Test Report

Result	Test	Duration	Links
Failed	tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[delete_file_linux]	153.55
configure_environment = None metadata = {'description': 'Delete a file and check generated alerts', 'extra': {'syscheck.path': '\\/tmp\\/test_demo_fim\\/monit...r', 'mode': 493, 'path': '/tmp/test_demo_fim/monitored_file.txt', 'state': 'absent'}, 'name': 'delete_file_linux', ...} get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.6.105' generate_events = None, clean_alerts_index = None @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning') @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids) def test_fim_linux(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events, clean_alerts_index): ''' description: Check that an alert is generated and indexed for FIM events. test_phases: - Set a custom Wazuh configuration. - Create, modify and delete a file to generate event. - Check in the alerts.json log that the expected alert has been triggered and get its timestamp. - Check that the obtained alert from alerts.json has been indexed. wazuh_min_version: 4.4.0 tier: 0 parameters: - configurate_environment: type: fixture brief: Set the wazuh configuration according to the configuration playbook. - metadata: type: dict brief: Wazuh configuration metadata. - get_dashboard_credentials: type: fixture brief: Get the wazuh dashboard credentials. - generate_events: type: fixture brief: Generate events that will trigger the alert according to the generate_events playbook. - clean_alerts_index: type: fixture brief: Delete obtained alerts.json and alerts index. assertions: - Verify that the alert has been triggered. - Verify that the same alert has been indexed. input_description: - The `configuration.yaml` file provides the module configuration for this test. - The `generate_events.yaml`file provides the function configuration for this test. ''' rule_id = metadata['rule.id'] rule_level = metadata['rule.level'] rule_description = metadata['rule.description'] syscheck_path = metadata['extra']['syscheck.path'] timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+\|-]\d+' expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})","rule":{{"level":{rule_level},' \ fr'"description":"{rule_description}","id":"{rule_id}"."syscheck":{{"path":' \ fr'"{syscheck_path}".\}}' expected_indexed_alert = fr'."path": "{syscheck_path}"."rule":."level": {rule_level},."description": ' \ fr'"{rule_description}"."timestamp": "({timestamp_regex})".' # Check that alert has been raised and save timestamp > raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json, timeout=fw.T_5, error_message='The alert has not occurred').result() tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py:117: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, /usr/local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7f8508db34f0>, timeout = 5 callback = <function make_callback.<locals>.<lambda> at 0x7f8509175280>, accum_results = 1, update_position = True timeout_extra = 0, error_message = 'The alert has not occurred' def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0, error_message=''): """Start the queue monitoring until the stop method is called.""" if not self._continue: self._continue = True self._abort = False result = None while self._continue: if self._abort: self.stop() if error_message: logger.error(error_message) logger.error(f"Results accumulated: " f"{len(result) if isinstance(result, list) else 0}") logger.error(f"Results expected: {accum_results}") > raise TimeoutError(error_message) E TimeoutError: The alert has not occurred /usr/local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError -----------------------------Captured stdout setup------------------------------ PLAY [localhost] ************************************************************* TASK [Gathering Facts] ***************************************************** ok: [localhost] TASK [Generate a general validation playbook] ****************************** changed: [localhost] PLAY RECAP ***************************************************************** localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 PLAY [General validation phase] ******************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Set flag and informative variable] ******************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Check default Python version (Linux)] ***************** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Get Python version (Windows)] ************************* skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check default Python version (Windows)] *************** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check OS (Linux)] ************************************* skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check OS (Windows)] *********************************** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ********************************************** TASK [service_controller : Get installation type] ************************** changed: [centos-manager] changed: [centos-agent] TASK [host_checker : Populate services facts] ****************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Check the status of Wazuh components (Manager)] ******* skipping: [centos-manager] => (item=wazuh-manager.service) skipping: [centos-manager] => (item=wazuh-indexer.service) skipping: [centos-manager] => (item=filebeat.service) skipping: [centos-agent] => (item=wazuh-manager.service) skipping: [centos-agent] => (item=wazuh-indexer.service) skipping: [centos-agent] => (item=filebeat.service) TASK [host_checker : set_fact] ********************************************* skipping: [centos-manager] ok: [centos-agent] TASK [host_checker : Check the status of Wazuh Agent] ********************** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ********************************************** TASK [service_controller : Get installation type] ************************** changed: [centos-manager] changed: [centos-agent] TASK [host_checker : Run filebeat test] ************************************ skipping: [centos-agent] changed: [centos-manager] TASK [host_checker : Check the connection between Filebeat and Wazuh Indexer] * skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ************************************************ TASK [service_controller : Get installation type] ************************** changed: [centos-agent] changed: [centos-manager] TASK [host_checker : Test connection with Wazuh Indexer] ******************* skipping: [centos-agent] fatal: [centos-manager -> localhost]: FAILED! => {"changed": false, "msg": "The shell action failed to execute in the expected time frame (3) and was terminated"} ...ignoring TASK [host_checker : Check the connection between Controller node and Wazuh Indexer] * skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : set_fact] *********************************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Verify if any check have failed] ********************** skipping: [centos-manager] skipping: [centos-agent] PLAY RECAP ***************************************************************** centos-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 centos-manager : ok=9 changed=4 unreachable=0 failed=0 skipped=11 rescued=0 ignored=1 PLAY [Configure Linux agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Create directory to monitor] ***************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Add directory to syscheck configuration] ***************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [ubuntu-agent] skipping: [centos-agent] TASK [Restart Wazuh] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] skipping: [centos-agent] PLAY RECAP ***************************************************************** centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.6.105", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no -i /home/mauro/ephemeral.pem", "ansible_user": "qa", "ansible_winrm_server_cert_validation": "ignore", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.6.105", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no -i /home/mauro/ephemeral.pem", "ansible_user": "qa", "ansible_winrm_server_cert_validation": "ignore", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Delete a file from the monitored folder] ***************************** ok: [ubuntu-agent] ok: [centos-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-agent : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ------------------------------Captured stderr call------------------------------ 2022-08-29 14:42:34,590 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 14:42:34,591 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 14:42:34,591 - wazuh_testing - ERROR - Results expected: 1 -------------------------------Captured log call-------------------------------- ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Linux agent environment] ************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete syscheck configuration] *************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Delete folder] ******************************************************* changed: [centos-agent] changed: [ubuntu-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] skipping: [centos-agent] PLAY RECAP ******************************************************************* centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

