wazuh / wazuh-packages Goto Github PK
View Code? Open in Web Editor NEWWazuh - Tools for packages creation
Home Page: https://wazuh.com
License: GNU General Public License v2.0
Wazuh - Tools for packages creation
Home Page: https://wazuh.com
License: GNU General Public License v2.0
Hi team,
if you install the wazuh-manager or the wazuh-agent using .deb packages and then you remove the packages, the packages will remain in a "Confffiles" state. All of this works fine, but if you reinstall the package again, the package will not configure the ossec.conf
file.
The cause of this error in the manager is:
wazuh-packages/debs/SPECS/3.7.0/wazuh-manager/debian/postinst
Lines 41 to 46 in 084e06b
and in the agent:
wazuh-packages/debs/SPECS/3.7.0/wazuh-agent/debian/postinst
Lines 37 to 45 in 084e06b
Regards,
Braulio.
Hi all,
there's a problem when you try to install the wazuh-agent v3.7.0 in SUSE 12 and SUSE 11. The installation fails because the file /var/ossec/tmp/src/init/ossec-hids-suse.init
is missing.
Log sample:
sles12-sp1:/home/vagrant # zypper install wazuh-agent
Building repository 'SUSE-12.1 - Wazuh' cache .......................................................................................................................................................................................[done]Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
wazuh-agent
The following package is not supported by its vendor:
wazuh-agent
1 new package to install.
Overall download size: 6.8 MiB. Already cached: 0 B. After the operation, additional 73.8 MiB will be used.
Continue? [y/n/? shows all options] (y): y
Retrieving package wazuh-agent-3.7.0-1.x86_64 (1/1), 6.8 MiB ( 73.8 MiB unpacked)Retrieving: wazuh-agent-3.7.0-1.x86_64.rpm ............................................................................................................................................................................[done (514.8 KiB/s)]Checking for file conflicts: ........................................................................................................................................................................................................[done](1/1) Installing: wazuh-agent-3.7.0-1.x86_64 ........................................................................................................................................................................................[done]Additional rpm output:
install: cannot stat '/var/ossec/tmp/src/init/ossec-hids-suse.init': No such file or directory
wazuh-agent: unknown service
wazuh-agent: unknown service
sles12-sp1:/home/vagrant #
When getting the packages list. There exists an inconsistency between deb and rpm packages.
While the deb package shows the following vendor:
"vendor": "Wazuh, Inc <[email protected]>"
The rpm package shows the website instead of the company name.
"vendor": "https://www.wazuh.com"
Hi,
this issue references wazuh/wazuh#1549. The packages must remove the Wazuh DB artifacts only and only if when upgrading from version 3.2.0 - 3.6.1.
In addition, the directory ${PREFIX}/queue/syscheck
must be removed from the packages.
Hi team,
it is necessary to build MacOS X using a similar system as the one used to build .deb and .rpm packages.
Tasks:
preinstall
, postinstall
and build
scripts.Regards,
Braulio.
When trying to build an RPM using the provided spec file it is unable to pull the tar.gz file
Name: wazuh-manager
Version: 2.1.1
Release: 1%{?dist}
License: GPL
Group: System Environment/Daemons
Source0: https://github.com/wazuh/ossec-wazuh/archive/%{name}-%{version}.tar.gz
Source0 would be filled in as (https://github.com/wazuh/ossec-wazuh/archive/wazuh-manager-2.1.1.tar.gz)
When the above link is entered it redirects to (https://codeload.github.com/wazuh/wazuh/tar.gz/wazuh-manager-2.1.1) and returns a 404: Not Found.
Is the intended file supposed to be https://github.com/wazuh/wazuh/archive/v2.1.1.tar.gz ?
Please let me know if the file has been moved or is located else where? I run into the same issue with agent and API.
Hi team,
It is necessary to add a build tool for IBM AIX packages, similar to the one that we have for Linux RPM packages.
Regards.
yum install wazuh-api-3.6.1
+ yum remove wazuh-api
+ yum install wazuh-api-3.6.1
cp: cannot stat '/var/ossec/api/configuration/auth/htpasswd': No such file or directory
cat: /var/ossec/~api/package.json: No such file or directory
/var/tmp/rpm-tmp.lIMJKu: line 16: =: command not found
/var/ossec/api/configuration is the problem
Empty directories:
Files:
Hi team,
the current OVA works for VirtualBox, but we don't have OVA for VMWare, so it would be nice to add an OVA for VMWare.
