diff --git a/CHANGELOG.md b/CHANGELOG.md index ddabba4f4b..127db6d830 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to the Wazuh app project will be documented in this file. ### Changed - Added toast with refresh button when new fields are loaded [#2974](https://github.com/wazuh/wazuh-kibana-app/pull/2974) +- Migrated manager and cluster files endpoints and their corresponding RBAC [#2984](https://github.com/wazuh/wazuh-kibana-app/pull/2984) ### Fixed diff --git a/common/api-info/endpoints.json b/common/api-info/endpoints.json index 3c19437152..567b362de4 100644 --- a/common/api-info/endpoints.json +++ b/common/api-info/endpoints.json @@ -906,7 +906,7 @@ { "name": "/cluster/:node_id/configuration", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_configuration_node", - "description": "Return wazuh configuration used in node {node_id}", + "description": "Return wazuh configuration used in node {node_id}. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get node config", "tags": [ "Cluster" @@ -939,6 +939,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "section", "description": "Indicates the wazuh configuration section", @@ -1085,53 +1093,6 @@ } ] }, - { - "name": "/cluster/:node_id/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_files_node", - "description": "Return file contents from any file in the specified node", - "summary": "Get node file content", - "tags": [ - "Cluster" - ], - "args": [ - { - "name": ":node_id", - "description": "Cluster node name", - "required": true, - "schema": { - "type": "string", - "format": "names" - } - } - ], - "query": [ - { - "name": "path", - "description": "Filepath to return file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "get_files_path" - } - }, - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false - } - } - ] - }, { "name": "/cluster/:node_id/info", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_info_node", @@ -2098,21 +2059,21 @@ ] }, { - "name": "/decoders/files/:filename/download", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_download_file", - "description": "Download an specified decoder file", - "summary": "Download decoder", + "name": "/decoders/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_file", + "description": "Get the content of a specified decoder file", + "summary": "Get decoders file content", "tags": [ "Decoders" ], "args": [ { "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", "required": true, - "description": "Filename to download", "schema": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\w\\-]+\\.xml$" } } ], @@ -2125,6 +2086,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "wait_for_complete", "description": "Disable timeout response", @@ -4151,7 +4120,7 @@ "name": "/lists", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_lists", "description": "Return the contents of all CDB lists. Optionally, the result can be filtered by several criteria. See available parameters for more details", - "summary": "Get CDB lists", + "summary": "Get CDB lists info", "tags": [ "Lists" ], @@ -4324,6 +4293,52 @@ } ] }, + { + "name": "/lists/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_file", + "description": "Return the content of a CDB list file. Only the filename can be specified. It will be searched recursively if not found", + "summary": "Get CDB list file content", + "tags": [ + "Lists" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (CDB list) to get/edit/delete.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\-\\w]+$" + } + } + ], + "query": [ + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, { "name": "/manager/api/config", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_api_config", @@ -4354,7 +4369,7 @@ { "name": "/manager/configuration", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_configuration", - "description": "Return wazuh configuration used", + "description": "Return wazuh configuration used. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get configuration", "tags": [ "Manager" @@ -4376,6 +4391,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "section", "description": "Indicates the wazuh configuration section", @@ -4540,42 +4563,6 @@ } ] }, - { - "name": "/manager/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_files", - "description": "Return file contents from any file", - "summary": "Get file content", - "tags": [ - "Manager" - ], - "query": [ - { - "name": "path", - "description": "Filepath to return file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "get_files_path" - } - }, - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false - } - } - ] - }, { "name": "/manager/info", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_info", @@ -5435,12 +5422,12 @@ "query": [ { "name": "filename", - "description": "Filter by filename", + "description": "Filter by filename of one or more rule or decoder files.", "schema": { "type": "array", "items": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\w\\-]+\\.xml(,[\\w\\-]+\\.xml)*$" } } }, @@ -5521,21 +5508,21 @@ ] }, { - "name": "/rules/files/:filename/download", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_download_file", - "description": "Download an specified rule file", - "summary": "Download rule", + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_file", + "description": "Get the content of a specified rule in the ruleset", + "summary": "Get rules file content", "tags": [ "Rules" ], "args": [ { "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", "required": true, - "description": "Filename to download", "schema": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\w\\-]+\\.xml$" } } ], @@ -5548,6 +5535,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "wait_for_complete", "description": "Disable timeout response", @@ -6169,9 +6164,8 @@ "agent:id", "group:id", "node:id", - "file:path", "decoder:file", - "list:path", + "list:file", "rule:file", "policy:id", "role:id", @@ -8496,10 +8490,10 @@ ] }, { - "name": "/cluster/:node_id/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_files_node", - "description": "Replace file contents with the data contained in the API request for the specified node", - "summary": "Update node file content", + "name": "/cluster/:node_id/configuration", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.update_configuration", + "description": "Replace wazuh configuration for the given node with the data contained in the API request", + "summary": "Update node configuration", "tags": [ "Cluster" ], @@ -8515,23 +8509,6 @@ } ], "query": [ - { - "name": "overwrite", - "description": "If set to false, an exception will be raised when updating contents of an already existing filename", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "path", - "description": "Filepath to upload/edit file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "edit_files_path" - } - }, { "name": "pretty", "description": "Show results in human-readable format", @@ -8587,6 +8564,52 @@ } ] }, + { + "name": "/decoders/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.put_file", + "description": "Upload or replace a user decoder file content", + "summary": "Update decoders file", + "tags": [ + "Decoders" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" + } + } + ], + "query": [ + { + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, { "name": "/groups/:group_id/configuration", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_group_config", @@ -8626,6 +8649,52 @@ } ] }, + { + "name": "/lists/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.put_file", + "description": "Replace or upload a CDB list file with the data contained in the API request", + "summary": "Update CDB list file", + "tags": [ + "Lists" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (CDB list) to get/edit/delete.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\-\\w]+$" + } + } + ], + "query": [ + { + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, { "name": "/logtest", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.run_logtest_tool", @@ -8682,31 +8751,14 @@ ] }, { - "name": "/manager/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.put_files", - "description": "Replace file contents with the data contained in the API request", - "summary": "Update file content", + "name": "/manager/configuration", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.update_configuration", + "description": "Replace Wazuh configuration with the data contained in the API request", + "summary": "Update Wazuh configuration", "tags": [ "Manager" ], "query": [ - { - "name": "overwrite", - "description": "If set to false, an exception will be raised when updating contents of an already existing filename", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "path", - "description": "Filepath to upload/edit file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "edit_files_path" - } - }, { "name": "pretty", "description": "Show results in human-readable format", @@ -8792,6 +8844,52 @@ } ] }, + { + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.put_file", + "description": "Upload or replace a user ruleset file content", + "summary": "Update rules file", + "tags": [ + "Rules" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" + } + } + ], + "query": [ + { + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, { "name": "/security/config", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.put_security_config", @@ -9967,34 +10065,25 @@ ] }, { - "name": "/cluster/:node_id/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.delete_files_node", - "description": "Delete a file in the specified node", - "summary": "Delete node file", + "name": "/decoders/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.delete_file", + "description": "Delete a specified decoder file", + "summary": "Delete decoders file", "tags": [ - "Cluster" + "Decoders" ], "args": [ { - "name": ":node_id", - "description": "Cluster node name", + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", "required": true, "schema": { "type": "string", - "format": "names" + "pattern": "^[\\w\\-]+\\.xml$" } } ], "query": [ - { - "name": "path", - "description": "Filepath to delete file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "delete_files_path" - } - }, { "name": "pretty", "description": "Show results in human-readable format", @@ -10096,21 +10185,21 @@ ] }, { - "name": "/logtest/sessions/:token", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.end_logtest_session", - "description": "Delete the saved logtest session corresponding to {token}", - "summary": "End session", + "name": "/lists/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.delete_file", + "description": "Delete a specified CDB list file. Only the filename can be specified. It will be searched recursively if not found", + "summary": "Delete CDB list file", "tags": [ - "Logtest" + "Lists" ], "args": [ { - "name": ":token", - "description": "Token of the logtest saved session", + "name": ":filename", + "description": "Filename (CDB list) to get/edit/delete.", "required": true, "schema": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\-\\w]+$" } } ], @@ -10134,23 +10223,25 @@ ] }, { - "name": "/manager/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.delete_files", - "description": "Delete a specified file", - "summary": "Delete file", + "name": "/logtest/sessions/:token", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.end_logtest_session", + "description": "Delete the saved logtest session corresponding to {token}", + "summary": "End session", "tags": [ - "Manager" + "Logtest" ], - "query": [ + "args": [ { - "name": "path", - "description": "Filepath to delete file. (Relative to wazuh installation folder)", + "name": ":token", + "description": "Token of the logtest saved session", "required": true, "schema": { "type": "string", - "format": "delete_files_path" + "format": "alphanumeric" } - }, + } + ], + "query": [ { "name": "pretty", "description": "Show results in human-readable format", @@ -10209,6 +10300,44 @@ } ] }, + { + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.delete_file", + "description": "Delete a specified rule file", + "summary": "Delete rules file", + "tags": [ + "Rules" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" + } + } + ], + "query": [ + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, { "name": "/security/config", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.delete_security_config", diff --git a/common/api-info/security-actions.json b/common/api-info/security-actions.json index ace4925bd8..01ba5c04aa 100644 --- a/common/api-info/security-actions.json +++ b/common/api-info/security-actions.json @@ -1,17 +1,15 @@ { "active-response:command": { - "description": "Execute active response commands in the agents", + "description": "Allow to execute active response commands in the agents", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ "active-response:command" ], "resources": [ - "agent:id:001", - "agent:group:atlantic" + "agent:id:001" ], "effect": "allow" }, @@ -20,18 +18,16 @@ ] }, "agent:delete": { - "description": "Delete agents", + "description": "Delete system's agents", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ "agent:delete" ], "resources": [ - "agent:id:010", - "agent:group:pacific" + "agent:id:010" ], "effect": "allow" }, @@ -40,10 +36,9 @@ ] }, "agent:read": { - "description": "Access agents information (id, name, group, last keep alive, etc)", + "description": "Access to one or more agents basic information (id, name, group, last keep alive, etc)", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -89,18 +84,16 @@ ] }, "agent:modify_group": { - "description": "Change the group of agents", + "description": "Change the group of specified agent", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ "agent:modify_group" ], "resources": [ - "agent:id:004", - "agent:group:us-east" + "agent:id:*" ], "effect": "allow" }, @@ -114,7 +107,7 @@ ] }, "group:modify_assignments": { - "description": "Change the agents assigned to the group", + "description": "Allow to change the agents assigned to the group", "resources": [ "group:id" ], @@ -137,10 +130,9 @@ ] }, "agent:restart": { - "description": "Restart agents", + "description": "Restart Wazuh for allowed agents", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -160,29 +152,27 @@ ] }, "agent:upgrade": { - "description": "Upgrade the version of the agents", + "description": "Upgrade the version of an agent", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ "agent:upgrade" ], "resources": [ - "agent:id:001", - "agent:group:mediterranean" + "agent:id:*" ], "effect": "allow" }, "related_endpoints": [ - "PUT /agents/upgrade", - "PUT /agents/upgrade_custom", - "GET /agents/upgrade_result" + "PUT /agents/{agent_id}/upgrade", + "PUT /agents/{agent_id}/upgrade_custom", + "GET /agents/{agent_id}/upgrade_result" ] }, "group:delete": { - "description": "Delete agent groups", + "description": "Delete system's groups", "resources": [ "group:id" ], @@ -200,9 +190,9 @@ ] }, "group:read": { - "description": "Access agent groups information (id, name, agents, etc)", + "description": "Access to one or more groups basic information (id, name, agents, etc)", "resources": [ - "*:*" + "group:id" ], "example": { "actions": [ @@ -224,7 +214,7 @@ ] }, "group:create": { - "description": "Create new agent groups", + "description": "Create new groups", "resources": [ "*:*" ], @@ -242,7 +232,7 @@ ] }, "group:update_config": { - "description": "Change the configuration of agent groups", + "description": "Change group's configuration", "resources": [ "group:id" ], @@ -260,7 +250,7 @@ ] }, "cluster:read": { - "description": "Read Wazuh's cluster nodes configuration", + "description": "Read Wazuh's cluster configuration", "resources": [ "node:id" ], @@ -290,19 +280,16 @@ "GET /cluster/{node_id}/stats/remoted", "GET /cluster/{node_id}/logs", "GET /cluster/{node_id}/logs/summary", - "GET /cluster/{node_id}/files", - "PUT /cluster/{node_id}/files", - "DELETE /cluster/{node_id}/files", + "PUT /cluster/{node_id}/configuration", "PUT /cluster/restart", "GET /cluster/configuration/validation", "GET /cluster/{node_id}/configuration/{component}/{configuration}" ] }, "ciscat:read": { - "description": "Access CIS-CAT results for agents", + "description": "Get CIS-CAT results for a list of agents", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -310,8 +297,7 @@ ], "resources": [ "agent:id:001", - "agent:id:003", - "agent:group:default" + "agent:id:003" ], "effect": "deny" }, @@ -321,7 +307,7 @@ ] }, "cluster:status": { - "description": "Check Wazuh's cluster general status", + "description": "Check Wazuh's cluster status", "resources": [ "*:*" ], @@ -339,7 +325,7 @@ ] }, "cluster:read_api_config": { - "description": "Check Wazuh's cluster nodes API configuration", + "description": "Check Wazuh's cluster API configuration", "resources": [ "*:*" ], @@ -357,55 +343,34 @@ "GET /cluster/api/config" ] }, - "cluster:read_file": { - "description": "Read Wazuh's cluster nodes files", + "cluster:update_api_config": { + "description": "Modify Wazuh's cluster API configuration", "resources": [ - "node:id", - "file:path" + "*:*" ], "example": { "actions": [ - "cluster:read_file" + "cluster:update_api_config" ], "resources": [ "node:id:worker1", - "file:path:etc/rules/new-rules.xml" + "node:id:worker3" ], "effect": "allow" }, "related_endpoints": [ - "GET /cluster/{node_id}/files" - ] - }, - "cluster:delete_file": { - "description": "Delete Wazuh's cluster nodes files", - "resources": [ - "node:id", - "file:path" - ], - "example": { - "actions": [ - "cluster:delete_file" - ], - "resources": [ - "node:id:worker1", - "file:path:etc/rules/new-rules.xml" - ], - "effect": "deny" - }, - "related_endpoints": [ - "PUT /cluster/{node_id}/files", - "DELETE /cluster/{node_id}/files" + "PUT /cluster/api/config", + "DELETE /cluster/api/config" ] }, - "cluster:upload_file": { - "description": "Upload files to Wazuh's cluster nodes", + "cluster:update_config": { + "description": "Update configuration of Wazuh's cluster node", "resources": [ "node:id" ], "example": { "actions": [ - "cluster:upload_file" + "cluster:update_config" ], "resources": [ "node:id:worker1" @@ -413,7 +378,7 @@ "effect": "allow" }, "related_endpoints": [ - "PUT /cluster/{node_id}/files" + "PUT /cluster/{node_id}/configuration" ] }, "cluster:restart": { @@ -435,16 +400,16 @@ ] }, "lists:read": { - "description": "Read cdb lists files", + "description": "Read lists files", "resources": [ - "list:path" + "list:file" ], "example": { "actions": [ "lists:read" ], "resources": [ - "list:path:etc/lists/audit-keys" + "list:file:audit-keys" ], "effect": "deny" }, @@ -453,23 +418,41 @@ "GET /lists/files" ] }, - "logtest:run": { - "description": "Run logtest tool or end a logtest session", + "lists:update": { + "description": "Update lists files", "resources": [ + "list:file", "*:*" ], "example": { "actions": [ - "logtest:run" + "lists:update" ], "resources": [ - "*:*:*" + "list:file:audit-keys" ], - "effect": "allow" + "effect": "deny" }, - "related_endpoints": [ - "PUT /logtest", - "DELETE /logtest/sessions/{token}" + "related_endpoints": [ + "PUT /lists/files" + ] + }, + "lists:delete": { + "description": "Delete lists files", + "resources": [ + "list:file" + ], + "example": { + "actions": [ + "lists:delete" + ], + "resources": [ + "list:file:audit-keys" + ], + "effect": "deny" + }, + "related_endpoints": [ + "DELETE /lists/files" ] }, "manager:read": { @@ -497,77 +480,56 @@ "GET /manager/stats/remoted", "GET /manager/logs", "GET /manager/logs/summary", - "GET /manager/files", - "PUT /manager/files", - "DELETE /manager/files", + "PUT /manager/configuration", "PUT /manager/restart", "GET /manager/configuration/validation", "GET /manager/configuration/{component}/{configuration}" ] - }, - "manager:read_file": { - "description": "Read Wazuh manager files", + }, + "manager:update_config": { + "description": "Update the configuration of Wazuh manager node", "resources": [ - "file:path" - ], - "example": { - "actions": [ - "manager:read_file" - ], - "resources": [ - "file:path:etc/rules/new-rules.xml" - ], - "effect": "allow" - }, - "related_endpoints": [ - "GET /manager/files" - ] - }, - "manager:delete_file": { - "description": "Delete Wazuh manager files", - "resources": [ - "file:path" + "*:*" ], "example": { "actions": [ - "manager:delete_file" + "manager:update_config" ], "resources": [ - "file:path:etc/rules/new-rules.xml" + "*:*:*" ], - "effect": "allow" + "effect": "deny" }, "related_endpoints": [ - "PUT /manager/files", - "DELETE /manager/files" + "PUT /manager/configuration" ] }, - "manager:upload_file": { - "description": "Upload files to Wazuh manager", + "manager:read_api_config": { + "description": "Read Wazuh manager API configuration", "resources": [ "*:*" ], "example": { "actions": [ - "manager:upload_file" + "manager:read_api_config" ], "resources": [ "*:*:*" ], - "effect": "deny" + "effect": "allow" }, "related_endpoints": [ - "PUT /manager/files" + "GET /manager/api/config" ] }, - "manager:read_api_config": { - "description": "Read Wazuh manager API configuration", + "manager:update_api_config": { + "description": "Modify Wazuh manager API configuration", "resources": [ "*:*" ], "example": { "actions": [ - "manager:read_api_config" + "manager:update_api_config" ], "resources": [ "*:*:*" @@ -575,11 +537,12 @@ "effect": "allow" }, "related_endpoints": [ - "GET /manager/api/config" + "PUT /manager/api/config", + "DELETE /manager/api/config" ] }, "manager:restart": { - "description": "Restart Wazuh managers", + "description": "Restart Wazuh manager nodes", "resources": [ "*:*" ], @@ -597,7 +560,7 @@ ] }, "mitre:read": { - "description": "Access attacks information from MITRE database", + "description": "Get attacks information from MITRE database.", "resources": [ "*:*" ], @@ -614,72 +577,55 @@ "GET /mitre" ] }, - "rootcheck:clear": { - "description": "Clear the agents rootcheck database", - "resources": [ - "agent:id", - "agent:group" - ], - "example": { - "actions": [ - "rootcheck:clear" - ], - "resources": [ - "agent:id:*" - ], - "effect": "deny" - }, - "related_endpoints": [ - "DELETE /rootcheck" - ] - }, - "rootcheck:run": { - "description": "Run agents rootcheck scan", + "rules:read": { + "description": "Read rules files", "resources": [ - "agent:id", - "agent:group" + "rule:file" ], "example": { "actions": [ - "rootcheck:run" + "rules:read" ], "resources": [ - "agent:id:*" + "rule:file:0610-win-ms_logs_rules.xml" ], "effect": "allow" }, "related_endpoints": [ - "PUT /rootcheck" + "GET /rules", + "GET /rules/groups", + "GET /rules/requirement/{requirement}", + "GET /rules/files", + "GET /rules/files/{filename}/download" ] }, - "rootcheck:read": { - "description": "Access information from agents rootcheck database", + "rules:update": { + "description": "Update rules files", "resources": [ - "agent:id", - "agent:group" + "rule:file", + "*:*" ], "example": { "actions": [ - "rootcheck:read" + "rules:update" ], "resources": [ - "agent:id:011" + "rule:file:0610-win-ms_logs_rules.xml" ], "effect": "allow" }, "related_endpoints": [ - "GET /rootcheck/{agent_id}", - "GET /rootcheck/{agent_id}/last_scan" + "PUT /rules/files" ] }, - "rules:read": { - "description": "Read rules files", + "rules:delete": { + "description": "Delete rules files", "resources": [ "rule:file" ], "example": { "actions": [ - "rules:read" + "rules:delete" ], "resources": [ "rule:file:0610-win-ms_logs_rules.xml" @@ -687,18 +633,13 @@ "effect": "allow" }, "related_endpoints": [ - "GET /rules", - "GET /rules/groups", - "GET /rules/requirement/{requirement}", - "GET /rules/files", - "GET /rules/files/{filename}/download" + "DELETE /rules/files" ] - }, + }, "sca:read": { - "description": "Access agents security configuration assessment", + "description": "Get a list of policies analyzed in the configuration assessment for a given agent", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -715,10 +656,9 @@ ] }, "syscheck:run": { - "description": "Run agents syscheck scan", + "description": "Run syscheck", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -734,18 +674,16 @@ ] }, "syscheck:read": { - "description": "Access information from agents syscheck database", + "description": "Read information from syscheck's database", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ "syscheck:read" ], "resources": [ - "agent:id:011", - "agent:group:us-west" + "agent:id:011" ], "effect": "allow" }, @@ -755,10 +693,9 @@ ] }, "syscheck:clear": { - "description": "Clear the agents syscheck database", + "description": "Clear the syscheck database for specified agents", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -795,11 +732,47 @@ "GET /decoders/parents" ] }, + "decoders:update": { + "description": "Update decoders files", + "resources": [ + "decoder:file", + "*:*" + ], + "example": { + "actions": [ + "decoders:update" + ], + "resources": [ + "decoder:file:*" + ], + "effect": "allow" + }, + "related_endpoints": [ + "PUT /decoders/files" + ] + }, + "decoders:delete": { + "description": "Delete decoders files", + "resources": [ + "decoder:file" + ], + "example": { + "actions": [ + "decoders:delete" + ], + "resources": [ + "decoder:file:*" + ], + "effect": "allow" + }, + "related_endpoints": [ + "DELETE /decoders/files" + ] + }, "syscollector:read": { - "description": "Access agents syscollector information", + "description": "Get syscollector information about a specified agents", "resources": [ - "agent:id", - "agent:group" + "agent:id" ], "example": { "actions": [ @@ -832,12 +805,11 @@ ] }, "security:read": { - "description": "Access information about system security resources", + "description": "Allow read information about system's security resources", "resources": [ "policy:id", "role:id", - "user:id", - "rule:id" + "user:id" ], "example": { "actions": [ @@ -846,43 +818,41 @@ "resources": [ "policy:id:*", "role:id:2", - "user:id:5", - "rule:id:3" + "user:id:5" ], "effect": "allow" }, "related_endpoints": [ - "GET /security/users", "GET /security/roles", - "GET /security/rules", - "GET /security/policies" + "GET /security/policies", + "GET /security/users" ] }, - "security:create_user": { - "description": "Create new system users", + "security:create": { + "description": "Create new system security resources", "resources": [ "*:*" ], "example": { "actions": [ - "security:create_user" + "security:create" ], "resources": [ "*:*:*" ], - "effect": "allow" + "effect": "deny" }, "related_endpoints": [ - "POST /security/users" + "POST /security/roles", + "POST /security/policies" ] }, "security:delete": { - "description": "Delete system security resources", + "description": "Delete system's security resources", "resources": [ "policy:id", "role:id", - "user:id", - "rule:id" + "user:id" ], "example": { "actions": [ @@ -891,28 +861,24 @@ "resources": [ "policy:id:*", "role:id:3", - "user:id:4", - "rule:id:2" + "user:id:4" ], "effect": "deny" }, "related_endpoints": [ - "DELETE /security/users", "DELETE /security/roles", - "DELETE /security/rules", "DELETE /security/policies", - "DELETE /security/users/{user_id}/roles", "DELETE /security/roles/{role_id}/policies", - "DELETE /security/roles/{role_id}/rules" + "DELETE /security/users/{user_id}/roles", + "DELETE /security/users" ] }, "security:update": { - "description": "Update the information of system security resources", + "description": "Allow update the information of system's security resources", "resources": [ "policy:id", "role:id", - "user:id", - "rule:id" + "user:id" ], "example": { "actions": [ @@ -921,43 +887,38 @@ "resources": [ "policy:id:*", "role:id:4", - "user:id:3", - "rule:id:4" + "user:id:3" ], "effect": "deny" }, "related_endpoints": [ - "PUT /security/users/{user_id}", "PUT /security/roles/{role_id}", - "PUT /security/rules/{rule_id}", "PUT /security/policies/{policy_id}", - "POST /security/users/{user_id}/roles", "POST /security/roles/{role_id}/policies", - "POST /security/roles/{role_id}/rules" + "POST /security/users/{user_id}/roles", + "PUT /security/users/{user_id}" ] }, - "security:create": { - "description": "Create new system security resources", + "security:create_user": { + "description": "Create new system user", "resources": [ "*:*" ], "example": { "actions": [ - "security:create" + "security:create_user" ], "resources": [ "*:*:*" ], - "effect": "deny" + "effect": "allow" }, "related_endpoints": [ - "POST /security/roles", - "POST /security/rules", - "POST /security/policies" + "POST /security/users" ] }, "security:read_config": { - "description": "Read current system security configuration", + "description": "Read current security configuration", "resources": [ "*:*" ], @@ -975,7 +936,7 @@ ] }, "security:update_config": { - "description": "Update current system security configuration", + "description": "Update current security configuration", "resources": [ "*:*" ], @@ -992,23 +953,5 @@ "PUT /security/config", "DELETE /security/config" ] - }, - "task:status": { - "description": "Access task's status information", - "resources": [ - "*:*" - ], - "example": { - "actions": [ - "task:status" - ], - "resources": [ - "*:*:*" - ], - "effect": "deny" - }, - "related_endpoints": [ - "GET /tasks/status" - ] } } \ No newline at end of file diff --git a/public/controllers/management/components/management/configuration/configuration-overview.js b/public/controllers/management/components/management/configuration/configuration-overview.js index a8c78704d0..3f57c1d4d7 100644 --- a/public/controllers/management/components/management/configuration/configuration-overview.js +++ b/public/controllers/management/components/management/configuration/configuration-overview.js @@ -121,7 +121,7 @@ class WzConfigurationOverview extends Component { diff --git a/public/controllers/management/components/management/configuration/edit-configuration/edit-configuration.js b/public/controllers/management/components/management/configuration/edit-configuration/edit-configuration.js index c3d09f3c82..e189e1d1c7 100644 --- a/public/controllers/management/components/management/configuration/edit-configuration/edit-configuration.js +++ b/public/controllers/management/components/management/configuration/edit-configuration/edit-configuration.js @@ -234,7 +234,7 @@ class WzEditConfiguration extends Component { ) : ( this.editorSave()} diff --git a/public/controllers/management/components/management/configuration/utils/wz-fetch.js b/public/controllers/management/components/management/configuration/utils/wz-fetch.js index 42afc629a8..edbc08a9f3 100644 --- a/public/controllers/management/components/management/configuration/utils/wz-fetch.js +++ b/public/controllers/management/components/management/configuration/utils/wz-fetch.js @@ -240,15 +240,16 @@ export const fetchFile = async selectedNode => { const data = await WzRequest.apiReq( 'GET', isCluster ? - `/cluster/${selectedNode}/files` : - `/manager/files`, { + `/cluster/${selectedNode}/configuration` : + `/manager/configuration`, + { params: { - path: 'etc/ossec.conf' + raw: true } } ); - let xml = ((data || {}).data || {}).contents || false; + let xml = (data || {}).data || false; if (!xml) { throw new Error('Could not fetch configuration file'); @@ -389,7 +390,7 @@ export const saveNodeConfiguration = async (node, content) => { try { const result = await WzRequest.apiReq( 'PUT', - `/cluster/${node}/files?path=etc/ossec.conf&overwrite=true`, { + `/cluster/${node}/configuration?overwrite=true`, { content, origin: 'xmleditor' } @@ -410,11 +411,7 @@ export const saveFileCluster = async (text, node) => { try { await WzRequest.apiReq( 'PUT', - `/cluster/${node}/files`, { - params: { - path: 'etc/ossec.conf', - overwrite: true - }, + `/cluster/${node}/configuration`, { body: xml.toString(), origin: 'raw' } @@ -434,11 +431,7 @@ export const saveFileManager = async text => { try { await WzRequest.apiReq( 'PUT', - `/manager/files`, { - params: { - path: 'etc/ossec.conf', - overwrite: true - }, + `/manager/configuration`, { body: xml.toString(), origin: 'raw' } diff --git a/public/controllers/management/components/management/ruleset/actions-buttons.js b/public/controllers/management/components/management/ruleset/actions-buttons.js index 87385e9370..1a6272663c 100644 --- a/public/controllers/management/components/management/ruleset/actions-buttons.js +++ b/public/controllers/management/components/management/ruleset/actions-buttons.js @@ -25,11 +25,10 @@ import { updatePageIndex, } from '../../../../../redux/actions/rulesetActions'; -import { WzRequest } from '../../../../../react-services/wz-request'; import exportCsv from '../../../../../react-services/wz-csv'; import { UploadFiles } from '../../upload-files'; import columns from './utils/columns'; -import RulesetHandler from './utils/ruleset-handler'; +import { resourceDictionary, RulesetHandler, RulesetResources } from './utils/ruleset-handler'; import { WzButtonPermissions } from '../../../../../components/common/permissions/button'; class WzRulesetActionButtons extends Component { @@ -39,14 +38,7 @@ class WzRulesetActionButtons extends Component { this.state = { generatingCsv: false }; this.exportCsv = exportCsv; - this.wzReq = WzRequest; - this.paths = { - rules: '/rules', - decoders: '/decoders', - lists: '/lists/files' - }; this.columns = columns; - this.rulesetHandler = RulesetHandler; this.refreshTimeoutId = null; } @@ -81,22 +73,15 @@ class WzRulesetActionButtons extends Component { * @param {Array} files * @param {String} path */ - async uploadFiles(files, path) { + async uploadFiles(files, resource) { try { let errors = false; let results = []; - let upload; - if (path === 'etc/rules') { - upload = this.rulesetHandler.sendRuleConfiguration; - } else if (path === 'etc/decoders') { - upload = this.rulesetHandler.sendDecoderConfiguration; - } else { - upload = this.rulesetHandler.updateCdbList; - } + const rulesetHandler = new RulesetHandler(resource); for (let idx in files) { const { file, content } = files[idx]; try { - await upload(file, content, true); // True does not overwrite the file + await rulesetHandler.updateFile(file, content, resource !