diff --git a/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh b/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh new file mode 100644 index 0000000000..83b32e8fce --- /dev/null +++ b/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh @@ -0,0 +1,22 @@ +GITHUB_PUSH_SECRET=$1 +GITHUB_USER=$2 +DOCKER_IMAGE_NAME=$3 +BUILD_CONTEXT=$4 +DOCKERFILE_PATH="$BUILD_CONTEXT/Dockerfile" +if [ -n "$5" ]; then + DOCKER_IMAGE_TAG=$5 +else + DOCKER_IMAGE_TAG="latest" +fi +GITHUB_REPOSITORY="wazuh/wazuh-packages" +GITHUB_OWNER="wazuh" +IMAGE_ID=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} +IMAGE_ID=$(echo ${IMAGE_ID} | tr '[A-Z]' '[a-z]') + +# Login to GHCR +echo ${GITHUB_PUSH_SECRET} | docker login https://ghcr.io -u $GITHUB_USER --password-stdin + +# Build image +echo build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} +docker build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} +docker push ${IMAGE_ID} \ No newline at end of file diff --git a/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh b/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh new file mode 100644 index 0000000000..ffc41ecce2 --- /dev/null +++ b/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh @@ -0,0 +1,20 @@ +set -x +GITHUB_PUSH_SECRET=$1 +GITHUB_USER=$2 +DOCKER_IMAGE_NAME=$3 +if [ -n "$4" ]; then + DOCKER_IMAGE_TAG="$4" +else + DOCKER_IMAGE_TAG="latest" +fi +GITHUB_REPOSITORY="wazuh/wazuh-packages" +GITHUB_OWNER="wazuh" +IMAGE_ID=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} +IMAGE_ID=$(echo ${IMAGE_ID} | tr '[A-Z]' '[a-z]') + +# Login to GHCR +echo ${GITHUB_PUSH_SECRET} | docker login https://ghcr.io -u $GITHUB_USER --password-stdin + +# Pull and rename image +docker pull ${IMAGE_ID} +docker image tag ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} ${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} diff --git a/.github/actions/offline-installation/common.sh b/.github/actions/offline-installation/common.sh new file mode 100644 index 0000000000..d9b73447c1 --- /dev/null +++ b/.github/actions/offline-installation/common.sh @@ -0,0 +1,311 @@ +#!/bin/bash + +function check_package() { + + if [ "${sys_type}" == "deb" ]; then + if ! apt list --installed 2>/dev/null | grep -q "${1}"; then + echo "INFO: The package "${1}" is not installed." + return 1 + fi + elif [ "${sys_type}" == "rpm" ]; then + if ! yum list installed 2>/dev/null | grep -q "${1}"; then + echo "INFO: The package "${1}" is not installed." + return 1 + fi + fi + return 0 + +} + +function check_system() { + + if [ -n "$(command -v yum)" ]; then + sys_type="rpm" + echo "INFO: RPM system detected." + elif [ -n "$(command -v apt-get)" ]; then + sys_type="deb" + echo "INFO: DEB system detected." + else + echo "ERROR: could not detect the system." + exit 1 + fi + +} + +function check_file() { + + if [ ! -f "${1}" ]; then + echo "ERROR: The ${1} file could not be downloaded." + exit 1 + fi + +} + +function check_shards() { + + retries=0 + until [ "$(curl -s -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" | grep "number_of_shards")" ] || [ "${retries}" -eq 5 ]; do + sleep 5 + retries=$((retries+1)) + done + + if [ ${retries} -eq 5 ]; then + echo "ERROR: Could not get the number of shards." + exit 1 + fi + curl -s -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" + echo "INFO: Number of shards detected." + +} + +function dashboard_installation() { + + install_package "wazuh-dashboard" + check_package "wazuh-dashboard" + + echo "INFO: Generating certificates of the Wazuh dashboard..." + NODE_NAME=dashboard + mkdir /etc/wazuh-dashboard/certs + mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem + mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem + cp wazuh-certificates/root-ca.pem /etc/wazuh-dashboard/certs/ + chmod 500 /etc/wazuh-dashboard/certs + chmod 400 /etc/wazuh-dashboard/certs/* + chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs + + if [ "${sys_type}" == "deb" ]; then + enable_start_service "wazuh-dashboard" + elif [ "${sys_type}" == "rpm" ]; then + /usr/share/wazuh-dashboard/bin/opensearch-dashboards "-c /etc/wazuh-dashboard/opensearch_dashboards.yml" --allow-root > /dev/null 2>&1 & + fi + + sleep 10 + # In this context, 302 HTTP code refers to SSL certificates warning: success. + if [ "$(curl -k -s -I -w "%{http_code}" https://localhost -o /dev/null --fail)" -ne "302" ]; then + echo "ERROR: The Wazuh dashboard installation has failed." + exit 1 + fi + echo "INFO: The Wazuh dashboard is ready." + +} + +function download_resources() { + + check_file "${ABSOLUTE_PATH}"/wazuh-install.sh + bash "${ABSOLUTE_PATH}"/wazuh-install.sh -dw "${sys_type}" + echo "INFO: Downloading the resources..." + + curl -sO https://packages.wazuh.com/4.3/config.yml + check_file "config.yml" + + sed -i -e '0,// s//127.0.0.1/' config.yml + sed -i -e '0,// s//127.0.0.1/' config.yml + sed -i -e '0,// s//127.0.0.1/' config.yml + + curl -sO https://packages.wazuh.com/4.3/wazuh-certs-tool.sh + check_file "wazuh-certs-tool.sh" + chmod 744 wazuh-certs-tool.sh + ./wazuh-certs-tool.sh --all + + tar xf wazuh-offline.tar.gz + echo "INFO: Download finished." + + if [ ! -d ./wazuh-offline ]; then + echo "ERROR: Could not download the resources." + exit 1 + fi + +} + +function enable_start_service() { + + systemctl daemon-reload + systemctl enable "${1}" + systemctl start "${1}" + + retries=0 + until [ "$(systemctl status "${1}" | grep "active")" ] || [ "${retries}" -eq 3 ]; do + sleep 2 + retries=$((retries+1)) + systemctl start "${1}" + done + + if [ ${retries} -eq 3 ]; then + echo "ERROR: The "${1}" service could not be started." + exit 1 + fi + +} + +function filebeat_installation() { + + install_package "filebeat" + check_package "filebeat" + + cp ./wazuh-offline/wazuh-files/filebeat.yml /etc/filebeat/ &&\ + cp ./wazuh-offline/wazuh-files/wazuh-template.json /etc/filebeat/ &&\ + chmod go+r /etc/filebeat/wazuh-template.json + + sed -i 's|\("index.number_of_shards": \)".*"|\1 "1"|' /etc/filebeat/wazuh-template.json + filebeat keystore create + echo admin | filebeat keystore add username --stdin --force + echo admin | filebeat keystore add password --stdin --force + tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.4.tar.gz -C /usr/share/filebeat/module + + echo "INFO: Generating certificates of Filebeat..." + NODE_NAME=wazuh-1 + mkdir /etc/filebeat/certs + mv -n wazuh-certificates/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem + mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem + cp wazuh-certificates/root-ca.pem /etc/filebeat/certs/ + chmod 500 /etc/filebeat/certs + chmod 400 /etc/filebeat/certs/* + chown -R root:root /etc/filebeat/certs + + if [ "${sys_type}" == "deb" ]; then + enable_start_service "filebeat" + elif [ "${sys_type}" == "rpm" ]; then + /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat & + fi + + sleep 10 + check_shards + eval "filebeat test output" + if [ "${PIPESTATUS[0]}" != 0 ]; then + echo "ERROR: The Filebeat installation has failed." + exit 1 + fi + +} + +function indexer_initialize() { + + retries=0 + until [ "$(cat /var/log/wazuh-indexer/wazuh-cluster.log | grep "Node started")" ] || [ "${retries}" -eq 5 ]; do + sleep 5 + retries=$((retries+1)) + done + + if [ ${retries} -eq 5 ]; then + echo "ERROR: The indexer node is not started." + exit 1 + fi + /usr/share/wazuh-indexer/bin/indexer-init.sh + +} + +function indexer_installation() { + + if [ "${sys_type}" == "rpm" ]; then + rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH + fi + + install_package "wazuh-indexer" + check_package "wazuh-indexer" + + echo "INFO: Generating certificates of the Wazuh indexer..." + NODE_NAME=node-1 + mkdir /etc/wazuh-indexer/certs + mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem + mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem + mv wazuh-certificates/admin-key.pem /etc/wazuh-indexer/certs/ + mv wazuh-certificates/admin.pem /etc/wazuh-indexer/certs/ + cp wazuh-certificates/root-ca.pem /etc/wazuh-indexer/certs/ + chmod 500 /etc/wazuh-indexer/certs + chmod 400 /etc/wazuh-indexer/certs/* + chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs + + sed -i 's|\(network.host: \)"0.0.0.0"|\1"127.0.0.1"|' /etc/wazuh-indexer/opensearch.yml + + if [ "${sys_type}" == "rpm" ]; then + runuser "wazuh-indexer" --shell="/bin/bash" --command="OPENSEARCH_PATH_CONF=/etc/wazuh-indexer /usr/share/wazuh-indexer/bin/opensearch" > /dev/null 2>&1 & + sleep 5 + elif [ "${sys_type}" == "deb" ]; then + enable_start_service "wazuh-indexer" + fi + + indexer_initialize + sleep 10 + eval "curl -s -XGET https://localhost:9200 -u admin:admin -k --fail" + if [ "${PIPESTATUS[0]}" != 0 ]; then + echo "ERROR: The Wazuh indexer installation has failed." + exit 1 + fi + +} + +function install_dependencies() { + + if [ "${sys_type}" == "rpm" ]; then + dependencies=( util-linux initscripts openssl ) + not_installed=() + for dep in "${dependencies[@]}"; do + if [ "${dep}" == "openssl" ]; then + if ! yum list installed 2>/dev/null | grep -q "${dep}\.";then + not_installed+=("${dep}") + fi + elif ! yum list installed 2>/dev/null | grep -q "${dep}";then + not_installed+=("${dep}") + fi + done + + if [ "${#not_installed[@]}" -gt 0 ]; then + echo "--- Dependencies ---" + for dep in "${not_installed[@]}"; do + echo "Installing $dep." + eval "yum install ${dep} -y" + if [ "${PIPESTATUS[0]}" != 0 ]; then + echo "ERROR: Cannot install dependency: ${dep}." + exit 1 + fi + done + fi + + elif [ "${sys_type}" == "deb" ]; then + eval "apt-get update -q > /dev/null" + dependencies=( openssl ) + not_installed=() + + for dep in "${dependencies[@]}"; do + if ! apt list --installed 2>/dev/null | grep -q "${dep}"; then + not_installed+=("${dep}") + fi + done + + if [ "${#not_installed[@]}" -gt 0 ]; then + echo "--- Dependencies ----" + for dep in "${not_installed[@]}"; do + echo "Installing $dep." + apt-get install -y "${dep}" + if [ "${install_result}" != 0 ]; then + echo "ERROR: Cannot install dependency: ${dep}." + exit 1 + fi + done + fi + fi + +} + +function install_package() { + + if [ "${sys_type}" == "deb" ]; then + dpkg -i ./wazuh-offline/wazuh-packages/"${1}"*.deb + elif [ "${sys_type}" == "rpm" ]; then + rpm -ivh ./wazuh-offline/wazuh-packages/"${1}"*.rpm + fi + +} + +function manager_installation() { + + install_package "wazuh-manager" + check_package "wazuh-manager" + + if [ "${sys_type}" == "deb" ]; then + enable_start_service "wazuh-manager" + elif [ "${sys_type}" == "rpm" ]; then + /var/ossec/bin/wazuh-control start + fi + +} diff --git a/.github/actions/offline-installation/offline-installation.sh b/.github/actions/offline-installation/offline-installation.sh new file mode 100644 index 0000000000..787b20bf66 --- /dev/null +++ b/.github/actions/offline-installation/offline-installation.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Gets the absolute path of the script, used to load the common.sh file +ABSOLUTE_PATH="$( cd $(dirname ${0}) ; pwd -P )" +. ${ABSOLUTE_PATH}/common.sh + +check_system +install_dependencies +download_resources + +indexer_installation +echo "INFO: Wazuh indexer installation completed." + +manager_installation +echo "INFO: Wazuh manager installation completed." + +filebeat_installation +echo "INFO: Filebeat installation completed." + +dashboard_installation +echo "INFO: Wazuh dashboard installation completed." diff --git a/.github/actions/test-install-components/install_component.sh b/.github/actions/test-install-components/install_component.sh new file mode 100644 index 0000000000..2d8ea93cc5 --- /dev/null +++ b/.github/actions/test-install-components/install_component.sh @@ -0,0 +1,35 @@ +#!/bin/bash +echo "Installing Wazuh $2." + +if [ -f /etc/os-release ]; then + source /etc/os-release + if [ "$ID" = "centos" ] && [ "$VERSION_ID" = "8" ]; then + find /etc/yum.repos.d/ -type f -exec sed -i 's/mirrorlist/#mirrorlist/g' {} \; + find /etc/yum.repos.d/ -type f -exec sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' {} \; + fi + + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then + echo "deb http://archive.debian.org/debian stretch contrib main non-free" > /etc/apt/sources.list + echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list + fi +fi + +if [ -f /etc/redhat-release ]; then + VERSION=$(cat /etc/redhat-release) + if [ "$VERSION" = "CentOS release 6.9 (Final)" ]; then + curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo + fi +fi + +if [ -n "$(command -v yum)" ]; then + sys_type="yum" +elif [ -n "$(command -v apt-get)" ]; then + sys_type="apt-get" + apt-get update + apt-get install -y systemd +else + common_logger -e "Couldn't find type of system" + exit 1 +fi + +$sys_type