7b217c..549e68e862 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml @@ -1,8 +1,8 @@ -- name: 'Simulate agent params configuration' - description: 'Simulate agent params configuration' +- name: Simulate agent params configuration + description: Simulate agent params configuration configuration_parameters: num_agent: '1' - modules: 'logcollector' + modules: logcollector eps: '10000' time: '15' msg_size: '1' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml index 80e983476d..d85b18b25d 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml @@ -1,12 +1,12 @@ - sections: - section: remote elements: - - connection: - value: 'secure' - - port: - value: '1514' - - protocol: - value: 'TCP' + - connection: + value: secure + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: @@ -25,14 +25,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml index 2e4d7c48db..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml @@ -3,21 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -36,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml index 8a486df331..b930695be1 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml @@ -3,19 +3,21 @@ elements: - limits: elements: - - eps: - elements: - - timeframe: - value: TIMEFRAME + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -34,14 +36,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml index 4e7d122b45..f4217c9c9d 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml @@ -3,19 +3,19 @@ elements: - limits: elements: - - eps: - elements: - - maximum: - value: MAXIMUM + - eps: + elements: + - maximum: + value: MAXIMUM - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -34,14 +34,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml index dafbd9a40c..751e4ddf8a 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml @@ -3,17 +3,17 @@ elements: - limits: elements: - - eps: - elements: + - eps: + elements: - section: remote elements: - - connection: - value: 'secure' + - connection: + value: secure - port: value: '1514' - protocol: - value: 'TCP' + value: TCP - section: sca elements: @@ -32,14 +32,14 @@ - section: wodle attributes: - - name: 'syscollector' + - name: syscollector elements: - disabled: value: 'yes' - section: wodle attributes: - - name: 'osquery' + - name: osquery elements: - disabled: value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml index 60d51ee746..033cea9389 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits disabled' - description: 'EPS Limits disabled' +- name: EPS Limits disabled + description: EPS Limits disabled configuration_parameters: MAXIMUM: '0' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml index 879a05264e..6824a83402 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits with maximum values over the maximum allowed' - description: 'EPS Limits with maximum values over the maximum allowed' +- name: EPS Limits with maximum values over the maximum allowed + description: EPS Limits with maximum values over the maximum allowed configuration_parameters: MAXIMUM: '100001' TIMEFRAME: '5' @@ -7,8 +7,8 @@ maximum: 100001 timeframe: 5 -- name: 'EPS Limits with timeframe values over the timeframe allowed' - description: 'EPS Limits with timeframe values over the timeframe allowed' +- name: EPS Limits with timeframe values over the timeframe allowed + description: EPS Limits with timeframe values over the timeframe allowed configuration_parameters: MAXIMUM: '10' TIMEFRAME: '3601' @@ -16,8 +16,8 @@ maximum: 10 timeframe: 3601 -- name: 'EPS Limits with timeframe value 0' - description: 'EPS Limits with timeframe value 0' +- name: EPS Limits with timeframe value 0 + description: EPS Limits with timeframe value 0 configuration_parameters: MAXIMUM: '10' TIMEFRAME: '0' @@ -25,8 +25,8 @@ maximum: 10 timeframe: 0 -- name: 'EPS Limits with maximum and timeframe values 0' - description: 'EPS Limits with maximum and timeframe values 0' +- name: EPS Limits with maximum and timeframe values 0 + description: EPS Limits with maximum and timeframe values 0 configuration_parameters: MAXIMUM: '0' TIMEFRAME: '0' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml index 3894a9b309..025ec39253 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits disables' - description: 'EPS Limits disables' +- name: EPS Limits disables + description: EPS Limits disables configuration_parameters: MAXIMUM: '0' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml index 3b759629b3..ba4ef96f48 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits process old events instead of new ones - Multithread' - description: 'EPS Limits process old events instead of new ones - Multithread' +- name: EPS Limits process old events instead of new ones - Multithread + description: EPS Limits process old events instead of new ones - Multithread configuration_parameters: MAXIMUM: '10' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml index 5ac863a975..c2c9428c81 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits process old events instead of new ones - One thread' - description: 'EPS Limits process old events instead of new ones - One thread' +- name: EPS Limits process old events instead of new ones - One thread + description: EPS Limits process old events instead of new ones - One thread configuration_parameters: MAXIMUM: '100' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml index d00da949c3..40eff5d980 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits start dropping events' - description: 'EPS Limits start dropping events' +- name: EPS Limits start dropping events + description: EPS Limits start dropping events configuration_parameters: MAXIMUM: '1' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml index f2873d7292..bc55f1d024 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits start queueing events' - description: 'EPS Limits start queueing events' +- name: EPS Limits start queueing events + description: EPS Limits start queueing events configuration_parameters: MAXIMUM: '100' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml index d0f59dffec..199f893ffe 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits stop processing events' - description: 'EPS Limits stop processing events' +- name: EPS Limits stop processing events + description: EPS Limits stop processing events configuration_parameters: MAXIMUM: '100' TIMEFRAME: '5' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml index c06afd775a..cafd648eac 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits without maximum value' - description: 'EPS Limits without maximum value' +- name: EPS Limits without maximum value + description: EPS Limits without maximum value configuration_parameters: TIMEFRAME: '5' metadata: diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml index 1f3c895eb2..b210a8a321 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits without timeframe value' - description: 'EPS Limits without timeframe value' +- name: EPS Limits without timeframe value + description: EPS Limits without timeframe value configuration_parameters: MAXIMUM: '500' metadata: diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml index 1f3c895eb2..b210a8a321 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits without timeframe value' - description: 'EPS Limits without timeframe value' +- name: EPS Limits without timeframe value + description: EPS Limits without timeframe value configuration_parameters: MAXIMUM: '500' metadata: From c2bab2cbad3a28c93314ae4d072a3e1a094453b7 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 17 Aug 2022 14:21:33 -0300 Subject: [PATCH 08/79] refac: Refactor code indentation #2947 --- deps/wazuh_testing/wazuh_testing/tools/__init__.py | 2 +- deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py | 1 - .../configuration_template/configuration_disabled.yaml | 8 ++++---- .../configuration_template/configuration_enabled.yaml | 8 ++++---- .../configuration_invalid_values.yaml | 8 ++++---- ...nfiguration_process_old_events_instead_new_events.yaml | 8 ++++---- ...nfiguration_start_dropping_events_when_queue_full.yaml | 8 ++++---- ...iguration_start_queuing_events_when_limit_reached.yaml | 8 ++++---- .../configuration_stop_processing_events.yaml | 8 ++++---- .../configuration_without_maximum.yaml | 8 ++++---- .../configuration_without_timeframe.yaml | 8 ++++---- .../configuration_without_timeframe_maximum.yaml | 8 ++++---- .../test_eps/data/test_cases/cases_enabled.yaml | 4 ++-- 13 files changed, 43 insertions(+), 44 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index b311ea0241..abfcdaa8d4 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -78,7 +78,7 @@ HOSTS_FILE_PATH = os.path.join('/', 'etc', 'hosts') GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') - SIMULATE_AGENT = os.path.join('deps', 'wazuh_testing', 'wazuh_testing','scripts', 'simulate_agents.py') + SIMULATE_AGENT = os.path.join('deps', 'wazuh_testing', 'wazuh_testing', 'scripts', 'simulate_agents.py') WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 2c0e3797a2..32526a3ca3 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -1585,7 +1585,6 @@ def stop_receive(self): self.sender.socket.shutdown(socket.SHUT_RDWR) self.sender.socket.close() - def wait(self): for thread in range(self.thread_number): self.threads[thread].join() diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml index b930695be1..bdb2960f93 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml @@ -14,10 +14,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml index f4217c9c9d..891f6f7bc5 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml @@ -12,10 +12,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml index 751e4ddf8a..20c4fd1b45 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml @@ -10,10 +10,10 @@ elements: - connection: value: secure - - port: - value: '1514' - - protocol: - value: TCP + - port: + value: '1514' + - protocol: + value: TCP - section: sca elements: diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml index c82c4e05cf..d326ae86fb 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml @@ -1,5 +1,5 @@ -- name: 'EPS Limits enabled' - description: 'EPS Limits enabled' +- name: EPS Limits enabled + description: EPS Limits enabled configuration_parameters: MAXIMUM: '10' TIMEFRAME: '5' From f817116435639fa720611bd68eb90ced7c606062 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 18 Aug 2022 15:31:06 -0300 Subject: [PATCH 09/79] refac: Refactor variable and method names #2947 --- CHANGELOG.md | 2 +- .../wazuh_testing/modules/eps/__init__.py | 12 +-- .../modules/eps/event_monitor.py | 20 ++--- .../wazuh_testing/scripts/simulate_agents.py | 23 +++-- .../wazuh_testing/tools/__init__.py | 2 +- .../wazuh_testing/tools/agent_simulator.py | 48 +++++----- .../test_analysisd/test_eps/conftest.py | 89 +++++-------------- .../data/configuration_simulate_agent.yaml | 5 +- .../test_analysisd/test_eps/test_disabled.py | 1 + .../test_analysisd/test_eps/test_enabled.py | 1 + .../test_eps/test_invalid_configuration.py | 3 + .../test_eps/test_invalid_values.py | 1 + .../test_eps/test_no_eps_configuration.py | 2 + ...t_process_old_events_instead_new_events.py | 23 +++-- ...t_start_dropping_events_when_queue_full.py | 1 + ...start_queuing_events_when_limit_reached.py | 3 +- .../test_eps/test_stop_processing_events.py | 7 +- 17 files changed, 100 insertions(+), 143 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e64135652b..a194fa72a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ Release report: TBD ### Added -- New tests to check EPS limits ([#2947](https://github.com/wazuh/wazuh-qa/pull/3181)) \- (Tests) +- New tests to check EPS limits ([#2947](https://github.com/wazuh/wazuh-qa/pull/3181)) \- (Framework + Tests) - New vulnerability Detector integration tests for Ubuntu 22.04 ([#2957](https://github.com/wazuh/wazuh-qa/pull/2957)) \- (Framework + Tests) - New vulnerability Detector integration tests for Amazon Linux 2022 ([#2955](https://github.com/wazuh/wazuh-qa/pull/2955)) \- (Framework + Tests) - New vulnerability detector tests for SUSE Linux Enterpise Support ([#2945](https://github.com/wazuh/wazuh-qa/pull/2945)) \- (Framework + Tests) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index e7856fee5c..4d64615399 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -1,15 +1,5 @@ -import os -import json -from datetime import datetime, timedelta -from copy import deepcopy - -from wazuh_testing.tools.time import parse_date_time_format - - # Timeouts -T_5 = 5 T_10 = 10 -T_15 = 15 T_20 = 20 T_60 = 60 @@ -19,3 +9,5 @@ ANALYSISD_STATE_INTERNAL_DEFAULT = '5' PERCENTAGE_PROCESS_MSGS = 0.95 QUEUE_SIZE = 16384 +# Set logcollector message that the agent sents +LOGCOLLECTOR_MESSAGE = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index dea3810bb5..2325c30800 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -9,11 +9,11 @@ def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): """Create a callback function from a text pattern. - It already contains the vulnerability-detector prefix. + It already contains the analsisd prefix. Args: pattern (str): String to match on the log. - prefix (str): regular expression used as prefix before the pattern. + prefix (str): regular expression used as a prefix before the pattern. Returns: lambda: function that returns if there's a match in the file @@ -67,27 +67,27 @@ def check_configuration_error(): 'in ossec.log', prefix=eps.MAILD_PREFIX) -def get_words_from_file(words, filename): - """Get the words from file +def find_in_file(string_to_search, filename): + """Find a specific string in a file Args: - wordss (str): Word to find in the file + string_to_search (str): Word to find in the file Returns: str: Line that match in file """ with open(filename, 'r') as file: for _, line in enumerate(file): - if words in line: + if string_to_search in line: return line -def get_analysisd_state(word): - """Get the value of word in wazuh-analysisd.state +def get_analysisd_state(value): + """Get the specified wazuh-analysisd.state value Args: - word (str): Word to find in the file + value (str): wazuh-analisysd value """ - line = get_words_from_file(word, ANALYSISD_STATE) + line = find_in_file(value, ANALYSISD_STATE) return float(line.split("\'")[1::2][0]) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index 258bb306c8..d0853a3da1 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -41,12 +41,12 @@ def process_script_parameters(args): args (argparse.Namespace): Script args. """ # Add keepalive and receive_message modules if they are not specified in script parameters - if args.disable_keepalive is False: + if not args.disable_keepalive: if 'keepalive' not in args.modules: args.modules.append('keepalive') args.modules_eps.append('0') - if args.disable_receive is False: + if not args.disable_receive: if 'receive_messages' not in args.modules: args.modules.append('receive_messages') args.modules_eps.append('0') @@ -116,7 +116,8 @@ def create_agents(args): for item in distribution_list: # item[0] = modules - item[1] = eps agent = ag.Agent(manager_address=args.manager_address, os=args.os, registration_address=args.manager_registration_address, - version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels) + version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels, + enable_msg_number=args.enable_logcollector_message_number) set_agent_modules_and_eps(agent, item[0].split(' ') + ['keepalive', 'receive_messages'], item[1].split(' ') + ['0', '0']) agents.append(agent) @@ -124,14 +125,15 @@ def create_agents(args): for _ in range(args.agents_number): agent = ag.Agent(manager_address=args.manager_address, os=args.os, registration_address=args.manager_registration_address, - version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels) + version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels, + enable_msg_number=args.enable_logcollector_message_number) set_agent_modules_and_eps(agent, args.modules, args.modules_eps) agents.append(agent) return agents -def create_injectors(agents, manager_address, protocol, limit_msg): +def create_injectors(agents, manager_address, protocol, limit_msg=None): """Create injectos objects from list of agents and connection parameters. Args: @@ -154,7 +156,7 @@ def create_injectors(agents, manager_address, protocol, limit_msg): return injectors -def start(injector, time_alive, limit_msg_enable): +def start(injector, time_alive, limit_msg_enable=None): """Start the injector process for a specified time. Args: @@ -181,7 +183,7 @@ def stop(injector): injector.stop_receive() -def run(injectors, time_alive, limit_msg_enable): +def run(injectors, time_alive, limit_msg_enable=None): """Run each injector in a separated process. Args: @@ -331,7 +333,7 @@ def main(): required=False, default=0, dest='waiting_connection_time') arg_parser.add_argument('-e', '--limit-msg', metavar='', type=int, - help='Amount of message to sent.', + help='Limit the amount of message to send to the manager for each module.', required=False, default=None, dest='limit_msg') arg_parser.add_argument('-k', '--disable-keepalive', metavar='', type=bool, @@ -342,6 +344,11 @@ def main(): help='Disable receive message module', required=False, default=False, dest='disable_receive') + arg_parser.add_argument('-c', '--enable-logcollector-message-number', + metavar='', type=bool, + help='Enable logcollector message number', + required=False, default=False, dest='enable_logcollector_message_number') + args = arg_parser.parse_args() process_script_parameters(args) diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index abfcdaa8d4..7bfe6c66d4 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -129,7 +129,7 @@ def get_service(): CLIENT_CUSTOM_CERT_PATH = os.path.join(_data_path, 'sslmanager.cert') WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs') -ALERT_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts') +ALERT_DIRECTORY = os.path.join(WAZUH_LOGS_PATH, 'alerts') ALERT_FILE_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts', 'alerts.json') ALERT_LOGS_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts', 'alerts.log') CLUSTER_LOGS_PATH = os.path.join(WAZUH_LOGS_PATH, 'cluster.log') diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 32526a3ca3..17bb68537d 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -68,6 +68,7 @@ class Agent: authd_password (str), optional: Password for registration if needed. registration_address (str, optional): Manager registration IP address. retry_enrollment (bool, optional): retry then enrollment in case of error. + logcollector_msg_number (bool, optional): insert in the logcollector message the message number. Attributes: id (str): ID of the agent. @@ -119,7 +120,8 @@ def __init__(self, manager_address, cypher="aes", os=None, rootcheck_sample=None rootcheck_eps=100, logcollector_eps=100, authd_password=None, disable_all_modules=False, rootcheck_frequency=60.0, rcv_msg_limit=0, keepalive_frequency=10.0, sca_frequency=60, syscollector_frequency=60.0, syscollector_batch_size=10, hostinfo_eps=100, winevt_eps=100, - fixed_message_size=None, registration_address=None, retry_enrollment=False): + fixed_message_size=None, registration_address=None, retry_enrollment=False, + logcollector_msg_number=None): self.id = id self.name = name self.key = key @@ -183,6 +185,7 @@ def __init__(self, manager_address, cypher="aes", os=None, rootcheck_sample=None self.retry_enrollment = retry_enrollment self.rcv_msg_queue = Queue(rcv_msg_limit) self.fixed_message_size = fixed_message_size * 1024 if fixed_message_size is not None else None + self.logcollector_msg_number = logcollector_msg_number self.setup(disable_all_modules=disable_all_modules) def update_checksum(self, new_checksum): @@ -478,8 +481,7 @@ def process_message(self, sender, message): kind, checksum, name = msg_decoded_list[1:4] if kind == 'file' and "merged.mg" in name: self.update_checksum(checksum) - elif '#!-force_reconnect' in msg_decoded_list[0]: - sender.reconnect(self.startup_msg) + def process_command(self, sender, message_list): """Process agent received commands through the socket. @@ -662,7 +664,7 @@ def initialize_modules(self, disable_all_modules): def init_logcollector(self): """Initialize logcollector module.""" if self.logcollector is None: - self.logcollector = Logcollector() + self.logcollector = Logcollector(self.logcollector_msg_number) def init_sca(self): """Initialize init_sca module.""" @@ -1014,10 +1016,12 @@ def get_message(self): class Logcollector: """This class allows the generation of logcollector events.""" - def __init__(self): + def __init__(self, enable_msg_number=None): self.logcollector_tag = 'syslog' self.logcollector_mq = 'x' + # Those variables were added only in logcollector module to perform EPS test that need numbered messages. self.message_counter = 0 + self.enable_msg_number = enable_msg_number def generate_event(self): """Generate logcollector event @@ -1027,10 +1031,13 @@ def generate_event(self): """ log = 'Mar 24 10:12:36 centos8 sshd[12249]: Invalid user random_user from 172.17.1.1 port 56550' - message_counter_info = f"Message number: {self.message_counter}" - message = f"{self.logcollector_mq}:{self.logcollector_tag}:{log}:{message_counter_info}" + if self.enable_msg_number: + message_counter_info = f"Message number: {self.message_counter}" + message = f"{self.logcollector_mq}:{self.logcollector_tag}:{log}:{message_counter_info}" + self.message_counter = self.message_counter + 1 + else: + message = f"{self.logcollector_mq}:{self.logcollector_tag}:{log}" - self.message_counter = self.message_counter + 1 return message @@ -1497,24 +1504,12 @@ def __init__(self, manager_address, manager_port='1514', protocol=TCP): self.manager_address = manager_address self.manager_port = manager_port self.protocol = protocol.upper() - self.socket = None - self.connect() - - def connect(self): if is_tcp(self.protocol): self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.connect((self.manager_address, int(self.manager_port))) if is_udp(self.protocol): self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - def reconnect(self, event): - if is_tcp(self.protocol): - self.socket.shutdown(socket.SHUT_RDWR) - self.socket.close() - self.connect() - if event: - self.send_event(event) - def send_event(self, event): if is_tcp(self.protocol): length = pack('>> injector.run() """ - def __init__(self, sender, agent, limit): + def __init__(self, sender, agent, limit=None): self.sender = sender self.agent = agent self.limit_msg = limit @@ -1602,7 +1597,7 @@ class InjectorThread(threading.Thread): stop_thread (int): 0 if the thread is running, 1 if it is stopped. limit_msg (int): Maximum amount of message to be sent. """ - def __init__(self, thread_id, name, sender, agent, module, limit_msg): + def __init__(self, thread_id, name, sender, agent, module, limit_msg=None): super(InjectorThread, self).__init__() self.thread_id = thread_id self.name = name @@ -1694,10 +1689,11 @@ def run_module(self, module): char_size = getsizeof(event_msg[0]) - getsizeof('') event_msg += 'A' * (dummy_message_size//char_size) - # # Add message limitiation - if self.totalMessages >= self.limit_msg: - self.stop_thread = 1 - break + # Add message limitiation + if self.limit_msg: + if self.totalMessages >= self.limit_msg: + self.stop_thread = 1 + break event = self.agent.create_event(event_msg) self.sender.send_event(event) diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 84dcefbcec..e071fa8f89 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -11,7 +11,7 @@ from wazuh_testing.tools.services import control_service from wazuh_testing.tools import configuration, SIMULATE_AGENT, ARCHIVES_LOG_FILE_PATH, \ - ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_PATH, WAZUH_INTERNAL_OPTIONS + ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_DIRECTORY, WAZUH_INTERNAL_OPTIONS @pytest.fixture(scope='function') @@ -25,7 +25,7 @@ def restart_analysisd_function(): @pytest.fixture(scope='session') def configure_local_internal_options_eps(request): """Fixture to configure the local internal options file.""" - # Define local internal options for vulnerability detector tests + # Define local internal options for EPS tests local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': f"{request.param[0]}"} @@ -55,16 +55,17 @@ def set_wazuh_configuration_eps(configuration, set_wazuh_configuration, configur @pytest.fixture(scope='function') def simulate_agent(request): - """Fixture to execute the script simulate_agent.py""" + """Fixture to run the script simulate_agent.py""" # Get IP address of the host hostname = socket.gethostname() IPAddr = socket.gethostbyname(hostname) - file_excecute = os.path.abspath(SIMULATE_AGENT) - subprocess.call(f"python3 {file_excecute} -a {IPAddr} -n {request.param['num_agent']} \ + simulator_agent_script = os.path.abspath(SIMULATE_AGENT) + subprocess.call(f"python3 {simulator_agent_script} -a {IPAddr} -n {request.param['num_agent']} \ -m {request.param['modules']} -s {request.param['eps']} -t {request.param['time']} \ -f {request.param['msg_size']} -e {request.param['total_msg']} \ - -k {request.param['keepalive_disabled']} -d {request.param['receive_msg_disabled']}", shell=True) + -k {request.param['disable_keepalive_msg']} -d {request.param['disable_receive_msg']} \ + -c {request.param['enable_logcollector_msg_number']}", shell=True) yield @@ -83,77 +84,29 @@ def delete_folder_content(folder): def delete_alerts_folder(): """Delete alerts folder content before and after execution""" - delete_folder_content(ALERT_PATH) + delete_folder_content(ALERT_DIRECTORY) yield - delete_folder_content(ALERT_PATH) - - -def get_wazuh_internal_options() -> List[str]: - """Get current `internal_options.conf` file content. - - Returns - List of str: A list containing all the lines of the `ossec.conf` file. - """ - with open(WAZUH_INTERNAL_OPTIONS) as f: - lines = f.readlines() - return lines - - -def set_wazuh_internal_options(wazuh_local_internal_options: List[str]): - """Set up Wazuh `local_internal_options.conf` file content. - - Returns - List of str: A list containing all the lines of the `local_interal_options.conf` file. - """ - with open(WAZUH_INTERNAL_OPTIONS, 'w') as f: - f.writelines(wazuh_local_internal_options) - - -def change_internal_options(param, value, value_regex='[0-9]*'): - """Change the value of a given parameter in internal_options. - - Args: - param (str): parameter to change. - value (obj): new value. - value_regex (str, optional): regex to match value in local_internal_options.conf. Default '[0-9]*' - """ - add_pattern = True - with open(WAZUH_INTERNAL_OPTIONS, "r") as sources: - lines = sources.readlines() - - with open(WAZUH_INTERNAL_OPTIONS, "w") as sources: - for line in lines: - sources.write( - re.sub(f'{param}={value_regex}', f'{param}={value}', line)) - if param in line: - add_pattern = False - - if add_pattern: - with open(WAZUH_INTERNAL_OPTIONS, "a") as sources: - sources.write(f'\n\n{param}={value}') + delete_folder_content(ALERT_DIRECTORY) @pytest.fixture(scope='session') -def configure_internal_options_eps(): - """Fixture to configure the internal options file.""" +def configure_wazuh_one_thread(): + """Fixture to configure the local internal options file to work with one thread.""" + local_internal_options = {'analysisd.event_threads': '1', 'analysisd.syscheck_threads': '1', + 'analysisd.syscollector_threads': '1', 'analysisd.rootcheck_threads': '1', + 'analysisd.sca_threads': '1', 'analysisd.hostinfo_threads': '1', + 'analysisd.winevt_threads': '1', 'analysisd.rule_matching_threads': '1', + 'analysisd.dbsync_threads': '1', 'remoted.worker_pool': '1'} # Backup the old local internal options - backup_internal_options = get_wazuh_internal_options() - - change_internal_options('analysisd.event_threads', '1') - change_internal_options('analysisd.syscheck_threads', '1') - change_internal_options('analysisd.syscollector_threads', '1') - change_internal_options('analysisd.rootcheck_threads', '1') - change_internal_options('analysisd.sca_threads', '1') - change_internal_options('analysisd.hostinfo_threads', '1') - change_internal_options('analysisd.winevt_threads', '1') - change_internal_options('analysisd.rule_matching_threads', '1') - change_internal_options('analysisd.dbsync_threads', '1') - change_internal_options('remoted.worker_pool', '1') + backup_local_internal_options = configuration.get_wazuh_local_internal_options() + + # Add the new configuration to local internal options + configuration.add_wazuh_local_internal_options(configuration.create_local_internal_options(local_internal_options)) yield # Backup the old local internal options cofiguration - set_wazuh_internal_options(backup_internal_options) + configuration.set_wazuh_local_internal_options(backup_local_internal_options) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml index 549e68e862..89e1c04bc6 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml @@ -6,5 +6,6 @@ eps: '10000' time: '15' msg_size: '1' - keepalive_disabled: 'True' - receive_msg_disabled: 'True' + disable_keepalive_msg: 'True' + disable_receive_msg: 'True' + enable_logcollector_msg_number: 'True' diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index 58d1c62fe6..e7658a288e 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -25,6 +25,7 @@ t1_configuration_metadata) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_disabled(configuration, metadata, set_wazuh_configuration_eps, diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index 219c698ff1..17adbc2857 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -24,6 +24,7 @@ t1_configuration_metadata) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_enabled(configuration, metadata, set_wazuh_configuration_eps, diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 1bd508b97f..88220d06d0 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -41,6 +41,7 @@ t3_configuration_metadata) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_without_maximum(configuration, metadata, set_wazuh_configuration_eps, @@ -94,6 +95,7 @@ def test_without_maximum(configuration, metadata, set_wazuh_configuration_eps, check_if_deamon_is_not_running('wazuh-analysisd') +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, @@ -147,6 +149,7 @@ def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, check_if_deamon_is_not_running('wazuh-analysisd') +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_without_timeframe_maximum(configuration, metadata, set_wazuh_configuration_eps, diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index 26a9fa424a..63097cd8fa 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -26,6 +26,7 @@ t1_configuration_metadata) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_invalid_values(configuration, metadata, set_wazuh_configuration_eps, diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index aaa2e07775..35e0136a93 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -32,6 +32,7 @@ params_disabled_eps.update({'total_msg': total_msg}) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_disabled(configuration, metadata, set_wazuh_configuration_eps, @@ -79,6 +80,7 @@ def test_disabled(configuration, metadata, set_wazuh_configuration_eps, evm.check_eps_disabled() +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_disabled_eps], indirect=True) diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index ab9b356742..d0855f937e 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -6,6 +6,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.eps import LOGCOLLECTOR_MESSAGE pytestmark = [pytest.mark.server] @@ -48,11 +49,12 @@ params_process_old_events_multithread.update({'total_msg': total_msg}) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_one_thread], indirect=True) def test_process_old_events_one_thread(configuration, metadata, set_wazuh_configuration_eps, - configure_internal_options_eps, truncate_monitored_files, + configure_wazuh_one_thread, truncate_monitored_files, delete_alerts_folder, restart_wazuh_daemon_function, simulate_agent): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving @@ -82,7 +84,7 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. - - configure_internal_options_eps: + - configure_wazuh_one_thread: type: fixture brief: Set the wazuh internal option configuration according to the configuration data. - truncate_monitored_files: @@ -104,8 +106,6 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config input_description: - The `cases_process_old_events_one_thread.yaml` file provides the module configuration for this test. ''' - # Set logcollector message that the agent sents - logcollector_message = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' # Set the alerts start message start_alert_msg = '** Alert ' # Initial timestamp to compare @@ -124,16 +124,17 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config if(events_processed * time_events_processed <= events_received): for index in range((events_processed * time_events_processed) - 1): # Get the timestamp of the log - timestamp = evm.get_alert_timestamp(start_alert_msg, f"{logcollector_message} {index}") + timestamp = evm.get_alert_timestamp(start_alert_msg, f"{LOGCOLLECTOR_MESSAGE} {index}") # Check that the timestamp of the first message y lower than the previous one - assert timestamp >= timestamp_bkp, 'The timestamp of the previous message has to be lower than the '\ - 'next one' + assert timestamp >= timestamp_bkp, fr"The timestamp of the previous message {timestamp_bkp} has to be "\ + fr"lower than the follow one {timestamp}" # Store the timestamp to be compared with the next one timestamp_bkp = timestamp else: - raise Exception('Not enough messages were sent. Please increase the `total_msg` for this test.') + raise Exception('Not enough messages were sent.') +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_multithread], indirect=True) @@ -167,7 +168,7 @@ def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_conf - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. - - configure_internal_options_eps: + - configure_wazuh_one_thread: type: fixture brief: Set the wazuh internal option configuration according to the configuration data. - truncate_monitored_files: @@ -189,8 +190,6 @@ def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_conf input_description: - The `cases_process_old_events_multi_thread.yaml` file provides the module configuration for this test. ''' - # Set logcollector message that the agent sents - logcollector_message = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) events_received = evm.get_analysisd_state('events_received') @@ -202,5 +201,5 @@ def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_conf end_index = (index + 1) * frame # Iterate over the frame to find the respective numerated message for msg_number in range(start_index, end_index): - evm.get_msg_with_number(fr".*{logcollector_message} {msg_number}") + evm.get_msg_with_number(fr".*{LOGCOLLECTOR_MESSAGE} {msg_number}") index += 1 diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 1b232de618..624464a0f3 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -36,6 +36,7 @@ params_start_dropping_events_when_queue_full.update({'total_msg': total_msg}) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_dropping_events_when_queue_full], indirect=True) diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index 0180e0cb7a..7a5f9c464d 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -34,11 +34,10 @@ # It is sent `width_frame` time frame width to reduce test time execution width_frame = 3 total_msg = maximum_eps[0] * timeframe_eps_t1[0] * width_frame -if total_msg > QUEUE_SIZE: - total_msg = QUEUE_SIZE - 1 params_start_queuing_events_when_limit_reached.update({'total_msg': total_msg}) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_queuing_events_when_limit_reached], indirect=True) diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 9d9f65132b..651f35b73e 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -31,12 +31,13 @@ params_stop_processing_events = get_simulate_agent_configuration(configurations_simulate_agent_path) maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = maximum_eps[0] * timeframe_eps_t1[0] * 3 -if total_msg > QUEUE_SIZE: - total_msg = QUEUE_SIZE - 1 +# It is sent `width_frame` time frame width to reduce test time execution +width_frame = 3 +total_msg = maximum_eps[0] * timeframe_eps_t1[0] * width_frame params_stop_processing_events.update({'total_msg': total_msg}) +@pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_stop_processing_events], indirect=True) From e11d2837ed27265365d655c446a8d54999fdf55e Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 18 Aug 2022 15:40:51 -0300 Subject: [PATCH 10/79] refac: Refactor code style #2947 --- .../wazuh_testing/modules/eps/__init__.py | 14 ++++++++++++++ .../wazuh_testing/modules/eps/event_monitor.py | 15 +-------------- .../wazuh_testing/tools/agent_simulator.py | 1 - 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index 4d64615399..25f4812f3d 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -11,3 +11,17 @@ QUEUE_SIZE = 16384 # Set logcollector message that the agent sents LOGCOLLECTOR_MESSAGE = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' + + +def find_in_file(string_to_search, filename): + """Find a specific string in a file + + Args: + string_to_search (str): Word to find in the file + Returns: + str: Line that match in file + """ + with open(filename, 'r') as file: + for _, line in enumerate(file): + if string_to_search in line: + return line diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 2325c30800..13f173ca11 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -4,6 +4,7 @@ from wazuh_testing.modules import eps as eps from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE, ALERT_LOGS_PATH from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.modules.eps import find_in_file def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): @@ -67,20 +68,6 @@ def check_configuration_error(): 'in ossec.log', prefix=eps.MAILD_PREFIX) -def find_in_file(string_to_search, filename): - """Find a specific string in a file - - Args: - string_to_search (str): Word to find in the file - Returns: - str: Line that match in file - """ - with open(filename, 'r') as file: - for _, line in enumerate(file): - if string_to_search in line: - return line - - def get_analysisd_state(value): """Get the specified wazuh-analysisd.state value diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 17bb68537d..44e0f2257a 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -482,7 +482,6 @@ def process_message(self, sender, message): if kind == 'file' and "merged.mg" in name: self.update_checksum(checksum) - def process_command(self, sender, message_list): """Process agent received commands through the socket. From 82baa1011451c7a74ff8f85bd94ad63b90699f76 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 18 Aug 2022 16:10:31 -0300 Subject: [PATCH 11/79] refac: Refactor variable name #2947 --- deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index d0853a3da1..0b693ed024 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -117,7 +117,7 @@ def create_agents(args): agent = ag.Agent(manager_address=args.manager_address, os=args.os, registration_address=args.manager_registration_address, version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels, - enable_msg_number=args.enable_logcollector_message_number) + logcollector_msg_number=args.enable_logcollector_message_number) set_agent_modules_and_eps(agent, item[0].split(' ') + ['keepalive', 'receive_messages'], item[1].split(' ') + ['0', '0']) agents.append(agent) @@ -126,7 +126,7 @@ def create_agents(args): agent = ag.Agent(manager_address=args.manager_address, os=args.os, registration_address=args.manager_registration_address, version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels, - enable_msg_number=args.enable_logcollector_message_number) + logcollector_msg_number=args.enable_logcollector_message_number) set_agent_modules_and_eps(agent, args.modules, args.modules_eps) agents.append(agent) From f47ef67391c7172692aea1592154091355a89dc9 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 18 Aug 2022 16:29:01 -0300 Subject: [PATCH 12/79] refac: Refactor fixture to load local internal configuration #2947 --- tests/integration/test_analysisd/test_eps/conftest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index e071fa8f89..dbeb2bb7d8 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -104,7 +104,7 @@ def configure_wazuh_one_thread(): backup_local_internal_options = configuration.get_wazuh_local_internal_options() # Add the new configuration to local internal options - configuration.add_wazuh_local_internal_options(configuration.create_local_internal_options(local_internal_options)) + configuration.add_wazuh_local_internal_options(local_internal_options) yield From cb8c59b8f15ca3cf4230789671e00933d23170f2 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 18 Aug 2022 19:08:04 -0300 Subject: [PATCH 13/79] refac: Refactor fixture scope #2947 --- tests/integration/test_analysisd/test_eps/conftest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index dbeb2bb7d8..4b1ac5239f 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -91,7 +91,7 @@ def delete_alerts_folder(): delete_folder_content(ALERT_DIRECTORY) -@pytest.fixture(scope='session') +@pytest.fixture(scope='function') def configure_wazuh_one_thread(): """Fixture to configure the local internal options file to work with one thread.""" local_internal_options = {'analysisd.event_threads': '1', 'analysisd.syscheck_threads': '1', From 0817288565f338ebe2887127d7f0809933026573 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 19 Aug 2022 10:36:07 -0300 Subject: [PATCH 14/79] add: Add new fixture to load a basic configuration #2947 --- .../modules/eps/event_monitor.py | 20 +++++-- .../test_analysisd/test_eps/conftest.py | 26 ++++++++- .../data/wazuh_basic_configuration/ossec.conf | 55 +++++++++++++++++++ .../test_analysisd/test_eps/test_disabled.py | 5 +- .../test_analysisd/test_eps/test_enabled.py | 5 +- .../test_eps/test_invalid_configuration.py | 15 ++++- .../test_eps/test_invalid_values.py | 5 +- .../test_eps/test_no_eps_configuration.py | 15 +++-- ...t_process_old_events_instead_new_events.py | 18 ++++-- ...t_start_dropping_events_when_queue_full.py | 14 +++-- ...start_queuing_events_when_limit_reached.py | 14 +++-- .../test_eps/test_stop_processing_events.py | 8 ++- 12 files changed, 164 insertions(+), 36 deletions(-) create mode 100644 tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 13f173ca11..1326142f9c 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -68,14 +68,22 @@ def check_configuration_error(): 'in ossec.log', prefix=eps.MAILD_PREFIX) -def get_analysisd_state(value): - """Get the specified wazuh-analysisd.state value +def get_analysisd_state(): + """Get the states values of wazuh-analysisd.state file - Args: - value (str): wazuh-analisysd value + Returns: + dict: Dictionary with all analysisd state """ - line = find_in_file(value, ANALYSISD_STATE) - return float(line.split("\'")[1::2][0]) + data = "" + with open(ANALYSISD_STATE, 'r') as file: + for line in file.readlines(): + if not line.startswith("#") and not line.startswith('\n'): + data = data + line.replace('\'', '') + data = data[:-1] + analysisd_state = dict((a.strip(), b.strip()) for a, b in (element.split('=') + for element in data.split('\n'))) + + return analysisd_state def get_alert_timestamp(start_log, end_log): diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 4b1ac5239f..2eb0776ad6 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -2,8 +2,8 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 import os -import re import subprocess +import sys import socket import shutil from typing import List @@ -58,10 +58,11 @@ def simulate_agent(request): """Fixture to run the script simulate_agent.py""" # Get IP address of the host hostname = socket.gethostname() - IPAddr = socket.gethostbyname(hostname) + ip_addr = socket.gethostbyname(hostname) simulator_agent_script = os.path.abspath(SIMULATE_AGENT) - subprocess.call(f"python3 {simulator_agent_script} -a {IPAddr} -n {request.param['num_agent']} \ + python_executable = sys.executable + subprocess.call(f"{python_executable} {simulator_agent_script} -a {ip_addr} -n {request.param['num_agent']} \ -m {request.param['modules']} -s {request.param['eps']} -t {request.param['time']} \ -f {request.param['msg_size']} -e {request.param['total_msg']} \ -k {request.param['disable_keepalive_msg']} -d {request.param['disable_receive_msg']} \ @@ -110,3 +111,22 @@ def configure_wazuh_one_thread(): # Backup the old local internal options cofiguration configuration.set_wazuh_local_internal_options(backup_local_internal_options) + + +@pytest.fixture(scope='session') +def load_wazuh_basic_configuration(): + """Load a new basic ocnfiguration to the manager""" + # Reference paths + DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') + CONFIGURATIONS_PATH = os.path.join(DATA_PATH, 'wazuh_basic_configuration') + configurations_path = os.path.join(CONFIGURATIONS_PATH, 'ossec.conf') + + backup_ossec_configuration = configuration.get_wazuh_conf() + + with open(configurations_path, 'r') as file: + lines = file.readlines() + configuration.write_wazuh_conf(lines) + + yield + + configuration.write_wazuh_conf(backup_ossec_configuration) diff --git a/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf b/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf new file mode 100644 index 0000000000..73a3d7d9ff --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf @@ -0,0 +1,55 @@ + + + yes + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index e7658a288e..4661e781a2 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -28,7 +28,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_disabled(configuration, metadata, set_wazuh_configuration_eps, +def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is not started when `maximum` is set to a value equal to 0, or with an empty @@ -51,6 +51,9 @@ def test_disabled(configuration, metadata, set_wazuh_configuration_eps, - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index 17adbc2857..bdc2ae4f82 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -27,7 +27,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_enabled(configuration, metadata, set_wazuh_configuration_eps, +def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, @@ -50,6 +50,9 @@ def test_enabled(configuration, metadata, set_wazuh_configuration_eps, - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 88220d06d0..c111390202 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -44,7 +44,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_maximum(configuration, metadata, set_wazuh_configuration_eps, +def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` value is not present in the @@ -67,6 +67,9 @@ def test_without_maximum(configuration, metadata, set_wazuh_configuration_eps, - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -98,7 +101,7 @@ def test_without_maximum(configuration, metadata, set_wazuh_configuration_eps, @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, +def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `timeframe` value is not present in the @@ -121,6 +124,9 @@ def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -152,7 +158,7 @@ def test_without_timeframe(configuration, metadata, set_wazuh_configuration_eps, @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe_maximum(configuration, metadata, set_wazuh_configuration_eps, +def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` and/or `timeframe` are not present in the @@ -175,6 +181,9 @@ def test_without_timeframe_maximum(configuration, metadata, set_wazuh_configurat - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index 63097cd8fa..6da5750d0b 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -29,7 +29,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_invalid_values(configuration, metadata, set_wazuh_configuration_eps, +def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when an invalid value is set to `maximum` and/or `timeframe`. @@ -51,6 +51,9 @@ def test_invalid_values(configuration, metadata, set_wazuh_configuration_eps, - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index 35e0136a93..bf1c9a8ec1 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -35,7 +35,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_disabled(configuration, metadata, set_wazuh_configuration_eps, +def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is disabled when it is not configured. @@ -57,6 +57,9 @@ def test_disabled(configuration, metadata, set_wazuh_configuration_eps, - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -84,7 +87,7 @@ def test_disabled(configuration, metadata, set_wazuh_configuration_eps, @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_disabled_eps], indirect=True) -def test_without_eps_setting(configuration, metadata, set_wazuh_configuration_eps, +def test_without_eps_setting(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): ''' description: Check that limits EPS is disabled when it is not configured and the received events are similar or @@ -107,6 +110,9 @@ def test_without_eps_setting(configuration, metadata, set_wazuh_configuration_ep - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -131,8 +137,9 @@ def test_without_eps_setting(configuration, metadata, set_wazuh_configuration_ep ''' # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) - events_processed = evm.get_analysisd_state('events_processed') - events_received = evm.get_analysisd_state('events_received') + analysisd_state = evm.get_analysisd_state() + events_processed = int(analysisd_state['events_processed']) + events_received = int(analysisd_state['events_received']) # There are some internal event that are processed but not are reflected in events_received, That why it # has been used PERCENTAGE_PROCESS_MSGS variable assert events_processed >= events_received * PERCENTAGE_PROCESS_MSGS and events_processed > 0, 'The ' \ diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index d0855f937e..05bec4db84 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -53,7 +53,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_one_thread], indirect=True) -def