configure_environment = None
metadata = {'description': 'Delete a file and check generated alerts', 'extra': {'syscheck.path': '\\/tmp\\/test_demo_fim\\/monit...r', 'mode': 493, 'path': '/tmp/test_demo_fim/monitored_file.txt', 'state': 'absent'}, 'name': 'delete_file_linux', ...}
get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.6.105'
generate_events = None, clean_alerts_index = None

@pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
@pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
def test_fim_linux(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events,
clean_alerts_index):
'''
description: Check that an alert is generated and indexed for FIM events.

test_phases:
- Set a custom Wazuh configuration.
- Create, modify and delete a file to generate event.
- Check in the alerts.json log that the expected alert has been triggered and get its timestamp.
- Check that the obtained alert from alerts.json has been indexed.

wazuh_min_version: 4.4.0

tier: 0

parameters:
- configurate_environment:
type: fixture
brief: Set the wazuh configuration according to the configuration playbook.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- get_dashboard_credentials:
type: fixture
brief: Get the wazuh dashboard credentials.
- generate_events:
type: fixture
brief: Generate events that will trigger the alert according to the generate_events playbook.
- clean_alerts_index:
type: fixture
brief: Delete obtained alerts.json and alerts index.

assertions:
- Verify that the alert has been triggered.
- Verify that the same alert has been indexed.

