Dev mocha alerts

public/controllers/settings/index.js

@@ -102,8 +102,8 @@ app.controller('settingsController', function(
 
   // Get current API index
   const getCurrentAPIIndex = () => {
-    $scope.apiEntries.map((entry, index, array) => { // eslint-disable-line 
-      // eslint-disable-line
+    // eslint-disable-next-line 
+    $scope.apiEntries.map((entry, index, array) => {
       if (entry._id === $scope.currentDefault) currentApiEntryIndex = index;
     });
   };

public/services/resolves/settings-wizard.js

@@ -87,7 +87,7 @@ export default (
       try {
         currentApi = JSON.parse(appState.getCurrentAPI()).id;
       } catch (error) {
-        // eslint-disable-next-line 
+        // eslint-disable-next-line
         console.log(`Error parsing JSON (settingsWizards.changeCurrentApi)`);
       }
       const clusterInfo = data.data.data.cluster_info;

server/logger.js

@@ -126,5 +126,5 @@ export function log(location, message, level) {
       console.error(
         `Cannot create the logs directory due to:\n${error.message || error}`
       )
-    ); 
+    );
 }

test/server/alerts.js

@@ -0,0 +1,290 @@
+const chai = require('chai');
+const needle = require('needle');
+
+chai.should();
+
+const headers = {
+  headers: { 'kbn-xsrf': 'kibana', 'Content-Type': 'application/json' }
+};
+
+const date = new Date();
+const day = date.getDate();
+const month = date.getMonth() + 1;
+const index = `wazuh-alerts-3.x-2018.${month > 10 ? month : `0${month}`}.${
+  day > 10 ? day : `0${day}`
+}`;
+
+const commonFields = sample => {
+  sample.agent.id.should.be.a('string');
+  sample.agent.should.be.a('object');
+  sample.agent.name.should.be.a('string');
+  sample.agent.id.should.be.a('string');
+  sample.agent.id.length.should.be.eql(3);
+  sample.rule.should.be.a('object');
+};
+
+const checkRes = res => {
+  res.statusCode.should.be.eql(200);
+  res.body.should.be.a('object');
+  res.body.hits.hits.should.be.a('array');
+};
+
+const syscheck = async agentID => {
+  const res = await needle(
+    'get',
+    `localhost:9200/${index}/_search`,
+    {
+      query: {
+        bool: {
+          must: [
+            { match: { 'agent.id': `${agentID}` } },
+            { match: { 'rule.groups': 'syscheck' } }
+          ]
+        }
+      }
+    },
+    headers
+  );
+
+  if (!res.body.hits.hits.length) {
+    throw new Error('There are no alerts to check!');
+  }
+
+  const sample = res.body.hits.hits[0]._source;
+
+  checkRes(res);
+  commonFields(sample);
+  sample.syscheck.should.be.a('object');
+  sample.rule.groups.should.be.a('array').that.includes('syscheck');
+  sample.manager.should.be.a('object');
+  sample.manager.name.should.be.a('string');
+  sample.source.should.be.eql('/var/ossec/logs/alerts/alerts.json');
+  sample.location.should.be.eql('syscheck');
+  sample.cluster.should.be.a('object');
+  sample.cluster.name.should.be.eql('wazuh');
+  sample.cluster.node.should.be.eql('node01');
+};
+
+const rootcheck = async agentID => {
+  const res = await needle(
+    'get',
+    `localhost:9200/${index}/_search`,
+    {
+      query: {
+        bool: {
+          must: [
+            { match: { 'agent.id': `${agentID}` } },
+            { match: { 'rule.groups': 'rootcheck' } }
+          ]
+        }
+      }
+    },
+    headers
+  );
+
+  if (!res.body.hits.hits.length) {
+    throw new Error('There are no alerts to check!');
+  }
+
+  const sample = res.body.hits.hits[0]._source;
+
+  checkRes(res);
+  commonFields(sample);
+  sample.rule.groups.should.be.a('array').that.includes('rootcheck');
+  sample.manager.should.be.a('object');
+  sample.manager.name.should.be.a('string');
+  sample.source.should.be.eql('/var/ossec/logs/alerts/alerts.json');
+  sample.location.should.be.eql('rootcheck');
+  sample.cluster.should.be.a('object');
+  sample.cluster.name.should.be.eql('wazuh');
+  sample.cluster.node.should.be.eql('node01');
+};
+
+const vulnerability = async agentID => {
+  const res = await needle(
+    'get',
+    `localhost:9200/${index}/_search`,
+    {
+      query: {
+        bool: {
+          must: [
+            { match: { 'agent.id': `${agentID}` } },
+            { match: { 'rule.groups': 'vulnerability-detector' } }
+          ]
+        }
+      }
+    },
+    headers
+  );
+
+  if (!res.body.hits.hits.length) {
+    throw new Error('There are no alerts to check!');
+  }
+
+  const sample = res.body.hits.hits[0]._source;
+
+  checkRes(res);
+  commonFields(sample);
+  sample.data.should.be.a('object');
+  sample.data.vulnerability.should.be.a('object');
+  sample.data.vulnerability.reference.should.be.a('string');
+  sample.data.vulnerability.package.condition.should.be.a('string');
+  sample.data.vulnerability.package.patch.should.be.a('string');
+  sample.data.vulnerability.title.should.be.a('string');
+  sample.data.vulnerability.severity.should.be.a('string');
