Migrate test_scan, test_skip, and test_stats_integrity_sync of test_fim/test_files documentation to qa-docs

docs/DocGenerator/config.yaml

@@ -67,6 +67,9 @@ Ignore paths:
  - "../../tests/integration/test_fim/test_files/test_recursion_level/data"
  - "../../tests/integration/test_fim/test_files/test_restrict/data"
  - "../../tests/integration/test_fim/test_files/test_report_changes/data"
+ - "../../tests/integration/test_fim/test_files/test_scan/data"
+ - "../../tests/integration/test_fim/test_files/test_skip/data"
+ - "../../tests/integration/test_fim/test_files/test_stats_integrity_sync/data"
 
 Output fields:
  Module:

tests/integration/test_fim/test_files/test_scan/test_scan_day.py

@@ -1,6 +1,76 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these
+ files are modified. Specifically, these tests will check if the 'wazuh-syscheckd' daemon runs
+ the scans on a specific day of the week set in the 'scan_day' tag.
+ The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured files
+ for changes to the checksums, permissions, and ownership.
+
+tier: 1
+
+modules:
+ - fim
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-syscheckd
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#scan-day
+
+pytest_args:
+ - fim_mode:
+ realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems.
+ whodata: Implies real-time monitoring but adding the 'who-data' information.
+ - tier:
+ 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform.
+ 1: Only level 1 tests are performed, they check functionalities of medium complexity.
+ 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform.
+
+tags:
+ - fim_scan
+'''
 import os
 from datetime import datetime, timedelta
 
@@ -48,10 +118,49 @@ def get_configuration(request):
 def test_scan_day(tags_to_apply,
  get_configuration, configure_environment,
  restart_syscheckd, wait_for_fim_start):
- """Check if there is a scan at a certain day of the week
-
- It will only scan once a week, on the given day.
- """
+ '''
+ description: Check if the 'wazuh-syscheckd' performs a scan on the day of the week specified in
+ the 'scan_day' tag. For this purpose, the test will monitor a testing folder and
+ modify the system date to the day of the scan that should be performed. Then, it
+ will check if an FIM event, indicating that the scan is ended, is generated. Finally,
+ the test will verify that scans are not performed on a different day of the week
+ specified in the test case.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - tags_to_apply:
+ type: set
+ brief: Run test if match with a configuration identifier, skip otherwise.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_syscheckd:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+ - wait_for_fim_start:
+ type: fixture
+ brief: Wait for realtime start, whodata start, or end of initial FIM scan.
+
+ assertions:
+ - Verify that an FIM event is generated when the system date matches
+ the day of the week specified for the scan.
+ - Verify that scan is not performed on a different day of the week than scheduled.
+
+ input_description: A test case (scan_day) is contained in external YAML file (wazuh_conf.yaml) which
+ includes configuration settings for the 'wazuh-syscheckd' daemon. These are combined
+ with the testing directory to be monitored and the scan days defined in the module.
+
+ expected_output:
+ - r'.*Sending FIM event: (.+)$' (at scan ends)
+
+ tags:
+ - scheduled
+ - time_travel
+ '''
  check_apply_test(tags_to_apply, get_configuration['tags'])
 
  day_of_week = {'monday': 0,

tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py

@@ -1,6 +1,77 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when these files
+ are modified. Specifically, these tests will check if the 'wazuh-syscheckd' daemon runs the scans
+ on a specific day of the week and time, set them in the 'scan_day' and 'scan_time' tags.
+ The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured files
+ for changes to the checksums, permissions, and ownership.
+
+tier: 1
+
+modules:
+ - fim
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-syscheckd
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#scan-day
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#scan-time
+
+pytest_args:
+ - fim_mode:
+ realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems.
+ whodata: Implies real-time monitoring but adding the 'who-data' information.
+ - tier:
+ 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform.
+ 1: Only level 1 tests are performed, they check functionalities of medium complexity.
+ 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform.
+
+tags:
+ - fim_scan
+'''
 import os
 from calendar import monthrange
 from datetime import datetime, timedelta
@@ -82,11 +153,48 @@ def get_configuration(request):
 def test_scan_day_and_time(tags_to_apply,
  get_configuration, configure_environment,
  restart_syscheckd, wait_for_fim_start):
- """
- Check if there is a scan in a certain day and time
-
- This test must check both scan params.
- """
+ '''
+ description: Check if the 'wazuh-syscheckd' performs a scan on the day of the week and the time specified in
+ the 'scan_day' and 'scan_time' tags. For this purpose, the test will monitor a testing folder and
+ modify the system date to the moment of the scan that should be performed. Then, it will check
+ if an FIM event, indicating that the scan is ended, is generated. Finally, the test will verify
+ that scans are not performed on a different day or time specified in the test case.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - tags_to_apply:
+ type: set
+ brief: Run test if match with a configuration identifier, skip otherwise.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_syscheckd:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+ - wait_for_fim_start:
+ type: fixture
+ brief: Wait for realtime start, whodata start, or end of initial FIM scan.
+
+ assertions:
+ - Verify that an FIM event is generated when the system date matches
+ the day of the week and the time specified for the scan.
+ - Verify that scan is not performed on a different day or time than scheduled.
+
+ input_description: A test case (scan_both) is contained in external YAML file (wazuh_conf.yaml) which
+ includes configuration settings for the 'wazuh-syscheckd' daemon. These are combined
+ with the testing directory to be monitored and the scan dates defined in the module.
+
+ expected_output:
+ - r'.*Sending FIM event: (.+)$' (at scan ends)
+
+ tags:
+ - scheduled
+ - time_travel
+ '''
  check_apply_test(tags_to_apply, get_configuration['tags'])
 
  day_of_week = {'monday': 0,