Move Vulnerability Detection Template to Templates Folder #2836

mateocervilla · 2024-02-20T16:29:14Z

Related issue
wazuh/wazuh#21955

Description

This PR aims to move the Vulnerability Detection template vd_states_template.json from /var/ossec/queue/indexer/ to a templates folder located in /var/ossec/ and update its references.

Related PR for Wazuh-Wazuh: wazuh/wazuh#21985

Logs/Alerts example

root@ubuntu:/# ls /var/ossec/
active-response  agentless  api  backup  bin  etc  framework  integrations  lib  logs  queue  ruleset  stats  templates  tmp  var  wodles
root@ubuntu:/# ls /var/ossec/templates/
vd_states_template.json

Extra changes

The workflow build-rpm-packages.yml was modified in a way that it takes the wazuh build branch with the same name as the current PR. If there is no branch, then it will take the name it was using before.

This change was necessary because the test was using a branch without the changes needed by this PR.

Before: https://github.com/wazuh/wazuh-packages/actions/runs/7976772784/job/21778103562?pr=2836

Run REVISION=$( echo 21955-move-vd-template | sed 's/-/./g; s/\//./g' )
  REVISION=$( echo 21955-move-vd-template | sed 's/-/./g; s/\//./g' )
  bash generate_rpm_package.sh -b master -t manager -a x86_64 --dev -j 2 --dont-build-docker --tag 5.0 -r $REVISION
  echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV
  shell: /usr/bin/bash -e {0}
  env:
    TAG: 5.0
    VERSION: master
    CONTAINER_NAME: rpm_manager_builder_x86
+ build_target=manager
+ wazuh_branch=master
+ architecture_target=x86_64

...

Processing files: wazuh-manager-5.0.0-21955.move.vd.template.x86_64
error: Directory not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates
error: File not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates/vd_states_template.json


RPM build errors:
    Directory not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates
    File not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates/vd_states_template.json
Error: Process completed with exit code 1.

After: https://github.com/wazuh/wazuh-packages/actions/runs/7977777570/job/21781434613?pr=2836

Run if [ "X`git ls-remote --heads https://github.com/wazuh/wazuh.git ${BRANCH_NAME}`" != "X" ]; then
  if [ "X`git ls-remote --heads https://github.com/wazuh/wazuh.git ${BRANCH_NAME}`" != "X" ]; then
      W_BRANCH=${BRANCH_NAME}
  else
      W_BRANCH=4.8.0
  fi
  REVISION=$( echo 21955-move-vd-template | sed 's/-/./g; s/\//./g' )
  bash generate_rpm_package.sh -b ${W_BRANCH} -t manager -a x86_64 --dev -j 2 --dont-build-docker --tag 4.8 -r $REVISION
  echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV
  shell: /usr/bin/bash -e {0}
  env:
    BRANCH_NAME: 21955-move-vd-template
    TAG: 4.8
    VERSION: 4.8.0
    CONTAINER_NAME: rpm_manager_builder_x86
  
+ build_target=manager
+ wazuh_branch=21955-move-vd-template
+ architecture_target=x86_64

...

