Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA testing - Fix wrong condition in WXS #3139

Closed
37 tasks done
DFolchA opened this issue Aug 1, 2022 · 7 comments
Closed
37 tasks done

QA testing - Fix wrong condition in WXS #3139

DFolchA opened this issue Aug 1, 2022 · 7 comments
Assignees
@CamiRomero
Labels
dev-testing
Milestone
Core PRs approval...

Comments

@DFolchA
Copy link
Contributor

DFolchA commented Aug 1, 2022
edited by CamiRomero
Loading

Target version Related issue Related PR
4.3.7 wazuh/wazuh#13928 wazuh/wazuh#14447

Description

We found an incorrect condition in the WXS file that caused the MSI installation to get stuck.

Proposed checks

  • Windows 2012R2
    • Reproduce failure on 4.3.6
    • Clean installation of the new package
    • Upgrade from 3.x with the service stopped
    • Upgrade from 4.0.x with the service stopped
    • Upgrade from 4.3.x with the service stopped
    • Upgrade from 3.x with the service started
    • Upgrade from 4.0.x with the service started
    • Upgrade from 4.3.x with the service started
  • Windows XP
    • Reproduce failure on 4.3.6
    • Clean installation of the new package
    • Upgrade from 3.x with the service stopped
    • Upgrade from 4.0.x with the service stopped
    • Upgrade from 4.3.x with the service stopped
    • Upgrade from 3.x with the service started
    • Upgrade from 4.0.x with the service started
    • Upgrade from 4.3.x with the service started
  • Windows Server 2016
    • Reproduce failure on 4.3.6
    • Clean installation of the new package
    • Upgrade from 3.x with the service stopped
    • Upgrade from 4.0.x with the service stopped
    • Upgrade from 4.3.x with the service stopped
    • Upgrade from 3.x with the service started
    • Upgrade from 4.0.x with the service started
    • Upgrade from 4.3.x with the service started
  • Windows server 2022
    • Reproduce failure on 4.3.6
    • Clean installation of the new package
    • Upgrade from 3.x with the service stopped
    • Upgrade from 4.0.x with the service stopped
    • Upgrade from 4.3.x with the service stopped
    • Upgrade from 3.x with the service started
    • Upgrade from 4.0.x with the service started
    • Upgrade from 4.3.x with the service started
  • validate basic behavior of alerts

Steps to reproduce

In a Windows machine with low resources (1 core and 500 MB of memory) install wazuh agent 4.3.0 and update to 4.3.6. The installation will take a long time in the starting services step and in the end it will probably return the following error:
image

Expected results

Installation and upgrade work properly and the service remains running if it was running before the upgrade.

Configuration and considerations
@jmv74211 jmv74211 added this to the Core PRs approval - 4.3.7 milestone Aug 1, 2022
@CamiRomero CamiRomero self-assigned this Aug 1, 2022
@CamiRomero
Copy link
Contributor

CamiRomero commented Aug 1, 2022
edited by jmv74211
Loading

Review data

Tester PR commit
@CamiRomero 0ae763

Testing environment

OS OS version Deployment Image/AMI Notes
Windows Windows 2012R2 Local devopsgroup-io/windows_server-2012r2-standard-amd64-nocm
Windows Windows XP Local dvgamerr/win-xp-sp3
Windows Windows Server 2016 Local mwrock/Windows2016
Windows Windows Server 2022 Local gusztavvargadr/windows-server-2022-standard

Tested packages

wazuh-manager wazuh-agent
- 4.3.7

Status

  • In progress
  • Pending Review
  • Team leader approved
  • Manager approved

@CamiRomero
Copy link
Contributor

CamiRomero commented Aug 1, 2022
edited
Loading

Windows 2012R2

Reproduce the failure - Upgrade from 4.3.0 to 4.3.6 🔴 (error reproduced)

  1. Dowload Wazuh agent:

    Wazuh Agent 4.3.0

  2. Install Wazuh Agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.6 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Clean installation of the new package 🟢
  1. Dowload Wazuh agent:
    4.3.7
  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to installl the Wazuh agent:
    imagen
Upgrade from 3.x with the service stopped 🟢

  1. Download Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.0.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:
    imagen

Upgrade from 4.3.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:
    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:
    imagen

Upgrade from 3.x with the service started 🟢

  1. Dowload Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.0.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.3.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

@CamiRomero
Copy link
Contributor

CamiRomero commented Aug 2, 2022
edited
Loading

Windows XP

Reproduce the failure - Upgrade from 4.3.0 to 4.3.6 🔴 (error reproduced)

  1. Dowload Wazuh agent:

    Wazuh Agent 4.3.0

  2. Install Wazuh Agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.6 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Clean installation of the new package 🟢

  1. Dowload Wazuh agent:
    4.3.7

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to installl the Wazuh agent:

    imagen

Upgrade from 3.x with the service stopped 🟢

  1. Download Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.0.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.3.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 3.x with the service started 🟢