test_process_old_events_one_thread(configuration, metadata, set_wazuh_configuration_eps, +def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, configure_wazuh_one_thread, truncate_monitored_files, delete_alerts_folder, restart_wazuh_daemon_function, simulate_agent): ''' @@ -81,6 +81,9 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -115,8 +118,9 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) - events_processed = int(evm.get_analysisd_state('events_processed')) - events_received = int(evm.get_analysisd_state('events_received')) + analysisd_state = evm.get_analysisd_state() + events_processed = int(analysisd_state['events_processed']) + events_received = int(analysisd_state['events_received']) # Check that the timestamp of the message in the alerts.log is lower than the next one # In order to reduce the test time execution, It will check {time_events_processed} consecutive timeframe @@ -138,7 +142,7 @@ def test_process_old_events_one_thread(configuration, metadata, set_wazuh_config @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_multithread], indirect=True) -def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_configuration_eps, +def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, delete_alerts_folder, restart_wazuh_daemon_function, simulate_agent): ''' @@ -165,6 +169,9 @@ def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_conf - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -192,7 +199,8 @@ def test_process_old_events_multi_thread(configuration, metadata, set_wazuh_conf ''' # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) - events_received = evm.get_analysisd_state('events_received') + analysisd_state = evm.get_analysisd_state() + events_received = int(analysisd_state['events_received']) index = 0 frame = metadata['timeframe'] * metadata['maximum'] # Iterate over each frame to find the respective numerated message belongs to the frame diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 624464a0f3..96e74d403d 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -40,7 +40,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_dropping_events_when_queue_full], indirect=True) -def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazuh_configuration_eps, +def test_start_dropping_events_when_queue_full(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): ''' @@ -65,6 +65,9 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazu - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -89,10 +92,11 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, set_wazu ''' # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) - events_processed = evm.get_analysisd_state('events_processed') - events_received = evm.get_analysisd_state('events_received') - events_dropped = evm.get_analysisd_state('events_dropped') - event_queue_usage = evm.get_analysisd_state('event_queue_usage') + analysisd_state = evm.get_analysisd_state() + events_processed = int(analysisd_state['events_processed']) + events_received = int(analysisd_state['events_received']) + events_dropped = int(analysisd_state['events_dropped']) + event_queue_usage = float(analysisd_state['event_queue_usage']) # Check that processed events reach the EPS limit assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index 7a5f9c464d..353dd776b2 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -41,7 +41,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_queuing_events_when_limit_reached], indirect=True) -def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wazuh_configuration_eps, +def test_start_queuing_events_when_limit_reached(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): ''' @@ -67,6 +67,9 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wa - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -91,10 +94,11 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, set_wa ''' # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) - events_processed = evm.get_analysisd_state('events_processed') - events_received = evm.get_analysisd_state('events_received') - events_dropped = evm.get_analysisd_state('events_dropped') - event_queue_usage = evm.get_analysisd_state('event_queue_usage') + analysisd_state = evm.get_analysisd_state() + events_processed = int(analysisd_state['events_processed']) + events_received = int(analysisd_state['events_received']) + events_dropped = int(analysisd_state['events_dropped']) + event_queue_usage = float(analysisd_state['event_queue_usage']) # Check that processed events reach the EPS limit assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 651f35b73e..bdd8903c86 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -41,7 +41,7 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_stop_processing_events], indirect=True) -def test_stops_processing_events(configuration, metadata, set_wazuh_configuration_eps, truncate_monitored_files, +def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must @@ -64,6 +64,9 @@ def test_stops_processing_events(configuration, metadata, set_wazuh_configuratio - metadata: type: dict brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -87,7 +90,8 @@ def test_stops_processing_events(configuration, metadata, set_wazuh_configuratio ''' # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) - events_processed = evm.get_analysisd_state('events_processed') + analysisd_state = evm.get_analysisd_state() + events_processed = int(analysisd_state['events_processed']) # Check that processed events reach the EPS limit assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ From 678f727efa8f4ebf3a6705d0fcdca94b86cf6582 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 19 Aug 2022 12:04:25 -0300 Subject: [PATCH 15/79] refac: Refactor code style and configuration files #2947 --- .../modules/eps/event_monitor.py | 3 +- .../configuration_disabled.yaml | 38 ------------------- .../configuration_enabled.yaml | 38 ------------------- .../configuration_invalid_values.yaml | 38 ------------------- .../configuration_no_eps_configuration.yaml | 29 -------------- ...process_old_events_instead_new_events.yaml | 38 ------------------- ...start_dropping_events_when_queue_full.yaml | 38 ------------------- ...art_queuing_events_when_limit_reached.yaml | 38 ------------------- .../configuration_stop_processing_events.yaml | 38 ------------------- .../configuration_without_maximum.yaml | 38 ------------------- .../configuration_without_timeframe.yaml | 38 ------------------- ...nfiguration_without_timeframe_maximum.yaml | 38 ------------------- ...t_process_old_events_instead_new_events.py | 11 +++--- ...t_start_dropping_events_when_queue_full.py | 6 +-- ...start_queuing_events_when_limit_reached.py | 6 +-- .../test_eps/test_stop_processing_events.py | 4 +- 16 files changed, 15 insertions(+), 424 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 1326142f9c..3d242dbe65 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -80,8 +80,7 @@ def get_analysisd_state(): if not line.startswith("#") and not line.startswith('\n'): data = data + line.replace('\'', '') data = data[:-1] - analysisd_state = dict((a.strip(), b.strip()) for a, b in (element.split('=') - for element in data.split('\n'))) + analysisd_state = dict((a.strip(), b.strip()) for a, b in (element.split('=') for element in data.split('\n'))) return analysisd_state diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml index d85b18b25d..36e43a39db 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml @@ -7,32 +7,3 @@ value: '1514' - protocol: value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml index bdb2960f93..abca5be254 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml @@ -9,41 +9,3 @@ value: MAXIMUM - timeframe: value: TIMEFRAME - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml index 891f6f7bc5..321e6bde36 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml @@ -7,41 +7,3 @@ elements: - maximum: value: MAXIMUM - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml index 20c4fd1b45..6b34146c32 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml @@ -5,41 +5,3 @@ elements: - eps: elements: - - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP - - - section: sca - elements: - - enabled: - value: 'no' - - - section: rootcheck - elements: - - disabled: - value: 'yes' - - - section: syscheck - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: 'yes' - - - section: wodle - attributes: - - name: osquery - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 05bec4db84..bca8f6c31c 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -53,9 +53,10 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_one_thread], indirect=True) -def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - configure_wazuh_one_thread, truncate_monitored_files, - delete_alerts_folder, restart_wazuh_daemon_function, simulate_agent): +def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration_eps, configure_wazuh_one_thread, + truncate_monitored_files, delete_alerts_folder, restart_wazuh_daemon_function, + simulate_agent): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving average frees up some space. To do this, read the alerts.log file and find the numerated alerts @@ -142,8 +143,8 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_process_old_events_multithread], indirect=True) -def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - truncate_monitored_files, delete_alerts_folder, +def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration_eps, truncate_monitored_files, delete_alerts_folder, restart_wazuh_daemon_function, simulate_agent): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 96e74d403d..4299ee292e 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -40,9 +40,9 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_dropping_events_when_queue_full], indirect=True) -def test_start_dropping_events_when_queue_full(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_function, - simulate_agent): +def test_start_dropping_events_when_queue_full(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration_eps, truncate_monitored_files, + restart_wazuh_daemon_function, simulate_agent): ''' description: Check that the `events_dropped` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be greater than 1 and, `event_queue_usage` is equal to 1 diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index 353dd776b2..3140cc042d 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -41,9 +41,9 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_start_queuing_events_when_limit_reached], indirect=True) -def test_start_queuing_events_when_limit_reached(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_function, - simulate_agent): +def test_start_queuing_events_when_limit_reached(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration_eps, truncate_monitored_files, + restart_wazuh_daemon_function, simulate_agent): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` and, the `events_received` value must be greater than diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index bdd8903c86..098978049a 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -41,8 +41,8 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_stop_processing_events], indirect=True) -def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, - restart_wazuh_daemon_function, simulate_agent): +def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` From 50562b8d772207af5eeddb6642cc82ac6c049ea8 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 22 Aug 2022 13:28:22 -0300 Subject: [PATCH 16/79] fix(#2947): fix simulate_agent.py path in fixture --- deps/wazuh_testing/wazuh_testing/__init__.py | 1 + deps/wazuh_testing/wazuh_testing/tools/__init__.py | 5 ++++- tests/integration/test_analysisd/test_eps/conftest.py | 3 +-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index 951447820e..5084d38077 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -32,6 +32,7 @@ API_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.log') API_JSON_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.json') API_LOG_FOLDER = os.path.join(WAZUH_PATH, 'logs', 'api') +WAZUH_QA_REṔO_PATH = os.path.dirname(os.path.abspath(__file__)) # Daemons LOGCOLLECTOR_DAEMON = 'wazuh-logcollector' diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index 7bfe6c66d4..3b33475a93 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -7,6 +7,9 @@ import subprocess import sys +from wazuh_testing import WAZUH_QA_REṔO_PATH + + if sys.platform == 'win32': WAZUH_PATH = os.path.join("C:", os.sep, "Program Files (x86)", "ossec-agent") WAZUH_CONF = os.path.join(WAZUH_PATH, 'ossec.conf') @@ -78,7 +81,7 @@ HOSTS_FILE_PATH = os.path.join('/', 'etc', 'hosts') GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') - SIMULATE_AGENT = os.path.join('deps', 'wazuh_testing', 'wazuh_testing', 'scripts', 'simulate_agents.py') + SIMULATE_AGENT = os.path.join(WAZUH_QA_REṔO_PATH, 'scripts', 'simulate_agents.py') WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 2eb0776ad6..5b066d06c4 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -60,9 +60,8 @@ def simulate_agent(request): hostname = socket.gethostname() ip_addr = socket.gethostbyname(hostname) - simulator_agent_script = os.path.abspath(SIMULATE_AGENT) python_executable = sys.executable - subprocess.call(f"{python_executable} {simulator_agent_script} -a {ip_addr} -n {request.param['num_agent']} \ + subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {request.param['num_agent']} \ -m {request.param['modules']} -s {request.param['eps']} -t {request.param['time']} \ -f {request.param['msg_size']} -e {request.param['total_msg']} \ -k {request.param['disable_keepalive_msg']} -d {request.param['disable_receive_msg']} \ From 796e304163c00656579f723dcddc3bcb483891fa Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 22 Aug 2022 14:53:00 -0300 Subject: [PATCH 17/79] refactor(#2947): refacor configuration and cases files --- .../configuration_without_maximum.yaml | 2 -- .../data/test_cases/cases_enabled.yaml | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml index abca5be254..7542135366 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml @@ -5,7 +5,5 @@ elements: - eps: elements: - - maximum: - value: MAXIMUM - timeframe: value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml index d326ae86fb..e08ad87780 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml @@ -6,3 +6,21 @@ metadata: maximum: 10 timeframe: 5 + +- name: EPS Limits enabled + description: EPS Limits enabled + configuration_parameters: + MAXIMUM: '500' + TIMEFRAME: '30' + metadata: + maximum: 500 + timeframe: 30 + +- name: EPS Limits enabled + description: EPS Limits enabled + configuration_parameters: + MAXIMUM: '1500' + TIMEFRAME: '120' + metadata: + maximum: 1500 + timeframe: 120 From 2d0b6260b6f27f97144c733bc70c157f035199d9 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 22 Aug 2022 15:41:37 -0300 Subject: [PATCH 18/79] feat(#2947): add test for default configuration --- .../test_eps/test_load_default_value.py | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 tests/integration/test_analysisd/test_eps/test_load_default_value.py diff --git a/tests/integration/test_analysisd/test_eps/test_load_default_value.py b/tests/integration/test_analysisd/test_eps/test_load_default_value.py new file mode 100644 index 0000000000..5996a288dc --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_load_default_value.py @@ -0,0 +1,80 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.tools.services import control_service +from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT, TIMEFRAME_DEFAULT_VALUE +from wazuh_testing.processes import check_if_deamon_is_running + + +pytestmark = [pytest.mark.server] + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') + +# Configuration and cases data +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe.yaml') + +# Test configurations without timeframe value (t2) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function): + ''' + description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, + and `timeframe` is not present. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check in the log that the EPS limits is enabled. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + + assertions: + - Verify that when the `maximum` value is set to a values greater than 0 and lower than 100000 and, `timeframe` + value is not set. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_enabled.yaml` file provides the module configuration for this test. + + expected_output: + - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' + ''' + evm.check_eps_enabled(metadata['maximum'], TIMEFRAME_DEFAULT_VALUE) + # Check that wazuh-analysisd is running + check_if_deamon_is_running('wazuh-analysisd') From 2de9f5708bc42fa820bfc90d1bc03430bb105349 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 23 Aug 2022 18:18:04 -0300 Subject: [PATCH 19/79] refactor(#2947): refactor tests --- .../wazuh_testing/modules/eps/__init__.py | 3 + .../configuration_no_eps_configuration.yaml | 9 -- .../cases_no_eps_configuration.yaml | 8 - .../cases_without_timeframe_maximum.yaml | 8 +- .../test_analysisd/test_eps/test_disabled.py | 67 ++++++++- .../test_eps/test_invalid_configuration.py | 138 +----------------- .../test_eps/test_no_eps_configuration.py | 63 ++------ ...start_queuing_events_when_limit_reached.py | 20 +-- 8 files changed, 99 insertions(+), 217 deletions(-) delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index 25f4812f3d..a99a1cb928 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -11,6 +11,9 @@ QUEUE_SIZE = 16384 # Set logcollector message that the agent sents LOGCOLLECTOR_MESSAGE = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' +TIMEFRAME_DEFAULT_VALUE = 10 +UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 +LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 def find_in_file(string_to_search, filename): diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml deleted file mode 100644 index 36e43a39db..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_no_eps_configuration.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- sections: - - section: remote - elements: - - connection: - value: secure - - port: - value: '1514' - - protocol: - value: TCP diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml deleted file mode 100644 index 025ec39253..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_no_eps_configuration.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: EPS Limits disables - description: EPS Limits disables - configuration_parameters: - MAXIMUM: '0' - TIMEFRAME: '5' - metadata: - maximum: 0 - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml index b210a8a321..b974f6631c 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml @@ -1,6 +1,6 @@ -- name: EPS Limits without timeframe value - description: EPS Limits without timeframe value +- name: EPS Limits without timeframe and maximun values + description: EPS Limits without timeframe and maximun values configuration_parameters: - MAXIMUM: '500' + MAXIMUM: ~ metadata: - maximum: 500 + maximum: ~ diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index 4661e781a2..f38cbdc3ee 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -15,15 +15,22 @@ TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') # Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') - +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_disabled.yaml') +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_maximum.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_maximum.yaml') + # Disabled test configurations (t1) t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, +t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata) +# Test configurations without maximum value (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, + t2_configuration_metadata) + @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @@ -78,3 +85,57 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w evm.check_eps_disabled() # Check that wazuh-analysisd is running check_if_deamon_is_running('wazuh-analysisd') + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) +def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, + truncate_monitored_files, restart_wazuh_daemon_function): + ''' + description: Check that limits EPS is not started when `maximum` value is not present in the configuration + file. + + test_phases: + - Set a custom Wazuh configuration. + - Truncate logs files. + - Restart wazuh-daemons. + - Check that wazuh manager does not start. + + wazuh_min_version: 4.4.0 + + tier: 0 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - load_wazuh_basic_configuration + type: fixture + brief: Load a basic configuration to the manager. + - set_wazuh_configuration_eps: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart all the wazuh daemons. + + assertions: + - Verify that when the `maximum` is not present, the EPS module is disabled. + - Verify that the wazuh-analysisd daemon is running. + + input_description: + - The `cases_without_maximun.yaml` file provides the module configuration for this test. + + expected_output: + - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' + ''' + evm.check_eps_disabled() + # Check that wazuh-analysisd is running + check_if_deamon_is_running('wazuh-analysisd') diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index c111390202..3673443ff0 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -16,152 +16,22 @@ TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') # Configuration and cases data -t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_maximum.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_maximum.yaml') +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximum.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe_maximum.yaml') -t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe.yaml') -t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe.yaml') - -t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximum.yaml') -t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe_maximum.yaml') - -# Test configurations without maximum value (t1) +# Test configurations without timeframe and maximum values (t1) t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata) -# Test configurations without timeframe value (t2) -t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) -t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, - t2_configuration_metadata) - -# Test configurations without timeframe and maximum values (t3) -t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path) -t3_configurations = load_configuration_template(t3_configurations_path, t3_configuration_parameters, - t3_configuration_metadata) - @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_after_finishing): - ''' - description: Check that wazuh manager is not started when `maximum` value is not present in the - configuration file. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check that wazuh manager does not start. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_after_finishing: - type: fixture - brief: Restart wazuh modules after finishing the test module. - - assertions: - - The error message appears when the `maximum` and/or `timeframe` values have invalid values. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_invalid_value.yaml` file provides the module configuration for this test. - - expected_output: - - r'.*: Configuration error at.*' - ''' - try: - control_service('restart') - except ValueError: - evm.check_configuration_error() - # Check that wazuh-analysisd is not running - check_if_deamon_is_not_running('wazuh-analysisd') - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_after_finishing): - ''' - description: Check that wazuh manager is not started when `timeframe` value is not present in the - configuration file - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check that wazuh manager does not start. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_after_finishing: - type: fixture - brief: Restart wazuh modules after finishing the test module. - - assertions: - - The error message appears when the `maximum` and/or `timeframe` values have invalid values. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_invalid_value.yaml` file provides the module configuration for this test. - - expected_output: - - r'.*: Configuration error at.*' - ''' - try: - control_service('restart') - except ValueError: - evm.check_configuration_error() - # Check that wazuh-analysisd is not running - check_if_deamon_is_not_running('wazuh-analysisd') - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' - description: Check that wazuh manager is not started when `maximum` and/or `timeframe` are not present in the + description: Check that wazuh manager is not started when `maximum` and `timeframe` are not present in the configuration file. test_phases: diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index bf1c9a8ec1..cfde8e0068 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -12,30 +12,19 @@ # Reference paths TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_no_eps_configuration.yaml') +# Simulate agent configuration configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, 'configuration_simulate_agent.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_no_eps_configuration.yaml') - -# Enabled test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) # Get simulate agent configurations (t1) params_disabled_eps = get_simulate_agent_configuration(configurations_simulate_agent_path) -timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] total_msg = 1000 # of 1Kb message of 16384 Kb of queue size params_disabled_eps.update({'total_msg': total_msg}) @pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_disabled(load_wazuh_basic_configuration, configure_local_internal_options_eps, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is disabled when it is not configured. @@ -51,18 +40,12 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w tier: 0 parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - configure_local_internal_options_eps: type: fixture - brief: Set the wazuh configuration according to the configuration data. + brief: Set the wazuh local internal option configuration. - truncate_monitored_files: type: fixture brief: Truncate all the log files and json alerts files before and after the test execution. @@ -70,13 +53,6 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w type: fixture brief: Restart all the wazuh daemons. - assertions: - - Verify that when the `maximum` value is set to 0 or with an empty value and, `timeframe` value is set to a - value greater than 0 and lower than 3600, the module EPS limits is not running. - - input_description: - - The `cases_no_eps_configuration.yaml` file provides the module configuration for this test. - expected_output: - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' ''' @@ -84,10 +60,9 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w @pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) @pytest.mark.parametrize('simulate_agent', [params_disabled_eps], indirect=True) -def test_without_eps_setting(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_without_eps_setting(load_wazuh_basic_configuration, configure_local_internal_options_eps, truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): ''' description: Check that limits EPS is disabled when it is not configured and the received events are similar or @@ -104,18 +79,12 @@ def test_without_eps_setting(configuration, metadata, load_wazuh_basic_configura tier: 0 parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - configure_local_internal_options_eps: type: fixture - brief: Set the wazuh configuration according to the configuration data. + brief: Set the wazuh local internal option configuration. - truncate_monitored_files: type: fixture brief: Truncate all the log files and json alerts files before and after the test execution. @@ -127,20 +96,14 @@ def test_without_eps_setting(configuration, metadata, load_wazuh_basic_configura brief: Execute a script that simulate agent and send `logcolector` logs to the manager. assertions: - - Verify the events_received are equal or greater than a porcentage of events_processed. - - input_description: - - The `cases_disabled.yaml` file provides the module configuration for this test. - - expected_output: - - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' + - Verify the events received are equal or greater than a porcentage of events processed. ''' - # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values - sleep(metadata['timeframe'] / 2) + # Wait ANALYSISD_STATE_INTERNAL_DEFAULT / 2 second to read the wazuh-analysisd.state to ensure corrects values + sleep(int(ANALYSISD_STATE_INTERNAL_DEFAULT) / 2) analysisd_state = evm.get_analysisd_state() events_processed = int(analysisd_state['events_processed']) events_received = int(analysisd_state['events_received']) - # There are some internal event that are processed but not are reflected in events_received, That why it - # has been used PERCENTAGE_PROCESS_MSGS variable + # There are some internal event that are processed but are not reflected in events_received, That why it + # has been used PERCENTAGE_PROCESS_MSGS variable assert events_processed >= events_received * PERCENTAGE_PROCESS_MSGS and events_processed > 0, 'The ' \ 'events_processed value is similar to events_received' diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index 3140cc042d..a0f4d1b42e 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -6,7 +6,8 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE +from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE, UPPER_QUEUE_HALF_SIZE_LIMIT, \ + LOWER_QUEUE_HALF_SIZE_LIMIT pytestmark = [pytest.mark.server] @@ -31,9 +32,7 @@ params_start_queuing_events_when_limit_reached = get_simulate_agent_configuration(configurations_simulate_agent_path) maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -# It is sent `width_frame` time frame width to reduce test time execution -width_frame = 3 -total_msg = maximum_eps[0] * timeframe_eps_t1[0] * width_frame +total_msg = maximum_eps[0] * timeframe_eps_t1[0] + int(QUEUE_SIZE / 2) params_start_queuing_events_when_limit_reached.update({'total_msg': total_msg}) @@ -47,8 +46,8 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, load_w ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` and, the `events_received` value must be greater than - `events_processed` and, the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is lower - than 1.0. + `events_processed` and, the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is + around 0,5 due to it is sent the maximum amount of message in a frame plus 50% of the queue total. test_phases: - Set a custom Wazuh configuration. @@ -108,7 +107,10 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, load_w # Check that events continue receiving although the EPS limit was reached assert events_received > events_processed, 'events_received must be bigger than events_processed' - # Check that there are not events dropped and the queue usage is less than 1.0 (100%). + # Check that there are not events dropped and the queue usage is less than 1.0 (100%) # This means the queue is not full - assert events_dropped == 0 and event_queue_usage < 1.0 and event_queue_usage > 0.0, 'events_dropped must be 0 ' \ - 'and event_queue_usage less than 1.0' + assert events_dropped == 0, 'events_dropped must be 0' + + # Check that event_queue_usage is around 50 % + assert event_queue_usage < UPPER_QUEUE_HALF_SIZE_LIMIT and event_queue_usage > LOWER_QUEUE_HALF_SIZE_LIMIT, \ + f"event_queue_usage have to be around 50 % (0.5), event_queue_usage = {event_queue_usage}" From d161264f68ed5fedfd45e8e5da907e39216cbcfc Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 23 Aug 2022 18:20:00 -0300 Subject: [PATCH 20/79] feat(#2947): add new fixture to load custom rules --- .../test_analysisd/test_eps/conftest.py | 21 ++++++++++++++++++- .../test_eps/data/wazuh_rules/local_rules.xml | 13 ++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 5b066d06c4..4fb3ad1c10 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -22,7 +22,7 @@ def restart_analysisd_function(): control_service('stop', daemon='wazuh-analysisd') -@pytest.fixture(scope='session') +@pytest.fixture(scope='module') def configure_local_internal_options_eps(request): """Fixture to configure the local internal options file.""" # Define local internal options for EPS tests @@ -129,3 +129,22 @@ def load_wazuh_basic_configuration(): yield configuration.write_wazuh_conf(backup_ossec_configuration) + + +@pytest.fixture(scope='module') +def load_local_rules(): + """Load local rules to override original rules""" + # Reference paths + DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') + CONFIGURATIONS_PATH = os.path.join(DATA_PATH, 'wazuh_rules') + configurations_path = os.path.join(CONFIGURATIONS_PATH, 'local_rules.xml') + + backup_local_rules = configuration.get_wazuh_local_rules() + + with open(configurations_path, 'r') as file: + lines = file.readlines() + configuration.write_wazuh_local_rules(lines) + + yield + + configuration.write_wazuh_local_rules(backup_local_rules) \ No newline at end of file diff --git a/tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml b/tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml new file mode 100644 index 0000000000..fd3b94246e --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml @@ -0,0 +1,13 @@ + + + + 9999 + + sshd: brute force trying to get access to the system. Non existent user. + + T1110 + + authentication_failures,gdpr_IV_35.7.d,gdpr_IV_32.2,hipaa_164.312.b,nist_800_53_SI.4,nist_800_53_AU.14,nist_800_53_AC.7,pci_dss_11.4,pci_dss_10.2.4,pci_dss_10.2.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3, + + + From 6bb603f999655ba6eda5455b2093c6bc4f65124d Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 23 Aug 2022 18:21:21 -0300 Subject: [PATCH 21/79] refactor(#2947): refacator to use filemonitor --- .../modules/eps/event_monitor.py | 22 ++++++++++++++-- .../wazuh_testing/tools/configuration.py | 26 ++++++++++++++++++- ...t_process_old_events_instead_new_events.py | 21 +++++++++------ 3 files changed, 58 insertions(+), 11 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 3d242dbe65..cacdb7a3eb 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -3,8 +3,7 @@ from wazuh_testing.modules import eps as eps from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE, ALERT_LOGS_PATH -from wazuh_testing.tools.monitoring import FileMonitor -from wazuh_testing.modules.eps import find_in_file +from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): @@ -111,3 +110,22 @@ def get_msg_with_number(message): check_analysisd_event(timeout=eps.T_20, callback=message, error_message=fr"Could not find the event: {message}", prefix="", file_to_monitor=ALERT_LOGS_PATH) + + +def get_msg_with_number(file_monitor, message, accum_results): + """Check if the alerts.log file contains the message + + Args: + file_monitor (FileMonitor): Wazuh log monitor + message (str): Message to find + accum_results (int): Total message to accumulate + + Returns: + list: List of messages number + """ + error_message = f"Could not find this event in {message}" + + result = file_monitor.start(timeout=eps.T_20, update_position=True, accum_results=accum_results, + callback=generate_monitoring_callback(message), error_message=error_message).result() + + return result diff --git a/deps/wazuh_testing/wazuh_testing/tools/configuration.py b/deps/wazuh_testing/wazuh_testing/tools/configuration.py index e0e75b4787..3a8cc3c43b 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/configuration.py +++ b/deps/wazuh_testing/wazuh_testing/tools/configuration.py @@ -13,7 +13,8 @@ from typing import List, Any, Set from wazuh_testing import global_parameters, logger -from wazuh_testing.tools import WAZUH_PATH, GEN_OSSEC, WAZUH_CONF, PREFIX, WAZUH_LOCAL_INTERNAL_OPTIONS, AGENT_CONF +from wazuh_testing.tools import WAZUH_PATH, GEN_OSSEC, WAZUH_CONF, PREFIX, WAZUH_LOCAL_INTERNAL_OPTIONS, AGENT_CONF, \ + LOCAL_RULES_PATH from wazuh_testing import global_parameters, logger from wazuh_testing.tools import file @@ -760,3 +761,26 @@ def get_simulate_agent_configuration(data_file_path): configuration_parameters.update(test_case['configuration_parameters']) return configuration_parameters + + +def get_wazuh_local_rules() -> List[str]: + """ + Get current `local_rules.xml` file content. + + Returns + List of str: A list containing all the lines of the `local_rules.xml` file. + """ + with open(LOCAL_RULES_PATH) as f: + lines = f.readlines() + return lines + + +def write_wazuh_local_rules(local_rules: List[str]): + """ + Write new rules in 'local_rules.xml' file. + + Args: + local_rules (list or str): Lines to be written in the local_rules.xml file. + """ + with open(LOCAL_RULES_PATH, 'w') as f: + f.writelines(local_rules) diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index bca8f6c31c..8dbdf2887c 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -6,7 +6,9 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.modules.eps import LOGCOLLECTOR_MESSAGE +from wazuh_testing.tools import ALERT_FILE_PATH pytestmark = [pytest.mark.server] @@ -148,7 +150,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas restart_wazuh_daemon_function, simulate_agent): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving - average frees up some space. To do this, read the alerts.log file and find the numerated alerts + average frees up some space. To do this, read the alerts.json file and find the numerated alerts messages with the FileMonitor tool. To do so, it iterates the `n` frames of `maximum` * `timeframe` and checks if the message number belongs to the respective frame. @@ -176,15 +178,15 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. + - load_local_rules: + type: fixture + brief: Set the local_rules.xml to override rules. - configure_wazuh_one_thread: type: fixture brief: Set the wazuh internal option configuration according to the configuration data. - truncate_monitored_files: type: fixture brief: Truncate all the log files and json alerts files before and after the test execution. - - delete_alerts_folder: - type: fixture - brief: Delete all the content od the /var/log/alerts folder. - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. @@ -198,17 +200,20 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas input_description: - The `cases_process_old_events_multi_thread.yaml` file provides the module configuration for this test. ''' + file_monitor = FileMonitor(ALERT_FILE_PATH) # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values sleep(metadata['timeframe'] / 2) analysisd_state = evm.get_analysisd_state() events_received = int(analysisd_state['events_received']) index = 0 frame = metadata['timeframe'] * metadata['maximum'] - # Iterate over each frame to find the respective numerated message belongs to the frame + total_msg_number_list = evm.get_msg_with_number(file_monitor, fr".*{LOGCOLLECTOR_MESSAGE} (\d+).*", total_msg) while (index + 1) * frame <= events_received: start_index = index * frame end_index = (index + 1) * frame - # Iterate over the frame to find the respective numerated message - for msg_number in range(start_index, end_index): - evm.get_msg_with_number(fr".*{LOGCOLLECTOR_MESSAGE} {msg_number}") + number_list = total_msg_number_list[start_index: end_index] + + assert all(int(number) >= start_index and int(number) < end_index for number in number_list), \ + 'Some messages are not in the correct frame' + index += 1 From e98b02a2d1827d413bb81f98686ab6d5e8d99ba3 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 23 Aug 2022 18:24:42 -0300 Subject: [PATCH 22/79] docs(#2947): refactor documentation --- .../test_eps/test_start_dropping_events_when_queue_full.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 4299ee292e..38af0e38e1 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -106,14 +106,14 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, load_waz # Check that events continue receiving although the EPS limit was reached assert events_received > events_processed, 'events_received must be bigger than events_processed' - # Check that there is no event dropped and the queue usage is less than 1.0 (100%). This means the queue is not full + # Check that there is event dropped. This means the queue is full assert events_dropped >= int(expected_msg_dropped * PERCENTAGE_PROCESS_MSGS) \ and events_dropped <= int(expected_msg_dropped * (1 + (1 - PERCENTAGE_PROCESS_MSGS))), 'events_dropped must '\ 'be in the range of (total_msg - QUEUE_SIZE)' - # Check that there is no event dropped and the queue usage is less than 1.0 (100%). This means the queue is not full + # Check that the queue usage is 1.0 (100%). This means the queue is full assert event_queue_usage == 1.0, 'event_queue_usage must be 1.0' - # Check that events_dropped are in the range of events_received - events_processed + # Check that events_processed are in the range of events_received - events_dropped assert events_processed <= events_received - events_dropped, 'events_processed must be lower than' \ 'events_received - events_dropped' From 42a54a725e9a07224b85b94b2dd1bced2ce3dc65 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 23 Aug 2022 18:28:17 -0300 Subject: [PATCH 23/79] refactor(#2947): refactor code style --- tests/integration/test_analysisd/test_eps/conftest.py | 2 +- .../test_eps/test_start_queuing_events_when_limit_reached.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 4fb3ad1c10..049a9e8673 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -147,4 +147,4 @@ def load_local_rules(): yield - configuration.write_wazuh_local_rules(backup_local_rules) \ No newline at end of file + configuration.write_wazuh_local_rules(backup_local_rules) diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index a0f4d1b42e..903e91c1c7 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -112,5 +112,5 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, load_w assert events_dropped == 0, 'events_dropped must be 0' # Check that event_queue_usage is around 50 % - assert event_queue_usage < UPPER_QUEUE_HALF_SIZE_LIMIT and event_queue_usage > LOWER_QUEUE_HALF_SIZE_LIMIT, \ + assert event_queue_usage < UPPER_QUEUE_HALF_SIZE_LIMIT and event_queue_usage > LOWER_QUEUE_HALF_SIZE_LIMIT, \ f"event_queue_usage have to be around 50 % (0.5), event_queue_usage = {event_queue_usage}" From 324fd735d1fd860a9a1d7db9c90c1c894ef71f2b Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 16:43:15 -0300 Subject: [PATCH 24/79] feat(#2947)!: add send event with custom messages --- .../wazuh_testing/scripts/simulate_agents.py | 11 +++++++++-- .../wazuh_testing/tools/agent_simulator.py | 15 +++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index 0b693ed024..41744bf900 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -117,7 +117,8 @@ def create_agents(args): agent = ag.Agent(manager_address=args.manager_address, os=args.os, registration_address=args.manager_registration_address, version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels, - logcollector_msg_number=args.enable_logcollector_message_number) + logcollector_msg_number=args.enable_logcollector_message_number, + custom_logcollector_message=args.custom_logcollector_message) set_agent_modules_and_eps(agent, item[0].split(' ') + ['keepalive', 'receive_messages'], item[1].split(' ') + ['0', '0']) agents.append(agent) @@ -126,7 +127,8 @@ def create_agents(args): agent = ag.Agent(manager_address=args.manager_address, os=args.os, registration_address=args.manager_registration_address, version=args.version, fixed_message_size=args.fixed_message_size, labels=custom_labels, - logcollector_msg_number=args.enable_logcollector_message_number) + logcollector_msg_number=args.enable_logcollector_message_number, + custom_logcollector_message=args.custom_logcollector_message) set_agent_modules_and_eps(agent, args.modules, args.modules_eps) agents.append(agent) @@ -349,6 +351,11 @@ def main(): help='Enable logcollector message number', required=False, default=False, dest='enable_logcollector_message_number') + arg_parser.add_argument('-g', '--custom-logcollector-message', + metavar='', type=str, + help='Custom logcollector message', + required=False, default='', dest='custom_logcollector_message') + args = arg_parser.parse_args() process_script_parameters(args) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 44e0f2257a..11109476e5 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -69,6 +69,7 @@ class Agent: registration_address (str, optional): Manager registration IP address. retry_enrollment (bool, optional): retry then enrollment in case of error. logcollector_msg_number (bool, optional): insert in the logcollector message the message number. + custom_logcollector_message (str): Custom logcollector message to be sent by the agent. Attributes: id (str): ID of the agent. @@ -121,7 +122,7 @@ def __init__(self, manager_address, cypher="aes", os=None, rootcheck_sample=None rootcheck_frequency=60.0, rcv_msg_limit=0, keepalive_frequency=10.0, sca_frequency=60, syscollector_frequency=60.0, syscollector_batch_size=10, hostinfo_eps=100, winevt_eps=100, fixed_message_size=None, registration_address=None, retry_enrollment=False, - logcollector_msg_number=None): + logcollector_msg_number=None, custom_logcollector_message=''): self.id = id self.name = name self.key = key @@ -186,6 +187,7 @@ def __init__(self, manager_address, cypher="aes", os=None, rootcheck_sample=None self.rcv_msg_queue = Queue(rcv_msg_limit) self.fixed_message_size = fixed_message_size * 1024 if fixed_message_size is not None else None self.logcollector_msg_number = logcollector_msg_number + self.custom_logcollector_message = custom_logcollector_message self.setup(disable_all_modules=disable_all_modules) def update_checksum(self, new_checksum): @@ -663,7 +665,8 @@ def initialize_modules(self, disable_all_modules): def init_logcollector(self): """Initialize logcollector module.""" if self.logcollector is None: - self.logcollector = Logcollector(self.logcollector_msg_number) + self.logcollector = Logcollector(enable_msg_number=self.logcollector_msg_number, \ + custom_logcollector_message=self.custom_logcollector_message) def init_sca(self): """Initialize init_sca module.""" @@ -1015,12 +1018,13 @@ def get_message(self): class Logcollector: """This class allows the generation of logcollector events.""" - def __init__(self, enable_msg_number=None): + def __init__(self, enable_msg_number=None, custom_logcollector_message=''): self.logcollector_tag = 'syslog' self.logcollector_mq = 'x' # Those variables were added only in logcollector module to perform EPS test that need numbered messages. self.message_counter = 0 self.enable_msg_number = enable_msg_number + self.custom_logcollector_message = custom_logcollector_message def generate_event(self): """Generate logcollector event @@ -1028,7 +1032,10 @@ def generate_event(self): Returns: str: a Logcollector generated message """ - log = 'Mar 24 10:12:36 centos8 sshd[12249]: Invalid user random_user from 172.17.1.1 port 56550' + if not self.custom_logcollector_message: + log = 'Mar 24 10:12:36 centos8 sshd[12249]: Invalid user random_user from 172.17.1.1 port 56550' + else: + log = self.custom_logcollector_message if self.enable_msg_number: message_counter_info = f"Message number: {self.message_counter}" From 051119e582422da2ffae93893b8334a85e70f616 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 16:46:43 -0300 Subject: [PATCH 25/79] refactor(#2947): refactor variable name --- deps/wazuh_testing/wazuh_testing/__init__.py | 2 +- deps/wazuh_testing/wazuh_testing/tools/__init__.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index 5084d38077..2696846e0d 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -32,7 +32,7 @@ API_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.log') API_JSON_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.json') API_LOG_FOLDER = os.path.join(WAZUH_PATH, 'logs', 'api') -WAZUH_QA_REṔO_PATH = os.path.dirname(os.path.abspath(__file__)) +WAZUH_TESTING_PATH = os.path.dirname(os.path.abspath(__file__)) # Daemons LOGCOLLECTOR_DAEMON = 'wazuh-logcollector' diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index 3b33475a93..187501e081 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -7,7 +7,7 @@ import subprocess import sys -from wazuh_testing import WAZUH_QA_REṔO_PATH +from wazuh_testing import WAZUH_TESTING_PATH if sys.platform == 'win32': @@ -81,7 +81,7 @@ HOSTS_FILE_PATH = os.path.join('/', 'etc', 'hosts') GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') - SIMULATE_AGENT = os.path.join(WAZUH_QA_REṔO_PATH, 'scripts', 'simulate_agents.py') + SIMULATE_AGENT = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'simulate_agents.py') WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: From 0af092955ec859b488b47872cf60a4e9c511f600 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 16:48:03 -0300 Subject: [PATCH 26/79] feat(#2947): add new callback to look for regex --- .../wazuh_testing/tools/monitoring.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/tools/monitoring.py b/deps/wazuh_testing/wazuh_testing/tools/monitoring.py index faf5628b78..86d0e2b6b3 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/monitoring.py +++ b/deps/wazuh_testing/wazuh_testing/tools/monitoring.py @@ -1081,3 +1081,20 @@ def callback_authd_startup(line): if 'Accepting connections on port 1515' in line: return line return None + + +def generate_monitoring_callback_groups(regex): + """ + Generates a new callback that look for a specific pattern on a line passed. + If it finds a match, it returns the matched groups. + Args: + regex (str): regex to use to look for a match. + """ + def new_callback(line): + match = re.match(regex, line) + if match: + if match.groups() is not None: + return match.groups() + return True + + return new_callback From 707da67215c8bb0286acc6884cfe1b12d5006974 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 16:53:32 -0300 Subject: [PATCH 27/79] refactor(#2947): refactor test name --- ...