System Tests: FIM - Synchronization process

CHANGELOG.md

@@ -39,6 +39,7 @@ Release report: https:/wazuh/wazuh-qa/issues/2500
 ### Added
 
 - Added specific version of libcst to install in python lower than 3.7. ([#2459](https:/wazuh/wazuh-qa/pull/2459))
+- Add system test to check synchronization between agent and manager. ([#2443](https:/wazuh/wazuh-qa/pull/2443))
 - Make `simulate-api-load` CLI run tasks simultaneously. ([#2392](https:/wazuh/wazuh-qa/pull/2392))
 - Add `qa-ctl` `v0.3`. ([#2307](https:/wazuh/wazuh-qa/pull/2307))
 - Add `qa-ctl` `v0.2`. ([#2299](https:/wazuh/wazuh-qa/pull/2299))

deps/wazuh_testing/wazuh_testing/tools/monitoring.py

@@ -913,6 +913,7 @@ def run(self):
  break
  time.sleep(self._time_step)
  self.check_result()
+ return self.result()
 
  @new_process
  def file_composer(self, host, path, output_path):

deps/wazuh_testing/wazuh_testing/tools/system.py

@@ -261,4 +261,3 @@ def clean_environment(host_manager, target_files):
  """
  for target in target_files:
  host_manager.clear_file(host=target[0], file_path=target[1])
-

tests/system/README.md

@@ -116,6 +116,7 @@ required an specific testing environment located in `wazuh-qa/tests/system/provi
 | test_cluster/test_integrity_sync | agentless_cluster |
 | test_jwt_invalidation | agentless_cluster |
 | test_active_response_log_format | manager_agent |
+| test_fim/test_synchronization | one_manager_agent |
 
 ### Test structure
 

tests/system/provisioning/one_manager_agent/ansible.cfg

@@ -0,0 +1,12 @@
+[defaults]
+hash_behaviour = replace
+gather_timeout = 300
+stdout_callback = yaml
+callback_whitelist = profile_tasks, timer
+timeout = 60
+log_path = ./ansible.log
+
+[ssh_connection]
+ssh_args = -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+pipelining = True
+retries = 10

tests/system/provisioning/one_manager_agent/destroy.yml

@@ -0,0 +1,10 @@
+- hosts: localhost
+ tasks:
+ - docker_container:
+ name: wazuh-manager
+ state: absent
+ force_kill: yes
+ - docker_container:
+ name: wazuh-agent1
+ state: absent
+ force_kill: yes

tests/system/provisioning/one_manager_agent/inventory.yml

@@ -0,0 +1,8 @@
+all:
+ hosts:
+ wazuh-manager:
+ ansible_connection: docker
+ ansible_python_interpreter: python
+ wazuh-agent1:
+ ansible_connection: docker
+ ansible_python_interpreter: python

tests/system/provisioning/one_manager_agent/playbook.yml

@@ -0,0 +1,48 @@
+---
+- name: Create our container (Manager)
+ hosts: localhost
+ vars_files:
+ - ./vars/configurations.yml
+ tasks:
+ - name: Create a network
+ docker_network:
+ name: "{{ docker_network }}"
+ - docker_container:
+ name: "{{ manager_hostname }}"
+ image: "{{ image }}"
+ hostname: "{{ manager_hostname }}"
+ networks:
+ - name: "{{ docker_network }}"
+
+- name: Create our container (Agent1)
+ hosts: localhost
+ vars_files:
+ - ./vars/configurations.yml
+ tasks:
+ - docker_container:
+ name: "{{ agent1_hostname }}"
+ image: "{{ image }}"
+ hostname: "{{ agent1_hostname }}"
+ networks:
+ - name: "{{ docker_network }}"
+
+- name: Wazuh Manager
+ hosts: wazuh-manager
+ vars:
+ master_hostname: "wazuh-manager"
+ vars_files:
+ - ./vars/configurations.yml
+ roles:
+ - name: "roles/manager-role"
+
+- name: Wazuh Agent1
+ hosts: wazuh-agent1
+ vars:
+ manager_hostname: wazuh-manager
+ agent_id: "{{ agent1_id }}"
+ agent_hostname: "{{ agent1_hostname }}"
+ agent_key: "{{ agent1_key }}"
+ vars_files:
+ - ./vars/configurations.yml
+ roles:
+ - name: "roles/agent-role"

