Merge pull request #1285 from wazuh/merge-4.9.0-into-master

Merge 4.9.0 into master
wazuh · Apr 1, 2024 · c95eb42 · c95eb42
2 parents 9918f95 + f685bfa
commit c95eb42
Show file tree

Hide file tree

Showing 13 changed files with 55 additions and 45 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -128,7 +128,7 @@ jobs:
       run: |
        sleep 120
        docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
-       if [[ $docs -gt 100 ]]; then
+       if [[ $docs -gt 0 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
         echo "wazuh-alerts index documents: ${docs}"
@@ -139,7 +139,7 @@ jobs:
       run: |
        qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
        templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
-       if [[ $qty_templates -eq 3 ]]; then
+       if [[ $qty_templates -gt 3 ]]; then
         echo "wazuh templates:"
         echo "${templates}"
        else
@@ -162,10 +162,6 @@ jobs:
       env:
         TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
 
-    - name: Check errors in ossec.log
-      run: ./.github/single-node-log-check.sh
-
-
     - name: Check filebeat output
       run: ./.github/single-node-filebeat-check.sh
 
@@ -179,8 +175,8 @@ jobs:
         exit 1
        fi
 
-    - name: Stop single node stack
-      run: docker-compose -f single-node/docker-compose.yml down
+    - name: Check errors in ossec.log
+      run: ./.github/single-node-log-check.sh
 
   check-multi-node:
     runs-on: ubuntu-latest
@@ -193,6 +189,14 @@ jobs:
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
+    - name: free disk space
+      run: |
+        sudo swapoff -a
+        sudo rm -f /swapfile
+        sudo apt clean
+        docker rmi $(docker image ls -aq)
+        df -h
+
     - name: Retrieve saved Wazuh dashboard Docker image
       uses: actions/download-artifact@v3
       with:
@@ -213,6 +217,7 @@ jobs:
         docker load --input ./wazuh-manager.tar
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
 
     - name: Create multi node certficates
       run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
@@ -222,7 +227,13 @@ jobs:
 
     - name: Check Wazuh indexer start
       run: |
-       sleep 120
+       until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`  -eq 1 ]]
+       do
+         echo 'Waiting for Wazuh indexer start'
+         free -m
+         df -h
+         sleep 10
+       done
        status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
        if [[ $status_green -eq 1 ]]; then
         curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
@@ -251,9 +262,15 @@ jobs:
 
     - name: Check documents into wazuh-alerts index
       run: |
-       sleep 120
+       until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``)  -gt 0 ]]
+       do
+         echo 'Waiting for Wazuh indexer events'
+         free -m
+         df -h
+         sleep 10
+       done
        docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
-       if [[ $docs -gt 100 ]]; then
+       if [[ $docs -gt 1 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
         echo "wazuh-alerts index documents: ${docs}"
@@ -264,7 +281,7 @@ jobs:
       run: |
        qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
        templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
-       if [[ $qty_templates -eq 3 ]]; then
+       if [[ $qty_templates -gt 3 ]]; then
         echo "wazuh templates:"
         echo "${templates}"
        else
@@ -294,10 +311,6 @@ jobs:
       env:
         TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
 
-    - name: Check errors in ossec.log
-      run: ./.github/multi-node-log-check.sh
-
-
     - name: Check filebeat output
       run: ./.github/multi-node-filebeat-check.sh
 
@@ -309,4 +322,7 @@ jobs:
        else
         echo "Wazuh dashboard status: ${status}"
         exit 1
-       fi
+       fi
+
+    - name: Check errors in ossec.log
+      run: ./.github/multi-node-log-check.sh
diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh
@@ -1,7 +1,7 @@
 WAZUH_IMAGE_VERSION=5.0.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
 IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 
 # Wazuh package generator

diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile
@@ -1,5 +1,5 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023.3.20240219.0 AS builder
+FROM amazonlinux:2023.3.20240304.0 AS builder
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
@@ -28,12 +28,12 @@ RUN bash /install_wazuh_app.sh
 # Copy and set permissions to config files
 COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
-RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
 