+  sample.data.vulnerability.state.should.be.a('string');
+  sample.data.vulnerability.cve.should.be.a('string');
+  sample.rule.groups.should.be
+    .a('array')
+    .that.includes('vulnerability-detector');
+  sample.manager.should.be.a('object');
+  sample.manager.name.should.be.a('string');
+  sample.source.should.be.eql('/var/ossec/logs/alerts/alerts.json');
+  sample.location.should.be.eql('vulnerability-detector');
+  sample.cluster.should.be.a('object');
+  sample.cluster.name.should.be.eql('wazuh');
+  sample.cluster.node.should.be.eql('node01');
+};
+
+const pciDss = async agentID => {
+  const res = await needle(
+    'get',
+    `localhost:9200/${index}/_search`,
+    {
+      query: {
+        bool: {
+          must: [
+            { match: { 'agent.id': `${agentID}` } },
+            { exists: { field: 'rule.pci_dss' } }
+          ]
+        }
+      }
+    },
+    headers
+  );
+
+  if (!res.body.hits.hits.length) {
+    throw new Error('There are no alerts to check!');
+  }
+
+  const sample = res.body.hits.hits[0]._source;
+
+  checkRes(res);
+  commonFields(sample);
+  sample.rule.pci_dss.should.be.a('array');
+  sample.manager.should.be.a('object');
+  sample.manager.name.should.be.a('string');
+  sample.source.should.be.eql('/var/ossec/logs/alerts/alerts.json');
+  sample.cluster.should.be.a('object');
+  sample.cluster.name.should.be.eql('wazuh');
+  sample.cluster.node.should.be.eql('node01');
+};
+
+const gdpr = async agentID => {
+  const res = await needle(
+    'get',
+    `localhost:9200/${index}/_search`,
+    {
+      query: {
+        bool: {
+          must: [
+            { match: { 'agent.id': `${agentID}` } },
+            { exists: { field: 'rule.gdpr' } }
+          ]
+        }
+      }
+    },
+    headers
+  );
+
+  if (!res.body.hits.hits.length) {
+    throw new Error('There are no alerts to check!');
+  }
+
+  const sample = res.body.hits.hits[0]._source;
+
+  checkRes(res);
+  commonFields(sample);
+  sample.rule.gdpr.should.be.a('array');
+  sample.manager.should.be.a('object');
+  sample.manager.name.should.be.a('string');
+  sample.source.should.be.eql('/var/ossec/logs/alerts/alerts.json');
+  sample.cluster.should.be.a('object');
+  sample.cluster.name.should.be.eql('wazuh');
+  sample.cluster.node.should.be.eql('node01');
+};
+
+const audit = async agentID => {
+  const res = await needle(
+    'get',
+    `localhost:9200/${index}/_search`,
+    {
+      query: {
+        bool: {
+          must: [
+            { match: { 'agent.id': `${agentID}` } },
+            { match: { 'rule.groups': 'audit' } }
+          ]
+        }
+      }
+    },
+    headers
+  );
+
+  if (!res.body.hits.hits.length) {
+    throw new Error('There are no alerts to check!');
+  }
+
+  const sample = res.body.hits.hits[0]._source;
+
+  checkRes(res);
+  commonFields(sample);
+  sample.data.should.be.a('object');
+  sample.rule.groups.should.be.a('array').that.includes('audit');
+  sample.manager.should.be.a('object');
+  sample.manager.name.should.be.a('string');
+  sample.source.should.be.eql('/var/ossec/logs/alerts/alerts.json');
+  sample.location.should.be.eql('/var/log/audit/audit.log');
+  sample.cluster.should.be.a('object');
+  sample.cluster.name.should.be.eql('wazuh');
+  sample.cluster.node.should.be.eql('node01');
+};
+
+describe('Elasticsearch', () => {
+  it('GET /_cat/indices', async () => {
+    const res = await needle('get', `localhost:9200/_cat/indices`, {}, headers);
+    res.statusCode.should.be.eql(200);
+    res.body.should.be.a('string');
+  });
+
+  it(`GET /_cat/indices/${index}`, async () => {
+    const res = await needle(
+      'get',
+      `localhost:9200/_cat/indices/${index}`,
+      {},
+      headers
+    );
+    res.statusCode.should.be.eql(200);
+    res.body.should.be.a('string');
+  });
+
+  describe('Manager (agent.id: 000)', () => {
+    it(`GET /${index}/_search - vulnerability-detector`, async () =>
+      vulnerability('000'));
+    it(`GET /${index}/_search - syscheck`, async () => syscheck('000'));
+    it(`GET /${index}/_search - rootcheck`, async () => rootcheck('000'));
+    it(`GET /${index}/_search - pci_dss`, async () => pciDss('000'));
+    it(`GET /${index}/_search - gdpr`, async () => gdpr('000'));
+    it(`GET /${index}/_search - audit`, async () => audit('000'));
+  });
+
+  describe('Agent (agent.id: 001)', () => {
+    it(`GET /${index}/_search - vulnerability-detector`, async () =>
+      vulnerability('001'));
+    it(`GET /${index}/_search - syscheck`, async () => syscheck('001'));
+    it(`GET /${index}/_search - rootcheck`, async () => rootcheck('001'));
+    it(`GET /${index}/_search - pci_dss`, async () => pciDss('001'));
+    it(`GET /${index}/_search - gdpr`, async () => gdpr('001'));
+    it(`GET /${index}/_search - audit`, async () => audit('001'));
+  });
+});