Regards,
Braulio
Hi team,
Packages add some scripts to the directory /usr/share/wazuh-manager
and /usr/share/wazuh-agent
, to add some information to the ossec.conf
, etc.
This must be created in a new directory inside of the installation dir. For example, in /var/ossec/tmp
.
Hi,
after doing a fresh installation of a wazuh-agent 2.1.0 on Debian i've noticed that the ossec.conf of that agent differs to a host where the wazuh-agent 2.0.0 was installed initially. However there was no notice about this changes during the upgrade of that package like commonly done in Debian packages.
Could it be possible to notice the user during the package upgrade if the config was changed? An alternative could be to place a e.g. ossec.conf.changed
side-by-side to the ossec.conf for easier comparison.
If this is something which can't be handled on package level it probably could also be handled by adding a note to compare the ossec.conf at https://documentation.wazuh.com/current/installation-guide/upgrading/index.html
Edit
Sorry, forgot to mention that both packages, wazuh-manager and wazuh-agent are affected. e.g. i currently was missing the following in my ossec.conf of manager and agent:
<!-- Choose between plain or json format (or both) for internal logs -->
<logging>
<log_format>plain</log_format>
</logging>
as well as the netstat changes from wazuh/wazuh#145
Hi team,
in the .deb packages of wazuh-agent there's a bug in the configure section of the postinst
script. If you execute apt-get remove wazuh-agent
and then apt-get install wazuh-agent
, the postinst script won't execute the gen_ossec.sh
script to generate an ossec.conf
for that host. Instead, it will install an ossec.conf
for Debian 7.
These are the lines:
wazuh-packages/debs/SPECS/3.7.0/wazuh-agent/debian/postinst
Lines 37 to 45 in 084e06b
Manager and Agent Systems: Debian 9 running Wazuh 3.6.0
Today i have noticed that the ossec.conf of all of my around 20 wazuh-agent installations where overwritten by some sort of default / old ossec.conf after a run of apt-get dist-upgrade:
diff ossec.conf ossec.conf.new
2c2
< Wazuh - Agent - Default configuration for debian 7
---
> Wazuh - Agent - Default configuration for debian 9.5
14c14
< <config-profile>debian, debian7</config-profile>
---
> <config-profile>debian, debian9, debian9.5</config-profile>
48d47
< <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
135,144d133
< <log_format>syslog</log_format>
< <location>/var/ossec/logs/active-responses.log</location>
< </localfile>
<
< <localfile>
< <log_format>syslog</log_format>
< <location>/var/log/dpkg.log</location>
< </localfile>
<
< <localfile>
167d155
< <ca_store>/path/to/my_cert.pem</ca_store>
If i'm checking the "touching" of the files:
ls -la /var/ossec/etc/ossec.conf*
-rw-r----- 1 root ossec 5294 Aug 30 13:53 /var/ossec/etc/ossec.conf
-rw-r----- 1 root root 4944 Aug 30 16:37 /var/ossec/etc/ossec.conf.new
this seems to have happened after i had updated my packages from either 3.5.0-1 to 3.6.0-1 or from 3.6.0-1 to 3.6.0-2:
Start-Date: 2018-08-30 10:22:20
Commandline: apt-get dist-upgrade
Upgrade: wazuh-agent:amd64 (3.5.0-1, 3.6.0-1)
End-Date: 2018-08-30 10:23:36
Start-Date: 2018-08-30 16:36:01
Commandline: apt-get dist-upgrade
Upgrade: wazuh-agent:amd64 (3.6.0-1, 3.6.0-2)
End-Date: 2018-08-30 16:37:18
I can't currently see which update/upgrade path lead to this situation but i think an update/upgrade should never remove / overwrite the current ossec.conf as seen now.
What i can definitely say is that no errors / issues happened during the update/upgrade itself and that the issue is seen of every of the around 20 wazuh-agent installations.
Furthermore the "current" ossec.conf contains the Default configuration for debian 7
header which i'm definitely not running here.
