Merge 4.8.2 into 4.9.0

.github/actions/offline-installation/common.sh

@@ -44,7 +44,7 @@ function check_file() {
 function check_shards() {
 
     retries=0
-    until [ "$(curl -s -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" | grep "number_of_shards")" ] || [ "${retries}" -eq 5 ]; do
+    until [ "$(curl -s -k -u admin:admin "https://127.0.0.1:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" | grep "number_of_shards")" ] || [ "${retries}" -eq 5 ]; do
         sleep 5
         retries=$((retries+1))
     done
@@ -53,7 +53,7 @@ function check_shards() {
         echo "ERROR: Could not get the number of shards."
         exit 1
     fi
-    curl -s -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards"
+    curl -s -k -u admin:admin "https://127.0.0.1:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards"
     echo "INFO: Number of shards detected."
 
 }
@@ -79,13 +79,19 @@ function dashboard_installation() {
         /usr/share/wazuh-dashboard/bin/opensearch-dashboards "-c /etc/wazuh-dashboard/opensearch_dashboards.yml" --allow-root > /dev/null 2>&1 &
     fi
 
-    sleep 10
+    retries=0
     # In this context, 302 HTTP code refers to SSL certificates warning: success.
-    if [ "$(curl -k -s -I -w "%{http_code}" https://localhost -o /dev/null --fail)" -ne "302" ]; then
+    until [ "$(curl -k -s -I -w "%{http_code}" https://127.0.0.1 -o /dev/null --fail)" -ne "302" ] || [ "${retries}" -eq 5 ]; do
+        echo "INFO: Sleeping 10 seconds."
+        sleep 10
+        retries=$((retries+1))
+    done
+    if [ ${retries} -eq 5 ]; then
         echo "ERROR: The Wazuh dashboard installation has failed."
         exit 1
+    else
+        echo "INFO: The Wazuh dashboard is ready."
     fi
-    echo "INFO: The Wazuh dashboard is ready."
 
 }
 
@@ -190,7 +196,7 @@ function indexer_initialize() {
         echo "ERROR: The indexer node is not started."
         exit 1
     fi
-    /usr/share/wazuh-indexer/bin/indexer-init.sh
+    /usr/share/wazuh-indexer/bin/indexer-security-init.sh
 
 }
 
@@ -226,7 +232,7 @@ function indexer_installation() {
 
     indexer_initialize
     sleep 10
-    eval "curl -s -XGET https://localhost:9200 -u admin:admin -k --fail"
+    eval "curl -s -XGET https://127.0.0.1:9200 -u admin:admin -k --fail"
     if [ "${PIPESTATUS[0]}" != 0 ]; then
         echo "ERROR: The Wazuh indexer installation has failed."
         exit 1

.github/actions/passwords-tool/tests-stack-success.sh

@@ -22,7 +22,7 @@ echo '::endgroup::'
 
 echo '::group:: Change all passwords except Wazuh API ones.'
 
-mapfile -t pass < <(bash wazuh-passwords-tool.sh -a | awk '{ print $NF }' | sed \$d | sed '1d' )
+mapfile -t pass < <(bash wazuh-passwords-tool.sh -a | grep 'The password for' | awk '{ print $NF }')
 for i in "${!users[@]}"; do
     if curl -s -XGET https://localhost:9200/ -u "${users[i]}":"${pass[i]}" -k -w %{http_code} | grep "401"; then
         exit 1
@@ -35,7 +35,7 @@ echo '::group:: Change all passwords.'
 
 wazuh_pass="$(cat wazuh-install-files/wazuh-passwords.txt | awk "/username: 'wazuh'/{getline;print;}" | awk '{ print $2 }' | tr -d \' )"
 
-mapfile -t passall < <(bash wazuh-passwords-tool.sh -a -au wazuh -ap "${wazuh_pass}" | awk '{ print $NF }' | sed \$d ) 
+mapfile -t passall < <(bash wazuh-passwords-tool.sh -a -au wazuh -ap "${wazuh_pass}" | grep 'The password for' | awk '{ print $NF }' ) 
 passindexer=("${passall[@]:0:6}")
 passapi=("${passall[@]:(-2)}")
 
@@ -63,7 +63,7 @@ echo '::endgroup::'
 
 echo '::group:: Change all passwords except Wazuh API ones using a file.'
 