== RulesetResources.LISTS); // True does not overwrite the file results.push({ index: idx, uploaded: true, @@ -163,54 +148,35 @@ class WzRulesetActionButtons extends Component { render() { const { section, showingFiles } = this.props.state; - const getPermissionsFiles = () => { - const permissions = [ + const getReadPermissionsFiles = () => { + const { permissionResource } = resourceDictionary[section]; + return [ { - action: `cluster:status`, - resource: `*:*:*`, - }, - ]; - - if (((this.props || {}).clusterStatus || {}).contextConfigServer === 'cluster') { - permissions.push( - { - action: `cluster:upload_file`, - resource: `node:id:*`, - }, - { - action: `cluster:read`, - resource: `node:id:*`, - }, - { - action: `cluster:read_file`, - resource: `node:id:*&file:path:*`, - } - ); - } else { - permissions.push( - { - action: `manager:upload_file`, - resource: `file:path:/etc/${section}`, - }, - { - action: `manager:read`, - resource: `file:path:/etc/${section}`, - }, - { - action: `manager:read_file`, - resource: `file:path:/etc/${section}`, - } - ); - } + action: `${section}:read`, + resource: permissionResource('*'), + } + ]; + }; - return permissions; + const getUpdatePermissionsFiles = () => { + const { permissionResource } = resourceDictionary[section]; + return [ + { + action: `${section}:update`, + resource: permissionResource('*'), + }, + { + action: `${section}:read`, + resource: permissionResource('*'), + } + ]; }; // Export button const exportButton = ( await this.generateCsv()} @@ -222,7 +188,7 @@ class WzRulesetActionButtons extends Component { // Add new rule button const addNewRuleButton = ( @@ -235,56 +201,13 @@ class WzRulesetActionButtons extends Component { > {`Add new ${section} file`} - ); - - const getPermissionsNewFileCDB = () => { - const permissions = [ - { - action: `cluster:status`, - resource: `*:*:*`, - }, - ]; - - if (((this.props || {}).clusterStatus || {}).contextConfigServer === 'cluster') { - permissions.push( - { - action: `cluster:upload_file`, - resource: `node:id:*`, - }, - { - action: `cluster:read`, - resource: `node:id:*`, - }, - { - action: `cluster:read_file`, - resource: `node:id:*&file:path:*`, - } - ); - } else { - permissions.push( - { - action: `manager:read_file`, - resource: `file:path:/etc/${section}`, - }, - { - action: `manager:read`, - resource: `*:*:*`, - }, - { - action: `manager:upload_file`, - resource: `file:path:/etc/${section}`, - } - ); - } - - return permissions; - }; + ); //Add new CDB list button const addNewCdbListButton = ( this.props.updateListContent({ @@ -302,7 +225,7 @@ class WzRulesetActionButtons extends Component { const manageFiles = ( await this.toggleFiles()} > @@ -320,8 +243,8 @@ class WzRulesetActionButtons extends Component { ); - const uploadFile = async (files, path) => { - await this.uploadFiles(files, path); + const uploadFile = async (files, resource) => { + await this.uploadFiles(files, resource); await this.refresh(); }; @@ -340,7 +263,7 @@ class WzRulesetActionButtons extends Component { diff --git a/public/controllers/management/components/management/ruleset/decoder-info.js b/public/controllers/management/components/management/ruleset/decoder-info.js index 3e282a0fd5..231a86478b 100644 --- a/public/controllers/management/components/management/ruleset/decoder-info.js +++ b/public/controllers/management/components/management/ruleset/decoder-info.js @@ -18,7 +18,7 @@ import { import { connect } from 'react-redux'; -import RulesetHandler from './utils/ruleset-handler'; +import { RulesetHandler } from './utils/ruleset-handler'; import { colors } from './utils/colors'; import { @@ -33,7 +33,7 @@ class WzDecoderInfo extends Component { constructor(props) { super(props); - this.rulesetHandler = RulesetHandler; + this.rulesetHandler = new RulesetHandler(RulesetResources.DECODERS); this.columns = [ { field: 'name', @@ -62,8 +62,7 @@ class WzDecoderInfo extends Component { return ( { - const noLocal = item.relative_dirname.startsWith('ruleset/'); - const result = await this.rulesetHandler.getDecoderContent(value, noLocal); + const result = await this.rulesetHandler.getFileContent(value); const file = { name: value, content: result, path: item.relative_dirname }; this.props.updateFileContent(file); } diff --git a/public/controllers/management/components/management/ruleset/list-editor.js b/public/controllers/management/components/management/ruleset/list-editor.js index c151d0ffe1..074cda2ff0 100644 --- a/public/controllers/management/components/management/ruleset/list-editor.js +++ b/public/controllers/management/components/management/ruleset/list-editor.js @@ -34,7 +34,7 @@ import { updateListContent } from '../../../../../redux/actions/rulesetActions'; -import RulesetHandler from './utils/ruleset-handler'; +import { resourceDictionary, RulesetHandler, RulesetResources } from './utils/ruleset-handler'; import { getToasts } from '../../../../../kibana-services'; @@ -58,10 +58,9 @@ class WzListEditor extends Component { newListName: '', showWarningRestart: false }; - this.tmpListName = "" this.items = {}; - this.rulesetHandler = RulesetHandler; + this.rulesetHandler = new RulesetHandler(RulesetResources.LISTS); } componentDidMount() { @@ -146,10 +145,7 @@ class WzListEditor extends Component { return; } this.setState({ isSaving: true }); - if(this.tmpListName){ - addingNew = false; - } - await this.rulesetHandler.sendCdbList(name, path, raw, overwrite, addingNew); + await this.rulesetHandler.updateFile(name, raw, overwrite); if (!addingNew) { const file = { name: name, content: raw, path: path }; this.props.updateListContent(file); @@ -220,6 +216,20 @@ class WzListEditor extends Component { }); }; + getUpdatePermissions = (name) => { + return [{ + action: `${RulesetResources.LISTS}:update`, + resource: resourceDictionary[RulesetResources.LISTS].permissionResource(name), + }]; + } + + getDeletePermissions = (name) => { + return [{ + action: `${RulesetResources.LISTS}:delete`, + resource: resourceDictionary[RulesetResources.LISTS].permissionResource(name), + }]; + } + /** * Append a key value to this.items and after that if everything works ok re-create the array for the table */ @@ -260,6 +270,7 @@ class WzListEditor extends Component { generatingCsv: false }); } + /** * Delete a item from the list @@ -316,15 +327,7 @@ class WzListEditor extends Component { const saveButton = ( this.openAddEntry()} > @@ -513,17 +506,7 @@ class WzListEditor extends Component { buttonType='icon' aria-label="Edit content" iconType="pencil" - permissions={[ - { - action: `${ - ((this.props || {}).clusterStatus || {}).contextConfigServer - }:upload_file`, - resource: - ((this.props || {}).clusterStatus || {}).contextConfigServer === 'cluster' - ? 'node:id:*' - : `file:path:${path}/${fileName}`, - }, - ]} + permissions={this.getUpdatePermissions(fileName)} tooltip={{position: 'top', content: `Edit ${item.key}`}} onClick={() => { this.setState({ @@ -537,17 +520,7 @@ class WzListEditor extends Component { buttonType='icon' aria-label="Remove content" iconType="trash" - permissions={[ - { - action: `${ - ((this.props || {}).clusterStatus || {}).contextConfigServer - }:upload_file`, - resource: - ((this.props || {}).clusterStatus || {}).contextConfigServer === 'cluster' - ? 'node:id:*' - : `file:path:${path}/${fileName}`, - }, - ]} + permissions={this.getDeletePermissions(fileName)} tooltip={{position: 'top', content: `Remove ${item.key}`}} onClick={() => this.deleteItem(item.key)} color="danger" diff --git a/public/controllers/management/components/management/ruleset/rule-info.js b/public/controllers/management/components/management/ruleset/rule-info.js index e790361a9c..ae1088c2e9 100644 --- a/public/controllers/management/components/management/ruleset/rule-info.js +++ b/public/controllers/management/components/management/ruleset/rule-info.js @@ -21,7 +21,7 @@ import { import { connect } from 'react-redux'; import { WzRequest } from '../../../../../react-services/wz-request'; -import RulesetHandler from './utils/ruleset-handler'; +import { RulesetHandler, RulesetResources } from './utils/ruleset-handler'; import { updateFileContent, @@ -54,7 +54,7 @@ class WzRuleInfo extends Component { mitreRuleId: "", mitreIds: [] }; - this.rulesetHandler = RulesetHandler; + this.rulesetHandler = new RulesetHandler(RulesetResources.RULES); this.columns = [ { field: 'id', @@ -117,11 +117,7 @@ class WzRuleInfo extends Component { { event.stopPropagation(); - const noLocal = item.relative_dirname.startsWith('ruleset/'); - const result = await this.rulesetHandler.getRuleContent( - value, - noLocal - ); + const result = await this.rulesetHandler.getFileContent(value); const file = { name: value, content: result, diff --git a/public/controllers/management/components/management/ruleset/ruleset-editor.js b/public/controllers/management/components/management/ruleset/ruleset-editor.js index d073516ec6..59065d1a1d 100644 --- a/public/controllers/management/components/management/ruleset/ruleset-editor.js +++ b/public/controllers/management/components/management/ruleset/ruleset-editor.js @@ -33,7 +33,7 @@ import { EuiPanel } from '@elastic/eui'; -import RulesetHandler from './utils/ruleset-handler'; +import { resourceDictionary, RulesetHandler, RulesetResources } from './utils/ruleset-handler'; import validateConfigAfterSent from './utils/valid-configuration'; import { getToasts } from '../../../../../kibana-services'; @@ -47,6 +47,7 @@ import 'brace/snippets/xml'; import 'brace/ext/language_tools'; import "brace/ext/searchbox"; + class WzRulesetEditor extends Component { _isMounted = false; constructor(props) { @@ -61,7 +62,7 @@ class WzRulesetEditor extends Component { enableSnippets: true, enableLiveAutocompletion: false }; - this.rulesetHandler = RulesetHandler; + this.rulesetHandler = new RulesetHandler(this.props.state.section); const { fileContent, addingRulesetFile } = this.props.state; const { name, content, path } = fileContent ? fileContent @@ -75,7 +76,7 @@ class WzRulesetEditor extends Component { content, initContent: content, name, - path, + path }; } @@ -102,12 +103,8 @@ class WzRulesetEditor extends Component { const { content } = this.state; this.setState({ isSaving: true, error: false }); - const { section } = this.props.state; - let saver = this.rulesetHandler.sendRuleConfiguration; // By default the saver is for rules - if (section === 'decoders') - saver = this.rulesetHandler.sendDecoderConfiguration; - await saver(name, content, overwrite); + await this.rulesetHandler.updateFile(name, content, overwrite); try { await validateConfigAfterSent(); } catch (error) { @@ -122,7 +119,7 @@ class WzRulesetEditor extends Component { if (this.props.state.addingRulesetFile != false) { //remove current invalid file if the file is new. - await this.rulesetHandler.deleteFile(name, this.state.path); + await this.rulesetHandler.deleteFile(name); toast.toastMessage += '\nThe new file was deleted.'; } else { //restore file to previous version @@ -199,7 +196,7 @@ class WzRulesetEditor extends Component { const xmlError = validateXML(content); const saveButton = ( { }; }; -const SectionResourceType = { - rules: 'file', - decoders: 'file', - lists: 'path' -} - export default compose( connect( mapStateToProps @@ -101,5 +96,5 @@ export default compose( { text: sectionNames[props.state.section] } ]; }), - withUserAuthorizationPrompt((props) => [{action: `${props.state.section}:read`, resource: `${props.state.section.slice(0,-1)}:${SectionResourceType[props.state.section]}:*`}]) + withUserAuthorizationPrompt((props) => [{action: `${props.state.section}:read`, resource: resourceDictionary[props.state.section].permissionResource('*')}]) )(WzRulesetOverview); diff --git a/public/controllers/management/components/management/ruleset/ruleset-table.js b/public/controllers/management/components/management/ruleset/ruleset-table.js index 6edc1b5613..c307b4d24a 100644 --- a/public/controllers/management/components/management/ruleset/ruleset-table.js +++ b/public/controllers/management/components/management/ruleset/ruleset-table.js @@ -18,7 +18,7 @@ import { } from '@elastic/eui'; import { connect } from 'react-redux'; -import RulesetHandler from './utils/ruleset-handler'; +import { RulesetHandler, RulesetResources, resourceDictionary } from './utils/ruleset-handler'; import { getToasts } from '../../../../../kibana-services'; import { @@ -60,33 +60,36 @@ class WzRulesetTable extends Component { this.extraSectionPrefixResource = { rules: 'rule:file', decoders: 'decoder:file', - lists: 'list:path', + lists: 'list:file', }; - this.rulesetHandler = RulesetHandler; + this.rulesetHandler = new RulesetHandler(this.props.state.section); } async componentDidMount() { this._isMounted = true; this.props.updateIsProcessing(true); - if (this.props.state.section === 'rules') { + if (this.props.state.section === RulesetResources.RULES) { const regex = new RegExp('redirectRule=' + '[^&]*'); const match = window.location.href.match(regex); if (match && match[0]) { this._isMounted && this.setState({ isRedirect: true }); const id = match[0].split('=')[1]; - const result = await WzRequest.apiReq('GET', `/rules`, - { + const result = await this.rulesetHandler.getResource({ params: { rule_ids: id } }); - const items = ((result.data || {}).data || {}).affected_items || []; + const items = result.affected_items || []; if (items.length) { - const info = await this.rulesetHandler.getRuleInformation( - items[0].filename, - parseInt(id) - ); - this.props.updateRuleInfo(info); + const info = await this.rulesetHandler.getResource({ + params: { + filename: items[0].filename + } + }); + if (info.data) { + Object.assign(info.data, { current: parseInt(id) }); + } + this.props.updateRuleInfo(info.data); } this._isMounted && this.setState({ isRedirect: false }); } @@ -237,37 +240,14 @@ class WzRulesetTable extends Component { const { id, name } = item; const getRequiredPermissions = (item) => { - const permissions = [ - { - action: `${((this.props || {}).clusterStatus || {}).contextConfigServer}:read_file`, - resource: `file:path:${item.relative_dirname}/${item.filename}`, - }, - { action: 'lists:read', resource: `list:path:${item.filename}` }, + const { section } = this.props.state; + const { permissionResource } = resourceDictionary[section]; + return [ { - action: `cluster:status`, - resource: `*:*:*`, - }, + action: `${section}:read`, + resource: permissionResource(item.name), + } ]; - - if (((this.props || {}).clusterStatus || {}).contextConfigServer === 'cluster') { - permissions.push( - { - action: `${((this.props || {}).clusterStatus || {}).contextConfigServer}:read`, - resource: `node:id:*`, - }, - { - action: `${((this.props || {}).clusterStatus || {}).contextConfigServer}:read_file`, - resource: `node:id:*&file:path:*`, - } - ); - } else { - permissions.push({ - action: `${((this.props || {}).clusterStatus || {}).contextConfigServer}:read`, - resource: `*:*:*`, - }); - } - - return permissions; }; return { @@ -281,30 +261,28 @@ class WzRulesetTable extends Component { if (this.isLoading) return; this.setState({ isLoading: true }); const { section } = this.props.state; - window.location.href = `${window.location.href}&redirectRule=${id}`; - if (section === 'rules') { - const result = await this.rulesetHandler.getRuleInformation( - item.filename, - id - ); - this.props.updateRuleInfo(result); - } else if (section === 'decoders') { - const result = await this.rulesetHandler.getDecoderInformation( - item.filename, - name - ); - this.props.updateDecoderInfo(result); - } else { - const result = await this.rulesetHandler.getCdbList( - `${item.relative_dirname}/${item.filename}` - ); + window.location.href = `${window.location.href}&redirectRule=${id}`; + if (section === RulesetResources.LISTS) { + const result = await this.rulesetHandler.getFileContent(item.filename); const file = { name: item.filename, content: result, path: item.relative_dirname, }; this.props.updateListContent(file); + } else { + const result = await this.rulesetHandler.getResource({ + params: { + filename: item.filename + } + }); + if (result.data) { + Object.assign(result.data, { current: id || name }); + } + if (section === RulesetResources.RULES) this.props.updateRuleInfo(result.data); + if (section === RulesetResources.DECODERS) this.props.updateDecoderInfo(result.data); } + this.setState({ isLoading: false }); } : undefined, @@ -370,7 +348,7 @@ class WzRulesetTable extends Component { async removeItems(items) { this.setState({ isLoading: true }); const results = items.map(async (item, i) => { - await this.rulesetHandler.deleteFile((item.filename) ? item.filename : item.name, item.relative_dirname); + await this.rulesetHandler.deleteFile(item.filename || item.name); }); Promise.all(results).then(completed => { diff --git a/public/controllers/management/components/management/ruleset/utils/columns.js b/public/controllers/management/components/management/ruleset/utils/columns.js index d9fbad9a4e..214b44bea4 100644 --- a/public/controllers/management/components/management/ruleset/utils/columns.js +++ b/public/controllers/management/components/management/ruleset/utils/columns.js @@ -1,13 +1,12 @@ import React from 'react'; import { EuiToolTip, EuiButtonIcon, EuiLink, EuiBadge } from '@elastic/eui'; -import RulesetHandler from './ruleset-handler'; +import { resourceDictionary, RulesetHandler, RulesetResources } from './ruleset-handler'; import exportCsv from '../../../../../../react-services/wz-csv'; import { WzButtonPermissions } from '../../../../../../components/common/permissions/button'; export default class RulesetColumns { constructor(tableProps) { - this.tableProps = tableProps; - this.rulesetHandler = RulesetHandler; + this.tableProps = tableProps; this.buildColumns = () => { this.columns = { @@ -80,12 +79,12 @@ export default class RulesetColumns { return ( { ev.stopPropagation(); - const noLocal = item.relative_dirname.startsWith('ruleset/'); - const result = await this.rulesetHandler.getRuleContent(value, noLocal); + const rulesetHandler = new RulesetHandler(RulesetResources.RULES); + const result = await rulesetHandler.getFileContent(value); const file = { name: value, content: result, path: item.relative_dirname }; this.tableProps.updateFileContent(file); }}> @@ -130,12 +129,12 @@ export default class RulesetColumns { return ( { ev.stopPropagation(); - const noLocal = item.relative_dirname.startsWith('ruleset/'); - const result = await this.rulesetHandler.getDecoderContent(value, noLocal); + const rulesetHandler = new RulesetHandler(RulesetResources.DECODERS); + const result = await rulesetHandler.getFileContent(value); const file = { name: value, content: result, path: item.relative_dirname }; this.tableProps.updateFileContent(file); }}> @@ -197,13 +196,14 @@ export default class RulesetColumns { return ( { ev.stopPropagation(); - const result = await this.rulesetHandler.getFileContent(`${item.relative_dirname}/${item.filename}`); + const rulesetHandler = new RulesetHandler(this.tableProps.state.section); + const result = await rulesetHandler.getFileContent(item.filename); const file = { name: item.filename, content: result, path: item.relative_dirname }; this.tableProps.updateFileContent(file); }} @@ -215,13 +215,14 @@ export default class RulesetColumns {
{ ev.stopPropagation(); - const result = await this.rulesetHandler.getFileContent(`${item.relative_dirname}/${item.filename}`); + const rulesetHandler = new RulesetHandler(this.tableProps.state.section); + const result = await rulesetHandler.getFileContent(item.filename); const file = { name: item.filename, content: result, path: item.relative_dirname }; this.tableProps.updateFileContent(file); }} @@ -229,8 +230,8 @@ export default class RulesetColumns { /> { @@ -248,40 +249,38 @@ export default class RulesetColumns { ] }; - const getEditButtonPermissions = (item) => { - const permissions = [ + const getReadButtonPermissions = (item) => { + const { section } = this.tableProps.state; + const { permissionResource } = resourceDictionary[section]; + return [ { - action: `${ - ((this.tableProps || {}).clusterStatus || {}).contextConfigServer - }:read_file`, - resource: `file:path:${item.relative_dirname}/${item.filename}`, + action: `${section}:read`, + resource: permissionResource(item.filename), }, - { action: 'lists:read', resource: `list:path:${item.filename}` }, + ]; + }; + + const getEditButtonPermissions = (item) => { + const { section } = this.tableProps.state; + const { permissionResource } = resourceDictionary[section]; + return [ { - action: `cluster:status`, - resource: `*:*:*`, + action: `${section}:read`, + resource: permissionResource(item.filename), }, + { action: `${section}:update`, resource: permissionResource(item.filename) }, ]; + }; - if (((this.tableProps || {}).clusterStatus || {}).contextConfigServer === 'cluster') { - permissions.push( - { - action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`, - resource: `node:id:*`, - }, - { - action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`, - resource: `node:id:*&file:path:*`, - } - ); - } else { - permissions.push({ - action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`, - resource: `*:*:*`, - }); - } - - return permissions; + const getDeleteButtonPermissions = (item) => { + const { section } = this.tableProps.state; + const { permissionResource } = resourceDictionary[section]; + return [ + { + action: `${section}:delete`, + resource: permissionResource(item.filename), + }, + ]; }; this.columns.lists[2] = @@ -300,7 +299,8 @@ export default class RulesetColumns { tooltip={{position: 'top', content: `Edit ${item.filename} content`}} onClick={async (ev) => { ev.stopPropagation(); - const result = await this.rulesetHandler.getCdbList(`${item.relative_dirname}/${item.filename}`); + const rulesetHandler = new RulesetHandler(this.tableProps.state.section); + const result = await rulesetHandler.getFileContent(item.filename); const file = { name: item.filename, content: result, path: item.relative_dirname }; this.tableProps.updateListContent(file); }} @@ -308,8 +308,8 @@ export default class RulesetColumns { /> { @@ -322,7 +322,7 @@ export default class RulesetColumns { /> `decoder:file:${value}` + }, + [RulesetResources.LISTS]: { + resourcePath: '/lists', + permissionResource: (value) => `list:file:${value}` + }, + [RulesetResources.RULES]: { + resourcePath: '/rules', + permissionResource: (value) => `rule:file:${value}` + }, +}; + +export class RulesetHandler { + resource: Resource; + constructor(_resource: Resource) { + this.resource = _resource; + } + + private getResourcePath = () => { + return `${resourceDictionary[this.resource].resourcePath}`; + }; + + private getResourceFilesPath = (fileName?: string) => { + const basePath = `${this.getResourcePath()}/files`; + return `${basePath}${ fileName? `/${fileName}`: ''}`; + }; + + /** + * Get info of any type of resource Rules, Decoders, CDB lists... + */ + async getResource(filters = {}) { + try { + const result: any = await WzRequest.apiReq('GET', this.getResourcePath(), filters); + return (result || {}).data || false ; + } catch (error) { + return Promise.reject(error); + } + } + + + /** + * Get the content of any type of file Rules, Decoders, CDB lists... + * @param {String} fileName + */ + async getFileContent(fileName) { + try { + const result: any = await WzRequest.apiReq('GET', this.getResourceFilesPath(fileName), { + params:{ + raw: true + } + }); + return ((result || {}).data || ''); + } catch (error) { + return Promise.reject(error); + } + } + + /** + * Update the content of any type of file Rules, Decoders, CDB lists... + * @param {String} fileName + * @param {String} content + * @param {Boolean} overwrite + */ + async updateFile(fileName: string, content: string, overwrite: boolean) { + try { + const result = await WzRequest.apiReq('PUT', this.getResourceFilesPath(fileName), { + params: { + overwrite: overwrite + }, + body: content.toString(), + origin: 'raw' + }); + return result; + } catch (error) { + return Promise.reject(error); + } + } + + + /** + * Delete any type of file Rules, Decoders, CDB lists... + * @param {Resource} resource + * @param {String} fileName + */ + async deleteFile(fileName: string) { + let fullPath = `${resourceDictionary[this.resource].resourcePath}/files/${fileName}`; + try { + const result = await WzRequest.apiReq('DELETE', fullPath, {}); + return result; + } catch (error) { + return Promise.reject(error); + } + } + +} diff --git a/public/controllers/management/components/upload-files.js b/public/controllers/management/components/upload-files.js index 683b50f545..ca4a14bd4c 100644 --- a/public/controllers/management/components/upload-files.js +++ b/public/controllers/management/components/upload-files.js @@ -28,6 +28,7 @@ import { import { getToasts } from '../../../kibana-services'; import { WzButtonPermissions } from '../../../components/common/permissions/button'; +import { resourceDictionary, RulesetResources } from './management/ruleset/utils/ruleset-handler'; export class UploadFiles extends Component { constructor(props) { super(props); @@ -82,7 +83,7 @@ export class UploadFiles extends Component { clearInterval(interval); if (files.length === this.state.files.length) { try { - await this.props.upload(files, this.props.path); + await this.props.upload(files, this.props.resource); this.closePopover(); this.showToast( 'success', @@ -108,7 +109,9 @@ export class UploadFiles extends Component { } }, 100); } - } catch (error) {} + } catch (error) { + console.error(error) + } } /** @@ -169,8 +172,8 @@ export class UploadFiles extends Component { * Validates the files extension */ checkValidFileExtensions() { - const path = this.props.path; - if (path.includes('etc/rules') || path.includes('etc/decoders')) { + const resource = this.props.resource; + if ([RulesetResources.RULES, RulesetResources.DECODERS].includes(resource)) { const result = Object.keys(this.state.files).filter(item => { const file = this.state.files[item].name; return file.substr(file.length - 4) !== '.xml'; @@ -249,26 +252,12 @@ export class UploadFiles extends Component { } render() { const getPermissionsImportFiles = () => { - const permissions = [ + return [ { - action: 'cluster:status', - resource: `*:*:*`, + action: `${this.props.resource}:update`, + resource: resourceDictionary[this.props.resource].permissionResource('*'), }, ]; - - if (((this.props || {}).clusterStatus || {}).contextConfigServer === 'cluster') { - permissions.push({ - action: 'cluster:upload_file', - resource: `node:id:*`, - }); - } else { - permissions.push({ - action: 'manager:upload_file', - resource: `file:path:/etc/${this.props.msg}`, - }); - } - - return permissions; }; const button = ( @@ -292,7 +281,7 @@ export class UploadFiles extends Component { >
-

{`Upload ${this.props.msg}`}

+

{`Upload ${this.props.resource}`}

 {!this.state.uploadErrors && ( @@ -300,7 +289,7 @@ export class UploadFiles extends Component { id="filePicker" multiple compressed={false} - initialPromptText={`Select or drag and drop your ${this.props.msg} files here`} + initialPromptText={`Select or drag and drop your ${this.props.resource} files here`} onChange={files => { this.onChange(files); }} @@ -367,7 +356,6 @@ export class UploadFiles extends Component { } UploadFiles.propTypes = { - msg: PropTypes.string, - path: PropTypes.string, + resource: PropTypes.string, upload: PropTypes.func }; diff --git a/public/controllers/management/management.js b/public/controllers/management/management.js index 7af40fb1f4..404b16c138 100644 --- a/public/controllers/management/management.js +++ b/public/controllers/management/management.js @@ -15,7 +15,7 @@ import { WazuhConfig } from '../../react-services/wazuh-config'; import { WzRequest } from '../../react-services/wz-request'; import { ErrorHandler } from '../../react-services/error-handler'; import { ShareAgent } from '../../factories/share-agent'; -import RulesetHandler from './components/management/ruleset/utils/ruleset-handler'; +import { RulesetHandler, RulesetResources } from './components/management/ruleset/utils/ruleset-handler'; export class ManagementController { /** @@ -40,7 +40,6 @@ export class ManagementController { this.errorHandler = errorHandler; this.$interval = $interval; this.tab = 'welcome'; - this.rulesetTab = 'rules'; this.globalConfigTab = 'overview'; this.tabNames = TabNames; this.wazuhManagementTabs = ['ruleset', 'groups', 'configuration']; @@ -48,7 +47,8 @@ export class ManagementController { this.currentGroup = false; this.logtestOpened = false; this.uploadOpened = false; - this.rulesetHandler = RulesetHandler; + this.rulesetTab = RulesetResources.RULES; + this.$scope.$on('setCurrentGroup', (ev, params) => { this.currentGroup = (params || {}).currentGroup || false; @@ -209,7 +209,7 @@ export class ManagementController { this.uploadFilesProps = { msg: this.$scope.mctrl.rulesetTab, path: `etc/${this.$scope.mctrl.rulesetTab}`, - upload: (files, path) => this.uploadFiles(files, path) + upload: (files) => this.uploadFiles(files, this.$scope.mctrl.rulesetTab) }; } @@ -340,7 +340,7 @@ export class ManagementController { this.rulesetTab = tab; this.globalRulesetTab = this.rulesetTab; this.managingFiles = false; - this.refreshUploadFileProps(); + //this.refreshUploadFileProps(); if (!flag) { this.breadCrumbBack(); } @@ -446,30 +446,25 @@ export class ManagementController { this.uploadFilesProps = { msg: this.rulesetTab, path: `etc/${this.rulesetTab}`, - upload: (files, path) => this.uploadFiles(files, path) + upload: (files) => this.uploadFiles(files, this.rulesetTab) }; } /** - * Uploads the files + * Uploads the filess * @param {Array} files * @param {String} path */ - async uploadFiles(files, path) { + async uploadFiles(files, resource) { try { this.errors = false; this.results = []; - if (path === 'etc/rules') { - this.upload = this.rulesetHandler.sendRuleConfiguration; - } else if (path === 'etc/decoders') { - this.upload = this.rulesetHandler.sendDecoderConfiguration; - } else { - this.upload = this.rulesetHandler.sendCdbList; - } + const rulesetHandler = new RulesetHandler(resource); + for (let idx in files) { const { file, content } = files[idx]; try { - await this.upload(file, content, true); // True does not overwrite the file + await rulesetHandler.updateFile(file, content, true); // True does not overwrite the file this.results.push({ index: idx, uploaded: true, diff --git a/public/react-services/wz-user-permissions.test.ts b/public/react-services/wz-user-permissions.test.ts index 91107a9f2c..17e72b6399 100644 --- a/public/react-services/wz-user-permissions.test.ts +++ b/public/react-services/wz-user-permissions.test.ts @@ -281,5 +281,34 @@ describe('Wazuh User Permissions', () => { expect(result).toEqual(false); }); }); + + describe('Should return all the required permissions to update decoder file', () => { + const requiredAgentView = [ + { + action: 'decoders:update', + resource: 'decoder:file:*', + }, + { + action: 'decoders:read', + resource: 'decoder:file:*', + }, + ]; + const userAgent1 = { + 'decoders:update': { + '*:*:*': 'allow', + }, + 'decoders:read': { + 'decoder:file:*': 'allow', + }, + rbac_mode: 'white', + }; + it('Should return OK for all agents and groups', () => { + const result = WzUserPermissions.checkMissingUserPermissions( + requiredAgentView, + userAgent1 + ); + expect(result).toEqual(false); + }); + }); }); }); diff --git a/public/react-services/wz-user-permissions.ts b/public/react-services/wz-user-permissions.ts index 1ea51d723f..dbe40b8d19 100644 --- a/public/react-services/wz-user-permissions.ts +++ b/public/react-services/wz-user-permissions.ts @@ -21,6 +21,8 @@ export class WzUserPermissions{ const missingOrPermissions = WzUserPermissions.checkMissingUserPermissions(permission, userPermissions); return Array.isArray(missingOrPermissions) ? missingOrPermissions.length === permission.length : missingOrPermissions; } + + const actionName = typeof permission === 'string' ? permission : permission.action; let actionResource = (typeof permission === 'string' && wazuhPermissions[actionName].resources.length === 1) ? (wazuhPermissions[actionName].resources[0] + ':*') : permission.resource; const actionResourceAll = actionResource diff --git a/public/services/config-handler.js b/public/services/config-handler.js index 1e20fb93ba..fc031d22f8 100644 --- a/public/services/config-handler.js +++ b/public/services/config-handler.js @@ -25,8 +25,8 @@ export class ConfigHandler { async saveManagerConfiguration(content) { try { const result = await WzRequest.apiReq( - 'POST', - `/manager/files?path=etc/ossec.conf&overwrite=true`, + 'PUT', + `/manager/configuration`, { content, origin: 'xmleditor' } ); return result; @@ -44,7 +44,7 @@ export class ConfigHandler { try { const result = await WzRequest.apiReq( 'PUT', - `/cluster/${node}/files?path=etc/ossec.conf&overwrite=true`, + `/cluster/${node}/configuration`, { content, origin: 'xmleditor' } ); return result; diff --git a/server/lib/api-request-list.json b/server/lib/api-request-list.json index b1d9a2c409..29d0a44ebc 100644 --- a/server/lib/api-request-list.json +++ b/server/lib/api-request-list.json @@ -906,7 +906,7 @@ { "name": "/cluster/:node_id/configuration", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_configuration_node", - "description": "Return wazuh configuration used in node {node_id}", + "description": "Return wazuh configuration used in node {node_id}. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get node config", "tags": [ "Cluster" @@ -939,6 +939,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "section", "description": "Indicates the wazuh configuration section", @@ -1085,53 +1093,6 @@ } ] }, - { - "name": "/cluster/:node_id/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_files_node", - "description": "Return file contents from any file in the specified node", - "summary": "Get node file content", - "tags": [ - "Cluster" - ], - "args": [ - { - "name": ":node_id", - "description": "Cluster node name", - "required": true, - "schema": { - "type": "string", - "format": "names" - } - } - ], - "query": [ - { - "name": "path", - "description": "Filepath to return file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "etc_and_ruleset_file_path" - } - }, - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false - } - } - ] - }, { "name": "/cluster/:node_id/info", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_info_node", @@ -1948,7 +1909,7 @@ "description": "Filter by relative directory name", "schema": { "type": "string", - "format": "etc_and_ruleset_path" + "format": "get_dirnames_path" } }, { @@ -2055,7 +2016,7 @@ "description": "Filter by relative directory name", "schema": { "type": "string", - "format": "etc_and_ruleset_path" + "format": "get_dirnames_path" } }, { @@ -2098,21 +2059,21 @@ ] }, { - "name": "/decoders/files/:filename/download", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_download_file", - "description": "Download an specified decoder file", - "summary": "Download decoder", + "name": "/decoders/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_file", + "description": "Get the content of a specified decoder file", + "summary": "Get decoders file content", "tags": [ "Decoders" ], "args": [ { "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", "required": true, - "description": "Filename to download", "schema": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\w\\-]+\\.xml$" } } ], @@ -2125,6 +2086,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "wait_for_complete", "description": "Disable timeout response", @@ -4151,7 +4120,7 @@ "name": "/lists", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_lists", "description": "Return the contents of all CDB lists. Optionally, the result can be filtered by several criteria. See available parameters for more details", - "summary": "Get CDB lists", + "summary": "Get CDB lists info", "tags": [ "Lists" ], @@ -4201,7 +4170,7 @@ "description": "Filter by relative directory name", "schema": { "type": "string", - "format": "etc_and_ruleset_path" + "format": "get_dirnames_path" } }, { @@ -4295,7 +4264,7 @@ "description": "Filter by relative directory name", "schema": { "type": "string", - "format": "etc_and_ruleset_path" + "format": "get_dirnames_path" } }, { @@ -4324,6 +4293,52 @@ } ] }, + { + "name": "/lists/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_file", + "description": "Return the content of a CDB list file. Only the filename can be specified. It will be searched recursively if not found", + "summary": "Get CDB list file content", + "tags": [ + "Lists" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (CDB list) to get/edit/delete.