Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt the JSON event schema to parse WIN perms in JSON. #1541

Merged
merged 1 commit into from
Nov 11, 2021
Merged

Adapt the JSON event schema to parse WIN perms in JSON. #1541

merged 1 commit into from
Nov 11, 2021

Conversation

antoniomanuelfr
Copy link
Contributor

Related issue
#1401

Description

Hi team!!

The changes introduced in wazuh/wazuh#8585 broke the FIM event validator in windows. This PR aims to introduce the necessary changes for make them work again as expected
Closes #1401

Tests

  • Proven that tests pass when they have to pass.
  • Proven that tests fail when they have to fail.
  • Python codebase satisfies PEP-8 style style guide. pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.
  • Python codebase is documented following the Google Style for Python docstrings.
  • The test is documented in wazuh-qa/docs.
  • provision_documentation.sh generate the docs without errors.

@antoniomanuelfr antoniomanuelfr self-assigned this Jul 5, 2021
@antoniomanuelfr antoniomanuelfr linked an issue Jul 5, 2021 that may be closed by this pull request
Adapt syscheck event validator on permission format change #1401
Closed
@antoniomanuelfr antoniomanuelfr marked this pull request as ready for review August 18, 2021 12:06
@chemamartinez chemamartinez self-requested a review August 19, 2021 08:23
@jotacarma90 jotacarma90 mentioned this pull request Aug 19, 2021
Merged
11 tasks
@juliamagan juliamagan self-requested a review September 15, 2021 15:11
@jotacarma90 jotacarma90 changed the base branch from 8575-fim-win-perms-improvement to master September 20, 2021 13:50
@CamiRomero
Copy link
Contributor

Pr does not generate the package for Centos

Build package

@juliamagan
Copy link
Member

juliamagan commented Oct 11, 2021
edited
Loading

As we do not have a full-green in FIM tests, we will launch the tests affected by submodules.

Package

Version Revision Link
4.3.0 40301 https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.0-0.commitf4c5219.x86_64.rpm
4.3.0 40301 https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/windows/wazuh-agent-4.3.0-0.commitf4c5219.msi

Testing

test_files

OS Local Jenkins Notes
PS1
PS2
PS3
Submodules execution

test_ambiguous_confs

OS Local Jenkins Notes
PS1 🔵
PS2
PS3

test_basic_usage

OS Local Jenkins Notes
PS1 🔵
PS2
PS3

test_benchmark

OS Local Jenkins Notes
PS1 🔵
PS2
PS3

test_checks

OS Local Jenkins Notes
PS1 🔵
PS2
PS3

test_env_variables

OS Local Jenkins Notes
PS1
PS2
PS3

test_follow_symbolic_link

OS Local Jenkins Notes
PS1
PS2
PS3

test_inotify

OS Local Jenkins Notes
PS1
PS2
PS3

test_multiple_dirs

OS Local Jenkins Notes
PS1
PS2
PS3

test_nodiff

OS Local Jenkins Notes
PS1
PS2
PS3

test_recursion_level

OS Local Jenkins Notes
PS1
PS2
PS3

test_report_changes

OS Local Jenkins Notes
PS1
PS2
PS3

test_skip

OS Local Jenkins Notes
PS1
PS2
PS3

test_tags

OS Local Jenkins Notes
PS1
PS2
PS3

test_wildcard complex

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry

OS Local Jenkins Notes
PS1
PS2
PS3
Submodules execution

test_registry_ambiguous_confs

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_basic_usage

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_checks

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_multiple_registry

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_nodiff

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_recursion_level

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_report_changes

OS Local Jenkins Notes
PS1
PS2
PS3

test_registry_tags

OS Local Jenkins Notes
PS1
PS2
PS3
  • 🟢: All pass
  • 🟡: Some warnings
  • 🔴: Some errors/fails
  • 🔵: In progress

@antoniomanuelfr
Copy link
Contributor Author

antoniomanuelfr commented Nov 10, 2021
edited
Loading

I have been checking the execution of the tests in my local environment after updating to the latest changes in the master branch.

. I'm attaching a report file with the execution of the tests
report.zip

I also run the test_check folder and all tests completed without any failure:
This is the report file.
check_report.zip.zip

After checking the errors:

  • test_basic_usage_changes is failing because the test didn't catch the delete event in the function check_events_type, but the event is triggered by FIM
    There are a lot of errors related to the message TimeoutError: Did not receive expected "Folders monitored with real-time engine..." event. This happens when the test cannot check if the real-time engine has started. Looking at the logs, the message appears correctly (6345 is the identifier for this message).

I also checked the execution using the master branch for both repositories, and there are a lot of errors.

report_master.zip

@snaow
Copy link
Contributor

snaow commented Nov 11, 2021

LGTM.
Since we need this for 4.3.0 release I am merging the PR even if full FIM tests are not in green.

Thanks everyone for the work.

@snaow snaow merged commit cc712b0 into master Nov 11, 2021
@snaow snaow deleted the 8585-win-perm-json branch November 11, 2021 17:00
@snaow snaow mentioned this pull request Jan 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

@juliamagan juliamagan Awaiting requested review from juliamagan

Assignees

@antoniomanuelfr antoniomanuelfr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Adapt syscheck event validator on permission format change
5 participants
@antoniomanuelfr @CamiRomero @juliamagan @snaow @chemamartinez