From e8a7505c4edde346723f3350552eb47c7dcbbe76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Tue, 5 Nov 2024 13:18:18 +0100 Subject: [PATCH] Merge 4.10.2 into master (#514) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Init wazuh-indexer (#3) * Update CODEOWNERS * Update README.md and SECURITY.md * Add Wazuh configuration files * Update README.md Signed-off-by: Álex Ruiz * Create codeql.yml Signed-off-by: Álex Ruiz * Update dependabot.yml Signed-off-by: Álex Ruiz * Update SECURITY.md (#30) Signed-off-by: Álex Ruiz * Add ECS mappings generator (#36) * Add ECS mappings generator, documentation and files for vulnerability detector * Add event generator script * Update template settings --------- Signed-off-by: Álex Ruiz * Add default query fields to vulnerability detector index (#40) * Add ECS mappings generator, documentation and files for vulnerability detector * Add event generator script * Add default query fields --------- Signed-off-by: Álex Ruiz * Create gradle_build.yml Signed-off-by: Álex Ruiz * Update gradle_build.yml Signed-off-by: Álex Ruiz * Add a script to configure the rollover policy (#49) * Update ISM init script (#50) * Fix bug with -i option (#51) * Fix bug with -i option * Improve error handling * Update min_doc_count value (#52) * Improve ISM init script (#57) * Improve ISM init script * Change log file path * Update distribution files (#59) * Update config files * Add VERSION file * Update documentation of the ECS tooling (#67) * Add workflow for package generation (#65) * Ignore artifacts folder * Update build script - Updated to v2.11.0 version. - Skipped compilation of the plugins - The artifact nameis sent to a text file, to access it easily in GitHub Actions. * Add GH action to build min packages * Remove commented code * Remove unused code * Add docker compose environment (#66) * Add very basic Docker environment That will do for now * Add latest changes * Update Docker environment - Remove build.md which was included by mistake. - Improve dev.sh script. - Update .gitignore to exclude artifacts folder. - Create .dockerignore file. - Replace get_version.sh script with inline command. - Reduce image size by using alpine as base image. --------- Signed-off-by: Álex Ruiz * Rename packages to wazuh-indexer (#69) * Rename packages to wazuh-indexer * Include VERSION file into packages * Apply Wazuh version to packages names * Improve build.sh script Apply suggestions from ShellCheck * Update vulnerability index mappings (#75) * Remove 'events' ECS field * Add 'wazuh' custom field * Update event_generator.py for vulnerability detector * Update `indexer-ism-init.sh` (#81) Updates the script to upload the wazuh-template.json to the indexer. Signed-off-by: Álex Ruiz * Add workflow to assemble packages (#85) * Add script to assemble arm64 and x64 archives (tar) * Cleanup * Update config file with latest upstream changes * Change packages maintainer information * Fix wrong substitution of config files * Update dockerignore to ignore git folder * Update wazuh-indexer.rpm.spec Remove unnecessary echo commands * Add wazuh-indexer-performance-analyzer.service Required to assembly RPM. The plugin does not install this file, so it needs to be added manually. * Update assemble.sh Successfully assemble RPM x64. Runner needed to arm64 * Update `build.yml` * Add WIP documentation for packages' generation * Test new approach using reusable workflows * Fix errors * Restructure reusable workflow * Fix upload and download paths * New try - Adds a reusable workflow to return the version of Wazuh set in source code. - Attempt to dynamically generate artifacts name to normalize them for usage between jobs. - Adds revision as input for the workflow. - Cleanup * Emulate assemble to test upload of the reusable assembly workflow * Add Caching Gradle dependencies * Remove extra '-' in the packages names on the assembly job * Final cleanup * Enable RPM package assemble Remove unused code * Fix regex to get package name * Fix download-artifact destination path * Exclude unimplemented deb assembly Extend example to run with Act * Fix yellow cluster state (#95) * Add template and settings to disable replicas on ISM plugin internal indices * Fix documentation Replaces exit 1 statements with return 1 * Fix uncommented comment line * Update ism-init script (#97) * Update ism-init script to parametrize the path