Migrate test_env_variables and test_file_limit of test_fim/test_files documentation to qa-docs

tests/integration/test_fim/test_files/test_env_variables/test_dir.py

@@ -1,7 +1,77 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
 
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts
+ when these files are modified. Specifically, these tests will check if FIM events are
+ generated when multiple environment variables are used to monitor directories.
+ The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks
+ configured files for changes to the checksums, permissions, and ownership.
+
+tier: 2
+
+modules:
+ - fim
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-syscheckd
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#directories
+
+pytest_args:
+ - fim_mode:
+ realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems.
+ whodata: Implies real-time monitoring but adding the 'who-data' information.
+ - tier:
+ 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform.
+ 1: Only level 1 tests are performed, they check functionalities of medium complexity.
+ 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform.
+
+tags:
+ - fim_env_variables
+'''
 import os
 import sys
 
@@ -61,9 +131,49 @@ def get_configuration(request):
 ])
 def test_tag_directories(directory, get_configuration, put_env_variables, configure_environment,
  restart_syscheckd, wait_for_fim_start):
- """
- Test alerts are generated when monitor environment variables
- """
+ '''
+ description: Check if the 'wazuh-syscheckd' daemon detects CUD events ('added', 'modified', and 'deleted')
+ when environment variables are used to monitor directories. For this purpose, the test
+ will monitor a directory that is defined in an environment variable. Then, different
+ operations will be performed on testing files, and finally, the test will verify
+ that the proper FIM events have been generated.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - directory:
+ type: str
+ brief: Path to the directory to be monitored.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - put_env_variables:
+ type: fixture
+ brief: Create the environment variables.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_syscheckd:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+ - wait_for_fim_start:
+ type: fixture
+ brief: Wait for realtime start, whodata start, or end of initial FIM scan.
+
+ assertions:
+ - Verify that FIM events are generated when environment variables are used to monitor directories.
+
+ input_description: A test case (ossec_conf) is contained in external YAML file (wazuh_conf_dir.yaml) which
+ includes configuration settings for the 'wazuh-syscheckd' daemon and, it is combined
+ with the directories to be monitored defined as environment variables in this module.
+
+ expected_output:
+ - r'.*Sending FIM event: (.+)$' ('added', 'modified', and 'deleted' events)
+
+ tags:
+ - scheduled
+ - time_travel
+ '''
  regular_file_cud(directory, wazuh_log_monitor, file_list=["testing_env_variables"],
  min_timeout=global_parameters.default_timeout,
  time_travel=get_configuration['metadata']['fim_mode'] == 'scheduled')

tests/integration/test_fim/test_files/test_env_variables/test_dir_win32.py

@@ -1,7 +1,58 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
 
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts
+ when these files are modified. Specifically, these tests will check if FIM events are
+ generated when environment variables are used to monitor directories in Windows systems.
+ The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured
+ files for changes to the checksums, permissions, and ownership.
+
+tier: 2
+
+modules:
+ - fim
+
+components:
+ - agent
+
+daemons:
+ - wazuh-syscheckd
+
+os_platform:
+ - windows
+
+os_version:
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#directories
+
+pytest_args:
+ - fim_mode:
+ realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems.
+ whodata: Implies real-time monitoring but adding the 'who-data' information.
+ - tier:
+ 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform.
+ 1: Only level 1 tests are performed, they check functionalities of medium complexity.
+ 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform.
+
+tags:
+ - fim_env_variables
+'''
 import os
 
