Run Snort and Wazuh Tests Using PowerShell and Testinfra

.github/workflows/snort-tests.yml

@@ -0,0 +1,70 @@
+name: Run Snort tests
+
+on: [push, pull_request]
+
+jobs:
+  run-tests:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest]  # Operating systems
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    # Linux-specific steps
+    - name: Set up Python (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.9'
+
+    - name: Install dependencies (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y curl gnupg2 iproute2
+        pip install pytest pytest-testinfra
+
+    - name: Install wazuh-agent (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
+        echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list
+        sudo apt-get update
+        sudo apt-get install -y wazuh-agent
+
+    - name: Run Snort install script (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        sudo bash scripts/install.sh
+
+    # Windows-specific steps
+    - name: Install Wazuh agent (Windows)
+      if: matrix.os == 'windows-latest'
+      run: |
+        Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.9.0-1.msi -OutFile $env:TEMP\wazuh-agent.msi
+        msiexec.exe /i $env:TEMP\wazuh-agent.msi /qn WAZUH_MANAGER='10.0.0.1' WAZUH_AGENT_NAME='test'
+
+    - name: Install Snort (Windows)
+      if: matrix.os == 'windows-latest'
+      run: |
+        Start-Process -FilePath "powershell.exe" -ArgumentList "-File $env:GITHUB_WORKSPACE/scripts/snort.ps1" -Verb RunAs -Wait
+
+    # Running tests
+    - name: Run tests (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        sudo $(which pytest) -vv scripts/tests/test_linux.py
+
+    - name: List files (Windows)
+      if: matrix.os == 'windows-latest'
+      run: |
+        dir $env:GITHUB_WORKSPACE\scripts
+
+    - name: Run tests (Windows)
+      if: matrix.os == 'windows-latest'
+      run: |
+        pwsh -ExecutionPolicy Bypass -File $env:GITHUB_WORKSPACE/scripts/tests/test.ps1

README.md

@@ -1,4 +1,4 @@
-[![Build Snort3 Docker Multi Arch](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/snort-build.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/snort-build.yml)[![Build and Package Snort 3](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/package-snort.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/package-snort.yml)[![Run Pytest](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/pytests.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/pytests.yml)
+[![Build Snort3 Docker Multi Arch](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/snort-build.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/snort-build.yml)[![Build and Package Snort 3](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/package-snort.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/package-snort.yml)[![Run Snort-tests](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/pytests.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-snort/actions/workflows/pytests.yml)
 
 # Wazuh Snort 
 This repository contains several resources for installing and configuring Snort, as well as its integration with Wazuh. Here is a detailed description of each item:
@@ -25,7 +25,7 @@ This repository contains several resources for installing and configuring Snort,
 - `README.md`: This file provides general information about the project.
 - `rules`: This folder contains the rules for configuring Snort.
 - `scripts`: This folder contains a script for installing and configuring Snort on Linux and MacOS. It also includes a README with instructions for building and packaging Snort 3 using GitHub Actions.
-- `scripts/tests`: Additionally, for details on testing with Pytest, see [scripts/tests/README.md](scripts/tests/README.md)
+- `scripts/tests`: Additionally, for details on testing with Pytest and Powershell, see **[scripts/tests/README.md](scripts/tests/README.md)**
 
 ## Getting Started
 ### Prerequisites
@@ -34,10 +34,7 @@ This repository contains several resources for installing and configuring Snort,
 ### Installation
 Install using this command:
    ```bash
-   curl -SL --progress-bar https://raw.githubusercontent.com/ADORSYS-GIS/wazuh-snort/main/scripts/install.sh -o install.sh
-chmod +x install.sh
-sudo ./install.sh
-
+   sudo curl -SL https://raw.githubusercontent.com/ADORSYS-GIS/wazuh-snort/main/scripts/install.sh | bash
    ```
 
 ## Description

scripts/tests/README.md

@@ -1,15 +1,14 @@
-# Run Pytest
-
-This repository features a GitHub Actions workflow that automatically executes Pytest tests for your project. The workflow performs several tasks: it checks out your code, sets up the environment, installs required dependencies, and runs tests to verify that Snort and Wazuh are properly configured.
+# Run Snort Tests Using PowerShell and Testinfra
 
+This repository features a GitHub Actions workflow that automatically executes tests for your project. The workflow performs several tasks: it checks out your code, sets up the environment, installs required dependencies, and runs tests to verify that Snort and Wazuh are properly configured on both Linux and Windows.
 