test/server/wazuh-api-elastic.js

@@ -8,33 +8,9 @@ const headers = {
 };
 
 let API_ID = null;
-let API_PORT = null;
-let API_URL = null;
-let API_USER = null;
-
-const EXAMPLE_API = {};
 
 describe('wazuh-api-elastic', () => {
-  /*
-
-    // Save the given API into elasticsearch
-    server.route({ method: 'PUT', path: '/api/wazuh-api/settings', handler: (req,reply) => ctrl.saveAPI(req,reply) });
-
-    // Update the given API into elasticsearch
-    server.route({ method: 'PUT', path: '/api/wazuh-api/update-settings', handler: (req,reply) => ctrl.updateFullAPI(req,reply) });
-
-    // Get Wazuh-API entries list (Multimanager) from elasticsearch index
-    server.route({ method: 'GET', path: '/api/wazuh-api/apiEntries', handler: (req,reply) => ctrl.getAPIEntries(req,reply) });
 
-    // Delete Wazuh-API entry (multimanager) from elasticsearch index
-    server.route({ method: 'DELETE', path: '/api/wazuh-api/apiEntries/{id}', handler: (req,reply) => ctrl.deleteAPIEntries(req,reply) });
-
-    // Set Wazuh-API as default (multimanager) on elasticsearch index
-    server.route({ method: 'PUT', path: '/api/wazuh-api/apiEntries/{id}', handler: (req,reply) => ctrl.setAPIEntryDefault(req,reply) });
-
-    // Update the API hostname
-    server.route({ method: 'PUT', path: '/api/wazuh-api/updateApiHostname/{id}', handler: (req,reply) => ctrl.updateAPIHostname(req,reply) });
-    */
   before(async () => {
     const res = await needle(
       'get',
@@ -47,9 +23,6 @@ describe('wazuh-api-elastic', () => {
       process.exit(1);
     }
     API_ID = res.body[0]._id;
-    API_URL = res.body[0]._source.url;
-    API_PORT = res.body[0]._source.api_port;
-    API_USER = res.body[0]._source.api_user;
   });
 
   it('PUT /api/wazuh-api/settings', async () => {
@@ -155,16 +128,12 @@ describe('wazuh-api-elastic', () => {
     res.body.result.should.be.eql('deleted');
   });
 
-  it('PUT /api/wazuh-api/apiEntries/{id}', async () => {
-    const res = await needle(
-      'put',
-      `localhost:5601/api/wazuh-api/apiEntries/${API_ID}`,
-      {},
-      headers
-    );
-    res.body.statusCode.should.be.eql(200);
-    res.body.message.should.be.eql('ok');
-  });
+  /*it('PUT /api/wazuh-api/apiEntries/{id}', async () => {
+        const res = await needle('put', `localhost:5601/api/wazuh-api/apiEntries/${API_ID}`, {}, headers);
+        console.log(res.body)
+        res.body.statusCode.should.be.eql(200)
+        res.body.message.should.be.eql('ok')
+    })*/
 
   it('PUT /api/wazuh-api/updateApiHostname/{id}', async () => {
     const res = await needle(