/
action.yml
112 lines (104 loc) · 4.05 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
runs:
using: "composite"
steps:
- name: Wait for start Wazuh Cluster
shell: bash
run: sleep 120
- name: Check Wazuh indexer start
shell: bash
run: |
status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:admin -k -s | grep green | wc -l`"
if [[ $status_green -eq 1 ]]; then
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:admin -k -s
else
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:admin -k -s
exit 1
fi
status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:admin -k -s | wc -l`"
status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:admin -k -s | grep "green" | wc -l`"
if [[ $status_index_green -eq $status_index ]]; then
curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:admin -k -s
else
curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:admin -k -s
exit 1
fi
- name: Check Wazuh indexer nodes
shell: bash
run: |
nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:admin -k -s | wc -l`"
if [[ $nodes -eq 1 ]]; then
echo "Wazuh indexer nodes: ${nodes}"
else
echo "Wazuh indexer nodes: ${nodes}"
exit 1
fi
- name: Check documents into wazuh-alerts index
shell: bash
run: |
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:admin -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
exit 1
fi
- name: Check Wazuh templates
shell: bash
run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:admin -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:admin -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
if [[ $qty_templates -eq 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
echo "wazuh templates:"
echo "${templates}"
exit 1
fi
- name: Check Wazuh manager start
shell: bash
run: |
services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
if [[ $services -gt 9 ]]; then
echo "Wazuh Manager Services: ${services}"
echo "OK"
else
echo "Wazuh indexer nodes: ${nodes}"
curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
exit 1
fi
env:
TOKEN: $(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check Wazuh dashboard service URL
shell: bash
run: |
status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:admin -I -s | grep -E "^HTTP" | awk '{print $2}')
if [[ $status -eq 200 ]]; then
echo "Wazuh dashboard status: ${status}"
else
echo "Wazuh dashboard status: ${status}"
exit 1
fi
- name: Check Errors in ossec.log
shell: bash
run: |
log=$(sudo awk 'BEGIN{IGNORECASE=1} /ERROR|CRITICAL/' /var/ossec/logs/ossec.log)
if [[ -z "$log" ]]; then
echo "No errors in ossec.log"
else
echo "Errors in ossec.log:"
echo "${log}"
exit 1
fi
- name: Check Errors from filebeat
shell: bash
run: |
filebeatout=$(sudo filebeat test output)
filebeatstatus=$(echo "${filebeatout}" | grep -c OK)
if [[ filebeatstatus -eq 7 ]]; then
echo "No errors in filebeat"
else
echo "Errors in filebeat"
echo "${filebeatout}"
exit 1
fi