afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added more platforms

Browse Source
This commit is contained in:
manuasir 2020-07-28 16:31:45 +02:00
parent bd9ef4cb2d
commit 1cd1a82e8f
3 changed files with 19 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
molecule/default/molecule.yml
View File

@ -7,6 +7,10 @@ lint:
name: yamllint name: yamllint
enabled: false enabled: false
platforms: platforms:
- name: ubuntu1804
image: ubuntu:18.04
- name: debian9
image: debian:9
- name: manager_centos7 - name: manager_centos7
image: milcom/centos7-systemd image: milcom/centos7-systemd
command: /sbin/init command: /sbin/init

12
molecule/default/playbook.yml
View File

@ -4,16 +4,4 @@
roles: roles:
- role: ../../roles/wazuh/ansible-wazuh-manager - role: ../../roles/wazuh/ansible-wazuh-manager
vars: vars:
wazuh_manager_config:
cluster:
disable: 'no'
name: 'wazuh'
node_name: 'manager'
node_type: 'master'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
port: '1516'
bind_addr: '0.0.0.0'
nodes:
- "manager_centos7"
hidden: 'no'
- { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" } - { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" }

62
molecule/default/tests/test_default.py
View File

@ -1,36 +1,22 @@
import os import os
import pytest import pytest
import testinfra.utils.ansible_runner import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "3.10.2" return "3.13.1"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
"""Test if the main packages are installed.""" """Test if the main packages are installed."""
manager = host.package("wazuh-manager") manager = host.package("wazuh-manager")
api = host.package("wazuh-api") api = host.package("wazuh-api")
assert manager.is_installed
distribution = host.system_info.distribution.lower() assert manager.version.startswith(get_wazuh_version())
if distribution == 'centos': assert api.is_installed
if host.system_info.release == "7": assert api.version.startswith(get_wazuh_version())
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
assert api.is_installed
assert api.version.startswith(get_wazuh_version())
elif host.system_info.release.startswith("6"):
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
elif distribution == 'ubuntu':
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host): def test_wazuh_services_are_running(host):
"""Test if the services are enabled and running. """Test if the services are enabled and running.
@ -40,50 +26,32 @@ def test_wazuh_services_are_running(host):
""" """
manager = host.service("wazuh-manager") manager = host.service("wazuh-manager")
api = host.service("wazuh-api") api = host.service("wazuh-api")
# assert manager.is_running
distribution = host.system_info.distribution.lower() assert manager.is_enabled
if distribution == 'centos': # assert api.is_running
# assert manager.is_running assert api.is_enabled
assert manager.is_enabled
# assert not api.is_running
assert api.is_enabled
elif distribution == 'ubuntu':
# assert manager.is_running
assert manager.is_enabled
# assert api.is_running
assert api.is_enabled
@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), ("/var/ossec/etc/rules/local_rules.xml", "ossec", "root", 0o640),
("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), ("/var/ossec/etc/lists/audit-keys", "ossec", "root", 0o640),
]) ])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test if Wazuh related files exist and have proper owners and mode.""" """Test if Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file) wazuh_file_host = host.file(wazuh_file)
assert wazuh_file_host.user == wazuh_owner assert wazuh_file_host.user == wazuh_owner
assert wazuh_file_host.group == wazuh_group assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode assert wazuh_file_host.mode == wazuh_mode
def test_open_ports(host): def test_open_ports(host):
"""Test if the main port is open and the agent-auth is not open.""" """Test if the main port is open and the agent-auth is not open."""
distribution = host.system_info.distribution.lower() assert host.socket("tcp://1515").is_listening
if distribution == 'ubuntu': assert host.socket("tcp://1514").is_listening
assert host.socket("tcp://0.0.0.0:1516").is_listening
assert host.socket("tcp://0.0.0.0:1515").is_listening
assert host.socket("tcp://0.0.0.0:1514").is_listening
elif distribution == 'centos':
assert host.socket("tcp://0.0.0.0:1516").is_listening
assert host.socket("tcp://127.0.0.1:1515").is_listening
assert host.socket("tcp://127.0.0.1:1514").is_listening
def test_filebeat_is_installed(host): def test_filebeat_is_installed(host):
"""Test if the elasticsearch package is installed.""" """Test if the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.3.2') assert filebeat.version.startswith('7.8.0')