  1. Dowload Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.0.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.3.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

@CamiRomero
Copy link
Contributor

CamiRomero commented Aug 2, 2022
edited
Loading

Windows Server 2016

Reproduce the failure - Upgrade from 4.3.0 to 4.3.6 🔴 (error reproduced)

  1. Dowload Wazuh agent:

    Wazuh Agent 4.3.0

  2. Install Wazuh Agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.6 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Clean installation of the new package 🟢

  1. Dowload Wazuh agent:
    4.3.7

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to installl the Wazuh agent:

    imagen

Upgrade from 3.x with the service stopped 🟢

  1. Download Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.0.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.3.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 3.x with the service started 🟢

  1. Dowload Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.0.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.3.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:
    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

@CamiRomero
Copy link
Contributor

CamiRomero commented Aug 2, 2022
edited
Loading

Windows Server 2022

Reproduce the failure - Upgrade from 4.3.0 to 4.3.6 🔴 (error reproduced)

  1. Dowload Wazuh agent:

    Wazuh Agent 4.3.0

  2. Install Wazuh Agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.6 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Clean installation of the new package 🟢

  1. Dowload Wazuh agent:
    4.3.7

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to installl the Wazuh agent:

    imagen

Upgrade from 3.x with the service stopped 🟢

  1. Download Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.0.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 4.3.x with the service stopped 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Stop Wazuh Agent using the GUI installer:

    imagen

  4. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

  5. Start the Wazuh Agent using the GUI installer:

    imagen

Upgrade from 3.x with the service started 🟢

  1. Dowload Wazuh agent:
    3.13.4

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.0.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.0.0

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

Upgrade from 4.3.x with the service started 🟢

  1. Dowload Wazuh agent:
    4.3.6

  2. Install and register Wazuh agent using the GUI installer. Open the installer and follow the instructions to install the Wazuh agent:

    imagen

  3. Download Wazuh 4.3.7 and upgrade agent using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:

    imagen

@CamiRomero
Copy link
Contributor

validate basic behavior of alerts

Clean installation of the new package 🟢

  1. Edit osec.conf on Wazuh Agent:

    <directories realtime="yes">C:\testingFolder</directories>

  2. Create the folder to monitor

  3. Restart the Wazuh Agent in order to apply changes

    imagen

  4. Check in the logs of Wazuh Agent that the folder is being monitored:

    2022/08/03 12:06:58 wazuh-agent: INFO: (6003): Monitoring path: 'c:\testingfolder', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | realtime'.

  5. Create a file inside the monitored folder and review the manager's logs:

    ** Alert 1653676363.784639: - ossec,syscheck,syscheck_entry_added,syscheck_file,pci_dss_11.5,gpg13_4.11,gdpr_II_5.1.f,hipaa_164.312.c.1,hipaa_164.312.c.2,nist_800_53_SI.7,tsc_PI1.4,tsc_PI1.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,
2022 May 27 18:32:43 (WIN-A1B99BSBJF0) any->syscheck
Rule: 554 (level 5) -> 'File added to the system.'
File 'c:\testingfolder\testfile.txt' added
Mode: realtime

Attributes:
 - Size: 0
 - Permissions: SYSTEM (allowed): DELETE|READ_CONTROL|WRITE_DAC|WRITE_OWNER|SYNCHRONIZE|READ_DATA|WRITE_DATA|APPEND_DATA|READ_EA|WRITE_EA|EXECUTE|READ_ATTRIBUTES|WRITE_ATTRIBUTES, Administrators (allowed): DELETE|READ_CONTROL|WRITE_DAC|WRITE_OWNER|SYNCHRONIZE|READ_DATA|WRITE_DATA|APPEND_DATA|READ_EA|WRITE_EA|EXECUTE|READ_ATTRIBUTES|WRITE_ATTRIBUTES, Users (allowed): READ_CONTROL|SYNCHRONIZE|READ_DATA|READ_EA|EXECUTE|READ_ATTRIBUTES
 - Date: Wed Aug  3 12:01:05 2022
 - Inode: 0
 - User: Administrators (S-1-5-32-544)
 - MD5: d41d8cd98f00b204e9800998ecf8427e
 - SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
 - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 - File attributes: ARCHIVE

@jmv74211
Copy link
Contributor

jmv74211 commented Aug 3, 2022

🟢 Everything seems to be working properly

@jmv74211 jmv74211 closed this as completed Aug 3, 2022
@jmv74211 jmv74211 mentioned this issue Aug 3, 2022
Merged
28 tasks
@damarisg damarisg mentioned this issue Jul 25, 2023
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CamiRomero CamiRomero

Labels
dev-testing
Projects
None yet
Milestone
Core PRs approval - 4.3.7
Development

No branches or pull requests
3 participants
@DFolchA @jmv74211 @CamiRomero