{test_load_default_value.py => test_default_values.py} | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) rename tests/integration/test_analysisd/test_eps/{test_load_default_value.py => test_default_values.py} (90%) diff --git a/tests/integration/test_analysisd/test_eps/test_load_default_value.py b/tests/integration/test_analysisd/test_eps/test_default_values.py similarity index 90% rename from tests/integration/test_analysisd/test_eps/test_load_default_value.py rename to tests/integration/test_analysisd/test_eps/test_default_values.py index 5996a288dc..16df55597b 100644 --- a/tests/integration/test_analysisd/test_eps/test_load_default_value.py +++ b/tests/integration/test_analysisd/test_eps/test_default_values.py @@ -19,7 +19,7 @@ t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe.yaml') -# Test configurations without timeframe value (t2) +# Test configurations without timeframe value (t1) t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata) @@ -32,7 +32,7 @@ def test_without_timeframe(configuration, metadata, load_wazuh_basic_configurati truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, - and `timeframe` is not present. + and `timeframe` is not present. In this case, 'timeframe' will be set with a default value. test_phases: - Set a custom Wazuh configuration. @@ -65,12 +65,10 @@ def test_without_timeframe(configuration, metadata, load_wazuh_basic_configurati brief: Restart all the wazuh daemons. assertions: - - Verify that when the `maximum` value is set to a values greater than 0 and lower than 100000 and, `timeframe` - value is not set. - Verify that the wazuh-analysisd daemon is running. input_description: - - The `cases_enabled.yaml` file provides the module configuration for this test. + - The `cases_without_timeframe.yaml` file provides the module configuration for this test. expected_output: - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' From c6196b1d670241d32b18fdfa879a642a5554d314 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 16:57:17 -0300 Subject: [PATCH 28/79] refactor(#2947): refactor simulate agent fixture --- .../wazuh_testing/modules/eps/__init__.py | 29 ++++++++++++++++++- .../test_analysisd/test_eps/conftest.py | 17 ++--------- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index a99a1cb928..694ed96a1d 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -1,7 +1,16 @@ + +import socket +import subprocess +import sys + +from wazuh_testing.tools import SIMULATE_AGENT + + # Timeouts T_10 = 10 T_20 = 20 T_60 = 60 +T_80 = 80 ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' MAILD_PREFIX = r'.*wazuh-maild.*' @@ -10,7 +19,7 @@ PERCENTAGE_PROCESS_MSGS = 0.95 QUEUE_SIZE = 16384 # Set logcollector message that the agent sents -LOGCOLLECTOR_MESSAGE = 'Invalid user random_user from 172.17.1.1 port 56550:Message number:' +LOGCOLLECTOR_MESSAGE = 'Invalid user random_user from 1.1.1.1 port 11111:Message number:' TIMEFRAME_DEFAULT_VALUE = 10 UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 @@ -28,3 +37,21 @@ def find_in_file(string_to_search, filename): for _, line in enumerate(file): if string_to_search in line: return line + + +def simulate_agent_function(param): + """Function to run the script simulate_agent.py + + Args: + param (dict): Dictionary with script parameters + """ + # Get IP address of the host + hostname = socket.gethostname() + ip_addr = socket.gethostbyname(hostname) + + python_executable = sys.executable + subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {param['num_agent']} \ + -m {param['modules']} -s {param['eps']} -t {param['time']} \ + -f {param['msg_size']} -e {param['total_msg']} \ + -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ + -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 049a9e8673..a92887b04c 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -2,16 +2,14 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 import os -import subprocess -import sys -import socket import shutil from typing import List import pytest from wazuh_testing.tools.services import control_service -from wazuh_testing.tools import configuration, SIMULATE_AGENT, ARCHIVES_LOG_FILE_PATH, \ +from wazuh_testing.tools import configuration, ARCHIVES_LOG_FILE_PATH, \ ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_DIRECTORY, WAZUH_INTERNAL_OPTIONS +from wazuh_testing.modules.eps import simulate_agent_function @pytest.fixture(scope='function') @@ -56,16 +54,7 @@ def set_wazuh_configuration_eps(configuration, set_wazuh_configuration, configur @pytest.fixture(scope='function') def simulate_agent(request): """Fixture to run the script simulate_agent.py""" - # Get IP address of the host - hostname = socket.gethostname() - ip_addr = socket.gethostbyname(hostname) - - python_executable = sys.executable - subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {request.param['num_agent']} \ - -m {request.param['modules']} -s {request.param['eps']} -t {request.param['time']} \ - -f {request.param['msg_size']} -e {request.param['total_msg']} \ - -k {request.param['disable_keepalive_msg']} -d {request.param['disable_receive_msg']} \ - -c {request.param['enable_logcollector_msg_number']}", shell=True) + simulate_agent_function(request.param) yield From 5f1b6cb2a0f3f202bfba77e973bd291df2939188 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 16:57:41 -0300 Subject: [PATCH 29/79] feat(#2947): add message for simulate agent --- .../test_eps/data/configuration_simulate_agent.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml index 89e1c04bc6..262f478027 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml @@ -9,3 +9,4 @@ disable_keepalive_msg: 'True' disable_receive_msg: 'True' enable_logcollector_msg_number: 'True' + message: '"Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 1.1.1.1 port 11111"' From 9ae4dae8ad46917bfae03d7726eea02f4a4c931a Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 17:02:42 -0300 Subject: [PATCH 30/79] refactor(#2947): refactor code style --- deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 11109476e5..7263e53cc3 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -665,7 +665,7 @@ def initialize_modules(self, disable_all_modules): def init_logcollector(self): """Initialize logcollector module.""" if self.logcollector is None: - self.logcollector = Logcollector(enable_msg_number=self.logcollector_msg_number, \ + self.logcollector = Logcollector(enable_msg_number=self.logcollector_msg_number, custom_logcollector_message=self.custom_logcollector_message) def init_sca(self): From 14ffd58b47c62fbdf9faa3bcc6d5766b16b59684 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 21:38:56 -0300 Subject: [PATCH 31/79] feat(#2947): add new custom messages --- deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index 694ed96a1d..cf51cde954 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -23,6 +23,9 @@ TIMEFRAME_DEFAULT_VALUE = 10 UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 +LOGCOLLECTOR_CUSTOM_MESSAGE_1 = 'Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 1.1.1.1 port 11111' +LOGCOLLECTOR_CUSTOM_MESSAGE_2 = 'Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 2.2.2.2 port 22222' +LOGCOLLECTOR_CUSTOM_MESSAGE_3 = 'Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 3.3.3.3 port 33333' def find_in_file(string_to_search, filename): From 1d7050a46733a8a29e4fcbb9c00f24cca3af568e Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 21:40:15 -0300 Subject: [PATCH 32/79] refactor(#2947): refactor configuration and tcase --- .../test_eps/data/configuration_simulate_agent.yaml | 2 +- .../test_cases/cases_process_old_events_multi_thread.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml index 262f478027..32f92ce0af 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml @@ -9,4 +9,4 @@ disable_keepalive_msg: 'True' disable_receive_msg: 'True' enable_logcollector_msg_number: 'True' - message: '"Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 1.1.1.1 port 11111"' + message: '' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml index ba4ef96f48..1de7d0a995 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml @@ -1,8 +1,8 @@ - name: EPS Limits process old events instead of new ones - Multithread description: EPS Limits process old events instead of new ones - Multithread configuration_parameters: - MAXIMUM: '10' - TIMEFRAME: '5' + MAXIMUM: '2' + TIMEFRAME: '60' metadata: - maximum: 10 - timeframe: 5 + maximum: 2 + timeframe: 60 From 70d4e4d6710c5eaad3cd4a029425ac87000fb08d Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 21:41:17 -0300 Subject: [PATCH 33/79] refactor(#2947): refactor callback function --- .../wazuh_testing/modules/eps/event_monitor.py | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index cacdb7a3eb..d6fe5c3ded 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -3,7 +3,7 @@ from wazuh_testing.modules import eps as eps from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE, ALERT_LOGS_PATH -from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback +from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback_groups def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): @@ -101,17 +101,6 @@ def get_alert_timestamp(start_log, end_log): return datetime.fromtimestamp(float(timestamp)).strftime('%Y-%m-%d %H:%M:%S') -def get_msg_with_number(message): - """Check if the alerts.log file contains the message - - Args: - message (str): Message to find - """ - check_analysisd_event(timeout=eps.T_20, callback=message, - error_message=fr"Could not find the event: {message}", prefix="", - file_to_monitor=ALERT_LOGS_PATH) - - def get_msg_with_number(file_monitor, message, accum_results): """Check if the alerts.log file contains the message @@ -125,7 +114,8 @@ def get_msg_with_number(file_monitor, message, accum_results): """ error_message = f"Could not find this event in {message}" - result = file_monitor.start(timeout=eps.T_20, update_position=True, accum_results=accum_results, - callback=generate_monitoring_callback(message), error_message=error_message).result() + result = file_monitor.start(timeout=eps.T_80, update_position=True, accum_results=accum_results, + callback=generate_monitoring_callback_groups(message), + error_message=error_message).result() return result From fe5c0e26291e553a785374aaa672d7affaf63063 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 21:47:36 -0300 Subject: [PATCH 34/79] refactor(#2947): refactor code style --- deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 7263e53cc3..d467968f9d 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -665,7 +665,7 @@ def initialize_modules(self, disable_all_modules): def init_logcollector(self): """Initialize logcollector module.""" if self.logcollector is None: - self.logcollector = Logcollector(enable_msg_number=self.logcollector_msg_number, + self.logcollector = Logcollector(enable_msg_number=self.logcollector_msg_number, custom_logcollector_message=self.custom_logcollector_message) def init_sca(self): From 1bade87365ab0888a041f68cd5e430d6420e5b9f Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 24 Aug 2022 22:14:51 -0300 Subject: [PATCH 35/79] refactor(#2947): refactor agent simulator config --- .../test_eps/data/configuration_simulate_agent.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml index 32f92ce0af..ee2ac0557d 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml @@ -9,4 +9,4 @@ disable_keepalive_msg: 'True' disable_receive_msg: 'True' enable_logcollector_msg_number: 'True' - message: '' + message: '""' From c193f97b1779e498385acb5c58c775988ad3105a Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 26 Aug 2022 13:31:11 -0300 Subject: [PATCH 36/79] feat(#2947): add syslog simulator --- .../wazuh_testing/modules/eps/__init__.py | 14 +++- .../wazuh_testing/scripts/syslog_simulator.py | 84 +++++++++++++++++++ .../wazuh_testing/tools/__init__.py | 1 + 3 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index cf51cde954..18ab3d31b6 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -3,7 +3,7 @@ import subprocess import sys -from wazuh_testing.tools import SIMULATE_AGENT +from wazuh_testing.tools import SIMULATE_AGENT, SYSLOG_SIMULATOR # Timeouts @@ -58,3 +58,15 @@ def simulate_agent_function(param): -f {param['msg_size']} -e {param['total_msg']} \ -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) + + +def syslog_simulator_function(param): + """Function to run the script syslog_simulator.py + + Args: + param (dict): Dictionary with script parameters + """ + python_executable = sys.executable + subprocess.call(f"{python_executable} {SYSLOG_SIMULATOR} -m {param['message']} -e {param['total_msg']} \ + -f {param['msg_size']} -t {param['interval_burst_time']} -b {param['messages_per_burst']}", + shell=True) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py new file mode 100644 index 0000000000..49c613fe6b --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -0,0 +1,84 @@ +import argparse +import logging +import logging.handlers +from logging.handlers import SysLogHandler +from time import sleep +from sys import getsizeof + +class CreateSyslogger: + """Class that allows sending syslog messages. + + Args: + args (argparse.Namespace): Script args. + """ + def __init__(self, args): + self.syslogger = logging.getLogger() + self.syslogger.setLevel(logging.DEBUG) + self.handler = SysLogHandler(address='/dev/log') + self.formatter = logging.Formatter(fmt='%(message)s') + self.handler.setFormatter(self.formatter) + self.syslogger.addHandler(self.handler) + self.message = args.message + self.total_msg = args.total_msg + self.fixed_message_size = args.fixed_message_size * 1024 if args.fixed_message_size is not None else None + self.interval_burst_time = args.interval_burst_time + self.messages_per_burst = args.messages_per_burst + + def send_syslog_messages(self, message): + """Send syslog messages""" + self.syslogger.debug(message) + + def run_module(self): + """Send syslog messages according to the input parameters""" + sent_messages = 0 + sent_messages_burst = 0 + while self.total_msg is not None and sent_messages < self.total_msg: + message = f"{self.message} {sent_messages}" + # Add dummy chars if the message size is not reachead + if self.fixed_message_size is not None: + event_msg_size = getsizeof(message) + dummy_message_size = self.fixed_message_size - event_msg_size + char_size = getsizeof(message[0]) - getsizeof('') + message += 'A' * (dummy_message_size//char_size) + # Create interval between messages to simulate burst of messages + if self.interval_burst_time is not None and self.messages_per_burst is not None: + if sent_messages_burst < self.messages_per_burst: + sent_messages_burst += 1 + else: + sleep(self.interval_burst_time) + sent_messages_burst = 1 + # Send message + self.send_syslog_messages(message) + sent_messages += 1 + + +def main(): + arg_parser = argparse.ArgumentParser() + + arg_parser.add_argument('-m', '--message', metavar='', type=str, required=True, + default='Login failed: admin, test message, Message number:', + help="The syslog message", dest='message') + + arg_parser.add_argument('-e', '--total-msg', metavar='', type=int, + help='Limit the amount of message to be sent.', + required=False, default=None, dest='total_msg') + + arg_parser.add_argument('-f', '--fixed-message-size', metavar='', type=int, required=False, + default=None, help='Size of all the agent modules messages (KB)', dest='fixed_message_size') + + arg_parser.add_argument('-t', '--interval-burst-time', metavar='', dest='interval_burst_time', + type=int, required=False, default=None, + help='Interval time in seconds for the messages burst') + + arg_parser.add_argument('-b', '--messages-per-burst', metavar='', dest='messages_per_burst', + type=int, required=False, default=None, + help='Total messages per burst burst') + + args = arg_parser.parse_args() + + syslogger = CreateSyslogger(args) + syslogger.run_module() + + +if __name__ == "__main__": + main() diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index 187501e081..522b218ee0 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -82,6 +82,7 @@ GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') SIMULATE_AGENT = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'simulate_agents.py') + SYSLOG_SIMULATOR = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'syslog_simulator.py') WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: From 8de333bbefe8163b3f6d7380378045ab6fed35e6 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 26 Aug 2022 13:32:53 -0300 Subject: [PATCH 37/79] feat(#2947): add syslog configuration file --- .../test_eps/data/configuration_syslog_simulator.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml new file mode 100644 index 0000000000..e5bc9b9047 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml @@ -0,0 +1,8 @@ + name: Syslog simulator params configuration + description: Syslog simulator params configuration + configuration_parameters: + message: '""' + total_msg: '100' + msg_size: '1' + interval_burst_time: '5' + messages_per_burst: '50' From c023ee8a38b5d86f81c64a3cc6ff863bc0c4b358 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 26 Aug 2022 13:33:45 -0300 Subject: [PATCH 38/79] feat(#2947): refactor test configuration --- ...uration_process_old_events_multithread.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_multithread.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_multithread.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_multithread.yaml new file mode 100644 index 0000000000..45cb1bbaf4 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_multithread.yaml @@ -0,0 +1,18 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME + + - section: localfile + elements: + - log_format: + value: 'syslog' + - location: + value: '/var/log/syslog' From f518468035c144d03cb548eb0a2e323da76107e9 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 26 Aug 2022 15:55:06 -0300 Subject: [PATCH 39/79] refactor(#2947): refactor test case configuration --- .../test_cases/cases_process_old_events_multi_thread.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml index 1de7d0a995..ba4ef96f48 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml @@ -1,8 +1,8 @@ - name: EPS Limits process old events instead of new ones - Multithread description: EPS Limits process old events instead of new ones - Multithread configuration_parameters: - MAXIMUM: '2' - TIMEFRAME: '60' + MAXIMUM: '10' + TIMEFRAME: '5' metadata: - maximum: 2 - timeframe: 60 + maximum: 10 + timeframe: 5 From 8b15e43a5f61782fa222be16fcc807aed03a310d Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 26 Aug 2022 15:55:51 -0300 Subject: [PATCH 40/79] refactor(#2947): refactor syslog simulator config --- .../test_eps/data/configuration_syslog_simulator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml index e5bc9b9047..3e87352529 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml @@ -1,4 +1,4 @@ - name: Syslog simulator params configuration +- name: Syslog simulator params configuration description: Syslog simulator params configuration configuration_parameters: message: '""' From e83d5d56674e190f9ebd29b8b07c3c79f79bc3b3 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 26 Aug 2022 16:00:18 -0300 Subject: [PATCH 41/79] refactor(#2947): refactor function name --- .../wazuh_testing/modules/eps/event_monitor.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index d6fe5c3ded..dac18bc117 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -101,7 +101,7 @@ def get_alert_timestamp(start_log, end_log): return datetime.fromtimestamp(float(timestamp)).strftime('%Y-%m-%d %H:%M:%S') -def get_msg_with_number(file_monitor, message, accum_results): +def get_messages_info(file_monitor, message, accum_results): """Check if the alerts.log file contains the message Args: @@ -110,11 +110,11 @@ def get_msg_with_number(file_monitor, message, accum_results): accum_results (int): Total message to accumulate Returns: - list: List of messages number + list: List with messages information """ error_message = f"Could not find this event in {message}" - result = file_monitor.start(timeout=eps.T_80, update_position=True, accum_results=accum_results, + result = file_monitor.start(timeout=eps.T_20, update_position=True, accum_results=accum_results, callback=generate_monitoring_callback_groups(message), error_message=error_message).result() From c6f92b59572c80c9a62fe8cc86c142de08eb0b68 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:34:44 -0300 Subject: [PATCH 42/79] refactor(#2947): refactor check variables --- .../wazuh_testing/scripts/syslog_simulator.py | 32 ++++++++++++------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py index 49c613fe6b..862180561f 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -4,8 +4,10 @@ from logging.handlers import SysLogHandler from time import sleep from sys import getsizeof +import threading -class CreateSyslogger: + +class CreateSyslogger(threading.Thread): """Class that allows sending syslog messages. Args: @@ -32,16 +34,16 @@ def run_module(self): """Send syslog messages according to the input parameters""" sent_messages = 0 sent_messages_burst = 0 - while self.total_msg is not None and sent_messages < self.total_msg: + while self.total_msg != 0 and sent_messages < self.total_msg: message = f"{self.message} {sent_messages}" # Add dummy chars if the message size is not reachead if self.fixed_message_size is not None: - event_msg_size = getsizeof(message) - dummy_message_size = self.fixed_message_size - event_msg_size - char_size = getsizeof(message[0]) - getsizeof('') - message += 'A' * (dummy_message_size//char_size) + event_msg_size = getsizeof(message) + dummy_message_size = self.fixed_message_size - event_msg_size + char_size = getsizeof(message[0]) - getsizeof('') + message += 'A' * (dummy_message_size//char_size) # Create interval between messages to simulate burst of messages - if self.interval_burst_time is not None and self.messages_per_burst is not None: + if self.interval_burst_time != 0 and self.messages_per_burst != 0: if sent_messages_burst < self.messages_per_burst: sent_messages_burst += 1 else: @@ -51,6 +53,13 @@ def run_module(self): self.send_syslog_messages(message) sent_messages += 1 + def start(self): + thread = threading.Thread(target=self.run_module) + # Starting threads + thread.start() + # Wait until all threads finish + thread.join() + def main(): arg_parser = argparse.ArgumentParser() @@ -61,23 +70,24 @@ def main(): arg_parser.add_argument('-e', '--total-msg', metavar='', type=int, help='Limit the amount of message to be sent.', - required=False, default=None, dest='total_msg') + required=False, default=0, dest='total_msg') arg_parser.add_argument('-f', '--fixed-message-size', metavar='', type=int, required=False, default=None, help='Size of all the agent modules messages (KB)', dest='fixed_message_size') arg_parser.add_argument('-t', '--interval-burst-time', metavar='', dest='interval_burst_time', - type=int, required=False, default=None, + type=int, required=False, default=0, help='Interval time in seconds for the messages burst') arg_parser.add_argument('-b', '--messages-per-burst', metavar='', dest='messages_per_burst', - type=int, required=False, default=None, + type=int, required=False, default=0, help='Total messages per burst burst') args = arg_parser.parse_args() syslogger = CreateSyslogger(args) - syslogger.run_module() + + syslogger.start() if __name__ == "__main__": From dc22556901fc124361c4f573fe4061fe29ca82bb Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:36:33 -0300 Subject: [PATCH 43/79] feat(#2947): add new method and fixture --- .../wazuh_testing/tools/configuration.py | 30 +++++++++++++++++-- .../test_analysisd/test_eps/conftest.py | 10 ++++++- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/configuration.py b/deps/wazuh_testing/wazuh_testing/tools/configuration.py index 3a8cc3c43b..cca5082738 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/configuration.py +++ b/deps/wazuh_testing/wazuh_testing/tools/configuration.py @@ -745,11 +745,11 @@ def update_configuration_template(configurations, old_values, new_values): return json.loads(configurations_to_update) -def get_simulate_agent_configuration(data_file_path): - """Load simulate agent configuration file. +def get_configuration(data_file_path): + """Load configuration from file. Args: - data_file_path (str): Test case template file path. + data_file_path (str): Configuration file path. Returns: dict: Configurations names. @@ -763,6 +763,30 @@ def get_simulate_agent_configuration(data_file_path): return configuration_parameters +def get_simulate_agent_configuration(data_file_path): + """Load simulate agent configuration file. + + Args: + data_file_path (str): Configuration file path. + + Returns: + dict: Configurations names. + """ + return get_configuration(data_file_path) + + +def get_syslog_simulator_configuration(data_file_path): + """Load syslog simulator configuration file. + + Args: + data_file_path (str): Configuration file path. + + Returns: + dict: Configurations names. + """ + return get_configuration(data_file_path) + + def get_wazuh_local_rules() -> List[str]: """ Get current `local_rules.xml` file content. diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index a92887b04c..452f2be2d0 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -9,7 +9,7 @@ from wazuh_testing.tools.services import control_service from wazuh_testing.tools import configuration, ARCHIVES_LOG_FILE_PATH, \ ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_DIRECTORY, WAZUH_INTERNAL_OPTIONS -from wazuh_testing.modules.eps import simulate_agent_function +from wazuh_testing.modules.eps import simulate_agent_function, syslog_simulator_function @pytest.fixture(scope='function') @@ -137,3 +137,11 @@ def load_local_rules(): yield configuration.write_wazuh_local_rules(backup_local_rules) + + +@pytest.fixture(scope='function') +def syslog_simulator(request): + """Fixture to run the script syslog_simulator.py""" + syslog_simulator_function(request.param) + + yield From fcb24c81edbc62ca01e937ef4fb98d0a779c400e Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:37:42 -0300 Subject: [PATCH 44/79] refactor(#2947): refactor configration and cases --- ...ead.yaml => configuration_process_old_events.yaml} | 0 ...uration_process_old_events_instead_new_events.yaml | 11 ----------- .../cases_process_old_events_one_thread.yaml | 4 ++-- 3 files changed, 2 insertions(+), 13 deletions(-) rename tests/integration/test_analysisd/test_eps/data/configuration_template/{configuration_process_old_events_multithread.yaml => configuration_process_old_events.yaml} (100%) delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_multithread.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_multithread.yaml rename to tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events_instead_new_events.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml index c2c9428c81..e3200cf656 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml @@ -1,8 +1,8 @@ - name: EPS Limits process old events instead of new ones - One thread description: EPS Limits process old events instead of new ones - One thread configuration_parameters: - MAXIMUM: '100' + MAXIMUM: '10' TIMEFRAME: '5' metadata: - maximum: 100 + maximum: 10 timeframe: 5 From b6b2688ec636123aad02726e65efab444d1465ad Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:38:46 -0300 Subject: [PATCH 45/79] feat(#2947): add new variables for test --- deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index 18ab3d31b6..d4e0bc368c 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -10,7 +10,6 @@ T_10 = 10 T_20 = 20 T_60 = 60 -T_80 = 80 ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' MAILD_PREFIX = r'.*wazuh-maild.*' @@ -23,10 +22,10 @@ TIMEFRAME_DEFAULT_VALUE = 10 UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 -LOGCOLLECTOR_CUSTOM_MESSAGE_1 = 'Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 1.1.1.1 port 11111' -LOGCOLLECTOR_CUSTOM_MESSAGE_2 = 'Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 2.2.2.2 port 22222' -LOGCOLLECTOR_CUSTOM_MESSAGE_3 = 'Mar 24 10:12:36 centos7 sshd[12249]: Invalid user random_user from 3.3.3.3 port 33333' - +PATTERN_A = 'AAAA' +PATTERN_B = 'BBBB' +PATTERN_C = 'CCCC' +SYSLOG_CUSTOM_MESSAGE = f"Login failed: admin, test {PATTERN_A}, Message number:" def find_in_file(string_to_search, filename): """Find a specific string in a file From 30c99b4fd5d7f9ff8f075d8a2254e045d5d964d0 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:39:28 -0300 Subject: [PATCH 46/79] refactor(#2947): refactor test to use syslog sim --- ...t_process_old_events_instead_new_events.py | 178 +++++++++--------- 1 file changed, 87 insertions(+), 91 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 8dbdf2887c..4a6697e7cb 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -4,10 +4,10 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ - get_simulate_agent_configuration + get_syslog_simulator_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.monitoring import FileMonitor -from wazuh_testing.modules.eps import LOGCOLLECTOR_MESSAGE +from wazuh_testing.modules.eps import syslog_simulator_function, SYSLOG_CUSTOM_MESSAGE, PATTERN_A, PATTERN_B, PATTERN_C from wazuh_testing.tools import ALERT_FILE_PATH @@ -19,9 +19,9 @@ TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') # Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_process_old_events_instead_new_events.yaml') -configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, - 'configuration_simulate_agent.yaml') +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_process_old_events.yaml') +configurations_syslog_simulator_path = os.path.join(TEST_DATA_PATH, + 'configuration_syslog_simulator.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_one_thread.yaml') t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_multi_thread.yaml') @@ -36,42 +36,38 @@ t2_configuration_metadata) # Get simulate agent configurations (t1) -params_process_old_events_one_thread = get_simulate_agent_configuration(configurations_simulate_agent_path) +params_process_old_events_one_thread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = 10000 # of 1Kb message of 16384 Kb of queue size +total_msg = 150 params_process_old_events_one_thread.update({'total_msg': total_msg}) +params_process_old_events_one_thread.update({'message': f"\"{SYSLOG_CUSTOM_MESSAGE}\""}) +params_process_old_events_one_thread.update({'interval_burst_time': 0}) +params_process_old_events_one_thread.update({'messages_per_burst': 0}) -# Get simulate agent configurations (t2) -params_process_old_events_multithread = get_simulate_agent_configuration(configurations_simulate_agent_path) -maximum_eps_t2 = [metadata['maximum'] for metadata in t2_configuration_metadata] +# Get syslog simulator configurations (t2) +params_process_old_events_multithread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) timeframe_eps_t2 = [metadata['timeframe'] for metadata in t2_configuration_metadata] -# It is sent `width_frame` time frame width to reduce test time execution -frame_width = 3 -total_msg = maximum_eps_t2[0] * timeframe_eps_t2[0] * frame_width -params_process_old_events_multithread.update({'total_msg': total_msg}) @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) -@pytest.mark.parametrize('simulate_agent', [params_process_old_events_one_thread], indirect=True) +@pytest.mark.parametrize('syslog_simulator', [params_process_old_events_one_thread], indirect=True) def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, configure_wazuh_one_thread, - truncate_monitored_files, delete_alerts_folder, restart_wazuh_daemon_function, - simulate_agent): + truncate_monitored_files, restart_wazuh_daemon_function, syslog_simulator): ''' - description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving - average frees up some space. To do this, read the alerts.log file and find the numerated alerts - messages and gets the timestamp. The oldest message must have lower timestamp. To do so, first it must - set the `internal_options.conf` file to work with one thread, otherwise the message are not in the - increasing order. + description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is + read the alerts.json file and it is stored the messages timestamp. The oldest message must have the + lowest timestamp. First it must set the `internal_options.conf` file to work with one thread, + otherwise the message are not in the increasing order. test_phases: - Set a custom Wazuh configuration. - Truncate logs files. - Restart wazuh-daemons. - - Execute agent simulated script. - - Check alerts.log file. + - Execute syslog simulator script. + - Check alerts.json file. wazuh_min_version: 4.4.0 @@ -96,70 +92,60 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic - truncate_monitored_files: type: fixture brief: Truncate all the log files and json alerts files before and after the test execution. - - delete_alerts_folder: - type: fixture - brief: Delete all the content od the /var/log/alerts folder. - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - simulate_agent: + - syslog_simulator: type: fixture - brief: Execute a script that simulate agent and send `logcolector` logs to the manager. + brief: Execute a script that send syslog messages to the manager. assertions: - - The timestamp of the oldest numerated messages have to be lower than he new messages. + - The timestamp of the oldest numerated messages have to be lower than the previous messages. + - The message must be in increase order. input_description: - The `cases_process_old_events_one_thread.yaml` file provides the module configuration for this test. ''' - # Set the alerts start message - start_alert_msg = '** Alert ' # Initial timestamp to compare - timestamp_bkp = datetime.fromtimestamp(float(0.0)).strftime('%Y-%m-%d %H:%M:%S') - # Factor to iterate the alerts.log file to reduce the test execution time - time_events_processed = 5 - - # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values - sleep(metadata['timeframe'] / 2) - analysisd_state = evm.get_analysisd_state() - events_processed = int(analysisd_state['events_processed']) - events_received = int(analysisd_state['events_received']) - - # Check that the timestamp of the message in the alerts.log is lower than the next one - # In order to reduce the test time execution, It will check {time_events_processed} consecutive timeframe - # by checking events_processed * time_events_processed - if(events_processed * time_events_processed <= events_received): - for index in range((events_processed * time_events_processed) - 1): - # Get the timestamp of the log - timestamp = evm.get_alert_timestamp(start_alert_msg, f"{LOGCOLLECTOR_MESSAGE} {index}") - # Check that the timestamp of the first message y lower than the previous one - assert timestamp >= timestamp_bkp, fr"The timestamp of the previous message {timestamp_bkp} has to be "\ - fr"lower than the follow one {timestamp}" - # Store the timestamp to be compared with the next one - timestamp_bkp = timestamp - else: - raise Exception('Not enough messages were sent.') + timestamp_bkp = datetime.strptime('0001-01-01T00:00:00.000+0000', '%Y-%m-%dT%H:%M:%S.%f+0000') + regex = fr".*\"timestamp\":\"([^\"]*)\".*Login failed: admin, test AAAA, Message number: (\d+).*" + file_monitor = FileMonitor(ALERT_FILE_PATH) + timestamp_list = evm.get_messages_info(file_monitor, regex, total_msg) + # Check that the timestamp of the message in the alerts.json is lower than the next one, and messages are stored + # secuentially + index = 0 + for element in timestamp_list: + # Get the timestamp of the log + timestamp = datetime.strptime(element[0], '%Y-%m-%dT%H:%M:%S.%f+0000') + message_index = int(element[1]) + # Check that the timestamp of the next message is lower than the previous one + assert timestamp >= timestamp_bkp, f"The timestamp of the previous message {timestamp_bkp} has to be "\ + f"lower than the follow one {timestamp}" + assert message_index == index, "The messages were not stored in increasing orded. Message index" \ + f"stored {message_index} shoud be in possition {index}" + # Store the timestamp to be compared with the next one + timestamp_bkp = timestamp + # Increase index to check the next message + index += 1 @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) -@pytest.mark.parametrize('simulate_agent', [params_process_old_events_multithread], indirect=True) def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_eps, truncate_monitored_files, delete_alerts_folder, - restart_wazuh_daemon_function, simulate_agent): + set_wazuh_configuration_eps, truncate_monitored_files, + restart_wazuh_daemon_function): ''' - description: Check that `wazuh-analysisd` processes queued events first instead of new events when the moving - average frees up some space. To do this, read the alerts.json file and find the numerated alerts - messages with the FileMonitor tool. To do so, it iterates the `n` frames of `maximum` * `timeframe` and - checks if the message number belongs to the respective frame. + description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is + sent three groups of messages with different content per groups (A, B and C). Then, it checks that + each group of messages received belong to the rescpective timeframe in the correct order, first group + A, the B an last C group. test_phases: - Set a custom Wazuh configuration. - Truncate logs files. - Restart wazuh-daemons. - - Execute agent simulated script. - - Check alerts.log file. + - Check alerts.json file. wazuh_min_version: 4.4.0 @@ -178,42 +164,52 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas - set_wazuh_configuration_eps: type: fixture brief: Set the wazuh configuration according to the configuration data. - - load_local_rules: - type: fixture - brief: Set the local_rules.xml to override rules. - - configure_wazuh_one_thread: - type: fixture - brief: Set the wazuh internal option configuration according to the configuration data. - truncate_monitored_files: type: fixture brief: Truncate all the log files and json alerts files before and after the test execution. - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - simulate_agent: - type: fixture - brief: Execute a script that simulate agent and send `logcolector` logs to the manager. assertions: - - The timestamp of the oldest numerated messages have to be lower than he new messages. + - The messages content type must have the same order that it has been sent. input_description: - The `cases_process_old_events_multi_thread.yaml` file provides the module configuration for this test. ''' + patern_list = [PATTERN_A, PATTERN_B, PATTERN_C] + total_msg_list = [] + regex = fr".*Login failed: admin, test (\w+), Message number: (\d+).*" + messages_sent = int(params_process_old_events_multithread['total_msg']) + + # Send custom messages type PATTERN_A + custom_message = SYSLOG_CUSTOM_MESSAGE + params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) + syslog_simulator_function(params_process_old_events_multithread) + sleep(timeframe_eps_t2[0] / 2) + # Create a filemonitor file_monitor = FileMonitor(ALERT_FILE_PATH) - # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values - sleep(metadata['timeframe'] / 2) - analysisd_state = evm.get_analysisd_state() - events_received = int(analysisd_state['events_received']) - index = 0 - frame = metadata['timeframe'] * metadata['maximum'] - total_msg_number_list = evm.get_msg_with_number(file_monitor, fr".*{LOGCOLLECTOR_MESSAGE} (\d+).*", total_msg) - while (index + 1) * frame <= events_received: - start_index = index * frame - end_index = (index + 1) * frame - number_list = total_msg_number_list[start_index: end_index] - - assert all(int(number) >= start_index and int(number) < end_index for number in number_list), \ - 'Some messages are not in the correct frame' - - index += 1 + # Get total PATTERN_A messages + total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) + + # Send custom messages type PATTERN_B + custom_message = custom_message.replace(PATTERN_A, PATTERN_B) + params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) + syslog_simulator_function(params_process_old_events_multithread) + sleep(timeframe_eps_t2[0] / 2) + # Get total PATTERN_B messages + total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) + + # Send custom messages type PATTERN_C + custom_message = custom_message.replace(PATTERN_B, PATTERN_C) + params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) + syslog_simulator_function(params_process_old_events_multithread) + sleep(timeframe_eps_t2[0] / 2) + # Get total PATTERN_C messages + total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) + # Check messages order pattern + index_patern = 0 + for element in total_msg_list: + for index in range(len(element)): + assert element[index][0] == patern_list[index_patern] + index_patern += 1 From 04a598b1c86ca5ce55d539351b69c7760339cc1b Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:48:29 -0300 Subject: [PATCH 47/79] style(#2947): refactor code style --- deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py | 1 + .../configuration_process_old_events.yaml | 4 ++-- .../test_eps/test_process_old_events_instead_new_events.py | 7 +++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index d4e0bc368c..10fb106d14 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -27,6 +27,7 @@ PATTERN_C = 'CCCC' SYSLOG_CUSTOM_MESSAGE = f"Login failed: admin, test {PATTERN_A}, Message number:" + def find_in_file(string_to_search, filename): """Find a specific string in a file diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml index 45cb1bbaf4..3d782fa61f 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml @@ -13,6 +13,6 @@ - section: localfile elements: - log_format: - value: 'syslog' + value: syslog - location: - value: '/var/log/syslog' + value: /var/log/syslog diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 4a6697e7cb..a427f0fbe4 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -20,8 +20,7 @@ # Configuration and cases data configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_process_old_events.yaml') -configurations_syslog_simulator_path = os.path.join(TEST_DATA_PATH, - 'configuration_syslog_simulator.yaml') +configurations_syslog_simulator_path = os.path.join(TEST_DATA_PATH, 'configuration_syslog_simulator.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_one_thread.yaml') t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_multi_thread.yaml') @@ -192,7 +191,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas # Get total PATTERN_A messages total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) - # Send custom messages type PATTERN_B + # Send custom messages type PATTERN_B custom_message = custom_message.replace(PATTERN_A, PATTERN_B) params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) syslog_simulator_function(params_process_old_events_multithread) @@ -200,7 +199,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas # Get total PATTERN_B messages total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) - # Send custom messages type PATTERN_C + # Send custom messages type PATTERN_C custom_message = custom_message.replace(PATTERN_B, PATTERN_C) params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) syslog_simulator_function(params_process_old_events_multithread) From 328490383487c9e7a91d97dd3125ebcfc103a15b Mon Sep 17 00:00:00 2001 From: fedepacher Date: Mon, 29 Aug 2022 12:49:10 -0300 Subject: [PATCH 48/79] refactor(#2947): delete unused method --- .../modules/eps/event_monitor.py | 20 +------------------ 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index dac18bc117..faa81d27eb 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -1,8 +1,7 @@ import re -from datetime import datetime from wazuh_testing.modules import eps as eps -from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE, ALERT_LOGS_PATH +from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback_groups @@ -84,23 +83,6 @@ def get_analysisd_state(): return analysisd_state -def get_alert_timestamp(start_log, end_log): - """Get the timestamp of the alert if exist in the alerts.log file between two string - - Args: - start_log (str): Start message to find - end_log (str): End message to find - """ - with open(ALERT_LOGS_PATH, 'r') as file: - str_file = file.read() - index1 = str_file.find(end_log) - index2 = str_file[0: index1].rfind(start_log) - str_alert = str_file[index2: index1] - timestamp = str_alert[str_alert.find(start_log) + len(start_log):str_alert.find(': ')] - - return datetime.fromtimestamp(float(timestamp)).strftime('%Y-%m-%d %H:%M:%S') - - def get_messages_info(file_monitor, message, accum_results): """Check if the alerts.log file contains the message From 9cd824250ac1b8eb4586e7384eae4d054a846898 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 1 Sep 2022 12:19:45 -0300 Subject: [PATCH 49/79] refactor(#2947): relocation global variables --- deps/wazuh_testing/wazuh_testing/__init__.py | 11 +++ .../modules/analysisd/__init__.py | 45 ++++++++++++ .../wazuh_testing/modules/eps/__init__.py | 72 ------------------- .../modules/eps/event_monitor.py | 11 +-- .../wazuh_testing/tools/__init__.py | 5 -- 5 files changed, 62 insertions(+), 82 deletions(-) create mode 100644 deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index 2696846e0d..b9d93a5670 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -18,6 +18,8 @@ else: WAZUH_PATH = os.path.join("/var", "ossec") + +WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs') CLIENT_KEYS_PATH = os.path.join(WAZUH_PATH, 'etc' if platform.system() == 'Linux' else '', 'client.keys') DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db') QUEUE_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db') @@ -25,6 +27,7 @@ WAZUH_DB_SOCKET_PATH = os.path.join(QUEUE_DB_PATH, 'wdb') CVE_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'cve.db') LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'ossec.log') +ALERTS_DIRECTORY_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts') ALERTS_JSON_PATH = os.path.join(WAZUH_PATH, 'logs', 'alerts', 'alerts.json') CPE_HELPER_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'dictionaries', 'cpe_helper.json') WAZUH_API_CONF = os.path.join(WAZUH_PATH, 'api', 'configuration', 'api.yaml') @@ -53,11 +56,19 @@ API_DAEMONS_REQUIREMENTS = [API_DAEMON, DB_DAEMON, EXEC_DAEMON, ANALYSISD_DAEMON, REMOTE_DAEMON, MODULES_DAEMON] +# Paths +SIMULATE_AGENT = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'simulate_agents.py') +SYSLOG_SIMULATOR = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'syslog_simulator.py') +ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') +WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') + # Timeouts T_5 = 5 T_10 = 10 T_20 = 20 T_30 = 30 +T_60 = 60 + # Protocols UDP = 'UDP' diff --git a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py new file mode 100644 index 0000000000..86e2e4c306 --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py @@ -0,0 +1,45 @@ + +import socket +import subprocess +import sys + +from wazuh_testing import SIMULATE_AGENT, SYSLOG_SIMULATOR + + +ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' +MAILD_PREFIX = r'.*wazuh-maild.*' + +# wazuh-analysisd.state file default update configuration +ANALYSISD_STATE_INTERNAL_DEFAULT = '5' +PERCENTAGE_PROCESS_MSGS = 0.95 +QUEUE_SIZE = 16384 + + +def simulate_agent(param): + """Function to run the script simulate_agent.py + + Args: + param (dict): Dictionary with script parameters + """ + # Get IP address of the host + hostname = socket.gethostname() + ip_addr = socket.gethostbyname(hostname) + + python_executable = sys.executable + subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {param['num_agent']} \ + -m {param['modules']} -s {param['eps']} -t {param['time']} \ + -f {param['msg_size']} -e {param['num_messages']} \ + -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ + -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) + + +def syslog_simulator(param): + """Function to run the script syslog_simulator.py + + Args: + param (dict): Dictionary with script parameters + """ + python_executable = sys.executable + subprocess.call(f"{python_executable} {SYSLOG_SIMULATOR} -m {param['message']} -e {param['num_messages']} \ + -f {param['msg_size']} -t {param['interval_burst_time']} -b {param['messages_per_burst']}", + shell=True) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py index 10fb106d14..e69de29bb2 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py @@ -1,72 +0,0 @@ - -import socket -import subprocess -import sys - -from wazuh_testing.tools import SIMULATE_AGENT, SYSLOG_SIMULATOR - - -# Timeouts -T_10 = 10 -T_20 = 20 -T_60 = 60 - -ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' -MAILD_PREFIX = r'.*wazuh-maild.*' -# wazuh-analysisd.state file default update configuration -ANALYSISD_STATE_INTERNAL_DEFAULT = '5' -PERCENTAGE_PROCESS_MSGS = 0.95 -QUEUE_SIZE = 16384 -# Set logcollector message that the agent sents -LOGCOLLECTOR_MESSAGE = 'Invalid user random_user from 1.1.1.1 port 11111:Message number:' -TIMEFRAME_DEFAULT_VALUE = 10 -UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 -LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 -PATTERN_A = 'AAAA' -PATTERN_B = 'BBBB' -PATTERN_C = 'CCCC' -SYSLOG_CUSTOM_MESSAGE = f"Login failed: admin, test {PATTERN_A}, Message number:" - - -def find_in_file(string_to_search, filename): - """Find a specific string in a file - - Args: - string_to_search (str): Word to find in the file - Returns: - str: Line that match in file - """ - with open(filename, 'r') as file: - for _, line in enumerate(file): - if string_to_search in line: - return line - - -def simulate_agent_function(param): - """Function to run the script simulate_agent.py - - Args: - param (dict): Dictionary with script parameters - """ - # Get IP address of the host - hostname = socket.gethostname() - ip_addr = socket.gethostbyname(hostname) - - python_executable = sys.executable - subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {param['num_agent']} \ - -m {param['modules']} -s {param['eps']} -t {param['time']} \ - -f {param['msg_size']} -e {param['total_msg']} \ - -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ - -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) - - -def syslog_simulator_function(param): - """Function to run the script syslog_simulator.py - - Args: - param (dict): Dictionary with script parameters - """ - python_executable = sys.executable - subprocess.call(f"{python_executable} {SYSLOG_SIMULATOR} -m {param['message']} -e {param['total_msg']} \ - -f {param['msg_size']} -t {param['interval_burst_time']} -b {param['messages_per_burst']}", - shell=True) diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index faa81d27eb..8ea0e26a39 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -1,11 +1,12 @@ import re -from wazuh_testing.modules import eps as eps -from wazuh_testing.tools import LOG_FILE_PATH, ANALYSISD_STATE +import wazuh_testing as eps +from wazuh_testing.modules.analysisd import ANALYSISD_PREFIX, MAILD_PREFIX +from wazuh_testing import LOG_FILE_PATH, ANALYSISD_STATE from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback_groups -def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): +def make_analysisd_callback(pattern, prefix=ANALYSISD_PREFIX): """Create a callback function from a text pattern. It already contains the analsisd prefix. @@ -27,7 +28,7 @@ def make_analysisd_callback(pattern, prefix=eps.ANALYSISD_PREFIX): def check_analysisd_event(file_monitor=None, callback='', error_message=None, update_position=True, - timeout=eps.T_60, prefix=eps.ANALYSISD_PREFIX, accum_results=1, + timeout=eps.T_60, prefix=ANALYSISD_PREFIX, accum_results=1, file_to_monitor=LOG_FILE_PATH): """Check if a analysisd event occurs @@ -63,7 +64,7 @@ def check_configuration_error(): """Check the configuration error event in ossec.log""" check_analysisd_event(timeout=eps.T_10, callback=r".