-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Changed test_execd yaml due to an error in AR configuration, added do…
…cumentation for this tests
- Loading branch information
1 parent
8a9e517
commit f9f79fb
Showing
5 changed files
with
40 additions
and
5 deletions.
There are no files selected for viewing
14 changes: 13 additions & 1 deletion
14
docs/tests/integration/test_active_response/test_execd/test_execd_firewall_drop.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,18 @@ | ||
# Test execd firewall drop | ||
This test check that Active Response script called 'firewall-drop' is executed correctly when configured. | ||
|
||
## General info | ||
|
||
## Code documentation | ||
| Tier | Platforms | Time spent| Test file | | ||
|:--:|:--:|:--:|:--:| | ||
| 0 | Linux | 00:00:11 | [test_active_response/test_execd/test_execd_firewall_drop.py]| | ||
|
||
## Test logic | ||
|
||
- Check Active Response enabled in ossec logs and AR logs. | ||
- If expected success check if the IP was added/removed in iptables. | ||
- If not, check error log "Invalid input format" | ||
|
||
## Code documentation | ||
|
||
<!-- ::: tests.integration.test_active_response.test_execd.test_execd_firewall_drop --> |
16 changes: 14 additions & 2 deletions
16
docs/tests/integration/test_active_response/test_execd/test_execd_restart.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,18 @@ | ||
# Test execd restart | ||
This test check that Active Response script called 'restart-wazuh' is executed correctly when configured. | ||
|
||
## General info | ||
|
||
## Code documentation | ||
| Tier | Platforms | Time spent| Test file | | ||
|:--:|:--:|:--:|:--:| | ||
| 0 | Linux/Windows | 00:00:10 | [test_active_response/test_execd/test_execd_restart.py]| | ||
|
||
<!-- ::: tests.integration.test_active_response.test_execd.test_execd_restart --> | ||
## Test logic | ||
|
||
- Check Active Response enabled in ossec logs and AR logs. | ||
- If expected success check shutdown message. | ||
- If not, check error log "Invalid input format" | ||
|
||
## Code documentation | ||
|
||
<!-- ::: tests.integration.test_active_response.test_execd.test_execd_restart --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters