IT VDT - Add SUSE Linux Enterpise Support for 4.4

CHANGELOG.md

@@ -25,6 +25,7 @@ Release report: TBD
 - Add system test to check that agent registered in master node with a specific group is synced to worker node [#2686]((https:/wazuh/wazuh-qa/pull/2686))
 - Add system test cluster sync group with 40 agents ([#2761](https:/wazuh/wazuh-qa/pull/2761))
 - Add system test - 40 agents cluster syncs group ([#2764](https:/wazuh/wazuh-qa/pull/2764))
+- Add support for SUSE systems in VDT tests ([#2902](https:/wazuh/wazuh-qa/pull/2902))
 - Add `qa-docs` `v0.1`([#2649](https:/wazuh/wazuh-qa/pull/2649))
 - Add `qa-ctl` `v0.3.1`([#2649](https:/wazuh/wazuh-qa/pull/2649))
 - Add test fim with file currently open ([#2300](https:/wazuh/wazuh-qa/pull/2300))

deps/wazuh_testing/wazuh_testing/db_interface/agent_db.py

@@ -54,7 +54,7 @@ def insert_hotfix(agent_id='000', scan_id=int(time()), scan_time=datetime.dateti
 
 
 def insert_os_info(agent_id='000', scan_id=int(time()), scan_time=datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S"),
- hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename= '',
+ hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename='',
  os_major='8', os_minor='4', os_patch='', os_build='', os_platform='centos', sysname='Linux',
  release='', version='', os_release='', checksum='dummychecksum', os_display_version='', triaged=0,
  reference=''):
@@ -138,6 +138,7 @@ def insert_package(agent_id='000', scan_id=int(time()), format='rpm', name='cust
  f"{arguments['description']}, {arguments['location']}, {arguments['triaged']}, {arguments['checksum']},"
  f"{arguments['item_id']})")
 
+
 def update_sync_info(agent_id='000', component='syscollector-packages', last_attempt=1, last_completion=1,
  n_attempts=0, n_completions=0, last_agent_checksum=''):
  """Update the sync_info table of the specified agent for the selected component.
@@ -215,7 +216,7 @@ def delete_os_info(agent_id='000'):
 
 
 def update_os_info(agent_id='000', scan_id=int(time()), scan_time=datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S"),
- hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename= '',
+ hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename='',
  os_major='8', os_minor='4', os_patch='', os_build='', os_platform='centos', sysname='Linux',
  release='', version='', os_release='', checksum='dummychecksum', os_display_version='', triaged=0,
  reference=''):

deps/wazuh_testing/wazuh_testing/db_interface/cve_db.py

@@ -63,7 +63,7 @@ def insert_vulnerability(cveid='CVE-000', target='RHEL7', target_minor='',
  reference='https:/wazuh/wazuh-qa', target_v='REDHAT', cvss='10.000000',
  cvss_vector='AV:N/AC:L/Au:N/C:C/I:C/A:C', rationale='Wazuh integration test vulnerability',
  cvss3='', bugzilla_reference='https:/wazuh/wazuh-qa', cwe='WVE-000 -> WVE-001',
- advisory='RHSA-2010:0029', ref_target='RHEL'):
+ advisory='RHSA-2010:0029', ref_target='RHEL', deps_id='0'):
  """Insert a vulnerability in CVE database.
 
