Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate MacOS pkgs suppport #3974

Closed
BelenValdivia opened this issue Feb 22, 2023 · 6 comments
Closed

Validate MacOS pkgs suppport #3974

BelenValdivia opened this issue Feb 22, 2023 · 6 comments
Assignees
@BelenValdivia
Labels
dev-testing level/task Task issue type/test

Comments

@BelenValdivia
Copy link
Contributor

BelenValdivia commented Feb 22, 2023
edited

Target version Related issue Related PR Test planning
4.6.0 wazuh/wazuh#15877 wazuh/wazuh#16117 #3933

Description

This issue aims to add support to Syscollector for MacPorts package manager in Mac OS agents.
Parse the information from the package manager database (registry.db), an SQLite database, to get the information about installed packages.

Proposed checks

  • Test that installed packages are in the inventory on MacOS

    Scenario Outline 1: Check that the package information is in the agent database in the manager 
    Given  I install the wazuh agent "<version>"  in a macOS VM  
When  I install the  "<package>" in the agent
Then the information about the package installed is in the agent database in the manager

Examples:
|  version           | package              |
| -------------------|  ------------------- |
|  4.6               |  namp                |
|  4.6               |  htop                |
|  4.6               |  ranger              |
@BelenValdivia BelenValdivia self-assigned this Feb 22, 2023
@BelenValdivia BelenValdivia mentioned this issue Feb 22, 2023
Closed
5 tasks
@BelenValdivia
Copy link
Contributor Author

06/06/2023

  • Tried to generate macos installer
  • Errors with VirtualBox
  • Solved problem with virtualbox
  • Downlading macos box to generate installer

@BelenValdivia
Copy link
Contributor Author

BelenValdivia commented Mar 7, 2023
edited by Dwordcito

Review data

Tester PR commit
@BelenValdivia wazuh/wazuh@24105ba

Testing environment

OS Deployment Image/AMI Notes
CentOS 8 local qactl/centos_8
MacOS local danimaetrix/macOS-mojave

Tested packages

System Manager Agent
CentOS 8 Installed from sources
MacOS Installed from sources

Status

@BelenValdivia
Copy link
Contributor Author

BelenValdivia commented Mar 8, 2023
edited

Testing results

Fresh install

Scenario Outline 1: Check that the package information is in the agent database in the manager 🟢
  • Case 1: Check Htop package 🟢

    1. Install the Wazuh agent from sources in a MacOS VM

    2. Install the Wazuh manager from sources

    3. Install MacPorts

    4. Check packages in the registry database in the agent

      sh-3.2# sqlite3  /opt/local/var/macports/registry/registry.db 'select count(*) from ports where state = "installed"' --line
count(*) = 22

    5. Check packages in the agent database in the manager

      [root@centos-manager3 wazuh]# sqlite3 /var/ossec/queue/db/002.db 'select count(*) from sys_programs where format = 
"macports"' --line
count(*) = 22

    6. Install Htop : sudo port install htop

    7. Check htop package in registry.db

      id = 12
name = htop
portfile = 35471d9a557bf5321cdcfe08b0f764172b988c7b50e4216a7856dd1a7130fa6c-1323
location = /opt/local/var/macports/software/htop/htop-3.2.2_0.darwin_18.x86_64.tbz2
epoch = 1
version = 3.2.2
revision = 0
variants =
requested_variants =
state = installed
date = 1678215051
installtype = image
archs = x86_64
requested = 1
os_platform = darwin
os_major = 18
cxx_stdlib = none
cxx_stdlib_overridden = 0

    8. Check that htop package is in the agent database in the manager

      [root@centos-manager3 vagrant]# sqlite3 /var/ossec/queue/db/002.db 'select *  from sys_programs where name = "htop"' --line
     scan_id = 0
   scan_time = 2023/03/07 18:51:07
      format = macports
        name = htop
    priority =
     section =
        size = 0
      vendor =
install_time = 2023/03/07 10:30:27
     version = 3.2.2
architecture = x86_64
   multiarch =
      source =
 description =
    location = /opt/local/var/macports/software/htop/htop-3.2.2_0.darwin_18.x86_64.tbz2
     triaged = 0
         cpe =
    msu_name =
    checksum = 2b36287424c69db0e7f9cf525ffaaf81ee17172b
     item_id = d7d45a904d7f5ac1110cf7466fa2717099edc8e8
  • Case 2: Check Ranger package 🟢