-mapfile -t passfile < <(bash wazuh-passwords-tool.sh -f wazuh-install-files/wazuh-passwords.txt | awk '{ print $NF }' | sed \$d | sed '1d' )
+mapfile -t passfile < <(bash wazuh-passwords-tool.sh -f wazuh-install-files/wazuh-passwords.txt | grep 'The password for' | awk '{ print $NF }' ) 
 for i in "${!users[@]}"; do
     if curl -s -XGET https://localhost:9200/ -u "${users[i]}":"${passfile[i]}" -k -w %{http_code} | grep "401"; then
         exit 1
@@ -72,7 +72,7 @@ done
 echo '::endgroup::'
 
 echo '::group:: Change all passwords from a file.'
-mapfile -t passallf < <(bash wazuh-passwords-tool.sh -f wazuh-install-files/wazuh-passwords.txt -au wazuh -ap BkJt92r*ndzN.CkCYWn?d7i5Z7EaUt63 | awk '{ print $NF }' | sed \$d ) 
+mapfile -t passallf < <(bash wazuh-passwords-tool.sh -f wazuh-install-files/wazuh-passwords.txt -au wazuh -ap BkJt92r*ndzN.CkCYWn?d7i5Z7EaUt63 | grep 'The password for' | awk '{ print $NF }' )
 passindexerf=("${passallf[@]:0:6}")
 passapif=("${passallf[@]:(-2)}")
 

.github/workflows/build-deb-packages.yml

@@ -55,7 +55,7 @@ jobs:
         run: |
           MAJOR=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION)
           if [ "${{ steps.changes.outputs.deb_images }}" == "true" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$MAJOR" >> $GITHUB_ENV ; fi
-          if [ $MAJOR == "4.9" ]; then echo "VERSION=master" >> $GITHUB_ENV ; else echo "VERSION=$(cat $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi
+          if [ $MAJOR == "5.0" ]; then echo "VERSION=master" >> $GITHUB_ENV ; else echo "VERSION=$(cat $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi
           echo "CONTAINER_NAME=deb_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV
           if [ "${{ matrix.ARCHITECTURE }}" == "amd64" ]; then echo "CONTAINER_NAME=deb_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; else echo "CONTAINER_NAME=deb_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; fi
 

.github/workflows/build-rpm-packages.yml

@@ -10,6 +10,8 @@ on:
 
 jobs:
   Wazuh-agent-rpm-package-build:
+    env:
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -56,7 +58,7 @@ jobs:
         run: |
           MAJOR=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION)
           if [ "${{ steps.changes.outputs.rpm_images }}" == "true" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$MAJOR" >> $GITHUB_ENV ; fi
-          if [ $MAJOR == "4.9" ]; then echo "VERSION=master" >> $GITHUB_ENV ; else echo "VERSION=$(cat $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi
+          if [ $MAJOR == "5.0" ]; then echo "VERSION=master" >> $GITHUB_ENV ; else echo "VERSION=$(cat $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi
           if [ "${{ matrix.ARCHITECTURE }}" == "x86_64" ]; then echo "CONTAINER_NAME=rpm_${{ matrix.TYPE }}_builder_x86" >> $GITHUB_ENV ; else echo "CONTAINER_NAME=rpm_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; fi
 
       - name: Download docker image for package building
@@ -68,8 +70,13 @@ jobs:
         if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.rpm_images_manager_x86_64 == 'true' || steps.changes.outputs.rpm_images_agent_x86_64 == 'true') && matrix.ARCHITECTURE == 'x86_64')
         working-directory: ./rpms
         run: |
+          if [ "X`git ls-remote --heads https://github.com/wazuh/wazuh.git ${BRANCH_NAME}`" != "X" ]; then
+              W_BRANCH=${BRANCH_NAME}
+          else
+              W_BRANCH=${{ env.VERSION }}
+          fi
           REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g; s/\//./g' )
-          bash generate_rpm_package.sh -b ${{ env.VERSION }} -t ${{ matrix.TYPE }} -a ${{ matrix.ARCHITECTURE }} --dev -j 2 --dont-build-docker --tag ${{ env.TAG }} -r $REVISION
+          bash generate_rpm_package.sh -b ${W_BRANCH} -t ${{ matrix.TYPE }} -a ${{ matrix.ARCHITECTURE }} --dev -j 2 --dont-build-docker --tag ${{ env.TAG }} -r $REVISION
           echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV
 
       - name: Upload Wazuh ${{ matrix.TYPE }} ${{ matrix.ARCHITECTURE }} package as artifact

CHANGELOG.md

@@ -16,6 +16,10 @@ All notable changes to this project will be documented in this file.
 
