feat/ci: cd build (#2)

* chore: multiplatform build

* chore: set up logic for bats script

.github/workflows/test-script.yml

@@ -3,8 +3,51 @@ name: Test install script
 on: [ push, pull_request ]
 
 jobs:
- test_script:
+ test_script_linux:
+ name: Test install script on Linux ${{ matrix.os }}, ${{ matrix.version }}
  runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ include:
+ - os: centos
+ version: latest
+ - os: centos
+ version: 8
+ - os: centos
+ version: 7
+
+ - os: opensuse
+ version: latest
+ - os: opensuse
+ version: 15
+
+ - os: ubuntu
+ version: latest
+ - os: ubuntu
+ version: jammy
+ - os: ubuntu
+ version: focal
+ - os: ubuntu
+ version: noble
+
+ - os: debian
+ version: latest
+ - os: debian
+ version: buster
+
+ - os: alpine
+ version: latest
+ - os: alpine
+ version: edge
+ - os: alpine
+ version: 3
+
+ - os: fedora
+ version: latest
+ - os: fedora
+ version: 41
+ - os: fedora
+ version: 40
  steps:
  - name: Checkout code
  uses: actions/checkout@v4
@@ -19,6 +62,9 @@ jobs:
  with:
  platforms: ${{ steps.qemu.outputs.platforms }}
 
+ - name: Pull without cache
+ run: docker pull ghcr.io/stephane-segning/bats-docker:${{ matrix.os }}-${{ matrix.version }}
+
  - name: Test script
  run: |
- docker run --rm -v "$PWD:/app" bats/bats:latest /app/scripts/tests/test-script.bats
+ docker run --rm -v "$PWD:/app" ghcr.io/stephane-segning/bats-docker:${{ matrix.os }}-${{ matrix.version }} bats /app/scripts/tests/test-script.bats

scripts/tests/README.md

@@ -6,5 +6,5 @@ The BATS framework is used to test the scripts in this project. The tests are wr
 located in the `scripts/tests` directory.
 
 ```bash
-docker run --rm -it -v "$PWD:/app" bats/bats:latest /app/scripts/tests/test-script.bats
+docker run --rm -it -v "$PWD:/app" ghcr.io/stephane-segning/bats-docker:alpine-latest bats /app/scripts/tests/test-script.bats
 ```

scripts/tests/setup.sh

@@ -0,0 +1,263 @@
+#!/usr/bin/env sh
+
+mkdir -p /var/ossec/etc
+cat <<EOF >> /var/ossec/etc/ossec.conf
+<!--
+ Wazuh - Manager - Default configuration.
+ More info at: https://documentation.wazuh.com
+ Mailing list: https://groups.google.com/forum/#!forum/wazuh
+-->
+
+<ossec_config>
+ <global>
+ <jsonout_output>yes</jsonout_output>
+ <alerts_log>yes</alerts_log>
+ <logall>no</logall>
+ <logall_json>no</logall_json>
+ <email_notification>no</email_notification>
+ <smtp_server>smtp.example.wazuh.com</smtp_server>
+ <email_from>[email protected]</email_from>
+ <email_to>[email protected]</email_to>
+ <email_maxperhour>12</email_maxperhour>
+ <email_log_source>alerts.log</email_log_source>
+ <agents_disconnection_time>10m</agents_disconnection_time>
+ <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+ </global>
+
+ <!-- Choose between plain or json format (or both) for internal logs -->
+ <logging>
+ <log_format>plain</log_format>
+ </logging>
+
+ <alerts>
+ <log_alert_level>3</log_alert_level>
+ <email_alert_level>12</email_alert_level>
+ </alerts>
+
+ <remote>
+ <connection>secure</connection>
+ <port>1514</port>
+ <protocol>tcp</protocol>
+ </remote>
+
+ <!-- Policy monitoring -->
+ <rootcheck>
+ <disabled>no</disabled>
+
+ <!-- Frequency that rootcheck is executed - every 12 hours -->
+ <frequency>43200</frequency>
+
+ <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+ <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+
+ <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+ <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
+ <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
+
+ <skip_nfs>yes</skip_nfs>
+ </rootcheck>
+
+ <wodle name="open-scap">
+ <disabled>yes</disabled>
+ <timeout>1800</timeout>
+ <interval>1d</interval>
+ <scan-on-start>yes</scan-on-start>
+
+ <content type="xccdf" path="ssg-debian-8-ds.xml">
+ <profile>xccdf_org.ssgproject.content_profile_common</profile>
+ </content>
+ <content type="oval" path="cve-debian-oval.xml"/>
+ </wodle>
+
+ <wodle name="syscollector">
+ <disabled>no</disabled>
+ <interval>1h</interval>
+ <scan_on_start>yes</scan_on_start>
+ <hardware>yes</hardware>
+ <os>yes</os>
+ <network>yes</network>
+
+ <!-- Database synchronization settings -->
+ <synchronization>
+ <max_eps>10</max_eps>
+ </synchronization>
+ </wodle>
+
+ <!-- File integrity monitoring -->
+ <syscheck>
+ <disabled>no</disabled>
+
+ <!-- Frequency that syscheck is executed default every 12 hours -->
+ <frequency>43200</frequency>
+
+ <scan_on_start>yes</scan_on_start>
+
+ <!-- Generate alert when new file detected -->
+ <alert_new_files>yes</alert_new_files>
+
+ <!-- Don't ignore files that change more than 3 times -->
+ <auto_ignore>no</auto_ignore>
+
+ <!-- Directories to check (perform all possible verifications) -->
+ <directories>/etc,/usr/bin,/usr/sbin</directories>
+ <directories>/bin,/sbin,/boot</directories>
+
+ <!-- Files/directories to ignore -->
+ <ignore>/etc/mtab</ignore>
+ <ignore>/etc/hosts.deny</ignore>
+ <ignore>/etc/mail/statistics</ignore>
+ <ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
+ <ignore>/etc/adjtime</ignore>
+ <ignore>/etc/httpd/logs</ignore>
+ <ignore>/etc/utmpx</ignore>
+ <ignore>/etc/wtmpx</ignore>
+ <ignore>/etc/cups/certs</ignore>
+ <ignore>/etc/dumpdates</ignore>
+ <ignore>/etc/svc/volatile</ignore>
+ <ignore>/sys/kernel/security</ignore>
+ <ignore>/sys/kernel/debug</ignore>
+
+ <!-- File types to ignore -->
+ <ignore type="sregex">.log$|.swp$</ignore>
+
+ <!-- Check the file, but never compute the diff -->
+ <nodiff>/etc/ssl/private.key</nodiff>
+
+ <skip_nfs>yes</skip_nfs>
+ <skip_dev>yes</skip_dev>
+ <skip_proc>yes</skip_proc>
+ <skip_sys>yes</skip_sys>
+
+ <!-- Nice value for Syscheck process -->
+ <process_priority>10</process_priority>
+
+ <!-- Maximum output throughput -->
+ <max_eps>50</max_eps>
+
+ <!-- Database synchronization settings -->
+ <synchronization>
+ <enabled>yes</enabled>
+ <interval>5m</interval>
+ <max_eps>10</max_eps>
+ </synchronization>
+ </syscheck>
+
+ <!-- Active response -->
+ <global>
+ <white_list>127.0.0.1</white_list>
+ <white_list>^localhost.localdomain$</white_list>
+ <white_list>10.0.0.2</white_list>
+ </global>
+
+ <command>
+ <name>disable-account</name>
+ <executable>disable-account</executable>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>restart-wazuh</name>
+ <executable>restart-wazuh</executable>
+ </command>
+
+ <command>
+ <name>firewall-drop</name>
+ <executable>firewall-drop</executable>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>host-deny</name>
+ <executable>host-deny</executable>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>route-null</name>
+ <executable>route-null</executable>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>win_route-null</name>
+ <executable>route-null.exe</executable>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <!--
+ <active-response>
+ active-response options here
+ </active-response>
+ -->
+
+ <!-- Log analysis -->
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/ossec/logs/active-responses.log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/messages</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/auth.log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/syslog</location>
+ </localfile>
+
+ <localfile>
+ <log_format>command</log_format>
+ <command>df -P</command>
+ <frequency>360</frequency>
+ </localfile>
+
+ <localfile>
+ <log_format>full_command</log_format>
+ <command>netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort</command>
+ <frequency>360</frequency>
+ </localfile>
+
+ <localfile>
+ <log_format>full_command</log_format>
+ <command>last -n 5</command>
+ <frequency>360</frequency>
+ </localfile>
+
+ <ruleset>
+ <!-- Default ruleset -->
+ <decoder_dir>ruleset/decoders</decoder_dir>
+ <rule_dir>ruleset/rules</rule_dir>
+ <rule_exclude>0215-policy_rules.xml</rule_exclude>
+ <list>etc/lists/audit-keys</list>
+
+ <!-- User-defined ruleset -->
+ <decoder_dir>etc/decoders</decoder_dir>
+ <rule_dir>etc/rules</rule_dir>
+ </ruleset>
+
+ <!-- Configuration for wazuh-authd
+ To enable this service, run:
+ wazuh-control enable auth
+ -->
+ <auth>
+ <disabled>no</disabled>
+ <port>1515</port>
+ <use_source_ip>no</use_source_ip>
+ <purge>yes</purge>
+ <use_password>no</use_password>
+ <!-- <ssl_agent_ca></ssl_agent_ca> -->
+ <ssl_verify_host>no</ssl_verify_host>
+ <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+ <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+ <ssl_auto_negotiate>no</ssl_auto_negotiate>
+ </auth>
+
+</ossec_config>
+EOF

scripts/tests/test-script.bats

@@ -1,27 +1,6 @@
 #!/usr/bin/env bats
 
-WAZUH_MANAGER="10.0.0.2"
-
-if [ "$(uname -o)" = "GNU/Linux" ] && command -v groupadd >/dev/null 2>&1; then
- OSSEC_CONF_PATH="/var/ossec/etc/ossec.conf"
- apt-get update && apt-get install -y curl gnupg2
- curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import
- chmod 644 /usr/share/keyrings/wazuh.gpg
- echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
- apt-get update
- apt-get install wazuh-agent -y
- sed -i "s|MANAGER_IP|$WAZUH_MANAGER|g" /var/ossec/etc/ossec.conf
-elif [ "$(which apk)" = "/sbin/apk" ]; then
- OSSEC_CONF_PATH="/Library/Ossec/etc/ossec.conf"
- wget -O /etc/apk/keys/[email protected] https://packages.wazuh.com/key/alpine-devel%40wazuh.com-633d7457.rsa.pub
- echo "https://packages.wazuh.com/4.x/alpine/v3.12/main" >> /etc/apk/repositories
- apk update
- apk add wazuh-agent
- sed -i "s|MANAGER_IP|$WAZUH_MANAGER|g" /var/ossec/etc/ossec.conf
-else
- log ERROR "Unsupported OS for creating user."
- exit 1
-fi
+sh /app/scripts/tests/setup.sh
 
 chmod +x /app/scripts/install.sh