diff --git a/.github/.goss.yaml b/.github/.goss.yaml index a345bac4..8ef1b8bb 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -1,3 +1,53 @@ +file: + /etc/filebeat/filebeat.yml: + exists: true + mode: "0644" + owner: root + group: root + filetype: file + contains: [] + /var/ossec/bin/wazuh-control: + exists: true + mode: "0750" + owner: root + group: root + filetype: file + contains: [] + /var/ossec/etc/lists/audit-keys: + exists: true + mode: "0660" + owner: wazuh + group: wazuh + filetype: file + contains: [] + /var/ossec/etc/ossec.conf: + exists: true + mode: "0660" + owner: root + group: wazuh + filetype: file + contains: [] + /var/ossec/etc/rules/local_rules.xml: + exists: true + mode: "0660" + owner: wazuh + group: wazuh + filetype: file + contains: [] + /var/ossec/etc/sslmanager.cert: + exists: true + mode: "0640" + owner: root + group: root + filetype: file + contains: [] + /var/ossec/etc/sslmanager.key: + exists: true + mode: "0640" + owner: root + group: root + filetype: file + contains: [] package: filebeat: installed: true @@ -41,3 +91,13 @@ process: running: true wazuh-modulesd: running: true +user: + wazuh: + exists: true + groups: + - wazuh + home: /var/ossec + shell: /sbin/nologin +group: + wazuh: + exists: true \ No newline at end of file diff --git a/.github/multi-node-fb-check.sh b/.github/multi-node-fb-check.sh deleted file mode 100755 index 36b9686e..00000000 --- a/.github/multi-node-fb-check.sh +++ /dev/null @@ -1,18 +0,0 @@ -fbout1=$(docker exec multi-node_wazuh.master_1 sh -c 'filebeat test output') -fbstatus1=$(echo "${fbout1}" | grep -c OK) -if [[ fbstatus1 -eq 7 ]]; then - echo "No errors in master filebeat" -else - echo "Errors in master filebeat" - echo "${fbout1}" - exit 1 -fi -fbout2=$(docker exec multi-node_wazuh.worker_1 sh -c 'filebeat test output') -fbstatus2=$(echo "${fbout2}" | grep -c OK) -if [[ fbstatus2 -eq 7 ]]; then - echo "No errors in worker filebeat" -else - echo "Errors in worker filebeat" - echo "${fbout2}" - exit 1 -fi \ No newline at end of file diff --git a/.github/multi-node-filebeat-check.sh b/.github/multi-node-filebeat-check.sh new file mode 100755 index 00000000..39a21827 --- /dev/null +++ b/.github/multi-node-filebeat-check.sh @@ -0,0 +1,18 @@ +filebeatout1=$(docker exec multi-node_wazuh.master_1 sh -c 'filebeat test output') +filebeatstatus1=$(echo "${filebeatout1}" | grep -c OK) +if [[ filebeatstatus1 -eq 7 ]]; then + echo "No errors in master filebeat" +else + echo "Errors in master filebeat" + echo "${filebeatout1}" + exit 1 +fi +filebeatout2=$(docker exec multi-node_wazuh.worker_1 sh -c 'filebeat test output') +filebeatstatus2=$(echo "${filebeatout2}" | grep -c OK) +if [[ filebeatstatus2 -eq 7 ]]; then + echo "No errors in worker filebeat" +else + echo "Errors in worker filebeat" + echo "${filebeatout2}" + exit 1 +fi \ No newline at end of file diff --git a/.github/multi-node-log-check.sh b/.github/multi-node-log-check.sh index 5fd97037..bfa1649a 100755 --- a/.github/multi-node-log-check.sh +++ b/.github/multi-node-log-check.sh @@ -1,16 +1,16 @@ log1=$(docker exec multi-node_wazuh.master_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT") if [[ -z "$log1" ]]; then - echo "No errors in master ossec.log" + echo "No errors in master ossec.log" else - echo "Errors in master ossec.log:" - echo "${log1}" - exit 1 + echo "Errors in master ossec.log:" + echo "${log1}" + exit 1 fi log2=$(docker exec multi-node_wazuh.worker_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT") if [[ -z "${log2}" ]]; then - echo "No errors in worker ossec.log" + echo "No errors in worker ossec.log" else - echo "Errors in worker ossec.log:" - echo "${log2}" - exit 1 + echo "Errors in worker ossec.log:" + echo "${log2}" + exit 1 fi \ No newline at end of file diff --git a/.github/single-node-fb-check.sh b/.github/single-node-fb-check.sh deleted file mode 100755 index 47e21dd1..00000000 --- a/.github/single-node-fb-check.sh +++ /dev/null @@ -1,9 +0,0 @@ -fbout=$(docker exec single-node_wazuh.manager_1 sh -c 'filebeat test output') -fbstatus=$(echo "${fbout}" | grep -c OK) -if [[ fbstatus -eq 7 ]]; then - echo "No errors in filebeat" -else - echo "Errors in filebeat" - echo "${fbout}" - exit 1 -fi \ No newline at end of file diff --git a/.github/single-node-filebeat-check.sh b/.github/single-node-filebeat-check.sh new file mode 100755 index 00000000..b2a51ac7 --- /dev/null +++ b/.github/single-node-filebeat-check.sh @@ -0,0 +1,9 @@ +filebeatoutout=$(docker exec single-node_wazuh.manager_1 sh -c 'filebeat test output') +filebeatstatus=$(echo "${filebeatout}" | grep -c OK) +if [[ filebeatstatus -eq 7 ]]; then + echo "No errors in filebeat" +else + echo "Errors in filebeat" + echo "${filebeatout}" + exit 1 +fi \ No newline at end of file diff --git a/.github/single-node-log-check.sh b/.github/single-node-log-check.sh index a65715a2..806e9238 100755 --- a/.github/single-node-log-check.sh +++ b/.github/single-node-log-check.sh @@ -1,8 +1,8 @@ log=$(docker exec single-node_wazuh.manager_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT") if [[ -z "$log" ]]; then - echo "No errors in ossec.log" + echo "No errors in ossec.log" else - echo "Errors in ossec.log:" - echo "${log}" - exit 1 + echo "Errors in ossec.log:" + echo "${log}" + exit 1 fi \ No newline at end of file diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 43d80c5c..e7a0d4aa 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -170,7 +170,7 @@ jobs: - name: Check filebeat output - run: ./.github/single-node-fb-check.sh + run: ./.github/single-node-filebeat-check.sh - name: Check Wazuh dashboard service URL run: | @@ -301,7 +301,7 @@ jobs: - name: Check filebeat output - run: ./.github/multi-node-fb-check.sh + run: ./.github/multi-node-filebeat-check.sh - name: Check Wazuh dashboard service URL run: |