Run Snort and Wazuh Tests Using PowerShell and Testinfra #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…trol over file encoding.
…and launch Snort with default network interface
…iles and launch Snort with default network interface
… writing rules to file
… writing rules to file
This commit refactors the `Install-Snort` function in `snort.ps1` to include the installation of both Npcap and WinPcap. Previously, only Npcap was installed, but now WinPcap is also downloaded and installed using the provided URLs. The environment variables are updated to include the path to the WinPcap installation directory. This change ensures that both Npcap and WinPcap are properly installed and configured for Snort to function correctly. Refactor the `Install-Snort` function in `snort.ps1` to install Snort, Npcap, and WinPcap
The `Install-Snort` function in `snort.ps1` is refactored to remove the installation of WinPcap. Previously, both Npcap and WinPcap were installed, but now only Npcap is downloaded and installed using the provided URL. The environment variables are updated to include the path to the Npcap installation directory. This change ensures that Npcap is properly installed and configured for Snort to function correctly. Refactor the `Install-Snort` function in `snort.ps1` to remove WinPcap installation
The `Install-Snort` function in `snort.ps1` is refactored to remove the installation of WinPcap. Previously, both Npcap and WinPcap were installed, but now only Npcap is downloaded and installed using the provided URL. This change ensures that Npcap is properly installed and configured for Snort to function correctly.
…o file The `Install-Snort` function in `snort.ps1` is updated to use UTF-8 encoding when writing the rules to the file. Previously, the rules were written using the default encoding, which could cause issues with certain characters. This change ensures that the rules file is properly encoded and can handle a wider range of characters. Refactor `Install-Snort` function in `snort.ps1` to use UTF-8 encoding when writing rules to file
The `snort.ps1` script is updated to replace the existing `snort.conf` file with a new version downloaded from a remote repository. This change ensures that the latest configuration file is used for Snort. If the download fails, an appropriate error message is displayed. Refactor `snort.ps1` to replace snort.conf file
The `snort.conf` file is modified to include the following output settings: - `output alert_syslog: LOG_AUTH LOG_ALERT` - `output alert_fast: snort.alert` These settings enable Snort to send alerts to the syslog with the `LOG_AUTH` facility and `LOG_ALERT` priority, as well as output alerts to the `snort.alert` file. This change enhances the logging and alerting capabilities of Snort. Refactor `snort.conf` to update output settings
The `snort.ps1` script is updated to replace the URLs for the `local.rules` and `snort.conf` files with the correct ones from the ADORSYS-GIS/wazuh-snort repository. This change ensures that the latest versions of these files are used for Snort. The previous URLs are no longer valid and needed to be updated. Refactor `snort.ps1` to update URLs for local.rules and snort.conf
The `Install-Snort` function in `snort.ps1` is updated to remove the temporary directory used during the installation process. This change ensures that the temporary files are properly cleaned up after the installation is complete. Refactor `Install-Snort` function in `snort.ps1` to remove temporary directory
The `snort.ps1` script is modified to update the log location for Snort alerts. The previous location `/var/log/snort/snort.alert.fast` is replaced with `C:\Snort\log\alert.ids`. This change ensures that the alerts are logged to the correct file path on Windows systems. Refactor `snort.ps1` to update log location for Snort alerts
The `local.rules` file in the `scripts/windows` directory is modified to update the priorities of the Snort rules. The priorities are adjusted to ensure that higher priority rules are given more attention and are more likely to trigger alerts. This change improves the effectiveness of the Snort intrusion detection system. Refactor `local.rules` to update Snort rule priorities
The `snort.conf` file is modified to enable portscan detection and ARP spoof detection. Additionally, the `arpspoof_detect_host` configuration is updated to specify the IP address and MAC address for ARP spoof detection. These changes enhance the functionality of the Snort intrusion detection system. Refactor `snort.conf` and arpspoof configuration
…ng Snort as a scheduled task
…nstead of test_install.py
…on on Windows The `pytests.yml` file is modified to include a new step for installing Snort on Windows systems. Additionally, the `test_windows.py` file is updated to include string decoding for variables, ensuring proper assertion checks. These changes enhance the test coverage for Snort installation and configuration on Windows. Refactor pytests.yml and test_windows.py for Snort installation on Windows
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request updates the GitHub Actions workflow to include support for running Snort and Wazuh tests on both Linux and Windows environments. The workflow now performs the following tasks:
Linux:
pytestandtestinfra.Windows:
scripts/snort.ps1.scripts/tests/test.ps1to verify the installation and configuration of Snort and Wazuh.