search

wazuh / wazuh-qa

Wazuh - Quality Assurance
GNU General Public License v2.0
64 stars 30 forks source link

Fix analysisd integration tests protocol #849

Closed jesusjimsa closed 3 years ago

jesusjimsa commented 4 years ago

Description

Analysisd integration tests are failing in Wazuh 4.0.0 due to the change in the protocol used for the connection between the agent and the manager. Current analysisd tests use UDP to connect to the socket, but Wazuh 4.0.0 uses TCP. This needs to be changed to fix these tests.

They are printing this error when they fail now:

=========================================================================================== test session starts ============================================================================================
platform linux -- Python 3.6.8, pytest-6.0.1, py-1.9.0, pluggy-0.13.1
rootdir: /home/vagrant/qa/tests/integration, configfile: pytest.ini
plugins: metadata-1.10.0, html-2.0.1, testinfra-5.2.2
collected 36894 items

test_analysisd/test_all_syscheckd_configurations/test_check_rare_socket_responses.py ..................                                                                                              [  0%]
test_analysisd/test_all_syscheckd_configurations/test_check_socket_responses.py FRedirecting to /bin/systemctl status wazuh-manager.service
Redirecting to /bin/systemctl status wazuh-manager.service
Redirecting to /bin/systemctl start wazuh-manager.service

================================================================================================= FAILURES =================================================================================================
__________________________________________________________________________________ test_validate_socket_responses[Added0] __________________________________________________________________________________

configure_mitm_environment = None, connect_to_sockets_module = [<wazuh_testing.tools.monitoring.SocketController object at 0x7f497efdbc88>], wait_for_analysisd_startup = None
test_case = [{'input': '8:syscheck:{"type":"event","data":{"path":"/testdir0/regular","mode":"realtime","type":"added","timestamp"...96fb92427ae41e4649b934ca495991b7852b855", "checksum": "0cae53db223561d1a96bba22e0600a178f6aaeba"}}', 'stage': 'Added'}]

    @pytest.mark.parametrize('test_case',
                             [test_case['test_case'] for test_case in test_cases],
                             ids=[test_case['name'] for test_case in test_cases])
    def test_validate_socket_responses(configure_mitm_environment, connect_to_sockets_module, wait_for_analysisd_startup,
                                       test_case: list):
        """Validate every response from the analysisd socket to the wazuh-db socket.

        This test will catch every response from analysisd to wazuh-db in real-time using the yaml
        `/data/syscheck_events.yaml`.

        Parameters
        ----------
        test_case : dict
            Dict with the input to inject to the analysisd socket and output to expect to be sent to the wazuh-db socket.
        """
        # There is only one stage per test_case
        stage = test_case[0]
        expected = callback_analysisd_message(stage['output'])
>       receiver_sockets[0].send(stage['input'])

test_analysisd/test_all_syscheckd_configurations/test_check_socket_responses.py:68:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.6/site-packages/wazuh_testing-4.0.0-py3.6.egg/wazuh_testing/tools/monitoring.py:310: in send
    raise e
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.SocketController object at 0x7f497efdbc88>
message = '8:syscheck:{"type":"event","data":{"path":"/testdir0/regular","mode":"realtime","type":"added","timestamp":1581438201...f4c8996fb92427ae41e4649b934ca495991b7852b855","checksum":"0cae53db223561d1a96bba22e0600a178f6aaeba"},"tags":"Sample"}}'
size = False

    def send(self, message, size=False):
        """Send a message to the socket.

        Parameters
        ----------
        message : str or bytes
            Message to be sent.
        size : bool, optional
            Flag that indicates if the header of the message includes the size of the message.
            (For example, Analysis doesn't need the size, wazuh-db does). Default `False`

        Returns
        -------
        int
            Size of the sent message
        """
        msg_bytes = message.encode() if isinstance(message, str) else message
        try:
            msg_bytes = wazuh_pack(len(msg_bytes)) + msg_bytes if size is True else msg_bytes
            if self.protocol == socket.SOCK_STREAM:  # TCP
                output = self.sock.sendall(msg_bytes)
            else:  # UDP
>               output = self.sock.sendto(msg_bytes, self.address)
E               OSError: [Errno 91] Protocol wrong type for socket