* \(\d+\): Configuration error at.*", error_message="Could not find the event 'Configuration error at 'etc/ossec.conf' " - 'in ossec.log', prefix=eps.MAILD_PREFIX) + 'in ossec.log', prefix=MAILD_PREFIX) def get_analysisd_state(): diff --git a/deps/wazuh_testing/wazuh_testing/tools/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/__init__.py index 522b218ee0..fe656d437b 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/tools/__init__.py @@ -80,10 +80,6 @@ else: HOSTS_FILE_PATH = os.path.join('/', 'etc', 'hosts') GLOBAL_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db', 'global.db') - ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') - SIMULATE_AGENT = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'simulate_agents.py') - SYSLOG_SIMULATOR = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'syslog_simulator.py') - WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') try: import grp @@ -133,7 +129,6 @@ def get_service(): CLIENT_CUSTOM_CERT_PATH = os.path.join(_data_path, 'sslmanager.cert') WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs') -ALERT_DIRECTORY = os.path.join(WAZUH_LOGS_PATH, 'alerts') ALERT_FILE_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts', 'alerts.json') ALERT_LOGS_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts', 'alerts.log') CLUSTER_LOGS_PATH = os.path.join(WAZUH_LOGS_PATH, 'cluster.log') From c127bce0d3439666cda1c981b5b1fc2cf3f5c149 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 1 Sep 2022 12:22:57 -0300 Subject: [PATCH 50/79] refactor(#2947): separate syslog class to the script --- .../wazuh_testing/scripts/syslog_simulator.py | 75 +++---------------- .../wazuh_testing/tools/syslog_simulator.py | 72 ++++++++++++++++++ 2 files changed, 81 insertions(+), 66 deletions(-) create mode 100644 deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py index 862180561f..6dd0482844 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -1,64 +1,6 @@ import argparse -import logging -import logging.handlers -from logging.handlers import SysLogHandler -from time import sleep -from sys import getsizeof -import threading - -class CreateSyslogger(threading.Thread): - """Class that allows sending syslog messages. - - Args: - args (argparse.Namespace): Script args. - """ - def __init__(self, args): - self.syslogger = logging.getLogger() - self.syslogger.setLevel(logging.DEBUG) - self.handler = SysLogHandler(address='/dev/log') - self.formatter = logging.Formatter(fmt='%(message)s') - self.handler.setFormatter(self.formatter) - self.syslogger.addHandler(self.handler) - self.message = args.message - self.total_msg = args.total_msg - self.fixed_message_size = args.fixed_message_size * 1024 if args.fixed_message_size is not None else None - self.interval_burst_time = args.interval_burst_time - self.messages_per_burst = args.messages_per_burst - - def send_syslog_messages(self, message): - """Send syslog messages""" - self.syslogger.debug(message) - - def run_module(self): - """Send syslog messages according to the input parameters""" - sent_messages = 0 - sent_messages_burst = 0 - while self.total_msg != 0 and sent_messages < self.total_msg: - message = f"{self.message} {sent_messages}" - # Add dummy chars if the message size is not reachead - if self.fixed_message_size is not None: - event_msg_size = getsizeof(message) - dummy_message_size = self.fixed_message_size - event_msg_size - char_size = getsizeof(message[0]) - getsizeof('') - message += 'A' * (dummy_message_size//char_size) - # Create interval between messages to simulate burst of messages - if self.interval_burst_time != 0 and self.messages_per_burst != 0: - if sent_messages_burst < self.messages_per_burst: - sent_messages_burst += 1 - else: - sleep(self.interval_burst_time) - sent_messages_burst = 1 - # Send message - self.send_syslog_messages(message) - sent_messages += 1 - - def start(self): - thread = threading.Thread(target=self.run_module) - # Starting threads - thread.start() - # Wait until all threads finish - thread.join() +from wazuh_testing.tools.syslog_simulator import Syslogger def main(): @@ -68,9 +10,9 @@ def main(): default='Login failed: admin, test message, Message number:', help="The syslog message", dest='message') - arg_parser.add_argument('-e', '--total-msg', metavar='', type=int, - help='Limit the amount of message to be sent.', - required=False, default=0, dest='total_msg') + arg_parser.add_argument('-e', '--num-messages', metavar='', type=int, + help='Set the amount of message to be sent.', + required=False, default=0, dest='num_messages') arg_parser.add_argument('-f', '--fixed-message-size', metavar='', type=int, required=False, default=None, help='Size of all the agent modules messages (KB)', dest='fixed_message_size') @@ -79,13 +21,14 @@ def main(): type=int, required=False, default=0, help='Interval time in seconds for the messages burst') - arg_parser.add_argument('-b', '--messages-per-burst', metavar='', dest='messages_per_burst', - type=int, required=False, default=0, - help='Total messages per burst burst') + arg_parser.add_argument('-b', '--num-messages-per-burst', metavar='', + dest='num_messages_per_burst', type=int, required=False, default=0, + help='Number of messages to send per burst') args = arg_parser.parse_args() - syslogger = CreateSyslogger(args) + syslogger = Syslogger(args.message, args.num_messages, args.fixed_message_size, args.interval_burst_time, + args.num_messages_per_burst) syslogger.start() diff --git a/deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py new file mode 100644 index 0000000000..46fbe14ffe --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py @@ -0,0 +1,72 @@ +import threading +import logging + +from logging.handlers import SysLogHandler +from sys import getsizeof +from time import sleep + + +class Syslogger: + """Class that allows sending syslog messages. + + Args: + message (str): Message to send. + num_messages (int): Number of messages to send. + fixed_message_size (int): Message size (KB). + interval_burst_time (int): Waiting time for sending a new group of messages (seconds). + num_messages_per_burst (int): Number of messages to send per burst. + + Attributes: + syslogger (logging.Logger): Logger object used for building syslog messages. + message (str): Message to send. + num_messages (int): Number of messages to send. + fixed_message_size (int): Message size (KB). + interval_burst_time (int): Waiting time for sending a new group of messages (seconds). + num_messages_per_burst (int): Number of messages to send per burst. + """ + def __init__(self, message, num_messages, fixed_message_size, interval_burst_time, num_messages_per_burst): + self.syslogger = logging.getLogger() + self.syslogger.setLevel(logging.DEBUG) + handler = SysLogHandler(address='/dev/log') + formatter = logging.Formatter(fmt='%(message)s') + handler.setFormatter(formatter) + self.syslogger.addHandler(handler) + self.message = message + self.num_messages = num_messages + self.fixed_message_size = fixed_message_size * 1024 if fixed_message_size is not None else None + self.interval_burst_time = interval_burst_time + self.num_messages_per_burst = num_messages_per_burst + + def send_syslog_messages(self, message): + """Send syslog messages""" + self.syslogger.debug(message) + + def run_module(self): + """Send syslog messages according to the input parameters""" + sent_messages = 0 + sent_messages_burst = 0 + while self.num_messages != 0 and sent_messages < self.num_messages: + message = f"{self.message} {sent_messages}" + # Add dummy chars if the message size is not reachead + if self.fixed_message_size is not None: + event_msg_size = getsizeof(message) + dummy_message_size = self.fixed_message_size - event_msg_size + char_size = getsizeof(message[0]) - getsizeof('') + message += 'A' * (dummy_message_size//char_size) + # Create interval between messages to simulate burst of messages + if self.interval_burst_time != 0 and self.num_messages_per_burst != 0: + if sent_messages_burst < self.num_messages_per_burst: + sent_messages_burst += 1 + else: + sleep(self.interval_burst_time) + sent_messages_burst = 1 + # Send message + self.send_syslog_messages(message) + sent_messages += 1 + + def start(self): + thread = threading.Thread(target=self.run_module) + # Starting threads + thread.start() + # Wait until all threads finish + thread.join() From b3296207cc924deab779aeac9dd58342be087f06 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 1 Sep 2022 12:25:33 -0300 Subject: [PATCH 51/79] refactor(#2947): refactor variables and fixture names --- .../test_eps/test_default_values.py | 10 +++-- .../test_analysisd/test_eps/test_disabled.py | 10 ++--- .../test_analysisd/test_eps/test_enabled.py | 6 +-- .../test_eps/test_invalid_configuration.py | 6 +-- .../test_eps/test_invalid_values.py | 6 +-- .../test_eps/test_no_eps_configuration.py | 15 ++++---- ...t_process_old_events_instead_new_events.py | 38 +++++++++++-------- ...t_start_dropping_events_when_queue_full.py | 21 +++++----- ...start_queuing_events_when_limit_reached.py | 22 ++++++----- .../test_eps/test_stop_processing_events.py | 17 ++++----- 10 files changed, 80 insertions(+), 71 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/test_default_values.py b/tests/integration/test_analysisd/test_eps/test_default_values.py index 16df55597b..9ec768e849 100644 --- a/tests/integration/test_analysisd/test_eps/test_default_values.py +++ b/tests/integration/test_analysisd/test_eps/test_default_values.py @@ -3,13 +3,15 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT, TIMEFRAME_DEFAULT_VALUE +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_deamon_is_running pytestmark = [pytest.mark.server] +# Global variables +TIMEFRAME_DEFAULT_VALUE = 10 + # Reference paths TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') @@ -28,7 +30,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, @@ -54,7 +56,7 @@ def test_without_timeframe(configuration, metadata, load_wazuh_basic_configurati - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index f38cbdc3ee..f18d327be4 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -3,7 +3,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_deamon_is_running @@ -35,7 +35,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is not started when `maximum` is set to a value equal to 0, or with an empty @@ -61,7 +61,7 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: @@ -90,7 +90,7 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is not started when `maximum` value is not present in the configuration @@ -116,7 +116,7 @@ def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index bdc2ae4f82..ed0b8a88b4 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -3,7 +3,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_deamon_is_running @@ -27,7 +27,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, @@ -53,7 +53,7 @@ def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wa - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 3673443ff0..0cf9ddb654 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_deamon_is_not_running @@ -28,7 +28,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` and `timeframe` are not present in the @@ -54,7 +54,7 @@ def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_con - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index 6da5750d0b..b51e6f651b 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_deamon_is_not_running @@ -29,7 +29,7 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, +def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when an invalid value is set to `maximum` and/or `timeframe`. @@ -54,7 +54,7 @@ def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index cfde8e0068..59a1bccba9 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -2,10 +2,9 @@ from time import sleep import pytest -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ - get_simulate_agent_configuration +from wazuh_testing.tools.configuration import get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import ANALYSISD_STATE_INTERNAL_DEFAULT, PERCENTAGE_PROCESS_MSGS +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT, PERCENTAGE_PROCESS_MSGS pytestmark = [pytest.mark.server] @@ -18,8 +17,8 @@ # Get simulate agent configurations (t1) params_disabled_eps = get_simulate_agent_configuration(configurations_simulate_agent_path) -total_msg = 1000 # of 1Kb message of 16384 Kb of queue size -params_disabled_eps.update({'total_msg': total_msg}) +num_messages = 1000 # of 1Kb message of 16384 Kb of queue size +params_disabled_eps.update({'num_messages': num_messages}) @pytest.mark.tier(level=0) @@ -61,9 +60,9 @@ def test_disabled(load_wazuh_basic_configuration, configure_local_internal_optio @pytest.mark.tier(level=0) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -@pytest.mark.parametrize('simulate_agent', [params_disabled_eps], indirect=True) +@pytest.mark.parametrize('simulate_agent_function', [params_disabled_eps], indirect=True) def test_without_eps_setting(load_wazuh_basic_configuration, configure_local_internal_options_eps, - truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): + truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that limits EPS is disabled when it is not configured and the received events are similar or equal to the processed events. @@ -91,7 +90,7 @@ def test_without_eps_setting(load_wazuh_basic_configuration, configure_local_int - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - simulate_agent: + - simulate_agent_function: type: fixture brief: Execute a script that simulate agent and send `logcolector` logs to the manager. diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index a427f0fbe4..3deabdc591 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -7,12 +7,19 @@ get_syslog_simulator_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.monitoring import FileMonitor -from wazuh_testing.modules.eps import syslog_simulator_function, SYSLOG_CUSTOM_MESSAGE, PATTERN_A, PATTERN_B, PATTERN_C +from wazuh_testing.modules.analysisd import syslog_simulator from wazuh_testing.tools import ALERT_FILE_PATH pytestmark = [pytest.mark.server] +# Global variables +PATTERN_A = 'AAAA' +PATTERN_B = 'BBBB' +PATTERN_C = 'CCCC' +SYSLOG_CUSTOM_MESSAGE = f"Login failed: admin, test {PATTERN_A}, Message number:" + + # Reference paths TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') @@ -37,8 +44,8 @@ # Get simulate agent configurations (t1) params_process_old_events_one_thread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = 150 -params_process_old_events_one_thread.update({'total_msg': total_msg}) +num_messages = 150 +params_process_old_events_one_thread.update({'num_messages': num_messages}) params_process_old_events_one_thread.update({'message': f"\"{SYSLOG_CUSTOM_MESSAGE}\""}) params_process_old_events_one_thread.update({'interval_burst_time': 0}) params_process_old_events_one_thread.update({'messages_per_burst': 0}) @@ -51,10 +58,11 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) -@pytest.mark.parametrize('syslog_simulator', [params_process_old_events_one_thread], indirect=True) +@pytest.mark.parametrize('syslog_simulator_function', [params_process_old_events_one_thread], indirect=True) def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_eps, configure_wazuh_one_thread, - truncate_monitored_files, restart_wazuh_daemon_function, syslog_simulator): + set_wazuh_configuration_analysisd, configure_wazuh_one_thread, + truncate_monitored_files, restart_wazuh_daemon_function, + syslog_simulator_function): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is read the alerts.json file and it is stored the messages timestamp. The oldest message must have the @@ -82,7 +90,7 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - configure_wazuh_one_thread: @@ -94,7 +102,7 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - syslog_simulator: + - syslog_simulator_function: type: fixture brief: Execute a script that send syslog messages to the manager. @@ -109,7 +117,7 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic timestamp_bkp = datetime.strptime('0001-01-01T00:00:00.000+0000', '%Y-%m-%dT%H:%M:%S.%f+0000') regex = fr".*\"timestamp\":\"([^\"]*)\".*Login failed: admin, test AAAA, Message number: (\d+).*" file_monitor = FileMonitor(ALERT_FILE_PATH) - timestamp_list = evm.get_messages_info(file_monitor, regex, total_msg) + timestamp_list = evm.get_messages_info(file_monitor, regex, num_messages) # Check that the timestamp of the message in the alerts.json is lower than the next one, and messages are stored # secuentially index = 0 @@ -132,7 +140,7 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_eps, truncate_monitored_files, + set_wazuh_configuration_analysisd, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is @@ -160,7 +168,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: @@ -179,12 +187,12 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas patern_list = [PATTERN_A, PATTERN_B, PATTERN_C] total_msg_list = [] regex = fr".*Login failed: admin, test (\w+), Message number: (\d+).*" - messages_sent = int(params_process_old_events_multithread['total_msg']) + messages_sent = int(params_process_old_events_multithread['num_messages']) # Send custom messages type PATTERN_A custom_message = SYSLOG_CUSTOM_MESSAGE params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) - syslog_simulator_function(params_process_old_events_multithread) + syslog_simulator(params_process_old_events_multithread) sleep(timeframe_eps_t2[0] / 2) # Create a filemonitor file_monitor = FileMonitor(ALERT_FILE_PATH) @@ -194,7 +202,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas # Send custom messages type PATTERN_B custom_message = custom_message.replace(PATTERN_A, PATTERN_B) params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) - syslog_simulator_function(params_process_old_events_multithread) + syslog_simulator(params_process_old_events_multithread) sleep(timeframe_eps_t2[0] / 2) # Get total PATTERN_B messages total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) @@ -202,7 +210,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas # Send custom messages type PATTERN_C custom_message = custom_message.replace(PATTERN_B, PATTERN_C) params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) - syslog_simulator_function(params_process_old_events_multithread) + syslog_simulator(params_process_old_events_multithread) sleep(timeframe_eps_t2[0] / 2) # Get total PATTERN_C messages total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 38af0e38e1..68b83c8d78 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -1,12 +1,11 @@ import os from time import sleep -from datetime import datetime import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE +from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE pytestmark = [pytest.mark.server] @@ -31,18 +30,18 @@ # Get simulate agent configurations (t1) params_start_dropping_events_when_queue_full = get_simulate_agent_configuration(configurations_simulate_agent_path) timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 -expected_msg_dropped = total_msg - QUEUE_SIZE -params_start_dropping_events_when_queue_full.update({'total_msg': total_msg}) +num_messages = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 +expected_msg_dropped = num_messages - QUEUE_SIZE +params_start_dropping_events_when_queue_full.update({'num_messages': num_messages}) @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) -@pytest.mark.parametrize('simulate_agent', [params_start_dropping_events_when_queue_full], indirect=True) +@pytest.mark.parametrize('simulate_agent_function', [params_start_dropping_events_when_queue_full], indirect=True) def test_start_dropping_events_when_queue_full(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_eps, truncate_monitored_files, - restart_wazuh_daemon_function, simulate_agent): + set_wazuh_configuration_analysisd, truncate_monitored_files, + restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that the `events_dropped` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be greater than 1 and, `event_queue_usage` is equal to 1 @@ -68,7 +67,7 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, load_waz - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: @@ -77,7 +76,7 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, load_waz - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - simulate_agent: + - simulate_agent_function: type: fixture brief: Execute a script that simulate agent and send `logcolector` logs to the manager. @@ -109,7 +108,7 @@ def test_start_dropping_events_when_queue_full(configuration, metadata, load_waz # Check that there is event dropped. This means the queue is full assert events_dropped >= int(expected_msg_dropped * PERCENTAGE_PROCESS_MSGS) \ and events_dropped <= int(expected_msg_dropped * (1 + (1 - PERCENTAGE_PROCESS_MSGS))), 'events_dropped must '\ - 'be in the range of (total_msg - QUEUE_SIZE)' + f"be in the range of {num_messages - QUEUE_SIZE}" # Check that the queue usage is 1.0 (100%). This means the queue is full assert event_queue_usage == 1.0, 'event_queue_usage must be 1.0' diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index 903e91c1c7..e32950c619 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -1,17 +1,19 @@ import os from time import sleep -from datetime import datetime import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE, UPPER_QUEUE_HALF_SIZE_LIMIT, \ - LOWER_QUEUE_HALF_SIZE_LIMIT +from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE pytestmark = [pytest.mark.server] +# Global variables +UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 +LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 + # Reference paths TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') @@ -32,17 +34,17 @@ params_start_queuing_events_when_limit_reached = get_simulate_agent_configuration(configurations_simulate_agent_path) maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -total_msg = maximum_eps[0] * timeframe_eps_t1[0] + int(QUEUE_SIZE / 2) -params_start_queuing_events_when_limit_reached.update({'total_msg': total_msg}) +num_messages = maximum_eps[0] * timeframe_eps_t1[0] + int(QUEUE_SIZE / 2) +params_start_queuing_events_when_limit_reached.update({'num_messages': num_messages}) @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) -@pytest.mark.parametrize('simulate_agent', [params_start_queuing_events_when_limit_reached], indirect=True) +@pytest.mark.parametrize('simulate_agent_function', [params_start_queuing_events_when_limit_reached], indirect=True) def test_start_queuing_events_when_limit_reached(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_eps, truncate_monitored_files, - restart_wazuh_daemon_function, simulate_agent): + set_wazuh_configuration_analysisd, truncate_monitored_files, + restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` and, the `events_received` value must be greater than @@ -69,7 +71,7 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, load_w - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: @@ -78,7 +80,7 @@ def test_start_queuing_events_when_limit_reached(configuration, metadata, load_w - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - simulate_agent: + - simulate_agent_function: type: fixture brief: Execute a script that simulate agent and send `logcolector` logs to the manager. diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 098978049a..43fc83c203 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -1,12 +1,11 @@ import os from time import sleep -from datetime import datetime import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.eps import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE +from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS pytestmark = [pytest.mark.server] @@ -33,16 +32,16 @@ timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] # It is sent `width_frame` time frame width to reduce test time execution width_frame = 3 -total_msg = maximum_eps[0] * timeframe_eps_t1[0] * width_frame -params_stop_processing_events.update({'total_msg': total_msg}) +num_messages = maximum_eps[0] * timeframe_eps_t1[0] * width_frame +params_stop_processing_events.update({'num_messages': num_messages}) @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) -@pytest.mark.parametrize('simulate_agent', [params_stop_processing_events], indirect=True) -def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_eps, - truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent): +@pytest.mark.parametrize('simulate_agent_function', [params_stop_processing_events], indirect=True) +def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, + truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` @@ -67,7 +66,7 @@ def test_stops_processing_events(configuration, metadata, load_wazuh_basic_confi - load_wazuh_basic_configuration type: fixture brief: Load a basic configuration to the manager. - - set_wazuh_configuration_eps: + - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - truncate_monitored_files: @@ -76,7 +75,7 @@ def test_stops_processing_events(configuration, metadata, load_wazuh_basic_confi - restart_wazuh_daemon_function: type: fixture brief: Restart all the wazuh daemons. - - simulate_agent: + - simulate_agent_function: type: fixture brief: Execute a script that simulate agent and send `logcolector` logs to the manager. From 6a6f800a891420c22d2f2aa977b804f24af1b5a5 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 1 Sep 2022 12:26:44 -0300 Subject: [PATCH 52/79] docs(#2947): refactor documentation style --- .../wazuh_testing/scripts/simulate_agents.py | 17 +--- .../wazuh_testing/tools/agent_simulator.py | 78 ------------------- 2 files changed, 1 insertion(+), 94 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index 41744bf900..76673a34aa 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -14,10 +14,8 @@ def parse_custom_labels(labels): """Parse the wazuh labels from string list to dict. - Args: labels (list): Labels in format ["key1:value1", "key2:value2"] - Returns: dict: Labels dictionary. {key1:value1, key2:value2} """ @@ -36,7 +34,6 @@ def parse_custom_labels(labels): def process_script_parameters(args): """Process script parameters and edit them if necessary. - Args: args (argparse.Namespace): Script args. """ @@ -54,12 +51,10 @@ def process_script_parameters(args): def set_agent_modules_and_eps(agent, active_modules, modules_eps): """Set active modules and EPS to an agent. - Args: agent (Agent): agent object. active_modules (list): List of active modules. modules_eps (list): List of EPS for each active module. - Raises: ValueError: If number of active_modules items is not the same than the modules_eps. ValueError: If a module does not exist on the agent simulator. @@ -90,10 +85,8 @@ def set_agent_modules_and_eps(agent, active_modules, modules_eps): def create_agents(args): """Create a list of agents according to script parameters like the mode, EPS... - Args: args (list): List of script parameters. - Returns: list: List of agents to run. """ @@ -137,13 +130,11 @@ def create_agents(args): def create_injectors(agents, manager_address, protocol, limit_msg=None): """Create injectos objects from list of agents and connection parameters. - Args: agents (list): List of agents to create the injectors (1 injector/agent). manager_address (str): Manager IP address to connect the agents. protocol (str): TCP or UDP protocol to connect the agents to the manager. limit_msg (int): Maximum amount of message to be sent. - Returns: list: List of injector objects. """ @@ -160,7 +151,6 @@ def create_injectors(agents, manager_address, protocol, limit_msg=None): def start(injector, time_alive, limit_msg_enable=None): """Start the injector process for a specified time. - Args: injector (Injector): Injector object. time_alive (int): Period of time in seconds during the injector will be running. @@ -178,7 +168,6 @@ def start(injector, time_alive, limit_msg_enable=None): def stop(injector): """Stop the injector process. - Args: injector (Injector): Injector object. """ @@ -187,7 +176,6 @@ def stop(injector): def run(injectors, time_alive, limit_msg_enable=None): """Run each injector in a separated process. - Args: injectors (list): List of injector objects. time_alive (int): Period of time in seconds during the injector will be running. @@ -207,16 +195,13 @@ def run(injectors, time_alive, limit_msg_enable=None): def calculate_eps_distribution(data, max_eps_per_agent): """Calculate the distribution of agents and EPS according to the input ratio. - Args: data (list): List of dictionaries containing information about the module and the remaining EPS to be distributed. max_eps_per_agent (int): Maximum EPS load to be distributed to an agent. - Returns: list: List of tuples, containing in the first position the modules to be launched by that agent, and in the second position the EPS distribution for each module of that agent. - Example: Input: data =[ @@ -373,4 +358,4 @@ def main(): if __name__ == "__main__": - main() + main() \ No newline at end of file diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index d467968f9d..feb1e2c267 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -46,12 +46,10 @@ class Agent: """Class that allows us to simulate an agent registered in a manager. - This simulated agent allows sending-receiving messages and commands. In order to simulate syscollector, FIM, FIM Integrity, rootcheck, hostinfo, winevt and logcollector modules the following classes have been created: GeneratorSyscollector, GeneratorFIM, GeneratorIntegrityFIM, Rootcheck, GeneratorHostinfo, GeneratorWinevt, Logcollector. - Args: manager_address (str): Manager IP address. cypher (str, optional): Cypher method. It can be [aes, blowfish]. Default aes. @@ -70,7 +68,6 @@ class Agent: retry_enrollment (bool, optional): retry then enrollment in case of error. logcollector_msg_number (bool, optional): insert in the logcollector message the message number. custom_logcollector_message (str): Custom logcollector message to be sent by the agent. - Attributes: id (str): ID of the agent. name (str): Agent name. @@ -218,7 +215,6 @@ def set_os(self): def set_wpk_variables(self, sha=None, upgrade_exec_result=None, upgrade_notification=False, upgrade_script_result=0, stage_disconnect=None): """Set variables related to wpk simulated responses. - Args: sha (str): Shared key between manager and agent for remote upgrading. upgrade_exec_result (int): Upgrade result status code. @@ -267,7 +263,6 @@ def _register_helper(self): def register(self): """Request to register the agent in the manager. - In addition, it sets the agent id and agent key with the response data. """ if self.retry_enrollment: @@ -288,13 +283,10 @@ def register(self): @staticmethod def wazuh_padding(compressed_event): """Add the Wazuh custom padding to each event sent. - Args: compressed_event (bytes): Compressed event with zlib. - Returns: bytes: Padded event. - Examples: >>> wazuh_padding(b'x\\x9c\\x15\\xc7\\xc9\\r\\x00 \\x08\\x04\\xc0\\x96\\\\\\x94\\xcbn0H\\x03\\xda\\x7f \\x8c\\xf3\\x1b\\xd9e\\xec\\nJ[\\x04N\\xcf\\xa8\\xa6\\xa8\\x12\\x8d\\x08!\\xfe@}\\xb0 @@ -326,10 +318,8 @@ def create_encryption_key(self): @staticmethod def compose_event(message): """Compose event from raw message. - Returns: bytes: Composed event. - Examples: >>> compose_event('test') b'6ef859712d8b215d9daf071ff67aaa62555551234567891:5555:test' @@ -346,13 +336,10 @@ def compose_event(message): def encrypt(self, padded_event): """Encrypt event using AES or Blowfish encryption. - Args: padded_event (bytes): Padded event. - Returns: bytes: Encrypted event. - Examples: >>> agent.encrypt(b'!!!!!!!!x\\x9c\\x15\\xc7\\xc9\\r\\x00 \\x08\\x04\\xc0\\x96\\\\\\x94\\xcbn0H\\x03\\xda \\x7f\\x8c\\xf3\\x1b\\xd9e\\xec\\nJ[\\x04N\\xcf\\xa8\\xa6\\xa8\\x12\\x8d\\x08!\\xfe@} @@ -371,11 +358,9 @@ def encrypt(self, padded_event): def headers(self, agent_id, encrypted_event): """ Add event headers for AES or Blowfish Cyphers. - Args: agent_id (str): Agent id. encrypted_event (str): Encrypted event. - Returns: bytes: Encrypted event with headers. """ @@ -388,13 +373,10 @@ def headers(self, agent_id, encrypted_event): def create_event(self, message): """Build an event from a raw string message. - Args: message (str): Raw message. - Returns: bytes: Built event (compressed, padded, enceypted and with headers). - Examples: >>> create_event('test message') b'!005!#AES:\\xab\\xfa\\xcc2;\\x87\\xab\\x7fUH\\x03>_J\\xda=I\\x96\\xb5\\xa4\\x89\\xbe\\xbf`\\xd0\\xad @@ -416,7 +398,6 @@ def create_event(self, message): def receive_message(self, sender): """Agent listener to receive messages and process the accepted commands. - Args: sender (Sender): Object to establish connection with the manager socket and receive/send information. """ @@ -468,9 +449,7 @@ def stop_receiver(self): def process_message(self, sender, message): """Process agent received messages. - If the message contains reserved words, then it will be proceed as command. - Args: sender (Sender): Object to establish connection with the manager socket and receive/send information. message (str): Decoder message in ISO-8859-1 format. @@ -486,11 +465,9 @@ def process_message(self, sender, message): def process_command(self, sender, message_list): """Process agent received commands through the socket. - Args: sender (Sender): Object to establish connection with the manager socket and receive/send information. message_list (list): Message split by white spaces. - Raises: ValueError: if 'sha1' command and sha_key Agent value is not defined. ValueError: if execution result is not configured in the Agent. @@ -637,7 +614,6 @@ def create_keep_alive(self): def initialize_modules(self, disable_all_modules): """Initialize and enable agent modules. - Args: disable_all_modules (boolean): True to disable all modules, False to leave the default ones enabled. """ @@ -718,7 +694,6 @@ def get_agent_version(self): def get_connection_status(self): """Get agent connection status of global.db. - Returns: str: Agent connection status (connected, disconnected, never_connected) """ @@ -727,7 +702,6 @@ def get_connection_status(self): @retry(AttributeError, attempts=10, delay=5, delay_multiplier=1) def wait_status_active(self): """Wait until agent status is active in global.db. - Raises: AttributeError: If the agent is not active. Combined with the retry decorator makes a wait loop until the agent is active. @@ -740,7 +714,6 @@ def wait_status_active(self): def set_module_status(self, module_name, status): """Set module status. - Args: module_name (str): Module name. status (str): Module status. @@ -759,19 +732,15 @@ def set_module_attribute(self, module_name, attribute, value): class GeneratorSyscollector: """This class allows the generation of syscollector events. - Create events of different syscollector event types Network, Process, Port, Packages, OS, Hardware and Hotfix. In order to change messages events it randomized different fields of templates specified by . In order to simulate syscollector module, it send a set of the same syscollector type messages, which size is specified by `batch_size` attribute. Example of syscollector message: - d:syscollector:{"type":"network","ID":18,"timestamp":"2021/03/26 00:00:00","iface":{"name":"O977Q1F55O", "type":"ethernet","state":"up","MAC":"08:00:27:be:ce:3a","tx_packets":2135,"rx_packets":9091,"tx_bytes":210748, "rx_bytes":10134272,"tx_errors":0,"rx_errors":0,"tx_dropped":0,"rx_dropped":0,"MTU":1500,"IPv4": {"address":["10.0.2.15"],"netmask":["255.255.255.0"],"broadcast":["10.0.2.255"], "metric":100,"gateway":"10.0.2.2","DHCP":"enabled"}}} - - Args: agent_name (str): Name of the agent. batch_size (int): Number of messages of the same type @@ -789,10 +758,8 @@ def __init__(self, agent_name, batch_size): def format_event(self, message_type): """Format syscollector message of the specified type. - Args: message_type (str): Syscollector event type. - Returns: str: the generated syscollector event message. """ @@ -834,10 +801,8 @@ def format_event(self, message_type): def generate_event(self): """Generate syscollector event. - The event types are selected sequentially, creating a number of events of the same type specified in `bath_size`. - Returns: str: generated event with the desired format for syscollector """ @@ -857,9 +822,7 @@ def generate_event(self): class SCA: """This class allows the generation of sca_label events. - Create sca events, both summary and check. - Args: os (str): Agent operative system. """ @@ -873,7 +836,6 @@ def __init__(self, os): def get_message(self): """Alternatively creates summary and check SCA messages. - Returns: str: an sca_label message formatted with the required header codes. """ @@ -891,10 +853,8 @@ def get_message(self): def create_sca_event(self, event_type): """Create sca_label event of the desired type. - Args: event_type (str): Event type summary or check. - Returns: dict: SCA event. """ @@ -964,9 +924,7 @@ def create_check_sca_event(event_data): class Rootcheck: """This class allows the generation of rootcheck events. - Creates rootcheck events by sequentially repeating the events of a sample file file. - Args: agent_name (str): Name of the agent. agent_id (str): Id of the agent. @@ -1001,7 +959,6 @@ def setup(self): def get_message(self): """Returns a rootcheck message, informing when rootcheck scan starts and ends. - Returns: str: a Rootcheck generated message """ @@ -1028,7 +985,6 @@ def __init__(self, enable_msg_number=None, custom_logcollector_message=''): def generate_event(self): """Generate logcollector event - Returns: str: a Logcollector generated message """ @@ -1049,7 +1005,6 @@ def generate_event(self): class GeneratorIntegrityFIM: """This class allows the generation of fim_integrity events. - Args: agent_id (str): The id of the agent. agent_name (str): The name of the agent. @@ -1065,7 +1020,6 @@ def __init__(self, agent_id, agent_name, agent_version): def format_message(self, message): """Format FIM integrity message. - Args: message (str): Integrity fim event. """ @@ -1073,7 +1027,6 @@ def format_message(self, message): def generate_message(self): """Generate integrity FIM message according to `event_type` attribute. - Returns: str: an IntegrityFIM formatted message """ @@ -1103,7 +1056,6 @@ def generate_message(self): def get_message(self, event_type=None): """Generate a random kind of integrity FIM message according to `event_type` attribute. - Returns: str: an IntegrityFIM formatted message """ @@ -1118,11 +1070,9 @@ def get_message(self, event_type=None): class GeneratorHostinfo: """This class allows the generation of hostinfo events. - Creates hostinfo events, randomizing an open port detection template event on a host. It randomizes the host, as well as the ports and their protocol. The number of open ports of the event is a random number from 1 to 10. Example of hostinfo message: - 3:/var/log/nmap.log:Host: 95.211.24.108 (), open ports: 43270 (udp) 37146 (tcp) 19885 (tcp) """ def __init__(self): @@ -1133,7 +1083,6 @@ def __init__(self): def generate_event(self): """"Generates an arbitrary hostinfo message - Returns: str: an hostinfo formatted message """ @@ -1152,12 +1101,9 @@ def generate_event(self): class GeneratorWinevt: """This class allows the generation of winevt events. - Create events of the different winevt channels: System, Security, Application, Windows-Defender and Sysmon. It uses template events (`data/winevt.py`) for which the `EventID` field is randomized. Message structure: - f:EventChannel:{"Message":"","Event":""} - Args: agent_name (str): Name of the agent. agent_id (str): ID of the agent. @@ -1180,13 +1126,10 @@ def __init__(self, agent_name, agent_id): def generate_event(self, winevt_type=None): """Generate Windows event. - Generate the desired type of Windows event (winevt). If no type of winvt message is provided, all winvt message types will be generated sequentially. - Args: winevt_type (str): Winevt type message `system, security, application, windows-defender, sysmon`. - Returns: str: an windows event generated message. """ @@ -1202,7 +1145,6 @@ def generate_event(self, winevt_type=None): class GeneratorFIM: """This class allows the generation of FIM events. - Args: agent_id (str): The id of the agent. agent_name (str): The name of the agent. @@ -1240,7 +1182,6 @@ def __init__(self, agent_id, agent_name, agent_version): def random_file(self): """Initialize file attribute. - Returns: str: the new randomized file for the instance """ @@ -1249,7 +1190,6 @@ def random_file(self): def random_size(self): """Initialize file size with random value - Returns: str: the new randomized file size for the instance """ @@ -1258,7 +1198,6 @@ def random_size(self): def random_mode(self): """Initialize module attribute with `S_IFREG` or `S_IFLNK` - Returns: self._mode: the new randomized file mode for the instance """ @@ -1276,7 +1215,6 @@ def random_mode(self): def random_uid(self): """Initialize uid attribute with random value. - Returns: str: the new randomized file uid for the instance """ @@ -1286,7 +1224,6 @@ def random_uid(self): def random_gid(self): """Initialize gid attribute with random value. - Returns: str: the new randomized gid for the instance, str: the new randomized gname for the instance. @@ -1385,7 +1322,6 @@ def check_changed_attributes(self, attributes, old_attributes): def get_attributes(self): """Return GeneratorFIM attributes. - Returns: dict: instance attributes. """ @@ -1404,7 +1340,6 @@ def format_message(self, message): """Format FIM message. Args: message (str): FIM message. - Returns: str: generated message with the required FIM header. """ @@ -1423,7 +1358,6 @@ def format_message(self, message): def generate_message(self): """Generate FIM event based on `event_type` and `agent_version` attribute. - Returns: str: generated message with the required FIM header. """ @@ -1470,7 +1404,6 @@ def get_message(self, event_mode=None, event_type=None): Args: event_mode (str): Event mode `real-time, whodata, scheduled`. event_type (str): Event type `added, modified, deleted`. - Returns: str: generated message. """ @@ -1491,13 +1424,11 @@ def get_message(self, event_mode=None, event_type=None): class Sender: """This class sends events to the manager through a socket. - Attributes: manager_address (str): IP of the manager. manager_port (str, optional): port used by remoted in the manager. protocol (str, optional): protocol used by remoted. TCP or UDP. socket (socket): sock_stream used to connect with remoted. - Examples: To create a Sender, you need to create an agent first, and then, create the sender. Finally, to send messages you will need to use both agent and sender to create an injector. @@ -1535,11 +1466,9 @@ def send_event(self, event): class Injector: """This class simulates a daemon used to send and receive messages with the manager. - Each `Agent` needs an injector and a sender to be able to communicate with the manager. This class will create a thread using `InjectorThread` which will behave similarly to an UNIX daemon. The `InjectorThread` will send and receive the messages using the `Sender` - Attributes: sender (Sender): sender used to connect to the sockets and send messages. agent (agent): agent owner of the injector and the sender. @@ -1547,7 +1476,6 @@ class Injector: agent. threads (list): list containing all the threads created. limit_msg (int): Maximum amount of message to be sent. - Examples: To create an Injector, you need to create an agent, a sender and then, create the injector using both of them. >>> import wazuh_testing.tools.agent_simulator as ag @@ -1593,7 +1521,6 @@ def wait(self): class InjectorThread(threading.Thread): """This class creates a thread who will create and send the events to the manager for each module. - Attributes: thread_id (int): ID of the thread. name (str): name of the thread. It is composed as Thread-{agent.id}{module}. @@ -1642,7 +1569,6 @@ def keep_alive(self): def run_module(self, module): """Send a module message from the agent to the manager. - Args: module (str): Module name """ @@ -1735,9 +1661,7 @@ def stop_rec(self): def create_agents(agents_number, manager_address, cypher='aes', fim_eps=100, authd_password=None, agents_os=None, agents_version=None, disable_all_modules=False): """Create a list of generic agents - This will create a list with `agents_number` amount of agents. All of them will be registered in the same manager. - Args: agents_number (int): total number of agents. manager_address (str): IP address of the manager. @@ -1747,7 +1671,6 @@ def create_agents(agents_number, manager_address, cypher='aes', fim_eps=100, aut agents_os (list, optional): list containing different operative systems for the agents. agents_version (list, optional): list containing different version of the agent. disable_all_modules (boolean): Disable all simulated modules for this agent. - Returns: list: list of the new virtual agents. """ @@ -1768,7 +1691,6 @@ def create_agents(agents_number, manager_address, cypher='aes', fim_eps=100, aut def connect(agent, manager_address='localhost', protocol=TCP, manager_port='1514'): """Connects an agent to the manager - Args: agent (Agent): agent to connect. manager_address (str): address of the manager. It can be an IP or a DNS. From e71d45bccf45cdd14836ba355b03115479d5f1cf Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 1 Sep 2022 12:28:26 -0300 Subject: [PATCH 53/79] refactor(#2947): clean code and refactor fixture names --- .../wazuh_testing/tools/configuration.py | 9 +-- .../test_analysisd/test_eps/conftest.py | 59 +++---------------- 2 files changed, 13 insertions(+), 55 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/configuration.py b/deps/wazuh_testing/wazuh_testing/tools/configuration.py index cca5082738..6bff1a47bf 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/configuration.py +++ b/deps/wazuh_testing/wazuh_testing/tools/configuration.py @@ -787,15 +787,16 @@ def get_syslog_simulator_configuration(data_file_path): return get_configuration(data_file_path) -def get_wazuh_local_rules() -> List[str]: +def get_wazuh_local_rules(): """ Get current `local_rules.xml` file content. Returns - List of str: A list containing all the lines of the `local_rules.xml` file. + List(str): A list containing all the lines of the `local_rules.xml` file. """ - with open(LOCAL_RULES_PATH) as f: - lines = f.readlines() + with open(LOCAL_RULES_PATH) as file: + lines = file.readlines() + return lines diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 452f2be2d0..ec86c25e43 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -2,14 +2,11 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 import os -import shutil -from typing import List import pytest from wazuh_testing.tools.services import control_service -from wazuh_testing.tools import configuration, ARCHIVES_LOG_FILE_PATH, \ - ALERT_LOGS_PATH, ALERT_FILE_PATH, ALERT_DIRECTORY, WAZUH_INTERNAL_OPTIONS -from wazuh_testing.modules.eps import simulate_agent_function, syslog_simulator_function +from wazuh_testing.tools import configuration +from wazuh_testing.modules.analysisd import simulate_agent, syslog_simulator @pytest.fixture(scope='function') @@ -40,7 +37,7 @@ def configure_local_internal_options_eps(request): @pytest.fixture(scope='function') -def set_wazuh_configuration_eps(configuration, set_wazuh_configuration, configure_local_internal_options_eps): +def set_wazuh_configuration_analysisd(configuration, set_wazuh_configuration, configure_local_internal_options_eps): """Set wazuh configuration Args: @@ -52,34 +49,13 @@ def set_wazuh_configuration_eps(configuration, set_wazuh_configuration, configur @pytest.fixture(scope='function') -def simulate_agent(request): +def simulate_agent_function(request): """Fixture to run the script simulate_agent.py""" - simulate_agent_function(request.param) + simulate_agent(request.param) yield -def delete_folder_content(folder): - """Delete alerts folder content execution""" - for filename in os.listdir(folder): - filepath = os.path.join(folder, filename) - try: - shutil.rmtree(filepath) - except OSError: - os.remove(filepath) - - -@pytest.fixture(scope='function') -def delete_alerts_folder(): - """Delete alerts folder content before and after execution""" - - delete_folder_content(ALERT_DIRECTORY) - - yield - - delete_folder_content(ALERT_DIRECTORY) - - @pytest.fixture(scope='function') def configure_wazuh_one_thread(): """Fixture to configure the local internal options file to work with one thread.""" @@ -103,7 +79,7 @@ def configure_wazuh_one_thread(): @pytest.fixture(scope='session') def load_wazuh_basic_configuration(): - """Load a new basic ocnfiguration to the manager""" + """Load a new basic configuration to the manager""" # Reference paths DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(DATA_PATH, 'wazuh_basic_configuration') @@ -120,28 +96,9 @@ def load_wazuh_basic_configuration(): configuration.write_wazuh_conf(backup_ossec_configuration) -@pytest.fixture(scope='module') -def load_local_rules(): - """Load local rules to override original rules""" - # Reference paths - DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') - CONFIGURATIONS_PATH = os.path.join(DATA_PATH, 'wazuh_rules') - configurations_path = os.path.join(CONFIGURATIONS_PATH, 'local_rules.xml') - - backup_local_rules = configuration.get_wazuh_local_rules() - - with open(configurations_path, 'r') as file: - lines = file.readlines() - configuration.write_wazuh_local_rules(lines) - - yield - - configuration.write_wazuh_local_rules(backup_local_rules) - - @pytest.fixture(scope='function') -def syslog_simulator(request): +def syslog_simulator_function(request): """Fixture to run the script syslog_simulator.py""" - syslog_simulator_function(request.param) + syslog_simulator(request.param) yield From 120e6c0e7d2c31fe7436682ea726756ad36c63f2 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Thu, 1 Sep 2022 12:29:16 -0300 Subject: [PATCH 54/79] refactor(#2947): refactor configuration --- .../data/configuration_syslog_simulator.yaml | 2 +- .../data/wazuh_basic_configuration/ossec.conf | 32 +++++++++++++++++++ .../test_eps/data/wazuh_rules/local_rules.xml | 13 -------- 3 files changed, 33 insertions(+), 14 deletions(-) delete mode 100644 tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml index 3e87352529..a09b06b79a 100644 --- a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml +++ b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml @@ -2,7 +2,7 @@ description: Syslog simulator params configuration configuration_parameters: message: '""' - total_msg: '100' + num_messages: '100' msg_size: '1' interval_burst_time: '5' messages_per_burst: '50' diff --git a/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf b/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf index 73a3d7d9ff..388eb62feb 100644 --- a/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf +++ b/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf @@ -15,6 +15,38 @@ 131072 + + + yes + + + + yes + + + + + yes + + + + + yes + + + + no + + + + no + + + + + yes + + ruleset/decoders diff --git a/tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml b/tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml deleted file mode 100644 index fd3b94246e..