of the wazuh-template --------- Signed-off-by: Álex Ruiz * Add tools to assemble DEB packages (#96) * Add tools to assemble DEB packages * Move wazuh-indexer-performance-analyzer.service to common * Enable assembly of DEB packages * Enable full set of plugins * Actually skip tar assembly * Add installation of dependencies for DEB assembly * Install dependencies using sudo * Format files * Refactor assemble script * Update README.md Signed-off-by: Álex Ruiz * Build scripts and GH workflows artifacts naming fix (#112) * Build scripts and GH workflows artifacts naming fix * Add git to dev docker image * Fixing jobs' inputs and outputs * remove name input from r_assemble.yml * Setting qualifier to 1 when not specified * Add revision flag to scripts and workflow * Fix copying of packages at assemble.sh * Use suffix variable instead of architecture * Fix suffix name in assemble.sh * Mix solutions to comply with the package naming convention * Remove unused code * Use correct name for assembled package Remove code no longer needed * Remove outdated comments --------- Co-authored-by: Álex Ruiz * Use short SHA as Git reference in packages naming (#100) * Switching to short SHA commit form in package names Signed-off-by: Fede Tux * Update r_commit_sha.yml Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> * Update r_commit_sha.yml Signed-off-by: Álex Ruiz --------- Signed-off-by: Fede Tux Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> Signed-off-by: Álex Ruiz Co-authored-by: Fede Tux Co-authored-by: Álex Ruiz * Remove unneeded files from assembled packages (#115) * add remove files function to assemble.sh * Remove unneeded files on assembled tar packages * Remove duplicated function Fix wrong variable assignment --------- Co-authored-by: Álex Ruiz * Add missing tools and files back into Wazuh Indexer packages (#117) * add remove files function to assemble.sh * Remove unneeded files on assembled tar packages * Remove duplicated function Fix wrong variable assignment * Adding function to package Wazuh`s tools to assemble.sh * Make the files' versions follow the repo's VERSION file * Fix download of Wazuh tools for packages assembly --------- Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz * Remove unneeded symbolic links from assembled packages (#121) * Update issue templates (#127) * Fix RPM package references to /var/run (#119) * Switch /var/run references to /run * Remove unneeded files from assembled packages (#115) * add remove files function to assemble.sh * Remove unneeded files on assembled tar packages * Remove duplicated function Fix wrong variable assignment --------- Co-authored-by: Álex Ruiz * Add missing tools and files back into Wazuh Indexer packages (#117) * add remove files function to assemble.sh * Remove unneeded files on assembled tar packages * Remove duplicated function Fix wrong variable assignment * Adding function to package Wazuh`s tools to assemble.sh * Make the files' versions follow the repo's VERSION file * Fix download of Wazuh tools for packages assembly --------- Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz * Remove unneeded symbolic links from assembled packages (#121) * Remove reference to install_demo_configuration.sh --------- Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz * Removing post-install message from wazuh-indexer.rpm.spec (#131) * Add tests to the packages building process (#132) Runs the workflow on pull request changes * Get Wazuh version from VERSION file (#122) * Add function to look for VERSION in the correct path * Update assemble.sh Adds wget as dependency * Download files using curl instead of wget * Update assemble.sh Revert assembly with minimal plugins for testing Signed-off-by: Álex Ruiz * Add Dockerfile and docker-compose for the package assembly stage * Assemble packages with minimal plugin set when "test" variable is set to "true" * Update README with assemble.sh docker image * Fixing env variable naming convention and removing wget dependency * Improve Docker environments Adds environments to build packages * Fix small typos * More fixes * Add documentation * Adding -p flag to mkdir so it doesnt fail when the folder is already present * Format files --------- Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz * Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130) Co-authored-by: Álex Ruiz * Add `wazuh-template.json` to