/usr/local/lib/python3.6/site-packages/wazuh_testing-4.0.0-py3.6.egg/wazuh_testing/tools/monitoring.py:308: OSError
------------------------------------------------------------------------------------------ Captured stderr setup -------------------------------------------------------------------------------------------
Redirecting to /bin/systemctl stop wazuh-manager.service
Redirecting to /bin/systemctl status wazuh-manager.service
2020/08/28 10:55:50 wazuh-db[28450] debug_op.c:69 at _log(): DEBUG: Logging module auto-initialized
2020/08/28 10:55:50 wazuh-db[28450] main.c:103 at main(): DEBUG: Starting ...
Redirecting to /bin/systemctl status wazuh-manager.service
2020/08/28 10:55:50 ossec-analysisd[28474] debug_op.c:69 at _log(): DEBUG: Logging module auto-initialized
2020/08/28 10:55:50 ossec-analysisd[28474] analysisd.c:376 at main(): DEBUG: Starting ...
2020/08/28 10:55:50 ossec-analysisd[28474] analysisd.c:389 at main(): DEBUG: Found user/group ...
2020/08/28 10:55:50 ossec-analysisd[28474] analysisd.c:396 at main(): DEBUG: Active response initialized ...
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:189 at Read_Rules(): DEBUG: Adding decoder dir: ruleset/decoders
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:219 at Read_Rules(): DEBUG: Adding rules dir: ruleset/rules
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:173 at Read_Rules(): DEBUG: Excluding rule: 0215-policy_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:189 at Read_Rules(): DEBUG: Adding decoder dir: etc/decoders
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:219 at Read_Rules(): DEBUG: Adding rules dir: etc/rules
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:274 at Read_Rules(): DEBUG: Reading decoders folder: ruleset/decoders
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0005-wazuh_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0006-json_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0010-active-response_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0015-aix-ipsec_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0025-apache_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0030-arpwatch_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0035-asterisk_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0040-auditd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0045-barracuda_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0050-checkpoint_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0051-checkpoint-smart1_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0055-cimserver_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0060-cisco-estreamer_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0064-cisco-asa_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0065-cisco-ios_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0070-cisco-vpn_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0075-clamav_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0080-courier_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0085-dovecot_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0090-dragon-nids_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0095-dropbear_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0100-fortigate_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0105-freeipa_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0110-ftpd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0115-grandstream_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0120-horde_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0125-hp_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0130-imapd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0135-imperva_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0140-kernel_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0145-mailscanner_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0150-mysql_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0155-named_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0160-netscaler_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0165-netscreen_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0170-nginx_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0175-ntpd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0180-openbsd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0185-openldap_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0190-openvpn_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0195-oscap_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0200-ossec_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0205-pam_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0210-pix_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0215-portsentry_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0220-postfix_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0225-postgresql_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0230-proftpd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0235-puppet_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0240-pure-ftpd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0245-racoon_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0250-redis_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0255-roundcube_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0260-rsa-auth-manager_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0265-rshd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0270-samba_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0275-sendmail_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0280-serv-u_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0285-snort_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0290-solaris_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0295-sonicwall_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0300-sophos_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0305-squid_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0310-ssh_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0315-su_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0320-sudo_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0325-suhosin_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0330-symantec_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0335-telnet_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0340-trend-osce_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0345-unbound_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0350-unix_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0355-vm-pop3_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0360-vmware_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0365-vpopmail_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0370-vsftpd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0375-web-accesslog_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0378-mariadb_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0379-dpkg_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0380-windows_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0385-wordpress_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0390-zeus_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0395-sqlserver_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0400-identity_guard_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0405-mongodb_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0410-docker_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0415-jenkins_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0420-vshell_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0425-qualysguard_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0430-cylance_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0435-owncloud_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0440-proxmox-ve_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0445-exim_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0450-openvas_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0455-pfsense_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0460-kaspersky_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0465-azure_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0470-panda-paps_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0475-mcafee_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0480-perdition_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0485-nextcloud_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0490-junos_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0500-macos-sshd_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: ruleset/decoders/0505-paloalto_decoders.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:274 at Read_Rules(): DEBUG: Reading decoders folder: etc/decoders
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:318 at Read_Rules(): DEBUG: Adding decoder: etc/decoders/local_decoder.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:331 at Read_Rules(): DEBUG: Reading rules folder: ruleset/rules
