wazuh-qa icon indicating copy to clipboard operation
wazuh-qa copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Prevent agents using the same key from connecting at the same time

Open Nicogp opened this issue 3 years ago • 2 comments

Description:

This issue is associated with https://github.com/wazuh/wazuh/issues/10172. Main goal of this test is reject same key configuration agent. When manager receive same key configuration from a new connection, and that agent has a different socket number, the new connection is rejected.

Category:

System test

Environment requirements:

  • 1 Manager.
  • 2 Agents.

Warning:

  • This feature applies only to TCP protocol configuration.

General configuration:

  • Deploy a manager and 2 agents.
  • Copy the client.keys file (/var/ossec/etc/client.keys) from any agent, and paste it into the second agent.

Expected behavior:

  • One agent will keep connected, second agent will be rejected with message log "Agent key already in use: agent ID {id}". Log example: 2022/01/19 19:52:11 wazuh-remoted: WARNING: Agent key already in use: agent ID '007'
  • If autoenrollment capability is enable, the manager will assign a new client.keys configuration to second agent.
  • If autoenrollment capability is disable, second agent will never connect to manager, until first agent close the connection.

DoD

  • [ ] Python codebase satisfies PEP-8 style style guide. pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.
  • [ ] QA-Docs executed from branch 1864-qa-docs-fixes
  • [ ] Prove that the tests fail when they have to
  • [ ] Prove that the tests pass when they have to
  • [ ] 3 local executions (Generate the report)
  • [ ] 3 Jenkins executions (Link the job in Jenkins)

Nicogp avatar Jan 19 '22 20:01 Nicogp

update 2/11/2022

In order to develop this test two principal test cases are necessary: 0- Provisioning environment: One manager and 2 agents with only agent1 connected.

Case 1 0- Deactivate autoenrrolment. 1- Copy Agent 1 key 2- Paste Agent 1 key in the Agent2 client.keys file (/var/ossec/etc/client.keys)
3- Connect Agent 2

Expected Result: agent will be rejected with message log "Agent key already in use: agent ID {id}". Log example: 2022/01/19 19:52:11 wazuh-remoted: WARNING: Agent key already in use: agent ID '007'

Case 2 0- Autoenrrolment active by default. 1- Copy Agent 1 key 2- Paste Agent 1 key in the Agent2 client.keys file (/var/ossec/etc/client.keys)
3- Connect Agent 2

Expected Result: the manager will assign a new client.keys configuration to the second agent.

danisan90 avatar Feb 11 '22 12:02 danisan90

Working branch: 2456-test-prevent-same-key-config

mauromalara avatar Feb 21 '22 15:02 mauromalara