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/wazuh_rules/local_rules.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - 9999 - - sshd: brute force trying to get access to the system. Non existent user. - - T1110 - - authentication_failures,gdpr_IV_35.7.d,gdpr_IV_32.2,hipaa_164.312.b,nist_800_53_SI.4,nist_800_53_AU.14,nist_800_53_AC.7,pci_dss_11.4,pci_dss_10.2.4,pci_dss_10.2.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3, - - - From a30dcef6e14af890666ee3a381b9307118e037c8 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Fri, 2 Sep 2022 09:02:24 -0300 Subject: [PATCH 55/79] refactor(#2947): refactor code style --- deps/wazuh_testing/wazuh_testing/__init__.py | 2 -- .../wazuh_testing/wazuh_testing/modules/eps/event_monitor.py | 2 +- deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py | 2 +- .../test_analysisd/test_eps/test_invalid_configuration.py | 5 +++-- .../test_analysisd/test_eps/test_stop_processing_events.py | 5 +++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index b9d93a5670..70ff66a10b 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -27,7 +27,6 @@ WAZUH_DB_SOCKET_PATH = os.path.join(QUEUE_DB_PATH, 'wdb') CVE_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'cve.db') LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'ossec.log') -ALERTS_DIRECTORY_PATH = os.path.join(WAZUH_LOGS_PATH, 'alerts') ALERTS_JSON_PATH = os.path.join(WAZUH_PATH, 'logs', 'alerts', 'alerts.json') CPE_HELPER_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'dictionaries', 'cpe_helper.json') WAZUH_API_CONF = os.path.join(WAZUH_PATH, 'api', 'configuration', 'api.yaml') @@ -60,7 +59,6 @@ SIMULATE_AGENT = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'simulate_agents.py') SYSLOG_SIMULATOR = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'syslog_simulator.py') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') -WAZUH_INTERNAL_OPTIONS = os.path.join(WAZUH_PATH, 'etc', 'internal_options.conf') # Timeouts T_5 = 5 diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py index 8ea0e26a39..a43b2a60f9 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py @@ -85,7 +85,7 @@ def get_analysisd_state(): def get_messages_info(file_monitor, message, accum_results): - """Check if the alerts.log file contains the message + """Check if the alerts.json file contains the message Args: file_monitor (FileMonitor): Wazuh log monitor diff --git a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py index 76673a34aa..7990097557 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/simulate_agents.py @@ -358,4 +358,4 @@ def main(): if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 0cf9ddb654..41d5616562 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -28,8 +28,9 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_after_finishing): +def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration_analysisd, truncate_monitored_files, + restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` and `timeframe` are not present in the configuration file. diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 43fc83c203..82f41e126d 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -40,8 +40,9 @@ @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) @pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) @pytest.mark.parametrize('simulate_agent_function', [params_stop_processing_events], indirect=True) -def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): +def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration_analysisd, truncate_monitored_files, + restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` From 19ea2cdd15025cf770c7952837f952c32b6aa815 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Mon, 5 Sep 2022 11:39:41 +0200 Subject: [PATCH 56/79] refactor(2947): Improve daemon checking in EPS limit tests --- .../test_analysisd/test_eps/test_default_values.py | 5 +++-- .../integration/test_analysisd/test_eps/test_disabled.py | 8 +++++--- tests/integration/test_analysisd/test_eps/test_enabled.py | 5 +++-- .../test_analysisd/test_eps/test_invalid_configuration.py | 6 ++++-- .../test_analysisd/test_eps/test_invalid_values.py | 5 +++-- 5 files changed, 18 insertions(+), 11 deletions(-) diff --git a/tests/integration/test_analysisd/test_eps/test_default_values.py b/tests/integration/test_analysisd/test_eps/test_default_values.py index 9ec768e849..4e4ba0d43a 100644 --- a/tests/integration/test_analysisd/test_eps/test_default_values.py +++ b/tests/integration/test_analysisd/test_eps/test_default_values.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_deamon_is_running +from wazuh_testing.processes import check_if_daemons_are_running pytestmark = [pytest.mark.server] @@ -76,5 +76,6 @@ def test_without_timeframe(configuration, metadata, load_wazuh_basic_configurati - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' ''' evm.check_eps_enabled(metadata['maximum'], TIMEFRAME_DEFAULT_VALUE) + # Check that wazuh-analysisd is running - check_if_deamon_is_running('wazuh-analysisd') + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index f18d327be4..1071ea3983 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_deamon_is_running +from wazuh_testing.processes import check_if_daemons_are_running pytestmark = [pytest.mark.server] @@ -83,8 +83,9 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' ''' evm.check_eps_disabled() + # Check that wazuh-analysisd is running - check_if_deamon_is_running('wazuh-analysisd') + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' @pytest.mark.tier(level=0) @@ -137,5 +138,6 @@ def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' ''' evm.check_eps_disabled() + # Check that wazuh-analysisd is running - check_if_deamon_is_running('wazuh-analysisd') + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index ed0b8a88b4..da827b6f16 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_deamon_is_running +from wazuh_testing.processes import check_if_daemons_are_running pytestmark = [pytest.mark.server] @@ -75,5 +75,6 @@ def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wa - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' ''' evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) + # Check that wazuh-analysisd is running - check_if_deamon_is_running('wazuh-analysisd') + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 41d5616562..8ffe011942 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -5,7 +5,7 @@ from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.services import control_service from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_deamon_is_not_running +from wazuh_testing.processes import check_if_daemons_are_running pytestmark = [pytest.mark.server] @@ -79,5 +79,7 @@ def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_con control_service('restart') except ValueError: evm.check_configuration_error() + # Check that wazuh-analysisd is not running - check_if_deamon_is_not_running('wazuh-analysisd') + assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ + 'expected to' diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index b51e6f651b..2d22e00a90 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -5,7 +5,7 @@ from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.services import control_service from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_deamon_is_not_running +from wazuh_testing.processes import check_if_daemons_are_running pytestmark = [pytest.mark.server] @@ -79,4 +79,5 @@ def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, except ValueError: evm.check_configuration_error() # Check that wazuh-analysisd is not running - check_if_deamon_is_not_running('wazuh-analysisd') + assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ + 'expected to' From 5e114eb16409442f119b13d2d346ef441af8e41d Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Mon, 5 Sep 2022 15:43:09 +0200 Subject: [PATCH 57/79] refactor(#2947): Move simulator functions to new module --- .../modules/analysisd/__init__.py | 37 ------------------- .../wazuh_testing/tools/run_simulator.py | 35 ++++++++++++++++++ .../test_analysisd/test_eps/conftest.py | 2 +- ...t_process_old_events_instead_new_events.py | 2 +- 4 files changed, 37 insertions(+), 39 deletions(-) create mode 100644 deps/wazuh_testing/wazuh_testing/tools/run_simulator.py diff --git a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py index 86e2e4c306..2f3480b665 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py @@ -1,11 +1,4 @@ -import socket -import subprocess -import sys - -from wazuh_testing import SIMULATE_AGENT, SYSLOG_SIMULATOR - - ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' MAILD_PREFIX = r'.*wazuh-maild.*' @@ -13,33 +6,3 @@ ANALYSISD_STATE_INTERNAL_DEFAULT = '5' PERCENTAGE_PROCESS_MSGS = 0.95 QUEUE_SIZE = 16384 - - -def simulate_agent(param): - """Function to run the script simulate_agent.py - - Args: - param (dict): Dictionary with script parameters - """ - # Get IP address of the host - hostname = socket.gethostname() - ip_addr = socket.gethostbyname(hostname) - - python_executable = sys.executable - subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {param['num_agent']} \ - -m {param['modules']} -s {param['eps']} -t {param['time']} \ - -f {param['msg_size']} -e {param['num_messages']} \ - -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ - -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) - - -def syslog_simulator(param): - """Function to run the script syslog_simulator.py - - Args: - param (dict): Dictionary with script parameters - """ - python_executable = sys.executable - subprocess.call(f"{python_executable} {SYSLOG_SIMULATOR} -m {param['message']} -e {param['num_messages']} \ - -f {param['msg_size']} -t {param['interval_burst_time']} -b {param['messages_per_burst']}", - shell=True) diff --git a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py new file mode 100644 index 0000000000..14d5f7dec3 --- /dev/null +++ b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py @@ -0,0 +1,35 @@ +import socket +import subprocess +import sys + +from wazuh_testing import SIMULATE_AGENT, SYSLOG_SIMULATOR + + +def simulate_agent(param): + """Function to run the script simulate_agent.py + + Args: + param (dict): Dictionary with script parameters + """ + # Get IP address of the host + hostname = socket.gethostname() + ip_addr = socket.gethostbyname(hostname) + + python_executable = sys.executable + subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {param['num_agent']} \ + -m {param['modules']} -s {param['eps']} -t {param['time']} \ + -f {param['msg_size']} -e {param['num_messages']} \ + -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ + -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) + + +def syslog_simulator(param): + """Function to run the script syslog_simulator.py + + Args: + param (dict): Dictionary with script parameters + """ + python_executable = sys.executable + subprocess.call(f"{python_executable} {SYSLOG_SIMULATOR} -m {param['message']} -e {param['num_messages']} \ + -f {param['msg_size']} -t {param['interval_burst_time']} -b {param['messages_per_burst']}", + shell=True) diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index ec86c25e43..e69e4a456b 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -6,7 +6,7 @@ from wazuh_testing.tools.services import control_service from wazuh_testing.tools import configuration -from wazuh_testing.modules.analysisd import simulate_agent, syslog_simulator +from wazuh_testing.tools.run_simulator import simulate_agent,syslog_simulator @pytest.fixture(scope='function') diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 3deabdc591..fd5afe803d 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -7,7 +7,7 @@ get_syslog_simulator_configuration from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.monitoring import FileMonitor -from wazuh_testing.modules.analysisd import syslog_simulator +from wazuh_testing.tools.run_simulator import syslog_simulator from wazuh_testing.tools import ALERT_FILE_PATH From 50eeb07a83c503ff21ed554a9d937e23d47c0927 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Mon, 5 Sep 2022 15:58:44 +0200 Subject: [PATCH 58/79] refactor(#2947): Move EPS event monitor to analysisd module --- .../modules/{eps => analysisd}/event_monitor.py | 13 ++++++------- .../wazuh_testing/modules/eps/__init__.py | 0 .../test_analysisd/test_eps/test_default_values.py | 2 +- .../test_analysisd/test_eps/test_disabled.py | 2 +- .../test_analysisd/test_eps/test_enabled.py | 2 +- .../test_eps/test_invalid_configuration.py | 2 +- .../test_analysisd/test_eps/test_invalid_values.py | 2 +- .../test_eps/test_no_eps_configuration.py | 2 +- .../test_process_old_events_instead_new_events.py | 2 +- .../test_start_dropping_events_when_queue_full.py | 2 +- .../test_start_queuing_events_when_limit_reached.py | 2 +- .../test_eps/test_stop_processing_events.py | 2 +- 12 files changed, 16 insertions(+), 17 deletions(-) rename deps/wazuh_testing/wazuh_testing/modules/{eps => analysisd}/event_monitor.py (89%) delete mode 100644 deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py similarity index 89% rename from deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py rename to deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py index a43b2a60f9..83f066aee6 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/eps/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py @@ -1,6 +1,6 @@ import re -import wazuh_testing as eps +from wazuh_testing import T_10, T_20, T_60 from wazuh_testing.modules.analysisd import ANALYSISD_PREFIX, MAILD_PREFIX from wazuh_testing import LOG_FILE_PATH, ANALYSISD_STATE from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback_groups @@ -28,8 +28,7 @@ def make_analysisd_callback(pattern, prefix=ANALYSISD_PREFIX): def check_analysisd_event(file_monitor=None, callback='', error_message=None, update_position=True, - timeout=eps.T_60, prefix=ANALYSISD_PREFIX, accum_results=1, - file_to_monitor=LOG_FILE_PATH): + timeout=T_60, prefix=ANALYSISD_PREFIX, accum_results=1, file_to_monitor=LOG_FILE_PATH): """Check if a analysisd event occurs Args: @@ -51,18 +50,18 @@ def check_analysisd_event(file_monitor=None, callback='', error_message=None, up def check_eps_disabled(): """Check if the eps module is disabled""" - check_analysisd_event(callback=fr'.*INFO: EPS limit disabled.*', timeout=eps.T_10) + check_analysisd_event(callback=fr'.*INFO: EPS limit disabled.*', timeout=T_10) def check_eps_enabled(maximum, timeframe): """Check if the eps module is enable""" check_analysisd_event(callback=fr".*INFO: EPS limit enabled, EPS: '{maximum}', timeframe: '{timeframe}'", - timeout=eps.T_10) + timeout=T_10) def check_configuration_error(): """Check the configuration error event in ossec.log""" - check_analysisd_event(timeout=eps.T_10, callback=r".* \(\d+\): Configuration error at.*", + check_analysisd_event(timeout=T_10, callback=r".* \(\d+\): Configuration error at.*", error_message="Could not find the event 'Configuration error at 'etc/ossec.conf' " 'in ossec.log', prefix=MAILD_PREFIX) @@ -97,7 +96,7 @@ def get_messages_info(file_monitor, message, accum_results): """ error_message = f"Could not find this event in {message}" - result = file_monitor.start(timeout=eps.T_20, update_position=True, accum_results=accum_results, + result = file_monitor.start(timeout=T_20, update_position=True, accum_results=accum_results, callback=generate_monitoring_callback_groups(message), error_message=error_message).result() diff --git a/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/eps/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/tests/integration/test_analysisd/test_eps/test_default_values.py b/tests/integration/test_analysisd/test_eps/test_default_values.py index 4e4ba0d43a..0a064f1138 100644 --- a/tests/integration/test_analysisd/test_eps/test_default_values.py +++ b/tests/integration/test_analysisd/test_eps/test_default_values.py @@ -2,7 +2,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index 1071ea3983..2e96b5861e 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -2,7 +2,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index da827b6f16..4a9aa54a73 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -2,7 +2,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index 8ffe011942..a6cdd456c3 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -2,7 +2,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.tools.services import control_service from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index 2d22e00a90..8b6c607dbe 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -2,7 +2,7 @@ import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.tools.services import control_service from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index 59a1bccba9..24482546f4 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -3,7 +3,7 @@ import pytest from wazuh_testing.tools.configuration import get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT, PERCENTAGE_PROCESS_MSGS diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index fd5afe803d..1c630498ec 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -5,7 +5,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_syslog_simulator_configuration -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.run_simulator import syslog_simulator from wazuh_testing.tools import ALERT_FILE_PATH diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 68b83c8d78..56b014a0db 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index e32950c619..a15ac39a66 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index 82f41e126d..e6285aa020 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm +from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS From 5ac7de72ffcd488e08c255a5df84578a4d424163 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Thu, 8 Sep 2022 14:26:34 +0200 Subject: [PATCH 59/79] refactor(#2947): update fixture for setting local internal options --- tests/integration/conftest.py | 119 ++++++++++-------- .../test_analysisd/test_eps/conftest.py | 27 ---- .../test_eps/test_default_values.py | 8 +- .../test_analysisd/test_eps/test_disabled.py | 13 +- .../test_analysisd/test_eps/test_enabled.py | 7 +- .../test_eps/test_invalid_configuration.py | 7 +- .../test_eps/test_invalid_values.py | 8 +- .../test_eps/test_no_eps_configuration.py | 8 +- ...t_process_old_events_instead_new_events.py | 30 +++-- ...t_start_dropping_events_when_queue_full.py | 14 ++- ...start_queuing_events_when_limit_reached.py | 16 ++- .../test_eps/test_stop_processing_events.py | 15 ++- 12 files changed, 144 insertions(+), 128 deletions(-) diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index fdb1a180b8..b272aac5de 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -138,6 +138,14 @@ def restart_wazuh_daemon_after_finishing(daemon=None): control_service("restart", daemon=daemon) +@pytest.fixture(scope='function') +def restart_analysisd_function(): + """Restart wazuh-analysisd daemon before starting a test, and stop it after finishing""" + control_service('restart', daemon='wazuh-analysisd') + yield + control_service('stop', daemon='wazuh-analysisd') + + @pytest.fixture(scope='module') def reset_ossec_log(get_configuration, request): # Reset ossec.log and start a new monitor @@ -545,6 +553,67 @@ def connect_to_sockets_configuration(request, get_configuration): close_sockets(receiver_sockets) +@pytest.fixture(scope='module') +def configure_local_internal_options_module(request): + """Fixture to configure the local internal options file. + + It uses the test variable local_internal_options. This should be + a dictionary wich keys and values corresponds to the internal option configuration, For example: + local_internal_options = {'monitord.rotate_log': '0', 'syscheck.debug': '0' } + """ + try: + local_internal_options = request.param + except AttributeError: + try: + local_internal_options = getattr(request.module, 'local_internal_options') + except AttributeError: + logger.debug('local_internal_options is not set') + raise AttributeError('Error when using the fixture "configure_local_internal_options_module", no ' \ + 'parameter has been passed explicitly, nor is the variable local_internal_options ' \ + 'found in the module.') from AttributeError + + backup_local_internal_options = conf.get_local_internal_options_dict() + + logger.debug(f"Set local_internal_option to {str(local_internal_options)}") + conf.set_local_internal_options_dict(local_internal_options) + + yield local_internal_options + + logger.debug(f"Restore local_internal_option to {str(backup_local_internal_options)}") + conf.set_local_internal_options_dict(backup_local_internal_options) + + +@pytest.fixture(scope='function') +def configure_local_internal_options_function(request): + """Fixture to configure the local internal options file. + + It uses the test variable local_internal_options. This should be + a dictionary wich keys and values corresponds to the internal option configuration, For example: + local_internal_options = {'monitord.rotate_log': '0', 'syscheck.debug': '0' } + """ + try: + local_internal_options = request.param + except AttributeError: + try: + local_internal_options = getattr(request.module, 'local_internal_options') + except AttributeError: + logger.debug('local_internal_options is not set') + raise AttributeError('Error when using the fixture "configure_local_internal_options_module", no ' \ + 'parameter has been passed explicitly, nor is the variable local_internal_options ' \ + 'found in the module.') from AttributeError + + backup_local_internal_options = conf.get_local_internal_options_dict() + + logger.debug(f"Set local_internal_option to {str(local_internal_options)}") + conf.set_local_internal_options_dict(local_internal_options) + + yield + + logger.debug(f"Restore local_internal_option to {str(backup_local_internal_options)}") + conf.set_local_internal_options_dict(backup_local_internal_options) + + +# DEPRECATED @pytest.fixture(scope='module') def configure_local_internal_options(get_local_internal_options): """Configure Wazuh local internal options. @@ -911,31 +980,6 @@ def file_monitoring(request): logger.debug(f"Trucanted {file_to_monitor}") -@pytest.fixture(scope='module') -def configure_local_internal_options_module(request): - """Fixture to configure the local internal options file. - - It uses the test variable local_internal_options. This should be - a dictionary wich keys and values corresponds to the internal option configuration, For example: - local_internal_options = {'monitord.rotate_log': '0', 'syscheck.debug': '0' } - """ - try: - local_internal_options = getattr(request.module, 'local_internal_options') - except AttributeError as local_internal_configuration_not_set: - logger.debug('local_internal_options is not set') - raise local_internal_configuration_not_set - - backup_local_internal_options = conf.get_local_internal_options_dict() - - logger.debug(f"Set local_internal_option to {str(local_internal_options)}") - conf.set_local_internal_options_dict(local_internal_options) - - yield - - logger.debug(f"Restore local_internal_option to {str(backup_local_internal_options)}") - conf.set_local_internal_options_dict(backup_local_internal_options) - - @pytest.fixture(scope='function') def set_wazuh_configuration(configuration): """Set wazuh configuration @@ -961,31 +1005,6 @@ def set_wazuh_configuration(configuration): conf.write_wazuh_conf(backup_config) -@pytest.fixture(scope='function') -def configure_local_internal_options_function(request): - """Fixture to configure the local internal options file. - - It uses the test variable local_internal_options. This should be - a dictionary wich keys and values corresponds to the internal option configuration, For example: - local_internal_options = {'monitord.rotate_log': '0', 'syscheck.debug': '0' } - """ - try: - local_internal_options = getattr(request.module, 'local_internal_options') - except AttributeError as local_internal_configuration_not_set: - logger.debug('local_internal_options is not set') - raise local_internal_configuration_not_set - - backup_local_internal_options = conf.get_local_internal_options_dict() - - logger.debug(f"Set local_internal_option to {str(local_internal_options)}") - conf.set_local_internal_options_dict(local_internal_options) - - yield - - logger.debug(f"Restore local_internal_option to {str(backup_local_internal_options)}") - conf.set_local_internal_options_dict(backup_local_internal_options) - - @pytest.fixture(scope='function') def truncate_monitored_files(): """Truncate all the log files and json alerts files before and after the test execution""" diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index e69e4a456b..8ae42e3093 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -9,33 +9,6 @@ from wazuh_testing.tools.run_simulator import simulate_agent,syslog_simulator -@pytest.fixture(scope='function') -def restart_analysisd_function(): - """Restart wazuh-analysisd daemon before starting a test, and stop it after finishing""" - control_service('restart', daemon='wazuh-analysisd') - yield - control_service('stop', daemon='wazuh-analysisd') - - -@pytest.fixture(scope='module') -def configure_local_internal_options_eps(request): - """Fixture to configure the local internal options file.""" - # Define local internal options for EPS tests - local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{request.param[0]}"} - - # Backup the old local internal options - backup_local_internal_options = configuration.get_wazuh_local_internal_options() - - # Set the new local internal options configuration - configuration.set_wazuh_local_internal_options(configuration.create_local_internal_options(local_internal_options)) - - yield - - # Backup the old local internal options cofiguration - configuration.set_wazuh_local_internal_options(backup_local_internal_options) - - @pytest.fixture(scope='function') def set_wazuh_configuration_analysisd(configuration, set_wazuh_configuration, configure_local_internal_options_eps): """Set wazuh configuration diff --git a/tests/integration/test_analysisd/test_eps/test_default_values.py b/tests/integration/test_analysisd/test_eps/test_default_values.py index 0a064f1138..615b6767df 100644 --- a/tests/integration/test_analysisd/test_eps/test_default_values.py +++ b/tests/integration/test_analysisd/test_eps/test_default_values.py @@ -11,6 +11,8 @@ # Global variables TIMEFRAME_DEFAULT_VALUE = 10 +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} # Reference paths TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') @@ -29,9 +31,9 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_function): +def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, + restart_wazuh_daemon_function): ''' description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, and `timeframe` is not present. In this case, 'timeframe' will be set with a default value. diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py index 2e96b5861e..3c68b88725 100644 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ b/tests/integration/test_analysisd/test_eps/test_disabled.py @@ -13,6 +13,8 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} # Configuration and cases data t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') @@ -34,9 +36,8 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_function): +def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is not started when `maximum` is set to a value equal to 0, or with an empty value, and `timeframe` is set to a value greater than 0 and lower than 3600. @@ -90,9 +91,9 @@ def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_w @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_function): +def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, + restart_wazuh_daemon_function): ''' description: Check that limits EPS is not started when `maximum` value is not present in the configuration file. diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py index 4a9aa54a73..0d87370d25 100644 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ b/tests/integration/test_analysisd/test_eps/test_enabled.py @@ -13,6 +13,8 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} # Configuration and cases data configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_enabled.yaml') @@ -26,9 +28,8 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_function): +def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, and `timeframe` is set to a value greater than 0 and lower than 3600. diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py index a6cdd456c3..4b87b4eabe 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py @@ -14,6 +14,8 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} # Configuration and cases data t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximum.yaml') @@ -27,10 +29,9 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_analysisd, truncate_monitored_files, - restart_wazuh_daemon_after_finishing): + set_wazuh_configuration, configure_local_internal_options_module, + truncate_monitored_files, restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when `maximum` and `timeframe` are not present in the configuration file. diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py index 8b6c607dbe..6d147a54c2 100644 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ b/tests/integration/test_analysisd/test_eps/test_invalid_values.py @@ -14,6 +14,8 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} # Configuration and cases data configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_invalid_values.yaml') @@ -28,9 +30,9 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration_analysisd, - truncate_monitored_files, restart_wazuh_daemon_after_finishing): +def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, + restart_wazuh_daemon_after_finishing): ''' description: Check that wazuh manager is not started when an invalid value is set to `maximum` and/or `timeframe`. diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py index 24482546f4..23fe678614 100644 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py @@ -14,6 +14,8 @@ # Simulate agent configuration configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, 'configuration_simulate_agent.yaml') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} # Get simulate agent configurations (t1) params_disabled_eps = get_simulate_agent_configuration(configurations_simulate_agent_path) @@ -22,8 +24,7 @@ @pytest.mark.tier(level=0) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) -def test_disabled(load_wazuh_basic_configuration, configure_local_internal_options_eps, +def test_disabled(load_wazuh_basic_configuration, configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that limits EPS is disabled when it is not configured. @@ -59,9 +60,8 @@ def test_disabled(load_wazuh_basic_configuration, configure_local_internal_optio @pytest.mark.tier(level=0) -@pytest.mark.parametrize('configure_local_internal_options_eps', [ANALYSISD_STATE_INTERNAL_DEFAULT], indirect=True) @pytest.mark.parametrize('simulate_agent_function', [params_disabled_eps], indirect=True) -def test_without_eps_setting(load_wazuh_basic_configuration, configure_local_internal_options_eps, +def test_without_eps_setting(load_wazuh_basic_configuration, configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that limits EPS is disabled when it is not configured and the received events are similar or diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index 1c630498ec..ccfdb98004 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -5,7 +5,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_syslog_simulator_configuration -from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.tools.monitoring import FileMonitor from wazuh_testing.tools.run_simulator import syslog_simulator from wazuh_testing.tools import ALERT_FILE_PATH @@ -19,7 +19,6 @@ PATTERN_C = 'CCCC' SYSLOG_CUSTOM_MESSAGE = f"Login failed: admin, test {PATTERN_A}, Message number:" - # Reference paths TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') @@ -43,7 +42,11 @@ # Get simulate agent configurations (t1) params_process_old_events_one_thread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) -timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] +local_internal_configuration_t1 = [ + {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} + for metadata in t1_configuration_metadata +] + num_messages = 150 params_process_old_events_one_thread.update({'num_messages': num_messages}) params_process_old_events_one_thread.update({'message': f"\"{SYSLOG_CUSTOM_MESSAGE}\""}) @@ -52,15 +55,18 @@ # Get syslog simulator configurations (t2) params_process_old_events_multithread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) -timeframe_eps_t2 = [metadata['timeframe'] for metadata in t2_configuration_metadata] +local_internal_configuration_t2 = [ + {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} + for metadata in t2_configuration_metadata +] @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) @pytest.mark.parametrize('syslog_simulator_function', [params_process_old_events_one_thread], indirect=True) def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_analysisd, configure_wazuh_one_thread, + configure_local_internal_options_module, configure_wazuh_one_thread, truncate_monitored_files, restart_wazuh_daemon_function, syslog_simulator_function): ''' @@ -138,10 +144,10 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t2], indirect=True) +@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t2, indirect=True) def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_analysisd, truncate_monitored_files, - restart_wazuh_daemon_function): + set_wazuh_configuration, configure_local_internal_options_module, + truncate_monitored_files, restart_wazuh_daemon_function): ''' description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is sent three groups of messages with different content per groups (A, B and C). Then, it checks that @@ -193,7 +199,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas custom_message = SYSLOG_CUSTOM_MESSAGE params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) syslog_simulator(params_process_old_events_multithread) - sleep(timeframe_eps_t2[0] / 2) + sleep(metadata['timeframe'] / 2) # Create a filemonitor file_monitor = FileMonitor(ALERT_FILE_PATH) # Get total PATTERN_A messages @@ -203,7 +209,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas custom_message = custom_message.replace(PATTERN_A, PATTERN_B) params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) syslog_simulator(params_process_old_events_multithread) - sleep(timeframe_eps_t2[0] / 2) + sleep(metadata['timeframe'] / 2) # Get total PATTERN_B messages total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) @@ -211,7 +217,7 @@ def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_bas custom_message = custom_message.replace(PATTERN_B, PATTERN_C) params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) syslog_simulator(params_process_old_events_multithread) - sleep(timeframe_eps_t2[0] / 2) + sleep(metadata['timeframe'] / 2) # Get total PATTERN_C messages total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) # Check messages order pattern diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py index 56b014a0db..3518df8ef1 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration -from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE @@ -29,19 +29,23 @@ # Get simulate agent configurations (t1) params_start_dropping_events_when_queue_full = get_simulate_agent_configuration(configurations_simulate_agent_path) -timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] num_messages = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 expected_msg_dropped = num_messages - QUEUE_SIZE params_start_dropping_events_when_queue_full.update({'num_messages': num_messages}) +local_internal_configuration_t1 = [ + {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} + for metadata in t1_configuration_metadata +] @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) @pytest.mark.parametrize('simulate_agent_function', [params_start_dropping_events_when_queue_full], indirect=True) def test_start_dropping_events_when_queue_full(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_analysisd, truncate_monitored_files, - restart_wazuh_daemon_function, simulate_agent_function): + set_wazuh_configuration, configure_local_internal_options_module, + truncate_monitored_files, restart_wazuh_daemon_function, + simulate_agent_function): ''' description: Check that the `events_dropped` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be greater than 1 and, `event_queue_usage` is equal to 1 diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py index a15ac39a66..e75a59151d 100644 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration -from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE @@ -33,18 +33,22 @@ # Get simulate agent configurations (t1) params_start_queuing_events_when_limit_reached = get_simulate_agent_configuration(configurations_simulate_agent_path) maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] -timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] -num_messages = maximum_eps[0] * timeframe_eps_t1[0] + int(QUEUE_SIZE / 2) +local_internal_configuration_t1 = [ + {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} + for metadata in t1_configuration_metadata +] +num_messages = maximum_eps[0] * t1_configuration_metadata[0]['timeframe'] + int(QUEUE_SIZE / 2) params_start_queuing_events_when_limit_reached.update({'num_messages': num_messages}) @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) @pytest.mark.parametrize('simulate_agent_function', [params_start_queuing_events_when_limit_reached], indirect=True) def test_start_queuing_events_when_limit_reached(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_analysisd, truncate_monitored_files, - restart_wazuh_daemon_function, simulate_agent_function): + set_wazuh_configuration, configure_local_internal_options_module, + truncate_monitored_files, restart_wazuh_daemon_function, + simulate_agent_function): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` and, the `events_received` value must be greater than diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py index e6285aa020..f2209e2ea2 100644 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py @@ -4,7 +4,7 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ get_simulate_agent_configuration -from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.modules.eps import event_monitor as evm from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS @@ -29,20 +29,23 @@ # Get simulate agent configurations (t1) params_stop_processing_events = get_simulate_agent_configuration(configurations_simulate_agent_path) maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] -timeframe_eps_t1 = [metadata['timeframe'] for metadata in t1_configuration_metadata] # It is sent `width_frame` time frame width to reduce test time execution width_frame = 3 -num_messages = maximum_eps[0] * timeframe_eps_t1[0] * width_frame +local_internal_configuration_t1 = [ + {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} + for metadata in t1_configuration_metadata +] +num_messages = maximum_eps[0] * t1_configuration_metadata[0]['timeframe'] * width_frame params_stop_processing_events.update({'num_messages': num_messages}) @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_eps', [timeframe_eps_t1], indirect=True) +@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) @pytest.mark.parametrize('simulate_agent_function', [params_stop_processing_events], indirect=True) def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration_analysisd, truncate_monitored_files, - restart_wazuh_daemon_function, simulate_agent_function): + set_wazuh_configuration, configure_local_internal_options_module, + truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): ''' description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal than `maximum` * `timeframe` From e8d08af587ba94a83e8966f84bff8dfe8c961552 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Mon, 12 Sep 2022 12:04:25 +0200 Subject: [PATCH 60/79] refactor(#2947): Move analysisd fixtures to integration conftest --- tests/integration/conftest.py | 37 +++++++++++++ .../all_disabled_ossec.conf} | 0 .../test_analysisd/test_eps/conftest.py | 52 +------------------ ...t_process_old_events_instead_new_events.py | 4 +- 4 files changed, 40 insertions(+), 53 deletions(-) rename tests/integration/{test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf => data/all_disabled_ossec.conf} (100%) diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index b272aac5de..55b9ee828b 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -26,6 +26,7 @@ from wazuh_testing import mocking from wazuh_testing.db_interface.agent_db import update_os_info from wazuh_testing.db_interface.global_db import get_system, modify_system +from wazuh_testing.tools.run_simulator import simulate_agent,syslog_simulator if sys.platform == 'win32': @@ -1188,3 +1189,39 @@ def create_file(new_file_path): yield remove_file(new_file_path) + + +@pytest.fixture(scope='function') +def simulate_agent_function(request): + """Fixture to run the script simulate_agent.py""" + simulate_agent(request.param) + + yield + + +@pytest.fixture(scope='session') +def load_wazuh_basic_configuration(): + """Load a new basic configuration to the manager""" + # Load ossec.conf with all disabled settings + minimal_configuration = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data', 'all_disabled_ossec.conf') + + # Make a backup from current configuration + backup_ossec_configuration = get_wazuh_conf() + + # Write new configuration + with open(minimal_configuration, 'r') as file: + lines = file.readlines() + write_wazuh_conf(lines) + + yield + + # Restore the ossec.conf backup + write_wazuh_conf(backup_ossec_configuration) + + +@pytest.fixture(scope='function') +def syslog_simulator_function(request): + """Fixture to run the script syslog_simulator.py""" + syslog_simulator(request.param) + + yield diff --git a/tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf b/tests/integration/data/all_disabled_ossec.conf similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/wazuh_basic_configuration/ossec.conf rename to tests/integration/data/all_disabled_ossec.conf diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py index 8ae42e3093..0adcd2f0ec 100644 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ b/tests/integration/test_analysisd/test_eps/conftest.py @@ -1,36 +1,13 @@ # Copyright (C) 2015-2021, Wazuh Inc. # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -import os import pytest -from wazuh_testing.tools.services import control_service from wazuh_testing.tools import configuration -from wazuh_testing.tools.run_simulator import simulate_agent,syslog_simulator @pytest.fixture(scope='function') -def set_wazuh_configuration_analysisd(configuration, set_wazuh_configuration, configure_local_internal_options_eps): - """Set wazuh configuration - - Args: - configuration (dict): Configuration template data to write in the ossec.conf. - set_wazuh_configuration (fixture): Set the wazuh configuration according to the configuration data. - configure_local_internal_options_eps (fixture): Set the local_internal_options.conf file. - """ - yield - - -@pytest.fixture(scope='function') -def simulate_agent_function(request): - """Fixture to run the script simulate_agent.py""" - simulate_agent(request.param) - - yield - - -@pytest.fixture(scope='function') -def configure_wazuh_one_thread(): +def configure_analysisd_one_thread(): """Fixture to configure the local internal options file to work with one thread.""" local_internal_options = {'analysisd.event_threads': '1', 'analysisd.syscheck_threads': '1', 'analysisd.syscollector_threads': '1', 'analysisd.rootcheck_threads': '1', @@ -48,30 +25,3 @@ def configure_wazuh_one_thread(): # Backup the old local internal options cofiguration configuration.set_wazuh_local_internal_options(backup_local_internal_options) - - -@pytest.fixture(scope='session') -def load_wazuh_basic_configuration(): - """Load a new basic configuration to the manager""" - # Reference paths - DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') - CONFIGURATIONS_PATH = os.path.join(DATA_PATH, 'wazuh_basic_configuration') - configurations_path = os.path.join(CONFIGURATIONS_PATH, 'ossec.conf') - - backup_ossec_configuration = configuration.get_wazuh_conf() - - with open(configurations_path, 'r') as file: - lines = file.readlines() - configuration.write_wazuh_conf(lines) - - yield - - configuration.write_wazuh_conf(backup_ossec_configuration) - - -@pytest.fixture(scope='function') -def syslog_simulator_function(request): - """Fixture to run the script syslog_simulator.py""" - syslog_simulator(request.param) - - yield diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py index ccfdb98004..6d5c2d2f50 100644 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py @@ -66,7 +66,7 @@ @pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) @pytest.mark.parametrize('syslog_simulator_function', [params_process_old_events_one_thread], indirect=True) def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, - configure_local_internal_options_module, configure_wazuh_one_thread, + configure_local_internal_options_module, configure_analysisd_one_thread, truncate_monitored_files, restart_wazuh_daemon_function, syslog_simulator_function): ''' @@ -99,7 +99,7 @@ def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic - set_wazuh_configuration_analysisd: type: fixture brief: Set the wazuh configuration according to the configuration data. - - configure_wazuh_one_thread: + - configure_analysisd_one_thread: type: fixture brief: Set the wazuh internal option configuration according to the configuration data. - truncate_monitored_files: From a010b7890b4adc10b25f605eeeee9f94ac75e87f Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 21 Sep 2022 18:20:37 +0200 Subject: [PATCH 61/79] refactor(#2947): remove old tests structure --- .../configuration_disabled.yaml | 11 - .../configuration_enabled.yaml | 11 - .../configuration_invalid_values.yaml | 11 - .../configuration_process_old_events.yaml | 18 -- ...start_dropping_events_when_queue_full.yaml | 11 - ...art_queuing_events_when_limit_reached.yaml | 11 - .../configuration_stop_processing_events.yaml | 11 - .../configuration_without_maximum.yaml | 9 - .../configuration_without_timeframe.yaml | 9 - ...nfiguration_without_timeframe_maximum.yaml | 7 - .../data/test_cases/cases_invalid_values.yaml | 35 --- ...cases_process_old_events_multi_thread.yaml | 8 - .../cases_process_old_events_one_thread.yaml | 8 - .../cases_start_dropping_events.yaml | 8 - .../cases_start_queueing_events.yaml | 8 - .../test_cases/cases_stop_process_events.yaml | 8 - .../test_cases/cases_without_maximum.yaml | 6 - .../test_cases/cases_without_timeframe.yaml | 6 - .../cases_without_timeframe_maximum.yaml | 6 - .../test_eps/test_default_values.py | 83 ------- .../test_analysisd/test_eps/test_disabled.py | 144 ----------- .../test_analysisd/test_eps/test_enabled.py | 81 ------- .../test_eps/test_invalid_configuration.py | 86 ------- .../test_eps/test_invalid_values.py | 85 ------- .../test_eps/test_no_eps_configuration.py | 108 --------- ...t_process_old_events_instead_new_events.py | 228 ------------------ ...t_start_dropping_events_when_queue_full.py | 122 ---------- ...start_queuing_events_when_limit_reached.py | 122 ---------- .../test_eps/test_stop_processing_events.py | 102 -------- 29 files changed, 1363 deletions(-) delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/test_default_values.