packages (#116) * Download wazuh-template.json from wazuh/wazuh repo * Add wazuh-template.json to RPM package spec * Setting wazuh-template.json attributes to 660 * Change wazuh-template.json attributes in debmake_install.sh * Put template download command within a function * Small fixes and format * Apply correct file permissions to the wazuh-template.json --------- Co-authored-by: Álex Ruiz * Adding Debian packaging config files from Opensearch (#118) * Adding debian packaging config files from Opensearch * Copy debian/ folder to the build dir for debmake to parse * Remove redundant steps from debian/postinst --------- Co-authored-by: Álex Ruiz * Fix Build workflow to run on push events (#134) * Run workflow on push * Set build workflow inputs to required * Normalize the use of quotes for the build workflow inputs * Add ternary operator * Add missing ternary operator * Use maven for plugin download (#139) * Fine tuning permissions on RPM spec file * Get plugins using maven * Rolling back changes to spec file * Format files --------- Co-authored-by: Álex Ruiz * Add new custom field to the vulnerability detector index (#141) * Add new custom field to the vulnerability detector index * Update event generator tool * Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings * Fine tuning permissions on assembled packages (#137) * Fine tuning permissions on RPM spec file * Build a list of files to be packaged excluding items that need special permissions * Fix bad permissions on directories * Remove system directories from packaging definition * Changing permissions on deb packages * Skip unneeded dh_fixperms stage in debian/rules * Clean & format --------- Co-authored-by: Álex Ruiz * Init. Amazon Security Lake integration (#143) * Init. Amazon Security Lake integration Signed-off-by: Álex Ruiz * Add events generator tool for `wazuh-alerts` (#152) * Add events generator tool for wazuh-alerts * Fix typo in README.md Signed-off-by: Álex Ruiz * Make timestamps timezone aware --------- Signed-off-by: Álex Ruiz Co-authored-by: Fede Tux * Add `wazuh.manager.name` to VD mappings (#158) * Create compatibility_request.md (#163) Signed-off-by: Álex Ruiz * Add Python module to accomplish OCSF compliant events (#159) * Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake * Adding logstash pipeline for python script * encode_parquet() function fixed to handle lists of dictionaries * Correct error in encode_parquet() * Avoid storing the block ending in the output buffer * Add comments on handling files and streams with pyarrow for future reference * Add s3 handling reference links * Write parquet directly to bucket * Added basics of map_to_ocsf() function * Minor fixes * Map alerts to OCSF as they are read * Add script to convert Wazuh events to OCSF Also adds a simple test script * Add OCSF converter + Parquet encoder + test scripts * Update .gitignore * Include the contents of the alert under unmapped * Add support for different OCSF schema versions * Use custom ocsf module to map alerts * Modify script to use converter class * Code polish and fix errors * Remove unnecessary type declaration from debug flag * Improved parquet encoding * Initial commit for test env's docker-compose.yml * Remove sudo references from docker-compose.yml * Add operational Python module to transform events to OCSF * Create minimal Docker environment to test and develop the integration. * Fix events-generator's Inventory starvation * Remove files present in #147 * Cleanup * Add FQDN hostnames to services for certificates creation * Add S3 Ninja (Mock) (#165) * Setup certificates in Wazuh Indexer and Logstash containers (#166) * Add certificate generator service * Add certificate config to docker compose file * Use secrets for certificates * Disable permission handling inside cert's generator entrypoint.sh * Back to using a bind mount for certs * Have entrypoint.sh generate certs with 1000:1000 ownership * Correct certificate permissions and bind mounting * Add security initialization variable to compose file * Fix permissions on certs generator entrypoint * Add cert generator config file * Remove old cert generator dir * Set indexer hostname right in pipeline file * Roll back commented code --------- Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz * Fix Logstash pipelines * Remove unused file * Implement OCSF severity normalize function --------- Signed-off-by: Álex Ruiz Co-authored-by: Fede Tux Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> * Update Gradle setup action (#182) * Attemtp to automate package's testing * Fix typo * Update setup gradle action * Remove file from another PR * Update build.yml Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Update vulnerability-states fields (#177) * Update vulnerability-states fields Adds wazuh.schema.version * Update events generator * Automate package's testing (#178) * Attemtp to automate package's testing * Fix typo * Add sudo * Split test steps and manage errors * Add --no-pager to journalctl * Add certs generator * Improve error handling * Update r_test.yml Fix indentation Signed-off-by: Álex Ruiz * Fix error handling * Add testing of RPM packages * Improve multi-os testing * Add TEST env var * Add braces to if conditionals * Remove all curly braches from if conditionals * braces again * Install RPM package in Docker * Remove sudo for RPM installation * Bind artifacts/dist to RPM docker test container * Bind artifacts/dist to RPM docker test container * Avoid prompt during yum install * Fix bind volume --------- Signed-off-by: Álex Ruiz * Remove ecs.version from query.default_fields (#184) * Upload packages to S3 (#179) * Attemtp to automate package's testing * Add workflow file to upload packages to S3 * Skip testing to test whether the upload works * Fix package names * Fix upload workflow name * Pass secrets to the reusable workflow * Fix indentation * Fix indentation * Remove test workflow from this PR * Add boolean input to control when the package is uploaded to the S3 bucket * [UI/UX] Improve inputs description --------- Signed-off-by: Álex Ruiz * Add bash to Docker dev image (#185) * Update wazuh-states-vulnerabilities index mapping (#191) * Update wazuh-states-vulnerabilities index mapping * Extend ECS Vulnerability fields * Add pipeline to generate release packages (#193) * Add script to get the version of OpenSearch * Set revision to 0 by default. - Reduce inputs for scripts. - Add script to generate packages' naming convention. - Make scripts self-aware of the OpenSearch version. * Fix assemble * Smoke test new pipeline to build packages * Fix syntax errors * Update build.yml Signed-off-by: Álex Ruiz * Add workflow to build packages on push * Run actionlint * Fix jq argjson * Fix set matrix output ? * Try new approach using a single workflow * Fix GITHUB_OUTPUT * Fix baptizer invocation * Add testing and upload to new approach * Fix hard coded revision number on RPM assembly * New attempt * Skip upload unless specified * Install plugins on RPM * Promote new approach Removes previous workflows to generate packages * Fix workflow name * Attempt to fix release package naming * Fix build.sh invocation from workflow * Use min package name in workflow * Use min package name for release naming convention in workflow * Attemtp to fix regex * Upgrade to aws-actions/configure-aws-credentials@v4 Clean up * Apply latest requirements Add workflow with single matrix for QA use. Rename inputs. Add checksum input. * Add checksum generation and upload * Use choice as input types for system and architecture * Invoke build single packages with upload option * Add documentation and clean up * Rename scripts folder to packaging_scripts --------- Signed-off-by: Álex Ruiz * Build Docker images (#194) * Assemble tar packages * Add files to generate Docker images First working version * Fix certs path * clean up * Working indexer in Docker * Add documentation to build Docker images Simplify names of Docker build args * Remove unused Docker dependencies --------- Signed-off-by: Álex Ruiz * Add on.workflow_call to build_single.yml workflow (#200) Allows invocation usin the GH API * Add Pyhton module to implement Amazon Security Lake integration (#186) * Migrate from #147 * Update amazon-security-lake integration - Improved documentation. - Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`. - Development environment now uses OpenSearch 2.12.0. - The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file. - [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script. - [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied. - [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`. - Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`. - [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically - Python3 environment path added to the `indexer-to-integrator` pipeline. * Disable ECS compatibility (auto) - Adds pipeline.ecs_compatibility: disabled at Dockerfile level. - Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container. * Add @timestamp field to sample alerts * Fix Logstash pipelines * Add working indexer-to-s3 pipeline * Add working Python script up to S3 upload * Add latest changes * Remove duplicated line * Replace choice with string on workflow_call (#207) * Use AWS_REGION secret (#209) * Add Lambda function for the Amazon Security Lake integration (#189) * Migrate from #147 * Update amazon-security-lake integration - Improved documentation. - Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`. - Development environment now uses OpenSearch 2.12.0. - The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file. - [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script. - [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied. - [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`. - Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`. - [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically - Python3 environment path added to the `indexer-to-integrator` pipeline. * Disable ECS compatibility (auto) - Adds pipeline.ecs_compatibility: disabled at Dockerfile level. - Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container. * Add @timestamp field to sample alerts * Fix Logstash pipelines * Add working indexer-to-s3 pipeline * Add working Python script up to S3 upload * Add latest changes * Remove duplicated line * Add working environment with minimal AWS lambda function * Mount src folder to Lambda's workdir * Add first functional lambda function Tested on local environment, using S3 Ninja and a Lambda container * Working state * Add documentation * Improve code * Improve code * Clean up * Add instructions to build a deployment package * Make zip file lighter * Use default name for aws_region * Add destination bucket validation * Add env var validation and full destination S3 path * Add AWS_ENDPOINT environment variable * Rename AWS_DEFAULT_REGION * Remove unused env vars * Remove unused file and improve documentation a bit. * Makefile improvements * Use dummy env variables --------- Signed-off-by: Álex Ruiz * Bump Java version in Docker environments (#210) * Fix access denied error during log rotation (#212) * Save intermediate OCSF files to an S3 bucket (#218) * Fix Parquet files format (#217) * Fix mapping to Detection Finding OCSF class (#220) * Map events to OCSF's Security Finding class (#221) * Map events to OCSF's Security Finding class * Improve models (inheritance). Add OCSF_CLASS env variable * Move constants to the models * Fix validation error * Add ID input to workflows (#229) * Added id input * Changed name to run-name * Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231) * Improve workflow's run-name with tagret system and architeture (#237) * Add documentation for the Amazon Security Lake integration (#226) * Add documentation for the Amazon Security Lake integration * Add images via upload Signed-off-by: Álex Ruiz * Add files via upload Signed-off-by: Álex Ruiz * Use jpeg * Add files via upload Signed-off-by: Álex Ruiz * Fix some typos * Add CONTRIBUTING.md * Apply improvements to the ASL docu --------- Signed-off-by: Álex Ruiz * Rename environment variable (#240) * Remove maintainer-approval.yml (#241) * Improve logging and error handling on ASL Lambda function (#242) * Update .gitattributes (#243) * Change . for : in debian's postinst (#245) * Add integration with Elastic (#248) * Add integration with Elastic Draft * Update Elastic integration Draft * Add Elastic integration folder Draft * Changing the kibana system user * Add Elastic integration Working --------- Co-authored-by: Fede Tux * Added S3 URI output to package generation upload (#249) * Added S3 URI output * Added ID input and S3 URI output * Improved workflow run name * Added name statement * Added name statement * Removed file * Added ID input description * Update build.yml --------- Co-authored-by: Álex Ruiz * Add OpenSearch integration (#258) * Add docker environment * Add README Move files to the corresponding folde * Enable TLS in dashboards --------- Co-authored-by: Álex Ruiz * Add Splunk integration (#257) * Add Splunk integration Draft * Fix certificate