Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SPECS to sca file macOS 14 sonoma #2624

Merged
merged 4 commits into from
Nov 23, 2023
Merged

Add SPECS to sca file macOS 14 sonoma #2624

merged 4 commits into from
Nov 23, 2023

Conversation

jotacarma90
Copy link
Member

@jotacarma90 jotacarma90 commented Nov 22, 2023
edited
Loading

Related issue
#2617

Included new macOS 14 sonoma SCA files into packages scripts.

Tests

  • Check the agent package arch AMD installed contain the new SCA file
  • Check the agent package arch ARM installed contain the new SCA file
  • Check the manager package installed contain the new SCA file

@ed108206
Update build.sh
4f3d5e0 
new SCA file
@ed108206
Update wazuh-manager.spec
daf3929 
new SCA file
@ed108206
Update rules
6ca7f4b 
new SCA file
@jotacarma90 jotacarma90 changed the base branch from master to 4.7.1 November 22, 2023 14:07
@jotacarma90 jotacarma90 mentioned this pull request Nov 22, 2023
Closed
2 tasks
@jotacarma90 jotacarma90 linked an issue Nov 22, 2023 that may be closed by this pull request
Add SCA SPECs for macOS Sonoma #2617
Closed
@jotacarma90 jotacarma90 force-pushed the 17149-create-sca-policy-for-macos-14 branch from 6593178 to dff2d82 Compare November 22, 2023 14:28
@jotacarma90
Copy link
Member Author

jotacarma90 commented Nov 22, 2023
edited
Loading

Testing

  • Agent AMD:
➜  ~ sudo installer -pkg wazuh-agent-4.7.1-1.intel64.pkg -target /
Password:
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.
➜  ~ sudo ls /Library/Ossec/ruleset/sca
cis_apple_macOS_14.0.yml
  • Agent ARM:
sh-3.2# installer -pkg wazuh-agent-4.7.1-1.arm64.pkg -target /
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.
sh-3.2# sudo ls /Library/Ossec/ruleset/sca
cis_apple_macOS_14.0.yml
  • Manager CentOS:
[root@centos9 vagrant]# rpm -i wazuh-manager-4.7.1-1.x86_64.rpm 
[root@centos9 vagrant]# ls /var/ossec/ruleset/sca/
cis_amazon_linux_1.yml.disabled       cis_rhel6_linux.yml.disabled
cis_amazon_linux_2.yml.disabled       cis_rhel7_linux.yml.disabled
cis_apache_24.yml.disabled            cis_rhel8_linux.yml.disabled
cis_apple_macOS_10.11.yml.disabled    cis_rhel9_linux.yml.disabled
cis_apple_macOS_10.12.yml.disabled    cis_sles11_linux.yml.disabled
cis_apple_macOS_10.13.yml.disabled    cis_sles12_linux.yml.disabled
cis_apple_macOS_10.14.yml.disabled    cis_sles15_linux.yml.disabled
cis_apple_macOS_10.15.yml.disabled    cis_solaris11.4.yml.disabled
cis_apple_macOS_11.1.yml.disabled     cis_solaris11.yml.disabled
cis_apple_macOS_12.0.yml.disabled     cis_sqlserver_2012.yml.disabled
cis_apple_macOS_13.x.yml.disabled     cis_sqlserver_2014.yml.disabled
cis_apple_macOS_14.0.yml.disabled     cis_sqlserver_2016.yml.disabled
cis_centos6_linux.yml.disabled        cis_sqlserver_2017.yml.disabled
cis_centos7_linux.yml.disabled        cis_sqlserver_2019.yml.disabled
cis_centos8_linux.yml                 cis_ubuntu14-04.yml.disabled
cis_debian10.yml.disabled             cis_ubuntu16-04.yml.disabled
cis_debian7.yml.disabled              cis_ubuntu18-04.yml.disabled
cis_debian8.yml.disabled              cis_ubuntu20-04.yml.disabled
cis_debian9.yml.disabled              cis_ubuntu22-04.yml.disabled
cis_iis_10.yml.disabled               cis_win10_enterprise.yml.disabled
cis_mongodb_36.yml.disabled           cis_win11_enterprise.yml.disabled
cis_mysql5-6_community.yml.disabled   cis_win2012r2.yml.disabled
cis_mysql5-6_enterprise.yml.disabled  cis_win2016.yml.disabled
cis_nginx_1.yml.disabled              cis_win2019.yml.disabled
cis_oracle_database_19c.yml.disabled  cis_win2022.yml.disabled
cis_postgre-sql-13.yml.disabled       sca_unix_audit.yml.disabled
cis_rhel5_linux.yml.disabled          web_vulnerabilities.yml.disabled

mjcr99
mjcr99 approved these changes Nov 22, 2023
View reviewed changes
Copy link
Member

@mjcr99 mjcr99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vikman90 vikman90 merged commit 59c131a into 4.7.1 Nov 23, 2023
50 checks passed
@vikman90 vikman90 deleted the 17149-create-sca-policy-for-macos-14 branch November 23, 2023 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjcr99 mjcr99 mjcr99 approved these changes

@ed108206 ed108206 Awaiting requested review from ed108206

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add SCA SPECs for macOS Sonoma
4 participants
@jotacarma90 @mjcr99 @vikman90 @ed108206