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_disabled.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_enabled.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_invalid_configuration.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_invalid_values.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py delete mode 100644 tests/integration/test_analysisd/test_eps/test_stop_processing_events.py diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_disabled.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_enabled.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_invalid_values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml deleted file mode 100644 index 3d782fa61f..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_process_old_events.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME - - - section: localfile - elements: - - log_format: - value: syslog - - location: - value: /var/log/syslog diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_dropping_events_when_queue_full.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_start_queuing_events_when_limit_reached.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml deleted file mode 100644 index abca5be254..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_stop_processing_events.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml deleted file mode 100644 index 7542135366..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_maximum.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - timeframe: - value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml deleted file mode 100644 index 321e6bde36..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: - - maximum: - value: MAXIMUM diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml deleted file mode 100644 index 6b34146c32..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_without_timeframe_maximum.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- sections: - - section: global - elements: - - limits: - elements: - - eps: - elements: diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml deleted file mode 100644 index 6824a83402..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_invalid_values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -- name: EPS Limits with maximum values over the maximum allowed - description: EPS Limits with maximum values over the maximum allowed - configuration_parameters: - MAXIMUM: '100001' - TIMEFRAME: '5' - metadata: - maximum: 100001 - timeframe: 5 - -- name: EPS Limits with timeframe values over the timeframe allowed - description: EPS Limits with timeframe values over the timeframe allowed - configuration_parameters: - MAXIMUM: '10' - TIMEFRAME: '3601' - metadata: - maximum: 10 - timeframe: 3601 - -- name: EPS Limits with timeframe value 0 - description: EPS Limits with timeframe value 0 - configuration_parameters: - MAXIMUM: '10' - TIMEFRAME: '0' - metadata: - maximum: 10 - timeframe: 0 - -- name: EPS Limits with maximum and timeframe values 0 - description: EPS Limits with maximum and timeframe values 0 - configuration_parameters: - MAXIMUM: '0' - TIMEFRAME: '0' - metadata: - maximum: 0 - timeframe: 0 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml deleted file mode 100644 index ba4ef96f48..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_multi_thread.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: EPS Limits process old events instead of new ones - Multithread - description: EPS Limits process old events instead of new ones - Multithread - configuration_parameters: - MAXIMUM: '10' - TIMEFRAME: '5' - metadata: - maximum: 10 - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml deleted file mode 100644 index e3200cf656..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_process_old_events_one_thread.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: EPS Limits process old events instead of new ones - One thread - description: EPS Limits process old events instead of new ones - One thread - configuration_parameters: - MAXIMUM: '10' - TIMEFRAME: '5' - metadata: - maximum: 10 - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml deleted file mode 100644 index 40eff5d980..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_dropping_events.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: EPS Limits start dropping events - description: EPS Limits start dropping events - configuration_parameters: - MAXIMUM: '1' - TIMEFRAME: '5' - metadata: - maximum: 1 - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml deleted file mode 100644 index bc55f1d024..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_start_queueing_events.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: EPS Limits start queueing events - description: EPS Limits start queueing events - configuration_parameters: - MAXIMUM: '100' - TIMEFRAME: '5' - metadata: - maximum: 100 - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml deleted file mode 100644 index 199f893ffe..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_stop_process_events.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: EPS Limits stop processing events - description: EPS Limits stop processing events - configuration_parameters: - MAXIMUM: '100' - TIMEFRAME: '5' - metadata: - maximum: 100 - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml deleted file mode 100644 index cafd648eac..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_maximum.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: EPS Limits without maximum value - description: EPS Limits without maximum value - configuration_parameters: - TIMEFRAME: '5' - metadata: - timeframe: 5 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml deleted file mode 100644 index b210a8a321..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: EPS Limits without timeframe value - description: EPS Limits without timeframe value - configuration_parameters: - MAXIMUM: '500' - metadata: - maximum: 500 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml deleted file mode 100644 index b974f6631c..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_without_timeframe_maximum.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: EPS Limits without timeframe and maximun values - description: EPS Limits without timeframe and maximun values - configuration_parameters: - MAXIMUM: ~ - metadata: - maximum: ~ diff --git a/tests/integration/test_analysisd/test_eps/test_default_values.py b/tests/integration/test_analysisd/test_eps/test_default_values.py deleted file mode 100644 index 615b6767df..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_default_values.py +++ /dev/null @@ -1,83 +0,0 @@ -import os -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_daemons_are_running - - -pytestmark = [pytest.mark.server] - -# Global variables -TIMEFRAME_DEFAULT_VALUE = 10 -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') - -# Configuration and cases data -t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe.yaml') - -# Test configurations without timeframe value (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -def test_without_timeframe(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, - restart_wazuh_daemon_function): - ''' - description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, - and `timeframe` is not present. In this case, 'timeframe' will be set with a default value. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check in the log that the EPS limits is enabled. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - assertions: - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_without_timeframe.yaml` file provides the module configuration for this test. - - expected_output: - - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' - ''' - evm.check_eps_enabled(metadata['maximum'], TIMEFRAME_DEFAULT_VALUE) - - # Check that wazuh-analysisd is running - assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' diff --git a/tests/integration/test_analysisd/test_eps/test_disabled.py b/tests/integration/test_analysisd/test_eps/test_disabled.py deleted file mode 100644 index 3c68b88725..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_disabled.py +++ /dev/null @@ -1,144 +0,0 @@ -import os -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_daemons_are_running - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} - -# Configuration and cases data -t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_disabled.yaml') - -t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_maximum.yaml') -t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_maximum.yaml') - -# Disabled test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - -# Test configurations without maximum value (t2) -t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) -t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, - t2_configuration_metadata) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): - ''' - description: Check that limits EPS is not started when `maximum` is set to a value equal to 0, or with an empty - value, and `timeframe` is set to a value greater than 0 and lower than 3600. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check in the log that the EPS limits is disabled. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - assertions: - - Verify that when the `maximum` value is set to 0 or with an empty value and, `timeframe` value is set to a - value greater than 0 and lower than 3600, the module EPS limits is not running. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_disabled.yaml` file provides the module configuration for this test. - - expected_output: - - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' - ''' - evm.check_eps_disabled() - - # Check that wazuh-analysisd is running - assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) -def test_without_maximum(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, - restart_wazuh_daemon_function): - ''' - description: Check that limits EPS is not started when `maximum` value is not present in the configuration - file. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check that wazuh manager does not start. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - assertions: - - Verify that when the `maximum` is not present, the EPS module is disabled. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_without_maximun.yaml` file provides the module configuration for this test. - - expected_output: - - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' - ''' - evm.check_eps_disabled() - - # Check that wazuh-analysisd is running - assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' diff --git a/tests/integration/test_analysisd/test_eps/test_enabled.py b/tests/integration/test_analysisd/test_eps/test_enabled.py deleted file mode 100644 index 0d87370d25..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_enabled.py +++ /dev/null @@ -1,81 +0,0 @@ -import os -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_daemons_are_running - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} - -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_enabled.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_enabled.yaml') - -# Enabled test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): - ''' - description: Check that limits EPS is started when `maximum` is set to a value greater than 0 lower and than 100000, - and `timeframe` is set to a value greater than 0 and lower than 3600. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check in the log that the EPS limits is enabled. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - assertions: - - Verify that when the `maximum` value is set to a values greater than 0 and lower than 100000 and, `timeframe` - value is set to a value greater than 0 and lower than 3600, the module EPS limits is running. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_enabled.yaml` file provides the module configuration for this test. - - expected_output: - - r'(.*)wazuh-analysisd: INFO: EPS limit enabled, EPS: (.*), timeframe: (.*)' - ''' - evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) - - # Check that wazuh-analysisd is running - assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py b/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py deleted file mode 100644 index 4b87b4eabe..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_invalid_configuration.py +++ /dev/null @@ -1,86 +0,0 @@ -import os -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_daemons_are_running - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} - -# Configuration and cases data -t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_without_timeframe_maximum.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_without_timeframe_maximum.yaml') - -# Test configurations without timeframe and maximum values (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -def test_without_timeframe_maximum(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_after_finishing): - ''' - description: Check that wazuh manager is not started when `maximum` and `timeframe` are not present in the - configuration file. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check that wazuh manager does not start. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_after_finishing: - type: fixture - brief: Restart wazuh modules after finishing the test module. - - assertions: - - The error message appears when the `maximum` and/or `timeframe` values have invalid values. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_invalid_value.yaml` file provides the module configuration for this test. - - expected_output: - - r'.*: Configuration error at.*' - ''' - try: - control_service('restart') - except ValueError: - evm.check_configuration_error() - - # Check that wazuh-analysisd is not running - assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ - 'expected to' diff --git a/tests/integration/test_analysisd/test_eps/test_invalid_values.py b/tests/integration/test_analysisd/test_eps/test_invalid_values.py deleted file mode 100644 index 6d147a54c2..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_invalid_values.py +++ /dev/null @@ -1,85 +0,0 @@ -import os -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT -from wazuh_testing.processes import check_if_daemons_are_running - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} - -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_invalid_values.yaml') - -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_invalid_values.yaml') - -# Invalid value test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -def test_invalid_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, - restart_wazuh_daemon_after_finishing): - ''' - description: Check that wazuh manager is not started when an invalid value is set to `maximum` and/or `timeframe`. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check that wazuh manager does not start. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_after_finishing: - type: fixture - brief: Restart wazuh modules after finishing the test module. - - assertions: - - The error message appears when the `maximum` and/or `timeframe` values have invalid values. - - Verify that the wazuh-analysisd daemon is running. - - input_description: - - The `cases_invalid_value.yaml` file provides the module configuration for this test. - - expected_output: - - r'.*: Configuration error at.*' - ''' - try: - control_service('restart') - except ValueError: - evm.check_configuration_error() - # Check that wazuh-analysisd is not running - assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ - 'expected to' diff --git a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py b/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py deleted file mode 100644 index 23fe678614..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_no_eps_configuration.py +++ /dev/null @@ -1,108 +0,0 @@ -import os -from time import sleep -import pytest - -from wazuh_testing.tools.configuration import get_simulate_agent_configuration -from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT, PERCENTAGE_PROCESS_MSGS - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -# Simulate agent configuration -configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, - 'configuration_simulate_agent.yaml') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} - -# Get simulate agent configurations (t1) -params_disabled_eps = get_simulate_agent_configuration(configurations_simulate_agent_path) -num_messages = 1000 # of 1Kb message of 16384 Kb of queue size -params_disabled_eps.update({'num_messages': num_messages}) - - -@pytest.mark.tier(level=0) -def test_disabled(load_wazuh_basic_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function): - ''' - description: Check that limits EPS is disabled when it is not configured. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check in the log that the EPS limits is disabled. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - configure_local_internal_options_eps: - type: fixture - brief: Set the wazuh local internal option configuration. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - expected_output: - - r'(.*)wazuh-analysisd: INFO: EPS limit disabled' - ''' - evm.check_eps_disabled() - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('simulate_agent_function', [params_disabled_eps], indirect=True) -def test_without_eps_setting(load_wazuh_basic_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): - ''' - description: Check that limits EPS is disabled when it is not configured and the received events are similar or - equal to the processed events. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check in the log that the EPS limits is disabled. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - configure_local_internal_options_eps: - type: fixture - brief: Set the wazuh local internal option configuration. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - simulate_agent_function: - type: fixture - brief: Execute a script that simulate agent and send `logcolector` logs to the manager. - - assertions: - - Verify the events received are equal or greater than a porcentage of events processed. - ''' - # Wait ANALYSISD_STATE_INTERNAL_DEFAULT / 2 second to read the wazuh-analysisd.state to ensure corrects values - sleep(int(ANALYSISD_STATE_INTERNAL_DEFAULT) / 2) - analysisd_state = evm.get_analysisd_state() - events_processed = int(analysisd_state['events_processed']) - events_received = int(analysisd_state['events_received']) - # There are some internal event that are processed but are not reflected in events_received, That why it - # has been used PERCENTAGE_PROCESS_MSGS variable - assert events_processed >= events_received * PERCENTAGE_PROCESS_MSGS and events_processed > 0, 'The ' \ - 'events_processed value is similar to events_received' diff --git a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py b/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py deleted file mode 100644 index 6d5c2d2f50..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_process_old_events_instead_new_events.py +++ /dev/null @@ -1,228 +0,0 @@ -import os -from time import sleep -from datetime import datetime -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ - get_syslog_simulator_configuration -from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.tools.monitoring import FileMonitor -from wazuh_testing.tools.run_simulator import syslog_simulator -from wazuh_testing.tools import ALERT_FILE_PATH - - -pytestmark = [pytest.mark.server] - -# Global variables -PATTERN_A = 'AAAA' -PATTERN_B = 'BBBB' -PATTERN_C = 'CCCC' -SYSLOG_CUSTOM_MESSAGE = f"Login failed: admin, test {PATTERN_A}, Message number:" - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') - -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_process_old_events.yaml') -configurations_syslog_simulator_path = os.path.join(TEST_DATA_PATH, 'configuration_syslog_simulator.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_one_thread.yaml') -t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_process_old_events_multi_thread.yaml') - -# Process old events instead of new ones test configurations multi thread (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - -# Process old events instead of new ones test configurations one thread (t2) -t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) -t2_configurations = load_configuration_template(configurations_path, t2_configuration_parameters, - t2_configuration_metadata) - -# Get simulate agent configurations (t1) -params_process_old_events_one_thread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) -local_internal_configuration_t1 = [ - {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} - for metadata in t1_configuration_metadata -] - -num_messages = 150 -params_process_old_events_one_thread.update({'num_messages': num_messages}) -params_process_old_events_one_thread.update({'message': f"\"{SYSLOG_CUSTOM_MESSAGE}\""}) -params_process_old_events_one_thread.update({'interval_burst_time': 0}) -params_process_old_events_one_thread.update({'messages_per_burst': 0}) - -# Get syslog simulator configurations (t2) -params_process_old_events_multithread = get_syslog_simulator_configuration(configurations_syslog_simulator_path) -local_internal_configuration_t2 = [ - {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} - for metadata in t2_configuration_metadata -] - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) -@pytest.mark.parametrize('syslog_simulator_function', [params_process_old_events_one_thread], indirect=True) -def test_process_old_events_one_thread(configuration, metadata, load_wazuh_basic_configuration, - configure_local_internal_options_module, configure_analysisd_one_thread, - truncate_monitored_files, restart_wazuh_daemon_function, - syslog_simulator_function): - ''' - description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is - read the alerts.json file and it is stored the messages timestamp. The oldest message must have the - lowest timestamp. First it must set the `internal_options.conf` file to work with one thread, - otherwise the message are not in the increasing order. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Execute syslog simulator script. - - Check alerts.json file. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - configure_analysisd_one_thread: - type: fixture - brief: Set the wazuh internal option configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - syslog_simulator_function: - type: fixture - brief: Execute a script that send syslog messages to the manager. - - assertions: - - The timestamp of the oldest numerated messages have to be lower than the previous messages. - - The message must be in increase order. - - input_description: - - The `cases_process_old_events_one_thread.yaml` file provides the module configuration for this test. - ''' - # Initial timestamp to compare - timestamp_bkp = datetime.strptime('0001-01-01T00:00:00.000+0000', '%Y-%m-%dT%H:%M:%S.%f+0000') - regex = fr".*\"timestamp\":\"([^\"]*)\".*Login failed: admin, test AAAA, Message number: (\d+).*" - file_monitor = FileMonitor(ALERT_FILE_PATH) - timestamp_list = evm.get_messages_info(file_monitor, regex, num_messages) - # Check that the timestamp of the message in the alerts.json is lower than the next one, and messages are stored - # secuentially - index = 0 - for element in timestamp_list: - # Get the timestamp of the log - timestamp = datetime.strptime(element[0], '%Y-%m-%dT%H:%M:%S.%f+0000') - message_index = int(element[1]) - # Check that the timestamp of the next message is lower than the previous one - assert timestamp >= timestamp_bkp, f"The timestamp of the previous message {timestamp_bkp} has to be "\ - f"lower than the follow one {timestamp}" - assert message_index == index, "The messages were not stored in increasing orded. Message index" \ - f"stored {message_index} shoud be in possition {index}" - # Store the timestamp to be compared with the next one - timestamp_bkp = timestamp - # Increase index to check the next message - index += 1 - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t2, indirect=True) -def test_process_old_events_multi_thread(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function): - ''' - description: Check that `wazuh-analysisd` processes queued events first instead of new events. To do this, it is - sent three groups of messages with different content per groups (A, B and C). Then, it checks that - each group of messages received belong to the rescpective timeframe in the correct order, first group - A, the B an last C group. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Check alerts.json file. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - assertions: - - The messages content type must have the same order that it has been sent. - - input_description: - - The `cases_process_old_events_multi_thread.yaml` file provides the module configuration for this test. - ''' - patern_list = [PATTERN_A, PATTERN_B, PATTERN_C] - total_msg_list = [] - regex = fr".*Login failed: admin, test (\w+), Message number: (\d+).*" - messages_sent = int(params_process_old_events_multithread['num_messages']) - - # Send custom messages type PATTERN_A - custom_message = SYSLOG_CUSTOM_MESSAGE - params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) - syslog_simulator(params_process_old_events_multithread) - sleep(metadata['timeframe'] / 2) - # Create a filemonitor - file_monitor = FileMonitor(ALERT_FILE_PATH) - # Get total PATTERN_A messages - total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) - - # Send custom messages type PATTERN_B - custom_message = custom_message.replace(PATTERN_A, PATTERN_B) - params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) - syslog_simulator(params_process_old_events_multithread) - sleep(metadata['timeframe'] / 2) - # Get total PATTERN_B messages - total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) - - # Send custom messages type PATTERN_C - custom_message = custom_message.replace(PATTERN_B, PATTERN_C) - params_process_old_events_multithread.update({'message': f"\"{custom_message}\""}) - syslog_simulator(params_process_old_events_multithread) - sleep(metadata['timeframe'] / 2) - # Get total PATTERN_C messages - total_msg_list.append(evm.get_messages_info(file_monitor, regex, messages_sent)) - # Check messages order pattern - index_patern = 0 - for element in total_msg_list: - for index in range(len(element)): - assert element[index][0] == patern_list[index_patern] - index_patern += 1 diff --git a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py b/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py deleted file mode 100644 index 3518df8ef1..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_start_dropping_events_when_queue_full.py +++ /dev/null @@ -1,122 +0,0 @@ -import os -from time import sleep -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ - get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') - -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_start_dropping_events_when_queue_full.yaml') -configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, - 'configuration_simulate_agent.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_start_dropping_events.yaml') - - -# Start dropping events test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - -# Get simulate agent configurations (t1) -params_start_dropping_events_when_queue_full = get_simulate_agent_configuration(configurations_simulate_agent_path) -num_messages = 16500 # of 1Kb message of 16384 Kb of queue size. Total dropped aproximatelly 116 -expected_msg_dropped = num_messages - QUEUE_SIZE -params_start_dropping_events_when_queue_full.update({'num_messages': num_messages}) -local_internal_configuration_t1 = [ - {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} - for metadata in t1_configuration_metadata -] - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) -@pytest.mark.parametrize('simulate_agent_function', [params_start_dropping_events_when_queue_full], indirect=True) -def test_start_dropping_events_when_queue_full(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function, - simulate_agent_function): - ''' - description: Check that the `events_dropped` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must - be greater than 1 and, `event_queue_usage` is equal to 1 - than 1.0. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Execute agent simulated script. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - simulate_agent_function: - type: fixture - brief: Execute a script that simulate agent and send `logcolector` logs to the manager. - - assertions: - - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal - than `maximum` * `timeframe` and greater than a percentage of `maximum` * `timeframe` to confirm that - `events_processed` is not null. The `events_received` value must be greater than `events_processed` and, - the `events_dropped` value greater than 0 and finaly, `event_queue_usage` is equal to 1.0. - - input_description: - - The `cases_start_queueing_events.yaml` file provides the module configuration for this test. - ''' - # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values - sleep(metadata['timeframe'] / 2) - analysisd_state = evm.get_analysisd_state() - events_processed = int(analysisd_state['events_processed']) - events_received = int(analysisd_state['events_received']) - events_dropped = int(analysisd_state['events_dropped']) - event_queue_usage = float(analysisd_state['event_queue_usage']) - - # Check that processed events reach the EPS limit - assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximum * timeframe' - - # Check that events continue receiving although the EPS limit was reached - assert events_received > events_processed, 'events_received must be bigger than events_processed' - - # Check that there is event dropped. This means the queue is full - assert events_dropped >= int(expected_msg_dropped * PERCENTAGE_PROCESS_MSGS) \ - and events_dropped <= int(expected_msg_dropped * (1 + (1 - PERCENTAGE_PROCESS_MSGS))), 'events_dropped must '\ - f"be in the range of {num_messages - QUEUE_SIZE}" - - # Check that the queue usage is 1.0 (100%). This means the queue is full - assert event_queue_usage == 1.0, 'event_queue_usage must be 1.0' - - # Check that events_processed are in the range of events_received - events_dropped - assert events_processed <= events_received - events_dropped, 'events_processed must be lower than' \ - 'events_received - events_dropped' diff --git a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py b/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py deleted file mode 100644 index e75a59151d..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_start_queuing_events_when_limit_reached.py +++ /dev/null @@ -1,122 +0,0 @@ -import os -from time import sleep -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ - get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS, QUEUE_SIZE - - -pytestmark = [pytest.mark.server] - -# Global variables -UPPER_QUEUE_HALF_SIZE_LIMIT = 0.51 -LOWER_QUEUE_HALF_SIZE_LIMIT = 0.49 - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') - -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_start_queuing_events_when_limit_reached.yaml') -configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, - 'configuration_simulate_agent.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_start_queueing_events.yaml') - -# Start queueing events test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - -# Get simulate agent configurations (t1) -params_start_queuing_events_when_limit_reached = get_simulate_agent_configuration(configurations_simulate_agent_path) -maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] -local_internal_configuration_t1 = [ - {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} - for metadata in t1_configuration_metadata -] -num_messages = maximum_eps[0] * t1_configuration_metadata[0]['timeframe'] + int(QUEUE_SIZE / 2) -params_start_queuing_events_when_limit_reached.update({'num_messages': num_messages}) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) -@pytest.mark.parametrize('simulate_agent_function', [params_start_queuing_events_when_limit_reached], indirect=True) -def test_start_queuing_events_when_limit_reached(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function, - simulate_agent_function): - ''' - description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must - be lower or equal than `maximum` * `timeframe` and, the `events_received` value must be greater than - `events_processed` and, the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is - around 0,5 due to it is sent the maximum amount of message in a frame plus 50% of the queue total. - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Execute agent simulated script. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - simulate_agent_function: - type: fixture - brief: Execute a script that simulate agent and send `logcolector` logs to the manager. - - assertions: - - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal - than `maximum` * `timeframe` and greater than a percentage of `maximum` * `timeframe` to confirm that - `events_processed` is not null. The `events_received` value must be greater than `events_processed` and, - the `events_dropped` value equal to 0 and finaly, `event_queue_usage` is lower than 1.0. - - input_description: - - The `cases_start_queueing_events.yaml` file provides the module configuration for this test. - ''' - # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values - sleep(metadata['timeframe'] / 2) - analysisd_state = evm.get_analysisd_state() - events_processed = int(analysisd_state['events_processed']) - events_received = int(analysisd_state['events_received']) - events_dropped = int(analysisd_state['events_dropped']) - event_queue_usage = float(analysisd_state['event_queue_usage']) - - # Check that processed events reach the EPS limit - assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximum * timeframe' - - # Check that events continue receiving although the EPS limit was reached - assert events_received > events_processed, 'events_received must be bigger than events_processed' - - # Check that there are not events dropped and the queue usage is less than 1.0 (100%) - # This means the queue is not full - assert events_dropped == 0, 'events_dropped must be 0' - - # Check that event_queue_usage is around 50 % - assert event_queue_usage < UPPER_QUEUE_HALF_SIZE_LIMIT and event_queue_usage > LOWER_QUEUE_HALF_SIZE_LIMIT, \ - f"event_queue_usage have to be around 50 % (0.5), event_queue_usage = {event_queue_usage}" diff --git a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py b/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py deleted file mode 100644 index f2209e2ea2..0000000000 --- a/tests/integration/test_analysisd/test_eps/test_stop_processing_events.py +++ /dev/null @@ -1,102 +0,0 @@ -import os -from time import sleep -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data, \ - get_simulate_agent_configuration -from wazuh_testing.modules.eps import event_monitor as evm -from wazuh_testing.modules.analysisd import PERCENTAGE_PROCESS_MSGS - - -pytestmark = [pytest.mark.server] - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') - -# Configuration and cases data -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_stop_processing_events.yaml') -configurations_simulate_agent_path = os.path.join(TEST_DATA_PATH, - 'configuration_simulate_agent.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_stop_process_events.yaml') - -# Stop processing events test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, - t1_configuration_metadata) - -# Get simulate agent configurations (t1) -params_stop_processing_events = get_simulate_agent_configuration(configurations_simulate_agent_path) -maximum_eps = [metadata['maximum'] for metadata in t1_configuration_metadata] -# It is sent `width_frame` time frame width to reduce test time execution -width_frame = 3 -local_internal_configuration_t1 = [ - {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': metadata['timeframe']} - for metadata in t1_configuration_metadata -] -num_messages = maximum_eps[0] * t1_configuration_metadata[0]['timeframe'] * width_frame -params_stop_processing_events.update({'num_messages': num_messages}) - - -@pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -@pytest.mark.parametrize('configure_local_internal_options_module', local_internal_configuration_t1, indirect=True) -@pytest.mark.parametrize('simulate_agent_function', [params_stop_processing_events], indirect=True) -def test_stops_processing_events(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function, simulate_agent_function): - ''' - description: Check that the `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must - be lower or equal than `maximum` * `timeframe` - - test_phases: - - Set a custom Wazuh configuration. - - Truncate logs files. - - Restart wazuh-daemons. - - Execute agent simulated script. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - load_wazuh_basic_configuration - type: fixture - brief: Load a basic configuration to the manager. - - set_wazuh_configuration_analysisd: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - restart_wazuh_daemon_function: - type: fixture - brief: Restart all the wazuh daemons. - - simulate_agent_function: - type: fixture - brief: Execute a script that simulate agent and send `logcolector` logs to the manager. - - assertions: - - The `events_processed` value in the `/var/ossec/var/run/wazuh-analysisd.state` file must be lower or equal - than `maximum` * `timeframe` and greater than a percentage of `maximum` * `timeframe` to confirm that - `events_processed` is not null. - - input_description: - - The `cases_stop_process_events.yaml` file provides the module configuration for this test. - ''' - # Wait 'timeframe' / 2 second to read the wazuh-analysisd.state to ensure that has corrects values - sleep(metadata['timeframe'] / 2) - analysisd_state = evm.get_analysisd_state() - events_processed = int(analysisd_state['events_processed']) - - # Check that processed events reach the EPS limit - assert events_processed <= float(metadata['maximum'] * metadata['timeframe']) and \ - events_processed >= float(metadata['maximum'] * metadata['timeframe']) * PERCENTAGE_PROCESS_MSGS, \ - 'events_processed must be lower or equal to maximum * timeframe' From 04d73820435e1b1e5ee82b62b293cf708228f24e Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 21 Sep 2022 18:20:59 +0200 Subject: [PATCH 62/79] feat(#2947): add function to replace regex in file --- .../wazuh_testing/wazuh_testing/tools/file.py | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/tools/file.py b/deps/wazuh_testing/wazuh_testing/tools/file.py index db633cd232..a6b69e8477 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/file.py +++ b/deps/wazuh_testing/wazuh_testing/tools/file.py @@ -14,6 +14,7 @@ import string import xml.etree.ElementTree as ET import zipfile +import re import filetype import requests @@ -516,3 +517,26 @@ def download_text_file(file_url, local_destination_path): def get_file_lines(path): with open(path, "r+") as file_to_read: return file_to_read.readlines() + + +def replace_regex_in_file(search_regex, replace_regex, file_path): + """Perform replacements in a file data according to the specified regex. + + Args: + search_regex (list(str)): Search regex list. + replace_regex (list(str)): Replacements regex list. + file_path (str): File path to read and update. + """ + if (len(search_regex) != len(replace_regex)): + raise ValueError('search_regex has to have the same number of items than replace_regex. ' + f"{len(search_regex)} != {len(replace_regex)}") + + # Read the file content + file_data = read_file(file_path) + + # Perform the replacements + for search, replace in zip(search_regex, replace_regex): + file_data = re.sub(search, replace, file_data) + + # Write the file data + write_file(file_path, file_data) From e29c107d908d6d98ee11eec3659d8b25bdce1dd7 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 21 Sep 2022 18:21:50 +0200 Subject: [PATCH 63/79] feat(#2947): add fixture for restarting wazuh --- tests/integration/conftest.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index 55b9ee828b..a7dd0adb69 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -139,6 +139,16 @@ def restart_wazuh_daemon_after_finishing(daemon=None): control_service("restart", daemon=daemon) +@pytest.fixture(scope='function') +def restart_wazuh_daemon_after_finishing_function(daemon=None): + """ + Restart a Wazuh daemon + """ + yield + truncate_file(LOG_FILE_PATH) + control_service("restart", daemon=daemon) + + @pytest.fixture(scope='function') def restart_analysisd_function(): """Restart wazuh-analysisd daemon before starting a test, and stop it after finishing""" From 86e80b211e2ed03c9da1375994ef93e70dffc03b Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 21 Sep 2022 18:22:48 +0200 Subject: [PATCH 64/79] feat(#2947): add EPS basic tests --- deps/wazuh_testing/wazuh_testing/__init__.py | 1 + .../configuration_disabled.yaml | 5 ++ .../configuration_enabled.yaml | 11 ++++ .../data/test_cases/cases_disabled.yaml | 6 +- .../data/test_cases/cases_enabled.yaml | 24 +------- .../test_analysisd/test_eps/test_basic.py | 57 +++++++++++++++++++ 6 files changed, 80 insertions(+), 24 deletions(-) create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml create mode 100644 tests/integration/test_analysisd/test_eps/test_basic.py diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index 70ff66a10b..a5cc547dd0 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -19,6 +19,7 @@ WAZUH_PATH = os.path.join("/var", "ossec") +WAZUH_CONF_PATH = os.path.join(WAZUH_PATH, 'etc', 'ossec.conf') WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs') CLIENT_KEYS_PATH = os.path.join(WAZUH_PATH, 'etc' if platform.system() == 'Linux' else '', 'client.keys') DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db') diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml new file mode 100644 index 0000000000..3f3f7143e2 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml @@ -0,0 +1,5 @@ +- sections: + - section: vulnerability-detector + elements: + - enabled: + value: 'no' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml new file mode 100644 index 0000000000..abca5be254 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml @@ -0,0 +1,11 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml index 033cea9389..e62768a272 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml @@ -1,8 +1,8 @@ -- name: EPS Limits disabled +- name: no configuration block description: EPS Limits disabled configuration_parameters: MAXIMUM: '0' - TIMEFRAME: '5' + TIMEFRAME: '0' metadata: maximum: 0 - timeframe: 5 + timeframe: 0 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml index e08ad87780..1d9de44ea6 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml @@ -1,26 +1,8 @@ -- name: EPS Limits enabled +- name: maximum 20 - timeframe 5 description: EPS Limits enabled configuration_parameters: - MAXIMUM: '10' + MAXIMUM: '20' TIMEFRAME: '5' metadata: - maximum: 10 + maximum: 20 timeframe: 5 - -- name: EPS Limits enabled - description: EPS Limits enabled - configuration_parameters: - MAXIMUM: '500' - TIMEFRAME: '30' - metadata: - maximum: 500 - timeframe: 30 - -- name: EPS Limits enabled - description: EPS Limits enabled - configuration_parameters: - MAXIMUM: '1500' - TIMEFRAME: '120' - metadata: - maximum: 1500 - timeframe: 120 diff --git a/tests/integration/test_analysisd/test_eps/test_basic.py b/tests/integration/test_analysisd/test_eps/test_basic.py new file mode 100644 index 0000000000..8a76d80a62 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_basic.py @@ -0,0 +1,57 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_daemons_are_running + +pytestmark = [pytest.mark.server] + + +# Generic vars +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'basic_test_module') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'basic_test_module') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} + +# ------------------------------- TEST_ENABLED ------------------------------------------------------------------------- +# Configuration and cases data +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_enabled.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_enabled.yaml') + +# Enabled test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# ------------------------------- TEST_DISABLED ------------------------------------------------------------------------ +# Configuration and cases data +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_disabled.yaml') + +# Disabled test configurations (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, + t2_configuration_metadata) + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): + evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) + + # Check that wazuh-analysisd is running + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): + evm.check_eps_disabled() + + # Check that wazuh-analysisd is running + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' From 58ab5f88956edfcfbe0d79d0938b4334f44c85d9 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 21 Sep 2022 18:27:03 +0200 Subject: [PATCH 65/79] feat(#2947): add EPS configuration tests --- .../configuration_accepted_values.yaml | 11 ++ .../configuration_invalid_values.yaml | 11 ++ .../configuration_missing_configuration.yaml | 11 ++ .../cases_disabled.yaml | 0 .../cases_enabled.yaml | 0 .../cases_accepted_values.yaml | 8 ++ .../cases_invalid_values.yaml | 35 ++++++ .../cases_missing_configuration.yaml | 36 +++++++ .../test_eps/test_configuration.py | 102 ++++++++++++++++++ 9 files changed, 214 insertions(+) create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml rename tests/integration/test_analysisd/test_eps/data/test_cases/{ => basic_test_module}/cases_disabled.yaml (100%) rename tests/integration/test_analysisd/test_eps/data/test_cases/{ => basic_test_module}/cases_enabled.yaml (100%) create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml create mode 100644 tests/integration/test_analysisd/test_eps/test_configuration.py diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml new file mode 100644 index 0000000000..abca5be254 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml @@ -0,0 +1,11 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml new file mode 100644 index 0000000000..abca5be254 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml @@ -0,0 +1,11 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml new file mode 100644 index 0000000000..abca5be254 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml @@ -0,0 +1,11 @@ +- sections: + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_disabled.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/cases_disabled.yaml rename to tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_disabled.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/cases_enabled.yaml rename to tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml new file mode 100644 index 0000000000..5c2c98eca0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml @@ -0,0 +1,8 @@ +- name: maximum 5000 - timeframe 10 + description: acepted value + configuration_parameters: + MAXIMUM: '5000' + TIMEFRAME: '10' + metadata: + maximum: 5000 + timeframe: 10 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml new file mode 100644 index 0000000000..45a6ffd55e --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml @@ -0,0 +1,35 @@ +- name: maximum value above the allowed value + description: EPS Limits with maximum values over the maximum allowed + configuration_parameters: + MAXIMUM: '100001' + TIMEFRAME: '5' + metadata: + maximum: 100001 + timeframe: 5 + +- name: timeframe value above the allowed value + description: EPS Limits with timeframe values over the timeframe allowed + configuration_parameters: + MAXIMUM: '10' + TIMEFRAME: '3601' + metadata: + maximum: 10 + timeframe: 3601 + +- name: timeframe = 0 + description: EPS Limits with timeframe value set to 0 + configuration_parameters: + MAXIMUM: '10' + TIMEFRAME: '0' + metadata: + maximum: 10 + timeframe: 0 + +- name: maximum, timeframe = 0 + description: EPS Limits with maximum and timeframe value set to 0 + configuration_parameters: + MAXIMUM: '0' + TIMEFRAME: '0' + metadata: + maximum: 0 + timeframe: 0 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml new file mode 100644 index 0000000000..e4c0512b73 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml @@ -0,0 +1,36 @@ +- name: missing timeframe + description: Missing tag configuration + configuration_parameters: + MAXIMUM: '1000' + TIMEFRAME: '5' + metadata: + maximum: 1000 + timeframe: 5 + behavior: 'works' + remove_tags: + - 5 + +- name: missing maximum + description: Missing tag configuration + configuration_parameters: + MAXIMUM: '1000' + TIMEFRAME: '5' + metadata: + maximum: 1000 + timeframe: 5 + behavior: 'disabled' + remove_tags: + - 1000 + +- name: missing maximum and timeframe + description: Missing and tag configuration + configuration_parameters: + MAXIMUM: '1000' + TIMEFRAME: '5' + metadata: + maximum: 1000 + timeframe: 5 + behavior: 'error' + remove_tags: + - 1000 + - 5 diff --git a/tests/integration/test_analysisd/test_eps/test_configuration.py b/tests/integration/test_analysisd/test_eps/test_configuration.py new file mode 100644 index 0000000000..f5057efb9d --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_configuration.py @@ -0,0 +1,102 @@ +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.tools.services import control_service +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_daemons_are_running +from wazuh_testing.tools import file +from wazuh_testing import WAZUH_CONF_PATH + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'configuration_test_module') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'configuration_test_module') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} + +# ------------------------------- TEST_ACCEPTED_VALUES ------------------------------------------------------------------- +# Configuration and cases data +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_accepted_values.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_accepted_values.yaml') + +# Accepted values test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +# ------------------------------- TEST_INVALID_VALUES ------------------------------------------------------------------ +# Configuration and cases data +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_invalid_values.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_invalid_values.yaml') + +# Invalid values test configurations (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, + t2_configuration_metadata) + +# ------------------------------- TEST_MISSING_CONFIGURATION ----------------------------------------------------------- +# Configuration and cases data +t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_missing_configuration.yaml') +t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_missing_configuration.yaml') + +# Invalid values test configurations (t2) +t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path) +t3_configurations = load_configuration_template(t3_configurations_path, t3_configuration_parameters, + t3_configuration_metadata) + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +def test_accepted_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files, + restart_wazuh_daemon_function): + + evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) + + # Check that wazuh-analysisd is running + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has crashed' + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +def test_invalid_values(configuration, metadata, restart_wazuh_daemon_after_finishing_function, + load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_module, truncate_monitored_files): + try: + control_service('restart') + except ValueError: + pass + finally: + evm.check_configuration_error() + # Check that wazuh-analysisd is not running + assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ + 'expected to' + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) +def test_missing_configuration(configuration, metadata, restart_wazuh_daemon_after_finishing_function, + load_wazuh_basic_configuration, set_wazuh_configuration, + truncate_monitored_files): + + # Remove test case tags from ossec.conf + file.replace_regex_in_file(metadata['remove_tags'], [''] * len(metadata['remove_tags']), WAZUH_CONF_PATH) + + if metadata['behavior'] == 'works': + control_service('restart') + evm.check_eps_enabled(metadata['maximum'], 10) # 10 is the default timeframe + elif metadata['behavior'] == 'disabled': + control_service('restart') + evm.check_eps_disabled() + else: + try: + control_service('restart') + except ValueError: + pass + finally: + evm.check_configuration_error() + # Check that wazuh-analysisd is not running + assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ + 'expected to' From 7923898366dcc6c30285d5d8b55c2e65c09c4e0d Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Fri, 23 Sep 2022 15:56:12 +0200 Subject: [PATCH 66/79] feat(#2947): add test limitation --- .../wazuh_testing/scripts/syslog_simulator.py | 115 +++++++++++++++--- .../wazuh_testing/tools/run_simulator.py | 19 ++- .../wazuh_testing/tools/syslog_simulator.py | 72 ----------- .../configuration_limitation.yaml | 21 ++++ .../cases_limitation.yaml | 16 +++ .../test_eps/test_event_processing.py | 71 +++++++++++ 6 files changed, 216 insertions(+), 98 deletions(-) delete mode 100644 deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml create mode 100644 tests/integration/test_analysisd/test_eps/test_event_processing.py diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py index 6dd0482844..b1d11c7579 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -1,36 +1,111 @@ +import socket import argparse +import sys +import logging +import time -from wazuh_testing.tools.syslog_simulator import Syslogger +TCP = 'tcp' +UDP = 'udp' +DEFAULT_MESSAGE = 'Login failed: admin, test' +LOGGER = logging.getLogger('syslog_simulator') +TCP_LIMIT = 1000 +UDP_LIMIT = 200 -def main(): + +def set_logging(debug=False): + LOGGER.setLevel(logging.DEBUG if debug else logging.INFO) + handler = logging.StreamHandler(sys.stdout) + handler.setFormatter(logging.Formatter("%(asctime)s — %(levelname)s — %(message)s")) + LOGGER.addHandler(handler) + + +def validate_parameters(parameters): + protocol_limit = TCP_LIMIT if parameters.protocol == TCP else UDP_LIMIT + + if parameters.messages_number <= 0: + LOGGER.error(f"The number of messages parameter has to be greater than 0") + return sys.exit(1) + + if parameters.eps > 0 and parameters.eps > protocol_limit: + LOGGER.error(f"You can't select eps greather than {protocol_limit}") + return sys.exit(1) + + +def get_parameters(): arg_parser = argparse.ArgumentParser() - arg_parser.add_argument('-m', '--message', metavar='', type=str, required=True, - default='Login failed: admin, test message, Message number:', - help="The syslog message", dest='message') + arg_parser.add_argument('-n', '--messages-number', metavar='', type=int, + help='Number of messages to send', required=True, default=0, + dest='messages_number') + + arg_parser.add_argument('-m', '--message', metavar='', type=str, + help='Message to send', required=False, default=DEFAULT_MESSAGE, + dest='message') + + arg_parser.add_argument('-a', '--address', metavar='