input_description:
- The `configuration.yaml` file provides the module configuration for this test.
- The `generate_events.yaml`file provides the function configuration for this test.
'''
rule_id = metadata['rule.id']
rule_level = metadata['rule.level']
rule_description = metadata['rule.description']
syscheck_path = metadata['extra']['syscheck.path']
timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+'

expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})","rule":{{"level":{rule_level},' \
fr'"description":"{rule_description}","id":"{rule_id}".*"syscheck":{{"path":' \
fr'"{syscheck_path}".*\}}'

expected_indexed_alert = fr'.*"path": "{syscheck_path}".*"rule":.*"level": {rule_level},.*"description": ' \
fr'"{rule_description}".*"timestamp": "({timestamp_regex})".*'

# Check that alert has been raised and save timestamp
> raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
timeout=fw.T_5, error_message='The alert has not occurred').result()

tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py:117:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event
result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
/usr/local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start
self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7f8508db34f0>, timeout = 5
callback = <function make_callback.<locals>.<lambda> at 0x7f8509175280>, accum_results = 1, update_position = True
timeout_extra = 0, error_message = 'The alert has not occurred'

def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
error_message=''):
"""Start the queue monitoring until the stop method is called."""
if not self._continue:
self._continue = True
self._abort = False
result = None

while self._continue:
if self._abort:
self.stop()
if error_message:
logger.error(error_message)
logger.error(f"Results accumulated: "
f"{len(result) if isinstance(result, list) else 0}")
logger.error(f"Results expected: {accum_results}")
> raise TimeoutError(error_message)
E TimeoutError: The alert has not occurred

/usr/local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
-----------------------------Captured stdout setup------------------------------
PLAY [localhost] *************************************************************** TASK [Gathering Facts] ********************************************************* ok: [localhost] TASK [Generate a general validation playbook] ********************************** changed: [localhost] PLAY RECAP ********************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 PLAY [General validation phase] ************************************************ TASK [Gathering Facts] ********************************************************* ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Set flag and informative variable] ************************ ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Check default Python version (Linux)] ********************* skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Get Python version (Windows)] ***************************** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check default Python version (Windows)] ******************* skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check OS (Linux)] ***************************************** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check OS (Windows)] *************************************** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ************************************************** TASK [service_controller : Get installation type] ****************************** changed: [centos-manager] changed: [centos-agent] TASK [host_checker : Populate services facts] ********************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Check the status of Wazuh components (Manager)] *********** skipping: [centos-manager] => (item=wazuh-manager.service) skipping: [centos-manager] => (item=wazuh-indexer.service) skipping: [centos-manager] => (item=filebeat.service) skipping: [centos-agent] => (item=wazuh-manager.service) skipping: [centos-agent] => (item=wazuh-indexer.service) skipping: [centos-agent] => (item=filebeat.service) TASK [host_checker : set_fact] ************************************************* skipping: [centos-manager] ok: [centos-agent] TASK [host_checker : Check the status of Wazuh Agent] ************************** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ************************************************** TASK [service_controller : Get installation type] ****************************** changed: [centos-manager] changed: [centos-agent] TASK [host_checker : Run filebeat test] **************************************** skipping: [centos-agent] changed: [centos-manager] TASK [host_checker : Check the connection between Filebeat and Wazuh Indexer] *** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ************************************************** TASK [service_controller : Get installation type] ****************************** changed: [centos-agent] changed: [centos-manager] TASK [host_checker : Test connection with Wazuh Indexer] *********************** skipping: [centos-agent] fatal: [centos-manager -> localhost]: FAILED! => {"changed": false, "msg": "The shell action failed to execute in the expected time frame (3) and was terminated"} ...ignoring TASK [host_checker : Check the connection between Controller node and Wazuh Indexer] *** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : set_fact] ************************************************* ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Verify if any check have failed] ************************** skipping: [centos-manager] skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 centos-manager : ok=9 changed=4 unreachable=0 failed=0 skipped=11 rescued=0 ignored=1 PLAY [Configure Linux agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] ok: [ubuntu-agent] TASK [Create directory to monitor] ********************************************* changed: [centos-agent] changed: [ubuntu-agent] TASK [Add directory to syscheck configuration] ********************************* TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [ubuntu-agent] skipping: [centos-agent] TASK [Restart Wazuh] *********************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [ubuntu-agent] skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [ubuntu-agent] skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.6.105", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no -i /home/mauro/ephemeral.pem", "ansible_user": "qa", "ansible_winrm_server_cert_validation": "ignore", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.6.105", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no -i /home/mauro/ephemeral.pem", "ansible_user": "qa", "ansible_winrm_server_cert_validation": "ignore", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] ok: [centos-agent] TASK [Delete a file from the monitored folder] ********************************* ok: [ubuntu-agent] ok: [centos-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Wait for alert to be generated] ****************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
------------------------------Captured stderr call------------------------------
2022-08-29 14:42:34,590 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 14:42:34,591 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 14:42:34,591 - wazuh_testing - ERROR - Results expected: 1
-------------------------------Captured log call--------------------------------
ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Linux agent environment] ***************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete syscheck configuration] ******************************************* changed: [centos-agent] changed: [ubuntu-agent] TASK [Delete folder] *********************************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [ubuntu-agent] skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [ubuntu-agent] skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Packages	{"pluggy": "0.13.1", "py": "1.10.0", "pytest": "6.2.2"}
Platform	Linux-5.15.0-46-generic-x86_64-with-glibc2.35
Plugins	{"html": "3.1.1", "metadata": "2.0.1", "testinfra": "5.0.0"}
Python	3.8.10