 ## Testing
 
-The tests use `pytest` and `testinfra` to verify system configuration. Here’s a summary of the tests:
+The tests use `pytest`, `testinfra`, and PowerShell to verify system configuration. Here’s a summary of the tests:
 
 ### Dependencies Installation
 
-- **`install_dependencies` fixture**: Installs necessary dependencies based on the operating system (Ubuntu/Debian or Alpine). If the OS is not supported, the test fails.
+- **`install_dependencies` fixture**: Installs necessary dependencies based on the operating system (Ubuntu/Debian or Windows). If the OS is not supported, the test fails.
 
 ### Snort Installation
 
@@ -26,33 +25,59 @@ The tests use `pytest` and `testinfra` to verify system configuration. Here’s
 To ensure the GitHub Actions workflow runs properly, you need to have:
 
 - Python 3.9 or the version specified in the `setup-python` action.
-- A script located at `scripts/install.sh` for installing Snort.
-- The `testinfra` Python package for running system checks.
+- For Linux:
+  - A script located at `scripts/install.sh` for installing Snort.
+- For Windows:
+  - A PowerShell script located at `scripts/snort.ps1` for installing and configuring Snort and Wazuh agent.
+  - A PowerShell test script located at `scripts/tests/test.ps1` for running tests.
 
 ### Running Tests Locally
 
 To run the tests locally, follow these steps:
 
-1. Install the required Python packages:
+1. **Install the required Python packages:**
    ```bash
    pip install pytest pytest-testinfra
    ```
 
-2. Ensure that all system dependencies are installed. the wazuh agent should be already installed:
+2. **Ensure that all system dependencies are installed and wazuh-agent have to be installed already:**
    ```bash
    sudo apt-get update
    sudo apt-get install -y curl gnupg2 iproute2
    ```
 
-3. Run the tests:
-   ```bash
-   pytest -vv scripts/tests/test_install.py
-   ```
+3. **For Windows:**
+   - Ensure you have PowerShell installed and configured.
+   - Run the following commands:
+     ```powershell
+     # Install required packages
+     pip install pytest pytest-testinfra
+
+     # Run the Snort and Wazuh installation and configuration script
+     .\scripts\snort.ps1
+
+     # Run the tests
+     .\scripts\tests\test.ps1
+     ```
+
+4. **For Linux:**
+   - Run the tests with:
+     ```bash
+     pytest -vv scripts/tests/test_install.py
+     ```
+
+### PowerShell Test Script
+
+The `scripts/tests/test.ps1` PowerShell script includes various tests to ensure that Snort and Wazuh are correctly installed and configured. Here’s an overview of what the script does:
+
+- **Initialize a list to store test results**.
+- **Define a function `Run-Test`** to run each test and log the results.
+- **Define test scripts** to check the existence of Snort and Wazuh files, verify configurations, and check environment variables.
+- **Run all defined tests** and output the results.
+
+
+
 
-## Contributing
 
-If you’d like to contribute to this project, please follow the standard GitHub flow: fork the repository, create a feature branch, commit your changes, and submit a pull request.
 
-## License
 
-This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more details.

scripts/tests/test.ps1

@@ -0,0 +1,94 @@
+# Initialize a list to store test results
+$testResults = @()
+
+# Function to run a test and log the result
+function Run-Test {
+    param (
+        [string]$TestName,
+        [scriptblock]$TestScript
+    )
+
+    try {
+        & $TestScript
+        $testResults += [pscustomobject]@{ TestName = $TestName; Status = "Passed" }
+    } catch {
+        $testResults += [pscustomobject]@{ TestName = $TestName; Status = "Failed"; Error = $_.Exception.Message }
+    }
+}
+
+# Define the test scripts
+$tests = @{
+    "SnortInstalled" = { 
+        if (Test-Path "C:\Snort\bin\snort.exe") { 
+            Write-Host "Snort is installed." 
+        } else { 
+            throw "Snort is not installed." 
+        }
+    }
+    "NpcapInstalled" = { 
+        if (Test-Path "C:\Program Files\Npcap") { 
+            Write-Host "Npcap is installed." 
+        } else { 
+            throw "Npcap is not installed." 
+        }
+    }
+    "RulesDirectoryExists" = { 
+        if (Test-Path "C:\Snort\rules") { 
+            Write-Host "Rules directory exists." 
+        } else { 
+            throw "Rules directory does not exist." 
+        }
+    }
+    "LocalRulesFileExists" = { 
+        if (Test-Path "C:\Snort\rules\local.rules") { 
+            Write-Host "Local rules file exists." 
+        } else { 
+            throw "Local rules file does not exist." 
+        }
+    }
+    "SnortConfFileExists" = { 
+        if (Test-Path "C:\Snort\etc\snort.conf") { 
+            Write-Host "Snort configuration file exists." 
+        } else { 
+            throw "Snort configuration file does not exist." 
+        }
+    }
+    "OssecConfFileExists" = { 
+        if (Test-Path "C:\Program Files\Wazuh\ossec.conf") { 
+            Write-Host "OSSEC configuration file exists." 
+        } else { 
+            throw "OSSEC configuration file does not exist." 
+        }
+    }
+    "SnortConfigInOssecConf" = { 
+        if (Select-String -Path "C:\Program Files\Wazuh\ossec.conf" -Pattern "snort") { 
+            Write-Host "Snort is configured in OSSEC configuration." 
+        } else { 
+            throw "Snort is not configured in OSSEC configuration." 
+        }
+    }
+    "EnvironmentVariables" = { 
+        if ([System.Environment]::GetEnvironmentVariable("SNORT_PATH") -ne $null) { 
+            Write-Host "SNORT_PATH environment variable is set." 
+        } else { 
+            throw "SNORT_PATH environment variable is not set." 
+        }
+    }
+    "ScheduledTaskRegistered" = { 
+        $task = Get-ScheduledTask | Where-Object { $_.TaskName -eq "SnortTask" }
+        if ($task) { 
+            Write-Host "Scheduled task is registered." 
+        } else { 
+            throw "Scheduled task is not registered." 
+        }
+    }
+}
+
+# Run all tests
+foreach ($test in $tests.GetEnumerator()) {
+    Run-Test -TestName $test.Key -TestScript $test.Value
+}
+
+# Output the test results
+Write-Host "Test Results:"
+$testResults | Format-Table -AutoSize

scripts/windows/local.rules

@@ -0,0 +1,27 @@
+# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
+#
+# This file contains (i) proprietary rules that were created, tested and certified by
+# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT
+# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
+# Sourcefire and other third parties (the "GPL Rules") that are distributed under the
+# GNU General Public License (GPL), v2.
+#
+# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created
+# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
+# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by
+# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a
+# list of third party owners and their respective copyrights.
+#
+# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer
+# to the VRT Certified Rules License Agreement (v2.0).
+#
+#-------------
+# LOCAL RULES
+#-------------
+alert icmp any any -> any any (msg:"ICMP connection attempt:"; sid:1000010; rev:1; priority:3;)
+alert icmp any any -> 8.8.8.8 any (msg:"Pinging..."; sid:1000004; priority:3;)
+alert tcp any any -> any 6667 (msg:"IRC protocol traffic"; sid:1000005; priority:3;)
+alert tcp any 6667 -> any any (msg:"C&C Server sent netinfo command"; content:"!netinfo"; sid:1000006; priority:4;)
+alert tcp any 6667 -> any any (msg:"C&C Server sent sysinfo command"; content:"!sysinfo"; sid:1000007; priority:5;)
+alert tcp any 6667 -> any any (msg:"C&C Server sent port scan command"; content:"!scan"; sid:1000008; priority:3;)
+alert tcp any 6667 -> any any (msg:"C&C Server sent download command"; content:"!download"; sid:1000009; priority:7;)