tests/system/provisioning/one_manager_agent/roles/agent-role/files/ossec.conf

@@ -0,0 +1,88 @@
+<!--
+ Wazuh - Agent - Default configuration for debian 10
+ More info at: https://documentation.wazuh.com
+ Mailing list: https://groups.google.com/forum/#!forum/wazuh
+-->
+
+<ossec_config>
+ <client>
+ <server>
+ <address>MANAGER_IP</address>
+ <port>1514</port>
+ <protocol>tcp</protocol>
+ </server>
+ <config-profile>debian, debian10</config-profile>
+ <notify_time>10</notify_time>
+ <time-reconnect>60</time-reconnect>
+ <auto_restart>yes</auto_restart>
+ <crypto_method>aes</crypto_method>
+ </client>
+
+ <client_buffer>
+ <!-- Agent buffer options -->
+ <disabled>no</disabled>
+ <queue_size>5000</queue_size>
+ <events_per_second>500</events_per_second>
+ </client_buffer>
+
+
+ <!-- File integrity monitoring -->
+ <syscheck>
+ <disabled>no</disabled>
+
+ <!-- Frequency that syscheck is executed default every 12 hours -->
+ <frequency>60</frequency>
+
+ <scan_on_start>yes</scan_on_start>
+
+ <!-- Directories to check (perform all possible verifications) -->
+ <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+ <directories check_all="yes">/bin,/sbin,/boot</directories>
+ <directories check_all="yes">/testdir1</directories>
+ <directories check_all="yes" realtime="yes">/testdir2</directories>
+ <directories check_all="yes" whodata="yes">/testdir3</directories>
+
+ <!-- Files/directories to ignore -->
+ <ignore>/etc/mtab</ignore>
+ <ignore>/etc/hosts.deny</ignore>
+ <ignore>/etc/mail/statistics</ignore>
+ <ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
+ <ignore>/etc/adjtime</ignore>
+ <ignore>/etc/httpd/logs</ignore>
+ <ignore>/etc/utmpx</ignore>
+ <ignore>/etc/wtmpx</ignore>
+ <ignore>/etc/cups/certs</ignore>
+ <ignore>/etc/dumpdates</ignore>
+ <ignore>/etc/svc/volatile</ignore>
+ <ignore>/sys/kernel/security</ignore>
+ <ignore>/sys/kernel/debug</ignore>
+ <ignore>/dev/core</ignore>
+
+ <!-- File types to ignore -->
+ <ignore type="sregex">^/proc</ignore>
+ <ignore type="sregex">.log$|.swp$</ignore>
+
+ <!-- Check the file, but never compute the diff -->
+ <nodiff>/etc/ssl/private.key</nodiff>
+
+ <skip_nfs>yes</skip_nfs>
+ </syscheck>
+
+ <!-- Log analysis -->
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/ossec/logs/active-responses.log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/secure</location>
+ </localfile>
+
+ <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+ <logging>
+ <log_format>plain</log_format>
+ </logging>
+
+</ossec_config>

tests/system/provisioning/one_manager_agent/roles/agent-role/tasks/main.yml

@@ -0,0 +1,83 @@
+- name: "Check and update debian repositories"
+ shell:
+ cmd: apt-get update --allow-releaseinfo-change
+
+- name: "Installing dependencies using apt"
+ apt:
+ pkg:
+ - git
+ - gcc
+ - make
+ - cmake
+ - libc6-dev
+ - curl
+ - policycoreutils
+ - automake
+ - autoconf
+ - libtool
+ - python3-pytest
+ force_apt_get: yes
+ state: present
+ update_cache: yes
+ cache_valid_time: 3600
+
+- name: "Clone wazuh repository"
+ git:
+ repo: "https:/wazuh/wazuh"
+ dest: /wazuh
+ version: "{{ wazuh_branch }}"
+
+- name: Install agent
+ args:
+ chdir: /wazuh
+ creates: /var/ossec
+ environment:
+ USER_LANGUAGE: "en"
+ USER_NO_STOP: "y"
+ USER_INSTALL_TYPE: "agent"
+ USER_DIR: "/var/ossec"
+ USER_ENABLE_EMAIL: "n"
+ USER_ENABLE_SYSCHECK: "y"
+ USER_ENABLE_ROOTCHECK: "y"
+ USER_ENABLE_OPENSCAP: "y"
+ USER_WHITE_LIST: "n"
+ USER_ENABLE_SYSLOG: "y"
+ USER_ENABLE_AUTHD: "y"
+ USER_AUTO_START: "y"
+ shell: "./install.sh"
+
+- name: Copy ossec.conf file
+ copy:
+ src: ../files/ossec.conf
+ dest: /var/ossec/etc/ossec.conf
+ owner: ossec
+ mode: '0644'
+
+- name: Remove client.keys
+ file:
+ path: /var/ossec/etc/client.keys
+ state: absent
+
+- name: Register agents
+ lineinfile:
+ path: /var/ossec/etc/client.keys
+ line: "{{ agent_id }} {{agent_hostname}} any {{ agent_key }}"
+ owner: ossec
+ mode: "0644"
+ create: yes
+
+- name: Set Wazuh Manager IP
+ lineinfile:
+ path: /var/ossec/etc/ossec.conf
+ regexp: '<address>(.*)</address>'
+ line: "<address>{{ manager_hostname }}</address>"
+ backrefs: yes
+
+- name: enable debug mode
+ blockinfile:
+ path: /var/ossec/etc/local_internal_options.conf
+ block: |
+ syscheck.debug=2
+
+- name: Restart Wazuh
+ command: /var/ossec/bin/wazuh-control restart