Thanks I found the link earlier on. I have read through the document but I am not sure how to do the tests (using Ubuntu 14.04 LTS). I have downloaded the OSSEC version that we are using (2.8.2): wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.2.tar.gz
I have unpacked the tarball, moved the ossec-testing directory that was in the tarball to /var/ossec/contrib, and then changed my working directory to that directory. I have started the tests by executing as root: python runtests.py I looked in /var/ossec/alerts/alerts.log, but I did not see the alerts going off there. Also, in my ossec-testing/tests directory I can only see two test files: named.ini sshd.ini Should there not be more? As in as many as the number of rules files. I am just not sure how to run the runtests.py and have more .ini test files and have the alerts showing in /var/ossec/logs/alerts/alerts.log. Cheers, Tahir On Tuesday, 24 May 2016 16:47:12 UTC+1, dan (ddpbsd) wrote: > > On Tue, May 24, 2016 at 11:33 AM, Tahir Hafiz <[email protected] > <javascript:>> wrote: > > Hi Dan, > > > > Is there any documentation as to how to set-up and run the tests? > > Where can I find said documentation? > > > > > https://ossec.github.io/docs/development/build/test-rules.html?highlight=runtests > > > > Cheers, > > Tahir > > > > > > On Tuesday, 24 May 2016 13:55:58 UTC+1, dan (ddpbsd) wrote: > >> > >> On Tue, May 24, 2016 at 5:50 AM, Tahir Hafiz <[email protected]> > wrote: > >> > Dear All, > >> > > >> > Is there a test suite available which can be used to test a fully > >> > functioning OSSEC server/client installation? > >> > I am looking to test the rule sets systematically, I know I can > modify a > >> > system file and it will alert etc, but I am looking for a more > automated > >> > test suite and methods across the rule sets. > >> > > >> > >> In the source tarball, there is contrib/ossec-testing. The > >> run-tests.py file uses the information in tests/*.ini to check rules. > >> It'll require some setup, and plenty of log samples. There aren't a > >> lot of tests in there currently, but I try to keep it updated when I > >> see interesting log samples. > >> It's not perfect, but it can help find some issues. > >> > >> > Thank you, > >> > Tahir > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
