IT - Wazuh DB (T0): Successful behavior of wazuh DB commands

[damarisg]

Description

During the Wazuh DB agent group migration, the core team added new wazuh-db commands that requires new validations.

This issue is for adding examples and validations to global_messages.yaml

The commands involved are:

---

sync-agent-groups-get

Summary:

​- The command follows the syntax sync-agent-groups-get <json-params>

• For the synchronization of group information in the cluster.
• The json-params follows the following format:
  ​

{
"condition": "<sync_status/all>",
"last_id": 1234,
"set_synced": true,
"get_global_hash": true
}

• condition: This JSON parameter accepts two possible values. With sync_status it will return the information of the agent groups set in sync_req. With all, it will return the agent group data of all agents.
• last_id: In case of receiving a response that exceeds the maximum data transfer size, in the next call you must specify the last received ID so that wazuh-db knows where to continue from.
• set_synced: If true, will set all agents in the sync-req state to synced.
• get_global_hash: if true, the response will have an element inside the object with the global hash of the agent groups.

​

• The response follows the following format:

[
    {
        "data": [
            {
                "id":"001",
                "groups": [
                    "G1",
                    "G2"
                ]
            },
            {
                "id":"002",
                "groups": [
                    "G2",
                    "G3"
                ]
            }
        ],
        "hash": "<global hash>"
    }
]

References:

• Create the get Wazuh DB command for the groups synchronization in the cluster
• Adapt wdb_global_sync_agent_groups_get with the new groups synchronization requirements
• Examples.

---

set-agent-groups

Summary:

The command follows the syntax set-agent-groups <json-params>
The json-params follows the next format:
​

{
    "mode": "override/append/empty_only",
    "sync_status": "synced/sync_req",
    "data": [
        {
            "id": "001",
            "groups": [
                "G1",
                "G2"
            ]
        },
        {
            "id": "002",
            "groups": [
                "G2",
                "G3"
            ]
        }
    ]
}

• mode: This JSON parameter accepts three possible values:
• override: Re-writes the agent groups.
• append: Add extra groups to the existing ones. The new groups should follow the priority of the already assigned.
• empty_only: Writes the new groups only if the agent doesn't have one.
• sync_status: It could be sync_req or synced to indicate whether the information should be synchronized in the cluster.
• data: A JSON array with the groups information of all the agents.

​The response follows the next format:
​1. In case of success: ok
2. In case of error: err An error occurred during the set of the groups

Note
Missing cases of remove.

• Verify that an agent is effectively removed from a group.
• Verify that if the agent has only 1 group, the agent is automatically assigned to the default group after using de remove command.
• Check the next comment for examples on the execution: Implement set-agent-groups command wazuh#11459 (comment).

References:

• Create the set Wazuh DB command for the groups synchronization in the cluster

---

get-groups-integrity

Summary:

It receives as a parameter the hash of the group information.
It calculates the hash of the group information in the database and compares the hashes (received vs calculated).

• If there is at least one agent in the database with group_sync_status in syncreq state, returns a json array with the word syncreq indicating that the information requires synchronization before checking its integrity.
• If there is no agent in the database with group_sync_status in syncreq state, it calculates the hash and compares it with the one received as a parameter. It can return a JSON array with synced or hash_mismatch

References:

​- Added get-groups-integrity command - Comment
​​

---

global backup

Summary:

​

• This command allows the user to create, list, and restore backups of the global.db database.
• The command follows the next syntax: global backup <create/get/restore> < JSONrestore data>
• Folder that contains backups created of global.db: /var/ossec/backup/db
• When wazuh starts creating the first backup.
• On ossec.conf in the manager we don't see any setting, but It's enabled.
• Check behavior with each variable.
• Could be disabled? Check behavior.

References:

• Create a new backup mechanism for Wazuh-DB databases - Implementation
  ​- Comment

​​​

---

wazuhdb getconfig

References:

• This command allows the user to query the wazuh-db settings.
• Comment for details on the execution

​

---

[damarisg]

UPDATE: 2022/03/18

After review by the Core Team, a few changes were requested:

• set_agent_groups: add cases (valid, invalid) where the group name contains special characters.
• sync_agent_groups_get: Remove "source":"remote"

[Deblintrake09]

Update 2022/04/07

• Fixed messages according to new changes in responses.
• Fixed sync-agent-groups-get test case that checked with negative ids (as per found on Issue #13039
• move to Pending Review

[damarisg]

It was merged on qa-10771-agent-groups-files-to-wazuh-db branch and closed.