 # Create and set permissions to data directories
-RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
-RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
-RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 
 ################################################################################
 # Build stage 1 (the current Wazuh dashboard image):
@@ -42,7 +42,7 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/
 # Add entrypoint
 # Add wazuh_app_config
 ################################################################################
-FROM amazonlinux:2023.3.20240219.0
+FROM amazonlinux:2023.3.20240304.0
 
 # Set environment variables
 ENV USER="wazuh-dashboard" \

diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile
@@ -1,5 +1,5 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023.3.20240219.0 AS builder
+FROM amazonlinux:2023.3.20240304.0 AS builder
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
@@ -29,7 +29,7 @@ RUN bash config.sh
 # Add entrypoint
 
 ################################################################################
-FROM amazonlinux:2023.3.20240219.0
+FROM amazonlinux:2023.3.20240304.0
 
 ENV USER="wazuh-indexer" \
     GROUP="wazuh-indexer" \

diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile
@@ -1,5 +1,5 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023.3.20240219.0
+FROM amazonlinux:2023.3.20240304.0
 
 RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 

diff --git a/build-docker-images/wazuh-manager/config/check_repository.sh b/build-docker-images/wazuh-manager/config/check_repository.sh
@@ -2,7 +2,7 @@
 APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
 REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
 MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
 MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
 MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)

diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager b/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
@@ -93,6 +93,7 @@ EOF
     if /var/ossec/framework/python/bin/python3  /var/ossec/framework/scripts/create_user.py; then
       # remove json if exit code is 0
       rm /var/ossec/api/configuration/admin.json
+      rm /var/ossec/framework/scripts/create_user.py
     else
       echored "There was an error configuring the API user"
       # terminate container to avoid unpredictable behavior

diff --git a/build-docker-images/wazuh-manager/config/permanent_data.env b/build-docker-images/wazuh-manager/config/permanent_data.env
@@ -79,12 +79,14 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_proc
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh
@@ -38,7 +38,7 @@ chmod 700 /$CERT_TOOL
 
 ## Execute cert tool and parsin cert.yml to set UID permissions
 source /$CERT_TOOL -A
-nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' )
+nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
 node_names=($nodes_server)
 
 echo "Moving created certificates to the destination directory"
@@ -51,11 +51,12 @@ chown 1000:1000 /certificates/*
 echo "Setting UID for wazuh manager and worker"
 cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
 cp /certificates/root-ca.key /certificates/root-ca-manager.key
-chown 101:101 /certificates/root-ca-manager.pem
-chown 101:101 /certificates/root-ca-manager.key
+chown 999:999 /certificates/root-ca-manager.pem
+chown 999:999 /certificates/root-ca-manager.key
 
 for i in ${node_names[@]};
 do
-  chown 101:101 "/certificates/${i}.pem"
-  chown 101:101 "/certificates/${i}-key.pem"
+  chown 999:999 "/certificates/${i}.pem"
+  chown 999:999 "/certificates/${i}-key.pem"
 done
+
diff --git a/multi-node/config/wazuh_cluster/wazuh_manager.conf b/multi-node/config/wazuh_cluster/wazuh_manager.conf
@@ -307,9 +307,4 @@
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/dpkg.log</location>
-  </localfile>
-
 </ossec_config>
diff --git a/multi-node/config/wazuh_cluster/wazuh_worker.conf b/multi-node/config/wazuh_cluster/wazuh_worker.conf
@@ -307,9 +307,4 @@
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/dpkg.log</location>
-  </localfile>
-
 </ossec_config>
diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml
@@ -3,7 +3,7 @@ version: '3'
 
 services:
   generator:
-    image: wazuh/wazuh-certs-generator:0.0.1
+    image: wazuh/wazuh-certs-generator:0.0.2
     hostname: wazuh-certs-generator
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/

diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml
@@ -3,7 +3,7 @@ version: '3'
 
 services:
   generator:
-    image: wazuh/wazuh-certs-generator:0.0.1
+    image: wazuh/wazuh-certs-generator:0.0.2
     hostname: wazuh-certs-generator
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/