  Args:
@@ -87,10 +87,11 @@ def insert_vulnerability(cveid='CVE-000', target='RHEL7', target_minor='',
  cwe (str): CWE ID.
  advisory (str): Advisory ID.
  ref_target (str): OS target ID.
+ deps_id (str): id of the dependencies related to the vulnerability.
  """
  queries = [
- 'INSERT INTO VULNERABILITIES (cveid, target, target_minor, package, operation, operation_value) VALUES '
- f"('{cveid}', '{target}', '{target_minor}', '{package}', '{operation}', '{operation_value}')",
+ 'INSERT INTO VULNERABILITIES (cveid, target, target_minor, package, operation, operation_value, deps_id) VALUES'
+ f" ('{cveid}', '{target}', '{target_minor}', '{package}', '{operation}', '{operation_value}', '{deps_id}')",
 
  'INSERT INTO VULNERABILITIES_INFO (ID, title, severity, published, updated, target, rationale, cvss, '
  f"cvss_vector, CVSS3, cwe) VALUES ('{cveid}', '{title}', '{severity}', '{published}', '{updated}', "

deps/wazuh_testing/wazuh_testing/mocking/__init__.py

@@ -41,24 +41,24 @@
  'WINDOWS_SERVER_2019': {'os_name': 'Microsoft Windows Server 2019', 'os_major': '10', 'os_minor': '0',
  'os_platform': 'windows', 'name': 'windows_server_2019', 'os_version': '1000'},
  'WINDOWS_SERVER_2022_1': {'os_name': 'Microsoft Windows Server 2022', 'os_major': '10', 'os_minor': '0',
- 'os_platform': 'windows', 'name': 'windows_server_2022', 'os_version': '1000'},
+  'os_platform': 'windows', 'name': 'windows_server_2022', 'os_version': '1000'},
  'WINDOWS_SERVER_2022_2': {'os_name': 'Microsoft Windows Server 2022', 'os_major': '10', 'os_minor': '0',
- 'os_platform': 'windows', 'name': 'windows_server', 'os_version': '1000'},
+  'os_platform': 'windows', 'name': 'windows_server', 'os_version': '1000'},
  'MAC': {'os_name': 'Mac OS X', 'os_major': '10', 'os_minor': '15', 'os_platform': 'darwin',
  'name': 'macos-catalina'},
  'MACS': {'os_name': 'Mac OS X Server', 'os_major': '5', 'os_minor': '10', 'os_platform': 'darwin',
  'name': 'macos-server'},
  'ARCH': {'os_name': 'Arch Linux', 'os_major': '', 'os_minor': '', 'os_platform': '', 'name': 'archlinux'},
  'ALAS': {'hostname': 'amz', 'architecture': 'x86_64', 'os_name': 'Amazon Linux AMI', 'os_version': '2018.03',
- 'os_codename': '', 'os_major': '2018', 'os_minor': '03', 'os_patch': '', 'os_build': '',
- 'os_platform': 'amzn', 'sysname': 'Linux', 'release': '4.14.97-74.72.amzn1.x86_64',
- 'version': 'Wazuh v4.3.0', 'os_release': '', 'checksum': '1645433796303855540', 'os_display_version': '',
- 'triaged': '0', 'reference': '0886f3023b131f5bf1ecbc33f651807114cb5a53', 'name': 'amz', 'ip': '127.0.0.1',
- 'register_ip': '127.0.0.1', 'internal_key': '',
- 'os_uname': 'Linux |amz |4.14.97-74.72.amzn1.x86_64 |#1 SMP Tue Feb 5 20:59:30 UTC 2019 |x86_64',
- 'os_arch': 'x86_64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'amz', 'node_name': 'node01',
- 'date_add': '1645433793', 'last_keepalive': '253402300799', 'sync_status': 'synced',
- 'connection_status': 'active', 'disconnection_time': '0'},
+  'os_codename': '', 'os_major': '2018', 'os_minor': '03', 'os_patch': '', 'os_build': '',
+  'os_platform': 'amzn', 'sysname': 'Linux', 'release': '4.14.97-74.72.amzn1.x86_64',
