Verified Commit dc35097c authored by Loïc Dachary's avatar Loïc Dachary
Browse files
parent 9c95ad87
......@@ -8,8 +8,8 @@
- import_playbook: ../bind/bind-client-playbook.yml
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: ../postfix/postfix-playbook.yml
- import_playbook: test-wazuh-playbook.yml
# see ../wekan/playbook.yml for a
# tests if wazuh-agent-playbook.yml is safe to include when there is no wazuh host
- import_playbook: wazuh-manager-playbook.yml
- import_playbook: wazuh-agent-playbook.yml
- import_playbook: test-wazuh-playbook.yml
......@@ -155,3 +155,21 @@ def test_wazuh_syscheck(host, pytestconfig):
def test_wazuh_vulnerability_detector(host):
with host.sudo():
host.file("/var/ossec/queue/vulnerabilities/cve.db").exists
host.file("/var/ossec/logs/ossec.log").contains('Finished vulnerability assessment')
def test_wazuh_vulnerability_ignored(host):
with host.sudo():
host.run("""
systemctl stop wazuh-manager
rm /var/ossec/logs/alerts/alerts.log
rm /var/ossec/queue/vulnerabilities/cve.db
apt-get install -y libbsd0=0.9.1-2
systemctl start wazuh-manager
""")
@retry.retry(AssertionError, tries=8)
def get_alert():
host.file("/var/ossec/logs/alerts/alerts.log").contains('non-upgradeable packages')
host.file("/var/ossec/logs/alerts/alerts.log").contains('libbsd0')
get_alert()
......@@ -80,3 +80,19 @@
ssl_manager_cert: 'sslmanager.cert'
ssl_manager_key: 'sslmanager.key'
ssl_auto_negotiate: 'no'
tasks:
- name: /var/ossec/etc/rules/local_rules.xml
copy:
content: |
<!-- Local rules -->
<group name="vulnerability-detector">
<rule id="100010" level="0">
<if_sid>23506</if_sid>
<field name="vulnerability.cve">CVE-2019-20367</field>
<description>Vulnerable non-upgradeable packages</description>
</rule>
</group>
dest: /var/ossec/etc/rules/local_rules.xml
mode: 0444
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment