diff --git a/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh b/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh new file mode 100644 index 0000000000..83b32e8fce --- /dev/null +++ b/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh @@ -0,0 +1,22 @@ +GITHUB_PUSH_SECRET=$1 +GITHUB_USER=$2 +DOCKER_IMAGE_NAME=$3 +BUILD_CONTEXT=$4 +DOCKERFILE_PATH="$BUILD_CONTEXT/Dockerfile" +if [ -n "$5" ]; then + DOCKER_IMAGE_TAG=$5 +else + DOCKER_IMAGE_TAG="latest" +fi +GITHUB_REPOSITORY="wazuh/wazuh-packages" +GITHUB_OWNER="wazuh" +IMAGE_ID=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} +IMAGE_ID=$(echo ${IMAGE_ID} | tr '[A-Z]' '[a-z]') + +# Login to GHCR +echo ${GITHUB_PUSH_SECRET} | docker login https://ghcr.io -u $GITHUB_USER --password-stdin + +# Build image +echo build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} +docker build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} +docker push ${IMAGE_ID} \ No newline at end of file diff --git a/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh b/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh new file mode 100644 index 0000000000..03f4e60910 --- /dev/null +++ b/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh @@ -0,0 +1,19 @@ +GITHUB_PUSH_SECRET=$1 +GITHUB_USER=$2 +DOCKER_IMAGE_NAME=$3 +if [ -n "$4" ]; then + DOCKER_IMAGE_TAG="$4" +else + DOCKER_IMAGE_TAG="latest" +fi +GITHUB_REPOSITORY="wazuh/wazuh-packages" +GITHUB_OWNER="wazuh" +IMAGE_ID=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} +IMAGE_ID=$(echo ${IMAGE_ID} | tr '[A-Z]' '[a-z]') + +# Login to GHCR +echo ${GITHUB_PUSH_SECRET} | docker login https://ghcr.io -u $GITHUB_USER --password-stdin + +# Pull and rename image +docker pull ${IMAGE_ID} +docker image tag ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} ${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} diff --git a/.github/actions/offline-installation/common.sh b/.github/actions/offline-installation/common.sh new file mode 100644 index 0000000000..7042ae644d --- /dev/null +++ b/.github/actions/offline-installation/common.sh @@ -0,0 +1,311 @@ +#!/bin/bash + +function check_package() { + + if [ "${sys_type}" == "deb" ]; then + if ! apt list --installed 2>/dev/null | grep -q "${1}"; then + echo "INFO: The package "${1}" is not installed." + return 1 + fi + elif [ "${sys_type}" == "rpm" ]; then + if ! yum list installed 2>/dev/null | grep -q "${1}"; then + echo "INFO: The package "${1}" is not installed." + return 1 + fi + fi + return 0 + +} + +function check_system() { + + if [ -n "$(command -v yum)" ]; then + sys_type="rpm" + echo "INFO: RPM system detected." + elif [ -n "$(command -v apt-get)" ]; then + sys_type="deb" + echo "INFO: DEB system detected." + else + echo "ERROR: could not detect the system." + exit 1 + fi + +} + +function check_file() { + + if [ ! -f "${1}" ]; then + echo "ERROR: The ${1} file could not be downloaded." + exit 1 + fi + +} + +function check_shards() { + + retries=0 + until [ "$(curl -s -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" | grep "number_of_shards")" ] || [ "${retries}" -eq 5 ]; do + sleep 5 + retries=$((retries+1)) + done + + if [ ${retries} -eq 5 ]; then + echo "ERROR: Could not get the number of shards." + exit 1 + fi + curl -s -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" + echo "INFO: Number of shards detected." + +} + +function dashboard_installation() { + + install_package "wazuh-dashboard" + check_package "wazuh-dashboard" + + echo "INFO: Generating certificates of the Wazuh dashboard..." + NODE_NAME=dashboard + mkdir /etc/wazuh-dashboard/certs + mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem + mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem + cp wazuh-certificates/root-ca.pem /etc/wazuh-dashboard/certs/ + chmod 500 /etc/wazuh-dashboard/certs + chmod 400 /etc/wazuh-dashboard/certs/* + chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs + + if [ "${sys_type}" == "deb" ]; then + enable_start_service "wazuh-dashboard" + elif [ "${sys_type}" == "rpm" ]; then + /usr/share/wazuh-dashboard/bin/opensearch-dashboards "-c /etc/wazuh-dashboard/opensearch_dashboards.yml" --allow-root > /dev/null 2>&1 & + fi + + sleep 10 + # In this context, 302 HTTP code refers to SSL certificates warning: success. + if [ "$(curl -k -s -I -w "%{http_code}" https://localhost -o /dev/null --fail)" -ne "302" ]; then + echo "ERROR: The Wazuh dashboard installation has failed." + exit 1 + fi + echo "INFO: The Wazuh dashboard is ready." + +} + +function download_resources() { + + check_file "${ABSOLUTE_PATH}"/wazuh-install.sh + bash "${ABSOLUTE_PATH}"/wazuh-install.sh -dw "${sys_type}" + echo "INFO: Downloading the resources..." + + curl -sO https://packages.wazuh.com/4.3/config.yml + check_file "config.yml" + + sed -i -e '0,// s//127.0.0.1/' config.yml + sed -i -e '0,// s//127.0.0.1/' config.yml + sed -i -e '0,// s//127.0.0.1/' config.yml + + curl -sO https://packages.wazuh.com/4.3/wazuh-certs-tool.sh + check_file "wazuh-certs-tool.sh" + chmod 744 wazuh-certs-tool.sh + ./wazuh-certs-tool.sh --all + + tar xf wazuh-offline.tar.gz + echo "INFO: Download finished." + + if [ ! -d ./wazuh-offline ]; then + echo "ERROR: Could not download the resources." + exit 1 + fi + +} + +function enable_start_service() { + + systemctl daemon-reload + systemctl enable "${1}" + systemctl start "${1}" + + retries=0 + until [ "$(systemctl status "${1}" | grep "active")" ] || [ "${retries}" -eq 3 ]; do + sleep 2 + retries=$((retries+1)) + systemctl start "${1}" + done + + if [ ${retries} -eq 3 ]; then + echo "ERROR: The "${1}" service could not be started." + exit 1 + fi + +} + +function filebeat_installation() { + + install_package "filebeat" + check_package "filebeat" + + cp ./wazuh-offline/wazuh-files/filebeat.yml /etc/filebeat/ &&\ + cp ./wazuh-offline/wazuh-files/wazuh-template.json /etc/filebeat/ &&\ + chmod go+r /etc/filebeat/wazuh-template.json + + sed -i 's|\("index.number_of_shards": \)".*"|\1 "1"|' /etc/filebeat/wazuh-template.json + filebeat keystore create + echo admin | filebeat keystore add username --stdin --force + echo admin | filebeat keystore add password --stdin --force + tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.2.tar.gz -C /usr/share/filebeat/module + + echo "INFO: Generating certificates of Filebeat..." + NODE_NAME=wazuh-1 + mkdir /etc/filebeat/certs + mv -n wazuh-certificates/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem + mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem + cp wazuh-certificates/root-ca.pem /etc/filebeat/certs/ + chmod 500 /etc/filebeat/certs + chmod 400 /etc/filebeat/certs/* + chown -R root:root /etc/filebeat/certs + + if [ "${sys_type}" == "deb" ]; then + enable_start_service "filebeat" + elif [ "${sys_type}" == "rpm" ]; then + /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat & + fi + + sleep 10 + check_shards + eval "filebeat test output" + if [ "${PIPESTATUS[0]}" != 0 ]; then + echo "ERROR: The Filebeat installation has failed." + exit 1 + fi + +} + +function indexer_initialize() { + + retries=0 + until [ "$(cat /var/log/wazuh-indexer/wazuh-cluster.log | grep "Node started")" ] || [ "${retries}" -eq 5 ]; do + sleep 5 + retries=$((retries+1)) + done + + if [ ${retries} -eq 5 ]; then + echo "ERROR: The indexer node is not started." + exit 1 + fi + /usr/share/wazuh-indexer/bin/indexer-security-init.sh + +} + +function indexer_installation() { + + if [ "${sys_type}" == "rpm" ]; then + rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH + fi + + install_package "wazuh-indexer" + check_package "wazuh-indexer" + + echo "INFO: Generating certificates of the Wazuh indexer..." + NODE_NAME=node-1 + mkdir /etc/wazuh-indexer/certs + mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem + mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem + mv wazuh-certificates/admin-key.pem /etc/wazuh-indexer/certs/ + mv wazuh-certificates/admin.pem /etc/wazuh-indexer/certs/ + cp wazuh-certificates/root-ca.pem /etc/wazuh-indexer/certs/ + chmod 500 /etc/wazuh-indexer/certs + chmod 400 /etc/wazuh-indexer/certs/* + chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs + + sed -i 's|\(network.host: \)"0.0.0.0"|\1"127.0.0.1"|' /etc/wazuh-indexer/opensearch.yml + + if [ "${sys_type}" == "rpm" ]; then + runuser "wazuh-indexer" --shell="/bin/bash" --command="OPENSEARCH_PATH_CONF=/etc/wazuh-indexer /usr/share/wazuh-indexer/bin/opensearch" > /dev/null 2>&1 & + sleep 5 + elif [ "${sys_type}" == "deb" ]; then + enable_start_service "wazuh-indexer" + fi + + indexer_initialize + sleep 10 + eval "curl -s -XGET https://localhost:9200 -u admin:admin -k --fail" + if [ "${PIPESTATUS[0]}" != 0 ]; then + echo "ERROR: The Wazuh indexer installation has failed." + exit 1 + fi + +} + +function install_dependencies() { + + if [ "${sys_type}" == "rpm" ]; then + dependencies=( util-linux initscripts openssl ) + not_installed=() + for dep in "${dependencies[@]}"; do + if [ "${dep}" == "openssl" ]; then + if ! yum list installed 2>/dev/null | grep -q "${dep}\.";then + not_installed+=("${dep}") + fi + elif ! yum list installed 2>/dev/null | grep -q "${dep}";then + not_installed+=("${dep}") + fi + done + + if [ "${#not_installed[@]}" -gt 0 ]; then + echo "--- Dependencies ---" + for dep in "${not_installed[@]}"; do + echo "Installing $dep." + eval "yum install ${dep} -y" + if [ "${PIPESTATUS[0]}" != 0 ]; then + echo "ERROR: Cannot install dependency: ${dep}." + exit 1 + fi + done + fi + + elif [ "${sys_type}" == "deb" ]; then + eval "apt-get update -q > /dev/null" + dependencies=( openssl ) + not_installed=() + + for dep in "${dependencies[@]}"; do + if ! apt list --installed 2>/dev/null | grep -q "${dep}"; then + not_installed+=("${dep}") + fi + done + + if [ "${#not_installed[@]}" -gt 0 ]; then + echo "--- Dependencies ----" + for dep in "${not_installed[@]}"; do + echo "Installing $dep." + apt-get install -y "${dep}" + if [ "${install_result}" != 0 ]; then + echo "ERROR: Cannot install dependency: ${dep}." + exit 1 + fi + done + fi + fi + +} + +function install_package() { + + if [ "${sys_type}" == "deb" ]; then + dpkg -i ./wazuh-offline/wazuh-packages/"${1}"*.deb + elif [ "${sys_type}" == "rpm" ]; then + rpm -ivh ./wazuh-offline/wazuh-packages/"${1}"*.rpm + fi + +} + +function manager_installation() { + + install_package "wazuh-manager" + check_package "wazuh-manager" + + if [ "${sys_type}" == "deb" ]; then + enable_start_service "wazuh-manager" + elif [ "${sys_type}" == "rpm" ]; then + /var/ossec/bin/wazuh-control start + fi + +} diff --git a/.github/actions/offline-installation/offline-installation.sh b/.github/actions/offline-installation/offline-installation.sh new file mode 100644 index 0000000000..787b20bf66 --- /dev/null +++ b/.github/actions/offline-installation/offline-installation.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Gets the absolute path of the script, used to load the common.sh file +ABSOLUTE_PATH="$( cd $(dirname ${0}) ; pwd -P )" +. ${ABSOLUTE_PATH}/common.sh + +check_system +install_dependencies +download_resources + +indexer_installation +echo "INFO: Wazuh indexer installation completed." + +manager_installation +echo "INFO: Wazuh manager installation completed." + +filebeat_installation +echo "INFO: Filebeat installation completed." + +dashboard_installation +echo "INFO: Wazuh dashboard installation completed." diff --git a/.github/actions/test-install-components/install_component.sh b/.github/actions/test-install-components/install_component.sh new file mode 100644 index 0000000000..2d8ea93cc5 --- /dev/null +++ b/.github/actions/test-install-components/install_component.sh @@ -0,0 +1,35 @@ +#!/bin/bash +echo "Installing Wazuh $2." + +if [ -f /etc/os-release ]; then + source /etc/os-release + if [ "$ID" = "centos" ] && [ "$VERSION_ID" = "8" ]; then + find /etc/yum.repos.d/ -type f -exec sed -i 's/mirrorlist/#mirrorlist/g' {} \; + find /etc/yum.repos.d/ -type f -exec sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' {} \; + fi + + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then + echo "deb http://archive.debian.org/debian stretch contrib main non-free" > /etc/apt/sources.list + echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list + fi +fi + +if [ -f /etc/redhat-release ]; then + VERSION=$(cat /etc/redhat-release) + if [ "$VERSION" = "CentOS release 6.9 (Final)" ]; then + curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo + fi +fi + +if [ -n "$(command -v yum)" ]; then + sys_type="yum" +elif [ -n "$(command -v apt-get)" ]; then + sys_type="apt-get" + apt-get update + apt-get install -y systemd +else + common_logger -e "Couldn't find type of system" + exit 1 +fi + +$sys_type install -y "/packages/$1" \ No newline at end of file diff --git a/.github/workflows/add-issues-to-projects.yml b/.github/workflows/add-issues-to-projects.yml new file mode 100644 index 0000000000..9a0ecd16e4 --- /dev/null +++ b/.github/workflows/add-issues-to-projects.yml @@ -0,0 +1,25 @@ +name: Add opened issues to projects + +on: + issues: + types: + - opened + - transferred + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v0.4.0 + with: + # You can target a repository in a different organization + # to the issue + project-url: https://github.com/orgs/wazuh/projects/3 + github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} + - uses: actions/add-to-project@v0.4.0 + with: + # You can target a repository in a different organization + # to the issue + project-url: https://github.com/orgs/wazuh/projects/15 + github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml new file mode 100644 index 0000000000..febe83870d --- /dev/null +++ b/.github/workflows/build-deb-packages.yml @@ -0,0 +1,77 @@ +name: Build Wazuh Packages - DEB - amd64 and i386 +on: + pull_request: + paths: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + workflow_dispatch: + workflow_call: + +jobs: + Wazuh-agent-deb-package-build: + runs-on: ubuntu-latest + strategy: + matrix: + TYPE: [agent, manager] + ARCHITECTURE : [amd64, i386] + exclude: + - TYPE: manager + ARCHITECTURE: i386 + fail-fast: false + + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + deb_images: + - 'debs/Debian/**' + - 'debs/build.sh' + deb_images_i386: + - 'debs/Debian/i386/**' + - 'debs/build.sh' + deb_images_amd64: + - 'debs/Debian/amd64/**' + - 'debs/build.sh' + deb_packages: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + + - name: Set tag and container name + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: | + MAJOR=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION) + if [ "${{ steps.changes.outputs.deb_images }}" == "true" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$MAJOR" >> $GITHUB_ENV ; fi + if [ $MAJOR == "4.6" ]; then echo "VERSION=master" >> $GITHUB_ENV $ ; else echo "VERSION=$MAJOR" >> $GITHUB_ENV; fi + echo "CONTAINER_NAME=deb_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV + + - name: Download docker image for package building + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: | + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} $CONTAINER_NAME ${{ env.TAG }} + + - name: Build the ${{ matrix.ARCHITECTURE }} deb Wazuh ${{ matrix.TYPE }} package + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + working-directory: ./debs + run: | + REVISION="${{ github.head_ref }}" + bash generate_debian_package.sh -b ${{ env.VERSION }} -t ${{ matrix.TYPE }} -a ${{ matrix.ARCHITECTURE }} --dev -j 2 --dont-build-docker --tag ${{ env.TAG }} -r $REVISION + echo "PACKAGE_NAME=$(ls ./output | grep .deb | head -n 1)" >> $GITHUB_ENV + + - name: Upload Wazuh ${{ matrix.TYPE }} ${{ matrix.ARCHITECTURE }} package as artifact + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + uses: actions/upload-artifact@v2 + with: + name: ${{ env.PACKAGE_NAME }} + path: ${{github.workspace}}/debs/output/${{ env.PACKAGE_NAME }} + if-no-files-found: error \ No newline at end of file diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml new file mode 100644 index 0000000000..ceca955345 --- /dev/null +++ b/.github/workflows/build-rpm-packages.yml @@ -0,0 +1,78 @@ +name: Build Wazuh Packages - RPM - x86_64 and i386 +on: + pull_request: + paths: + - 'rpms/SPECS/*' + - 'rpms/generate_rpm_package.sh' + workflow_dispatch: + workflow_call: + + +jobs: + Wazuh-agent-rpm-package-build: + runs-on: ubuntu-latest + strategy: + matrix: + TYPE: [agent, manager] + ARCHITECTURE : [x86_64, i386] + exclude: + - TYPE: manager + ARCHITECTURE: i386 + fail-fast: false + + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + rpm_images: + - 'rpms/CentOS/**' + - 'rpms/build.sh' + rpm_images_i386: + - 'rpms/CentOS/6/i386/**' + - 'rpms/build.sh' + rpm_images_x86_64: + - 'rpms/CentOS/6/x86_64/**' + - 'rpms/build.sh' + rpm_packages: + - 'rpms/SPECS/**' + - 'rpms/generate_rpm_package.sh' + + - name: Set tag and container name + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: | + MAJOR=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION) + if [ "${{ steps.changes.outputs.rpm_images }}" == "true" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$MAJOR" >> $GITHUB_ENV ; fi + if [ $MAJOR == "4.6" ]; then echo "VERSION=master" >> $GITHUB_ENV $ ; else echo "VERSION=$MAJOR" >> $GITHUB_ENV; fi + if [ "${{ matrix.ARCHITECTURE }}" == "x86_64" ]; then echo "CONTAINER_NAME=rpm_builder_x86" >> $GITHUB_ENV ; else echo "CONTAINER_NAME=rpm_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; fi + + - name: Download docker image for package building + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: | + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} $CONTAINER_NAME ${{ env.TAG }} + + - name: Build the ${{ matrix.ARCHITECTURE }} rpm Wazuh ${{ matrix.TYPE }} package + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + working-directory: ./rpms + run: | + REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g' ) + bash generate_rpm_package.sh -b ${{ env.VERSION }} -t ${{ matrix.TYPE }} -a ${{ matrix.ARCHITECTURE }} --dev -j 2 --dont-build-docker --tag ${{ env.TAG }} -r $REVISION + echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV + + - name: Upload Wazuh ${{ matrix.TYPE }} ${{ matrix.ARCHITECTURE }} package as artifact + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + uses: actions/upload-artifact@v2 + with: + name: ${{ env.PACKAGE_NAME }} + path: ${{github.workspace}}/rpms/output/${{ env.PACKAGE_NAME }} + if-no-files-found: error \ No newline at end of file diff --git a/.github/workflows/clean-worflow-runs.yml b/.github/workflows/clean-worflow-runs.yml new file mode 100644 index 0000000000..cd7ee9eb08 --- /dev/null +++ b/.github/workflows/clean-worflow-runs.yml @@ -0,0 +1,19 @@ +name: Clean workflow runs +on: + schedule: + - cron: '0 0 * * 5' + workflow_dispatch: + +jobs: + Clean-runs: + runs-on: ubuntu-latest + steps: + - name: Delete workflow runs + uses: dmvict/clean-workflow-runs@v1.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + run_conclusions: | + cancelled + skipped + timed_out + save_period: 5 \ No newline at end of file diff --git a/.github/workflows/offline-installation.yml b/.github/workflows/offline-installation.yml new file mode 100644 index 0000000000..07b75cb45f --- /dev/null +++ b/.github/workflows/offline-installation.yml @@ -0,0 +1,64 @@ +name: Offline installation test +on: + pull_request: + paths: + - 'unattended_installer/install_functions/wazuh-offline-download.sh' + +jobs: + Build-wazuh-install-script: + runs-on: ubuntu-latest + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v2 + + - name: Build wazuh-install script and use pre-release packages + working-directory: ./unattended_installer + run: | + bash builder.sh -i -d + sed -i 's|wazuh_major="4\.5"|wazuh_major="4\.4"|g' wazuh-install.sh + sed -i 's|wazuh_version="4\.5\(.*\)"|wazuh_version="4\.4\1"|g' wazuh-install.sh + + - uses: actions/upload-artifact@v3 + with: + name: script + path: | + unattended_installer/wazuh-install.sh + if-no-files-found: error + + Test-offline-installation-debian: + runs-on: ubuntu-latest + needs: Build-wazuh-install-script + steps: + - uses: actions/checkout@v2 + + - uses: actions/download-artifact@v3 + with: + name: script + + - name: Move unattended script + run: cp $GITHUB_WORKSPACE/wazuh-install.sh $GITHUB_WORKSPACE/.github/actions/offline-installation/wazuh-install.sh + + - name: Run script + run: sudo bash $GITHUB_WORKSPACE/.github/actions/offline-installation/offline-installation.sh + + Test-offline-installation-rpm: + runs-on: ubuntu-latest + needs: Build-wazuh-install-script + steps: + - uses: actions/checkout@v2 + + - uses: actions/download-artifact@v3 + with: + name: script + + - name: Move unattended script + run: cp $GITHUB_WORKSPACE/wazuh-install.sh $GITHUB_WORKSPACE/.github/actions/offline-installation/wazuh-install.sh + + - name: Launch docker and run script + run: sudo docker run -v $GITHUB_WORKSPACE/.github/actions/offline-installation/:/tests centos:centos7 bash /tests/offline-installation.sh diff --git a/.github/workflows/test-install-deb.yml b/.github/workflows/test-install-deb.yml new file mode 100644 index 0000000000..bd1fadc7fa --- /dev/null +++ b/.github/workflows/test-install-deb.yml @@ -0,0 +1,94 @@ +name: Test install Wazuh agent and manager - DEB +on: + pull_request: + paths: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + workflow_dispatch: + workflow_call: + +jobs: + + Wait-for-package-building: + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - name: Wait for the package to be built + uses: ArcticLampyrid/action-wait-for-workflow@v1.0.3 + id: wait-for-build + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-deb-packages.yml + sha: ${{ github.event.pull_request.head.sha || github.sha }} + wait-interval: 60 + + Test-install-deb-systems: + needs: Wait-for-package-building + runs-on: ubuntu-latest + strategy: + matrix: + distro_name: ['ubuntu:xenial', 'ubuntu:bionic', 'ubuntu:focal', 'ubuntu:jammy', 'debian:stretch', 'debian:buster', 'debian:bullseye'] + type: [agent, manager] + arch: [amd64, i386] + exclude: + - type: manager + arch: i386 + - distro_name: 'ubuntu:jammy' + arch: i386 + fail-fast: false + steps: + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + deb_images: + - 'debs/Debian/**' + - 'debs/build.sh' + deb_images_i386: + - 'debs/Debian/i386/**' + - 'debs/build.sh' + deb_images_amd64: + - 'debs/Debian/amd64/**' + - 'debs/build.sh' + deb_packages: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + + - name: Setup directories and variables + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: | + VERSION=$(cat $GITHUB_WORKSPACE/VERSION) + REVISION=$( echo ${{ github.head_ref }}) + echo "PACKAGE_NAME=wazuh-${{ matrix.type }}_${VERSION}-${REVISION}_${{ matrix.arch }}.deb" >> $GITHUB_ENV + + - name: Download the Wazuh ${{ matrix.type }} package for ${{ matrix.system.NAME }} + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + id: download-artifact + continue-on-error: true + uses: dawidd6/action-download-artifact@v2 + with: + workflow: build-deb-packages.yml + workflow_conclusion: success + name: ${{env.PACKAGE_NAME}} + if_no_artifact_found: fail + + - name: Move the Wazuh ${{ matrix.type }} package for ${{ matrix.distro_name }} to the packages directory + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: | + mkdir $GITHUB_WORKSPACE/packages + mv ${{env.PACKAGE_NAME}} $GITHUB_WORKSPACE/packages + + - name: Launch docker + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: sudo docker run -v $GITHUB_WORKSPACE/.github/actions/test-install-components/:/tests -v $GITHUB_WORKSPACE/packages/:/packages ${{ matrix.arch }}/${{ matrix.distro_name }} bash /tests/install_component.sh $PACKAGE_NAME ${{ matrix.type }} \ No newline at end of file diff --git a/.github/workflows/test-install-rpm.yml b/.github/workflows/test-install-rpm.yml new file mode 100644 index 0000000000..a44498a53a --- /dev/null +++ b/.github/workflows/test-install-rpm.yml @@ -0,0 +1,103 @@ +name: Test install Wazuh agent and manager - RPM +on: + pull_request: + paths: + - 'rpms/SPECS/*' + - 'rpms/generate_rpm_package.sh' + workflow_dispatch: + workflow_call: + +jobs: + Wait-for-package-building: + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - name: Wait for the package to be built + uses: ArcticLampyrid/action-wait-for-workflow@v1.0.3 + id: wait-for-build + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-rpm-packages.yml + sha: ${{ github.event.pull_request.head.sha || github.sha }} + wait-interval: 60 + + Test-install-rpm-systems: + needs: Wait-for-package-building + runs-on: ubuntu-latest + strategy: + matrix: + system: [ + {NAME: 'oraclelinux:9', ARCH: "x86_64"}, + {NAME: 'almalinux:9', ARCH: "x86_64"}, + {NAME: 'rockylinux:9', ARCH: "x86_64"}, + {NAME: 'centos:7', ARCH: "x86_64"}, + {NAME: 'centos:8', ARCH: "x86_64"}, + {NAME: 'i386/centos:7', ARCH: "i386"}, + {NAME: 'redhat/ubi8:latest', ARCH: "x86_64"}, + {NAME: 'redhat/ubi9:latest', ARCH: "x86_64"}, + {NAME: 'amazonlinux:2', ARCH: "x86_64"}, + {NAME: 'fedora:34', ARCH: "x86_64"}, + {NAME: 'centos:6.9', ARCH: "x86_64", INIT: "initd"}] + type: [agent, manager] + exclude: + - system: {ARCH: "i386"} + type: manager + - system: {INIT: "initd"} + type: manager + fail-fast: false + steps: + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + rpm_images: + - 'rpms/CentOS/**' + - 'rpms/build.sh' + rpm_images_i386: + - 'rpms/CentOS/6/i386/**' + - 'rpms/build.sh' + rpm_images_x86_64: + - 'rpms/CentOS/6/x86_64/**' + - 'rpms/build.sh' + rpm_packages: + - 'rpms/SPECS/**' + - 'rpms/generate_rpm_package.sh' + + - name: Setup directories and variables + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: | + VERSION=$(cat $GITHUB_WORKSPACE/VERSION) + REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g' ) + echo "PACKAGE_NAME=wazuh-${{ matrix.type }}-${VERSION}-${REVISION}.${{matrix.system.ARCH}}.rpm" >> $GITHUB_ENV + + - name: Download the Wazuh ${{ matrix.type }} package for ${{ matrix.system.NAME }} + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + id: download-artifact + continue-on-error: true + uses: dawidd6/action-download-artifact@v2 + with: + workflow: build-rpm-packages.yml + workflow_conclusion: success + name: ${{env.PACKAGE_NAME}} + if_no_artifact_found: fail + + - name: Move the Wazuh ${{ matrix.type }} package for ${{ matrix.system.NAME }} to the packages directory + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: | + mkdir $GITHUB_WORKSPACE/packages + mv ${{env.PACKAGE_NAME}} $GITHUB_WORKSPACE/packages + + - name: Launch docker + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: sudo docker run -v $GITHUB_WORKSPACE/.github/actions/test-install-components/:/tests -v $GITHUB_WORKSPACE/packages/:/packages ${{ matrix.system.NAME }} bash /tests/install_component.sh $PACKAGE_NAME ${{ matrix.type }} \ No newline at end of file diff --git a/.github/workflows/upload-deb-images.yml b/.github/workflows/upload-deb-images.yml new file mode 100644 index 0000000000..a0da5b8eb7 --- /dev/null +++ b/.github/workflows/upload-deb-images.yml @@ -0,0 +1,65 @@ +name: Upload package creation Docker images - DEB - amd64 and i386 +on: + pull_request: + paths: + - 'debs/Debian/**' + - 'debs/build.sh' + types: + - opened + - synchronize + - closed + workflow_dispatch: + +jobs: + Upload-deb-package-building-images: + runs-on: ubuntu-latest + strategy: + matrix: + image: [ {CONTAINER_NAME: deb_builder_amd64, DOCKERFILE_PATH: debs/Debian/amd64}, {CONTAINER_NAME: deb_builder_i386, DOCKERFILE_PATH: debs/Debian/i386}] + fail-fast: false + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + i386: + - 'debs/Debian/i386/**' + - 'debs/build.sh' + amd64: + - 'debs/Debian/amd64/**' + - 'debs/build.sh' + + - name: Copy build.sh to Dockerfile path + run: + cp $GITHUB_WORKSPACE/debs/build.sh $GITHUB_WORKSPACE/${{ matrix.image.DOCKERFILE_PATH }} + + - name: Set tag as version + run: + if [ "${{ github.event.pull_request.merged }}" == "false" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi + + - name: Build and push image ${{ matrix.image.CONTAINER_NAME }} with tag ${{ env.TAG }} to Github Container Registry + if: ( steps.changes.outputs.i386 == 'true' && matrix.image.CONTAINER_NAME == 'deb_builder_i386' ) || ( steps.changes.outputs.amd64 == 'true' && matrix.image.CONTAINER_NAME == 'deb_builder_amd64' ) + run: + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} ${{matrix.image.CONTAINER_NAME}} ${{ matrix.image.DOCKERFILE_PATH }} ${{ env.TAG }} + + Build-packages-deb: + needs: Upload-deb-package-building-images + if: github.event_name == 'pull_request' + uses: ./.github/workflows/build-deb-packages.yml + secrets: inherit + + Test-packages-deb: + needs: Build-packages-deb + if: github.event_name == 'pull_request' + uses: ./.github/workflows/test-install-and-enable-deb.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/upload-rpm-images.yml b/.github/workflows/upload-rpm-images.yml new file mode 100644 index 0000000000..c2392127da --- /dev/null +++ b/.github/workflows/upload-rpm-images.yml @@ -0,0 +1,65 @@ +name: Upload package creation Docker images - RPM - x86 and i386 +on: + pull_request: + paths: + - 'rpms/CentOS/**' + - 'rpms/build.sh' + types: + - opened + - synchronize + - closed + workflow_dispatch: + +jobs: + Upload-rpm-package-building-images: + runs-on: ubuntu-latest + strategy: + matrix: + image: [ {CONTAINER_NAME: rpm_builder_x86, DOCKERFILE_PATH: rpms/CentOS/6/x86_64}, {CONTAINER_NAME: rpm_builder_i386, DOCKERFILE_PATH: rpms/CentOS/6/i386}] + fail-fast: false + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + i386: + - 'rpms/CentOS/6/i386/**' + - 'rpms/build.sh' + x86_64: + - 'rpms/CentOS/6/x86_64/**' + - 'rpms/build.sh' + + - name: Copy build.sh to Dockerfile path + run: + cp $GITHUB_WORKSPACE/rpms/build.sh $GITHUB_WORKSPACE/${{ matrix.image.DOCKERFILE_PATH }} + + - name: Set tag as version + run: + if [ "${{ github.event.pull_request.merged }}" == "false" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi + + - name: Build and push image ${{ matrix.image.CONTAINER_NAME }} with tag ${{ env.TAG }} to Github Container Registry + if: ( steps.changes.outputs.i386 == 'true' && matrix.image.CONTAINER_NAME == 'rpm_builder_i386' ) || ( steps.changes.outputs.x86_64 == 'true' && matrix.image.CONTAINER_NAME == 'rpm_builder_x86' ) + run: + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} ${{matrix.image.CONTAINER_NAME}} ${{ matrix.image.DOCKERFILE_PATH }} ${{ env.TAG }} + + Build-packages-rpm: + needs: Upload-rpm-package-building-images + if: github.event_name == 'pull_request' + uses: ./.github/workflows/build-rpm-packages.yml + secrets: inherit + + Test-packages-rpm: + needs: Build-packages-rpm + if: github.event_name == 'pull_request' + uses: ./.github/workflows/test-install-and-enable-rpm.yml + secrets: inherit \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b69fe4f42..8863c1dd70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.5.0] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.0 + ## [v4.4.3] - https://github.com/wazuh/wazuh-packages/releases/tag/v4.4.3 diff --git a/VERSION b/VERSION index 9e3a93350d..a84947d6ff 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.4.3 +4.5.0 diff --git a/aix/SPECS/wazuh-agent-aix.spec b/aix/SPECS/wazuh-agent-aix.spec index 526ed3873a..f48aca27a5 100644 --- a/aix/SPECS/wazuh-agent-aix.spec +++ b/aix/SPECS/wazuh-agent-aix.spec @@ -1,6 +1,6 @@ # Spec file for AIX systems Name: wazuh-agent -Version: 4.4.3 +Version: 4.5.0 Release: 1 License: GPL URL: https://www.wazuh.com/ @@ -290,6 +290,8 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/* %changelog +* Fri Jun 30 2023 support - 4.5.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html * Thu May 25 2023 support - 4.4.3 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html * Mon May 08 2023 support - 4.4.2 diff --git a/debs/Debian/amd64/Dockerfile b/debs/Debian/amd64/Dockerfile index cab85b23cd..b89a783073 100644 --- a/debs/Debian/amd64/Dockerfile +++ b/debs/Debian/amd64/Dockerfile @@ -20,7 +20,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64:${LD_LIBRARY_PATH}" diff --git a/debs/Debian/arm64/Dockerfile b/debs/Debian/arm64/Dockerfile index f2d641ed3c..43f3da0a71 100644 --- a/debs/Debian/arm64/Dockerfile +++ b/debs/Debian/arm64/Dockerfile @@ -24,7 +24,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/debs/Debian/armhf/Dockerfile b/debs/Debian/armhf/Dockerfile index ae6aa76d71..e243406dc8 100644 --- a/debs/Debian/armhf/Dockerfile +++ b/debs/Debian/armhf/Dockerfile @@ -25,7 +25,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ --with-fpu=vfpv3-d16 --with-float=hard --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/debs/Debian/i386/Dockerfile b/debs/Debian/i386/Dockerfile index c43803f4bf..717926819b 100644 --- a/debs/Debian/i386/Dockerfile +++ b/debs/Debian/i386/Dockerfile @@ -23,7 +23,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ linux32 ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib:${LD_LIBRARY_PATH}" diff --git a/debs/Debian/ppc64le/Dockerfile b/debs/Debian/ppc64le/Dockerfile index 2afa693182..ea16589938 100644 --- a/debs/Debian/ppc64le/Dockerfile +++ b/debs/Debian/ppc64le/Dockerfile @@ -21,7 +21,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64:${LD_LIBRARY_PATH}" diff --git a/debs/SPECS/wazuh-agent/debian/changelog b/debs/SPECS/wazuh-agent/debian/changelog index 6797593c98..63ae22ecf0 100644 --- a/debs/SPECS/wazuh-agent/debian/changelog +++ b/debs/SPECS/wazuh-agent/debian/changelog @@ -1,3 +1,9 @@ +wazuh-agent (4.5.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html + + -- Wazuh, Inc Fri, 30 Jun 2023 11:56:07 +0000 + wazuh-agent (4.4.3-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html diff --git a/debs/SPECS/wazuh-agent/debian/postinst b/debs/SPECS/wazuh-agent/debian/postinst index d7b5538e9c..f415bbaf52 100644 --- a/debs/SPECS/wazuh-agent/debian/postinst +++ b/debs/SPECS/wazuh-agent/debian/postinst @@ -19,6 +19,10 @@ case "$1" in OSMYSHELL="/sbin/nologin" + if [ -d /run/systemd/system ]; then + rm -f /etc/init.d/wazuh-agent + fi + if [ ! -f ${OSMYSHELL} ]; then if [ -f "/bin/false" ]; then OSMYSHELL="/bin/false" diff --git a/debs/SPECS/wazuh-agent/debian/postrm b/debs/SPECS/wazuh-agent/debian/postrm index ee822e0e52..bb30d5af0a 100644 --- a/debs/SPECS/wazuh-agent/debian/postrm +++ b/debs/SPECS/wazuh-agent/debian/postrm @@ -40,10 +40,10 @@ case "$1" in purge) - if getent passwd wazuh ; then + if getent passwd wazuh >/dev/null 2>&1; then deluser wazuh > /dev/null 2>&1 fi - if getent group wazuh ; then + if getent group wazuh >/dev/null 2>&1; then delgroup wazuh > /dev/null 2>&1 fi rm -rf ${DIR}/* diff --git a/debs/SPECS/wazuh-manager/debian/changelog b/debs/SPECS/wazuh-manager/debian/changelog index 9fadc90794..777b091628 100644 --- a/debs/SPECS/wazuh-manager/debian/changelog +++ b/debs/SPECS/wazuh-manager/debian/changelog @@ -1,3 +1,8 @@ +wazuh-manager (4.5.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html + + -- Wazuh, Inc Fri, 30 Jun 2023 11:56:07 +0000 wazuh-manager (4.4.3-RELEASE) stable; urgency=low diff --git a/debs/SPECS/wazuh-manager/debian/postinst b/debs/SPECS/wazuh-manager/debian/postinst index 69166b6f54..3dfb3cf636 100644 --- a/debs/SPECS/wazuh-manager/debian/postinst +++ b/debs/SPECS/wazuh-manager/debian/postinst @@ -16,6 +16,10 @@ case "$1" in SCRIPTS_DIR="${WAZUH_GLOBAL_TMP_DIR}/manager_installation_scripts" SCA_BASE_DIR="${SCRIPTS_DIR}/sca" + if [ -d /run/systemd/system ]; then + rm -f /etc/init.d/wazuh-manager + fi + if [ ! -f ${OSMYSHELL} ]; then if [ -f "/bin/false" ]; then OSMYSHELL="/bin/false" @@ -89,8 +93,8 @@ case "$1" in rm -rf ${DIR}/backup/groups # Generation auto-signed certificate if not exists - if type openssl >/dev/null 2>&1 && [ ! -f "${DIR}/etc/sslmanager.key" ] && [ ! -f "${DIR}/etc/sslmanager.cert" ]; then - openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -subj "/C=US/ST=California/CN=Wazuh/" -keyout ${DIR}/etc/sslmanager.key -out ${DIR}/etc/sslmanager.cert 2>/dev/null + if [ ! -f "${DIR}/etc/sslmanager.key" ] && [ ! -f "${DIR}/etc/sslmanager.cert" ]; then + ${DIR}/bin/wazuh-authd -C 365 -B 2048 -S "/C=US/ST=California/CN=Wazuh/" -K ${DIR}/etc/sslmanager.key -X ${DIR}/etc/sslmanager.cert 2>/dev/null fi chmod 640 ${DIR}/etc/sslmanager.cert ${DIR}/etc/sslmanager.key > /dev/null 2>&1 || true @@ -240,17 +244,17 @@ case "$1" in # Remove old ossec user and group if exists and change ownwership of files if getent group ossec > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user root -print0 | xargs -0 chown root:wazuh > /dev/null 2>&1 || true if getent passwd ossec > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossec -exec chown ${USER}:${GROUP} {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user ossec -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true deluser ossec > /dev/null 2>&1 fi if getent passwd ossecm > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossecm -exec chown ${USER}:${GROUP} {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user ossecm -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true deluser ossecm > /dev/null 2>&1 fi if getent passwd ossecr > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossecr -exec chown ${USER}:${GROUP} {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user ossecr -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true deluser ossecr > /dev/null 2>&1 fi if getent group ossec > /dev/null 2>&1; then diff --git a/debs/build.sh b/debs/build.sh index 4291313e50..7a9090d9a8 100755 --- a/debs/build.sh +++ b/debs/build.sh @@ -125,3 +125,4 @@ if [[ "${checksum}" == "yes" ]]; then cd ${pkg_path} && sha512sum ${deb_file} > /var/local/checksum/${deb_file}.sha512 fi mv ${pkg_path}/${deb_file} /var/local/wazuh + \ No newline at end of file diff --git a/debs/generate_debian_package.sh b/debs/generate_debian_package.sh index 6195db8ebb..e3ccf969dc 100755 --- a/debs/generate_debian_package.sh +++ b/debs/generate_debian_package.sh @@ -16,6 +16,7 @@ TARGET="" JOBS="2" DEBUG="no" BUILD_DOCKER="yes" +DOCKER_TAG="latest" INSTALLATION_PATH="/var/ossec" DEB_AMD64_BUILDER="deb_builder_amd64" DEB_I386_BUILDER="deb_builder_i386" @@ -66,7 +67,7 @@ build_deb() { # Build the Docker image if [[ ${BUILD_DOCKER} == "yes" ]]; then - docker build -t ${CONTAINER_NAME} ${DOCKERFILE_PATH} || return 1 + docker build -t ${CONTAINER_NAME}:${DOCKER_TAG} ${DOCKERFILE_PATH} || return 1 fi # Build the Debian package with a Docker container @@ -74,7 +75,7 @@ build_deb() { -v ${CHECKSUMDIR}:/var/local/checksum:Z \ -v ${LOCAL_SPECS}:/specs:Z \ ${CUSTOM_CODE_VOL} \ - ${CONTAINER_NAME} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ + ${CONTAINER_NAME}:${DOCKER_TAG} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ ${REVISION} ${JOBS} ${INSTALLATION_PATH} ${DEBUG} \ ${CHECKSUM} ${PACKAGES_BRANCH} ${USE_LOCAL_SPECS} \ ${USE_LOCAL_SOURCE_CODE} ${FUTURE}|| return 1 @@ -152,6 +153,7 @@ help() { echo " -d, --debug [Optional] Build the binaries with debug symbols. By default: no." echo " -c, --checksum [Optional] Generate checksum on the desired path (by default, if no path is specified it will be generated on the same directory than the package)." echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." + echo " --tag [Optional] Tag to use with the docker image." echo " --sources [Optional] Absolute path containing wazuh source code. This option will use local source code instead of downloading it from GitHub." echo " --packages-branch [Optional] Select Git branch or tag from wazuh-packages repository. e.g master." echo " --dev [Optional] Use the SPECS files stored in the host instead of downloading them from GitHub." @@ -237,6 +239,14 @@ main() { BUILD_DOCKER="no" shift 1 ;; + "--tag") + if [ -n "$2" ]; then + DOCKER_TAG="$2" + shift 2 + else + help 1 + fi + ;; "-s"|"--store") if [ -n "$2" ]; then OUTDIR="$2" diff --git a/documentation-templates/wazuh/config.yml b/documentation-templates/wazuh/config.yml index 73b1f5d559..13cfe54586 100644 --- a/documentation-templates/wazuh/config.yml +++ b/documentation-templates/wazuh/config.yml @@ -2,27 +2,27 @@ nodes: # Wazuh indexer nodes indexer: - name: node-1 - ip: + ip: "" #- name: node-2 - # ip: + # ip: "" #- name: node-3 - # ip: + # ip: "" # Wazuh server nodes # If there is more than one Wazuh server # node, each one must have a node_type server: - name: wazuh-1 - ip: + ip: "" # node_type: master #- name: wazuh-2 - # ip: + # ip: "" # node_type: worker #- name: wazuh-3 - # ip: + # ip: "" # node_type: worker # Wazuh dashboard nodes dashboard: - name: dashboard - ip: \ No newline at end of file + ip: "" \ No newline at end of file diff --git a/hp-ux/generate_wazuh_packages.sh b/hp-ux/generate_wazuh_packages.sh index 896808cc81..caf58ddce6 100755 --- a/hp-ux/generate_wazuh_packages.sh +++ b/hp-ux/generate_wazuh_packages.sh @@ -8,9 +8,9 @@ install_path="/var/ossec" current_path=`pwd` +build_tools_path="/home/okkam" source_directory=${current_path}/wazuh-sources configuration_file="${source_directory}/etc/preloaded-vars.conf" -PATH=$PATH:/usr/local/bin target_dir="${current_path}/output" checksum_dir="" wazuh_version="" @@ -18,6 +18,12 @@ wazuh_revision="1" depot_path="" control_binary="" +# Needed variables to build Wazuh with custom GCC and cmake +PATH=${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin:${build_tools_path}/cmake_prefix_install/bin:$PATH:/usr/local/bin +LD_LIBRARY_PATH=${build_tools_path}/bootstrap-gcc/gcc94_prefix/lib +export LD_LIBRARY_PATH +CXX=${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin/g++ + build_environment() { # Resizing partitions for Site Ox boxes (used by Wazuh team) @@ -53,7 +59,6 @@ build_environment() { swinstall -s $depot \* /usr/local/bin/depothelper $fpt_connection -f curl /usr/local/bin/depothelper $fpt_connection -f unzip - /usr/local/bin/depothelper $fpt_connection -f gcc /usr/local/bin/depothelper $fpt_connection -f make /usr/local/bin/depothelper $fpt_connection -f bash /usr/local/bin/depothelper $fpt_connection -f gzip @@ -65,6 +70,24 @@ build_environment() { /usr/local/bin/depothelper $fpt_connection -f perl /usr/local/bin/depothelper $fpt_connection -f regex /usr/local/bin/depothelper $fpt_connection -f python + + # Install GCC 9.4 + mkdir ${build_tools_path} + cd ${build_tools_path} + mkdir bootstrap-gcc + cd ${build_tools_path}/bootstrap-gcc + curl -k -SO http://packages.wazuh.com/utils/gcc/gcc_9.4_HPUX_build.tar.gz + gunzip gcc_9.4_HPUX_build.tar.gz + tar -xf gcc_9.4_HPUX_build.tar + rm -f gcc_9.4_HPUX_build.tar + cp -f ${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin/gcc ${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin/cc + + # Install cmake 3.22.2 + cd ${build_tools_path} + curl -k -SO http://packages.wazuh.com/utils/cmake/cmake_3.22.2_HPUX_build.tar.gz + gunzip cmake_3.22.2_HPUX_build.tar.gz + tar -xf cmake_3.22.2_HPUX_build.tar + rm -f cmake_3.22.2_HPUX_build.tar } config() { @@ -117,6 +140,12 @@ compile() { gmake deps RESOURCES_URL=http://packages.wazuh.com/deps/${deps_version} TARGET=agent gmake TARGET=agent USE_SELINUX=no bash ${source_directory}/install.sh + # Install std libs needed to run the agent + cp -f ${build_tools_path}/bootstrap-gcc/gcc94_prefix/lib/libstdc++.so.6.28 ${install_path}/lib + cp -f ${build_tools_path}/bootstrap-gcc/gcc94_prefix/lib/libgcc_s.so.0 ${install_path}/lib + ln -s ${install_path}/lib/libstdc++.so.6.28 ${install_path}/lib/libstdc++.so.6 + ln -s ${install_path}/lib/libstdc++.so.6.28 ${install_path}/lib/libstdc++.so + ln -s ${install_path}/lib/libgcc_s.so.0 ${install_path}/lib/libgcc_s.so cd $current_path } @@ -172,6 +201,8 @@ clean() { userdel wazuh groupdel wazuh + rm -rf ${build_tools_path} + exit ${exit_code} } diff --git a/macos/generate_wazuh_packages.sh b/macos/generate_wazuh_packages.sh index af9ef12b49..be8b3c655f 100755 --- a/macos/generate_wazuh_packages.sh +++ b/macos/generate_wazuh_packages.sh @@ -37,8 +37,8 @@ trap ctrl_c INT function clean_and_exit() { exit_code=$1 - rm -f ${AGENT_PKG_FILE} ${CURRENT_PATH}/package_files/*.sh rm -rf "${SOURCES_DIRECTORY}" + rm "${CURRENT_PATH}"/specs/wazuh-agent.pkgproj-e ${CURRENT_PATH}/uninstall.sh exit ${exit_code} } @@ -386,7 +386,7 @@ function main() { CHECKSUMDIR="${DESTINATION}" fi - if [[ "$BUILD" != "no" ]]; then + if [[ "${BUILD}" != "no" ]]; then check_root build_package "${CURRENT_PATH}/uninstall.sh" diff --git a/macos/specs/wazuh-agent.pkgproj b/macos/specs/wazuh-agent.pkgproj index 276112dedf..72da7fbd31 100644 --- a/macos/specs/wazuh-agent.pkgproj +++ b/macos/specs/wazuh-agent.pkgproj @@ -812,7 +812,7 @@ USE_HFS+_COMPRESSION VERSION - 4.4.3-1 + 4.5.0-1 TYPE 0 @@ -1239,7 +1239,7 @@ NAME - wazuh-agent-4.4.3-1 + wazuh-agent-4.5.0-1 PAYLOAD_ONLY TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING diff --git a/macos/uninstall.sh b/macos/uninstall.sh index 6f894e64fb..7f344720f7 100755 --- a/macos/uninstall.sh +++ b/macos/uninstall.sh @@ -1,29 +1,29 @@ -#/bin/sh +#!/bin/sh ## Stop and remove application sudo /Library/Ossec/bin/wazuh-control stop sudo /bin/rm -r /Library/Ossec* ## stop and unload dispatcher -#sudo /bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist +/bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist # remove launchdaemons -sudo /bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist +/bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist ## remove StartupItems -sudo /bin/rm -rf /Library/StartupItems/WAZUH +/bin/rm -rf /Library/StartupItems/WAZUH ## Remove User and Groups -sudo /usr/bin/dscl . -delete "/Users/wazuh" -sudo /usr/bin/dscl . -delete "/Groups/wazuh" +/usr/bin/dscl . -delete "/Users/wazuh" +/usr/bin/dscl . -delete "/Groups/wazuh" -sudo /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent -sudo /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent-etc +/usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent +/usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent-etc # In case it was installed via Puppet pkgdmg provider if [ -e /var/db/.puppet_pkgdmg_installed_wazuh-agent ]; then - sudo rm -f /var/db/.puppet_pkgdmg_installed_wazuh-agent + rm -f /var/db/.puppet_pkgdmg_installed_wazuh-agent fi echo diff --git a/rpms/CentOS/5/i386/Dockerfile b/rpms/CentOS/5/i386/Dockerfile index 7c19499b5c..af68534de5 100644 --- a/rpms/CentOS/5/i386/Dockerfile +++ b/rpms/CentOS/5/i386/Dockerfile @@ -31,7 +31,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ linux32 ./contrib/download_prerequisites && \ linux32 ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib --disable-libsanitizer && \ linux32 make -j2 && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/rpms/CentOS/5/x86_64/Dockerfile b/rpms/CentOS/5/x86_64/Dockerfile index 01e4e65e64..2a6b2d9581 100644 --- a/rpms/CentOS/5/x86_64/Dockerfile +++ b/rpms/CentOS/5/x86_64/Dockerfile @@ -35,7 +35,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j2 && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/6/i386/CentOS-Base.repo b/rpms/CentOS/6/i386/CentOS-Base.repo index 1f492ab2b8..aac76933ec 100644 --- a/rpms/CentOS/6/i386/CentOS-Base.repo +++ b/rpms/CentOS/6/i386/CentOS-Base.repo @@ -8,7 +8,7 @@ # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # -# + [base] name=CentOS-$releasever - Base diff --git a/rpms/CentOS/6/i386/Dockerfile b/rpms/CentOS/6/i386/Dockerfile index 04cdb78fa5..289dee9946 100644 --- a/rpms/CentOS/6/i386/Dockerfile +++ b/rpms/CentOS/6/i386/Dockerfile @@ -46,7 +46,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ linux32 ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/rpms/CentOS/6/x86_64/Dockerfile b/rpms/CentOS/6/x86_64/Dockerfile index 898fb35bf9..d6968907c6 100644 --- a/rpms/CentOS/6/x86_64/Dockerfile +++ b/rpms/CentOS/6/x86_64/Dockerfile @@ -46,7 +46,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/7/aarch64/Dockerfile b/rpms/CentOS/7/aarch64/Dockerfile index cedd1811a7..1b4a6ad33d 100644 --- a/rpms/CentOS/7/aarch64/Dockerfile +++ b/rpms/CentOS/7/aarch64/Dockerfile @@ -30,7 +30,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer --disable-bootstrap && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/7/armv7hl/Dockerfile b/rpms/CentOS/7/armv7hl/Dockerfile index dc929b2005..f4e81eae0c 100644 --- a/rpms/CentOS/7/armv7hl/Dockerfile +++ b/rpms/CentOS/7/armv7hl/Dockerfile @@ -10,7 +10,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ --with-float=hard --with-fpu=vfpv3-d16 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/rpms/CentOS/7/ppc64le/Dockerfile b/rpms/CentOS/7/ppc64le/Dockerfile index 23a0620696..e588b6c2e2 100644 --- a/rpms/CentOS/7/ppc64le/Dockerfile +++ b/rpms/CentOS/7/ppc64le/Dockerfile @@ -27,7 +27,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/SPECS/wazuh-agent.spec b/rpms/SPECS/wazuh-agent.spec index f697c2937b..43c09e0eec 100644 --- a/rpms/SPECS/wazuh-agent.spec +++ b/rpms/SPECS/wazuh-agent.spec @@ -7,7 +7,7 @@ Summary: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring Name: wazuh-agent -Version: 4.4.3 +Version: 4.5.0 Release: %{_release} License: GPL Group: System Environment/Daemons @@ -244,31 +244,10 @@ if [ $1 = 1 ]; then %{_localstatedir}/packages_files/agent_installation_scripts/src/init/register_configure_agent.sh %{_localstatedir} > /dev/null || : fi -if [ -f /etc/os-release ]; then - source /etc/os-release - if [ "${NAME}" = "Red Hat Enterprise Linux" ] && [ "$((${VERSION_ID:0:1}))" -ge 9 ]; then - rm -f %{_initrddir}/wazuh-agent - fi +if [[ -d /run/systemd/system ]]; then + rm -f %{_initrddir}/wazuh-agent fi - # We create this fix for the operating system that deprecated the SySV. For now, this fix is for suse/openSUSE - sles="" - if [ -f /etc/SuSE-release ]; then - sles="suse" - elif [ -f /etc/os-release ]; then - if `grep -q "\"sles" /etc/os-release` ; then - sles="suse" - elif `grep -q -i "\"opensuse" /etc/os-release` ; then - sles="opensuse" - fi - fi - - if [ -n "$sles" ] && [ $(ps --no-headers -o comm 1) == "systemd" ]; then - if [ -f /etc/init.d/wazuh-agent ]; then - rm -f /etc/init.d/wazuh-agent - fi - fi - # Delete the installation files used to configure the agent rm -rf %{_localstatedir}/packages_files @@ -553,6 +532,7 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/lib/libsysinfo.so %attr(750, root, wazuh) %{_localstatedir}/lib/libstdc++.so.6 %attr(750, root, wazuh) %{_localstatedir}/lib/libgcc_s.so.1 +%attr(750, root, wazuh) %{_localstatedir}/lib/libfimdb.so %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic/* @@ -620,6 +600,8 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud/* %changelog +* Fri Jun 30 2023 support - 4.5.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html * Thu May 25 2023 support - 4.4.3 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html * Mon May 08 2023 support - 4.4.2 diff --git a/rpms/SPECS/wazuh-manager.spec b/rpms/SPECS/wazuh-manager.spec index d7c8904958..51bba7f9e4 100644 --- a/rpms/SPECS/wazuh-manager.spec +++ b/rpms/SPECS/wazuh-manager.spec @@ -7,7 +7,7 @@ Summary: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring Name: wazuh-manager -Version: 4.4.3 +Version: 4.5.0 Release: %{_release} License: GPL Group: System Environment/Daemons @@ -87,9 +87,9 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/.ssh # Copy the installed files into RPM_BUILD_ROOT directory cp -pr %{_localstatedir}/* ${RPM_BUILD_ROOT}%{_localstatedir}/ -mkdir -p ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/ossec-hids-rh.init install -m 0755 src/init/templates/ossec-hids-rh.init ${RPM_BUILD_ROOT}%{_initrddir}/wazuh-manager +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/wazuh-manager.service install -m 0644 src/init/templates/wazuh-manager.service ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ @@ -317,34 +317,13 @@ if [ $1 = 1 ]; then %{_localstatedir}/packages_files/manager_installation_scripts/add_localfiles.sh %{_localstatedir} >> %{_localstatedir}/etc/ossec.conf fi - # We create this fix for the operating system that decraped the SySV. For now, this fix is for suse/openSUSE - sles="" - if [ -f /etc/SuSE-release ]; then - sles="suse" - elif [ -f /etc/os-release ]; then - if `grep -q "\"sles" /etc/os-release` ; then - sles="suse" - elif `grep -q -i "\"opensuse" /etc/os-release` ; then - sles="opensuse" - fi - fi - - if [ -n "$sles" ] && [ $(ps --no-headers -o comm 1) == "systemd" ]; then - if [ -f /etc/init.d/wazuh-manager ]; then - rm -f /etc/init.d/wazuh-manager - fi - fi - -if [ -f /etc/os-release ]; then - source /etc/os-release - if [ "${NAME}" = "Red Hat Enterprise Linux" ] && [ "$((${VERSION_ID:0:1}))" -ge 9 ]; then - rm -f %{_initrddir}/wazuh-manager - fi +if [[ -d /run/systemd/system ]]; then + rm -f %{_initrddir}/wazuh-manager fi # Generation auto-signed certificate if not exists -if type openssl >/dev/null 2>&1 && [ ! -f "%{_localstatedir}/etc/sslmanager.key" ] && [ ! -f "%{_localstatedir}/etc/sslmanager.cert" ]; then - openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -subj "/C=US/ST=California/CN=Wazuh/" -keyout %{_localstatedir}/etc/sslmanager.key -out %{_localstatedir}/etc/sslmanager.cert 2>/dev/null +if [ ! -f "%{_localstatedir}/etc/sslmanager.key" ] && [ ! -f "%{_localstatedir}/etc/sslmanager.cert" ]; then + %{_localstatedir}/bin/wazuh-authd -C 365 -B 2048 -S "/C=US/ST=California/CN=Wazuh/" -K %{_localstatedir}/etc/sslmanager.key -X %{_localstatedir}/etc/sslmanager.cert 2>/dev/null chmod 640 %{_localstatedir}/etc/sslmanager.key chmod 640 %{_localstatedir}/etc/sslmanager.cert fi @@ -456,17 +435,17 @@ rm -f %{_localstatedir}/etc/shared/default/*.rpmnew # Remove old ossec user and group if exists and change ownwership of files if getent group ossec > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user root -print0 | xargs -0 chown root:wazuh > /dev/null 2>&1 || true if getent passwd ossec > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user ossec -print0 | xargs -0 chown wazuh:wazuh > /dev/null 2>&1 || true userdel ossec > /dev/null 2>&1 fi if getent passwd ossecm > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossecm -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user ossecm -print0 | xargs -0 chown wazuh:wazuh > /dev/null 2>&1 || true userdel ossecm > /dev/null 2>&1 fi if getent passwd ossecr > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossecr -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user ossecr -print0 | xargs -0 chown wazuh:wazuh > /dev/null 2>&1 || true userdel ossecr > /dev/null 2>&1 fi if getent group ossec > /dev/null 2>&1; then @@ -635,6 +614,7 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/bin/wazuh-clusterd %attr(750, root, root) %{_localstatedir}/bin/wazuh-db %attr(750, root, root) %{_localstatedir}/bin/wazuh-modulesd +%attr(750, root, root) %{_localstatedir}/bin/rbac_control %dir %attr(770, wazuh, wazuh) %{_localstatedir}/etc %attr(660, root, wazuh) %config(noreplace) %{_localstatedir}/etc/ossec.conf %attr(640, root, wazuh) %config(noreplace) %{_localstatedir}/etc/client.keys @@ -680,6 +660,7 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/lib/libjemalloc.so.2 %attr(750, root, wazuh) %{_localstatedir}/lib/libstdc++.so.6 %attr(750, root, wazuh) %{_localstatedir}/lib/libgcc_s.so.1 +%attr(750, root, wazuh) %{_localstatedir}/lib/libfimdb.so %{_localstatedir}/lib/libpython3.9.so.1.0 %dir %attr(770, wazuh, wazuh) %{_localstatedir}/logs %attr(660, wazuh, wazuh) %ghost %{_localstatedir}/logs/active-responses.log @@ -842,6 +823,8 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud/* %changelog +* Fri Jun 30 2023 support - 4.5.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html * Thu May 25 2023 support - 4.4.3 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html * Mon May 08 2023 support - 4.4.2 diff --git a/rpms/build.sh b/rpms/build.sh index b6006f30af..036d941e0f 100755 --- a/rpms/build.sh +++ b/rpms/build.sh @@ -129,3 +129,4 @@ if [[ "${src}" == "yes" ]]; then fi find ${extract_path} -maxdepth 3 -type f -name "${file_name}*" -exec mv {} /var/local/wazuh \; + \ No newline at end of file diff --git a/rpms/generate_rpm_package.sh b/rpms/generate_rpm_package.sh index 89d57977dd..9371dec599 100755 --- a/rpms/generate_rpm_package.sh +++ b/rpms/generate_rpm_package.sh @@ -19,6 +19,7 @@ TARGET="" JOBS="2" DEBUG="no" BUILD_DOCKER="yes" +DOCKER_TAG="latest" USER_PATH="no" SRC="no" RPM_AARCH64_BUILDER="rpm_builder_aarch64" @@ -86,7 +87,7 @@ build_rpm() { # Build the Docker image if [[ ${BUILD_DOCKER} == "yes" ]]; then - docker build -t ${CONTAINER_NAME} ${DOCKERFILE_PATH} || return 1 + docker build -t ${CONTAINER_NAME}:${DOCKER_TAG} ${DOCKERFILE_PATH} || return 1 fi # Build the RPM package with a Docker container @@ -94,7 +95,7 @@ build_rpm() { -v ${CHECKSUMDIR}:/var/local/checksum:Z \ -v ${LOCAL_SPECS}:/specs:Z \ ${CUSTOM_CODE_VOL} \ - ${CONTAINER_NAME} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ + ${CONTAINER_NAME}:${DOCKER_TAG} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ ${JOBS} ${REVISION} ${INSTALLATION_PATH} ${DEBUG} \ ${CHECKSUM} ${PACKAGES_BRANCH} ${USE_LOCAL_SPECS} ${SRC} \ ${LEGACY} ${USE_LOCAL_SOURCE_CODE} ${FUTURE}|| return 1 @@ -181,6 +182,7 @@ help() { echo " -d, --debug [Optional] Build the binaries with debug symbols and create debuginfo packages. By default: no." echo " -c, --checksum [Optional] Generate checksum on the desired path (by default, if no path is specified it will be generated on the same directory than the package)." echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." + echo " --tag [Optional] Tag to use with the docker image." echo " --sources [Optional] Absolute path containing wazuh source code. This option will use local source code instead of downloading it from GitHub." echo " --packages-branch [Optional] Select Git branch or tag from wazuh-packages repository. e.g ${PACKAGES_BRANCH}" echo " --dev [Optional] Use the SPECS files stored in the host instead of downloading them from GitHub." @@ -261,6 +263,14 @@ main() { BUILD_DOCKER="no" shift 1 ;; + "--tag") + if [ -n "$2" ]; then + DOCKER_TAG="$2" + shift 2 + else + help 1 + fi + ;; "-c"|"--checksum") if [ -n "$2" ]; then CHECKSUMDIR="$2" diff --git a/solaris/solaris10/pkginfo b/solaris/solaris10/pkginfo index 2f87f5b22e..72efb9ed67 100644 --- a/solaris/solaris10/pkginfo +++ b/solaris/solaris10/pkginfo @@ -1,11 +1,11 @@ NAME=Wazuh - Wazuh unifies historically separate functions into a single agent and platform architecture. Providing protection for public clouds, private clouds, and on-premise data centers. PKG="wazuh-agent" -VERSION="4.4.3" +VERSION="4.5.0" ARCH="i386" CLASSES="none" CATEGORY="system" VENDOR="Wazuh, Inc " -PSTAMP="25May2023" +PSTAMP="30Jun2023" EMAIL="info@wazuh.com" ISTATES="S s 1 2 3" RSTATES="S s 1 2 3" diff --git a/solaris/solaris11/SPECS/template_agent.json b/solaris/solaris11/SPECS/template_agent.json index ec6b503f6e..81bc2c8fd0 100644 --- a/solaris/solaris11/SPECS/template_agent.json +++ b/solaris/solaris11/SPECS/template_agent.json @@ -679,6 +679,14 @@ "type": "file", "user": "root" }, + "/var/ossec/lib/libfimdb.so": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, "/var/ossec/lib/libsysinfo.so": { "class": "static", "group": "wazuh", diff --git a/stack/dashboard/base/builder.sh b/stack/dashboard/base/builder.sh index 9180c092ea..c88304df48 100755 --- a/stack/dashboard/base/builder.sh +++ b/stack/dashboard/base/builder.sh @@ -65,6 +65,9 @@ cd /opt curl -sL https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/"${opensearch_version}"/opensearch-dashboards-"${opensearch_version}"-linux-${architecture}.tar.gz | tar xz +pip3 install pathfix.py +/usr/bin/pathfix.py -pni "/usr/bin/python3 -s" opensearch-dashboards-"${opensearch_version}" > /dev/null 2>&1 + # Remove unnecessary files and set up configuration mv opensearch-dashboards-* "${base_dir}" cd "${base_dir}" @@ -143,6 +146,7 @@ sed -i 's|DEFAULT_MARK="opensearch_mark_default_mode.svg"|DEFAULT_MARK="home.svg sed -i 's|DEFAULT_DARK_MARK="opensearch_mark_dark_mode.svg"|DEFAULT_DARK_MARK="home_dark_mode.svg"|g' ./plugins/securityDashboards/target/public/securityDashboards.plugin.js gzip -c ./plugins/securityDashboards/target/public/securityDashboards.plugin.js > ./plugins/securityDashboards/target/public/securityDashboards.plugin.js.gz brotli -c ./plugins/securityDashboards/target/public/securityDashboards.plugin.js > ./plugins/securityDashboards/target/public/securityDashboards.plugin.js.br + # Generate compressed files gzip -c ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js > ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js.gz brotli -c ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js > ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js.br diff --git a/stack/dashboard/base/docker/Dockerfile b/stack/dashboard/base/docker/Dockerfile index f1c74650d2..184d894e16 100644 --- a/stack/dashboard/base/docker/Dockerfile +++ b/stack/dashboard/base/docker/Dockerfile @@ -16,6 +16,8 @@ RUN yum install -y \ autoconf \ automake \ libtool \ + python3-devel \ + python3-pip \ jq \ unzip diff --git a/stack/dashboard/base/files/etc/opensearch_dashboards.yml b/stack/dashboard/base/files/etc/opensearch_dashboards.yml index ccdac621c6..5d7c2d0bdd 100644 --- a/stack/dashboard/base/files/etc/opensearch_dashboards.yml +++ b/stack/dashboard/base/files/etc/opensearch_dashboards.yml @@ -4,7 +4,7 @@ opensearch.hosts: https://localhost:9200 opensearch.ssl.verificationMode: certificate #opensearch.username: #opensearch.password: -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true diff --git a/stack/dashboard/deb/debian/changelog b/stack/dashboard/deb/debian/changelog index 22ba2005d1..f245097dbb 100644 --- a/stack/dashboard/deb/debian/changelog +++ b/stack/dashboard/deb/debian/changelog @@ -1,3 +1,9 @@ +wazuh-dashboard (VERSION-RELEASE) unstable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html + + -- Wazuh, Inc Fri, 30 Jun 2023 12:31:50 +0000 + wazuh-dashboard (4.4.3-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html @@ -22,68 +28,74 @@ wazuh-dashboard (4.4.0-RELEASE) stable; urgency=low -- Wazuh, Inc Wed, 18 Jan 2023 12:31:50 +0000 -wazuh-dashboard (4.3.10-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.10-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-10.html -- Wazuh, Inc Thu, 10 Nov 2022 15:00:00 +0000 -wazuh-dashboard (4.3.9-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.9-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-9.html -- Wazuh, Inc Mon, 03 Oct 2022 15:00:00 +0000 -wazuh-dashboard (4.3.8-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.8-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-8.html -- Wazuh, Inc Mon, 19 Sep 2022 15:00:00 +0000 -wazuh-dashboard (4.3.7-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.7-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-7.html -- Wazuh, Inc Mon, 08 Aug 2022 15:00:00 +0000 -wazuh-dashboard (4.3.6-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.6-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html -- Wazuh, Inc Thu, 07 Jul 2022 15:00:00 +0000 -wazuh-dashboard (4.3.5-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.5-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-5.html -- Wazuh, Inc Wed, 29 Jun 2022 15:00:00 +0000 -wazuh-dashboard (4.3.4-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.4-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-4.html -- Wazuh, Inc Tue, 07 Jun 2022 15:41:39 +0000 -wazuh-dashboard (4.3.3-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.3-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-3.html -- Wazuh, Inc Tue, 31 May 2022 15:41:39 +0000 -wazuh-dashboard (4.3.2-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.2-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-2.html -- Wazuh, Inc Mon, 30 May 2022 15:41:39 +0000 -wazuh-dashboard (4.3.1-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.1-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html -- Wazuh, Inc Wed, 18 May 2022 12:14:41 +0000 -wazuh-dashboard (4.3.0-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.0-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html -- Wazuh, Inc Thu, 05 May 2022 12:15:57 +0000 + +wazuh-dashboard (4.2.5-1) UNRELEASED; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/ + + -- Wazuh, Inc Mon, 15 Nov 2021 16:47:07 +0000 diff --git a/stack/dashboard/rpm/builder.sh b/stack/dashboard/rpm/builder.sh index ee16f0a797..c4b9e2a652 100755 --- a/stack/dashboard/rpm/builder.sh +++ b/stack/dashboard/rpm/builder.sh @@ -59,7 +59,6 @@ mkdir -p ${rpm_build_dir}/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} pkg_name=${target}-${version} mkdir ${build_dir}/${pkg_name} - # Including spec file if [ "${reference}" ];then curl -sL https://github.com/wazuh/wazuh-packages/tarball/${reference} | tar zx @@ -69,7 +68,6 @@ else cp /root/stack/dashboard/rpm/${target}.spec ${rpm_build_dir}/SPECS/${pkg_name}.spec fi - # Generating source tar.gz cd ${build_dir} && tar czf "${rpm_build_dir}/SOURCES/${pkg_name}.tar.gz" "${pkg_name}" diff --git a/stack/dashboard/rpm/docker/x86_64/Dockerfile b/stack/dashboard/rpm/docker/x86_64/Dockerfile index a41bd3c320..5d87b62269 100644 --- a/stack/dashboard/rpm/docker/x86_64/Dockerfile +++ b/stack/dashboard/rpm/docker/x86_64/Dockerfile @@ -1,4 +1,4 @@ -FROM centos:7 +FROM rockylinux:8.5 # Install all the necessary tools to build the packages RUN yum clean all && yum update -y @@ -18,4 +18,4 @@ ADD builder.sh /usr/local/bin/builder RUN chmod +x /usr/local/bin/builder # Set the entrypoint -ENTRYPOINT ["/usr/local/bin/builder"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/builder"] diff --git a/stack/dashboard/rpm/wazuh-dashboard.spec b/stack/dashboard/rpm/wazuh-dashboard.spec index 0363592e34..5cd303f881 100644 --- a/stack/dashboard/rpm/wazuh-dashboard.spec +++ b/stack/dashboard/rpm/wazuh-dashboard.spec @@ -31,6 +31,8 @@ ExclusiveOS: linux %global PID_DIR /run/%{name} %global INSTALL_DIR /usr/share/%{name} %global DASHBOARD_FILE wazuh-dashboard-base-%{version}-%{release}-linux-x64.tar.xz +%define _source_payload w9.gzdio +%define _binary_payload w9.gzdio # ----------------------------------------------------------------------------- @@ -397,6 +399,8 @@ rm -fr %{buildroot} %attr(640, root, root) "/etc/systemd/system/wazuh-dashboard.service" %changelog +* Fri Jun 30 2023 support - %{version} +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html * Thu May 25 2023 support - 4.4.3 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html * Mon Apr 24 2023 support - 4.4.2 diff --git a/stack/indexer/deb/debian/changelog b/stack/indexer/deb/debian/changelog index cfa3367729..f72e27c60a 100644 --- a/stack/indexer/deb/debian/changelog +++ b/stack/indexer/deb/debian/changelog @@ -1,9 +1,15 @@ +wazuh-indexer (VERSION-RELEASE) unstable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5.0.html + + -- Wazuh, Inc Fri, 30 Jun 2023 12:31:50 +0000 + wazuh-indexer (4.4.3-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html -- Wazuh, Inc Thu, 25 May 2023 12:31:50 +0000 - + wazuh-indexer (4.4.2-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-2.html @@ -22,68 +28,74 @@ wazuh-indexer (4.4.0-RELEASE) stable; urgency=low -- Wazuh, Inc Wed, 18 Jan 2023 12:31:50 +0000 -wazuh-indexer (4.3.10-RELEASE) stable; urgency=low +wazuh-indexer (4.3.10-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-10.html -- Wazuh, Inc Thu, 10 Nov 2022 15:00:00 +0000 -wazuh-indexer (4.3.9-RELEASE) stable; urgency=low +wazuh-indexer (4.3.9-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-9.html -- Wazuh, Inc Mon, 03 Oct 2022 15:00:00 +0000 -wazuh-indexer (4.3.8-RELEASE) stable; urgency=low +wazuh-indexer (4.3.8-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-8.html -- Wazuh, Inc Mon, 19 Sep 2022 15:00:00 +0000 -wazuh-indexer (4.3.7-RELEASE) stable; urgency=low +wazuh-indexer (4.3.7-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-7.html -- Wazuh, Inc Mon, 08 Aug 2022 15:00:00 +0000 -wazuh-indexer (4.3.6-RELEASE) stable; urgency=low +wazuh-indexer (4.3.6-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html -- Wazuh, Inc Thu, 07 Jul 2022 15:00:00 +0000 -wazuh-indexer (4.3.5-RELEASE) stable; urgency=low +wazuh-indexer (4.3.5-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-5.html -- Wazuh, Inc Wed, 29 Jun 2022 15:00:00 +0000 -wazuh-indexer (4.3.4-RELEASE) stable; urgency=low +wazuh-indexer (4.3.4-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-4.html -- Wazuh, Inc Tue, 07 Jun 2022 15:41:39 +0000 -wazuh-indexer (4.3.3-RELEASE) stable; urgency=low +wazuh-indexer (4.3.3-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-3.html -- Wazuh, Inc Tue, 31 May 2022 15:41:39 +0000 -wazuh-indexer (4.3.2-RELEASE) stable; urgency=low +wazuh-indexer (4.3.2-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-2.html -- Wazuh, Inc Mon, 30 May 2022 15:41:39 +0000 -wazuh-indexer (4.3.1-RELEASE) stable; urgency=low +wazuh-indexer (4.3.1-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html -- Wazuh, Inc Wed, 18 May 2022 12:14:41 +0000 -wazuh-indexer (4.3.0-RELEASE) stable; urgency=low +wazuh-indexer (4.3.0-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html -- Wazuh, Inc Thu, 05 May 2022 12:15:57 +0000 + + wazuh-indexer (4.2.5-1) UNRELEASED; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/ + + -- Wazuh, Inc Mon, 15 Nov 2021 16:47:07 +0000 diff --git a/stack/indexer/deb/debian/postinst b/stack/indexer/deb/debian/postinst index 0ce951f7bf..0972bec1d9 100644 --- a/stack/indexer/deb/debian/postinst +++ b/stack/indexer/deb/debian/postinst @@ -35,6 +35,10 @@ fi export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-${CONFIG_DIR}} +if [ -d /run/systemd/system ]; then + rm -f /etc/init.d/wazuh-indexer +fi + # To pick up /usr/lib/sysctl.d/wazuh-indexer.conf if command -v systemctl > /dev/null 2>&1; then systemctl restart systemd-sysctl.service > /dev/null 2>&1 || true diff --git a/stack/indexer/deb/debian/prerm b/stack/indexer/deb/debian/prerm index 8004e9a316..863ddabea2 100644 --- a/stack/indexer/deb/debian/prerm +++ b/stack/indexer/deb/debian/prerm @@ -69,7 +69,7 @@ if [ "$STOP_REQUIRED" = "true" ]; then elif [ -x /etc/rc.d/init.d/wazuh-indexer ] ; then /etc/rc.d/init.d/wazuh-indexer stop > /dev/null 2>&1 else # Anything else - kill -15 `pgrep -f opensearch` > /dev/null 2>&1 + kill -15 `pgrep -f opensearch` > /dev/null 2>&1 || true fi echo " OK" fi @@ -87,4 +87,3 @@ if [ "$REMOVE_SERVICE" = "true" ]; then update-rc.d wazuh-indexer remove >/dev/null || true fi fi - diff --git a/stack/indexer/rpm/build_package.sh b/stack/indexer/rpm/build_package.sh index d6adf0c399..cc8bf9bb7b 100755 --- a/stack/indexer/rpm/build_package.sh +++ b/stack/indexer/rpm/build_package.sh @@ -8,8 +8,6 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -set -ex - current_path="$( cd $(dirname $0) ; pwd -P )" architecture="x86_64" outdir="${current_path}/output" @@ -170,6 +168,8 @@ main() { esac done + set -ex + build || clean 1 clean 0 diff --git a/stack/indexer/rpm/wazuh-indexer.spec b/stack/indexer/rpm/wazuh-indexer.spec index 4e9220c69f..003edf1b49 100755 --- a/stack/indexer/rpm/wazuh-indexer.spec +++ b/stack/indexer/rpm/wazuh-indexer.spec @@ -163,11 +163,21 @@ if [ $1 = 1 ];then # Install fi -if [ -f /etc/os-release ]; then - source /etc/os-release - if [ "${NAME}" = "Red Hat Enterprise Linux" ] && [ "$((${VERSION_ID:0:1}))" -ge 9 ]; then + +if [[ -d /run/systemd/system ]] ; then rm -f /etc/init.d/%{name} - fi +fi + +# If is an upgrade, move the securityconfig files if they exist (4.3.x versions) +if [ ${1} = 2 ]; then + if [ -d "%{INSTALL_DIR}"/plugins/opensearch-security/securityconfig ]; then + + if [ ! -d "%{CONFIG_DIR}"/opensearch-security ]; then + mkdir "%{CONFIG_DIR}"/opensearch-security + fi + + cp -r "%{INSTALL_DIR}"/plugins/opensearch-security/securityconfig/* "%{CONFIG_DIR}"/opensearch-security + fi fi # If is an upgrade, move the securityconfig files if they exist (4.3.x versions) @@ -1384,6 +1394,8 @@ rm -fr %{buildroot} %attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/security/blocked.certs %changelog +* Fri Jun 30 2023 support - %{version} +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html * Thu May 25 2023 support - 4.4.3 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html * Mon Apr 24 2023 support - 4.4.2 diff --git a/tests/unattended/install/test_unattended.py b/tests/unattended/install/test_unattended.py index afa2671c31..b803760b96 100644 --- a/tests/unattended/install/test_unattended.py +++ b/tests/unattended/install/test_unattended.py @@ -232,7 +232,7 @@ def test_check_cluster_log_errors(): with open('/var/ossec/logs/cluster.log', 'r') as f: for line in f.readlines(): if 'ERROR' in line: - if 'Could not connect to master' not in line and 'Worker node is not connected to master' not in line and 'Connection reset by peer' not in line: + if 'Could not connect to master' not in line and 'Worker node is not connected to master' not in line and 'Connection reset by peer' not in line and "Error sending sendsync response to local client: Error 3020 - Timeout sending" not in line: found_error = True break assert found_error == False, line diff --git a/tests/unattended/unit/suites/test-common.sh b/tests/unattended/unit/suites/test-common.sh index 0517c7730a..a25a62a53d 100644 --- a/tests/unattended/unit/suites/test-common.sh +++ b/tests/unattended/unit/suites/test-common.sh @@ -61,7 +61,7 @@ test-04-common_checkInstalled-all-installed-yum() { @mocktrue yum list installed - @mock grep wazuh-manager === @echo wazuh-manager.x86_64 4.4.3-1 @wazuh + @mock grep wazuh-manager === @echo wazuh-manager.x86_64 4.5.0-1 @wazuh @mkdir /var/ossec @mock grep wazuh-indexer === @echo wazuh-indexer.x86_64 1.13.2-1 @wazuh @@ -105,7 +105,7 @@ test-04-common_checkInstalled-all-installed-yum() { } test-05-common_checkInstalled-all-installed-yum-assert() { - @echo "wazuh-manager.x86_64 4.4.3-1 @wazuh" + @echo "wazuh-manager.x86_64 4.5.0-1 @wazuh" @echo 1 @echo "wazuh-indexer.x86_64 1.13.2-1 @wazuh" diff --git a/tests/unattended/unit/suites/test-dashboard.sh b/tests/unattended/unit/suites/test-dashboard.sh index c9f4939b48..37e99c0646 100644 --- a/tests/unattended/unit/suites/test-dashboard.sh +++ b/tests/unattended/unit/suites/test-dashboard.sh @@ -6,7 +6,7 @@ source "${base_dir}"/bach.sh @setup-test { @ignore common_logger k_certs_path="/etc/wazuh-dashboard/certs/" - wazuh_version="4.4.3" + wazuh_version="4.5.0" elasticsearch_oss_version="7.10.2" wazuh_kibana_plugin_revision="1" repobaseurl="https://packages.wazuh.com/4.x" diff --git a/unattended_installer/builder.sh b/unattended_installer/builder.sh index e330a54167..a916a41a9f 100755 --- a/unattended_installer/builder.sh +++ b/unattended_installer/builder.sh @@ -9,14 +9,14 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -readonly base_path="$(dirname "$(readlink -f "$0")")" -readonly resources_installer="${base_path}/install_functions" -readonly resources_config="${base_path}/config" -readonly resources_certs="${base_path}/cert_tool" -readonly resources_passwords="${base_path}/passwords_tool" -readonly resources_common="${base_path}/common_functions" -readonly resources_download="${base_path}/downloader" -readonly source_branch="4.4" +readonly base_path_builder="$(dirname "$(readlink -f "$0")")" +readonly resources_installer="${base_path_builder}/install_functions" +readonly resources_config="${base_path_builder}/config" +readonly resources_certs="${base_path_builder}/cert_tool" +readonly resources_passwords="${base_path_builder}/passwords_tool" +readonly resources_common="${base_path_builder}/common_functions" +readonly resources_download="${base_path_builder}/downloader" +readonly source_branch="4.5" function getHelp() { @@ -32,13 +32,13 @@ function getHelp() { echo -e " Builds the unattended installer single file wazuh-install.sh" echo -e "" echo -e " -c, --cert-tool" - echo -e " Builds the certificate creation tool cert-tool.sh" + echo -e " Builds the certificate creation tool wazuh-cert-tool.sh" echo -e "" echo -e " -d [pre-release|staging], --development" echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." echo -e "" echo -e " -p, --password-tool" - echo -e " Builds the password creation and modification tool password-tool.sh" + echo -e " Builds the password creation and modification tool wazuh-password-tool.sh" echo -e "" echo -e " -h, --help" echo -e " Shows help." @@ -47,7 +47,11 @@ function getHelp() { } function buildInstaller() { - output_script_path="${base_path}/wazuh-install.sh" + + checkDistDetectURL + checkFilebeatURL + + output_script_path="${base_path_builder}/wazuh-install.sh" ## Create installer script echo -n > "${output_script_path}" @@ -82,9 +86,10 @@ function buildInstaller() { echo 'readonly repository="4.x"' >> "${output_script_path}" fi echo >> "${output_script_path}" + grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' ${resources_installer}/installVariables.sh >> "${output_script_path}" echo >> "${output_script_path}" - + ## Configuration files as variables configuration_files=($(find "${resources_config}" -type f)) config_file_name=($(eval "echo "${configuration_files[@]}" | sed 's|${resources_config}||g;s|/|_|g;s|.yml||g'")) @@ -131,7 +136,7 @@ function buildInstaller() { } function buildPasswordsTool() { - output_script_path="${base_path}/wazuh-passwords-tool.sh" + output_script_path="${base_path_builder}/wazuh-passwords-tool.sh" ## Create installer script echo -n > "${output_script_path}" @@ -147,7 +152,8 @@ function buildPasswordsTool() { # License (version 2) as published by the FSF - Free Software # Foundation." >> "${output_script_path}" - ## Passwords tool variables + ## Common and Passwords tool variables + grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' "${resources_passwords}/passwordsVariables.sh" >> "${output_script_path}" echo >> "${output_script_path}" @@ -171,7 +177,7 @@ function buildPasswordsTool() { } function buildCertsTool() { - output_script_path="${base_path}/wazuh-certs-tool.sh" + output_script_path="${base_path_builder}/wazuh-certs-tool.sh" ## Create installer script echo -n > "${output_script_path}" @@ -187,7 +193,8 @@ function buildCertsTool() { # License (version 2) as published by the FSF - Free Software # Foundation." >> "${output_script_path}" - ## Certs tool variables + ## Common and Certs tool variables + grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' "${resources_certs}/certVariables.sh" >> "${output_script_path}" echo >> "${output_script_path}" @@ -255,6 +262,9 @@ function builder_main() { if [ -n "${installer}" ]; then buildInstaller chmod 500 ${output_script_path} + if [ -n "${change_filebeat_url}" ]; then + sed -i -E "s|(https.+)master(.+wazuh-template.json)|\1\\$\\{wazuh_major\\}\2|" "${resources_installer}/installVariables.sh" + fi fi if [ -n "${passwordsTool}" ]; then @@ -268,4 +278,46 @@ function builder_main() { fi } +function checkDistDetectURL() { + + retries=0 + eval "curl -s -o /dev/null 'https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/src/init/dist-detect.sh' --retry 5 --retry-delay 5 --max-time 300 --fail" + e_code="${PIPESTATUS[0]}" + while [ "${e_code}" -eq 7 ] && [ "${retries}" -ne 12 ]; do + retries=$((retries+1)) + sleep 5 + eval "curl -s -o /dev/null 'https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/src/init/dist-detect.sh' --fail" + e_code="${PIPESTATUS[0]}" + done + + if [[ "${retries}" -eq 12 ]] || [[ "${e_code}" -ne 0 ]]; then + echo -e "Error: Could not get the dist-detect file." + exit 1 + fi + +} + +function checkFilebeatURL() { + + # Import variables + eval "$(grep -E "filebeat_wazuh_template=" "${resources_installer}/installVariables.sh")" + new_filebeat_url="https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json" + + # Get the response of the URL and check it + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) + if [ "${response}" != "200" ]; then + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) + + # Display error if both URLs do not get the resource + if [ "${response}" != "200" ]; then + echo -e "Error: Could not get the Filebeat Wazuh template. " + # If matches, replace the variable of installVariables to the new one + else + echo -e "Changing Filebeat URL..." + sed -i -E "s|filebeat_wazuh_template=.*|filebeat_wazuh_template=\"${new_filebeat_url}\"|g" "${resources_installer}/installVariables.sh" + change_filebeat_url=1 + fi + fi +} + builder_main "$@" diff --git a/unattended_installer/cert_tool/certMain.sh b/unattended_installer/cert_tool/certMain.sh index 62186cb039..f10d5a5ac0 100644 --- a/unattended_installer/cert_tool/certMain.sh +++ b/unattended_installer/cert_tool/certMain.sh @@ -20,7 +20,7 @@ function getHelp() { echo -e " Creates the admin certificates, add root-ca.pem and root-ca.key." echo -e "" echo -e " -A, --all " - echo -e " Creates certificates specified in config.yml and admin certificates. Add a root-ca.pem and root-ca.key or leave it empty so a new one will be created." + echo -e " Creates Wazuh server, Wazuh indexer, Wazuh dashboard, and admin certificates. Add a root-ca.pem and root-ca.key or leave it empty so a new one will be created." echo -e "" echo -e " -ca, --root-ca-certificates" echo -e " Creates the root-ca certificates." @@ -186,21 +186,26 @@ function main() { fi if [[ -n "${all}" ]]; then - cert_checkRootCA - cert_generateAdmincertificate - common_logger "Admin certificates created." - if cert_generateIndexercertificates; then - common_logger "Wazuh indexer certificates created." - fi - if cert_generateFilebeatcertificates; then - common_logger "Wazuh server certificates created." - fi - if cert_generateDashboardcertificates; then - common_logger "Wazuh dashboard certificates created." + if [[ ${#indexer_node_names[@]} -gt 0 ]] && [[ ${#server_node_names[@]} -gt 0 ]] && [[ ${#dashboard_node_names[@]} -gt 0 ]]; then + cert_checkRootCA + cert_generateAdmincertificate + common_logger "Admin certificates created." + if cert_generateIndexercertificates; then + common_logger "Wazuh indexer certificates created." + fi + if cert_generateFilebeatcertificates; then + common_logger "Wazuh server certificates created." + fi + if cert_generateDashboardcertificates; then + common_logger "Wazuh dashboard certificates created." + fi + cert_cleanFiles + cert_setpermisions + eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}" + else + common_logger -e "You must specify at least one indexer, one server and one dashboard node." + exit 1 fi - cert_cleanFiles - cert_setpermisions - eval "mv ${cert_tmp_path} ${base_path}/wazuh-certificates ${debug}" fi if [[ -n "${ca}" ]]; then diff --git a/unattended_installer/common_functions/common.sh b/unattended_installer/common_functions/common.sh index 26b5556afd..7be078bb1a 100644 --- a/unattended_installer/common_functions/common.sh +++ b/unattended_installer/common_functions/common.sh @@ -118,7 +118,7 @@ function common_checkSystem() { sys_type="apt-get" sep="=" else - common_logger -e "Couldn'd find type of system" + common_logger -e "Couldn't find type of system" exit 1 fi @@ -134,21 +134,42 @@ function common_checkWazuhConfigYaml() { } +# Retries even if the --retry-connrefused is not available +function common_curl() { + + if [ -n "${curl_has_connrefused}" ]; then + eval "curl $@ --retry-connrefused" + e_code="${PIPESTATUS[0]}" + else + retries=0 + eval "curl $@" + e_code="${PIPESTATUS[0]}" + while [ "${e_code}" -eq 7 ] && [ "${retries}" -ne 12 ]; do + retries=$((retries+1)) + sleep 5 + eval "curl $@" + e_code="${PIPESTATUS[0]}" + done + fi + return "${e_code}" + +} + function common_remove_gpg_key() { - + if [ "${sys_type}" == "yum" ]; then if { rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep "Wazuh"; } >/dev/null ; then key=$(rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep "Wazuh Signing Key" | awk '{print $1}' ) rpm -e "${key}" else - common_logger "Wazuh GPG key was not found in the system." + common_logger "Wazuh GPG key not found in the system" return 1 fi elif [ "${sys_type}" == "apt-get" ]; then if [ -f "/usr/share/keyrings/wazuh.gpg" ]; then rm -rf "/usr/share/keyrings/wazuh.gpg" else - common_logger "Wazuh GPG key was not found in the system" + common_logger "Wazuh GPG key not found in the system" return 1 fi fi diff --git a/unattended_installer/common_functions/commonVariables.sh b/unattended_installer/common_functions/commonVariables.sh new file mode 100644 index 0000000000..d43ffa892f --- /dev/null +++ b/unattended_installer/common_functions/commonVariables.sh @@ -0,0 +1,10 @@ +# Common variables +# Copyright (C) 2015, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + +adminpem="/etc/wazuh-indexer/certs/admin.pem" +adminkey="/etc/wazuh-indexer/certs/admin-key.pem" diff --git a/unattended_installer/config/certificate/config.yml b/unattended_installer/config/certificate/config.yml index 40493ba508..c61a756330 100644 --- a/unattended_installer/config/certificate/config.yml +++ b/unattended_installer/config/certificate/config.yml @@ -2,25 +2,25 @@ nodes: # Wazuh indexer nodes indexer: - name: indexer-1 - ip: + ip: "" - name: indexer-2 - ip: + ip: "" - name: indexer-3 - ip: + ip: "" server: - name: server-1 - ip: + ip: "" node_type: master - name: server-2 - ip: + ip: "" node_type: worker - name: server-3 - ip: + ip: "" node_type: worker dashboard: - name: dashboard-1 - ip: + ip: "" - name: dashboard-2 - ip: + ip: "" - name: dashboard-3 - ip: + ip: "" diff --git a/unattended_installer/config/dashboard/dashboard.yml b/unattended_installer/config/dashboard/dashboard.yml index 30994d2ef5..0df1afc25e 100644 --- a/unattended_installer/config/dashboard/dashboard.yml +++ b/unattended_installer/config/dashboard/dashboard.yml @@ -4,7 +4,7 @@ server.port: 443 opensearch.ssl.verificationMode: certificate # opensearch.username: kibanaserver # opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true diff --git a/unattended_installer/config/dashboard/dashboard_all_in_one.yml b/unattended_installer/config/dashboard/dashboard_all_in_one.yml index 8165c78cb1..b84717408b 100644 --- a/unattended_installer/config/dashboard/dashboard_all_in_one.yml +++ b/unattended_installer/config/dashboard/dashboard_all_in_one.yml @@ -4,7 +4,7 @@ opensearch.hosts: https://localhost:9200 opensearch.ssl.verificationMode: certificate # opensearch.username: kibanaserver # opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true diff --git a/unattended_installer/config/dashboard/dashboard_unattended.yml b/unattended_installer/config/dashboard/dashboard_unattended.yml index 68ea04dcf8..8700bcb7da 100644 --- a/unattended_installer/config/dashboard/dashboard_unattended.yml +++ b/unattended_installer/config/dashboard/dashboard_unattended.yml @@ -4,7 +4,7 @@ server.port: 443 opensearch.ssl.verificationMode: certificate # opensearch.username: kibanaserver # opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true diff --git a/unattended_installer/config/dashboard/dashboard_unattended_distributed.yml b/unattended_installer/config/dashboard/dashboard_unattended_distributed.yml index c0cc8d2cbf..afaafa893a 100644 --- a/unattended_installer/config/dashboard/dashboard_unattended_distributed.yml +++ b/unattended_installer/config/dashboard/dashboard_unattended_distributed.yml @@ -2,7 +2,7 @@ server.port: 443 opensearch.ssl.verificationMode: certificate # opensearch.username: kibanaserver # opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index cdd7fe0126..f2954a83d4 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -52,19 +52,19 @@ function checks_arguments() { fi if [ -z "${wazuh_installed}" ] && [ -z "${wazuh_remaining_files}" ]; then - common_logger "Wazuh manager was not found in the system so it was not uninstalled." + common_logger "Wazuh manager not found in the system so it was not uninstalled." fi if [ -z "${filebeat_installed}" ] && [ -z "${filebeat_remaining_files}" ]; then - common_logger "Filebeat was not found in the system so it was not uninstalled." + common_logger "Filebeat not found in the system so it was not uninstalled." fi if [ -z "${indexer_installed}" ] && [ -z "${indexer_remaining_files}" ]; then - common_logger "Wazuh indexer was not found in the system so it was not uninstalled." + common_logger "Wazuh indexer not found in the system so it was not uninstalled." fi if [ -z "${dashboard_installed}" ] && [ -z "${dashboard_remaining_files}" ]; then - common_logger "Wazuh dashboard was not found in the system so it was not uninstalled." + common_logger "Wazuh dashboard not found in the system so it was not uninstalled." fi fi @@ -166,6 +166,17 @@ function checks_arguments() { } +# Checks if the --retry-connrefused is available in curl +function check_curlVersion() { + + # --retry-connrefused was added in 7.52.0 + curl_version=$(curl -V | head -n 1 | awk '{ print $2 }') + if [ $(check_versions ${curl_version} 7.52.0) == "0" ]; then + curl_has_connrefused=0 + fi + +} + function check_dist() { dist_detect if [ "${DIST_NAME}" != "centos" ] && [ "${DIST_NAME}" != "rhel" ] && [ "${DIST_NAME}" != "amzn" ] && [ "${DIST_NAME}" != "ubuntu" ]; then @@ -331,3 +342,14 @@ function checks_ports() { fi } + +# Checks if the first version is greater equal than to second one +function check_versions() { + + if test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" == "$1"; then + echo 0 + else + echo 1 + fi + +} diff --git a/unattended_installer/install_functions/dashboard.sh b/unattended_installer/install_functions/dashboard.sh index 123b2ad90c..a6f2b811bc 100644 --- a/unattended_installer/install_functions/dashboard.sh +++ b/unattended_installer/install_functions/dashboard.sh @@ -98,12 +98,7 @@ function dashboard_initialize() { print_ip="${nodes_dashboard_ip}" fi - until [ "$(curl -XGET https://"${nodes_dashboard_ip}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do - sleep 10 - j=$((j+1)) - done - - if [ ${j} -lt 12 ]; then + if [ "$(common_curl -XGET https://"${nodes_dashboard_ip}":"${wazuh_dashboard_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail)" -eq "200" ]; then if [ "${#server_node_names[@]}" -eq 1 ]; then wazuh_api_address=${server_node_ips[0]} else @@ -121,7 +116,7 @@ function dashboard_initialize() { common_logger -nl "--- Summary ---" common_logger -nl "You can access the web interface https://${print_ip}\n User: admin\n Password: ${u_pass}" - elif [ ${j} -eq 12 ]; then + else flag="-w" if [ -z "${force}" ]; then flag="-e" @@ -130,13 +125,12 @@ function dashboard_initialize() { common_logger "${flag}" "Cannot connect to Wazuh dashboard." for i in "${!indexer_node_ips[@]}"; do - curl=$(curl -XGET https://"${indexer_node_ips[i]}":9200/ -uadmin:"${u_pass}" -k -s) + curl=$(common_curl -XGET https://"${indexer_node_ips[i]}":9200/ -uadmin:"${u_pass}" -k -s --max-time 300 --retry 5 --retry-delay 5 --fail) exit_code=${PIPESTATUS[0]} if [[ "${exit_code}" -eq "7" ]]; then failed_connect=1 failed_nodes+=("${indexer_node_names[i]}") - fi - if [ "${curl}" == "OpenSearch Security not initialized." ]; then + elif [ "${exit_code}" -eq "22" ]; then sec_not_initialized=1 fi done @@ -204,3 +198,27 @@ function dashboard_install() { fi } + +function dashboard_installReportDependencies() { + + # Flags that indicates that is an optional installation. + optional_installation=1 + report_dependencies=1 + + installCommon_checkChromium + + if [ "${sys_type}" == "yum" ]; then + dashboard_dependencies+=( nss xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc fontconfig freetype ) + installCommon_yumInstallList "${dashboard_dependencies[@]}" + + elif [ "${sys_type}" == "apt-get" ]; then + dashboard_dependencies+=( libnss3-dev fonts-liberation libfontconfig1 ) + installCommon_aptInstallList "${dashboard_dependencies[@]}" + fi + + if [ "${pdf_warning}" == 1 ]; then + common_logger -w "Wazuh dashboard dependencies skipped. PDF report generation may not work." + fi + optional_installation=0 + +} diff --git a/unattended_installer/install_functions/filebeat.sh b/unattended_installer/install_functions/filebeat.sh index 26447bd0e6..7c0e29448f 100644 --- a/unattended_installer/install_functions/filebeat.sh +++ b/unattended_installer/install_functions/filebeat.sh @@ -8,15 +8,15 @@ function filebeat_configure(){ - eval "curl -so /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 ${debug}" + eval "common_curl -so /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 --retry 5 --retry-delay 5 --fail ${debug}" if [ ! -f "/etc/filebeat/wazuh-template.json" ]; then common_logger -e "Error downloading wazuh-template.json file." installCommon_rollBack exit 1 fi - + eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" - eval "curl -s ${filebeat_wazuh_module} --max-time 300 | tar -xvz -C /usr/share/filebeat/module ${debug}" + eval "common_curl -s ${filebeat_wazuh_module} --max-time 300 --retry 5 --retry-delay 5 --fail | tar -xvz -C /usr/share/filebeat/module ${debug}" if [ ! -d "/usr/share/filebeat/module" ]; then common_logger -e "Error downloading wazuh filebeat module." installCommon_rollBack diff --git a/unattended_installer/install_functions/indexer.sh b/unattended_installer/install_functions/indexer.sh index bab72864b9..542aff48b2 100644 --- a/unattended_installer/install_functions/indexer.sh +++ b/unattended_installer/install_functions/indexer.sh @@ -29,7 +29,7 @@ function indexer_configure() { pos=0 { echo "node.name: ${indxname}" - echo "network.host: ${indexer_node_ips[0]}" + echo "network.host: ${indexer_node_ips[0]}" echo "cluster.initial_master_nodes: ${indxname}" echo "plugins.security.nodes_dn:" echo ' - CN='"${indxname}"',OU=Wazuh,O=Wazuh,L=California,C=US' @@ -111,12 +111,10 @@ function indexer_copyCertificates() { function indexer_initialize() { common_logger "Initializing Wazuh indexer cluster security settings." - i=0 - until curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null || [ "${i}" -eq 12 ]; do - sleep 10 - i=$((i+1)) - done - if [ ${i} -eq 12 ]; then + eval "common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null" + e_code="${PIPESTATUS[0]}" + + if [ "${e_code}" -ne "0" ]; then common_logger -e "Cannot initialize Wazuh indexer cluster." installCommon_rollBack exit 1 @@ -160,21 +158,16 @@ function indexer_install() { function indexer_startCluster() { - retries=0 for ip_to_test in "${indexer_node_ips[@]}"; do - eval "curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" + eval "common_curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" e_code="${PIPESTATUS[0]}" - until [ "${e_code}" -ne 7 ] || [ "${retries}" -eq 12 ]; do - sleep 10 - retries=$((retries+1)) - eval "curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" - e_code="${PIPESTATUS[0]}" - done - if [ ${retries} -eq 12 ]; then + + if [ "${e_code}" -eq "7" ]; then common_logger -e "Connectivity check failed on node ${ip_to_test} port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again." exit 1 fi done + eval "wazuh_indexer_ip=( $(cat /etc/wazuh-indexer/opensearch.yml | grep network.host | sed 's/network.host:\s//') )" eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h ${wazuh_indexer_ip} ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then @@ -183,7 +176,7 @@ function indexer_startCluster() { else common_logger "Wazuh indexer cluster security configuration initialized." fi - eval "curl --silent ${filebeat_wazuh_template} | curl -X PUT 'https://${indexer_node_ips[pos]}:9200/_template/wazuh' -H 'Content-Type: application/json' -d @- -uadmin:admin -k --silent ${debug}" + eval "common_curl --silent ${filebeat_wazuh_template} --max-time 300 --retry 5 --retry-delay 5" | eval "common_curl -X PUT 'https://${indexer_node_ips[pos]}:9200/_template/wazuh' -H 'Content-Type: application/json' -d @- -uadmin:admin -k --silent --max-time 300 --retry 5 --retry-delay 5 ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "The wazuh-alerts template could not be inserted into the Wazuh indexer cluster." exit 1 diff --git a/unattended_installer/install_functions/installCommon.sh b/unattended_installer/install_functions/installCommon.sh index 6e6ada6f98..083dc38218 100644 --- a/unattended_installer/install_functions/installCommon.sh +++ b/unattended_installer/install_functions/installCommon.sh @@ -21,6 +21,7 @@ function installCommon_cleanExit() { if [[ "${rollback_conf}" =~ [N|n] ]]; then exit 1 else + common_checkInstalled installCommon_rollBack exit 1 fi @@ -42,10 +43,18 @@ function installCommon_addWazuhRepo() { if [ ! -f "/etc/yum.repos.d/wazuh.repo" ] && [ ! -f "/etc/zypp/repos.d/wazuh.repo" ] && [ ! -f "/etc/apt/sources.list.d/wazuh.list" ] ; then if [ "${sys_type}" == "yum" ]; then eval "rpm --import ${repogpg} ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi eval "echo -e '[wazuh]\ngpgcheck=1\ngpgkey=${repogpg}\nenabled=1\nname=EL-\${releasever} - Wazuh\nbaseurl='${repobaseurl}'/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo ${debug}" eval "chmod 644 /etc/yum.repos.d/wazuh.repo ${debug}" elif [ "${sys_type}" == "apt-get" ]; then - eval "curl -s ${repogpg} --max-time 300 | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import - ${debug}" + eval "common_curl -s ${repogpg} --max-time 300 --retry 5 --retry-delay 5 --fail | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import - ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi eval "chmod 644 /usr/share/keyrings/wazuh.gpg ${debug}" eval "echo \"deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${repobaseurl}/apt/ ${reporelease} main\" | tee /etc/apt/sources.list.d/wazuh.list ${debug}" eval "apt-get update -q ${debug}" @@ -107,8 +116,7 @@ function installCommon_aptInstallList(){ common_logger "Installing $dep." installCommon_aptInstall "${dep}" if [ "${install_result}" != 0 ]; then - common_logger -e "Cannot install dependency: ${dep}." - exit 1 + installCommon_checkOptionalInstallation fi done fi @@ -122,8 +130,8 @@ function installCommon_changePasswordApi() { for i in "${!api_passwords[@]}"; do if [ -n "${wazuh}" ] || [ -n "${AIO}" ]; then passwords_getApiUserId "${api_users[i]}" - WAZUH_PASS_API='{"password":"'"${api_passwords[i]}"'"}' - eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null' + WAZUH_PASS_API='{\"password\":\"'"${api_passwords[i]}"'\"}' + eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' if [ "${api_users[i]}" == "${adminUser}" ]; then sleep 1 adminPassword="${api_passwords[i]}" @@ -137,14 +145,28 @@ function installCommon_changePasswordApi() { else if [ -n "${wazuh}" ] || [ -n "${AIO}" ]; then passwords_getApiUserId "${nuser}" - WAZUH_PASS_API='{"password":"'"${password}"'"}' - eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null' + WAZUH_PASS_API='{\"password\":\"'"${password}"'\"}' + eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' fi if [ "${nuser}" == "wazuh-wui" ] && { [ -n "${dashboard}" ] || [ -n "${AIO}" ]; }; then passwords_changeDashboardApiPassword "${password}" fi fi - + +} + +function installCommon_checkOptionalInstallation() { + + if [ "${optional_installation}" != 1 ]; then + common_logger -e "Cannot install dependency: ${dep}." + exit 1 + else + common_logger -w "Cannot install optional dependency: ${dep}." + if [ "${report_dependencies}" == 1 ]; then + pdf_warning=1 + fi + fi + } function installCommon_createCertificates() { @@ -238,7 +260,7 @@ function installCommon_changePasswords() { passwords_getNetworkHost passwords_generateHash fi - + passwords_changePassword if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then @@ -252,6 +274,31 @@ function installCommon_changePasswords() { } +function installCommon_checkChromium() { + + if [ "${sys_type}" == "yum" ]; then + if (! yum list installed 2>/dev/null | grep -q -E ^"google-chrome-stable"\\.) && (! yum list installed 2>/dev/null | grep -q -E ^"chromium"\\.); then + if [ "${DIST_NAME}" == "amzn" ]; then + installCommon_installChrome + else + dashboard_dependencies=(chromium) + fi + fi + + elif [ "${sys_type}" == "apt-get" ]; then + if (! apt list --installed 2>/dev/null | grep -q -E ^"google-chrome-stable"\/) && (! apt list --installed 2>/dev/null | grep -q -E ^"chromium-browser"\/); then + + # Report generation doesn't work with Chromium in Ubuntu 22 and Ubuntu 20 + if [[ "${DIST_NAME}" == "ubuntu" ]] && [[ "${DIST_VER}" == "22" || "${DIST_VER}" == "20" || "${DIST_VER}" == "18" ]]; then + installCommon_installChrome + else + dashboard_dependencies=(chromium-browser) + fi + fi + fi + +} + function installCommon_extractConfig() { if ! tar -tf "${tar_file}" | grep -q wazuh-install-files/config.yml; then @@ -301,6 +348,32 @@ function installCommon_installCheckDependencies() { } +function installCommon_installChrome() { + + dep="chrome" + common_logger "Installing ${dep}." + + if [ "${sys_type}" == "yum" ]; then + chrome_package="/tmp/wazuh-install-files/chrome.rpm" + common_curl -so "${chrome_package}" https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm --max-time 100 --retry 5 --retry-delay 5 --fail + eval "yum install ${chrome_package} -y ${debug}" + + if [ "${PIPESTATUS[0]}" != 0 ]; then + installCommon_checkOptionalInstallation + fi + + elif [ "${sys_type}" == "apt-get" ]; then + chrome_package="/tmp/wazuh-install-files/chrome.deb" + common_curl -so "${chrome_package}" https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb --max-time 100 --retry 5 --retry-delay 5 --fail + installCommon_aptInstall "${chrome_package}" + + if [ "${install_result}" != 0 ]; then + installCommon_checkOptionalInstallation + fi + fi + +} + function installCommon_installPrerequisites() { if [ "${sys_type}" == "yum" ]; then @@ -489,13 +562,9 @@ function installCommon_rollBack() { fi if [[ ( -n "${indexer_remaining_files}" || -n "${indexer_installed}" ) && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - common_logger "Removing Wazuh indexer." - if [ "${sys_type}" == "yum" ]; then - eval "yum remove wazuh-indexer -y ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt-get remove --purge wazuh-indexer -y ${debug}" - fi - common_logger "Wazuh indexer removed." + eval "rm -rf /var/lib/wazuh-indexer/ ${debug}" + eval "rm -rf /usr/share/wazuh-indexer/ ${debug}" + eval "rm -rf /etc/wazuh-indexer/ ${debug}" fi if [[ -n "${filebeat_installed}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then @@ -568,7 +637,7 @@ function installCommon_startService() { common_logger "Starting service ${1}." - if ps -e | grep -E -q "^\ *1\ .*systemd$"; then + if [[ -d /run/systemd/system ]]; then eval "systemctl daemon-reload ${debug}" eval "systemctl enable ${1}.service ${debug}" eval "systemctl start ${1}.service ${debug}" @@ -582,7 +651,7 @@ function installCommon_startService() { else common_logger "${1} service started." fi - elif ps -e | grep -E -q "^\ *1\ .*init$"; then + elif ps -p 1 -o comm= | grep "init"; then eval "chkconfig ${1} on ${debug}" eval "service ${1} start ${debug}" eval "/etc/init.d/${1} start ${debug}" @@ -631,8 +700,7 @@ function installCommon_yumInstallList(){ common_logger "Installing $dep." eval "yum install ${dep} -y ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot install dependency: ${dep}." - exit 1 + installCommon_checkOptionalInstallation fi done fi diff --git a/unattended_installer/install_functions/installMain.sh b/unattended_installer/install_functions/installMain.sh index 92dae05475..59a3c432ca 100755 --- a/unattended_installer/install_functions/installMain.sh +++ b/unattended_installer/install_functions/installMain.sh @@ -203,6 +203,10 @@ function main() { # -------------- Uninstall case ------------------------------------ common_checkSystem + + if [ -z "${uninstall}" ]; then + installCommon_installCheckDependencies + fi if [ -z "${download}" ]; then check_dist @@ -244,7 +248,7 @@ function main() { fi if [ -n "${dashboard}" ]; then - checks_ports "${wazuh_dashboard_ports[@]}" + checks_ports "${wazuh_dashboard_port}" fi @@ -252,6 +256,7 @@ function main() { if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then installCommon_installPrerequisites + check_curlVersion installCommon_addWazuhRepo fi @@ -295,6 +300,7 @@ function main() { if [ -n "${dashboard}" ]; then common_logger "--- Wazuh dashboard ----" + dashboard_installReportDependencies dashboard_install dashboard_configure installCommon_startService "wazuh-dashboard" @@ -334,6 +340,7 @@ function main() { filebeat_configure installCommon_startService "filebeat" common_logger "--- Wazuh dashboard ---" + dashboard_installReportDependencies dashboard_install dashboard_configure installCommon_startService "wazuh-dashboard" diff --git a/unattended_installer/install_functions/installVariables.sh b/unattended_installer/install_functions/installVariables.sh index 511ef0c50a..c827604bde 100644 --- a/unattended_installer/install_functions/installVariables.sh +++ b/unattended_installer/install_functions/installVariables.sh @@ -7,8 +7,8 @@ # Foundation. ## Package vars -readonly wazuh_major="4.4" -readonly wazuh_version="4.4.3" +readonly wazuh_major="4.5" +readonly wazuh_version="4.5.0" readonly filebeat_version="7.10.2" readonly wazuh_install_vesion="0.1" @@ -51,4 +51,4 @@ adminPassword="wazuh" readonly wazuh_aio_ports=( 9200 9300 1514 1515 1516 55000 443) readonly wazuh_indexer_ports=( 9200 9300 ) readonly wazuh_manager_ports=( 1514 1515 1516 55000 ) -readonly wazuh_dashboard_ports=( 443 ) +readonly wazuh_dashboard_port=443 diff --git a/unattended_installer/install_functions/wazuh-offline-download.sh b/unattended_installer/install_functions/wazuh-offline-download.sh index fa8ead27b8..05c9937180 100755 --- a/unattended_installer/install_functions/wazuh-offline-download.sh +++ b/unattended_installer/install_functions/wazuh-offline-download.sh @@ -52,7 +52,7 @@ function offline_download() { exit 1 fi - while curl -s -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" | grep -q "200"; do + while common_curl -s -I -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do manager_revision=$((manager_revision+1)) if [ "${package_type}" == "rpm" ]; then manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.x86_64.rpm" @@ -62,7 +62,7 @@ function offline_download() { manager_package="${manager_deb_package}" fi done - if [ "$manager_revision" -gt 1 ] && [ "$(curl -s -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}")" -ne "200" ]; then + if [ "$manager_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then manager_revision=$((manager_revision-1)) if [ "${package_type}" == "rpm" ]; then manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.x86_64.rpm" @@ -71,7 +71,7 @@ function offline_download() { fi fi - while curl -s -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" | grep -q "200"; do + while common_curl -s -I -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do indexer_revision=$((indexer_revision+1)) if [ "${package_type}" == "rpm" ]; then indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.x86_64.rpm" @@ -81,7 +81,7 @@ function offline_download() { indexer_package="${indexer_deb_package}" fi done - if [ "$indexer_revision" -gt 1 ] && [ "$(curl -s -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}")" -ne "200" ]; then + if [ "$indexer_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then indexer_revision=$((indexer_revision-1)) if [ "${package_type}" == "rpm" ]; then indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.x86_64.rpm" @@ -90,7 +90,7 @@ function offline_download() { fi fi - while curl -s -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" | grep -q "200"; do + while common_curl -s -I -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do dashboard_revision=$((dashboard_revision+1)) if [ "${package_type}" == "rpm" ]; then dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.x86_64.rpm" @@ -100,7 +100,7 @@ function offline_download() { dashboard_package="${dashboard_deb_package}" fi done - if [ "$dashboard_revision" -gt 1 ] && [ "$(curl -s -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}")" -ne "200" ]; then + if [ "$dashboard_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then dashboard_revision=$((dashboard_revision-1)) if [ "${package_type}" == "rpm" ]; then dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.x86_64.rpm" @@ -115,7 +115,7 @@ function offline_download() { package_name="${package}_${package_type}_package" eval "package_base_url=${package}_${package_type}_base_url" - eval "curl -so ${dest_path}/${!package_name} ${!package_base_url}/${!package_name}" + eval "common_curl -so ${dest_path}/${!package_name} ${!package_base_url}/${!package_name} --max-time 300 --retry 5 --retry-delay 5 --fail" if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "The ${package} package could not be downloaded. Exiting." exit 1 @@ -145,7 +145,7 @@ function offline_download() { for file in "${files_to_download[@]}" do - eval "curl -sO ${file}" + eval "common_curl -sO ${file} --max-time 300 --retry 5 --retry-delay 5 --fail" if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "The resource ${file} could not be downloaded. Exiting." exit 1 diff --git a/unattended_installer/passwords_tool/passwordsFunctions.sh b/unattended_installer/passwords_tool/passwordsFunctions.sh index bfd0c4b2a3..c3c1ae7040 100644 --- a/unattended_installer/passwords_tool/passwordsFunctions.sh +++ b/unattended_installer/passwords_tool/passwordsFunctions.sh @@ -83,8 +83,8 @@ function passwords_changePasswordApi() { for i in "${!api_passwords[@]}"; do if [ -n "${wazuh_installed}" ]; then passwords_getApiUserId "${api_users[i]}" - WAZUH_PASS_API='{"password":"'"${api_passwords[i]}"'"}' - eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null' + WAZUH_PASS_API='{\"password\":\"'"${api_passwords[i]}"'\"}' + eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' if [ "${api_users[i]}" == "${adminUser}" ]; then sleep 1 adminPassword="${api_passwords[i]}" @@ -101,8 +101,8 @@ function passwords_changePasswordApi() { else if [ -n "${wazuh_installed}" ]; then passwords_getApiUserId "${nuser}" - WAZUH_PASS_API='{"password":"'"${password}"'"}' - eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null' + WAZUH_PASS_API='{\"password\":\"'"${password}"'\"}' + eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ] && [ -z "${start_indexer_cluster}" ]; then common_logger -nl $"The password for Wazuh API user ${nuser} is ${password}" fi @@ -175,9 +175,6 @@ function passwords_createBackUp() { capem=$(grep "plugins.security.ssl.transport.pemtrustedcas_filepath: " /etc/wazuh-indexer/opensearch.yml ) rcapem="plugins.security.ssl.transport.pemtrustedcas_filepath: " capem="${capem//$rcapem}" - if [[ -z "${adminpem}" ]] || [[ -z "${adminkey}" ]]; then - passwords_readAdmincerts - fi fi fi @@ -284,18 +281,18 @@ function passwords_generatePasswordFile() { for i in "${!users[@]}"; do { echo "# ${user_description[${i}]}" - echo " indexer_username: '${users[${i}]}'" - echo " indexer_password: '${passwords[${i}]}'" - echo "" + echo " indexer_username: '${users[${i}]}'" + echo " indexer_password: '${passwords[${i}]}'" + echo "" } >> "${gen_file}" done for i in "${!api_users[@]}"; do { - echo "# ${api_user_description[${i}]}" - echo " api_username: '${api_users[${i}]}'" + echo "# ${api_user_description[${i}]}" + echo " api_username: '${api_users[${i}]}'" echo " api_password: '${api_passwords[${i}]}'" - echo "" + echo "" } >> "${gen_file}" done @@ -332,13 +329,13 @@ function passwords_getApiToken() { function passwords_getApiUsers() { - mapfile -t api_users < <(curl -s -k -X GET -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" "https://localhost:55000/security/users?pretty=true" | grep username | awk -F': ' '{print $2}' | sed -e "s/[\'\",]//g") + mapfile -t api_users < <(common_curl -s -k -X GET -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" \"https://localhost:55000/security/users?pretty=true\" --max-time 300 --retry 5 --retry-delay 5 | grep username | awk -F': ' '{print $2}' | sed -e "s/[\'\",]//g") } function passwords_getApiIds() { - mapfile -t api_ids < <(curl -s -k -X GET -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" "https://localhost:55000/security/users?pretty=true" | grep id | awk -F': ' '{print $2}' | sed -e "s/[\'\",]//g") + mapfile -t api_ids < <(common_curl -s -k -X GET -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" \"https://localhost:55000/security/users?pretty=true\" --max-time 300 --retry 5 --retry-delay 5 | grep id | awk -F': ' '{print $2}' | sed -e "s/[\'\",]//g") } @@ -379,26 +376,6 @@ function passwords_getNetworkHost() { fi } -function passwords_readAdmincerts() { - - if [[ -f /etc/wazuh-indexer/certs/admin.pem ]]; then - adminpem="/etc/wazuh-indexer/certs/admin.pem" - else - common_logger -e "No admin certificate indicated. Please run the script with the option -c ." - exit 1; - fi - - if [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]; then - adminkey="/etc/wazuh-indexer/certs/admin-key.pem" - elif [[ -f /etc/wazuh-indexer/certs/admin.key ]]; then - adminkey="/etc/wazuh-indexer/certs/admin.key" - else - common_logger -e "No admin certificate key indicated. Please run the script with the option -k ." - exit 1; - fi - -} - function passwords_readFileUsers() { filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc "\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\"]?[\w.*+?-]+[\'\"]?)+\Z") @@ -508,7 +485,7 @@ For Wazuh API users, the file must have this format: mapfile -t passwords < <(printf "%s\n" "${finalpasswords[@]}") mapfile -t api_users < <(printf "%s\n" "${finalapiusers[@]}") mapfile -t api_passwords < <(printf "%s\n" "${finalapipasswords[@]}") - + changeall=1 fi @@ -528,7 +505,7 @@ function passwords_restartService() { exit 1 fi - if ps -e | grep -E -q "^\ *1\ .*systemd$"; then + if [[ -d /run/systemd/system ]]; then eval "systemctl daemon-reload ${debug}" eval "systemctl restart ${1}.service ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then @@ -543,7 +520,7 @@ function passwords_restartService() { else common_logger -d "${1} started." fi - elif ps -e | grep -E -q "^\ *1\ .*init$"; then + elif ps -p 1 -o comm= | grep "init"; then eval "/etc/init.d/${1} restart ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "${1} could not be started." @@ -591,9 +568,6 @@ function passwords_runSecurityAdmin() { capem=$(grep "plugins.security.ssl.transport.pemtrustedcas_filepath: " /etc/wazuh-indexer/opensearch.yml ) rcapem="plugins.security.ssl.transport.pemtrustedcas_filepath: " capem="${capem//$rcapem}" - if [[ -z "${adminpem}" ]] || [[ -z "${adminkey}" ]]; then - passwords_readAdmincerts - fi fi fi diff --git a/unattended_installer/passwords_tool/passwordsVariables.sh b/unattended_installer/passwords_tool/passwordsVariables.sh index b3bef21909..201c6f6b94 100644 --- a/unattended_installer/passwords_tool/passwordsVariables.sh +++ b/unattended_installer/passwords_tool/passwordsVariables.sh @@ -5,5 +5,6 @@ # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation. + readonly logfile="/var/log/wazuh-passwords-tool.log" -debug=">> ${logfile} 2>&1" \ No newline at end of file +debug=">> ${logfile} 2>&1" diff --git a/wpk/linux/x86_64/Dockerfile b/wpk/linux/x86_64/Dockerfile index 9e4f1dd277..7d0c375a57 100644 --- a/wpk/linux/x86_64/Dockerfile +++ b/wpk/linux/x86_64/Dockerfile @@ -23,7 +23,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/"