The current RPM specs are too complex and hard to maintain. They must be improved in order to make it easier to maintain doing the following tasks:
/usr/share/wazuh-*
./tmp
.%install
section. It must use the install.sh
script.%pre
and %post
section. They are too complex and hard to maintain. Maybe both sections can use the scripts used in the install.sh
to improve this.SourceX
from the RPM .specs files.%files
section of the RPM packages./opt/
, /var/
or any other directory.Hi team,
the .deb packages don't use the conffiles
feature to prevent the overwrite of the important files as ossec.conf
, client.keys
, local_internal_options.conf
, etc. For this reason, we must create some "tmp
" directory to save these files while upgrading to avoid the overwrite.
More info about the conffiles
here: https://www.debian.org/doc/manuals/maint-guide/dother.en.html#conffiles
PS: if conffiles
option is used, it is possible that we must create a new directory in the packages to make this work properly.
Hi team,
in the latest versions of Wazuh, there are some missing active-responses files in the installation as netsh.cmd
.
These files must be added to the wazuh-installer.wxs file in wazuh/wazuh.
Regards,
Braulio.
Hi,
the installation of the manager or the agent using the rpm specs always sets an ossec-init.conf file with a wrong timestamp.
Hi team,
the Docker image built using this Dockerfile fails when it tries to link the binaries when running make TARGET=....
.
The main problem is related with the OpenSSL compiled in src/external
.
Regards,
Braulio.
The current script to build the Debian packages is too complex.
Tasks to do:
debuild
.Hello team, we have a problem with the files in /var/ossec/queue/rids/*
after yum remove wazuh-agent
.
yum install wazuh-agent
yum remove wazuh-agent
yum install wazuh-agent
) or a manager (yum install wazuh-manager
). Each way ends in a different error.At this point we have two different situations, both come from wrong permissions for /var/ossec/queue/rids/*
:
[root@worker rids]# ll -h
total 8,0K
-rw-r--r-- 1 ossec ossec 7 oct 9 16:10 017
-rw-r--r-- 1 ossec ossec 0 oct 9 16:12 018
-rw-r--r-- 1 ossec ossec 0 oct 9 16:12 018
-rw-r--r-- 1 ossec ossec 0 oct 9 16:12 020
-rw-r--r-- 1 ossec ossec 0 oct 9 16:12 021
-rw-r--r-- 1 ossec ossec 0 oct 9 16:12 022
...
-rw-r--r-- 1 ossec ossec 7 oct 9 16:20 sender_counter
[root@worker rids]# cat /var/ossec/logs/ossec.log | grep -i -E "(ERROR|WARNING|CRITICAL)"
2018/10/09 16:25:20 ossec-remoted: ERROR: Unable to open agent file. errno: 13
2018/10/09 16:25:20 ossec-remoted: CRITICAL: (1103): Could not open file '/queue/rids/sender_counter' due to [(13)-(Permission denied)].
Also remoted
is down...
ps aux | grep ossec
ossec 17742 0.2 0.1 561824 4740 ? Sl 16:25 0:00 /var/ossec/bin/wazuh-db
root 17755 0.0 0.0 29612 2672 ? Sl 16:25 0:00 /var/ossec/bin/ossec-execd
ossec 17762 0.3 0.3 678608 12612 ? Sl 16:25 0:00 /var/ossec/bin/ossec-analysisd
root 17766 5.5 0.1 112548 5284 ? Sl 16:25 0:05 /var/ossec/bin/ossec-syscheckd
root 17776 0.0 0.0 398264 2792 ? Sl 16:25 0:00 /var/ossec/bin/ossec-logcollector
ossec 17788 0.0 0.0 29580 2556 ? Sl 16:25 0:00 /var/ossec/bin/ossec-monitord
root 17791 0.1 0.1 351368 7344 ? Sl 16:25 0:00 /var/ossec/bin/wazuh-modulesd
From my view, this is a bug for both agent and manager:
remoted
down.Best regards,
Jesús
As per wazuh/wazuh#763
Wazuh ubuntu package pre/post installation scripts heavily relay on /tmp having executable flag on.
Often this is not the case and mountpoints like /tmp are nonexectuable .
Ubuntu package pre/post deb script needs to support TMPDIR variable to be set from outside to workaround that.
To replicate:
> mount -o remount,noexec /tmp
> apt-get install wazuh-agent
The following NEW packages will be installed:
wazuh-agent
0 upgraded, 1 newly installed, 0 to remove and 111 not upgraded.