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0010-rules_config.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0015-ossec_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0016-wazuh_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0020-syslog_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0025-sendmail_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0030-postfix_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0035-spamd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0040-imapd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0045-mailscanner_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0050-ms-exchange_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0055-courier_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0060-firewall_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0065-pix_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0070-netscreenfw_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0075-cisco-ios_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0080-sonicwall_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0085-pam_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0090-telnetd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0095-sshd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0100-solaris_bsm_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0105-asterisk_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0110-ms_dhcp_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0115-arpwatch_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0120-symantec-av_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0125-symantec-ws_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0130-trend-osce_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0135-hordeimp_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0140-roundcube_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0145-wordpress_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0150-cimserver_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0155-dovecot_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0160-vmpop3d_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0165-vpopmail_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0170-ftpd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0175-proftpd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0180-pure-ftpd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0185-vsftpd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0190-ms_ftpd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0195-named_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0200-smbd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0205-racoon_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0210-vpn_concentrator_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0220-msauth_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0225-mcafee_av_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0230-ms-se_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0235-vmware_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0240-ids_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0245-web_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0250-apache_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0255-zeus_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0260-nginx_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0265-php_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0270-web_appsec_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0275-squid_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0280-attack_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0285-systemd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0290-firewalld_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0295-mysql_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0300-postgresql_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0305-dropbear_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0310-openbsd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0315-apparmor_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0320-clam_av_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0325-opensmtpd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0330-sysmon_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0335-unbound_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0340-puppet_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0345-netscaler_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0350-amazon_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0360-serv-u_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0365-auditd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0375-usb_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0380-redis_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0385-oscap_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0390-fortigate_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0395-hp_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0400-openvpn_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0405-rsa-auth-manager_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0410-imperva_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0415-sophos_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0420-freeipa_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0425-cisco-estreamer_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0430-ms_wdefender_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0435-ms_logs_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0440-ms_sqlserver_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0445-identity_guard_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0450-mongodb_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0455-docker_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0460-jenkins_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0470-vshell_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0475-suricata_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0480-qualysguard_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0485-cylance_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0490-virustotal_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0495-proxmox-ve_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0500-owncloud_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0505-vuls_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0510-ciscat_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0515-exim_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0520-vulnerability-detector_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0525-openvas_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0530-mysql_audit_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0535-mariadb_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0540-pfsense_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0545-osquery_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0550-kaspersky_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0555-azure_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0560-docker_integration_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0565-ms_ipsec_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0570-sca_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0575-win-base_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0580-win-security_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0585-win-application_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0590-win-system_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0595-win-sysmon_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0600-win-wdefender_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0601-win-vipre_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0602-win-wfirewall_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0605-win-mcafee_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0610-win-ms_logs_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0615-win-ms-se_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0620-win-generic_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0625-cisco-asa_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0625-mcafee_epo_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0630-nextcloud_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0635-owlh-zeek_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0640-junos_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0675-panda-paps_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0680-checkpoint-smart1_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0685-macos-sshd_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0690-gcp_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: ruleset/rules/0700-paloalto_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:331 at Read_Rules(): DEBUG: Reading rules folder: etc/rules
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:375 at Read_Rules(): DEBUG: Adding rule: etc/rules/local_rules.xml
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:389 at Read_Rules(): DEBUG: Decoders added: 105 / excluded: 0
2020/08/28 10:55:50 ossec-analysisd[28474] rules-config.c:390 at Read_Rules(): DEBUG: Rules added: 133 / excluded: 1
2020/08/28 10:55:50 ossec-analysisd[28474] analysisd.c:403 at main(): DEBUG: Read configuration ...
Redirecting to /bin/systemctl status wazuh-manager.service
Redirecting to /bin/systemctl status wazuh-manager.service
========================================================================================= short test summary info ==========================================================================================
FAILED test_analysisd/test_all_syscheckd_configurations/test_check_socket_responses.py::test_validate_socket_responses[Added0] - OSError: [Errno 91] Protocol wrong type for socket
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! stopping after 1 failures !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
================================================================================= 1 failed, 18 passed in 134.55s (0:02:14) =================================================================================
jesusjimsa commented 3 years ago

I am investigating this error and it seems to be in the ManInTheMiddle class. This class was heavily modified in the pull request that added integration tests for agentd: #768. Some parts were deleted and I suspect that's what causes the error about the wrong protocol. Specifically the part about the class tree: https://github.com/wazuh/wazuh-qa/blob/2391575ffb08bcc45010fb37ed2cfac20e49b38d/deps/wazuh_testing/wazuh_testing/tools/monitoring.py#L731-L750

I will keep looking for a solution and try to fix this to move on with analysisd tests for Windows registry as described here: #904.

jesusjimsa commented 3 years ago

I have finally found the error. In the pull request I mentioned in the previous comment this line was modified: https://github.com/wazuh/wazuh-qa/blob/2391575ffb08bcc45010fb37ed2cfac20e49b38d/deps/wazuh_testing/wazuh_testing/tools/monitoring.py#L596

Now it is: https://github.com/wazuh/wazuh-qa/blob/ee2862c04512fec5d6e8db64e46e339facb2c339/deps%2Fwazuh_testing%2Fwazuh_testing%2Ftools%2Fmonitoring.py#L631

This is causing that, event when ManInTheMiddle is configured for UDP, the TCP class is used. Reverting the change fixes the problem and is working.