 import pytest
@@ -43,9 +94,49 @@ def get_configuration(request):
 @pytest.mark.parametrize('directory', [subdir1])
 def test_tag_directories(directory, get_configuration, put_env_variables, configure_environment,
  restart_syscheckd, wait_for_fim_start):
- """
- Test alerts are generated when monitor environment variables
- """
+ '''
+ description: Check if the 'wazuh-syscheckd' daemon detects CUD events ('added', 'modified', and 'deleted')
+ when environment variables are used to monitor directories. For this purpose, the test
+ will monitor a directory that is defined in an environment variable. Then, different
+ operations will be performed on testing files, and finally, the test will verify
+ that the proper FIM events have been generated.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - directory:
+ type: str
+ brief: Path to the directory to be monitored.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - put_env_variables:
+ type: fixture
+ brief: Create the environment variables.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_syscheckd:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+ - wait_for_fim_start:
+ type: fixture
+ brief: Wait for realtime start, whodata start, or end of initial FIM scan.
+
+ assertions:
+ - Verify that FIM events are generated when environment variables are used to monitor directories.
+
+ input_description: A test case (ossec_conf) is contained in external YAML file (wazuh_conf_dir.yaml) which
+ includes configuration settings for the 'wazuh-syscheckd' daemon and, it is combined
+ with the directory to be monitored defined as an environment variable in this module.
+
+ expected_output:
+ - r'.*Sending FIM event: (.+)$' ('added', 'modified', and 'deleted' events)
+
+ tags:
+ - scheduled
+ - time_travel
+ '''
  regular_file_cud(directory, wazuh_log_monitor, file_list=["testing_env_variables"],
  min_timeout=global_parameters.default_timeout,
  time_travel=get_configuration['metadata']['fim_mode'] == 'scheduled')

tests/integration/test_fim/test_files/test_env_variables/test_ignore.py

@@ -1,7 +1,77 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
-
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts
+ when these files are modified. Specifically, these tests will check if the 'ignore' tag
+ works correctly when environment variables are used to define the directories to ignore.
+ The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured
+ files for changes to the checksums, permissions, and ownership.
+
+tier: 2
+
+modules:
+ - fim
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-syscheckd
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#ignore
+
+pytest_args:
+ - fim_mode:
+ realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems.
+ whodata: Implies real-time monitoring but adding the 'who-data' information.
+ - tier:
+ 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform.
+ 1: Only level 1 tests are performed, they check functionalities of medium complexity.
+ 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform.
+
+tags:
+ - fim_env_variables
+'''
 import os
 import sys
 
@@ -64,10 +134,54 @@ def get_configuration(request):
 ])
 def test_tag_ignore(directory, event_generated, get_configuration, configure_environment, put_env_variables,
  restart_syscheckd, wait_for_fim_start):
- """
- Test environment variables are ignored
- """
-
+ '''
+ description: Check if the 'wazuh-syscheckd' daemon ignores directories when they are defined using
+ environment variables. For this purpose, the test will monitor a directory that is ignored
+ in an environment variable set in the 'ignore' tag. Then, a testing file will be added to
+ that directory, and finally, the test will verify that the 'ignoring' or `added` FIM events
+ have been generated according to the test case.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - directory:
+ type: str
+ brief: Path to the directory to be monitored.
+ - event_generated:
+ type: bool
+ brief: True if the directory is not ignored. False otherwise.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - put_env_variables:
+ type: fixture
+ brief: Create the environment variables.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_syscheckd:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+ - wait_for_fim_start:
+ type: fixture
+ brief: Wait for realtime start, whodata start, or end of initial FIM scan.
+
+ assertions:
+ - Verify that 'ignoring' FIM event is generated when the ignored directories
+ are defined using environment variables.
+
+ input_description: A test case (ossec_conf) is contained in external YAML file (wazuh_conf_ignore.yaml) which
+ includes configuration settings for the 'wazuh-syscheckd' daemon and, it is combined
+ with the directories to be ignored defined as environment variables in this module.
+
+ expected_output:
+ - r'.*Sending FIM event: (.+)$' ('added' event if the testing directory is not ignored)
+ - r'.*Ignoring'
+
+ tags:
+ - scheduled
+ - time_travel
+ '''
  # Create text files
  filename = "test"
  create_file(REGULAR, directory, filename, content="")