-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure <indexer> config is present in ossec.conf after upgrade via rpm #2711
Ensure <indexer> config is present in ossec.conf after upgrade via rpm #2711
Conversation
6f361e0
to
9ceb882
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Good work @jftuduri (and @kevin-mcm).
Tested with the dev-20952-handle-old-vd-config
wazuh/wazuh branch, where the old VD configuration is handled.
- OS info:
# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
- Package generation:
% ./generate_rpm_package.sh -b dev-20952-handle-old-vd-config -t manager -a x86_64 -j 8 --packages-branch dev-2706-fix-rpm-upgrade-config-failure
- Upgrade:
# rpm --upgrade ./wazuh-manager-4.8.0-1.x86_64.rpm
warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew
- Wazuh log after upgrade:
# cat /var/ossec/logs/ossec.log | grep "vulnerability"
2023/12/22 12:03:56 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 12:04:06 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 12:04:06 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2023/12/22 12:04:06 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module is disabled
- Restart with VD enabled:
# cat /var/ossec/logs/ossec.log | grep "vulnerability"
2023/12/22 12:08:43 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2023/12/22 12:08:48 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 12:08:59 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 12:08:59 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2023/12/22 12:09:11 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager'
2023/12/22 12:09:11 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Test
Environment
> cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.8"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:8:8:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"
wazuh-manager 4.7
> /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.1"
WAZUH_REVISION="40709"
WAZUH_TYPE="server"
Upgrade to v4.8
> rpm --upgrade ./wazuh-manager-4.8.0-1.x86_64.rpm
warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew
> /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40801"
WAZUH_TYPE="server"
> cat /var/ossec/logs/ossec.log | grep "vulnerability"
2023/12/22 18:01:41 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 18:01:47 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 18:01:47 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2023/12/22 18:01:47 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module is disabled
# Restart with VD enabled
> cat /var/ossec/logs/ossec.log | grep "vulnerability"
2023/12/22 18:04:28 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2023/12/22 18:04:31 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 18:04:36 wazuh-modulesd: WARNING: vulnerability-detector configuration is deprecated. Use vulnerability-detection instead.
2023/12/22 18:04:36 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2023/12/22 18:04:36 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager'
2023/12/22 18:04:36 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM !
8317813
into
dev-14153-vulndet-refactor
Description
This PR modifies the
rpm
generation script to ensure that after an upgrade the ossec.conf file contains the Indexer configuration section.If the existing
ossec.conf
does not have an Indexer configuration section then the default Indexer configuration is appended at the end ofossec.conf
as part of a new<ossec_conf>
block.If the existing
ossec.conf
does have an Indexer configuration then no changes are done to theossec.conf
.Results
Package generation
The package has been generated by running
Fresh install
Fresh v4.8 ossec.conf
Upgrade from v4.7 to v4.8
Manager 4.7 installation
4.7 ossec.conf
Note
The error shown is related to the presence of the
<vulnerability-detector>
. This will be fixed on a different issue.ossec.conf after upgrade, indexer config correctly appended
Note
After manually removing the config block the manager starts correctly.