errors * Add cfssl container to generate and sign splunk certs * Add cfssl configuration fiels * Update Splunk integration --------- Signed-off-by: Álex Ruiz Co-authored-by: Fede Tux * Add Manager to Elastic integration (#266) * Init commit [DRAFT] Adds a Compose environment * Mount alerts as shared volume instead of file * Update documentation and clean up files --------- Co-authored-by: Fede Tux * Add Manager to Splunk integration (#268) * Add Manager to OpenSearch integration (#267) * Add Manager to OpenSearch integreation Also fixes small issues on other integrations * Add changes to README * Attempt nr.2 to fix #277 (#280) * Testy test test * Update artifact name Skip lintian * Update Mantainers for Debian package metadata * Remove references to indexer-ism-init.sh and wazuh-template.json (#281) * Remove references to indexer-ism-init.sh and wazuh-template.json * Roll back remaining content from ISM rollover+alias feature * Remove commented code --------- Co-authored-by: Álex Ruiz * Bump 4.10.0 (#272) * Merge 4.9.1 into 4.10.0 (#358) * Merge 4.9.1 into 4.10.0 (#358) --------- Signed-off-by: Álex Ruiz * Merge 4.9.2 into 4.10.0 (#378) * Fix build.gradle (#381) * Fix build.gradle * Fix build.gradle * Undo changes * Remove old compose files for integrations (#386) * Delete integrations/docker/amazon-security-lake.yml Signed-off-by: Álex Ruiz * Delete integrations/docker/config directory Signed-off-by: Álex Ruiz * Update vulnerability detector index template (#383) * Update VD index template * Remove host.os.family * Merge 4.9.1 into 4.10.0 (#426) * Fix Performance Analyzer service file (#391) * Update SECURITY.md (#411) * Remove prompt about configuration file overwrites on package upgrade (#410) * Make new config files install with .new prefix * Fix errors and add .new prefix to /etc/init.d/wazuh-indexer * Fix errors in build.sh and assemble.sh * Revert "Fix errors in build.sh and assemble.sh" This reverts commit 5dc35007c0fbd8c6f0a54d35e9118a1936fd08f1. * Using noreplace on config files for rpm * Fix issues in debmake.sh * Revert changes to Debian packages --------- Co-authored-by: Álex Ruiz * Update SECURITY.md (#415) Signed-off-by: Raul Del Pozo Moreno * Add Release Notes 4.9.1-rc1 (#421) --------- Signed-off-by: Raul Del Pozo Moreno Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Raul Del Pozo Moreno * Bump version to 4.10.1 (#430) * Support new version 4.10.2 (#441) * Enable assembly of ARM packages (#444) * Merge 4.10.1 into 4.10.2 (#473) * Merge 4.10.0 into 4.10.1 (#470) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Fix release date for 4.10.0 in RPM spec file * Fix release date for 4.10.0 in RPM spec file --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Merge 4.10.1 into 4.10.2 (#513) * Merge 4.10.0 into 4.10.1 (#470) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Fix release date for 4.10.0 in RPM spec file Signed-off-by: Álex Ruiz * Merge 4.10.0 into 4.10.1 (#511) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre and post inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma --------- Signed-off-by: Álex Ruiz Signed-off-by: Fede Tux Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> Signed-off-by: Raul Del Pozo Moreno Signed-off-by: Malena Casas Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Fede Tux Co-authored-by: Fede Tux Co-authored-by: Raul Del Pozo Moreno Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Kevin Ledesma --- distribution/packages/src/deb/debian/postinst | 13 ++++++-- distribution/packages/src/deb/debian/preinst | 4 +++ distribution/packages/src/deb/debian/prerm | 33 ++++++++++++------- .../packages/src/rpm/wazuh-indexer.rpm.spec | 14 +++++++- release-notes/wazuh.release-notes-4.9.1.md | 2 +- 5 files changed, 50 insertions(+), 16 deletions(-) diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst index 4541f924534df..c523ffa260091 100644 --- a/distribution/packages/src/deb/debian/postinst +++ b/distribution/packages/src/deb/debian/postinst @@ -19,7 +19,7 @@ data_dir=/var/lib/wazuh-indexer log_dir=/var/log/wazuh-indexer pid_dir=/run/wazuh-indexer tmp_dir=/var/log/wazuh-indexer/tmp - +restart_service=/tmp/wazuh-indexer.restart # Create needed directories mkdir -p ${tmp_dir} @@ -46,6 +46,15 @@ if command -v systemd-tmpfiles > /dev/null; then systemd-tmpfiles --create wazuh-indexer.conf fi +if [ -f $restart_service ]; then + rm -f $restart_service + echo "Restarting wazuh-indexer service..." + if command -v systemctl > /dev/null; then + systemctl restart wazuh-indexer.service > /dev/null 2>&1 + fi + exit 0 +fi + # Messages echo "### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd" echo " sudo systemctl daemon-reload" @@ -54,5 +63,3 @@ echo "### You can start wazuh-indexer service by executing" echo " sudo systemctl start wazuh-indexer.service" exit 0 - - diff --git a/distribution/packages/src/deb/debian/preinst b/distribution/packages/src/deb/debian/preinst index 2cf7ea70a7466..e36f94b197b5d 100644 --- a/distribution/packages/src/deb/debian/preinst +++ b/distribution/packages/src/deb/debian/preinst @@ -13,10 +13,14 @@ set -e echo "Running Wazuh Indexer Pre-Installation Script" +# Reference to restore actual service status +restart_service=/tmp/wazuh-indexer.restart + # Stop existing service if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then echo "Stop existing wazuh-indexer.service" systemctl --no-reload stop wazuh-indexer.service + touch $restart_service fi if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then echo "Stop existing wazuh-indexer-performance-analyzer.service" diff --git a/distribution/packages/src/deb/debian/prerm b/distribution/packages/src/deb/debian/prerm index a5222b2caae40..f92bbfcf3b69f 100644 --- a/distribution/packages/src/deb/debian/prerm +++ b/distribution/packages/src/deb/debian/prerm @@ -11,16 +11,27 @@ set -e -echo "Running Wazuh Indexer Pre-Removal Script" - -# Stop existing service -if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then - echo "Stop existing wazuh-indexer.service" - systemctl --no-reload stop wazuh-indexer.service -fi -if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then - echo "Stop existing wazuh-indexer-performance-analyzer.service" - systemctl --no-reload stop wazuh-indexer-performance-analyzer.service -fi +case "$1" in + upgrade|deconfigure) + ;; + remove) + echo "Running Wazuh Indexer Pre-Removal Script" + # Stop existing service + if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then + echo "Stop existing wazuh-indexer.service" + systemctl --no-reload stop wazuh-indexer.service + fi + if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then + echo "Stop existing wazuh-indexer-performance-analyzer.service" + systemctl --no-reload stop wazuh-indexer-performance-analyzer.service + fi + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac exit 0 diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index 704c700056a4f..e9420754c1136 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -162,6 +162,7 @@ set -e if command -v systemctl >/dev/null && systemctl is-active %{name}.service >/dev/null; then echo "Stop existing %{name}.service" systemctl --no-reload stop %{name}.service + touch %{tmp_dir}/wazuh-indexer.restart fi if command -v systemctl >/dev/null && systemctl is-active %{name}-performance-analyzer.service >/dev/null; then echo "Stop existing %{name}-performance-analyzer.service" @@ -204,6 +205,15 @@ if command -v systemd-tmpfiles > /dev/null; then systemd-tmpfiles --create %{name}.conf fi +if [ -f %{tmp_dir}/wazuh-indexer.restart ]; then + rm -f %{tmp_dir}/wazuh-indexer.restart + if command -v systemctl > /dev/null; then + echo "Restarting wazuh-indexer service..." + systemctl restart wazuh-indexer.service > /dev/null 2>&1 + exit 0 + fi +fi + # Messages echo "### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd" echo " sudo systemctl daemon-reload" @@ -272,8 +282,10 @@ exit 0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-2.html * Tue Jan 28 2025 support - 4.10.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html -* Tue Nov 26 2024 support - 4.10.0 +* Thu Nov 28 2024 support - 4.10.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-0.html +* Mon Nov 04 2024 support - 4.9.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-2.html * Tue Oct 15 2024 support - 4.9.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-9-1.html * Thu Aug 15 2024 support - 4.9.0 diff --git a/release-notes/wazuh.release-notes-4.9.1.md b/release-notes/wazuh.release-notes-4.9.1.md index 1ba2f5478f08d..16a3f82a18226 100644 --- a/release-notes/wazuh.release-notes-4.9.1.md +++ b/release-notes/wazuh.release-notes-4.9.1.md @@ -1,4 +1,4 @@ -## 2024-09-27 Version 4.9.1-rc2 Release Notes +## 2024-10-15 Version 4.9.1 Release Notes ## [4.9.1] ### Added