 - https://github.com/wazuh/wazuh-packages/releases/tag/v4.8.0
 
+## [4.7.3]
+
+- https://github.com/wazuh/wazuh-packages/releases/tag/v4.7.3
+
 ## [4.7.2]
 
 - https://github.com/wazuh/wazuh-packages/releases/tag/v4.7.2

aix/SPECS/wazuh-agent-aix.spec

@@ -292,12 +292,14 @@ rm -fr %{buildroot}
 %changelog
 * Tue May 14 2024 support <[email protected]> - 4.9.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html
-* Tue Mar 26 2024 support <[email protected]> - 4.8.2
+* Wed Apr 17 2024 support <[email protected]> - 4.8.2
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-8-2.html
-* Wed Feb 28 2024 support <[email protected]> - 4.8.1
+* Wed Apr 03 2024 support <[email protected]> - 4.8.1
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html
-* Wed Feb 21 2024 support <[email protected]> - 4.8.0
+* Wed Mar 20 2024 support <[email protected]> - 4.8.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
+* Tue Feb 27 2024 support <[email protected]> - 4.7.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-3.html
 * Tue Jan 09 2024 support <[email protected]> - 4.7.2
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html
 * Wed Dec 13 2023 support <[email protected]> - 4.7.1

debs/SPECS/wazuh-agent/debian/changelog

@@ -20,7 +20,13 @@ wazuh-agent (4.8.0-RELEASE) stable; urgency=low
 
   * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
 
- -- Wazuh, Inc <[email protected]>  Wed, 21 Feb 2024 00:00:00 +0000
+ -- Wazuh, Inc <[email protected]>  Wed, 20 Mar 2024 00:00:00 +0000
+
+wazuh-agent (4.7.3-RELEASE) stable; urgency=low
+
+  * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-3.html
+
+ -- Wazuh, Inc <[email protected]>  Tue, 27 Feb 2024 00:00:00 +0000
 
 wazuh-agent (4.7.2-RELEASE) stable; urgency=low
 

debs/SPECS/wazuh-manager/debian/changelog

@@ -20,7 +20,13 @@ wazuh-manager (4.8.0-RELEASE) stable; urgency=low
 
   * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
 
- -- Wazuh, Inc <[email protected]>  Wed, 21 Feb 2024 00:00:00 +0000
+ -- Wazuh, Inc <[email protected]>  Wed, 20 Mar 2024 00:00:00 +0000
+
+wazuh-manager (4.7.3-RELEASE) stable; urgency=low
+
+  * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-3.html
+
+ -- Wazuh, Inc <[email protected]>  Tue, 27 Feb 2024 00:00:00 +0000
 
 wazuh-manager (4.7.2-RELEASE) stable; urgency=low
 

debs/SPECS/wazuh-manager/debian/control

@@ -8,7 +8,7 @@ Homepage: http://www.wazuh.com
 
 Package: wazuh-manager
 Architecture: any
-Depends: ${shlibs:Depends}, libc6 (>= 2.7), lsb-release, debconf, adduser, xz-utils
+Depends: ${shlibs:Depends}, libc6 (>= 2.7), lsb-release, debconf, adduser
 Suggests: expect
 Conflicts: ossec-hids-agent, wazuh-agent, ossec-hids, wazuh-api
 Replaces: wazuh-api

debs/SPECS/wazuh-manager/debian/postinst

@@ -15,7 +15,6 @@ case "$1" in
     OSMYSHELL="/sbin/nologin"
     SCRIPTS_DIR="${WAZUH_GLOBAL_TMP_DIR}/manager_installation_scripts"
     SCA_BASE_DIR="${SCRIPTS_DIR}/sca"
-    VD_FILENAME='vd_1.0.0_vd_4.8.0.tar.xz'
 
     if [ -d /run/systemd/system ]; then
         rm -f /etc/init.d/wazuh-manager
@@ -72,13 +71,6 @@ case "$1" in
         chown ${USER}:${GROUP} ${DIR}/queue/db/global.db*
     fi
 
-    if [ -f "${DIR}/${VD_FILENAME}" ]; then
-        tar -xf ${DIR}/${VD_FILENAME} -C ${DIR}
-        chown ${USER}:${GROUP} ${DIR}/queue/vd
-        chown ${USER}:${GROUP} ${DIR}/queue/vd_updater
-        rm -rf ${DIR}/${VD_FILENAME}
-    fi
-
     # Delete uncompatible DBs versions
     if [ ! -z $2 ]; then
 
@@ -274,7 +266,7 @@ case "$1" in
             find ${DIR}/ -group ossec -user ossecr -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true
             deluser ossecr > /dev/null 2>&1
         fi
-        if getent group ossec > /dev/null 2>&1; then 
+        if getent group ossec > /dev/null 2>&1; then
             delgroup ossec > /dev/null 2>&1
         fi
     fi
@@ -311,7 +303,7 @@ case "$1" in
     if [ -z "$(ls -A ${WAZUH_GLOBAL_TMP_DIR})" ]; then
         rm -rf ${WAZUH_GLOBAL_TMP_DIR}
     fi
-   
+
     ;;
 