Need to get 0 B/10.2 MB of archives.
After this operation, 108 MB of additional disk space will be used.
Preconfiguring packages ...
Can't exec "/tmp/wazuh-agent.config.RHxwOU": Permission denied at /usr/share/perl/5.18/IPC/Open3.pm line 173.
open2: exec of /tmp/wazuh-agent.config.RHxwOU configure failed at /usr/share/perl5/Debconf/ConfModule.pm line 59.
Selecting previously unselected package wazuh-agent.
(Reading database ... 95889 files and directories currently installed.)
Preparing to unpack .../wazuh-agent_3.2.4-1_amd64.deb ...
Unpacking wazuh-agent (3.2.4-1) ...
Setting up wazuh-agent (3.2.4-1) ...
Are the packages here still maintained? They do not appear to be, there are newer versions of ossec available than 2.8.3
/var/ossec
.
conffiles
for the configuration files: #59wazuh-manager
enables itself on installThis is undesirable behavior. Additionally, this will enable the service after package upgrade/downgrade even when it was disabled previously.
wazuh-manager
will be started upon install/upgrade/downgrade. The only check performed is that the rules are valid.wazuh-packages/rpms/specs/wazuh-manager-2.1.1.spec
Lines 331 to 337 in 13c8220
For example, in a production environment one would stop the service, upgrade the package, apply configuration changes, update rules, and then start it. Currently that is impossible as the service will be started after the package install. The obvious workaround is to introduce a temporary file with invalid syntax so the logtest check fails.
wazuh-agent
has the same issues
Hi team,
currently, the Windows installer for the Wazuh package must be installed using admin permissions, but it can be installed without them. This will cause errors when installing.
The solution is to force that the installer always needs Admin permissions, and in any other case, fail and show a message informing about this.
Regards,
Braulio.
Received the following during install (after apt-get install failed):
$dpkg -i wazuh-agent_3.5.0-1_amd64.deb
Preparing to unpack wazuh-agent_3.5.0-1_amd64.deb ...
mkdir: cannot create directory ‘/tmp/wazuh-agent/group’: File exists
dpkg: error processing archive wazuh-agent_3.5.0-1_amd64.deb (--install):
subprocess new pre-installation script returned error exit status 1
Removing any system startup links for /etc/init.d/wazuh-agent ...
Errors were encountered while processing:
wazuh-agent_3.5.0-1_amd64.deb
Hello team, when upgrading our Wazuh manager or the Wazuh API we have different behavior between them.
But there is a different use case:
This could break integrations with third-party software such as Kibana and a few other things.
Regards!
Hi all,
if you uninstall the wazuh-manager and wazuh-agent package, the wazuh-manager.service
and wazuh-agent.service
are not deleted.
root@ubuntu-bionic:/home/vagrant# find /etc/ -name "*wazuh*"
/etc/rc4.d/K01wazuh-agent
/etc/systemd/system/wazuh-agent.service
/etc/rc0.d/K01wazuh-agent
/etc/rc2.d/K01wazuh-agent
/etc/rc1.d/K01wazuh-agent
/etc/rc6.d/K01wazuh-agent
/etc/init.d/wazuh-agent
/etc/rc3.d/K01wazuh-agent
/etc/rc5.d/K01wazuh-agent
/etc/apt/sources.list.d/wazuh.list
root@ubuntu-bionic:/home/vagrant# systemctl status wazuh-agent
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/etc/systemd/system/wazuh-agent.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Oct 09 14:57:06 ubuntu-bionic env[3773]: Completed.
Oct 09 14:57:06 ubuntu-bionic systemd[1]: Started Wazuh agent.
Oct 09 15:04:04 ubuntu-bionic systemd[1]: Stopping Wazuh agent...
Oct 09 15:04:04 ubuntu-bionic env[3899]: Killing wazuh-modulesd ..
Oct 09 15:04:04 ubuntu-bionic env[3899]: Killing ossec-logcollector ..
Oct 09 15:04:04 ubuntu-bionic env[3899]: Killing ossec-syscheckd ..
Oct 09 15:04:04 ubuntu-bionic env[3899]: Killing ossec-agentd ..
Oct 09 15:04:04 ubuntu-bionic env[3899]: Killing ossec-execd ..
Oct 09 15:04:04 ubuntu-bionic env[3899]: Wazuh v3.7.0 Stopped
Oct 09 15:04:04 ubuntu-bionic systemd[1]: Stopped Wazuh agent.
Dear Wazuh team,
I am trying to find .spec files for the latest Wazuh versions (3.x) and no success so far. I wanted to ask whether this repo will be get in sync with Wazuh upstream, or is there any other repository I should look into?
Thank you,
Vaclav
If you have a "dirty" machine, the installer thinks you are doing an upgrade because it founds some directories under /tmp then it applies some code lines in the wrong way.
We need to review the way we check if it's an upgrade or not.
Regards!
After run yum erase wazuh-manager
the users ossec, ossecr and ossecm remain in the system.
The user ossec also remain in the agent system after uninstall the wazuh-agent.
Tested in CentOS7 with Wazuh 3.6.1
Hi all,
to make it easier to track the changes in the repository and the interaction with the community, it is needed to add to the repository the following:
Hi!
I was testing the dockerized Wazuh and found out the default config file for both manager and agents had two <ossec_config>
root tags.
I'm not sure if this affects ossec or how and I couldn't find any documentation stating wether this is allowed.
I'm unsure if this is on purpose but I just wanted to let you know in case it's a bug.
<!--
Wazuh - Agent - Default configuration for ubuntu 16.04
More info at: https://documentation.wazuh.com
Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->
<ossec_config>
<client>
<server>
<address>MANAGER_IP</address>
<port>1514</port>
<protocol>udp</protocol>
</server>
<config-profile>ubuntu, ubuntu16, ubuntu16.04</config-profile>
<notify_time>60</notify_time>
<time-reconnect>300</time-reconnect>
<auto_restart>yes</auto_restart>
</client>
<client_buffer>
<!-- Agent buffer options -->
<disabled>no</disabled>
<queue_size>5000</queue_size>
<events_per_second>500</events_per_second>
</client_buffer>
<!-- Policy monitoring -->
<rootcheck>
<disabled>no</disabled>
<check_unixaudit>yes</check_unixaudit>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
<skip_nfs>yes</skip_nfs>
</rootcheck>
<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
</wodle>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- File integrity monitoring -->
<syscheck>
<disabled>no</disabled>
<!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<!-- Check the file, but never compute the diff -->
<nodiff>/etc/ssl/private.key</nodiff>
<skip_nfs>yes</skip_nfs>
</syscheck>
<!-- Log analysis -->
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
<!-- Active response -->
<active-response>
<disabled>no</disabled>
<ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
</active-response>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>plain</log_format>
</logging>
</ossec_config>
<ossec_config>
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/auth.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/kern.log</location>
</localfile>
</ossec_config>
wazuh-packages/debs/wazuh-agent/debian/postinst
Lines 39 to 40 in e436bd1
Hi team,
as said in #42, it is necessary to add a new tool to build the Solaris packages using fpm
.
Tasks to do:
preinstall
, postinstall
, preremove
and postinstall
scripts.Regards.
Hi team,
currently, the maintainer scripts of the .deb packages are too generic. The flow charts that you can see here https://wiki.debian.org/MaintainerScripts show how the package must work for all the cases, but, in the maintainer scripts you can see that for many cases, the package will execute the same code:
wazuh-packages/debs/SPECS/3.7.0/wazuh-manager/debian/postrm
Lines 8 to 10 in 084e06b
This may cause errors and leave the package in an inconsistent state.
Hi folks, we are trying to install Wazuh manager 2 from the sources following this guide https://documentation.wazuh.com/2.0/installation-guide/installing-wazuh-server/wazuh_server_deb.html .
The target operating system is Ubuntu 16.04.2 LTS (Xenial Xerus) codename xenial.
However, after adding the GPG-KEY-WAZUH, we get the error :
Some packages could not be authenticated when installing wazuh Manager.
Please see below screenshot
I wonder if you have seen this issue before and if there is any recommendation on how to fix it.
I think there was a mistake with build of the latest i386 package: as you can see from the attached log, it contains x86_64 binaries instead of i386 ones. The previous version of the package (wazuh-agent-3.2.0-1.i386.rpm) is correct. So, the workaround for now is to install the previous version.