', type=str, + help='Sender IP address', required=False, default='localhost', + dest='address') - arg_parser.add_argument('-e', '--num-messages', metavar='', type=int, - help='Set the amount of message to be sent.', - required=False, default=0, dest='num_messages') + arg_parser.add_argument('-p', '--port', metavar='', type=int, + help='Sender destination port', required=False, default=514, + dest='port') - arg_parser.add_argument('-f', '--fixed-message-size', metavar='', type=int, required=False, - default=None, help='Size of all the agent modules messages (KB)', dest='fixed_message_size') + arg_parser.add_argument('--protocol', metavar='', type=str, + help='Sender protocol', required=False, default='tcp', choices=['tcp', 'udp'], + dest='protocol') - arg_parser.add_argument('-t', '--interval-burst-time', metavar='', dest='interval_burst_time', - type=int, required=False, default=0, - help='Interval time in seconds for the messages burst') + arg_parser.add_argument('-e', '--eps', metavar='', type=int, + help='Event per second', required=False, default=-1, dest='eps') - arg_parser.add_argument('-b', '--num-messages-per-burst', metavar='', - dest='num_messages_per_burst', type=int, required=False, default=0, - help='Number of messages to send per burst') + arg_parser.add_argument('-d', '--debug', action='store_true', required=False, help='Activate debug logging') - args = arg_parser.parse_args() + return arg_parser.parse_args() - syslogger = Syslogger(args.message, args.num_messages, args.fixed_message_size, args.interval_burst_time, - args.num_messages_per_burst) - syslogger.start() +def send_messages(message, num_messages, eps, address='locahost', port=514, protocol=TCP): + sent_messages = 0 + custom_message = f"{message}\n" if message[-1] != '\n' not in message else message + protocol_limit = TCP_LIMIT if protocol == TCP else UDP_LIMIT + speed = eps if eps > 0 else protocol_limit + + LOGGER.info(f"Sending {num_messages} to {address}:{port} via {protocol.upper()} ({speed}/s)") + + # Create socket + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM if protocol == TCP else socket.SOCK_DGRAM) + if protocol == TCP: + sock.connect((address, port)) + + try: + # Get initial time + initial_batch_time = time.time() + start_batch_time = time.time() + + # Send the specified number messages + while sent_messages < num_messages: + if protocol == TCP: + sock.send(custom_message.encode()) + else: + sock.sendto(custom_message.encode(), (address, port)) + sent_messages += 1 + + # Wait until next batch + if sent_messages % speed == 0: + time.sleep(1 - (time.time() - start_batch_time)) + start_batch_time = time.time() + + LOGGER.info(f"Sent {sent_messages} messages in {round(time.time() - initial_batch_time, 0)}s") + finally: + sock.close() + + +def main(): + parameters = get_parameters() + set_logging(parameters.debug) + validate_parameters(parameters) + + send_messages(parameters.message, parameters.messages_number, parameters.eps, parameters.address, parameters.port, + parameters.protocol) if __name__ == "__main__": diff --git a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py index 14d5f7dec3..fc6b010fcd 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py @@ -23,13 +23,20 @@ def simulate_agent(param): -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) -def syslog_simulator(param): - """Function to run the script syslog_simulator.py +def syslog_simulator(parameters): + """Run the syslog simulator tool. Args: - param (dict): Dictionary with script parameters + parameters (dict): Script parameters. """ python_executable = sys.executable - subprocess.call(f"{python_executable} {SYSLOG_SIMULATOR} -m {param['message']} -e {param['num_messages']} \ - -f {param['msg_size']} -t {param['interval_burst_time']} -b {param['messages_per_burst']}", - shell=True) + run_parameters = f"{python_executable} {SYSLOG_SIMULATOR} " + run_parameters += f"-a {parameters['address']} " if 'address' in parameters else '' + run_parameters += f"-e {parameters['eps']} " if 'eps' in parameters else '' + run_parameters += f"--protocol {parameters['protocol']} " if 'protocol' in parameters else '' + run_parameters += f"-n {parameters['messages_number']} " if 'messages_number' in parameters else '' + run_parameters += f"-m {parameters['message']} " if 'message' in parameters else '' + run_parameters = run_parameters.strip() + + # Run the syslog simulator tool with custom parameters + subprocess.call(run_parameters, shell=True) diff --git a/deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py deleted file mode 100644 index 46fbe14ffe..0000000000 --- a/deps/wazuh_testing/wazuh_testing/tools/syslog_simulator.py +++ /dev/null @@ -1,72 +0,0 @@ -import threading -import logging - -from logging.handlers import SysLogHandler -from sys import getsizeof -from time import sleep - - -class Syslogger: - """Class that allows sending syslog messages. - - Args: - message (str): Message to send. - num_messages (int): Number of messages to send. - fixed_message_size (int): Message size (KB). - interval_burst_time (int): Waiting time for sending a new group of messages (seconds). - num_messages_per_burst (int): Number of messages to send per burst. - - Attributes: - syslogger (logging.Logger): Logger object used for building syslog messages. - message (str): Message to send. - num_messages (int): Number of messages to send. - fixed_message_size (int): Message size (KB). - interval_burst_time (int): Waiting time for sending a new group of messages (seconds). - num_messages_per_burst (int): Number of messages to send per burst. - """ - def __init__(self, message, num_messages, fixed_message_size, interval_burst_time, num_messages_per_burst): - self.syslogger = logging.getLogger() - self.syslogger.setLevel(logging.DEBUG) - handler = SysLogHandler(address='/dev/log') - formatter = logging.Formatter(fmt='%(message)s') - handler.setFormatter(formatter) - self.syslogger.addHandler(handler) - self.message = message - self.num_messages = num_messages - self.fixed_message_size = fixed_message_size * 1024 if fixed_message_size is not None else None - self.interval_burst_time = interval_burst_time - self.num_messages_per_burst = num_messages_per_burst - - def send_syslog_messages(self, message): - """Send syslog messages""" - self.syslogger.debug(message) - - def run_module(self): - """Send syslog messages according to the input parameters""" - sent_messages = 0 - sent_messages_burst = 0 - while self.num_messages != 0 and sent_messages < self.num_messages: - message = f"{self.message} {sent_messages}" - # Add dummy chars if the message size is not reachead - if self.fixed_message_size is not None: - event_msg_size = getsizeof(message) - dummy_message_size = self.fixed_message_size - event_msg_size - char_size = getsizeof(message[0]) - getsizeof('') - message += 'A' * (dummy_message_size//char_size) - # Create interval between messages to simulate burst of messages - if self.interval_burst_time != 0 and self.num_messages_per_burst != 0: - if sent_messages_burst < self.num_messages_per_burst: - sent_messages_burst += 1 - else: - sleep(self.interval_burst_time) - sent_messages_burst = 1 - # Send message - self.send_syslog_messages(message) - sent_messages += 1 - - def start(self): - thread = threading.Thread(target=self.run_module) - # Starting threads - thread.start() - # Wait until all threads finish - thread.join() diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml new file mode 100644 index 0000000000..fa168de5a0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml @@ -0,0 +1,21 @@ +- sections: + - section: remote + elements: + - connection: + value: syslog + - port: + value: PORT + - protocol: + value: PROTOCOL + - allowed-ips: + value: 0.0.0.0/0 + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml new file mode 100644 index 0000000000..7eb4d60638 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml @@ -0,0 +1,16 @@ +- name: maximum 500 - timeframe 5 + description: EPS limitation + configuration_parameters: + PORT: 514 + PROTOCOL: tcp + MAXIMUM: '250' + TIMEFRAME: '10' + metadata: + maximum: 250 + timeframe: 10 + # syslog simulator parameters + address: 'localhost' + port: 514 + protocol: 'tcp' + messages_number: 10000 + eps: 1000 diff --git a/tests/integration/test_analysisd/test_eps/test_event_processing.py b/tests/integration/test_analysisd/test_eps/test_event_processing.py new file mode 100644 index 0000000000..8e32d0c07d --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/test_event_processing.py @@ -0,0 +1,71 @@ +import os +import pytest +import threading +import time +from math import ceil + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.modules.analysisd import event_monitor as evm +from wazuh_testing.tools.services import control_service +from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.processes import check_if_daemons_are_running +from wazuh_testing.tools.run_simulator import syslog_simulator +from wazuh_testing.tools.thread_executor import ThreadExecutor + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'event_processing_test_module') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'event_processing_test_module') +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', + 'analysisd.state_interval': '1'} + +# ------------------------------- TEST_LIMITATION ---------------------------------------------------------------------- +# Configuration and cases data +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_limitation.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_limitation.yaml') + +# Limitation test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, + t1_configuration_metadata) + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +def test_limitation(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration, configure_local_internal_options_module, + truncate_monitored_files, restart_wazuh_daemon_function): + # Set syslog simulator parameters according to the use case data + syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], + 'protocol': metadata['protocol'], 'eps': metadata['eps'], + 'messages_number': metadata['messages_number']} + + # Run syslog simulator thread + syslog_simulator_thread = ThreadExecutor(syslog_simulator, {'parameters': syslog_simulator_parameters}) + syslog_simulator_thread.start() + + # Wait until syslog simulator is started + time.sleep(1) + + # Get analysisd stats + analysisd_state = evm.get_analysisd_state() + events_received = int(analysisd_state['events_received']) + events_processed = int(analysisd_state['events_processed']) + + # Check that wazuh-manager is processing syslog events + assert events_received > 0, '(0): No events are being received when it is expected' + assert events_processed > 0, 'No events are being processed when it is expected' + + # Wait until the limitation period has expired + time.sleep(ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps'])) + + # Get analysisd stats in limitation stage + analysisd_state = evm.get_analysisd_state() + events_received = int(analysisd_state['events_received']) + events_processed = int(analysisd_state['events_processed']) + + # Check that the wazuh-manager is receiving events but it is not processing them due to the limitation + assert events_received > 0, '(1): No events are being received when it is expected' + assert events_processed == 0, f"Events are being processed when the limit has been reached. {events_processed} != 0" + + # Wait until syslog simulator ends + syslog_simulator_thread.join() From 43a07e93dbf3502669083ce4fb16fc33aa9f4a4c Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:26:33 +0200 Subject: [PATCH 67/79] build(#2947): add wazuh light configuration template --- deps/wazuh_testing/setup.py | 3 ++- .../wazuh_testing/wazuh_testing}/data/all_disabled_ossec.conf | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename {tests/integration => deps/wazuh_testing/wazuh_testing}/data/all_disabled_ossec.conf (100%) diff --git a/deps/wazuh_testing/setup.py b/deps/wazuh_testing/setup.py index 77e878ff1c..e2f97742fb 100644 --- a/deps/wazuh_testing/setup.py +++ b/deps/wazuh_testing/setup.py @@ -27,7 +27,8 @@ 'qa_ctl/deployment/dockerfiles/qa_ctl/*', 'qa_ctl/deployment/vagrantfile_template.txt', 'qa_ctl/provisioning/wazuh_deployment/templates/preloaded_vars.conf.j2', - 'data/qactl_conf_validator_schema.json' + 'data/qactl_conf_validator_schema.json', + 'data/all_disabled_ossec.conf' ] scripts_list = [ diff --git a/tests/integration/data/all_disabled_ossec.conf b/deps/wazuh_testing/wazuh_testing/data/all_disabled_ossec.conf similarity index 100% rename from tests/integration/data/all_disabled_ossec.conf rename to deps/wazuh_testing/wazuh_testing/data/all_disabled_ossec.conf From 96449db88ab5555fece93f180bbf112820da3371 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:28:06 +0200 Subject: [PATCH 68/79] refactor(#2947): remove unused template files --- .../test_analysisd/test_eps/conftest.py | 27 ------------------- .../data/configuration_simulate_agent.yaml | 12 --------- .../data/configuration_syslog_simulator.yaml | 8 ------ 3 files changed, 47 deletions(-) delete mode 100644 tests/integration/test_analysisd/test_eps/conftest.py delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml delete mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml diff --git a/tests/integration/test_analysisd/test_eps/conftest.py b/tests/integration/test_analysisd/test_eps/conftest.py deleted file mode 100644 index 0adcd2f0ec..0000000000 --- a/tests/integration/test_analysisd/test_eps/conftest.py +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -import pytest - -from wazuh_testing.tools import configuration - - -@pytest.fixture(scope='function') -def configure_analysisd_one_thread(): - """Fixture to configure the local internal options file to work with one thread.""" - local_internal_options = {'analysisd.event_threads': '1', 'analysisd.syscheck_threads': '1', - 'analysisd.syscollector_threads': '1', 'analysisd.rootcheck_threads': '1', - 'analysisd.sca_threads': '1', 'analysisd.hostinfo_threads': '1', - 'analysisd.winevt_threads': '1', 'analysisd.rule_matching_threads': '1', - 'analysisd.dbsync_threads': '1', 'remoted.worker_pool': '1'} - - # Backup the old local internal options - backup_local_internal_options = configuration.get_wazuh_local_internal_options() - - # Add the new configuration to local internal options - configuration.add_wazuh_local_internal_options(local_internal_options) - - yield - - # Backup the old local internal options cofiguration - configuration.set_wazuh_local_internal_options(backup_local_internal_options) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml deleted file mode 100644 index ee2ac0557d..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_simulate_agent.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Simulate agent params configuration - description: Simulate agent params configuration - configuration_parameters: - num_agent: '1' - modules: logcollector - eps: '10000' - time: '15' - msg_size: '1' - disable_keepalive_msg: 'True' - disable_receive_msg: 'True' - enable_logcollector_msg_number: 'True' - message: '""' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml deleted file mode 100644 index a09b06b79a..0000000000 --- a/tests/integration/test_analysisd/test_eps/data/configuration_syslog_simulator.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Syslog simulator params configuration - description: Syslog simulator params configuration - configuration_parameters: - message: '""' - num_messages: '100' - msg_size: '1' - interval_burst_time: '5' - messages_per_burst: '50' From 6d3965af20bf6ddfa51c517e20a50609f3577219 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:30:40 +0200 Subject: [PATCH 69/79] feat(#2947): add numbered messages feature to syslog simulator --- .../wazuh_testing/scripts/syslog_simulator.py | 27 ++++++++++++------- .../wazuh_testing/tools/run_simulator.py | 4 ++- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py index b1d11c7579..c1e180781e 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -7,9 +7,10 @@ TCP = 'tcp' UDP = 'udp' -DEFAULT_MESSAGE = 'Login failed: admin, test' +DEFAULT_MESSAGE = 'Login failed: admin, test\n' +DEFAULT_MESSAGE_SIZE = len(DEFAULT_MESSAGE.encode('utf-8')) LOGGER = logging.getLogger('syslog_simulator') -TCP_LIMIT = 1000 +TCP_LIMIT = 5000 UDP_LIMIT = 200 @@ -25,11 +26,11 @@ def validate_parameters(parameters): if parameters.messages_number <= 0: LOGGER.error(f"The number of messages parameter has to be greater than 0") - return sys.exit(1) + sys.exit(1) if parameters.eps > 0 and parameters.eps > protocol_limit: LOGGER.error(f"You can't select eps greather than {protocol_limit}") - return sys.exit(1) + sys.exit(1) def get_parameters(): @@ -55,6 +56,10 @@ def get_parameters(): help='Sender protocol', required=False, default='tcp', choices=['tcp', 'udp'], dest='protocol') + arg_parser.add_argument('--numbered-messages', metavar='', required=False, type=int, + help='Add number of message at the end of its content starting with the indicated number ' + 'and increasing by 1 for each of them', dest='numbered_messages', default=-1) + arg_parser.add_argument('-e', '--eps', metavar='', type=int, help='Event per second', required=False, default=-1, dest='eps') @@ -63,7 +68,7 @@ def get_parameters(): return arg_parser.parse_args() -def send_messages(message, num_messages, eps, address='locahost', port=514, protocol=TCP): +def send_messages(message, num_messages, eps, numbered_messages=-1, address='locahost', port=514, protocol=TCP): sent_messages = 0 custom_message = f"{message}\n" if message[-1] != '\n' not in message else message protocol_limit = TCP_LIMIT if protocol == TCP else UDP_LIMIT @@ -83,10 +88,14 @@ def send_messages(message, num_messages, eps, address='locahost', port=514, prot # Send the specified number messages while sent_messages < num_messages: + # Update the message according to the parameters + final_message = f"{custom_message[:-1]} - {sent_messages + numbered_messages}\n" \ + if numbered_messages != -1 else custom_message + if protocol == TCP: - sock.send(custom_message.encode()) + sock.send(final_message.encode()) else: - sock.sendto(custom_message.encode(), (address, port)) + sock.sendto(final_message.encode(), (address, port)) sent_messages += 1 # Wait until next batch @@ -104,8 +113,8 @@ def main(): set_logging(parameters.debug) validate_parameters(parameters) - send_messages(parameters.message, parameters.messages_number, parameters.eps, parameters.address, parameters.port, - parameters.protocol) + send_messages(parameters.message, parameters.messages_number, parameters.eps, parameters.numbered_messages, + parameters.address, parameters.port, parameters.protocol) if __name__ == "__main__": diff --git a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py index fc6b010fcd..95284bca80 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py @@ -35,7 +35,9 @@ def syslog_simulator(parameters): run_parameters += f"-e {parameters['eps']} " if 'eps' in parameters else '' run_parameters += f"--protocol {parameters['protocol']} " if 'protocol' in parameters else '' run_parameters += f"-n {parameters['messages_number']} " if 'messages_number' in parameters else '' - run_parameters += f"-m {parameters['message']} " if 'message' in parameters else '' + run_parameters += f"-m '{parameters['message']}' " if 'message' in parameters else '' + run_parameters += f"--numbered-messages {parameters['numbered_messages']} " if 'numbered_messages' in parameters \ + else '' run_parameters = run_parameters.strip() # Run the syslog simulator tool with custom parameters From 50923843d637f08d6387eeb17158df30621d0850 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:35:30 +0200 Subject: [PATCH 70/79] feat(#2947): add truncate_event_logs fixture --- tests/integration/conftest.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index a7dd0adb69..14f9dfba9a 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -15,7 +15,7 @@ from py.xml import html import wazuh_testing.tools.configuration as conf -from wazuh_testing import global_parameters, logger, ALERTS_JSON_PATH +from wazuh_testing import global_parameters, logger, ALERTS_JSON_PATH, ARCHIVES_LOG_PATH, ARCHIVES_JSON_PATH from wazuh_testing.logcollector import create_file_structure, delete_file_structure from wazuh_testing.tools import LOG_FILE_PATH, WAZUH_CONF, get_service, ALERT_FILE_PATH, WAZUH_LOCAL_INTERNAL_OPTIONS from wazuh_testing.tools.configuration import get_wazuh_conf, set_section_wazuh_conf, write_wazuh_conf @@ -27,6 +27,7 @@ from wazuh_testing.db_interface.agent_db import update_os_info from wazuh_testing.db_interface.global_db import get_system, modify_system from wazuh_testing.tools.run_simulator import simulate_agent,syslog_simulator +from wazuh_testing.tools.configuration import get_minimal_configuration if sys.platform == 'win32': @@ -1213,15 +1214,13 @@ def simulate_agent_function(request): def load_wazuh_basic_configuration(): """Load a new basic configuration to the manager""" # Load ossec.conf with all disabled settings - minimal_configuration = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data', 'all_disabled_ossec.conf') + minimal_configuration = get_minimal_configuration() # Make a backup from current configuration backup_ossec_configuration = get_wazuh_conf() # Write new configuration - with open(minimal_configuration, 'r') as file: - lines = file.readlines() - write_wazuh_conf(lines) + write_wazuh_conf(minimal_configuration) yield @@ -1235,3 +1234,17 @@ def syslog_simulator_function(request): syslog_simulator(request.param) yield + + +@pytest.fixture(scope='function') +def truncate_event_logs(): + """Truncate all the event log files""" + log_files = [ARCHIVES_LOG_PATH, ARCHIVES_JSON_PATH] + + for log_file in log_files: + truncate_file(log_file) + + yield + + for log_file in log_files: + truncate_file(log_file) From 34e190a79f3f5e7d6569d58fed7ca1a09405e165 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:36:44 +0200 Subject: [PATCH 71/79] refactor(#2947): add new global vars --- deps/wazuh_testing/wazuh_testing/__init__.py | 2 ++ .../wazuh_testing/modules/analysisd/__init__.py | 10 ++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index a5cc547dd0..d4f4fe210f 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -29,6 +29,8 @@ CVE_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'cve.db') LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'ossec.log') ALERTS_JSON_PATH = os.path.join(WAZUH_PATH, 'logs', 'alerts', 'alerts.json') +ARCHIVES_LOG_PATH = os.path.join(WAZUH_PATH, 'logs', 'archives', 'archives.log') +ARCHIVES_JSON_PATH = os.path.join(WAZUH_PATH, 'logs', 'archives', 'archives.json') CPE_HELPER_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'dictionaries', 'cpe_helper.json') WAZUH_API_CONF = os.path.join(WAZUH_PATH, 'api', 'configuration', 'api.yaml') WAZUH_SECURITY_CONF = os.path.join(WAZUH_PATH, 'api', 'configuration', 'security', 'security.yaml') diff --git a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py index 2f3480b665..8ba26c0175 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py @@ -2,7 +2,9 @@ ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' MAILD_PREFIX = r'.*wazuh-maild.*' -# wazuh-analysisd.state file default update configuration -ANALYSISD_STATE_INTERNAL_DEFAULT = '5' -PERCENTAGE_PROCESS_MSGS = 0.95 -QUEUE_SIZE = 16384 +QUEUE_EVENTS_SIZE = 16384 +ANALYSISD_ONE_THREAD_CONFIG = {'analysisd.event_threads': '1', 'analysisd.syscheck_threads': '1', + 'analysisd.syscollector_threads': '1', 'analysisd.rootcheck_threads': '1', + 'analysisd.sca_threads': '1', 'analysisd.hostinfo_threads': '1', + 'analysisd.winevt_threads': '1', 'analysisd.rule_matching_threads': '1', + 'analysisd.dbsync_threads': '1', 'remoted.worker_pool': '1'} From 889046f771b109b5356e82ea8c9a0bf347a6d498 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:39:04 +0200 Subject: [PATCH 72/79] feat(#2947): add method to get wazuh minimal configuration --- .../wazuh_testing/tools/configuration.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/tools/configuration.py b/deps/wazuh_testing/wazuh_testing/tools/configuration.py index 6bff1a47bf..d79c59429d 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/configuration.py +++ b/deps/wazuh_testing/wazuh_testing/tools/configuration.py @@ -809,3 +809,14 @@ def write_wazuh_local_rules(local_rules: List[str]): """ with open(LOCAL_RULES_PATH, 'w') as f: f.writelines(local_rules) + + +def get_minimal_configuration(): + """Get the wazuh minimal configuration data. + + Returns: + str: Wazuh minimal configuration data. + """ + configuration = file.read_file(os.path.join(os.path.dirname(os.path.realpath(__file__)), '../', 'data', + 'all_disabled_ossec.conf')) + return configuration From 421dd43f33b069d2938685cb7d54d2072ecdd0c5 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Wed, 28 Sep 2022 17:39:33 +0200 Subject: [PATCH 73/79] feat(#2947): add new EPS limit tests --- ...ration_drop_events_when_queue_is_full.yaml | 21 + ...ocessing_events_in_order_multi_thread.yaml | 23 + ...cessing_events_in_order_single_thread.yaml | 23 + ...tion_queueing_events_after_limitation.yaml | 21 + .../basic_test_module/cases_enabled.yaml | 2 +- .../cases_accepted_values.yaml | 2 +- .../cases_drop_events_when_queue_is_full.yaml | 17 + .../cases_limitation.yaml | 6 +- ...ocessing_events_in_order_multi_thread.yaml | 23 + ...cessing_events_in_order_single_thread.yaml | 19 + ...ases_queueing_events_after_limitation.yaml | 16 + .../test_analysisd/test_eps/test_basic.py | 112 +++- .../test_eps/test_configuration.py | 181 +++++- .../test_eps/test_event_processing.py | 550 +++++++++++++++++- 14 files changed, 986 insertions(+), 30 deletions(-) create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml create mode 100644 tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml new file mode 100644 index 0000000000..fa168de5a0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml @@ -0,0 +1,21 @@ +- sections: + - section: remote + elements: + - connection: + value: syslog + - port: + value: PORT + - protocol: + value: PROTOCOL + - allowed-ips: + value: 0.0.0.0/0 + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml new file mode 100644 index 0000000000..35820bf959 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml @@ -0,0 +1,23 @@ +- sections: + - section: remote + elements: + - connection: + value: syslog + - port: + value: PORT + - protocol: + value: PROTOCOL + - allowed-ips: + value: 0.0.0.0/0 + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME + - logall: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml new file mode 100644 index 0000000000..35820bf959 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml @@ -0,0 +1,23 @@ +- sections: + - section: remote + elements: + - connection: + value: syslog + - port: + value: PORT + - protocol: + value: PROTOCOL + - allowed-ips: + value: 0.0.0.0/0 + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME + - logall: + value: 'yes' diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml new file mode 100644 index 0000000000..fa168de5a0 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml @@ -0,0 +1,21 @@ +- sections: + - section: remote + elements: + - connection: + value: syslog + - port: + value: PORT + - protocol: + value: PROTOCOL + - allowed-ips: + value: 0.0.0.0/0 + - section: global + elements: + - limits: + elements: + - eps: + elements: + - maximum: + value: MAXIMUM + - timeframe: + value: TIMEFRAME diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml index 1d9de44ea6..945a2343ea 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml @@ -1,4 +1,4 @@ -- name: maximum 20 - timeframe 5 +- name: enabled description: EPS Limits enabled configuration_parameters: MAXIMUM: '20' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml index 5c2c98eca0..daf9da4ad5 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml @@ -1,5 +1,5 @@ - name: maximum 5000 - timeframe 10 - description: acepted value + description: accepted value configuration_parameters: MAXIMUM: '5000' TIMEFRAME: '10' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml new file mode 100644 index 0000000000..90b8a20cd3 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml @@ -0,0 +1,17 @@ +- name: drop events + description: Drop events when events queue is full + configuration_parameters: + PORT: 514 + PROTOCOL: tcp + MAXIMUM: '1' + TIMEFRAME: '100' + metadata: + maximum: 1 + timeframe: 100 + # syslog simulator parameters + address: 'localhost' + port: 514 + protocol: 'tcp' + messages_number: 50000 + eps: 5000 + diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml index 7eb4d60638..c165036836 100644 --- a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml @@ -1,12 +1,12 @@ -- name: maximum 500 - timeframe 5 +- name: not process events after exceeding the limit description: EPS limitation configuration_parameters: PORT: 514 PROTOCOL: tcp - MAXIMUM: '250' + MAXIMUM: '500' TIMEFRAME: '10' metadata: - maximum: 250 + maximum: 500 timeframe: 10 # syslog simulator parameters address: 'localhost' diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml new file mode 100644 index 0000000000..9af21009c9 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml @@ -0,0 +1,23 @@ +- name: batch events order - multi-thread + description: Process events in batch order + configuration_parameters: + PORT: 514 + PROTOCOL: tcp + MAXIMUM: '20' + TIMEFRAME: '5' + metadata: + maximum: 20 + timeframe: 5 + # syslog simulator parameters + address: 'localhost' + num_batches: 5 + batch_sending_time: 3 + message_1: 'Login failed: admin, test - Group 1' + message_2: 'Login failed: admin, test - Group 2' + message_3: 'Login failed: admin, test - Group 3' + message_4: 'Login failed: admin, test - Group 4' + message_5: 'Login failed: admin, test - Group 5' + port: 514 + protocol: 'tcp' + eps: 100 + messages_number: 100 diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml new file mode 100644 index 0000000000..b1daca80f4 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml @@ -0,0 +1,19 @@ +- name: messages events order - single-thread + description: Process events in messages order + configuration_parameters: + PORT: 514 + PROTOCOL: tcp + MAXIMUM: '20' + TIMEFRAME: '5' + metadata: + maximum: 20 + timeframe: 5 + # syslog simulator parameters + address: 'localhost' + message: 'Login failed: admin, test' + port: 514 + protocol: 'tcp' + numbered_messages: 1 + messages_number_1: 300 + eps: 300 + messages_number_2: 200 \ No newline at end of file diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml new file mode 100644 index 0000000000..c378e00201 --- /dev/null +++ b/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml @@ -0,0 +1,16 @@ +- name: queue non-processed events + description: Queueing events after processing limitation + configuration_parameters: + PORT: 514 + PROTOCOL: tcp + MAXIMUM: '100' + TIMEFRAME: '10' + metadata: + maximum: 100 + timeframe: 10 + # syslog simulator parameters + address: 'localhost' + port: 514 + protocol: 'tcp' + messages_number: 10000 + eps: 1000 diff --git a/tests/integration/test_analysisd/test_eps/test_basic.py b/tests/integration/test_analysisd/test_eps/test_basic.py index 8a76d80a62..497cd5ea77 100644 --- a/tests/integration/test_analysisd/test_eps/test_basic.py +++ b/tests/integration/test_analysisd/test_eps/test_basic.py @@ -3,7 +3,6 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running pytestmark = [pytest.mark.server] @@ -13,10 +12,9 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'basic_test_module') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'basic_test_module') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0'} -# ------------------------------- TEST_ENABLED ------------------------------------------------------------------------- +# ---------------------------------------------------- TEST_ENABLED ---------------------------------------------------- # Configuration and cases data configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_enabled.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_enabled.yaml') @@ -26,7 +24,7 @@ t1_configurations = load_configuration_template(configurations_path, t1_configuration_parameters, t1_configuration_metadata) -# ------------------------------- TEST_DISABLED ------------------------------------------------------------------------ +# ---------------------------------------------------- TEST_DISABLED --------------------------------------------------- # Configuration and cases data t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_disabled.yaml') t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_disabled.yaml') @@ -40,7 +38,57 @@ @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_daemon_function): + """ + description: Check whether the event analysis limitation is activated after its activation in the configuration. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check in the ossec.log that a line has appeared indicating that EPS limiting has been enabled. + - Check that wazuh-analysisd is running (it has not been crashed). + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check in the log that the EPS limitation has been activated. + - Check that wazuh-analysisd daemon does not crash. + + input_description: + - The `configuration_enabled` file provides the module configuration for this test. + - The `cases_enabled` file provides the test cases. + """ evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) # Check that wazuh-analysisd is running @@ -50,7 +98,57 @@ def test_enabled(configuration, metadata, load_wazuh_basic_configuration, set_wa @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) def test_disabled(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, - configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_daemon_function): + """ + description: Check if when the EPS limitation setting is not applied, the feature is not activated. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Look in the ossec.log to see if the EPS limitation activation does not appear. + - Check that wazuh-analysisd is running (it has not been crashed). + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check in the ossec.log to see if the EPS limitation activation does not appear. + - Check that wazuh-analysisd daemon does not crash. + + input_description: + - The `configuration_disabled` file provides the module configuration for this test. + - The `cases_disabled` file provides the test cases. + """ evm.check_eps_disabled() # Check that wazuh-analysisd is running diff --git a/tests/integration/test_analysisd/test_eps/test_configuration.py b/tests/integration/test_analysisd/test_eps/test_configuration.py index f5057efb9d..6009ed5b51 100644 --- a/tests/integration/test_analysisd/test_eps/test_configuration.py +++ b/tests/integration/test_analysisd/test_eps/test_configuration.py @@ -4,7 +4,6 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT from wazuh_testing.processes import check_if_daemons_are_running from wazuh_testing.tools import file from wazuh_testing import WAZUH_CONF_PATH @@ -13,10 +12,9 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'configuration_test_module') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'configuration_test_module') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': f"{ANALYSISD_STATE_INTERNAL_DEFAULT}"} +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0'} -# ------------------------------- TEST_ACCEPTED_VALUES ------------------------------------------------------------------- +# ------------------------------------------------ TEST_ACCEPTED_VALUES ------------------------------------------------ # Configuration and cases data t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_accepted_values.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_accepted_values.yaml') @@ -26,7 +24,7 @@ t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata) -# ------------------------------- TEST_INVALID_VALUES ------------------------------------------------------------------ +# ------------------------------------------------- TEST_INVALID_VALUES ------------------------------------------------ # Configuration and cases data t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_invalid_values.yaml') t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_invalid_values.yaml') @@ -36,7 +34,7 @@ t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, t2_configuration_metadata) -# ------------------------------- TEST_MISSING_CONFIGURATION ----------------------------------------------------------- +# --------------------------------------------- TEST_MISSING_CONFIGURATION --------------------------------------------- # Configuration and cases data t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_missing_configuration.yaml') t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_missing_configuration.yaml') @@ -52,7 +50,56 @@ def test_accepted_values(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, configure_local_internal_options_module, truncate_monitored_files, restart_wazuh_daemon_function): + """ + description: Check that the EPS limitation is activated under accepted parameters. + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check in the log that the EPS limitation has been activated with the specified parameters. + - Check that wazuh-analysisd is running (it has not been crashed). + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check in the log that the EPS limitation has been activated with the specified parameters. + - Check that wazuh-analysisd daemon does not crash. + + input_description: + - The `configuration_accepted_values` file provides the module configuration for this test. + - The `cases_accepted_values` file provides the test cases. + """ evm.check_eps_enabled(metadata['maximum'], metadata['timeframe']) # Check that wazuh-analysisd is running @@ -64,6 +111,62 @@ def test_accepted_values(configuration, metadata, load_wazuh_basic_configuration def test_invalid_values(configuration, metadata, restart_wazuh_daemon_after_finishing_function, load_wazuh_basic_configuration, set_wazuh_configuration, configure_local_internal_options_module, truncate_monitored_files): + """ + description: Check for configuration error and wazuh-analysisd if the EPS limiting configuration has unaccepted + values. Done for the following cases: + - Maximum value above the allowed value. + - Timeframe value above the allowed value. + - Timeframe = 0 + - Maximum, timeframe = 0 + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - test: + - Restart wazuh-manager service to apply configuration changes. + - Check that a configuration error is raised when trying to start wazuh-manager. + - Check that wazuh-analysisd is not running (due to configuration error). + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Restart the wazuh-manager service to apply initial configuration and start wazuh-analysisd daemon. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - restart_wazuh_daemon_after_finishing_function: + type: fixture + brief: Restart the wazuh service in tierdown stage. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + + assertions: + - Check that a configuration error is raised when trying to start wazuh-manager. + - Check that wazuh-analysisd is not running (due to configuration error). + + input_description: + - The `configuration_invalid_values` file provides the module configuration for this test. + - The `cases_invalid_values` file provides the test cases. + """ try: control_service('restart') except ValueError: @@ -72,24 +175,84 @@ def test_invalid_values(configuration, metadata, restart_wazuh_daemon_after_fini evm.check_configuration_error() # Check that wazuh-analysisd is not running assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ - 'expected to' + 'expected to' @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) def test_missing_configuration(configuration, metadata, restart_wazuh_daemon_after_finishing_function, - load_wazuh_basic_configuration, set_wazuh_configuration, - truncate_monitored_files): + load_wazuh_basic_configuration, set_wazuh_configuration, truncate_monitored_files): + """ + description: Checks what happens if tags are missing in the event analysis limitation settings. Done for the + following cases: + - Missing . + - Missing . + - Missing and . + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - test: + - Remove the specified tag in ossec.conf + - Restart wazuh-manager service to apply configuration changes. + - Check whether the EPS limitation is activated, deactivated or generates a configuration error due to a + missing label. + - Check if wazuh-analysisd is running or not (according to the expected behavior). + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Restart the wazuh-manager service to apply initial configuration and start wazuh-analysisd daemon. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - restart_wazuh_daemon_after_finishing_function: + type: fixture + brief: Restart the wazuh service in tierdown stage. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + + assertions: + - Check whether the EPS limitation is activated, deactivated or generates a configuration error due to a + missing label. + - Check if wazuh-analysisd is running or not (according to the expected behavior). + input_description: + - The `configuration_missing_values` file provides the module configuration for this test. + - The `cases_missing_values` file provides the test cases. + """ # Remove test case tags from ossec.conf file.replace_regex_in_file(metadata['remove_tags'], [''] * len(metadata['remove_tags']), WAZUH_CONF_PATH) if metadata['behavior'] == 'works': control_service('restart') evm.check_eps_enabled(metadata['maximum'], 10) # 10 is the default timeframe + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has ' \ + 'crashed' elif metadata['behavior'] == 'disabled': control_service('restart') evm.check_eps_disabled() + assert check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is not running. Maybe it has ' \ + 'crashed' else: try: control_service('restart') diff --git a/tests/integration/test_analysisd/test_eps/test_event_processing.py b/tests/integration/test_analysisd/test_eps/test_event_processing.py index 8e32d0c07d..8723cae082 100644 --- a/tests/integration/test_analysisd/test_eps/test_event_processing.py +++ b/tests/integration/test_analysisd/test_eps/test_event_processing.py @@ -2,12 +2,17 @@ import pytest import threading import time +import re from math import ceil +from copy import deepcopy from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing import ARCHIVES_LOG_PATH from wazuh_testing.modules.analysisd import event_monitor as evm from wazuh_testing.tools.services import control_service -from wazuh_testing.modules.analysisd import ANALYSISD_STATE_INTERNAL_DEFAULT +from wazuh_testing.tools import file +from wazuh_testing.modules.analysisd import QUEUE_EVENTS_SIZE, ANALYSISD_ONE_THREAD_CONFIG +from wazuh_testing.scripts.syslog_simulator import DEFAULT_MESSAGE_SIZE from wazuh_testing.processes import check_if_daemons_are_running from wazuh_testing.tools.run_simulator import syslog_simulator from wazuh_testing.tools.thread_executor import ThreadExecutor @@ -16,10 +21,9 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'event_processing_test_module') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'event_processing_test_module') -local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', - 'analysisd.state_interval': '1'} +local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': '1'} -# ------------------------------- TEST_LIMITATION ---------------------------------------------------------------------- +# --------------------------------------------------- TEST_LIMITATION -------------------------------------------------- # Configuration and cases data t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_limitation.yaml') t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_limitation.yaml') @@ -29,11 +33,110 @@ t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata) +# ---------------------------------------- TEST_QUEUEING_EVENTS_AFTER_LIMITATION --------------------------------------- +# Configuration and cases data +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_queueing_events_after_limitation.