Skip to content

Commit

Permalink
Merge pull request #4373 from wazuh/add-fim-checks-tests
Browse files Browse the repository at this point in the history 
Add new FIM test to verify checks in configuration
  • Loading branch information
@vikman90
vikman90 authored Jul 28, 2023
2 parents 91bf408 + 9fc41e1 commit acdf199
Show file tree
Hide file tree
Showing 3 changed files with 392 additions and 12 deletions.
25 changes: 13 additions & 12 deletions deps/wazuh_testing/wazuh_testing/modules/fim/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -696,8 +696,8 @@ def get_fim_mode_param(mode, key='FIM_MODE'):
return None, None


def regular_file_cud(folder, log_monitor, file_list=['testfile0'], min_timeout=1, options=None,
triggers_event=True, encoding=None, validators_after_create=None, validators_after_update=None,
def regular_file_cud(folder, log_monitor, file_list=['testfile0'], min_timeout=1, options=None, triggers_event=True,
triggers_modified_event=True, encoding=None, validators_after_create=None, validators_after_update=None,
validators_after_delete=None, validators_after_cud=None, event_mode=None, escaped=False):
"""Check if creation, update and delete events are detected by syscheck.
Expand Down Expand Up @@ -746,16 +746,17 @@ def regular_file_cud(folder, log_monitor, file_list=['testfile0'], min_timeout=1
logger.info("'added' {} detected as expected.\n".format("events" if len(file_list) > 1 else "event"))

# Modify previous text files
for name, content in file_list.items():
modify_file_content(folder, name, is_binary=isinstance(content, bytes))

event_checker = EventChecker(log_monitor=log_monitor, folder=folder, file_list=file_list, options=options,
custom_validator=custom_validator, encoding=encoding,
callback=ev.callback_detect_file_modified_event)
event_checker.fetch_and_check('modified', min_timeout=min_timeout, triggers_event=triggers_event,
event_mode=event_mode, escaped=escaped)
if triggers_event:
logger.info("'modified' {} detected as expected.\n".format("events" if len(file_list) > 1 else "event"))
if triggers_modified_event:
for name, content in file_list.items():
modify_file_content(folder, name, is_binary=isinstance(content, bytes))

event_checker = EventChecker(log_monitor=log_monitor, folder=folder, file_list=file_list, options=options,
custom_validator=custom_validator, encoding=encoding,
callback=ev.callback_detect_file_modified_event)
event_checker.fetch_and_check('modified', min_timeout=min_timeout, triggers_event=triggers_event,
event_mode=event_mode, escaped=escaped)
if triggers_event:
logger.info("'modified' {} detected as expected.\n".format("events" if len(file_list) > 1 else "event"))

# Delete previous text files
for name in file_list:
Expand Down
167 changes: 167 additions & 0 deletions tests/integration/test_fim/test_files/test_file_checks/data/wazuh_check_all.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
---
# Configuration for check_all=yes
- tags:
- check_all_yes
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "yes"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
# Configuration for check_all=no
- tags:
- check_all_no
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "no"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
# Configuration for conjuction
- tags:
- check_just_one_no
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "yes"
- check_sha1sum: "no"
- directories:
value: DIRECTORY_2
attributes:
- FIM_MODE
- check_all: "yes"
- check_md5sum: "no"
- directories:
value: DIRECTORY_3
attributes:
- FIM_MODE
- check_all: "yes"
- check_sha256sum: "no"
- directories:
value: DIRECTORY_4
attributes:
- FIM_MODE
- check_all: "yes"
- check_size: "no"
- directories:
value: DIRECTORY_5
attributes:
- FIM_MODE
- check_all: "yes"
- check_mtime: "no"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
# Configuration for test checksum all
- tags:
- check_just_one_yes
apply_to_modules:
- test_file_checkers
sections:
- section: syscheck
elements:
- disabled:
value: 'no'
- directories:
value: DIRECTORY_1
attributes:
- FIM_MODE
- check_all: "no"
- check_sha1sum: "yes"
- directories:
value: DIRECTORY_2
attributes:
- FIM_MODE
- check_all: "no"
- check_md5sum: "yes"
- directories:
value: DIRECTORY_3
attributes:
- FIM_MODE
- check_all: "no"
- check_sha256sum: "yes"
- directories:
value: DIRECTORY_4
attributes:
- FIM_MODE
- check_all: "no"
- check_size: "yes"
- directories:
value: DIRECTORY_5
attributes:
- FIM_MODE
- check_all: "no"
- check_mtime: "yes"
- section: sca
elements:
- enabled:
value: 'no'
- section: rootcheck
elements:
- disabled:
value: 'yes'
- section: wodle
attributes:
- name: 'syscollector'
elements:
- disabled:
value: 'yes'
Loading

0 comments on commit acdf199

Please sign in to comment.