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\-\\w]+$" + } + } + ], + "query": [ + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, { "name": "/manager/api/config", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_api_config", @@ -4354,7 +4369,7 @@ { "name": "/manager/configuration", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_configuration", - "description": "Return wazuh configuration used", + "description": "Return wazuh configuration used. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get configuration", "tags": [ "Manager" @@ -4376,6 +4391,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "section", "description": "Indicates the wazuh configuration section", @@ -4540,42 +4563,6 @@ } ] }, - { - "name": "/manager/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_files", - "description": "Return file contents from any file", - "summary": "Get file content", - "tags": [ - "Manager" - ], - "query": [ - { - "name": "path", - "description": "Filepath to return file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "etc_and_ruleset_file_path" - } - }, - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false - } - } - ] - }, { "name": "/manager/info", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_info", @@ -5351,7 +5338,7 @@ "description": "Filter by relative directory name", "schema": { "type": "string", - "format": "etc_and_ruleset_path" + "format": "get_dirnames_path" } }, { @@ -5435,12 +5422,12 @@ "query": [ { "name": "filename", - "description": "Filter by filename", + "description": "Filter by filename of one or more rule or decoder files.", "schema": { "type": "array", "items": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\w\\-]+\\.xml(,[\\w\\-]+\\.xml)*$" } } }, @@ -5478,7 +5465,7 @@ "description": "Filter by relative directory name", "schema": { "type": "string", - "format": "etc_and_ruleset_path" + "format": "get_dirnames_path" } }, { @@ -5521,21 +5508,21 @@ ] }, { - "name": "/rules/files/:filename/download", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_download_file", - "description": "Download an specified rule file", - "summary": "Download rule", + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_file", + "description": "Get the content of a specified rule in the ruleset", + "summary": "Get rules file content", "tags": [ "Rules" ], "args": [ { "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", "required": true, - "description": "Filename to download", "schema": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\w\\-]+\\.xml$" } } ], @@ -5548,6 +5535,14 @@ "default": false } }, + { + "name": "raw", + "description": "Format response in plain text", + "required": false, + "schema": { + "type": "boolean" + } + }, { "name": "wait_for_complete", "description": "Disable timeout response", @@ -6169,9 +6164,8 @@ "agent:id", "group:id", "node:id", - "file:path", "decoder:file", - "list:path", + "list:file", "rule:file", "policy:id", "role:id", @@ -6336,7 +6330,7 @@ { "name": "/security/user/authenticate", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user", - "description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 3600). This value can be changed using PUT /security/config", + "description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login", "tags": [ "Security" @@ -8466,7 +8460,7 @@ "required": true, "schema": { "type": "string", - "format": "path" + "format": "wazuh_path" } }, { @@ -8496,10 +8490,10 @@ ] }, { - "name": "/cluster/:node_id/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_files_node", - "description": "Replace file contents with the data contained in the API request for the specified node", - "summary": "Update node file content", + "name": "/cluster/:node_id/configuration", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.update_configuration", + "description": "Replace wazuh configuration for the given node with the data contained in the API request", + "summary": "Update node configuration", "tags": [ "Cluster" ], @@ -8515,23 +8509,6 @@ } ], "query": [ - { - "name": "overwrite", - "description": "If set to false, an exception will be raised when updating contents of an already existing filename", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "path", - "description": "Filepath to upload/delete file. (Relative to wazuh installation folder)", - "required": true, - "schema": { - "type": "string", - "format": "etc_file_path" - } - }, { "name": "pretty", "description": "Show results in human-readable format", @@ -8551,10 +8528,10 @@ ] }, { - "name": "/cluster/api/config", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_api_config", - "description": "Update the API configuration of all nodes (or a list of them) with the data contained in the API request", - "summary": "Update nodes API config", + "name": "/cluster/restart", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_restart", + "description": "Restart all nodes in the cluster or a list of them", + "summary": "Restart nodes", "tags": [ "Cluster" ], @@ -8585,145 +8562,34 @@ "default": false } } - ], - "body": [ - { - "type": "object", - "minProperties": 1, - "additionalProperties": false, - "properties": { - "access": { - "description": "API Security Options", - "type": "object", - "additionalProperties": false, - "properties": { - "max_login_attempts": { - "description": "Maximum number of login attempts in {block_time} seconds", - "type": "integer", - "format": "int32", - "minimum": 1, - "example": 50 - }, - "block_time": { - "description": "Blocking time for IPs that have exceeded {max_login_attempts}. Time counts from the first attempt", - "type": "integer", - "format": "int32", - "minimum": 0, - "example": 300 - }, - "max_request_per_minute": { - "description": "Maximum number of requests allowed per minute", - "type": "integer", - "format": "int32", - "minimum": 1, - "example": 300 - } - } - }, - "behind_proxy_server": { - "description": "Set this option to 'yes' in case the API is running behind a proxy server", - "type": "boolean", - "default": false - }, - "logs": { - "type": "object", - "additionalProperties": false, - "properties": { - "level": { - "description": "Verbosity level of API logs", - "default": "info", - "type": "string", - "enum": [ - "disabled", - "info", - "warning", - "error", - "debug", - "debug2" - ] - } - } - }, - "cache": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "description": "Enable cache", - "type": "boolean", - "default": true - }, - "time": { - "description": "Cache expiration time in seconds", - "type": "number", - "format": "double", - "minimum": 0, - "example": 0.75 - } - } - }, - "cors": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "description": "Enable CORS", - "type": "boolean", - "default": false - }, - "source_route": { - "description": "Sources for which the resources will be available. For example 'http://client.example.org'", - "type": "string", - "example": "*" - }, - "expose_headers": { - "description": "Which headers can be exposed as part of the response", - "type": "string", - "example": "*" - }, - "allow_headers": { - "description": "Which HTTP headers can be used during the actual request", - "type": "string", - "example": "*" - }, - "allow_credentials": { - "description": "Browsers will only expose the response to frontend JavaScript code if this is enabled", - "type": "boolean", - "default": false - } - } - }, - "use_only_authd": { - "description": "Force the use of authd when adding and removing agents", - "type": "boolean", - "default": false - }, - "experimental_features": { - "description": "Enable features under development", - "type": "boolean", - "default": false - } - } - } ] }, { - "name": "/cluster/restart", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_restart", - "description": "Restart all nodes in the cluster or a list of them", - "summary": "Restart nodes", + "name": "/decoders/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.put_file", + "description": "Upload or replace a user decoder file content", + "summary": "Update decoders file", "tags": [ - "Cluster" + "Decoders" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" + } + } ], "query": [ { - "name": "nodes_list", - "description": "List of node IDs (separated by comma), all nodes selected by default if not specified", + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", "schema": { - "type": "array", - "items": { - "type": "string" - } + "type": "boolean", + "default": false } }, { @@ -8784,23 +8650,69 @@ ] }, { - "name": "/logtest", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.run_logtest_tool", - "description": "Run logtest tool to check if a specified log raises any alert among other information", - "summary": "Run logtest", + "name": "/lists/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.put_file", + "description": "Replace or upload a CDB list file with the data contained in the API request", + "summary": "Update CDB list file", "tags": [ - "Logtest" + "Lists" ], - "query": [ + "args": [ { - "name": "pretty", - "description": "Show results in human-readable format", + "name": ":filename", + "description": "Filename (CDB list) to get/edit/delete.", + "required": true, "schema": { - "type": "boolean", - "default": false + "type": "string", + "pattern": "^[\\-\\w]+$" } - }, - { + } + ], + "query": [ + { + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "wait_for_complete", + "description": "Disable timeout response", + "schema": { + "type": "boolean", + "default": false + } + } + ] + }, + { + "name": "/logtest", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.run_logtest_tool", + "description": "Run logtest tool to check if a specified log raises any alert among other information", + "summary": "Run logtest", + "tags": [ + "Logtest" + ], + "query": [ + { + "name": "pretty", + "description": "Show results in human-readable format", + "schema": { + "type": "boolean", + "default": false + } + }, + { "name": "wait_for_complete", "description": "Disable timeout response", "schema": { @@ -8839,10 +8751,10 @@ ] }, { - "name": "/manager/api/config", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.put_api_config", - "description": "Update local API configuration with the data contained in the API request", - "summary": "Update API