add tests
This commit is contained in:
alteredCoder
parent
eb0fb243a3
commit
699dcb2c0f
4 changed files with 66 additions and 0 deletions
|
|
@ -313,6 +313,19 @@ Disable given information push to the central API.`,
|
|||
}
|
||||
cmdLabel.AddCommand(cmdLabelStatus)
|
||||
|
||||
var detectAll bool
|
||||
cmdLabelDetect := &cobra.Command{
|
||||
Use: "status",
|
||||
Short: "List label to send with alerts",
|
||||
DisableAutoGenTag: true,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
// load all parsers
|
||||
//
|
||||
},
|
||||
}
|
||||
cmdLabelAdd.Flags().BoolVarP(&detectAll, "all", "a", false, "Detect evt field for all installed parser")
|
||||
cmdLabel.AddCommand(cmdLabelDetect)
|
||||
|
||||
var keysToDelete []string
|
||||
var valuesToDelete []string
|
||||
cmdLabelDelete := &cobra.Command{
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ config_paths:
|
|||
notification_dir: /etc/crowdsec/notifications/
|
||||
plugin_dir: /usr/local/lib/crowdsec/plugins/
|
||||
crowdsec_service:
|
||||
console_labels_path: /etc/crowdsec/console/labels.yaml
|
||||
acquisition_path: /etc/crowdsec/acquis.yaml
|
||||
parser_routines: 1
|
||||
cscli:
|
||||
|
|
|
|||
49
tests/bats/81_alerts-context.bats
Normal file
49
tests/bats/81_alerts-context.bats
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
#!/usr/bin/env bats
|
||||
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
|
||||
|
||||
set -u
|
||||
|
||||
fake_log() {
|
||||
for _ in $(seq 1 6); do
|
||||
echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424'
|
||||
done
|
||||
}
|
||||
|
||||
setup_file() {
|
||||
load "../lib/setup_file.sh"
|
||||
# we reset config and data, but run the daemon only in the tests that need it
|
||||
./instance-data load
|
||||
}
|
||||
|
||||
teardown_file() {
|
||||
load "../lib/teardown_file.sh"
|
||||
}
|
||||
|
||||
setup() {
|
||||
load "../lib/setup.sh"
|
||||
}
|
||||
|
||||
teardown() {
|
||||
./instance-crowdsec stop
|
||||
}
|
||||
|
||||
#----------
|
||||
|
||||
@test "$FILE 1.1.1.172 has context" {
|
||||
skip
|
||||
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
|
||||
touch "${tmpfile}"
|
||||
ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
|
||||
echo -e "---\nfilename: $tmpfile\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
|
||||
|
||||
CONTEXT_YAML=$(config_yq '.crowdsec_service.console_labels_path')
|
||||
echo -e "---\ntarget_user:\n- evt.Parsed.sshd_invalid_user\nsource_ip:\n- evt.Parsed.sshd_client_ip" >>"${CONTEXT_YAML}"
|
||||
|
||||
./instance-crowdsec start
|
||||
sleep 2
|
||||
fake_log >>"${tmpfile}"
|
||||
sleep 2
|
||||
rm -f -- "${tmpfile}"
|
||||
run cscli alerts list
|
||||
echo $output >&3
|
||||
}
|
||||
|
|
@ -53,6 +53,8 @@ config_generate() {
|
|||
../config/online_api_credentials.yaml \
|
||||
"${CONFIG_DIR}/"
|
||||
|
||||
cp ../config/labels.yaml "${CONFIG_DIR}/console/"
|
||||
|
||||
cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \
|
||||
"${CONFIG_DIR}/notifications/"
|
||||
|
||||
|
|
@ -84,6 +86,7 @@ make_init_data() {
|
|||
mkdir -p "${CONFIG_DIR}/notifications"
|
||||
mkdir -p "${CONFIG_DIR}/hub"
|
||||
mkdir -p "${CONFIG_DIR}/patterns"
|
||||
mkdir -p "${CONFIG_DIR}/console"
|
||||
cp -ax "../config/patterns" "${CONFIG_DIR}/"
|
||||
config_generate
|
||||
# XXX errors from instance-db should be reported...
|
||||
|
|
|
|||
Loading…
Reference in a new issue