Syscheck automated tests: 'recursion_level' option

[CarlosRS9]

Working branch
fim-integration-tests-recursion

Description

This issue is part of the roadmap in #7.

The maximum_recursion_level tag is used to configure the maximum recursion level allowed for a specific directory so syscheck will generate alerts for all files up to the indicated directory level but will ignore the rest.

According to documentation, using the following directory structure and recursion_level="3":

folder_test
├── file_0.txt
└── level_1
    ├── file_1.txt
    └── level_2
        ├── file_2.txt
        └── level_3
            ├── file_3.txt
            └── level_4
                ├── file_4.txt
                └── level_5
                    └── file_5.txt

We will receive alerts for all files up to folder_test/level_1/level_2/level_3/ but we won’t receive alerts from any directory deeper than level_3.

The maximum_recursion_level must be an integer between 0 and 320.

Subtasks

• Realtime
  • Monitor and ignore files with Default Recursion Level
  • Monitor one folder and ignore all subdirectories with Recursion Level 0
  • Monitor one folder and its level 1 subdirectory but ignore the rest with Recursion Level 1
  • Monitor one folder and its subdirectories until level 5 with Recursion Level 5
  • Monitor files on the deepest subdirectory level with recursion level 320
• Whodata
  • Monitor and ignore files with Default Recursion Level
  • Monitor one folder and ignore all subdirectories with Recursion Level 0
  • Monitor one folder and its level 1 subdirectory but ignore the rest with Recursion Level 1
  • Monitor one folder and its subdirectories until level 5 with Recursion Level 5
  • Monitor files on the deepest subdirectory level with recursion level 320
• Scheduled
  • Monitor and ignore files with Default Recursion Level
  • Monitor one folder and ignore all subdirectories with Recursion Level 0
  • Monitor one folder and its level 1 subdirectory but ignore the rest with Recursion Level 1
  • Monitor one folder and its subdirectories until level 5 with Recursion Level 5
  • Monitor files on the deepest subdirectory level with recursion level 320

[CarlosRS9]

Status update

Summary

Development of realtime part is finished. I'm currently working on the Whodata ones. Directory names with and without spaces are being used on this tests. I am also working on improving performance of the test.

Difficulties

• Its seems whodata stop monitoring after certain conditions are met. I'm currently investigating this and trying to discover the root cause of this behaviour.
• Current test took too much time to complete because the have to perform a lot of operations.

Tests performed

This is the current status of the test_recursion_level, without whodata ones:

=================== 122 passed, 174 skipped in 328.73s (0:05:28) ===================

Pending

• Adapt the test to whodata. This is almost done. Only the Monitor files on the deepest subdirectory level with recursion level 320 remains.
• Improve performance of test to reduce the time they take to complete.
• Scheduled tests.

[CarlosRS9]

Status update

Summary

The code has been refactored to improve performance.

Whodata implementation has been done and its under testing. Some tests fails due to whodata. I am investigating this.

Difficulties

• A lot of time has been spent in finding out that the errors we were having were because of whodata.
• I had to read and understand all the code from other tests to use already existing functions.
• I had to refactor a lot of code to improve performance.
• Whodata and scheduled implementations are having some strange behaviors.

Pending

• Scheduled test implementation has started but is still under development. Further analysis and testing has to be done.
• Further improvement on performance are needed. I want to get more information about pytest fixture to accomplish this.

[CarlosRS9]

Status update

Summary

Development of realtime and scheduled time is finished. The Whodata part is ongoing as there is a problem with the "Monitor files on the deepest subdirectory level with recursion level 320" test. All other Whodata tests are also finished and working as expected.

Tests performed

Here are the current execution times of each part:

Realtime:

===================== 48 passed, 96 skipped in 265.50s (0:04:25) =====================

Scheduled:

============== 48 passed, 96 skipped in 6739698.83s (78 days, 0:08:18) ===============

We have to change date for the scheduled tests so ignore the times.

Difficulties

• Current test took too much time to complete because the have to perform a lot of operations.
• Its seems whodata stop monitoring after certain conditions are met. Those are related to the deepest subdirectory level test.
• A lot of time has been spent seting up vagrant to properly test scheduled part.
• For some reasons the first test of each part was always failing, no matter which test was.

Pending

• Find the cause of the whodata failure and fix/report it.
• Further improvement on performance may be possible.

[CarlosRS9]

Summary

Development is finished. Now tests are running for scheduled, whodata and realtime mode.

A recursive test over the directories (test_recursion) has been added. Fixed a bug causing the first test always fails. The code quality has been increased and the performance has improved (less time needed to complete the tests).

Two of the Whodata tests are failing due to an issue with this module. This has been reported.

Tests

Realtime Test:

===================== 8 passed, 16 skipped in 179.66s (0:02:59) =====================

Whodata Test:

================ 2 failed, 6 passed, 16 skipped in 205.09s (0:03:25) ================

Scheduled Test:

============== 8 passed, 16 skipped in 4212261.55s (48 days, 18:04:21) ===============

We have to change date for some tests so the time spent is not accurate.