FIM Windows Agent - Case: Windows audit interval changed

[damarisg]

Description

FIM tests have many flaws inconsistently. So our goal is to achieve consistent behavior.
The results are attached.

Folder Path	Results	Date	By	Status
test_fim/test_files/test_windows_audit_interval	ResultsWindowsAuditInterval.zip	2021/09/30	Daniela	🔴

Related to
#1873

Pipeline parameters

Jenkins branch	QA branch
v4.2.1-rc1	1873-4.2.1-fim-windows-agent

Packages details

Packages Info

Type	Format	Architecture	Versión	Revision	Tag	File name
Server	rpm	x86_64	v4.2.1	40214	v4.2.1	wazuh-manager-4.2.1-0.1873.x86_64.rpm
Agent	rpm	x86_64	v4.2.1	40214	v4.2.1	wazuh-agent-4.2.1-0.1873.x86_64.rpm
Agent	msi (Windows)	x86_64	v4.2.1	40214	v4.2.1	wazuh-agent-4.2.1-0.1873.msi
Agent	pkg (macOS)	x86_64	v4.2.1	40214	v4.2.1	wazuh-agent-4.2.1-0.1873.pkg
Agent	p5p (Solaris 11)	x86_64	v4.2.1	40214	v4.2.1	wazuh-agent_v4.2.1-0.1873-sol11-i386.p5p​
Agent	p5p (Solaris 10)	x86_64	v4.2.1	40214	v4.2.1	wazuh-agent_v4.2.1-0.1873-sol10-i386.pkg
Agent	wpk (Linux)	x86_64	v4.2.1	40214	v4.2.1	wazuh_agent_v4.2.1-0.1873_linux_x86_64.wpk
Agent	wpk (Windows)	x86_64	v4.2.1	40214	v4.2.1	wazuh_agent_v4.2.1-0.1873_windows.wpk

Note: The tag is v4.2.1 but for now, to create it on jenkins you need to use v4.2.1-rc1.

local_internal_options.conf

Manager

syscheck.debug=2
analysisd.debug=2
monitord.rotate_log=0

Agent

agent.debug=2
syscheck.debug=2
monitord.rotate_log=0
windows.debug=2

Environment

Provider	Box	OS	CPU	Memory
Vagrant	"gusztavvargadr/windows-10"	Windows	2	2048

pytest_args

-v --tier 0 --tier 1 --tier 2 --fim_mode="realtime" --fim_mode="whodata"

Development

Fix test_fim/test_files/test_windows_audit_interval to Windows.

If the test work successfully after 2 times, you should see if other member could be verify that it woks successfully.

Tasks

• Research about the Test Case.
• Fix the Test Case.
• Verify that each execution works successfully. (Full Green - Attach evidence.)
• Verify that cover scheduled, realtime, and whodata. Research if this case require all args, or only one.

[Deblintrake09]

Test Results 2021/10/04

Tests were run with modules disabled, from new VMS created from scratch, each instance. After this results, help was requested from the core-fim team, who said the test passed for them.

Round	OS - Manager/Agent - Module	Date	By	Reports	Notes
R1	Windows 10 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/04	@Deblintrake09	🔴	-
R2	Windows 10 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/04	@Deblintrake09	🔴	-
R3	Windows 10 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/04	@Deblintrake09	🔴	-

Test Results 2021/10/05

More debugging runs on new VMs. Only 1 test execution example added. Ran more than 20 instances during debbuging.

Round	OS - Manager/Agent - Module	Date	By	Reports	Notes
R1	Windows 10 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/05	@Deblintrake09	🔴	-

Test Results 2021/10/06

On further research, it was found that the tests fail on Windows 10 systems. When testing on Windows Server 2016 and Windows7, tests pass successfully.

Round	OS - Manager/Agent - Module	Date	By	Reports	Notes
R1	Windows Server 2016 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/06	@Deblintrake09	🟢	-
R2	Windows Server 2016 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/06	@Deblintrake09	🟢	-
R3	Windows Server 2016 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/06	@Deblintrake09	🟢	-
R4	Windows Server 2016 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/06	@Deblintrake09	🟢	-
R1	Windows 7 - Agent - test_fim/test_files/test_windows_audit_interval	2021/10/05	José Luis Carreras	🟢	-

[damarisg]

I attach results after to merged #1996 and #1984 with the fix to verify that it continues working.

Results	Date	by	Status
Results.zip	2021/10/06	Seyla	🟢