 

debs/SPECS/wazuh-manager/debian/rules

@@ -64,7 +64,7 @@ override_dh_install:
 	USER_GENERATE_AUTHD_CERT="y" \
 	USER_AUTO_START="n" \
 	USER_CREATE_SSL_CERT="n" \
-	DOWNLOAD_CONTENT="yes" \
+	DOWNLOAD_CONTENT="y" \
 	./install.sh
 
 	# Copying init.d script
@@ -156,11 +156,11 @@ override_dh_install:
 	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/20/04
 	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/22/04
 	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/windows
-	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sunos/5/11
-	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/almalinux/9
-	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/8
 	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/9
 	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/almalinux/8
+	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/almalinux/9
+	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sunos/5/11
+	mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/8
 
 	cp -r ruleset/sca/* ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca
 
@@ -219,8 +219,8 @@ override_dh_install:
 	cp etc/templates/config/ubuntu/20/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/20/04
 	cp etc/templates/config/ubuntu/22/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/22/04
 
-	cp etc/templates/config/rocky/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/8
-	cp etc/templates/config/rocky/8/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/9
+	cp etc/templates/config/rocky/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/9
+	cp etc/templates/config/rocky/8/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/8
 
 	cp etc/templates/config/almalinux/8/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/almalinux/8
 	cp etc/templates/config/almalinux/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/almalinux/9

ova/Vagrantfile

@@ -23,4 +23,6 @@ Vagrant.configure("2") do |config|
   # Provision stage
   config.vm.provision :shell, path: "provision.sh", :args => "#{ENV['PACKAGES_REPOSITORY']} #{ENV['DEBUG']}"
 
+  # Provision cleanup stage
+  config.vm.provision :shell, path: "assets/postProvision.sh", :args => "#{ENV['DEBUG']}"
 end

ova/assets/postProvision.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+DEBUG=$1
+[[ ${DEBUG} = "yes" ]] && set -ex || set -e
+
+CURRENT_PATH="$( cd $(dirname $0) ; pwd -P )"
+ASSETS_PATH="${CURRENT_PATH}/assets"
+CUSTOM_PATH="${ASSETS_PATH}/custom"
+SYSTEM_USER="wazuh-user"
+
+# Remove everything related to vagrant
+# mv ${CUSTOM_PATH}/removeVagrant.service /etc/systemd/system/
+# sed -i "s/USER/${SYSTEM_USER}/g" /etc/systemd/system/removeVagrant.service
+# mv ${CUSTOM_PATH}/removeVagrant.sh /home/${SYSTEM_USER}/
+# sed -i "s/USER/${SYSTEM_USER}/g" /home/${SYSTEM_USER}/removeVagrant.sh
+# chmod 755 /home/${SYSTEM_USER}/removeVagrant.sh
+# systemctl daemon-reload
+# systemctl enable removeVagrant.service
+
+# Clear synced files
+rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore
+
+# Remove logs
+find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
+find /var/ossec/logs -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+find /var/log/wazuh-indexer -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+find /var/log/filebeat -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+find /usr/share/wazuh-dashboard/data/wazuh/logs -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+
+history -c
+shutdown -r now > /dev/null 2>&1

ova/assets/steps.sh

@@ -62,16 +62,10 @@ clean() {
 
   rm -f /securityadmin_demo.sh
   yum clean all
-
   systemctl daemon-reload
 
   # Clear synced files
   rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore
-
-  # Remove logs
-  find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
-  find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' \;
-
   cat /dev/null > ~/.bash_history && history -c
 
 }

ova/provision.sh

@@ -8,6 +8,7 @@ BUILDER="builder.sh"
 INSTALLER="wazuh-install.sh"
 SYSTEM_USER="wazuh-user"
 HOSTNAME="wazuh-server"
+INDEXES=("wazuh-alerts-*" "wazuh-archives-*" "wazuh-states-vulnerabilities-*" "wazuh-statistics-*" "wazuh-monitoring-*")
 
 CURRENT_PATH="$( cd $(dirname $0) ; pwd -P )"
 ASSETS_PATH="${CURRENT_PATH}/assets"
@@ -42,9 +43,18 @@ preInstall
 # Install
 bash ${RESOURCES_PATH}/${INSTALLER} ${INSTALL_ARGS}
 
-systemctl stop wazuh-dashboard filebeat wazuh-indexer wazuh-manager
+systemctl stop filebeat wazuh-manager
+
+# Delete indexes
+for index in "${INDEXES[@]}"; do
+    curl -u admin:admin -XDELETE "https://127.0.0.1:9200/$index" -k
+done
+
+# Recreate empty indexes (wazuh-alerts and wazuh-archives)
+bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh -ho 127.0.0.1
+
+systemctl stop wazuh-indexer wazuh-dashboard
 systemctl enable wazuh-manager
-rm -f /var/log/wazuh-indexer/*
-rm -f /var/log/filebeat/*
+
 
 clean