config", + "name": "/manager/configuration", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.update_configuration", + "description": "Replace Wazuh configuration with the data contained in the API request", + "summary": "Update Wazuh configuration", "tags": [ "Manager" ], @@ -8863,152 +8775,28 @@ "default": false } } - ], - "body": [ - { - "type": "object", - "minProperties": 1, - "additionalProperties": false, - "properties": { - "access": { - "description": "API Security Options", - "type": "object", - "additionalProperties": false, - "properties": { - "max_login_attempts": { - "description": "Maximum number of login attempts in {block_time} seconds", - "type": "integer", - "format": "int32", - "minimum": 1, - "example": 50 - }, - "block_time": { - "description": "Blocking time for IPs that have exceeded {max_login_attempts}. Time counts from the first attempt", - "type": "integer", - "format": "int32", - "minimum": 0, - "example": 300 - }, - "max_request_per_minute": { - "description": "Maximum number of requests allowed per minute", - "type": "integer", - "format": "int32", - "minimum": 1, - "example": 300 - } - } - }, - "behind_proxy_server": { - "description": "Set this option to 'yes' in case the API is running behind a proxy server", - "type": "boolean", - "default": false - }, - "logs": { - "type": "object", - "additionalProperties": false, - "properties": { - "level": { - "description": "Verbosity level of API logs", - "default": "info", - "type": "string", - "enum": [ - "disabled", - "info", - "warning", - "error", - "debug", - "debug2" - ] - } - } - }, - "cache": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "description": "Enable cache", - "type": "boolean", - "default": true - }, - "time": { - "description": "Cache expiration time in seconds", - "type": "number", - "format": "double", - "minimum": 0, - "example": 0.75 - } - } - }, - "cors": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "description": "Enable CORS", - "type": "boolean", - "default": false - }, - "source_route": { - "description": "Sources for which the resources will be available. For example 'http://client.example.org'", - "type": "string", - "example": "*" - }, - "expose_headers": { - "description": "Which headers can be exposed as part of the response", - "type": "string", - "example": "*" - }, - "allow_headers": { - "description": "Which HTTP headers can be used during the actual request", - "type": "string", - "example": "*" - }, - "allow_credentials": { - "description": "Browsers will only expose the response to frontend JavaScript code if this is enabled", - "type": "boolean", - "default": false - } - } - }, - "use_only_authd": { - "description": "Force the use of authd when adding and removing agents", - "type": "boolean", - "default": false - }, - "experimental_features": { - "description": "Enable features under development", - "type": "boolean", - "default": false - } - } - } ] }, { - "name": "/manager/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.put_files", - "description": "Replace file contents with the data contained in the API request", - "summary": "Update file content", + "name": "/rootcheck", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.put_rootcheck", + "description": "Run rootcheck scan in all agents or a list of them", + "summary": "Run scan", "tags": [ - "Manager" + "Rootcheck" ], "query": [ { - "name": "overwrite", - "description": "If set to false, an exception will be raised when updating contents of an already existing filename", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "path", - "description": "Filepath to upload/delete file. (Relative to wazuh installation folder)", - "required": true, + "name": "agents_list", + "description": "List of agent IDs (separated by comma), all agents selected by default if not specified", "schema": { - "type": "string", - "format": "etc_file_path" + "type": "array", + "items": { + "type": "string", + "minLength": 3, + "description": "Agent ID", + "format": "numbers" + } } }, { @@ -9030,14 +8818,33 @@ ] }, { - "name": "/manager/restart", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.put_restart", - "description": "Restart the wazuh manager", - "summary": "Restart manager", + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.put_file", + "description": "Upload or replace a user ruleset file content", + "summary": "Update rules file", "tags": [ - "Manager" + "Rules" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" + } + } ], "query": [ + { + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", + "schema": { + "type": "boolean", + "default": false + } + }, { "name": "pretty", "description": "Show results in human-readable format", @@ -9057,25 +8864,31 @@ ] }, { - "name": "/rootcheck", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.put_rootcheck", - "description": "Run rootcheck scan in all agents or a list of them", - "summary": "Run scan", + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.put_file", + "description": "Upload or replace a user ruleset file content", + "summary": "Update rules file", "tags": [ - "Rootcheck" + "Rules" + ], + "args": [ + { + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, + "schema": { + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" + } + } ], "query": [ { - "name": "agents_list", - "description": "List of agent IDs (separated by comma), all agents selected by default if not specified", + "name": "overwrite", + "description": "If set to false, an exception will be raised when updating contents of an already existing filename", "schema": { - "type": "array", - "items": { - "type": "string", - "minLength": 3, - "description": "Agent ID", - "format": "numbers" - } + "type": "boolean", + "default": false } }, { @@ -9132,7 +8945,7 @@ "type": "integer", "format": "int32", "minimum": 30, - "example": 3600 + "example": 900 }, "rbac_mode": { "description": "RBAC mode (white/black)", @@ -9906,7 +9719,7 @@ { "name": "/security/user/authenticate/run_as", "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user", - "description": "This method should be called to get an API token using an authorization context body. This token will expire after auth_token_exp_timeout seconds (default: 3600). This value can be changed using PUT /security/config", + "description": "This method should be called to get an API token using an authorization context body. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login auth_context", "tags": [ "Security" @@ -10271,71 +10084,25 @@ ] }, { - "name": "/cluster/:node_id/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.delete_files_node", - "description": "Delete a file in the specified node", - "summary": "Delete node file", + "name": "/decoders/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.decoder_controller.delete_file", + "description": "Delete a specified decoder file", + "summary": "Delete decoders file", "tags": [ - "Cluster" + "Decoders" ], "args": [ { - "name": ":node_id", - "description": "Cluster node name", - "required": true, - "schema": { - "type": "string", - "format": "names" - } - } - ], - "query": [ - { - "name": "path", - "description": "Filepath to upload/delete file. (Relative to wazuh installation folder)", + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", "required": true, "schema": { "type": "string", - "format": "etc_file_path" - } - }, - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false + "pattern": "^[\\w\\-]+\\.xml$" } } - ] - }, - { - "name": "/cluster/api/config", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cluster_controller.delete_api_config", - "description": "Restore the default API configuration of all nodes (or a list of them)", - "summary": "Restore nodes default API config", - "tags": [ - "Cluster" ], "query": [ - { - "name": "nodes_list", - "description": "List of node IDs (separated by comma), all nodes selected by default if not specified", - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, { "name": "pretty", "description": "Show results in human-readable format", @@ -10437,21 +10204,21 @@ ] }, { - "name": "/logtest/sessions/:token", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.end_logtest_session", - "description": "Delete the saved logtest session corresponding to {token}", - "summary": "End session", + "name": "/lists/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.delete_file", + "description": "Delete a specified CDB list file. Only the filename can be specified. It will be searched recursively if not found", + "summary": "Delete CDB list file", "tags": [ - "Logtest" + "Lists" ], "args": [ { - "name": ":token", - "description": "Token of the logtest saved session", + "name": ":filename", + "description": "Filename (CDB list) to get/edit/delete.", "required": true, "schema": { "type": "string", - "format": "alphanumeric" + "pattern": "^[\\-\\w]+$" } } ], @@ -10475,12 +10242,23 @@ ] }, { - "name": "/manager/api/config", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.delete_api_config", - "description": "Restore default local API configuration", - "summary": "Restore default API config", + "name": "/logtest/sessions/:token", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.logtest_controller.end_logtest_session", + "description": "Delete the saved logtest session corresponding to {token}", + "summary": "End session", "tags": [ - "Manager" + "Logtest" + ], + "args": [ + { + "name": ":token", + "description": "Token of the logtest saved session", + "required": true, + "schema": { + "type": "string", + "format": "alphanumeric" + } + } ], "query": [ { @@ -10502,21 +10280,25 @@ ] }, { - "name": "/manager/files", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.manager_controller.delete_files", - "description": "Delete a specified file", - "summary": "Delete file", + "name": "/rootcheck", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.delete_rootcheck", + "description": "Clear rootcheck database for all agents or a list of them", + "summary": "Clear results", "tags": [ - "Manager" + "Rootcheck" ], "query": [ { - "name": "path", - "description": "Filepath to upload/delete file. (Relative to wazuh installation folder)", - "required": true, + "name": "agents_list", + "description": "List of agent IDs (separated by comma), all agents selected by default if not specified", "schema": { - "type": "string", - "format": "etc_file_path" + "type": "array", + "items": { + "type": "string", + "minLength": 3, + "description": "Agent ID", + "format": "numbers" + } } }, { @@ -10538,27 +10320,25 @@ ] }, { - "name": "/rootcheck", - "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.delete_rootcheck", - "description": "Clear rootcheck database for all agents or a list of them", - "summary": "Clear results", + "name": "/rules/files/:filename", + "documentation": "https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.rule_controller.delete_file", + "description": "Delete a specified rule file", + "summary": "Delete rules file", "tags": [ - "Rootcheck" + "Rules" ], - "query": [ + "args": [ { - "name": "agents_list", - "description": "List of agent IDs (separated by comma), all agents selected by default if not specified", + "name": ":filename", + "description": "Filename (rule or decoder) to download/upload/edit file.", + "required": true, "schema": { - "type": "array", - "items": { - "type": "string", - "minLength": 3, - "description": "Agent ID", - "format": "numbers" - } + "type": "string", + "pattern": "^[\\w\\-]+\\.xml$" } - }, + } + ], + "query": [ { "name": "pretty", "description": "Show results in human-readable format",