-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: Add of test_remoted documentation in QA Docs style
The following tests have been documentated: * test_active_response_send_ar.py * test_agent_pending_status.py The current scheme of the issue #1694 has been used. PEP-8 fixes. Related: #1816
- Loading branch information
Showing
2 changed files
with
196 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,58 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-remoted' program is the server side daemon that communicates with the agents. | ||
Specifically, these tests will check if an active response command is sent correctly | ||
to the Wazuh agent. Active responses perform various countermeasures to address active | ||
threats, such as blocking access to an agent from the threat source when certain | ||
criteria are met. | ||
tier: 1 | ||
modules: | ||
- remoted | ||
components: | ||
- manager | ||
daemons: | ||
- wazuh-remoted | ||
- wazuh-execd | ||
os_platform: | ||
- linux | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html | ||
tags: | ||
- remoted_active_response | ||
''' | ||
import os | ||
import pytest | ||
import time | ||
|
@@ -37,7 +88,7 @@ | |
{'protocol': TCP_UDP, 'port': '4565'} | ||
] | ||
|
||
configurations = load_wazuh_configurations(configurations_path, __name__ , | ||
configurations = load_wazuh_configurations(configurations_path, __name__, | ||
params=parameters, metadata=metadata) | ||
configuration_ids = [f"{x['PROTOCOL']}_{x['PORT']}" for x in parameters] | ||
|
||
|
@@ -55,14 +106,44 @@ def get_configuration(request): | |
"Sometimes it doesn't work properly when it sends keepalives " | ||
"messages causing the agent to never being in active status.") | ||
def test_active_response_ar_sending(get_configuration, configure_environment, restart_remoted): | ||
"""Test if `wazuh-remoted` sends active response commands to the agent. | ||
Check if execd sends active response command to the remoted module in the manager. Then, it | ||
ensures that the agent receives the active command message from the manager. | ||
Raises: | ||
AssertionError: if `wazuh-remoted` does not send the active response command to the agent. | ||
""" | ||
''' | ||
description: Check if the 'wazuh-remoted' daemon sends active response commands to the Wazuh agent. | ||
For this purpose, the test will establish a connection with a simulated agent using | ||
different ports and transport protocols. Then, it will send an active response to that | ||
agent, and finally, the test will verify that the events indicating that the active | ||
response has been sent by the manager and received it by the agent are generated. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
- restart_remoted: | ||
type: fixture | ||
brief: Clear the 'ossec.log' file and start a new monitor. | ||
assertions: | ||
- Verify that the 'wazuh-execd' daemon sends the active response to the 'wazuh-remoted' daemon. | ||
- Verify that the 'wazuh-remoted' daemon receives the active response from the 'wazuh-execd' daemon. | ||
- Verify that the Wazuh agent receives an active response message. | ||
input_description: A configuration template (test_active_response_send_ar) is contained in an external YAML | ||
file (wazuh_test_active_response.yaml). That template is combined with different | ||
test cases defined in the module. Those include configuration settings for | ||
the 'wazuh-remoted' daemon. | ||
expected_output: | ||
- r'.*Active response request received.*' | ||
- r'.*Active response sent.*' | ||
tags: | ||
- active_response | ||
- simulator | ||
''' | ||
protocol_array = (get_configuration['metadata']['protocol']).split(',') | ||
manager_port = get_configuration['metadata']['port'] | ||
|
||
|
@@ -92,6 +173,7 @@ def test_active_response_ar_sending(get_configuration, configure_environment, re | |
wazuh_log_monitor.start(timeout=10, callback=log_callback, | ||
error_message='The expected event has not been found in ossec.log') | ||
|
||
remote.check_agent_received_message(agent, f"#!-execd {remote.ACTIVE_RESPONSE_EXAMPLE_COMMAND}", escape=True) | ||
remote.check_agent_received_message(agent, f"#!-execd {remote.ACTIVE_RESPONSE_EXAMPLE_COMMAND}", | ||
escape=True) | ||
finally: | ||
injector.stop_receive() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,58 @@ | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-remoted' program is the server side daemon that communicates with the agents. | ||
Specifically, these tests will check if the agent status appears as 'disconnected' after | ||
just sending the 'start-up' event, sent by several agents using different protocols. | ||
The 'disconnected' status is when the manager considers that the agent is disconnected | ||
if it does not receive any keep alive messages. | ||
tier: 0 | ||
modules: | ||
- remoted | ||
components: | ||
- manager | ||
daemons: | ||
- wazuh-remoted | ||
os_platform: | ||
- linux | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html | ||
- https://documentation.wazuh.com/current/user-manual/agents/agent-life-cycle.html?highlight=status#agent-status | ||
tags: | ||
- remoted_agent_communication | ||
''' | ||
import os | ||
import pytest | ||
|
||
|
@@ -49,17 +104,51 @@ | |
|
||
def check_active_agents(num_agents=1, manager_address='127.0.0.1', agent_version='4.2.0', agent_os='debian7', | ||
manager_port=1514, protocol=TCP): | ||
"""Check if the status of the agent is disable after sending only the start-up event. | ||
Args: | ||
num_agents (int): Number of agents to create and check their status. | ||
manager_address (str): Manager IP address. | ||
agent_version (str): Agent wazuh version. | ||
agent_os (str): Agent operating system. | ||
manager_port (int): Manager remote communication port. | ||
protocol (str): It can be TCP, UDP or TCP_UDP (both). | ||
Raises: | ||
AttributeError: If the agent status is not active. | ||
""" | ||
''' | ||
description: Check if the status of the agent is 'disconnected' after sending only the start-up event. | ||
For this purpose, the test will establish a connection with simulated agents using | ||
different ports and transport protocols. Then, it will send initialization events to the | ||
agents and check if the 'pending' status is active for each agent. Finally, the test | ||
will verify that the 'disconnected' status is active on all agents. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- num_agents: | ||
type: int | ||
brief: Number of agents to create and check their status. | ||
- manager_address: | ||
type: str | ||
brief: Manager IP address. | ||
- agent_version: | ||
type: str | ||
brief: Wazuh agent version. | ||
- agent_os: | ||
type: str | ||
brief: Agent operating system. | ||
- manager_port: | ||
type: int | ||
brief: Manager remote communication port. | ||
- protocol: | ||
type: str | ||
brief: It can be TCP, UDP or TCP_UDP (both). | ||
assertions: | ||
- Verify that the 'pending' status is active when a Wazuh agent is initialized. | ||
- Verify that the 'disconnected' status is active after a Wazuh agent has a 'pending' status. | ||
input_description: A configuration template (test_agent_pending_status) is contained in an external YAML | ||
file (wazuh_agent_pending_status.yaml). That template is combined with different | ||
test cases defined in the module. Those include configuration settings for | ||
the 'wazuh-remoted' daemon. | ||
expected_output: | ||
- r'pending' | ||
- r'disconnected' | ||
tags: | ||
- simulator | ||
''' | ||
def send_initialization_events(agent, sender): | ||
"""Send the start-up and keep-alive events""" | ||
try: | ||
|