+  'version': 'Wazuh v4.3.0', 'os_release': '', 'checksum': '1645433796303855540', 'os_display_version': '',
+  'triaged': '0', 'reference': '0886f3023b131f5bf1ecbc33f651807114cb5a53', 'name': 'amz', 'ip': '127.0.0.1',
+  'register_ip': '127.0.0.1', 'internal_key': '',
+  'os_uname': 'Linux |amz |4.14.97-74.72.amzn1.x86_64 |#1 SMP Tue Feb 5 20:59:30 UTC 2019 |x86_64',
+  'os_arch': 'x86_64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'amz', 'node_name': 'node01',
+  'date_add': '1645433793', 'last_keepalive': '253402300799', 'sync_status': 'synced',
+  'connection_status': 'active', 'disconnection_time': '0'},
  'ALAS2': {'hostname': 'alas2', 'architecture': 'x86_64', 'os_name': 'Amazon Linux', 'os_version': '2',
  'os_codename': '', 'os_major': '2', 'os_minor': '', 'os_patch': '', 'os_build': '', 'os_platform': 'amzn',
  'sysname': 'Linux', 'release': '4.14.198-152.320.amzn2.x86_64', 'version': 'Wazuh v4.3.0',
@@ -103,7 +103,26 @@
  'BUSTER': {'os_name': 'Debian GNU/Linux', 'os_major': '10', 'os_minor': '0', 'os_platform': 'debian',
  'name': 'debian10'},
  'STRETCH': {'os_name': 'Debian GNU/Linux', 'os_major': '9', 'os_minor': '0', 'os_platform': 'debian',
- 'name': 'debian9'}
+ 'name': 'debian9'},
+ 'SLED11': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '11', 'os_minor': '',
+ 'os_platform': 'sled', 'name': 'Desktop11', 'os_codename': 'sled'},
+ 'SLED12': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '12', 'os_minor': '',
+ 'os_platform': 'sled', 'name': 'Desktop12', 'os_codename': 'sled'},
+ 'SLED15': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '15', 'os_minor': '',
+ 'os_platform': 'sled', 'name': 'Desktop15', 'os_codename': 'sled'},
+ 'SLES11': {'hostname': 'sles', 'architecture': 'x86_64', 'os_name': 'SLES', 'os_major': '11', 'os_minor': '',
+ 'os_platform': 'sles', 'name': 'Server11', 'os_codename': 'sles'},
+ 'SLES12': {'hostname': 'sles', 'architecture': 'x86_64', 'os_name': 'SLES', 'os_major': '12', 'os_minor': '',
+ 'os_platform': 'sles', 'name': 'Server12', 'os_codename': 'sles'},
+ 'SLES15': {'hostname': 'localhost', 'architecture': 'x64', 'os_name': 'SLES', 'os_version': '15.2',
+ 'os_codename': '', 'os_major': '15', 'os_minor': '', 'os_patch': '', 'os_build': '',
+ 'os_platform': 'sles', 'sysname': 'Linux', 'release': '5.3.18-22-default', 'version': 'Wazuh v4.4.0',
+ 'os_release': '', 'checksum': '1652388661375945607', 'name': 'SUSE15', 'ip': '127.0.0.1',
+ 'register_ip': 'any', 'internal_key': '',
+ 'os_uname': 'Linux |localhost|5.3.18-22-default |#1 SMP Wed Jun 3 12:16:43 UTC 2020 (720aeba)|x86_64',
+ 'os_arch': 'x64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'localhost.localdomain',
+ 'node_name': 'node01', 'date_add': '1652381429', 'last_keepalive': '253402300799',
+ 'sync_status': 'synced', 'connection_status': 'active'}
 }
 
 

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py

@@ -31,6 +31,7 @@
 CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
 CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'
 CUSTOM_ALAS2_JSON_FEED = 'custom_alas2_feed.json'
+CUSTOM_SUSE_OVAL_FEED = 'custom_suse_oval_feed.xml'
 
 VULNERABILITY_DETECTOR_PREFIX = r'.*wazuh-modulesd:vulnerability-detector.*'
 
@@ -67,6 +68,17 @@
  }
 ]
 
