Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Comprehensive testing for OSSEC rules #2134
We should have automated testing to ensure that particular log events do or do not produce OSSEC alerts. We can begin by adding regression tests when patching the OSSEC rules.
It appears that the right tool for testing if particular log events do or do not produce OSSEC alerts is
We can use this
Eventually, we could also incorporate testing for OSSEC into our integration testing: when user interaction occurs, we should verify that OSSEC alerts are not produced. This would catch bugs like #1331 and #1240.
Relevant for the testing story here is that OSSEC 2.9 added support for JSON logging. We'll need to evaluate whether it's worth changing the output format given that we also pipe the events to
Before we upgrade OSSEC we should tackle #1756. I also don't think we have a discrete issue for bumping the OSSEC version, so I'll add that presently.
referenced this issue
Aug 16, 2017
This was referenced
Aug 17, 2017
Writing automated tests for