Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support empty ruleset/sca directories #2256

Merged
merged 4 commits into from
Jul 7, 2023
Merged

Support empty ruleset/sca directories #2256

merged 4 commits into from
Jul 7, 2023

Conversation

vikman90
Copy link
Member

@vikman90 vikman90 commented Jul 7, 2023

Related issue
Closes #2196

This PR is a port of #2197 by @lod. This replaces chmod on all the SCA policies available (*) with a recursive option (--recursive). This way, we avoid a "No such file or directory" error if the sca folder contains no policy files.

@vikman90 vikman90 linked an issue Jul 7, 2023 that may be closed by this pull request
Agent fails to install for Debian 12 / testing / bookworm #2196
Closed
@vikman90 vikman90 self-assigned this Jul 7, 2023
@vikman90 vikman90 requested review from DFolchA and rauldpm and removed request for DFolchA July 7, 2023 11:04
@vikman90 vikman90 mentioned this pull request Jul 7, 2023
Closed
30 tasks
@vikman90 vikman90 requested a review from DFolchA July 7, 2023 11:26
lod and others added 4 commits July 7, 2023 21:06
@jotacarma90
Copy link
Member

jotacarma90 commented Jul 7, 2023
edited
Loading

Testing

Vagrant box used: boxomatic/debian-12

Manager

Package:
https://packages-dev.wazuh.com/warehouse/test/4.4/deb/var/wazuh-manager_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb

Output:

root@debian12manager:/home/vagrant# apt install /vagrant/wazuh-manager_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-manager' instead of '/vagrant/wazuh-manager_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb'
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 0 B/171 MB of archives.
After this operation, 631 MB of additional disk space will be used.
Get:1 /vagrant/wazuh-manager_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb wazuh-manager amd64 4.4.5-2197.fix.sca.wildcard.7.7.2023 [171 MB]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "pt_BR:pt:en",
	LC_ALL = (unset),
	LANG = "es_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Selecting previously unselected package wazuh-manager.
(Reading database ... 52834 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb ...
Unpacking wazuh-manager (4.4.5-2197.fix.sca.wildcard.7.7.2023) ...
Setting up wazuh-manager (4.4.5-2197.fix.sca.wildcard.7.7.2023) ...

Agent

Package:
https://packages-dev.wazuh.com/warehouse/test/4.4/deb/var/wazuh-agent_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb

Output:

root@debian12:/home/vagrant# apt install /vagrant/wazuh-agent_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-agent' instead of '/vagrant/wazuh-agent_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb'
The following NEW packages will be installed:
  wazuh-agent
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 0 B/8920 kB of archives.
After this operation, 30.2 MB of additional disk space will be used.
Get:1 /vagrant/wazuh-agent_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb wazuh-agent amd64 4.4.5-2197.fix.sca.wildcard.7.7.2023 [8920 kB]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "pt_BR:pt:en",
	LC_ALL = (unset),
	LANG = "es_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
Selecting previously unselected package wazuh-agent.
(Reading database ... 52836 files and directories currently installed.)
Preparing to unpack .../wazuh-agent_4.4.5-2197.fix.sca.wildcard.7.7.2023_amd64.deb ...
Unpacking wazuh-agent (4.4.5-2197.fix.sca.wildcard.7.7.2023) ...
Setting up wazuh-agent (4.4.5-2197.fix.sca.wildcard.7.7.2023) ...

Checking agent logs, we can see how it connects with the manager and all the modules are running normally with the default configuration.

2023/07/07 16:40:02 wazuh-execd: INFO: Started (pid: 7024).
2023/07/07 16:40:03 wazuh-agentd: INFO: (1410): Reading authentication keys file.
2023/07/07 16:40:03 wazuh-agentd: INFO: Using notify time: 10 and max time to reconnect: 60
2023/07/07 16:40:03 wazuh-agentd: INFO: Version detected -> Linux |debian12 |6.1.0-9-amd64 |#1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) |x86_64 [Debian GNU/Linux|debian: 12 (bookworm)] - Wazuh v4.4.5
2023/07/07 16:40:03 wazuh-agentd: INFO: Started (pid: 7035).
2023/07/07 16:40:03 wazuh-agentd: INFO: Using AES as encryption method.
2023/07/07 16:40:03 wazuh-agentd: INFO: Trying to connect to server ([192.168.56.18]:1514/tcp).
2023/07/07 16:40:03 wazuh-agentd: INFO: (4102): Connected to the server ([192.168.56.18]:1514/tcp).
2023/07/07 16:40:04 wazuh-syscheckd: INFO: Started (pid: 7049).
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key'
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6000): Starting daemon...
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds
2023/07/07 16:40:04 rootcheck: INFO: Starting rootcheck scan.
2023/07/07 16:40:04 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started.
2023/07/07 16:40:05 wazuh-logcollector: INFO: Monitoring output of command(360): df -P
2023/07/07 16:40:05 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
2023/07/07 16:40:05 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20
2023/07/07 16:40:05 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'.
2023/07/07 16:40:05 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/dpkg.log'.
2023/07/07 16:40:05 wazuh-logcollector: INFO: Started (pid: 7067).
2023/07/07 16:40:05 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended.
2023/07/07 16:40:06 wazuh-modulesd: INFO: Started (pid: 7120).
2023/07/07 16:40:06 sca: INFO: Module started.
2023/07/07 16:40:06 sca: INFO: No policies defined. Exiting.
2023/07/07 16:40:06 wazuh-modulesd:control: INFO: Starting control thread.
2023/07/07 16:40:06 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started.
2023/07/07 16:40:06 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting...
2023/07/07 16:40:06 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...
2023/07/07 16:40:06 wazuh-modulesd:syscollector: INFO: Module started.
2023/07/07 16:40:06 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2023/07/07 16:40:06 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2023/07/07 16:40:19 rootcheck: INFO: Ending rootcheck scan.

@Dwordcito Dwordcito merged commit 87f4e7f into 4.4.5 Jul 7, 2023
4 checks passed
@Dwordcito Dwordcito deleted the 2197-fix-sca-wildcard branch July 7, 2023 20:21
@jnasselle jnasselle mentioned this pull request Jul 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnasselle jnasselle jnasselle approved these changes

@rauldpm rauldpm rauldpm approved these changes

@DFolchA DFolchA DFolchA approved these changes

Assignees

@vikman90 vikman90

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Agent fails to install for Debian 12 / testing / bookworm
7 participants
@vikman90 @jotacarma90 @jnasselle @rauldpm @DFolchA @Dwordcito @lod