[root@rhel5-i386~]# wget https://packages.wazuh.com/3.x/yum/5/wazuh-agent-3.2.1-1.i386.rpm && yum localinstall wazuh-agent-3.2.1-1.i386.rpm -y
Loaded plugins: fastestmirror
Setting up Local Package Process
Examining wazuh-agent-3.2.1-1.i386.rpm: wazuh-agent-3.2.1-1.i386
Marking wazuh-agent-3.2.1-1.i386.rpm to be installed
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package wazuh-agent.i386 0:3.2.1-1 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================
Installing:
wazuh-agent i386 3.2.1-1 /wazuh-agent-3.2.1-1.i386 73 M
Transaction Summary
=============================================================================================================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total size: 73 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : wazuh-agent [# ] 1/1
Installing : wazuh-agent 1/1
Installed:
wazuh-agent.i386 0:3.2.1-1
Complete!
[root@rhel5-i386 ~]# file /var/ossec/bin/*
agent-auth: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
manage_agents: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
ossec-agentd: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
ossec-control: Bourne shell script text executable
ossec-execd: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
ossec-logcollector: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
ossec-lua: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
ossec-luac: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
ossec-syscheckd: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
util.sh: Bourne shell script text executable
wazuh-modulesd: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
sudo apt install wazuh-manager -y
....
/var/ossec/bin/ossec-control restart
....
sudo apt purge wazuh*
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
Nota, seleccionando «wazuh-api» para el global «wazuh*»
Nota, seleccionando «wazuh-agent» para el global «wazuh*»
Nota, seleccionando «wazuh-manager» para el global «wazuh*»
El paquete «wazuh-agent» no está instalado, no se eliminará
El paquete «wazuh-api» no está instalado, no se eliminará
Los siguientes paquetes se ELIMINARÁN:
wazuh-manager*
0 actualizados, 0 nuevos se instalarán, 1 para eliminar y 192 no actualizados.
Se liberarán 118 MB después de esta operación.
¿Desea continuar? [S/n] s
(Leyendo la base de datos ... 271320 ficheros o directorios instalados actualmente.)
Desinstalando wazuh-manager (3.6.0-1) ...
(Leyendo la base de datos ... 270812 ficheros o directorios instalados actualmente.)
Purgando ficheros de configuración de wazuh-manager (3.6.0-1) ...
dpkg: error al procesar el paquete wazuh-manager (--purge):
instalado wazuh-manager paquete post-removal guión el subproceso devolvió un error con estado de salida 1
Se encontraron errores al procesar:
wazuh-manager
E: Sub-process /usr/bin/dpkg returned an error code (1)
Also @chemamartinez adviced an empty folder /var/ossec/bin
The install output is below. Why is the package install trying to access an invalid path and is there a fix?
$apt-get -y install wazuh agent
Setting up wazuh-agent (3.5.0-1) ...
chmod: cannot access ‘/var/ossec//src/init/replace_manager_ip.sh’: No such file or directory
dpkg: error processing package wazuh-agent (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
wazuh-agent
E: Sub-process /usr/bin/dpkg returned an error code (1)
Uninstalling a manager on Ubuntu 18, the complete /var/ossec
folder is removed:
root@ubuntu18:~# apt-get remove wazuh-manager
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
wazuh-manager
0 upgraded, 0 newly installed, 1 to remove and 91 not upgraded.
After this operation, 118 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 180309 files and directories currently installed.)
Removing wazuh-manager (3.5.0-1) ...
root@ubuntu18:~#
root@ubuntu18:~# ls /var/ossec
ls: cannot access '/var/ossec': No such file or directory
root@ubuntu18:~#
On the other hand, the same action for an rpm package leaves some backup files and directories into /var/ossec
:
root@localhost ~ » yum remove wazuh-manager
Complementos cargados:fastestmirror, langpacks
Resolviendo dependencias
--> Ejecutando prueba de transacción
---> Paquete wazuh-manager.x86_64 0:3.5.0-1 debe ser eliminado
--> Resolución de dependencias finalizada
Dependencias resueltas
=======================================================================================================================================
Package Arquitectura Versión Repositorio Tamaño
=======================================================================================================================================
Eliminando:
wazuh-manager x86_64 3.5.0-1 @wazuh_repo 84 M
Resumen de la transacción
=======================================================================================================================================
Eliminar 1 Paquete
Tamaño instalado: 84 M
Está de acuerdo [s/N]:s
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stopping wazuh-manager (via systemctl): [ OK ]
wazuh-clusterd not running...
ossec-monitord not running...
ossec-logcollector not running...
ossec-remoted not running...
ossec-syscheckd not running...
ossec-analysisd not running...
ossec-maild not running...
ossec-execd not running...
wazuh-modulesd not running...
wazuh-db not running...