Processing files: wazuh-manager-4.8.0-21955.move.vd.template.x86_64
warning: File listed twice: /var/ossec/wodles/aws
warning: File listed twice: /var/ossec/wodles/aws/__init__.py
warning: File listed twice: /var/ossec/wodles/aws/aws-s3
warning: File listed twice: /var/ossec/wodles/aws/aws-s3.py
warning: File listed twice: /var/ossec/wodles/aws/aws_tools.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/__init__.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/config.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/guardduty.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/load_balancers.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/server_access.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/umbrella.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/vpcflow.py
warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/waf.py
warning: File listed twice: /var/ossec/wodles/aws/services
warning: File listed twice: /var/ossec/wodles/aws/services/__init__.py
warning: File listed twice: /var/ossec/wodles/aws/services/aws_service.py
warning: File listed twice: /var/ossec/wodles/aws/services/cloudwatchlogs.py
warning: File listed twice: /var/ossec/wodles/aws/services/inspector.py
warning: File listed twice: /var/ossec/wodles/aws/subscribers
warning: File listed twice: /var/ossec/wodles/aws/subscribers/__init__.py
warning: File listed twice: /var/ossec/wodles/aws/subscribers/s3_log_handler.py
warning: File listed twice: /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
warning: File listed twice: /var/ossec/wodles/aws/subscribers/sqs_queue.py
warning: File listed twice: /var/ossec/wodles/aws/wazuh_integration.py
warning: File listed twice: /var/ossec/wodles/azure
warning: File listed twice: /var/ossec/wodles/azure/azure-logs
warning: File listed twice: /var/ossec/wodles/azure/azure-logs.py
warning: File listed twice: /var/ossec/wodles/azure/orm.py
warning: File listed twice: /var/ossec/wodles/docker
warning: File listed twice: /var/ossec/wodles/docker/DockerListener
warning: File listed twice: /var/ossec/wodles/docker/DockerListener.py
warning: File listed twice: /var/ossec/wodles/gcloud
warning: File listed twice: /var/ossec/wodles/gcloud/buckets
warning: File listed twice: /var/ossec/wodles/gcloud/buckets/access_logs.py
warning: File listed twice: /var/ossec/wodles/gcloud/buckets/bucket.py
warning: File listed twice: /var/ossec/wodles/gcloud/exceptions.py
warning: File listed twice: /var/ossec/wodles/gcloud/gcloud
warning: File listed twice: /var/ossec/wodles/gcloud/gcloud.py
warning: File listed twice: /var/ossec/wodles/gcloud/integration.py
warning: File listed twice: /var/ossec/wodles/gcloud/pubsub
warning: File listed twice: /var/ossec/wodles/gcloud/pubsub/subscriber.py
warning: File listed twice: /var/ossec/wodles/gcloud/tools.py
Provides: wazuh-manager = 4.8.0-21955.move.vd.template wazuh-manager(x86-64) = 4.8.0-21955.move.vd.template
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh /usr/sbin/groupadd /usr/sbin/useradd
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh /usr/sbin/groupdel /usr/sbin/userdel
Requires(posttrans): /bin/sh
Conflicts: ossec-hids ossec-hids-agent wazuh-agent wazuh-local
Obsoletes: wazuh-api < 4.0.0
Checking for unpackaged file(s): /usr/local/lib/rpm/check-files /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-4.8.0-21955.move.vd.template.x86_64
Wrote: /build_wazuh/rpmbuild/SRPMS/wazuh-manager-4.8.0-21955.move.vd.template.src.rpm
Wrote: /build_wazuh/rpmbuild/RPMS/x86_64/wazuh-manager-4.8.0-21955.move.vd.template.x86_64.rpm
Executing(%clean): /bin/sh -e /usr/local/var/tmp/rpm-tmp.Vhobso
+ umask 022
+ cd /build_wazuh/rpmbuild/BUILD
+ cd wazuh-manager-4.8.0
+ rm -fr /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-4.8.0-21955.move.vd.template.x86_64
+ RPM_EC=0
++ jobs -p
+ exit 0
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
+ find /build_wazuh/rpmbuild/RPMS/x86_64 -maxdepth 3 -type f -name 'wazuh-manager-4.8.0-21955.move.vd.template*' -exec mv '{}' /var/local/wazuh ';'
Package wazuh-manager-4.8.0-21955.move.vd.template.x86_64.rpm added to /home/runner/work/wazuh-packages/wazuh-packages/rpms/output/.

Tests

Build the package in any supported platform
- Linux
Package installation

Tests for Linux RPM
- Build the package for x86_64
- Build the package for i386
- %files section is correctly updated if necessary
Tests for Linux deb
- Build the package for x86_64
- Build the package for i386
- Build the package for armhf
- Build the package for aarch64
- Package install/remove/install
- Package install/purge/install
- Check file permissions after installing the package

Move VD template

b5ab80a

mateocervilla changed the base branch from master to 4.8.0 February 20, 2024 16:29

Add possibility to build wazuh with same branch name

a1def9a

mateocervilla mentioned this pull request Feb 20, 2024

Move Vulnerability Detection Template to Templates Folder wazuh/wazuh#21985

Merged

4 tasks

mateocervilla marked this pull request as ready for review February 20, 2024 18:20

mateocervilla requested review from ncvicchi, tdrauncieal and Leoquicenoz February 20, 2024 18:20

Dwordcito linked an issue Feb 21, 2024 that may be closed by this pull request

Move Vulnerability Detection Template to Templates Folder and Update References wazuh/wazuh#21955

Closed

Dwordcito approved these changes Feb 21, 2024

View reviewed changes

Dwordcito merged commit e0c725b into 4.8.0 Feb 21, 2024
28 checks passed

Dwordcito deleted the 21955-move-vd-template branch February 21, 2024 03:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Move Vulnerability Detection Template to Templates Folder #2836

Move Vulnerability Detection Template to Templates Folder #2836

mateocervilla commented Feb 20, 2024 •

edited

Loading

Move Vulnerability Detection Template to Templates Folder #2836

Move Vulnerability Detection Template to Templates Folder #2836

Conversation

mateocervilla commented Feb 20, 2024 • edited Loading

Description

Logs/Alerts example

Extra changes

Tests

mateocervilla commented Feb 20, 2024 •

edited

Loading