+SUSE_SYSTEM_PACKAGE = {
+ 'SLES15': [
+ {
+ "name": "sle-module-basesystem-release",
+ "version": "15.2",
+ "format": "rpm",
+ "vendor": "SUSE LLC <https://www.suse.com/>"
+ }
+ ]
+}
+
 
 def update_feed_path_configurations(configurations, metadata, feeds_path):
  """Replace feed path tags in the configuration template, using the metadata information.
@@ -83,17 +95,17 @@ def update_feed_path_configurations(configurations, metadata, feeds_path):
 
  for index, _ in enumerate(configurations):
  if 'json_feed' in metadata[index] and metadata[index]['json_feed'] is not None:
- new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+ new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
  replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
  metadata[index]['json_feed'])))
 
  if 'oval_feed' in metadata[index] and metadata[index]['oval_feed'] is not None:
- new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+ new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
  replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
  metadata[index]['oval_feed'])))
 
  if 'nvd_feed_tag' in metadata[index] and 'nvd_feed' in metadata[index]:
- new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+ new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
  replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))
 
  return new_configurations
@@ -130,6 +142,24 @@ def insert_vulnerabilities_agent_inventory(agent_id='000', status='VALID'):
  cve=package['cveid'], status=status)
 
 
+def insert_suse_system_package(agent_id='000', version='SLES15'):
+ """Insert suse OS package to an agent.
+
+ Args:
+ agent_id (str): Agent ID.
+ version (str): Package version.
+
+ Raises:
+ ValueError: If version parameter has an invalid value.
+ """
+ if version not in SUSE_SYSTEM_PACKAGE:
+ raise ValueError(f"Suse system parameter invalid.")
+
+ for package in SUSE_SYSTEM_PACKAGE[version]:
+ agent_db.insert_package(name=package['name'], version=package['version'], source=package['name'],
+ agent_id=agent_id, vendor=package['vendor'])
+
+
 def feed_is_recently_updated(provider_name, provider_os, threshold_weeks):
  """Check if the provider OS feed is recently updated according to a specified threshold.
 

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py

@@ -52,7 +52,7 @@ def check_vuln_detector_event(file_monitor=None, callback='', error_message=None
  error_message
 
  file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
- callback=make_vuln_callback(callback, prefix), error_message=error_message)
+  callback=make_vuln_callback(callback, prefix), error_message=error_message)
 
 
 def check_vulnerability_detector_disabled():

tests/integration/conftest.py

@@ -119,6 +119,14 @@ def restart_wazuh_daemon_function(daemon=None):
  truncate_file(LOG_FILE_PATH)
  control_service("restart", daemon=daemon)
 
+@pytest.fixture(scope='module')
+def restart_wazuh_daemon_after_finishing(daemon=None):
+ """
+ Restart a Wazuh daemon
+ """
+ yield
+ truncate_file(LOG_FILE_PATH)
+ control_service("restart", daemon=daemon)
 
 @pytest.fixture(scope='module')
 def reset_ossec_log(get_configuration, request):

tests/integration/test_vulnerability_detector/conftest.py

@@ -2,6 +2,7 @@
 # Created by Wazuh, Inc. <[email protected]>.
 # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
 import pytest
+
 from subprocess import CalledProcessError
 
 from wazuh_testing.tools.services import control_service
@@ -111,6 +112,10 @@ def prepare_full_scan_with_vuln_packages_and_custom_system(agent_system, mock_ag
  # Insert vulnerable packages
  package_vendor = 'Red Hat, Inc.' if 'RHEL' in agent_system else 'wazuh-mocking'
 
+ if 'SLES' in agent_system:
+ package_vendor = 'SUSE LLC <https://www.suse.com/>'
+ vd.insert_suse_system_package(agent_id=mock_agent_with_custom_system, version=agent_system)
+
  vd.insert_vulnerable_packages(agent_id=mock_agent_with_custom_system, vendor=package_vendor)
 
  # Update sync info for packages