Wazuh v3.5.0 Stopped
Nota: Reenviando petición a 'systemctl disable wazuh-manager.service'.
Removed symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service.
Stopping wazuh-manager (via systemctl): [ OK ]
libsemanage.semanage_direct_remove_key: Removing last wazuh module (no other wazuh module exists at another priority).
Eliminando : wazuh-manager-3.5.0-1.x86_64 1/1
Comprobando : wazuh-manager-3.5.0-1.x86_64 1/1
Eliminado(s):
wazuh-manager.x86_64 0:3.5.0-1
¡Listo!
root@localhost ~ » ls /var/ossec
backup etc framework logs queue stats var
root@localhost ~ »
We should think about what behavior is expected and apply it to both packages.
It also remains the /var/ossec/var
folder which includes states file useless for future installations.
The current script to build the RPM packages is too complex. It also needs other dependencies as mock
and it takes too much time to build the packages.
Tasks to do:
mock
from the build process. The installation and maintenance of mock
is too hard.rpmbuild/SOURCES
.wazuh-manager.init
and wazuh-agent.init
files from the sources, rather than the one in rpmbuild/SOURCES
.check_files.py output:
Missing:
/Library/Ossec/backup
/Library/Ossec/etc/wpk_root.pem
/Library/Ossec/lib/libwazuhext.so
/Library/Ossec/var/selinux/wazuh.pp
/Library/Ossec/wodles/oscap/content/cve-debian-8-oval.xml
/Library/Ossec/wodles/oscap/content/cve-debian-9-oval.xml
/Library/Ossec/wodles/oscap/content/cve-redhat-6-ds.xml
/Library/Ossec/wodles/oscap/content/cve-redhat-7-ds.xml
/Library/Ossec/wodles/oscap/content/cve-ubuntu-xenial-oval.xml
/Library/Ossec/wodles/oscap/content/ssg-centos-6-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-centos-7-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-debian-8-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-fedora-24-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-rhel-6-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-rhel-7-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml
/Library/Ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml
Extra:
/Library/Ossec/etc/shared/agent.conf [ossec ossec 0644 -rw-r--r--]
/Library/Ossec/lib/libwazuhext.dylib [root wheel 0750 -rwxr-x---]
/Library/Ossec/var/wodles/syscollector [root ossec 0644 -rw-r--r--]
Different:
/Library/Ossec/bin [Wrong: group]
Expected: root root 0750 # drwxr-x---
Found : root wheel 0750 # drwxr-x---
/Library/Ossec/bin/agent-auth [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/manage_agents [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/ossec-agentd [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/ossec-control [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/ossec-execd [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/ossec-logcollector [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/ossec-syscheckd [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/util.sh [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/bin/wazuh-modulesd [Wrong: group]
Expected: root root 0750 # -rwxr-x---
Found : root wheel 0750 # -rwxr-x---
/Library/Ossec/etc/shared/cis_apache2224_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_debian_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_mysql5-6_community_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_rhel5_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_rhel6_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_rhel7_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_rhel_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_sles11_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_sles12_linux_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/rootkit_files.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/rootkit_trojans.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/system_audit_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/system_audit_ssh.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/win_applications_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/win_audit_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/etc/shared/win_malware_rcl.txt [Wrong: user mode]
Expected: root ossec 0660 # -rw-rw----
Found : ossec ossec 0644 # -rw-r--r--
/Library/Ossec/lib [Wrong: group]
Expected: root root 0750 # drwxr-x---
Found : root wheel 0750 # drwxr-x---
/Library/Ossec/var/run/ossec-logcollector-110.pid [Wrong: group]
Expected: root root 0640 # -rw-r-----
Found : root ossec 0640 # -rw-r-----
/Library/Ossec/var/run/ossec-syscheckd-99995.pid [Wrong: group]
Expected: root root 0640 # -rw-r-----
Found : root ossec 0640 # -rw-r-----
We have installed some systemd stuff on our Ubuntu 14.04 but we are still using the old upstart
as init system.
