Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed DNS validation in the Installation Assistant #2381

Merged
merged 1 commit into from
Aug 25, 2023
Merged

Fixed DNS validation in the Installation Assistant #2381

merged 1 commit into from
Aug 25, 2023

Conversation

davidcr01
Copy link
Contributor

Related issue
#2350

Description

The aim of this PR is to improve the regex to validate the DNS specified in the Wazuh cert tool, also used by the Installation Assistant.
Besides, a new improvement has been added to check the private IPs only if they are IPs.

Logs example

Using valid DNS

config.yml:

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: www.google.es
    #- name: node-2
    #  ip: <indexer-node-ip>
    #- name: node-3d
    #  ip: <indexer-node-ip>

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: foo.bar1.com

Output:

24/08/2023 09:40:13 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
.....+...+..................+.....+.........+.+.....................+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+....+..+...+......+....+..+....+...+..+...+.+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+.......+...+..+.......+.....+.......+........+.......+...+..+...+.+.....+.+........+...+...+............+....+...+..+.+...+..+.........+..........+...+.....+......+...................+..+................+..+.+..+....+...+..+.+..................+.........+..+...+.+....................+.+...........+...+.+...+.....+.+......+.....+.+.....+.......+...+..+..........+...+...+.....+....+...+.....+.........+......+....+.........+.........+.....+.+...........+.........+.......+.......................+.........+............................+.....+...+.......+..+.+.....+.+.....+..................+.......+...+..+......+...+....+..+......+.............+.........+........+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+...+....+...........+....+......+..+............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+............+...+.....+.........+...+.+.........+...........+....+...........+.+........+...+...+....+...+........+....+......+..+.......+...+..............+.........+.+......+.....+.......+..................+..+.+.....+......+.+............+......+..+.......+......+..+....+...........+...+.........+...+....+...+...+..+.+......+.....+.+..+..................+...+.+......+...+.....+...................+.....+.......+......+..+.+..+....+......+..............+...+..........+...+..+............+.+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = node-1
24/08/2023 09:40:13 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
........+..+..........+..+.+..+....+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.....+......+.+..+.......+...+.....+.......+........+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+...+..+..........+........+............+..........+..+.+......+...+.....+.+.....+....+.....+...+...+..............................+.+...........+....+......+..............+.+...+.........+...........+....+...+..+......+......+...+.+......+.........+......+.....+.+........+..........+.........+..+.+..+.+.........+............+...+...+...+......+..............+.+..............+.+......+..+..........+..+.+........+......+.+..+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.......+..+.........+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+......+.....................+.+............+.....+...+.........+.+........+......+....+..+.............+...............+...........+.........+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+..+...+................+...+...............+.....+.......+......+...+............+.....+.......+...+.....+.......+..+.+...+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-1
Using invalid DNS

config.yml:

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: localhost

Output:

24/08/2023 09:44:00 DEBUG: Creating the Wazuh indexer certificates.
24/08/2023 09:44:00 ERROR: Invalid IP or DNS localhost

config.yml:

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: localhost.123

Output:

24/08/2023 09:44:00 DEBUG: Creating the Wazuh indexer certificates.
24/08/2023 09:44:00 ERROR: Invalid IP or DNS localhost.123
Using valid IP address

config.yml:

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: 127.0.0.1

Output:

24/08/2023 09:45:42 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
....+.........+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.........+..............+....+..+......+............+...+.......+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+...........................+.........+......+.....+......+...+...................+...+.....+...+....+...+..+..................+...+.+...+...+..+...+.......+......+......+......+..+......+......+...................+...........+.+.....+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+...+.+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+..+............+.+...+...........+....+..+.......+.....+.......+...............+.........+.....+..........+.........+..+.+.....+.........+......+...+.......+..+.+...........+......+............+.+......+......+...+.....+.........+.+.....+.+.....+......+.......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = node-1
Using invalid IP address (public)

config.yml:

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: 82.129.80.111

Output:

24/08/2023 09:47:20 INFO: --- Configuration files ---
24/08/2023 09:47:20 INFO: Generating configuration files.
24/08/2023 09:47:20 ERROR: The IP 82.129.80.111 is public.

@davidcr01 davidcr01 self-assigned this Aug 25, 2023
@davidcr01 davidcr01 linked an issue Aug 25, 2023 that may be closed by this pull request
The validation of DNS doesn't support some expected valid values in wazuh_install.sh #2350
Closed
c-bordon
c-bordon approved these changes Aug 25, 2023
View reviewed changes
Copy link
Member

@c-bordon c-bordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@teddytpc1 teddytpc1 merged commit 55cfe35 into master Aug 25, 2023
4 checks passed
@teddytpc1 teddytpc1 deleted the 2350-fix-dns-validation branch August 25, 2023 19:16
@davidcr01 davidcr01 mentioned this pull request Aug 30, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teddytpc1 teddytpc1 teddytpc1 approved these changes

@c-bordon c-bordon c-bordon approved these changes

@vcerenu vcerenu Awaiting requested review from vcerenu

Assignees

@davidcr01 davidcr01

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The validation of DNS doesn't support some expected valid values in wazuh_install.sh
3 participants
@davidcr01 @teddytpc1 @c-bordon