diff --git a/verifier.py b/verifier.py index bd33d20d1d6f93e6232f32326e6255d528c15a28..624a1bc1dc1a19084af8c15c7184044ff711030a 100644 --- a/verifier.py +++ b/verifier.py @@ -3,6 +3,7 @@ from evidence import Evidence, simple_evidence from random import randint from sys import maxsize from datetime import datetime +import pprint wc = WazuhClient('192.168.33.10', 55000, 'wazuh-wui', 'wazuh-wui') @@ -99,6 +100,7 @@ def check_virus_total_integration(wc): return evidence # Check last Syscheck & Rootcheck scan times +# When producing 'real' evidence, make sure to provide differentiation between Syscheck and Rootcheck outputs. def check_last_scan_time(wc, agent_id): body = wc.req('GET', 'syscheck/' + agent_id + '/last_scan') @@ -113,3 +115,33 @@ def check_last_scan_time(wc, agent_id): evidence2 = simple_evidence(get_id('05.4'), get_timestamp(), measurement_result, body) return evidence1, evidence2 + +# Check if ClamAV daemon package installed +def check_clamd_install(wc, agent_id): + body = wc.req('GET', 'syscollector/' + agent_id + '/packages') + + measurement_result = 'false' + + for package in body['data']['affected_items']: + if package['name'] == 'clamd': + measurement_result = 'true' + break + + evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body) + + return evidence + +# Check if ClamAV daemon process running +def check_clamd_process(wc, agent_id): + body = wc.req('GET', 'syscollector/' + agent_id + '/processes') + + measurement_result = 'false' + + for package in body['data']['affected_items']: + if package['name'] == 'clamd': + measurement_result = 'true' + break + + evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body) + + return evidence