The postinst
script will try to use systemctl
to enable the wazuh agent if the systemd directory /run/systemd/system
exists:
wazuh-packages/debs/wazuh-agent/debian/postinst
Lines 81 to 87 in afb4833
This call fails:
# systemctl enable wazuh-agent
Failed to issue method call: No such file or directory
Could we add another test to check if we still run with upstart?
Something like:
if [ -d /run/systemd/system ] && [[ ! `/sbin/init --version 2>/dev/null` =~ upstart ]]; then
dpkg: atención: al desinstalar wazuh-agent, el directorio «/var/ossec/etc» no está vacío, por lo que no se borra
dpkg: atención: al desinstalar wazuh-agent, el directorio «/var/ossec/var/wodles» no está vacío, por lo que no se borra
Hi,
it seems the current handling (observed in 2.0.1 as well as 2.1.0 packages) of various temporary files (removing / renaming them during the installation on Debian) is causing debsums to fail.
debsums -c wazuh-agent
debsums -c wazuh-manager
I'm not really deep into Debian packaging but from my knowledge files shipped within a package shouldn't be removed during the installation. Instead most packages keep such files in e.g. /usr/share/doc/wazuh-agent/tmp (or similar) and just moving them to the correct place during the installation.
Edit Maybe this can be tackled when doing the move to /opt/ wazuh/wazuh#147
debsums -c wazuh-agent
debsums: missing file /var/ossec/etc/init.d/wazuh-agent (from wazuh-agent package)
debsums: missing file /var/ossec/ossec-init.conf (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/add_localfiles.sh (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/alerts.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/ar-commands.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/ar-definitions.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/auth.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/global-ar.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/global.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/header-comments.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-commands.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/apache-logs.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/audit-logs.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/ossec-logs.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/pgsql-logs.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/snort-logs.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/syslog-logs.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/logging.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/remote-secure.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/remote-syslog.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/rootcheck.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/rules.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/syscheck.agent.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/syscheck.manager.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/wodle-openscap.template (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/src/LOCATION (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/src/REVISION (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/src/VERSION (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/src/init/inst-functions.sh (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/src/init/shared.sh (from wazuh-agent package)
debsums: missing file /var/ossec/tmp/src/init/template-select.sh (from wazuh-agent package)
debsums -c wazuh-manager
debsums: missing file /var/ossec/etc/init.d/wazuh-manager (from wazuh-manager package)
debsums: missing file /var/ossec/ossec-init.conf (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/add_localfiles.sh (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/alerts.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/ar-commands.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/ar-definitions.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/auth.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/global-ar.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/global.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/header-comments.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-commands.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/apache-logs.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/audit-logs.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/ossec-logs.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/pgsql-logs.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/snort-logs.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/localfile-logs/syslog-logs.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/logging.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/remote-secure.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/remote-syslog.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/rootcheck.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/rules.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/syscheck.agent.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/syscheck.manager.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/etc/templates/config/generic/wodle-openscap.template (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/src/LOCATION (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/src/REVISION (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/src/VERSION (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/src/init/inst-functions.sh (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/src/init/shared.sh (from wazuh-manager package)
debsums: missing file /var/ossec/tmp/src/init/template-select.sh (from wazuh-manager package)
Given that there are hashing algos less susceptible to collisions than MD5 (https://www.kb.cert.org/vuls/id/836068) and that Wazuh is software cantered around security, why are MD5 checksums used to verify packages (https://documentation.wazuh.com/current/installation-guide/packages-list/index.html#packages)?
Hi all,
in this PR: #65, the client.keys file was marked as %config(noreplace)
file. This change was to ensure that the client.keys
doesn't get overwritten when you upgrade the package.
This is a change in the right direction, but, packages from previous versions didn't have this file marked as a configuration file. In addition, this package didn't know that this file exists.
This change produce a "bad behavior" when downgrading the packages from v3.7.0. When you install Wazuh v3.7.0 using RPM packages and if you modify the client.keys file, when you perform a downgrade to previous versions, the client.keys will be stored as client.keys.rpmsaved
and a new client.keys file will appear, but empty.
Regards,
Braulio.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.