    1. Install the Wazuh agent from sources in a MacOS VM

    2. Install the Wazuh manager from sources

    3. Install MacPorts

    4. Check packages in the registry database in the agent

      sh-3.2# sqlite3  /opt/local/var/macports/registry/registry.db 'select count(*) from ports where state = "installed"' --line
count(*) = 23

    5. Check packages in the agent database in the manager

      [root@centos-manager3 wazuh]# sqlite3 /var/ossec/queue/db/002.db 'select count(*) from sys_programs where format = 
"macports"' --line
count(*) = 23

    6. Install Ranger : sudo port install ranger

    7. Check ranger package in registry.db

      id = 23
name = ranger
portfile = 02fba9f85f86b562fc2dd0816c68d332d871b9a3087e298f7935bc06fd162e33-1211
location = /opt/local/var/macports/software/ranger/ranger-1.9.3_3.darwin_any.noarch.tbz2
epoch = 0
version = 1.9.3
revision = 3
variants =
requested_variants =
state = installed
date = 1678215242
installtype = image
archs = noarch
requested = 1
os_platform = darwin
os_major = 18
cxx_stdlib = none
cxx_stdlib_overridden = 0

    8. Check that ranger package is in the agent database in the manager

      [root@centos-manager3 vagrant]# sqlite3 /var/ossec/queue/db/002.db 'select *  from sys_programs where name = "ranger"' --line
     scan_id = 0
   scan_time = 2023/03/07 18:54:25
      format = macports
        name = ranger
    priority =
     section =
        size = 0
      vendor =
install_time = 2023/03/07 10:33:40
     version = 1.9.3
architecture = noarch
   multiarch =
      source =
 description =
    location = /opt/local/var/macports/software/ranger/ranger-1.9.3_3.darwin_any.noarch.tbz2
     triaged = 0
         cpe =
    msu_name =
    checksum = f1b6df5296a0efb4b045fad0188e0b05dfe80ec5
     item_id = ecfda01d328c25ac27dfdf89743e858841496d43
  • Case 3: Check Nmap package 🟢

    1. Install the Wazuh agent from sources in a MacOS VM

    2. Install the Wazuh manager from sources

    3. Install MacPorts

    4. Check packages in the registry database in the agent

      sh-3.2# sqlite3  /opt/local/var/macports/registry/registry.db 'select count(*) from ports where state = "installed"' --line
count(*) = 24

    5. Check packages in the agent database in the manager

      [root@centos-manager3 wazuh]# sqlite3 /var/ossec/queue/db/002.db 'select count(*) from sys_programs where format = 
"macports"' --line
count(*) = 24

    6. Install Nmap : sudo port install nmap

    7. Check nmap package in registry.db

      id = 11
name = nmap
portfile = 1bc2f4132c94543bce956bd79a5137f469d84d428a65db2c58c4ecefdb3d31e5-2642
location = /opt/local/var/macports/software/nmap/nmap-7.93_0+pcre+ssl.darwin_18.x86_64.tbz2
epoch = 0
version = 7.93
revision = 0
variants = +pcre+ssl
requested_variants =
state = installed
date = 1678212582
installtype = image
archs = x86_64
requested = 1
os_platform = darwin
os_major = 18
cxx_stdlib = libc++
cxx_stdlib_overridden = 0

