From fc71f270b27bf387ae6580bc5b52f89e471efb97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Fern=C3=A1ndez?= <pylott@gmail.com>
Date: Fri, 16 Feb 2024 18:25:35 +0100
Subject: [PATCH] Added new utils functions unit tests

---
 src/utils.rs                          | 32 +++++++++++++++++++++++++++
 test/unit/config/linux/audit_rule.yml | 28 +++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 test/unit/config/linux/audit_rule.yml

diff --git a/src/utils.rs b/src/utils.rs
index bdc954b..72ccdc7 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -274,6 +274,7 @@ pub fn run_auditctl(args: &[&str]) {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::config::Config;
 
     #[test]
     fn test_pop() {
@@ -425,4 +426,35 @@ mod tests {
         }
     }
 
+    // ------------------------------------------------------------------------
+
+    #[cfg(target_os = "linux")]
+    #[test]
+    fn test_get_audit_rule_permissions() {
+        let config = Config::new(&get_os(), Some("test/unit/config/linux/audit_rule.yml"));
+        assert_eq!(get_audit_rule_permissions(config.audit[0]["rule"].as_str()), "rwax");
+    }
+
+    // ------------------------------------------------------------------------
+
+    #[cfg(target_os = "linux")]
+    #[test]
+    fn test_run_auditctl() {
+        let config = Config::new(&get_os(), Some("test/unit/config/linux/audit_rule.yml"));
+        let path = config.audit[0]["path"].as_str().unwrap();
+        let rule = config.audit[0]["rule"].as_str().unwrap();
+        run_auditctl(&["-w", path, "-k", "fim", "-p", rule]);
+
+        match Command::new("/usr/sbin/auditctl")
+        .args(["-l", "-k", "fim"])
+        .output()
+        {
+            Ok(data) => assert_eq!(String::from_utf8(data.stdout).unwrap(), "-w /tmp -p rwxa -k fim\n"),
+            Err(e) => {
+                println!("{:?}", e);
+                assert!(true)
+            }
+        };
+    }
+
 }
\ No newline at end of file
diff --git a/test/unit/config/linux/audit_rule.yml b/test/unit/config/linux/audit_rule.yml
new file mode 100644
index 0000000..e7d8f8b
--- /dev/null
+++ b/test/unit/config/linux/audit_rule.yml
@@ -0,0 +1,28 @@
+node: "FIM"
+
+# Events configuration, where to store produced events
+events:
+  destination: file
+  file: /var/lib/fim/events.json
+
+# Audit extended files and folders information
+audit:
+  - path: /tmp
+    labels: ["tmp", "linux"]
+    ignore: [".swp"]
+    allowed: [".txt", ".rs"]
+    rule: "rwax"
+
+# Simple files and folders information
+monitor:
+  - path: /bin/
+  - path: /usr/bin/
+    labels: ["usr/bin", "linux"]
+  - path: /etc
+    labels: ["etc", "linux"]
+
+# App procedure and errors logging
+log:
+  file: /var/log/fim/fim.log
+  # Available levels [debug, info, error, warning]
+  level: info
\ No newline at end of file