test(ossec): test alerts from "disconnected submissions" checks

"manage.py check-disconnected-fs-{db,fs}-submissions" has output whether or not there are disconnected submissions, so OSSEC matches on the actual output, not just the presence of it. Here we test both cases for both checks, since they have different output.
freedomofpress · Oct 17, 2023 · 31d9762 · 31d9762
1 parent be542a0
commit 31d9762
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/molecule/testinfra/vars/staging.yml b/molecule/testinfra/vars/staging.yml
@@ -146,6 +146,21 @@ log_events_without_ossec_alerts:
     level: "0"
     rule_id: "199996"
 
+  # OSSEC should not alert when "manage.py check-disconnected-{db,fs}-
+  # submissions" has logged that there are no disconnected submissions.
+  - name: test_no_disconnected_db_submissions_produces_alert
+    alert: >
+      ossec: output: 'cat /var/lib/securedrop/disconnected_db_submissions.txt':
+      No problems were found. All submissions' files are present.
+    level: "1"
+    rule_id: "400800"
+  - name: test_disconnected_fs_submissions_produces_alert
+    alert: >
+      ossec: output: 'cat /var/lib/securedrop/disconnected_fs_submissions.txt':
+      No unexpected files were found in the store.
+    level: "1"
+    rule_id: "400801"
+
 # Log events we expect an OSSEC alert to occur for
 log_events_with_ossec_alerts:
   # Check that a denied RWX mmaping would produce an OSSEC alert
@@ -215,6 +230,24 @@ log_events_with_ossec_alerts:
     level: "7"
     rule_id: "400700"
 
+  # OSSEC should alert when "manage.py check-disconnected-{db,fs}-submissions"
+  # has logged that there are disconnected submissions.
+  - name: test_disconnected_db_submissions_produces_alert
+    alert: >
+      ossec: output: 'cat /var/lib/securedrop/disconnected_db_submissions.txt':
+      There are submissions in the database with no corresponding files. Run
+      "manage.py list-disconnected-db-submissions" for details.
+    level: "1"
+    rule_id: "400800"
+  - name: test_disconnected_fs_submissions_produces_alert
+    alert: >
+      ossec: output: 'cat /var/lib/securedrop/disconnected_fs_submissions.txt':
+      There are files in the submission area with no corresponding records in
+      the database. Run "manage.py list-disconnected-fs-submissions" for
+      details.
+    level: "1"
+    rule_id: "400801"
+
 fpf_apt_repo_url: "https://apt-test.freedom.press"
 
 daily_reboot_time: "4"