    8. Check that nmap package is in the agent database in the manager

      [root@centos-manager3 vagrant]# sqlite3 /var/ossec/queue/db/002.db 'select *  from sys_programs where name = "nmap"' --line
     scan_id = 0
   scan_time = 2023/03/07 18:38:25
      format = macports
        name = nmap
    priority =
     section =
        size = 0
      vendor =
install_time = 2023/03/07 10:05:24
     version = 7.93
architecture = x86_64
   multiarch =
      source =
 description =
    location = /opt/local/var/macports/software/nmap/nmap-7.93_0+pcre+ssl.darwin_18.x86_64.tbz2
     triaged = 0
         cpe =
    msu_name =
    checksum = 621b8d2d35a134bd70e2a64885ba70080c97ac5d
     item_id = a9bde721776c7b7e88a3830dbcc225e07ce84581

Upgrade

Scenario Outline 1: Check that the package information is in the agent database in the manager 🟢
  • Case 1: Check Htop package 🟢

    1. Upgrade the Wazuh agent from sources in a MacOS VM, 4.3.10 to version with the fix

    2. Upgrade the Wazuh manager from sources, 4.3.10 to version with the fix

    3. Install MacPorts

    4. Check packages in the registry database in the agent

      sh-3.2# sqlite3  /opt/local/var/macports/registry/registry.db 'select count(*) from ports where state = "installed"' --line
count(*) = 22

    5. Check packages in the agent database in the manager

      [root@centos-manager3 wazuh]# sqlite3 /var/ossec/queue/db/001.db 'select count(*) from sys_programs where format = 
"macports"' --line
count(*) = 22

    6. Install Htop : sudo port install htop

    7. Check htop package in registry.db

      id = 12
name = htop
portfile = 35471d9a557bf5321cdcfe08b0f764172b988c7b50e4216a7856dd1a7130fa6c-1323
location = /opt/local/var/macports/software/htop/htop-3.2.2_0.darwin_18.x86_64.tbz2
epoch = 1
version = 3.2.2
revision = 0
variants =
requested_variants =
state = installed
date = 1678215051
installtype = image
archs = x86_64
requested = 1
os_platform = darwin
os_major = 18
cxx_stdlib = none
cxx_stdlib_overridden = 0

    8. Check that htop package is in the agent database in the manager

      [root@centos-manager3 vagrant]# sqlite3 /var/ossec/queue/db/001.db 'select *  from sys_programs where name = "htop"' --line
     scan_id = 0
   scan_time = 2023/03/07 20:09:33
      format = macports
        name = htop
    priority =
     section =
        size = 0
      vendor =
install_time = 2023/03/07 12:50:51
     version = 3.2.2
architecture = x86_64
   multiarch =
      source =
 description =
    location = /opt/local/var/macports/software/htop/htop-3.2.2_0.darwin_18.x86_64.tbz2
     triaged = 0
         cpe =
    msu_name =
    checksum = 2b36287424c69db0e7f9cf525ffaaf81ee17172b
     item_id = d7d45a904d7f5ac1110cf7466fa2717099edc8e8
  • Case 2: Check Ranger package 🟢

    1. Upgrade the Wazuh agent from sources in a MacOS VM, 4.3.10 to version with the fix

    2. Upgrade the Wazuh manager from sources, 4.3.10 to version with the fix

    3. Install MacPorts

    4. Check packages in the registry database in the agent

      sh-3.2# sqlite3  /opt/local/var/macports/registry/registry.db 'select count(*) from ports where state = "installed"' --line
count(*) = 25

    5. Check packages in the agent database in the manager

      [root@centos-manager3 wazuh]# sqlite3 /var/ossec/queue/db/001.db 'select count(*) from sys_programs where format = 
"macports"' --line
count(*) = 25

    6. Install Ranger : sudo port install ranger

    7. Check ranger package in registry.db

      id = 23
name = ranger
portfile = 02fba9f85f86b562fc2dd0816c68d332d871b9a3087e298f7935bc06fd162e33-1211
location = /opt/local/var/macports/software/ranger/ranger-1.9.3_3.darwin_any.noarch.tbz2
epoch = 0
version = 1.9.3
revision = 3
variants =
requested_variants =
state = installed
date = 1678215242
installtype = image
archs = noarch
requested = 1
os_platform = darwin
os_major = 18
cxx_stdlib = none
cxx_stdlib_overridden = 0

