src/wazuh_modules/vulnerability_scanner/testtool/versionMatcher/README.md
This test tool is utilized for validating the versions of the matches in the VD module. It extracts matches from the ossec.log file and then compares them with the expected matches. The expected matches are determined by the results of the official tools rpmdev-vercpm for RPM packages and dpkg for deb packages.
To utilize this test tool, Docker must be installed on your machine. If Docker is not yet installed, you can download it from the official website.
Before using this test tool, ensure that a Reports folder exists and create it if it doesn't. The Reports folder should contain all matches present in the ossec.log file for different agents. You can use the following command to extract all matches from the ossec.log file for a specific agent named $AGENT_NAME and save them to a log file in the Reports folder:
$ grep "DEBUG: Match found.*Agent '$AGENT_NAME'" /var/ossec/logs/ossec.log >> PATH/TO/REPORT/FOLDER/$AGENT_NAME.log
Replace PATH/TO/REPORT/FOLDER with the actual path to the Reports folder. After extracting the matches, copy the log file to the Reports folder and then run the Docker containers. The validation process is executed automatically once the container starts.
[!NOTE] Run this tool with all logs of the same type, i.e., all logs should be either RPM or DPKG. Mixing logs could lead to inaccurate results.
Once Docker is installed and the corresponding Docker images are generated (Hint: You can find the corresponding command to build the image in each Dockerfile), you can initiate the validation process by running the following command:
docker run --rm -v PATH/TO/REPORT/FOLDER:/usr/local/bin/version_verifier/Reports version_verifier_xxx