3166-T3-R3-e2e-mauromalara.html

Environment

Summary

Results

Result	Test	Duration
No results found. Try to check the filters
Failed	tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[delete_file_linux]	153.55
configure_environment = None metadata = {'description': 'Delete a file and check generated alerts', 'extra': {'syscheck.path': '\\/tmp\\/test_demo_fim\\/monit...r', 'mode': 493, 'path': '/tmp/test_demo_fim/monitored_file.txt', 'state': 'absent'}, 'name': 'delete_file_linux', ...} get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.6.105' generate_events = None, clean_alerts_index = None @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning') @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids) def test_fim_linux(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events, clean_alerts_index): ''' description: Check that an alert is generated and indexed for FIM events. test_phases: - Set a custom Wazuh configuration. - Create, modify and delete a file to generate event. - Check in the alerts.json log that the expected alert has been triggered and get its timestamp. - Check that the obtained alert from alerts.json has been indexed. wazuh_min_version: 4.4.0 tier: 0 parameters: - configurate_environment: type: fixture brief: Set the wazuh configuration according to the configuration playbook. - metadata: type: dict brief: Wazuh configuration metadata. - get_dashboard_credentials: type: fixture brief: Get the wazuh dashboard credentials. - generate_events: type: fixture brief: Generate events that will trigger the alert according to the generate_events playbook. - clean_alerts_index: type: fixture brief: Delete obtained alerts.json and alerts index. assertions: - Verify that the alert has been triggered. - Verify that the same alert has been indexed. input_description: - The `configuration.yaml` file provides the module configuration for this test. - The `generate_events.yaml`file provides the function configuration for this test. ''' rule_id = metadata['rule.id'] rule_level = metadata['rule.level'] rule_description = metadata['rule.description'] syscheck_path = metadata['extra']['syscheck.path'] timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+\|-]\d+' expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})","rule":{{"level":{rule_level},' \ fr'"description":"{rule_description}","id":"{rule_id}"."syscheck":{{"path":' \ fr'"{syscheck_path}".\}}' expected_indexed_alert = fr'."path": "{syscheck_path}"."rule":."level": {rule_level},."description": ' \ fr'"{rule_description}"."timestamp": "({timestamp_regex})".' # Check that alert has been raised and save timestamp > raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json, timeout=fw.T_5, error_message='The alert has not occurred').result() tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py:117: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, /usr/local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7f8508db34f0>, timeout = 5 callback = <function make_callback.<locals>.<lambda> at 0x7f8509175280>, accum_results = 1, update_position = True timeout_extra = 0, error_message = 'The alert has not occurred' def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0, error_message=''): """Start the queue monitoring until the stop method is called.""" if not self._continue: self._continue = True self._abort = False result = None while self._continue: if self._abort: self.stop() if error_message: logger.error(error_message) logger.error(f"Results accumulated: " f"{len(result) if isinstance(result, list) else 0}") logger.error(f"Results expected: {accum_results}") > raise TimeoutError(error_message) E TimeoutError: The alert has not occurred /usr/local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError -----------------------------Captured stdout setup------------------------------ PLAY [localhost] ************************************************************* TASK [Gathering Facts] ***************************************************** ok: [localhost] TASK [Generate a general validation playbook] ****************************** changed: [localhost] PLAY RECAP ***************************************************************** localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 PLAY [General validation phase] ******************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Set flag and informative variable] ******************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Check default Python version (Linux)] ***************** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Get Python version (Windows)] ************************* skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check default Python version (Windows)] *************** skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check OS (Linux)] ************************************* skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : Check OS (Windows)] *********************************** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ********************************************** TASK [service_controller : Get installation type] ************************** changed: [centos-manager] changed: [centos-agent] TASK [host_checker : Populate services facts] ****************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Check the status of Wazuh components (Manager)] ******* skipping: [centos-manager] => (item=wazuh-manager.service) skipping: [centos-manager] => (item=wazuh-indexer.service) skipping: [centos-manager] => (item=filebeat.service) skipping: [centos-agent] => (item=wazuh-manager.service) skipping: [centos-agent] => (item=wazuh-indexer.service) skipping: [centos-agent] => (item=filebeat.service) TASK [host_checker : set_fact] ********************************************* skipping: [centos-manager] ok: [centos-agent] TASK [host_checker : Check the status of Wazuh Agent] ********************** skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ********************************************** TASK [service_controller : Get installation type] ************************** changed: [centos-manager] changed: [centos-agent] TASK [host_checker : Run filebeat test] ************************************ skipping: [centos-agent] changed: [centos-manager] TASK [host_checker : Check the connection between Filebeat and Wazuh Indexer] * skipping: [centos-manager] skipping: [centos-agent] TASK [Get Wazuh installation] ************************************************ TASK [service_controller : Get installation type] ************************** changed: [centos-agent] changed: [centos-manager] TASK [host_checker : Test connection with Wazuh Indexer] ******************* skipping: [centos-agent] fatal: [centos-manager -> localhost]: FAILED! => {"changed": false, "msg": "The shell action failed to execute in the expected time frame (3) and was terminated"} ...ignoring TASK [host_checker : Check the connection between Controller node and Wazuh Indexer] * skipping: [centos-manager] skipping: [centos-agent] TASK [host_checker : set_fact] *********************************************** ok: [centos-manager] ok: [centos-agent] TASK [host_checker : Verify if any check have failed] ********************** skipping: [centos-manager] skipping: [centos-agent] PLAY RECAP ***************************************************************** centos-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 centos-manager : ok=9 changed=4 unreachable=0 failed=0 skipped=11 rescued=0 ignored=1 PLAY [Configure Linux agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Create directory to monitor] ***************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Add directory to syscheck configuration] ***************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [ubuntu-agent] skipping: [centos-agent] TASK [Restart Wazuh] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] skipping: [centos-agent] PLAY RECAP ***************************************************************** centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.6.105", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no -i /home/mauro/ephemeral.pem", "ansible_user": "qa", "ansible_winrm_server_cert_validation": "ignore", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.6.105", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no -i /home/mauro/ephemeral.pem", "ansible_user": "qa", "ansible_winrm_server_cert_validation": "ignore", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Delete a file from the monitored folder] ***************************** ok: [ubuntu-agent] ok: [centos-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-agent : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ------------------------------Captured stderr call------------------------------ 2022-08-29 14:42:34,590 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 14:42:34,591 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 14:42:34,591 - wazuh_testing - ERROR - Results expected: 1 -------------------------------Captured log call-------------------------------- ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Linux agent environment] ************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete syscheck configuration] *************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Delete folder] ******************************************************* changed: [centos-agent] changed: [ubuntu-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] skipping: [centos-agent] PLAY RECAP ******************************************************************* centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0