Analysisd - add new test to check analysisd socket properties

CHANGELOG.md

@@ -17,6 +17,7 @@ Release report: TBD
 - CVEs alerts inventory for Vulnerability Detector - VDT and WDB Integration Tests implementation ([#1243](https:/wazuh/wazuh-qa/pull/1243))
 - Analysisd - add new test to check the pre-decoding stage of analysisd ([#2406](https:/wazuh/wazuh-qa/pull/2406))
 - Add test to check if files can be accessed while FIM has them opened ([#705](https:/wazuh/wazuh-qa/pull/705))
+- Analysisd - add a new test to check analysisd socket properties ([#2405](https:/wazuh/wazuh-qa/pull/2405))
 - Add system test to check synchronization between agent and manager when one of this was stopped. ([#2536](https:/wazuh/wazuh-qa/pull/2536))
 
 ### Changed

deps/wazuh_testing/wazuh_testing/tools/__init__.py

@@ -25,6 +25,7 @@
  ANALYSIS_STATISTICS_FILE = None
  UPGRADE_PATH = os.path.join(WAZUH_PATH, 'upgrade')
  AGENT_AUTH_BINARY_PATH = os.path.join(WAZUH_PATH, 'agent-auth.exe')
+ ANALYSISD_BINARY_PATH = None
  HOSTS_FILE_PATH = os.path.join("C:", os.sep, "Windows", "System32", "drivers", "etc", "hosts")
  GLOBAL_DB_PATH = None
  WAZUH_UNIX_USER = 'wazuh'
@@ -63,6 +64,7 @@
  ANALYSIS_STATISTICS_FILE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state')
  UPGRADE_PATH = os.path.join(WAZUH_PATH, 'var', 'upgrade')
  AGENT_AUTH_BINARY_PATH = os.path.join(WAZUH_PATH, 'bin', 'agent-auth')
+ ANALYSISD_BINARY_PATH = os.path.join(WAZUH_PATH, 'bin', 'wazuh-analysisd')
  if sys.platform == 'sunos5':
  HOSTS_FILE_PATH = os.path.join('/', 'etc', 'inet', 'hosts')
  else:

tests/integration/test_analysisd/conftest.py

@@ -9,10 +9,9 @@
 
 from wazuh_testing.tools import (ALERT_FILE_PATH, LOG_FILE_PATH,
  WAZUH_UNIX_USER, WAZUH_UNIX_GROUP,
- CUSTOM_RULES_PATH)
+ CUSTOM_RULES_PATH, ANALYSISD_DAEMON)
 from wazuh_testing.tools.file import truncate_file
-from wazuh_testing.tools.services import control_service
-from wazuh_testing.mocking import create_mocked_agent, delete_mocked_agent
+from wazuh_testing.tools.services import control_service, check_daemon_status
 from wazuh_testing.tools.monitoring import FileMonitor
 
 
@@ -68,16 +67,14 @@ def configure_custom_rules(request, get_configuration):
 
 @pytest.fixture(scope='module')
 def restart_analysisd():
- """wazuh-analysisd restart and log truncation"""
- required_logtest_daemons = ['wazuh-analysisd']
+ """Restart analysisd and truncate logs."""
 
  truncate_file(ALERT_FILE_PATH)
  truncate_file(LOG_FILE_PATH)
 
- for daemon in required_logtest_daemons:
-  control_service('restart', daemon=daemon)
+ control_service('restart', daemon=ANALYSISD_DAEMON)
+ check_daemon_status(running_condition=True, target_daemon=ANALYSISD_DAEMON)
 
  yield
 
- for daemon in required_logtest_daemons:
- control_service('stop', daemon=daemon)
+ control_service('stop', daemon=ANALYSISD_DAEMON)

tests/integration/test_analysisd/test_queue_socket_properties/test_queue_socket_properties.py

@@ -0,0 +1,129 @@
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-analysisd' daemon refreshes the queue socket file every time the configuration test is executed
+ Specifically, this test will check if after running the configuration test of 'wazuh-analysisd' the properties
+ of the queue socket file are changed.
+
+tier: 0
+
+modules:
+ - analysisd
+
+components:
+ - manager
+
+daemons:
+ - wazuh-analysisd
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/reference/daemons/wazuh-analysisd.html
+
+tags:
+ - analysisd
+'''
+import os
+import pytest
+import subprocess
+
+from wazuh_testing.tools import ANALYSISD_BINARY_PATH, ANALYSISD_QUEUE_SOCKET_PATH
+
+
+# Marks
+pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server]
+
+# Variables
+command_exec = f'{ANALYSISD_BINARY_PATH} -t'
+
+
+@pytest.fixture(scope="function")
+def socket_file_properties():
+ """Get the inode and modification time values of the 'queue' socket of 'wazuh-analysisd'"""
+ return os.stat(ANALYSISD_QUEUE_SOCKET_PATH).st_ino, os.path.getmtime(ANALYSISD_QUEUE_SOCKET_PATH)
+
+
+@pytest.fixture(scope="function")
+def run_analysisd_test_config():
+ """Run the daemon configuration test mode of 'wazuh-analysisd'"""
+ run = subprocess.Popen(['/bin/bash', '-c', command_exec])
+ run.communicate()
+
+
+before_socket_properties = socket_file_properties
+after_socket_properties = socket_file_properties
+
+
+# Tests
+def test_queue_socket_properties(restart_analysisd, before_socket_properties, run_analysisd_test_config,
+ after_socket_properties):
+ '''
+ description: Check if after running the configuration test of 'wazuh-analysisd' the properties
+ of the queue socket file are changed.
+
+ wazuh_min_version: 4.3.0
+
+ parameters:
+ - restart_analysisd:
+ type: fixture
+ brief: Restart analysisd and truncate logs.
+ - before_socket_properties:
+ type: fixture
+ brief: Obtain the previous properties of the 'queue' socket.
+ - run_analysisd_test_config:
+ type: fixture
+ brief: Run the daemon configuration test mode of 'wazuh-analysisd'
+ - after_socket_properties:
+ type: fixture
+ brief: Obtain the later properties of the 'queue' socket.
+
+ assertions:
+ - Verify that the Inode value of the socket file does not change its value after running the
+ configuration test of 'wazuh-analysisd'
+ - Verify that the File time value of the socket file does not change its value after running the
+ configuration test of 'wazuh-analysisd'
+
+ input_description: The test gets the current properties of the socket file and some parameters
+ to run the daemon configuration test of 'wazuh-analysisd'.
+
+ expected_output:
+ - f"The inode value for the socket {ANALYSISD_QUEUE_SOCKET_PATH} has changed"
+ - f"The modification time property for the socket {ANALYSISD_QUEUE_SOCKET_PATH} has changed"
+ tags:
+ - analysisd
+ '''
+ before_inode_file, before_status_time = before_socket_properties
+ after_inode_file, after_status_time = after_socket_properties
+
+ assert before_inode_file == after_inode_file, \
+ f"The inode value for the socket {ANALYSISD_QUEUE_SOCKET_PATH} has changed"
+
+ assert before_status_time == after_status_time, \
+ f"The modification time property value for the socket {ANALYSISD_QUEUE_SOCKET_PATH} has changed"