    8. Check that ranger package is in the agent database in the manager

      [root@centos-manager3 vagrant]# sqlite3 /var/ossec/queue/db/001.db 'select *  from sys_programs where name = "ranger"' --line
     scan_id = 0
   scan_time = 2023/03/07 20:09:35
      format = macports
        name = ranger
    priority =
     section =
        size = 0
      vendor =
install_time = 2023/03/07 12:54:02
     version = 1.9.3
architecture = noarch
   multiarch =
      source =
 description =
    location = /opt/local/var/macports/software/ranger/ranger-1.9.3_3.darwin_any.noarch.tbz2
     triaged = 0
         cpe =
    msu_name =
    checksum = f1b6df5296a0efb4b045fad0188e0b05dfe80ec5
     item_id = ecfda01d328c25ac27dfdf89743e858841496d43
  • Case 3: Check Nmap package 🟢

    1. Upgrade the Wazuh agent from sources in a MacOS VM, 4.3.10 to version with the fix

    2. Upgrade the Wazuh manager from source, 4.3.10 to version with the fix

    3. Install MacPorts

    4. Check packages in the registry database in the agent

      sh-3.2# sqlite3  /opt/local/var/macports/registry/registry.db 'select count(*) from ports where state = "installed"' --line
count(*) = 24

    5. Check packages in the agent database in the manager

      [root@centos-manager3 wazuh]# sqlite3 /var/ossec/queue/db/001.db 'select count(*) from sys_programs where format = 
"macports"' --line
count(*) = 24

    6. Install Nmap : sudo port install nmap

    7. Check nmap package in registry.db

      id = 11
name = nmap
portfile = 1bc2f4132c94543bce956bd79a5137f469d84d428a65db2c58c4ecefdb3d31e5-2642
location = /opt/local/var/macports/software/nmap/nmap-7.93_0+pcre+ssl.darwin_18.x86_64.tbz2
epoch = 0
version = 7.93
revision = 0
variants = +pcre+ssl
requested_variants =
state = installed
date = 1678212582
installtype = image
archs = x86_64
requested = 1
os_platform = darwin
os_major = 18
cxx_stdlib = libc++
cxx_stdlib_overridden = 0

    8. Check that nmap package is in the agent database in the manager

      [root@centos-manager3 vagrant]# sqlite3 /var/ossec/queue/db/001.db 'select *  from sys_programs where name = "nmap"' --line
     scan_id = 0
   scan_time = 2023/03/07 20:09:30
      format = macports
        name = nmap
    priority =
     section =
        size = 0
      vendor =
install_time = 2023/03/07 12:09:42
     version = 7.93
architecture = x86_64
   multiarch =
      source =
 description =
    location = /opt/local/var/macports/software/nmap/nmap-7.93_0+pcre+ssl.darwin_18.x86_64.tbz2
     triaged = 0
         cpe =
    msu_name =
    checksum = 621b8d2d35a134bd70e2a64885ba70080c97ac5d
     item_id = a9bde721776c7b7e88a3830dbcc225e07ce84581

@BelenValdivia
Copy link
Contributor Author

BelenValdivia commented Mar 8, 2023
edited

Conclusion 🟢

The proposed test cases were carried out successfully, both fresh install and upgrade. The behavior is as expected when installing a new package in MacOS

@damarisg
Copy link
Member

damarisg commented Mar 9, 2023

QA review

  • Type: Manual Testing
  • Status: Approved 🟢
  • Comments: Everything seems to work correctly.

@damarisg damarisg mentioned this issue Mar 9, 2023
Merged
6 tasks
@BelenValdivia
Copy link
Contributor Author

QA tests are obsolete, IT tests must be added.

@BelenValdivia BelenValdivia closed this as not planned Won't fix, can't repro, duplicate, stale Jul 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BelenValdivia BelenValdivia

Labels
dev-testing level/task Task issue type/test
Projects
No open projects
Release 4.7.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@damarisg @jmv74211 @BelenValdivia @davidjiglesias