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_queueing_events_after_limitation.yaml') + +# Queing event test configurations (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, + t2_configuration_metadata) + +# --------------------------------------- TEST_DROPPING_EVENTS_WHEN_QUEUE_IS_FULL -------------------------------------- +# Configuration and cases data +t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_drop_events_when_queue_is_full.yaml') +t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_drop_events_when_queue_is_full.yaml') + +# Dropping events when queue is full test configurations (t3) +t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path) +t3_configurations = load_configuration_template(t3_configurations_path, t3_configuration_parameters, + t3_configuration_metadata) + +# ------------------------------------ TEST_PROCESSING_EVENTS_IN_ORDER_SINGLE_THREAD ----------------------------------- +# Configuration and cases data +t4_configurations_path = os.path.join(CONFIGURATIONS_PATH, + 'configuration_processing_events_in_order_single_thread.yaml') +t4_cases_path = os.path.join(TEST_CASES_PATH, 'cases_processing_events_in_order_single_thread.yaml') + +# Processing events in order single thread test configurations (t4) +t4_configuration_parameters, t4_configuration_metadata, t4_case_ids = get_test_cases_data(t4_cases_path) +t4_configurations = load_configuration_template(t4_configurations_path, t4_configuration_parameters, + t4_configuration_metadata) +t4_local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': '1'} +t4_local_internal_options.update(ANALYSISD_ONE_THREAD_CONFIG) + +# ------------------------------------ TEST_PROCESSING_EVENTS_IN_ORDER_MULTI_THREAD ------------------------------------ +# Configuration and cases data +t5_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_processing_events_in_order_multi_thread.yaml') +t5_cases_path = os.path.join(TEST_CASES_PATH, 'cases_processing_events_in_order_multi_thread.yaml') + +# Processing events in order multi thread test configurations (t5) +t5_configuration_parameters, t5_configuration_metadata, t5_case_ids = get_test_cases_data(t5_cases_path) +t5_configurations = load_configuration_template(t5_configurations_path, t5_configuration_parameters, + t5_configuration_metadata) + + @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) -def test_limitation(configuration, metadata, load_wazuh_basic_configuration, - set_wazuh_configuration, configure_local_internal_options_module, - truncate_monitored_files, restart_wazuh_daemon_function): +def test_limitation(configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_daemon_function): + """ + description: Check if after passing the event processing limit, the processing is stopped until the next timeframe. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Start the event simulator and check that the events are being received and analyzed. + - Wait until the event limit is reached and check that the events are still being received but not + processed. + - Wait until the next analysis period (next timeframe) and check that events are still being + processed, in this case the queued ones. + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check that events are received when expected. + - Check that events are processed when expected. + - Check that events are still received when expected. + - Check that no events are processed due to blocking. + - Check that events are still processed after blocking. + + input_description: + - The `configuration_limitation` file provides the module configuration for this test. + - The `cases_limitation` file provides the test cases. + """ # Set syslog simulator parameters according to the use case data syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], 'protocol': metadata['protocol'], 'eps': metadata['eps'], @@ -42,6 +145,7 @@ def test_limitation(configuration, metadata, load_wazuh_basic_configuration, # Run syslog simulator thread syslog_simulator_thread = ThreadExecutor(syslog_simulator, {'parameters': syslog_simulator_parameters}) syslog_simulator_thread.start() + waited_simulator_time = 0 # Wait until syslog simulator is started time.sleep(1) @@ -55,8 +159,10 @@ def test_limitation(configuration, metadata, load_wazuh_basic_configuration, assert events_received > 0, '(0): No events are being received when it is expected' assert events_processed > 0, 'No events are being processed when it is expected' - # Wait until the limitation period has expired - time.sleep(ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps'])) + # Wait for the event non-processing phase to arrive (limit reached) + waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + 1 # Offset 1s + time.sleep(waiting_limit_time) + waited_simulator_time += waiting_limit_time # Get analysisd stats in limitation stage analysisd_state = evm.get_analysisd_state() @@ -67,5 +173,431 @@ def test_limitation(configuration, metadata, load_wazuh_basic_configuration, assert events_received > 0, '(1): No events are being received when it is expected' assert events_processed == 0, f"Events are being processed when the limit has been reached. {events_processed} != 0" + # Wait until the limited timeframe has elapsed + time.sleep(metadata['timeframe'] + 1 - waited_simulator_time) ## Offset 1s + + # Get analysisd stats in limitation stage + analysisd_state = evm.get_analysisd_state() + events_processed = int(analysisd_state['events_processed']) + + # Check whether events continue to be processed after blocking + assert events_processed > 0, f"Event processing has not been continued after blocking" + + # Wait until syslog simulator ends + syslog_simulator_thread.join() + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +def test_queueing_events_after_limitation(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration, configure_local_internal_options_function, + truncate_monitored_files, restart_wazuh_daemon_function): + """ + description: Check if after stopping processing events (due to limit reached), the received events are stored in + the events queue if it is not full. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check that the initial events queue usage rate is 0%. + - Calculate when the limit of processed events is reached, waits a few seconds for events to be stored in + the events queue and takes a sample of the usage to check that it is higher than 0%. + - Wait a few seconds and takes a second sample again, to check that the events queue usage is higher than + the first sample. + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check that the queue usage at startup is 0%. + - Check that the queue usage grows after stopping processing events. + - Check that the queue usage continues to grow after stopping processing events. + + input_description: + - The `configuration_queueing_events_after_limitation` file provides the module configuration for this test. + - The `cases_queueing_events_after_limitation` file provides the test cases. + """ + # Get initial queue usage + analysisd_state = evm.get_analysisd_state() + event_queue_usage = float(analysisd_state['event_queue_usage']) + + # Check that there are no events in the queue + assert event_queue_usage == 0.0, f"The initial events queue is not at 0%" + + # Set syslog simulator parameters according to the use case data + syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], + 'protocol': metadata['protocol'], 'eps': metadata['eps'], + 'messages_number': metadata['messages_number']} + + # Run syslog simulator thread + syslog_simulator_thread = ThreadExecutor(syslog_simulator, {'parameters': syslog_simulator_parameters}) + syslog_simulator_thread.start() + + # Wait for the event non-processing stage (limit reached) + waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + 1 # Offset 1s + time.sleep(waiting_limit_time) + + # Get queue usage in limitation stage + analysisd_state = evm.get_analysisd_state() + event_queue_usage_sample_1 = float(analysisd_state['event_queue_usage']) + + # Check that received and unprocessed events are being queued + assert event_queue_usage_sample_1 > 0.0, 'Events received after processing limitation are not being queued' + + # Wait a few more seconds before passing the timeframe + waiting_time_sample_2 = ceil((metadata['timeframe'] - waiting_limit_time) / 2) + time.sleep(waiting_time_sample_2) + + # Get queue usage in limitation stage + analysisd_state = evm.get_analysisd_state() + event_queue_usage_sample_2 = float(analysisd_state['event_queue_usage']) + + # Check that events received and not processed are still being queued + assert event_queue_usage_sample_2 > event_queue_usage_sample_1, 'Events queue has not grown as expected during ' \ + 'event limitation' + # Wait until syslog simulator ends + syslog_simulator_thread.join() + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) +def test_dropping_events_when_queue_is_full(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration, configure_local_internal_options_function, + truncate_monitored_files, restart_wazuh_daemon_function): + """ + description: Check that after the event analysis block, if the events queue is full, the events are dropped. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check that the initial queue usage rate is 0%. + - Calculate when the event analysis blocking phase is expected and the queue is full, then it measures the + use of the event queue to check that it is 100%, and that the received events are being dropped. + - tierdown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check that the initial queue is at 0%. + - Check that after the event analysis block and the queue is full, events are still being received. + - Check that no events are processed when it is expected. + - Check that the event queue usage is at 100% when it is expected. + - Check that all events received are being dropped because the queue is full. + + input_description: + - The `configuration_dropping_events_when_queue_is_full` file provides the module configuration for this test. + - The `cases_dropping_events_when_queue_is_full` file provides the test cases. + """ + # Get initial queue usage + analysisd_state = evm.get_analysisd_state() + event_queue_usage = float(analysisd_state['event_queue_usage']) + + # Check that there are no events in the queue + assert event_queue_usage == 0.0, f"The initial events queue is not at 0%" + + # Set syslog simulator parameters according to the use case data + syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], + 'protocol': metadata['protocol'], 'eps': metadata['eps'], + 'messages_number': metadata['messages_number']} + + # Run syslog simulator thread + syslog_simulator_thread = ThreadExecutor(syslog_simulator, {'parameters': syslog_simulator_parameters}) + syslog_simulator_thread.start() + + # Calculate the non-processing stage (limit reached) + waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + 1 # Offset 1s + + # Calculate the stage when the events queue is full (offset 4 sec to check all received-dropped events) + waiting_time_queue_is_full = waiting_limit_time + ((QUEUE_EVENTS_SIZE / DEFAULT_MESSAGE_SIZE) / metadata['eps']) + 4 + time.sleep(waiting_time_queue_is_full) + + # Get analysisd stats + analysisd_state = evm.get_analysisd_state() + event_queue_usage = float(analysisd_state['event_queue_usage']) + events_dropped = float(analysisd_state['events_dropped']) + events_received = int(analysisd_state['events_received']) + events_processed = int(analysisd_state['events_processed']) + + # Check that events are received, not processed and that they are dropped when the queue is full + assert events_received > 0, ' No events are being received when it is expected' + assert events_processed == 0, 'Events are being processed when they are not expected (due to the limit)' + assert event_queue_usage == 1.0, 'The events queue is not full as expected' + assert events_dropped == events_received, 'No events are being dropped even though the queue is full' + # Wait until syslog simulator ends syslog_simulator_thread.join() + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t4_configurations, t4_configuration_metadata), ids=t4_case_ids) +@pytest.mark.parametrize('configure_local_internal_options_function', [t4_local_internal_options], indirect=True) +def test_event_processing_in_order_single_thread(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration, configure_local_internal_options_function, + truncate_event_logs, restart_wazuh_daemon_function): + """ + description: Check that events are processed in order according to the position within the queue, and + that events that are being received during the blocking phase are being added to the end of the queue when + using single-thread processing. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh event logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Send a batch of identified events. + - Wait a few seconds, then send another batch of identified events. + - Wait until all events are processed. + - Read the event log (archives.log) and check that the events have been processed in the expected order. + - tierdown: + - Truncate wazuh event logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_event_logs: + type: fixture + brief: Truncate wazuh event logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check that all expected events have been stored in the archives.log. + - Check that all events have been generated in the archives.log according to the expected order. + + input_description: + - The `configuration_event_processing_in_order_single_thread` file provides the module configuration for this + test. + - The `cases_event_processing_in_order_single_thread` file provides the test cases. + """ + # Set syslog simulator parameters according to the use case data + syslog_simulator_parameters_1 = {'address': metadata['address'], 'port': metadata['port'], + 'protocol': metadata['protocol'], 'eps': metadata['eps'], + 'messages_number': metadata['messages_number_1'], 'message': metadata['message'], + 'numbered_messages': metadata['numbered_messages']} + + # Run syslog simulator thread + syslog_simulator_thread_1 = ThreadExecutor(syslog_simulator, {'parameters': syslog_simulator_parameters_1}) + syslog_simulator_thread_1.start() + + # Wait until the first processing interval has passed. + waiting_time = metadata['timeframe'] + time.sleep(waiting_time) + + # Run syslog simulator to send new events when events sent previously still have to be processed + # (they are in the queue) + syslog_simulator_parameters_2 = {'address': metadata['address'], 'port': metadata['port'], + 'protocol': metadata['protocol'], 'eps': metadata['eps'], + 'messages_number': metadata['messages_number_2'], 'message': metadata['message'], + 'numbered_messages': metadata['messages_number_1'] + 1} + syslog_simulator_thread_2 = ThreadExecutor(syslog_simulator, {'parameters': syslog_simulator_parameters_2}) + syslog_simulator_thread_2.start() + + # Wait until all events have been processed + waiting_time = ((metadata['messages_number_1'] + metadata['messages_number_2']) / \ + (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 # Offset 1s + time.sleep(waiting_time) + + # Read the events log data + events_data = file.read_file(ARCHIVES_LOG_PATH).split('\n') + expected_num_events = metadata['messages_number_1'] + metadata['messages_number_2'] + + # Check that all events have been recorded in the log file + assert len(events_data) >= expected_num_events, \ + f"Not all expected events were found in the archives.log. Found={len(events_data)}, " \ + f"expected>={expected_num_events}" + + # Get the IDs of event messages + event_ids = [int(re.search(fr"{metadata['message']} - (\d+)", event).group(1)) for event in events_data \ + if bool(re.match(fr".*{metadata['message']} - (\d+)", event))] + + # Check that the event message IDs are in order + assert all(event_ids[i] <= event_ids[i+1] for i in range(len(event_ids) - 1)), 'Events have not been processed ' \ + 'in the expected order' + + # Wait until syslog simulator ends + syslog_simulator_thread_1.join() + syslog_simulator_thread_2.join() + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t5_configurations, t5_configuration_metadata), ids=t5_case_ids) +def test_event_processing_in_order_multi_thread(configuration, metadata, load_wazuh_basic_configuration, + set_wazuh_configuration, configure_local_internal_options_function, + truncate_event_logs, restart_wazuh_daemon_function): + """ + description: Check that events are processed in order according to the position within the queue, and + that events that are being received during the blocking phase are being added to the end of the queue when + using multi-thread processing. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh event logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Send a batch of identified events. + - Wait a few seconds, then send another batch of identified events. This is repeated n times. + - Wait until all events are processed. + - Read the event log (archives.log) and check that the events have been processed in the expected order. + - tierdown: + - Truncate wazuh event logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + + wazuh_min_version: 4.4.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_event_logs: + type: fixture + brief: Truncate wazuh event logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + + assertions: + - Check that all expected events have been stored in the archives.log. + - Check that all events have been generated in the archives.log according to the expected order. + + input_description: + - The `configuration_event_processing_in_order_multi_thread` file provides the module configuration for this + test. + - The `cases_event_processing_in_order_multi_thread` file provides the test cases. + """ + # Set syslog simulator parameters according to the use case data + parameters = [] + syslog_simulator_threads = [] + syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], + 'protocol': metadata['protocol'], 'eps': metadata['eps'], + 'messages_number': metadata['messages_number'], 'message': metadata['message_1']} + # Create syslog simulator threads + for index, parameter in enumerate(range(metadata['num_batches'])): + parameters.append(deepcopy(syslog_simulator_parameters)) + parameters[index].update({'message': metadata[f"message_{index + 1}"]}) + syslog_simulator_threads.append(ThreadExecutor(syslog_simulator, {'parameters': parameters[index]})) + + # Start syslog simulator threads + for thread in syslog_simulator_threads: + thread.start() + time.sleep(metadata['batch_sending_time']) + + # Wait until all events have been processed + waiting_time_to_process_all_events= ((metadata['messages_number'] * metadata['num_batches']) / \ + (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 # Offset 1s + waited_time_to_create_threads = metadata['batch_sending_time'] * metadata['num_batches'] + time.sleep(waiting_time_to_process_all_events - waited_time_to_create_threads) + + # Read the events log data + events_data = file.read_file(ARCHIVES_LOG_PATH).split('\n') + expected_num_events = metadata['batch_sending_time'] * metadata['num_batches'] + + # Check that all events have been recorded in the log file + assert len(events_data) >= expected_num_events, \ + f"Not all expected events were found in the archives.log. Found={len(events_data)}, " \ + f"expected>={expected_num_events}" + + # Get the IDs of event messages + event_ids = [int(re.search(fr"{metadata['message_1']} - Group (\d+)", event).group(1)) for event in events_data \ + if bool(re.match(fr".*{metadata['message_1']} - Group (\d+)", event))] + + # Check that the event message IDs are in order + assert all(event_ids[i] <= event_ids[i+1] for i in range(len(event_ids) - 1)), 'Events have not been processed ' \ + 'in the expected order' + # Wait until all syslog simulator threads finish + for thread in syslog_simulator_threads: + thread.join() From ac4e6a1ebf522fe446354667c90b81e90bc603eb Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Thu, 29 Sep 2022 09:19:18 +0200 Subject: [PATCH 74/79] refactor(#2947): rename limit eps suite testing --- .../basic_test_module/configuration_disabled.yaml | 0 .../basic_test_module/configuration_enabled.yaml | 0 .../configuration_test_module/configuration_accepted_values.yaml | 0 .../configuration_test_module/configuration_invalid_values.yaml | 0 .../configuration_missing_configuration.yaml | 0 .../configuration_drop_events_when_queue_is_full.yaml | 0 .../event_processing_test_module/configuration_limitation.yaml | 0 .../configuration_processing_events_in_order_multi_thread.yaml | 0 .../configuration_processing_events_in_order_single_thread.yaml | 0 .../configuration_queueing_events_after_limitation.yaml | 0 .../data/test_cases/basic_test_module/cases_disabled.yaml | 0 .../data/test_cases/basic_test_module/cases_enabled.yaml | 0 .../configuration_test_module/cases_accepted_values.yaml | 0 .../configuration_test_module/cases_invalid_values.yaml | 0 .../configuration_test_module/cases_missing_configuration.yaml | 0 .../cases_drop_events_when_queue_is_full.yaml | 0 .../test_cases/event_processing_test_module/cases_limitation.yaml | 0 .../cases_processing_events_in_order_multi_thread.yaml | 0 .../cases_processing_events_in_order_single_thread.yaml | 0 .../cases_queueing_events_after_limitation.yaml | 0 .../test_analysisd/{test_eps => test_limit_eps}/test_basic.py | 0 .../{test_eps => test_limit_eps}/test_configuration.py | 0 .../{test_eps => test_limit_eps}/test_event_processing.py | 0 23 files changed, 0 insertions(+), 0 deletions(-) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/basic_test_module/configuration_disabled.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/basic_test_module/configuration_enabled.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/event_processing_test_module/configuration_limitation.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/basic_test_module/cases_disabled.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/basic_test_module/cases_enabled.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/configuration_test_module/cases_accepted_values.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/configuration_test_module/cases_invalid_values.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/configuration_test_module/cases_missing_configuration.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/event_processing_test_module/cases_limitation.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/test_basic.py (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/test_configuration.py (100%) rename tests/integration/test_analysisd/{test_eps => test_limit_eps}/test_event_processing.py (100%) diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/basic_test_module/configuration_enabled.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/configuration_test_module/configuration_accepted_values.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/configuration_test_module/configuration_invalid_values.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/configuration_test_module/configuration_missing_configuration.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_drop_events_when_queue_is_full.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_limitation.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_multi_thread.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_processing_events_in_order_single_thread.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml b/tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/configuration_template/event_processing_test_module/configuration_queueing_events_after_limitation.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_disabled.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/basic_test_module/cases_disabled.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_disabled.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/basic_test_module/cases_disabled.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/basic_test_module/cases_enabled.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/basic_test_module/cases_enabled.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/basic_test_module/cases_enabled.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_accepted_values.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_invalid_values.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml diff --git a/tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml similarity index 100% rename from tests/integration/test_analysisd/test_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml rename to tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml diff --git a/tests/integration/test_analysisd/test_eps/test_basic.py b/tests/integration/test_analysisd/test_limit_eps/test_basic.py similarity index 100% rename from tests/integration/test_analysisd/test_eps/test_basic.py rename to tests/integration/test_analysisd/test_limit_eps/test_basic.py diff --git a/tests/integration/test_analysisd/test_eps/test_configuration.py b/tests/integration/test_analysisd/test_limit_eps/test_configuration.py similarity index 100% rename from tests/integration/test_analysisd/test_eps/test_configuration.py rename to tests/integration/test_analysisd/test_limit_eps/test_configuration.py diff --git a/tests/integration/test_analysisd/test_eps/test_event_processing.py b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py similarity index 100% rename from tests/integration/test_analysisd/test_eps/test_event_processing.py rename to tests/integration/test_analysisd/test_limit_eps/test_event_processing.py From 4528aebed46b21134e04d9ec365f9874ac8360ff Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Thu, 29 Sep 2022 09:38:19 +0200 Subject: [PATCH 75/79] style: improve the code format according to PEP-8 --- .../wazuh_testing/scripts/syslog_simulator.py | 2 +- .../wazuh_testing/wazuh_testing/tools/file.py | 3 ++- tests/integration/conftest.py | 10 ++++----- .../cases_missing_configuration.yaml | 6 ++--- .../cases_drop_events_when_queue_is_full.yaml | 5 ++--- .../cases_limitation.yaml | 4 ++-- ...ocessing_events_in_order_multi_thread.yaml | 4 ++-- ...cessing_events_in_order_single_thread.yaml | 6 ++--- ...ases_queueing_events_after_limitation.yaml | 4 ++-- .../test_limit_eps/test_configuration.py | 2 +- .../test_limit_eps/test_event_processing.py | 22 +++++++++---------- 11 files changed, 34 insertions(+), 34 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py index c1e180781e..38076b763e 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -90,7 +90,7 @@ def send_messages(message, num_messages, eps, numbered_messages=-1, address='loc while sent_messages < num_messages: # Update the message according to the parameters final_message = f"{custom_message[:-1]} - {sent_messages + numbered_messages}\n" \ - if numbered_messages != -1 else custom_message + if numbered_messages != -1 else custom_message if protocol == TCP: sock.send(final_message.encode()) diff --git a/deps/wazuh_testing/wazuh_testing/tools/file.py b/deps/wazuh_testing/wazuh_testing/tools/file.py index a6b69e8477..7e943290b6 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/file.py +++ b/deps/wazuh_testing/wazuh_testing/tools/file.py @@ -22,7 +22,6 @@ from wazuh_testing import logger - def read_json(file_path): """ Read a JSON file from a given path, return a dictionary with the json data. @@ -130,6 +129,7 @@ def random_string(length, encode=None): return st + def generate_string(stringLength=10, character='0'): """Generate a string with line breaks. @@ -155,6 +155,7 @@ def generate_string(stringLength=10, character='0'): return generated_string + def read_file(file_path): with open(file_path) as f: data = f.read() diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index 14f9dfba9a..1311d4c70c 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -26,7 +26,7 @@ from wazuh_testing import mocking from wazuh_testing.db_interface.agent_db import update_os_info from wazuh_testing.db_interface.global_db import get_system, modify_system -from wazuh_testing.tools.run_simulator import simulate_agent,syslog_simulator +from wazuh_testing.tools.run_simulator import simulate_agent, syslog_simulator from wazuh_testing.tools.configuration import get_minimal_configuration @@ -580,8 +580,8 @@ def configure_local_internal_options_module(request): local_internal_options = getattr(request.module, 'local_internal_options') except AttributeError: logger.debug('local_internal_options is not set') - raise AttributeError('Error when using the fixture "configure_local_internal_options_module", no ' \ - 'parameter has been passed explicitly, nor is the variable local_internal_options ' \ + raise AttributeError('Error when using the fixture "configure_local_internal_options_module", no ' + 'parameter has been passed explicitly, nor is the variable local_internal_options ' 'found in the module.') from AttributeError backup_local_internal_options = conf.get_local_internal_options_dict() @@ -610,8 +610,8 @@ def configure_local_internal_options_function(request): local_internal_options = getattr(request.module, 'local_internal_options') except AttributeError: logger.debug('local_internal_options is not set') - raise AttributeError('Error when using the fixture "configure_local_internal_options_module", no ' \ - 'parameter has been passed explicitly, nor is the variable local_internal_options ' \ + raise AttributeError('Error when using the fixture "configure_local_internal_options_module", no ' + 'parameter has been passed explicitly, nor is the variable local_internal_options ' 'found in the module.') from AttributeError backup_local_internal_options = conf.get_local_internal_options_dict() diff --git a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml index e4c0512b73..cf0f1430bd 100644 --- a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml +++ b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/configuration_test_module/cases_missing_configuration.yaml @@ -6,7 +6,7 @@ metadata: maximum: 1000 timeframe: 5 - behavior: 'works' + behavior: works remove_tags: - 5 @@ -18,7 +18,7 @@ metadata: maximum: 1000 timeframe: 5 - behavior: 'disabled' + behavior: disabled remove_tags: - 1000 @@ -30,7 +30,7 @@ metadata: maximum: 1000 timeframe: 5 - behavior: 'error' + behavior: error remove_tags: - 1000 - 5 diff --git a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml index 90b8a20cd3..8cdeadadc4 100644 --- a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml +++ b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_drop_events_when_queue_is_full.yaml @@ -9,9 +9,8 @@ maximum: 1 timeframe: 100 # syslog simulator parameters - address: 'localhost' + address: localhost port: 514 - protocol: 'tcp' + protocol: tcp messages_number: 50000 eps: 5000 - diff --git a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml index c165036836..5896343f28 100644 --- a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml +++ b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_limitation.yaml @@ -9,8 +9,8 @@ maximum: 500 timeframe: 10 # syslog simulator parameters - address: 'localhost' + address: localhost port: 514 - protocol: 'tcp' + protocol: tcp messages_number: 10000 eps: 1000 diff --git a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml index 9af21009c9..b33c718e1f 100644 --- a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml +++ b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_multi_thread.yaml @@ -9,7 +9,7 @@ maximum: 20 timeframe: 5 # syslog simulator parameters - address: 'localhost' + address: localhost num_batches: 5 batch_sending_time: 3 message_1: 'Login failed: admin, test - Group 1' @@ -18,6 +18,6 @@ message_4: 'Login failed: admin, test - Group 4' message_5: 'Login failed: admin, test - Group 5' port: 514 - protocol: 'tcp' + protocol: tcp eps: 100 messages_number: 100 diff --git a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml index b1daca80f4..b8dc921075 100644 --- a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml +++ b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_processing_events_in_order_single_thread.yaml @@ -9,11 +9,11 @@ maximum: 20 timeframe: 5 # syslog simulator parameters - address: 'localhost' + address: localhost message: 'Login failed: admin, test' port: 514 - protocol: 'tcp' + protocol: tcp numbered_messages: 1 messages_number_1: 300 eps: 300 - messages_number_2: 200 \ No newline at end of file + messages_number_2: 200 diff --git a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml index c378e00201..025f210b31 100644 --- a/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml +++ b/tests/integration/test_analysisd/test_limit_eps/data/test_cases/event_processing_test_module/cases_queueing_events_after_limitation.yaml @@ -9,8 +9,8 @@ maximum: 100 timeframe: 10 # syslog simulator parameters - address: 'localhost' + address: localhost port: 514 - protocol: 'tcp' + protocol: tcp messages_number: 10000 eps: 1000 diff --git a/tests/integration/test_analysisd/test_limit_eps/test_configuration.py b/tests/integration/test_analysisd/test_limit_eps/test_configuration.py index 6009ed5b51..10dbeb5bb3 100644 --- a/tests/integration/test_analysisd/test_limit_eps/test_configuration.py +++ b/tests/integration/test_analysisd/test_limit_eps/test_configuration.py @@ -262,4 +262,4 @@ def test_missing_configuration(configuration, metadata, restart_wazuh_daemon_aft evm.check_configuration_error() # Check that wazuh-analysisd is not running assert not check_if_daemons_are_running(['wazuh-analysisd'])[0], 'wazuh-analysisd is running and was not ' \ - 'expected to' + 'expected to' diff --git a/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py index 8723cae082..75186889b8 100644 --- a/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py +++ b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py @@ -174,7 +174,7 @@ def test_limitation(configuration, metadata, load_wazuh_basic_configuration, set assert events_processed == 0, f"Events are being processed when the limit has been reached. {events_processed} != 0" # Wait until the limited timeframe has elapsed - time.sleep(metadata['timeframe'] + 1 - waited_simulator_time) ## Offset 1s + time.sleep(metadata['timeframe'] + 1 - waited_simulator_time) # Offset 1s # Get analysisd stats in limitation stage analysisd_state = evm.get_analysisd_state() @@ -473,8 +473,8 @@ def test_event_processing_in_order_single_thread(configuration, metadata, load_w syslog_simulator_thread_2.start() # Wait until all events have been processed - waiting_time = ((metadata['messages_number_1'] + metadata['messages_number_2']) / \ - (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 # Offset 1s + waiting_time = ((metadata['messages_number_1'] + metadata['messages_number_2']) / + (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 # Offset 1s time.sleep(waiting_time) # Read the events log data @@ -487,8 +487,8 @@ def test_event_processing_in_order_single_thread(configuration, metadata, load_w f"expected>={expected_num_events}" # Get the IDs of event messages - event_ids = [int(re.search(fr"{metadata['message']} - (\d+)", event).group(1)) for event in events_data \ - if bool(re.match(fr".*{metadata['message']} - (\d+)", event))] + event_ids = [int(re.search(fr"{metadata['message']} - (\d+)", event).group(1)) for event in events_data + if bool(re.match(fr".*{metadata['message']} - (\d+)", event))] # Check that the event message IDs are in order assert all(event_ids[i] <= event_ids[i+1] for i in range(len(event_ids) - 1)), 'Events have not been processed ' \ @@ -566,7 +566,7 @@ def test_event_processing_in_order_multi_thread(configuration, metadata, load_wa 'protocol': metadata['protocol'], 'eps': metadata['eps'], 'messages_number': metadata['messages_number'], 'message': metadata['message_1']} # Create syslog simulator threads - for index, parameter in enumerate(range(metadata['num_batches'])): + for index in range(metadata['num_batches']): parameters.append(deepcopy(syslog_simulator_parameters)) parameters[index].update({'message': metadata[f"message_{index + 1}"]}) syslog_simulator_threads.append(ThreadExecutor(syslog_simulator, {'parameters': parameters[index]})) @@ -577,14 +577,14 @@ def test_event_processing_in_order_multi_thread(configuration, metadata, load_wa time.sleep(metadata['batch_sending_time']) # Wait until all events have been processed - waiting_time_to_process_all_events= ((metadata['messages_number'] * metadata['num_batches']) / \ - (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 # Offset 1s + waiting_time_to_process_all_events = ((metadata['messages_number'] * metadata['num_batches']) / # offset 1s + (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 waited_time_to_create_threads = metadata['batch_sending_time'] * metadata['num_batches'] time.sleep(waiting_time_to_process_all_events - waited_time_to_create_threads) # Read the events log data events_data = file.read_file(ARCHIVES_LOG_PATH).split('\n') - expected_num_events = metadata['batch_sending_time'] * metadata['num_batches'] + expected_num_events = metadata['batch_sending_time'] * metadata['num_batches'] # Check that all events have been recorded in the log file assert len(events_data) >= expected_num_events, \ @@ -592,8 +592,8 @@ def test_event_processing_in_order_multi_thread(configuration, metadata, load_wa f"expected>={expected_num_events}" # Get the IDs of event messages - event_ids = [int(re.search(fr"{metadata['message_1']} - Group (\d+)", event).group(1)) for event in events_data \ - if bool(re.match(fr".*{metadata['message_1']} - Group (\d+)", event))] + event_ids = [int(re.search(fr"{metadata['message_1']} - Group (\d+)", event).group(1)) for event in events_data + if bool(re.match(fr".*{metadata['message_1']} - Group (\d+)", event))] # Check that the event message IDs are in order assert all(event_ids[i] <= event_ids[i+1] for i in range(len(event_ids) - 1)), 'Events have not been processed ' \ From 3a58a405ba55885c1dd7c799aabdb04795f169a7 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Thu, 29 Sep 2022 09:54:47 +0200 Subject: [PATCH 76/79] refactor(#2947): remove unused code --- deps/wazuh_testing/wazuh_testing/__init__.py | 1 - .../modules/analysisd/__init__.py | 1 - .../modules/analysisd/event_monitor.py | 20 ---------------- .../wazuh_testing/scripts/syslog_simulator.py | 1 - .../wazuh_testing/tools/configuration.py | 24 ------------------- .../wazuh_testing/tools/run_simulator.py | 21 +--------------- tests/integration/conftest.py | 16 ------------- 7 files changed, 1 insertion(+), 83 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/__init__.py b/deps/wazuh_testing/wazuh_testing/__init__.py index d4f4fe210f..20ea7441ee 100644 --- a/deps/wazuh_testing/wazuh_testing/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/__init__.py @@ -59,7 +59,6 @@ API_DAEMONS_REQUIREMENTS = [API_DAEMON, DB_DAEMON, EXEC_DAEMON, ANALYSISD_DAEMON, REMOTE_DAEMON, MODULES_DAEMON] # Paths -SIMULATE_AGENT = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'simulate_agents.py') SYSLOG_SIMULATOR = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'syslog_simulator.py') ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state') diff --git a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py index 8ba26c0175..d9f79417a0 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/analysisd/__init__.py @@ -1,7 +1,6 @@ ANALYSISD_PREFIX = r'.*wazuh-analysisd.*' MAILD_PREFIX = r'.*wazuh-maild.*' - QUEUE_EVENTS_SIZE = 16384 ANALYSISD_ONE_THREAD_CONFIG = {'analysisd.event_threads': '1', 'analysisd.syscheck_threads': '1', 'analysisd.syscollector_threads': '1', 'analysisd.rootcheck_threads': '1', diff --git a/deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py index 83f066aee6..66b488df22 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/analysisd/event_monitor.py @@ -81,23 +81,3 @@ def get_analysisd_state(): analysisd_state = dict((a.strip(), b.strip()) for a, b in (element.split('=') for element in data.split('\n'))) return analysisd_state - - -def get_messages_info(file_monitor, message, accum_results): - """Check if the alerts.json file contains the message - - Args: - file_monitor (FileMonitor): Wazuh log monitor - message (str): Message to find - accum_results (int): Total message to accumulate - - Returns: - list: List with messages information - """ - error_message = f"Could not find this event in {message}" - - result = file_monitor.start(timeout=T_20, update_position=True, accum_results=accum_results, - callback=generate_monitoring_callback_groups(message), - error_message=error_message).result() - - return result diff --git a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py index 38076b763e..6513770dc7 100644 --- a/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/scripts/syslog_simulator.py @@ -112,7 +112,6 @@ def main(): parameters = get_parameters() set_logging(parameters.debug) validate_parameters(parameters) - send_messages(parameters.message, parameters.messages_number, parameters.eps, parameters.numbered_messages, parameters.address, parameters.port, parameters.protocol) diff --git a/deps/wazuh_testing/wazuh_testing/tools/configuration.py b/deps/wazuh_testing/wazuh_testing/tools/configuration.py index d79c59429d..942d8c6953 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/configuration.py +++ b/deps/wazuh_testing/wazuh_testing/tools/configuration.py @@ -763,30 +763,6 @@ def get_configuration(data_file_path): return configuration_parameters -def get_simulate_agent_configuration(data_file_path): - """Load simulate agent configuration file. - - Args: - data_file_path (str): Configuration file path. - - Returns: - dict: Configurations names. - """ - return get_configuration(data_file_path) - - -def get_syslog_simulator_configuration(data_file_path): - """Load syslog simulator configuration file. - - Args: - data_file_path (str): Configuration file path. - - Returns: - dict: Configurations names. - """ - return get_configuration(data_file_path) - - def get_wazuh_local_rules(): """ Get current `local_rules.xml` file content. diff --git a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py index 95284bca80..9d0e251fd5 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/run_simulator.py @@ -1,26 +1,7 @@ -import socket import subprocess import sys -from wazuh_testing import SIMULATE_AGENT, SYSLOG_SIMULATOR - - -def simulate_agent(param): - """Function to run the script simulate_agent.py - - Args: - param (dict): Dictionary with script parameters - """ - # Get IP address of the host - hostname = socket.gethostname() - ip_addr = socket.gethostbyname(hostname) - - python_executable = sys.executable - subprocess.call(f"{python_executable} {SIMULATE_AGENT} -a {ip_addr} -n {param['num_agent']} \ - -m {param['modules']} -s {param['eps']} -t {param['time']} \ - -f {param['msg_size']} -e {param['num_messages']} \ - -k {param['disable_keepalive_msg']} -d {param['disable_receive_msg']} \ - -c {param['enable_logcollector_msg_number']} -g {param['message']}", shell=True) +from wazuh_testing import SYSLOG_SIMULATOR def syslog_simulator(parameters): diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index 1311d4c70c..f4ba570127 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -1202,14 +1202,6 @@ def create_file(new_file_path): remove_file(new_file_path) -@pytest.fixture(scope='function') -def simulate_agent_function(request): - """Fixture to run the script simulate_agent.py""" - simulate_agent(request.param) - - yield - - @pytest.fixture(scope='session') def load_wazuh_basic_configuration(): """Load a new basic configuration to the manager""" @@ -1228,14 +1220,6 @@ def load_wazuh_basic_configuration(): write_wazuh_conf(backup_ossec_configuration) -@pytest.fixture(scope='function') -def syslog_simulator_function(request): - """Fixture to run the script syslog_simulator.py""" - syslog_simulator(request.param) - - yield - - @pytest.fixture(scope='function') def truncate_event_logs(): """Truncate all the event log files""" From fdb929397c13df4d5e16f93b512101f169eb0e14 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Thu, 29 Sep 2022 10:26:45 +0200 Subject: [PATCH 77/79] refactor(#2947): remove unused variable --- tests/integration/conftest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index f4ba570127..1a94061e3a 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -26,7 +26,7 @@ from wazuh_testing import mocking from wazuh_testing.db_interface.agent_db import update_os_info from wazuh_testing.db_interface.global_db import get_system, modify_system -from wazuh_testing.tools.run_simulator import simulate_agent, syslog_simulator +from wazuh_testing.tools.run_simulator import syslog_simulator from wazuh_testing.tools.configuration import get_minimal_configuration From e9c49fc3984bb148f4f07e34303151cd3975bfe6 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Tue, 4 Oct 2022 14:17:11 +0200 Subject: [PATCH 78/79] refactor(#2947): increase the waiting time before receiving events --- .../test_analysisd/test_limit_eps/test_event_processing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py index 75186889b8..3bceb84e8c 100644 --- a/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py +++ b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py @@ -148,7 +148,7 @@ def test_limitation(configuration, metadata, load_wazuh_basic_configuration, set waited_simulator_time = 0 # Wait until syslog simulator is started - time.sleep(1) + time.sleep(1.5) # Get analysisd stats analysisd_state = evm.get_analysisd_state() From f3223346ce74758e08da5d19b5f2355a009e9c84 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Tue, 4 Oct 2022 16:08:47 +0200 Subject: [PATCH 79/79] refactor(#2947): increase syslog simulator start time --- .../test_limit_eps/test_event_processing.py | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py index 3bceb84e8c..b6ecf758c8 100644 --- a/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py +++ b/tests/integration/test_analysisd/test_limit_eps/test_event_processing.py @@ -1,6 +1,5 @@ import os import pytest -import threading import time import re from math import ceil @@ -9,11 +8,9 @@ from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing import ARCHIVES_LOG_PATH from wazuh_testing.modules.analysisd import event_monitor as evm -from wazuh_testing.tools.services import control_service from wazuh_testing.tools import file from wazuh_testing.modules.analysisd import QUEUE_EVENTS_SIZE, ANALYSISD_ONE_THREAD_CONFIG from wazuh_testing.scripts.syslog_simulator import DEFAULT_MESSAGE_SIZE -from wazuh_testing.processes import check_if_daemons_are_running from wazuh_testing.tools.run_simulator import syslog_simulator from wazuh_testing.tools.thread_executor import ThreadExecutor @@ -21,6 +18,7 @@ TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template', 'event_processing_test_module') TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases', 'event_processing_test_module') +SYSLOG_SIMULATOR_START_TIME = 2 local_internal_options = {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0', 'analysisd.state_interval': '1'} # --------------------------------------------------- TEST_LIMITATION -------------------------------------------------- @@ -148,7 +146,7 @@ def test_limitation(configuration, metadata, load_wazuh_basic_configuration, set waited_simulator_time = 0 # Wait until syslog simulator is started - time.sleep(1.5) + time.sleep(SYSLOG_SIMULATOR_START_TIME) # Get analysisd stats analysisd_state = evm.get_analysisd_state() @@ -252,7 +250,7 @@ def test_queueing_events_after_limitation(configuration, metadata, load_wazuh_ba event_queue_usage = float(analysisd_state['event_queue_usage']) # Check that there are no events in the queue - assert event_queue_usage == 0.0, f"The initial events queue is not at 0%" + assert event_queue_usage == 0.0, 'The initial events queue is not at 0%' # Set syslog simulator parameters according to the use case data syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], @@ -264,7 +262,8 @@ def test_queueing_events_after_limitation(configuration, metadata, load_wazuh_ba syslog_simulator_thread.start() # Wait for the event non-processing stage (limit reached) - waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + 1 # Offset 1s + waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + \ + SYSLOG_SIMULATOR_START_TIME time.sleep(waiting_limit_time) # Get queue usage in limitation stage @@ -353,7 +352,7 @@ def test_dropping_events_when_queue_is_full(configuration, metadata, load_wazuh_ event_queue_usage = float(analysisd_state['event_queue_usage']) # Check that there are no events in the queue - assert event_queue_usage == 0.0, f"The initial events queue is not at 0%" + assert event_queue_usage == 0.0, 'The initial events queue is not at 0%' # Set syslog simulator parameters according to the use case data syslog_simulator_parameters = {'address': metadata['address'], 'port': metadata['port'], @@ -365,7 +364,8 @@ def test_dropping_events_when_queue_is_full(configuration, metadata, load_wazuh_ syslog_simulator_thread.start() # Calculate the non-processing stage (limit reached) - waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + 1 # Offset 1s + waiting_limit_time = ceil((metadata['maximum'] * metadata['timeframe']) / metadata['eps']) + \ + SYSLOG_SIMULATOR_START_TIME # Calculate the stage when the events queue is full (offset 4 sec to check all received-dropped events) waiting_time_queue_is_full = waiting_limit_time + ((QUEUE_EVENTS_SIZE / DEFAULT_MESSAGE_SIZE) / metadata['eps']) + 4 @@ -474,7 +474,7 @@ def test_event_processing_in_order_single_thread(configuration, metadata, load_w # Wait until all events have been processed waiting_time = ((metadata['messages_number_1'] + metadata['messages_number_2']) / - (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 # Offset 1s + (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + SYSLOG_SIMULATOR_START_TIME time.sleep(waiting_time) # Read the events log data @@ -577,8 +577,10 @@ def test_event_processing_in_order_multi_thread(configuration, metadata, load_wa time.sleep(metadata['batch_sending_time']) # Wait until all events have been processed - waiting_time_to_process_all_events = ((metadata['messages_number'] * metadata['num_batches']) / # offset 1s - (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + 1 + waiting_time_to_process_all_events = \ + ((metadata['messages_number'] * metadata['num_batches']) / + (metadata['maximum'] * metadata['timeframe'])) * metadata['timeframe'] + SYSLOG_SIMULATOR_START_TIME + waited_time_to_create_threads = metadata['batch_sending_time'] * metadata['num_batches'] time.sleep(waiting_time_to_process_all_events - waited_time_to_create_threads)