diff options
Diffstat (limited to 'security/wazuh-agent/files')
3 files changed, 198 insertions, 94 deletions
diff --git a/security/wazuh-agent/files/patch-src-Makefile b/security/wazuh-agent/files/patch-src-Makefile index 70420cde9198..a45608e5dff6 100644 --- a/security/wazuh-agent/files/patch-src-Makefile +++ b/security/wazuh-agent/files/patch-src-Makefile @@ -1,5 +1,5 @@ ---- src/Makefile 2025-04-30 02:30:26.000000000 -0700 -+++ src/Makefile 2025-05-09 19:40:18.856441000 -0700 +--- src/Makefile 2025-09-23 06:59:40.000000000 -0700 ++++ src/Makefile 2025-10-12 08:02:29.393309000 -0700 @@ -49,9 +49,11 @@ HAS_CHECKMODULE = $(shell command -v checkmodule > /dev/null && echo YES) @@ -12,7 +12,7 @@ ARCH_FLAGS = -@@ -110,7 +112,7 @@ +@@ -112,7 +114,7 @@ USE_PRELUDE?=no USE_ZEROMQ?=no USE_GEOIP?=no @@ -21,16 +21,16 @@ USE_BIG_ENDIAN=no USE_AUDIT=no MINGW_HOST=unknown -@@ -175,6 +177,8 @@ +@@ -177,6 +179,8 @@ DEFINES+=-DUSER=\"${WAZUH_USER}\" DEFINES+=-DGROUPGLOBAL=\"${WAZUH_GROUP}\" -+OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include -I${SYSINFO}include -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I./shared_modules/ ++OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include -I${SYSINFO}include -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I${INVENTORY_HARVESTER}include -I./shared_modules/ + ifneq (${TARGET},winagent) DEFINES+=-D${uname_S} ifeq (${uname_S},Linux) -@@ -269,10 +273,10 @@ +@@ -271,13 +275,14 @@ ifeq (${uname_S},FreeBSD) DEFINES+=-DFreeBSD OSSEC_CFLAGS+=-pthread -I/usr/local/include @@ -43,15 +43,19 @@ AR_LDFLAGS+=-L/usr/local/lib AR_LDFLAGS+='-Wl,-rpath,$$ORIGIN/../../lib' PRECOMPILED_OS:=freebsd -@@ -434,7 +438,6 @@ ++ CC?=cc + else + ifeq (${uname_S},NetBSD) + DEFINES+=-DNetBSD +@@ -436,7 +441,6 @@ OSSEC_CFLAGS+=${DEFINES} OSSEC_CFLAGS+=-pipe -Wall -Wextra -std=gnu99 --OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include -I${SYSINFO}include -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I./shared_modules/ +-OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include -I${SYSINFO}include -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I${INVENTORY_HARVESTER}include -I./shared_modules/ OSSEC_CFLAGS += ${CFLAGS} OSSEC_LDFLAGS += ${LDFLAGS} -@@ -531,8 +534,8 @@ +@@ -533,8 +537,8 @@ ifneq (,$(filter ${USE_INOTIFY},YES auto yes y Y 1)) DEFINES+=-DINOTIFY_ENABLED ifeq (${uname_S},FreeBSD) @@ -62,21 +66,21 @@ OSSEC_CFLAGS+=-I/usr/local/include endif endif -@@ -957,6 +960,8 @@ +@@ -960,6 +964,8 @@ EXTERNAL_LIBS += $(LIBCURL_LIB) else ifeq (${uname_S},Linux) EXTERNAL_LIBS += $(LIBCURL_LIB) +else ifeq (${uname_S},FreeBSD) -+ EXTERNAL_LIBS += $(LIBCURL_LIB) ++ EXTERNAL_LIBS += $(LIBCURL_LIB) else ifeq (${uname_S},Darwin) EXTERNAL_LIBS += $(LIBCURL_LIB) endif -@@ -1186,9 +1191,13 @@ +@@ -1193,9 +1199,13 @@ cd $(EXTERNAL_CURL) && CPPFLAGS="-fPIC -I${ROUTE_PATH}/${EXTERNAL_OPENSSL}include" LDFLAGS="-L${ROUTE_PATH}/${EXTERNAL_OPENSSL}" LIBS="-ldl -lpthread" ./configure --with-openssl="${ROUTE_PATH}/${EXTERNAL_OPENSSL}" --disable-ldap --without-libidn2 --without-libpsl --without-brotli --without-nghttp2 --without-zstd endif else +ifeq (${uname_S},FreeBSD) -+ cd $(EXTERNAL_CURL) && CPPFLAGS="-fPIC -I${ROUTE_PATH}/${EXTERNAL_OPENSSL}include" LDFLAGS="-L${ROUTE_PATH}/${EXTERNAL_OPENSSL}" LIBS="-pthread" ./configure --with-ssl="${ROUTE_PATH}/${EXTERNAL_OPENSSL}" --disable-ldap --without-libidn2 --without-brotli --without-nghttp2 --without-librtmp --without-zstd --without-libpsl ++ cd $(EXTERNAL_CURL) && CPPFLAGS="-fPIC -I${ROUTE_PATH}/${EXTERNAL_OPENSSL}include" LDFLAGS="-L${ROUTE_PATH}/${EXTERNAL_OPENSSL}" LIBS="-pthread" ./configure --with-ssl="${ROUTE_PATH}/${EXTERNAL_OPENSSL}" --disable-ldap --without-libidn2 --without-brotli --without-nghttp2 --without-librtmp --without-zstd --without-libpsl +else cd $(EXTERNAL_CURL) && CPPFLAGS="-fPIC -I${ROUTE_PATH}/${EXTERNAL_OPENSSL}include" LDFLAGS="-L${ROUTE_PATH}/${EXTERNAL_OPENSSL}" LIBS="-lpthread" ./configure --with-openssl="${ROUTE_PATH}/${EXTERNAL_OPENSSL}" --disable-ldap --without-libidn2 --without-brotli --without-nghttp2 --without-librtmp --without-zstd --without-libpsl endif @@ -85,7 +89,7 @@ #### procps ######### -@@ -2295,7 +2304,7 @@ +@@ -2308,7 +2318,7 @@ #### FIM ###### wazuh-syscheckd: librootcheck.a libwazuh.a ${WAZUHEXT_LIB} build_shared_modules @@ -94,7 +98,23 @@ #### Monitor ####### -@@ -2473,7 +2482,7 @@ +@@ -2340,13 +2350,13 @@ + os_auth_o := $(os_auth_c:.c=.o) + + os_auth/%.o: os_auth/%.c +- ${OSSEC_CC} ${OSSEC_CFLAGS} -I./os_auth -DARGV0=\"wazuh-authd\" -c $^ -o $@ ++ ${OSSEC_CC} -I${LOCALBASE}/include/libepoll-shim ${OSSEC_CFLAGS} -I./os_auth -DARGV0=\"wazuh-authd\" -c $^ -o $@ + + agent-auth: addagent/validate.o os_auth/main-client.o os_auth/ssl.o os_auth/check_cert.o + ${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ + + wazuh-authd: addagent/validate.o os_auth/main-server.o os_auth/local-server.o os_auth/ssl.o os_auth/check_cert.o os_auth/config.o os_auth/authcom.o os_auth/auth.o os_auth/key_request.o os_auth/generate_cert.o +- ${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ ++ ${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -lepoll-shim -o $@ + + #### integratord ##### + +@@ -2486,7 +2496,7 @@ WPYTHON_DIR := ${INSTALLDIR}/framework/python OPTIMIZE_CPYTHON?=no WPYTHON_TAR=cpython.tar.gz @@ -103,7 +123,7 @@ ifneq (,$(filter ${OPTIMIZE_CPYTHON},YES yes y Y 1)) CPYTHON_FLAGS=--enable-optimizations -@@ -2487,22 +2496,45 @@ +@@ -2500,22 +2510,45 @@ endif ifeq (,$(wildcard ${EXTERNAL_CPYTHON}/python)) @@ -151,7 +171,7 @@ install_dependencies: install_python ifneq (,$(wildcard ${EXTERNAL_CPYTHON})) ${WPYTHON_DIR}/bin/python3 -m pip install --upgrade pip --index-url=file://${ROUTE_PATH}/${EXTERNAL_CPYTHON}/Dependencies/simple -@@ -2519,6 +2551,7 @@ +@@ -2532,6 +2565,7 @@ install_mitre: install_python cd ../tools/mitre && ${WPYTHON_DIR}/bin/python3 mitredb.py -d ${INSTALLDIR}/var/db/mitre.db diff --git a/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp index 86f1fdf985af..929fef4ec8c1 100644 --- a/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp +++ b/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp @@ -1,6 +1,6 @@ ---- src/data_provider/src/sysInfoFreeBSD.cpp 2025-01-15 06:26:54.000000000 -0800 -+++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-02-17 14:38:11.834720000 -0800 -@@ -11,6 +11,7 @@ +--- src/data_provider/src/sysInfoFreeBSD.cpp 2025-09-23 06:59:40.000000000 -0700 ++++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-10-16 15:42:56.638994000 -0700 +@@ -11,20 +11,23 @@ #include "sysInfo.hpp" #include "cmdHelper.h" #include "stringHelper.h" @@ -8,7 +8,9 @@ #include "osinfo/sysOsParsers.h" #include <sys/sysctl.h> #include <sys/vmmeter.h> -@@ -19,12 +20,13 @@ + #include <sys/utsname.h> + #include "sharedDefs.h" ++#include <regex> static void getMemory(nlohmann::json& info) { @@ -25,7 +27,7 @@ if (ret) { -@@ -52,11 +54,23 @@ +@@ -52,11 +55,23 @@ }; } @@ -52,7 +54,7 @@ if (ret) { -@@ -64,11 +78,11 @@ +@@ -64,11 +79,11 @@ { ret, std::system_category(), @@ -66,7 +68,7 @@ info["ram_free"] = ramFree; info["ram_usage"] = 100 - (100 * ramFree / ramTotal); } -@@ -184,8 +198,12 @@ +@@ -184,8 +199,12 @@ nlohmann::json SysInfo::getProcessesInfo() const { @@ -81,7 +83,7 @@ } nlohmann::json SysInfo::getOsInfo() const -@@ -196,11 +214,12 @@ +@@ -196,11 +215,12 @@ if (!spParser->parseUname(Utils::exec("uname -r"), ret)) { @@ -95,93 +97,148 @@ if (uname(&uts) >= 0) { ret["sysname"] = uts.sysname; -@@ -215,18 +234,145 @@ +@@ -215,18 +235,200 @@ nlohmann::json SysInfo::getPorts() const { - // Currently not supported for this OS. - return nlohmann::json {}; -+ const auto query{Utils::exec(R"(sockstat -46qs)")}; -+ -+ /* USER COMMAND PID FD PROTO LOCAL_ADDRESS FOREIGN_ADDRESS PATH_STATE CONN_STATE */ -+ + nlohmann::json ports {}; ++ ++ /* USER COMMAND PID FD PROTO LOCAL_ADDRESS FOREIGN_ADDRESS PATH_STATE CONN_STATE */ ++ ++#if __FreeBSD_version > 1500045 ++ const auto query{exec(R"(sockstat -46qs --libxo json)")}; + + if (!query.empty()) + { -+ const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')}; ++ nlohmann::json portsjson; ++ portsjson = nlohmann::json::parse(query); ++ auto &portsResult = portsjson["sockstat"]["socket"]; + -+ for (const auto& line : lines) -+ { ++ for(auto &port : portsResult) { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; + -+ const auto data{Utils::split(line, ' ')}; -+ auto localdata{Utils::split(data[5], ':')}; -+ auto remotedata{Utils::split(data[6], ':')}; ++ if (port["pid"] != nullptr) { + -+ localip = localdata[0]; -+ localport = localdata[1]; -+ remoteip = remotedata[0]; -+ remoteport = remotedata[1]; ++ localip = port["local"]["address"]; ++ remoteip = port["foreign"]["address"]; ++ statedata = port["conn-state"] != nullptr ? (port["conn-state"] == "LISTEN" ? "listening" : Utils::toLowerCase(port["conn-state"])) : statedata; + -+ if((data[4] != "udp4") && (data[4] != "udp6") && (data[4] != "udp46")) { -+ statedata = Utils::toLowerCase(data[7]); -+ } ++ if (port["local"]["address"] == "*") { ++ if ((port["proto"] == "udp4") || (port["proto"] == "tcp4")) { ++ localip = "0.0.0.0"; ++ } else { ++ localip = "::"; ++ } ++ } + -+ if(statedata == "listen") { -+ statedata = "listening"; -+ } ++ localport = port["local"]["port"]; + -+ if(localdata.size() == 4) { -+ localip = localdata[0] + ":"+ localdata[1] + ":" + localdata[2]; -+ localport = localdata[3]; -+ } ++ if (port["foreign"]["address"] == "*") { ++ if ((port["proto"] == "udp4") || (port["proto"] == "tcp4")) { ++ remoteip = 0.0.0.0; ++ } else { ++ remoteip = "::"; ++ } ++ } + -+ if(localip == "*") { -+ if((data[4] == "tcp6") || (data[4] == "udp6")) { -+ localip = "0:0:0:0:0:0:0:0"; -+ } else if((data[4] == "tcp4") || (data[4] == "udp4")) { -+ localip = "0.0.0.0"; -+ } -+ } ++ remoteport = port["foreign"]["port"]; + -+ if(localport == "*") { -+ localport = "0"; -+ } ++ nlohmann::json portRecord {}; + -+ if(remotedata.size() == 4) { -+ remoteip = remotedata[0] + ":"+ remotedata[1] + ":" + remotedata[2]; -+ remoteport = remotedata[3]; -+ } ++ portRecord["protocol"] = port["proto"]; ++ portRecord["local_ip"] = localip; ++ portRecord["local_port"] = localport == "*" ? "0" : localport; ++ portRecord["remote_ip"] = remoteip; ++ portRecord["remote_port"] = remoteport == "*" ? "0" : remoteport; ++ portRecord["tx_queue"] = 0; ++ portRecord["rx_queue"] = 0; ++ portRecord["inode"] = port["fd"]; ++ portRecord["state"] = statedata == "??" ? "" : statedata; ++ portRecord["pid"] = port["pid"]; ++ portRecord["process"] = port["command"]; + -+ if(remoteport == "*") { -+ remoteip = ""; -+ remoteport = "0"; -+ } ++ ports.push_back(portRecord); ++ } ++ } ++ } ++#else ++ const auto query{Utils::exec(R"(sockstat -46qs)")}; + -+ if(data[0] != "?") { -+ nlohmann::json port {}; -+ port["protocol"] = data[4]; -+ port["local_ip"] = localip; -+ port["local_port"] = localport; -+ port["remote_ip"] = remoteip; -+ port["remote_port"] = remoteport; -+ port["tx_queue"] = 0; -+ port["rx_queue"] = 0; -+ port["inode"] = data[3]; -+ port["state"] = statedata; -+ port["pid"] = data[2]; -+ port["process"] = data[1]; ++ if (!query.empty()) ++ { ++ const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')}; ++ ++ std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)"); ++ ++ for (const auto& line : lines) ++ { ++ std::smatch data; ++ ++ if (std::regex_search(line, data, expression)) ++ { ++ std::string localip = ""; ++ std::string localport = ""; ++ std::string remoteip = ""; ++ std::string remoteport = ""; ++ std::string statedata = ""; ++ ++ auto localdata{Utils::split(data[6], ':')}; ++ auto remotedata{Utils::split(data[7], ':')}; + -+ ports.push_back(port); ++ if (data[8].matched ) { ++ statedata = data[8] == "LISTEN" ? "listening" : Utils::toLowerCase(data[8]); ++ } ++ ++ localport = localdata[localdata.size() - 1]; ++ localdata.pop_back(); ++ localip = Utils::join(localdata, ":"); ++ remoteport = remotedata[remotedata.size() - 1]; ++ remotedata.pop_back(); ++ remoteip = Utils::join(remotedata, ":"); ++ ++ if(localip == "*") { ++ if((data[5] == "tcp4") || (data[5] == "udp4")) { ++ localip = "0.0.0.0"; ++ } else { ++ localip = "::"; ++ } ++ } ++ ++ if(remoteip == "*") { ++ if((data[5] == "tcp4") || (data[5] == "udp4")) { ++ remoteip = "0.0.0.0"; ++ } else { ++ remoteip = "::"; ++ } ++ } ++ ++ if(data[0] != "?") { ++ nlohmann::json port {}; ++ ++ port["protocol"] = data[5]; ++ port["local_ip"] = localip; ++ port["local_port"] = localport == "*" ? "0" : localport; ++ port["remote_ip"] = remoteip; ++ port["remote_port"] = remoteport == "*" ? "0" : remoteport; ++ port["tx_queue"] = 0; ++ port["rx_queue"] = 0; ++ port["inode"] = data[4]; ++ port["state"] = statedata == "??" ? "" : statedata; ++ port["pid"] = data[3]; ++ port["process"] = data[2]; ++ ++ ports.push_back(port); ++ } + } -+ } ++ } + } -+ ++#endif + return ports; } @@ -246,7 +303,7 @@ if (!query.empty()) { -@@ -235,18 +381,22 @@ +@@ -235,6 +437,9 @@ for (const auto& line : lines) { const auto data{Utils::split(line, '|')}; @@ -254,8 +311,11 @@ + const auto sectiondata{Utils::split(data[8], '/')}; + nlohmann::json package; + std::string vendor { UNKNOWN_VALUE }; + std::string email { UNKNOWN_VALUE }; +@@ -244,14 +449,15 @@ package["name"] = data[0]; - package["vendor"] = data[1]; + package["vendor"] = vendor; package["version"] = data[2]; - package["install_time"] = UNKNOWN_VALUE; + package["install_time"] = data[6]; diff --git a/security/wazuh-agent/files/patch-src-shared_modules-utils_stringHelper.h b/security/wazuh-agent/files/patch-src-shared_modules-utils_stringHelper.h index fa94a0278e65..e60c6542e5a4 100644 --- a/security/wazuh-agent/files/patch-src-shared_modules-utils_stringHelper.h +++ b/security/wazuh-agent/files/patch-src-shared_modules-utils_stringHelper.h @@ -1,9 +1,35 @@ ---- src/shared_modules/utils/stringHelper.h.orig 2024-10-17 00:22:27.000000000 -0700 -+++ src/shared_modules/utils/stringHelper.h 2024-10-19 23:58:11.231439000 -0700 -@@ -256,6 +256,17 @@ - return ret; +--- src/shared_modules/utils/stringHelper.h 2025-09-23 06:59:40.000000000 -0700 ++++ src/shared_modules/utils/stringHelper.h 2025-10-16 14:04:29.575997000 -0700 +@@ -19,6 +19,7 @@ + #include <sstream> + #include <string> + #include <vector> ++#include <map> + #if __cplusplus >= 201703L + #include <string_view> + #endif +@@ -150,6 +151,15 @@ + return haystack; } ++ static std::string join(const std::vector<std::string>& vec, const std::string& delimiter) { ++ std::ostringstream joinResult; ++ for (size_t i = 0; i < vec.size(); ++i) { ++ joinResult << vec[i]; ++ if (i != vec.size() - 1) joinResult << delimiter; ++ } ++ return joinResult.str(); ++ } ++ + static std::vector<std::string> split(const std::string& str, const char delimiter) + { + std::vector<std::string> tokens; +@@ -257,6 +267,17 @@ + + // LCOV_EXCL_STOP + return ret; ++ } ++ + static std::string trimToOneSpace(const std::string& str) + { + std::string str_output; @@ -13,8 +39,6 @@ + [](char a,char b){ return std::isspace(a) && std::isspace(b);}); + + return str_output; -+ } -+ + } + static std::string toUpperCase(const std::string& str) - { - std::string temp {str}; |