install -y "/packages/$1" \ No newline at end of file diff --git a/.github/actions/upgrade-indexer/common.sh b/.github/actions/upgrade-indexer/common.sh index 78f27904f3..e9be978e93 100644 --- a/.github/actions/upgrade-indexer/common.sh +++ b/.github/actions/upgrade-indexer/common.sh @@ -78,7 +78,7 @@ function read_files() { # Change only the old files if [ "${2}" == "old" ]; then - echo "# Adding a new line to force changed checksum" >> ${f} + echo "# Adding a new line to force changed checksum" >> ${file} echo "Changed file." fi checksum=`md5sum ${file} | cut -d " " -f1` diff --git a/.github/workflows/add-issues-to-projects.yml b/.github/workflows/add-issues-to-projects.yml new file mode 100644 index 0000000000..9a0ecd16e4 --- /dev/null +++ b/.github/workflows/add-issues-to-projects.yml @@ -0,0 +1,25 @@ +name: Add opened issues to projects + +on: + issues: + types: + - opened + - transferred + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v0.4.0 + with: + # You can target a repository in a different organization + # to the issue + project-url: https://github.com/orgs/wazuh/projects/3 + github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} + - uses: actions/add-to-project@v0.4.0 + with: + # You can target a repository in a different organization + # to the issue + project-url: https://github.com/orgs/wazuh/projects/15 + github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml new file mode 100644 index 0000000000..cbc3be2661 --- /dev/null +++ b/.github/workflows/build-deb-packages.yml @@ -0,0 +1,81 @@ +name: Build Wazuh Packages - DEB - amd64 and i386 +on: + pull_request: + paths: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + workflow_dispatch: + workflow_call: + +jobs: + Wazuh-agent-deb-package-build: + runs-on: ubuntu-latest + strategy: + matrix: + TYPE: [agent, manager] + ARCHITECTURE : [amd64, i386] + exclude: + - TYPE: manager + ARCHITECTURE: i386 + fail-fast: false + + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + deb_images: + - 'debs/Debian/**' + - 'debs/build.sh' + deb_images_agent_i386: + - 'debs/Debian/7/i386/**' + - 'debs/build.sh' + deb_images_manager_amd64: + - 'debs/Debian/8/amd64/**' + - 'debs/build.sh' + deb_images_agent_amd64: + - 'debs/Debian/7/amd64/**' + - 'debs/build.sh' + deb_packages: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + + - name: Set tag and container name + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.deb_images_manager_amd64 == 'true' || steps.changes.outputs.deb_images_agent_amd64 == 'true') && matrix.ARCHITECTURE == 'amd64') + run: | + MAJOR=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION) + if [ "${{ steps.changes.outputs.deb_images }}" == "true" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$MAJOR" >> $GITHUB_ENV ; fi + if [ $MAJOR == "4.9" ]; then echo "VERSION=master" >> $GITHUB_ENV ; else echo "VERSION=$(cat $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi + echo "CONTAINER_NAME=deb_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV + if [ "${{ matrix.ARCHITECTURE }}" == "amd64" ]; then echo "CONTAINER_NAME=deb_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; else echo "CONTAINER_NAME=deb_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; fi + + - name: Download docker image for package building + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.deb_images_manager_amd64 == 'true' || steps.changes.outputs.deb_images_agent_amd64 == 'true') && matrix.ARCHITECTURE == 'amd64') + run: | + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} $CONTAINER_NAME ${{ env.TAG }} + + - name: Build the ${{ matrix.ARCHITECTURE }} deb Wazuh ${{ matrix.TYPE }} package + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.deb_images_manager_amd64 == 'true' || steps.changes.outputs.deb_images_agent_amd64 == 'true') && matrix.ARCHITECTURE == 'amd64') + working-directory: ./debs + run: | + REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g; s/\//./g' ) + bash generate_debian_package.sh -b ${{ env.VERSION }} -t ${{ matrix.TYPE }} -a ${{ matrix.ARCHITECTURE }} --dev -j 2 --dont-build-docker --tag ${{ env.TAG }} -r $REVISION + echo "PACKAGE_NAME=$(ls ./output | grep .deb | head -n 1)" >> $GITHUB_ENV + + - name: Upload Wazuh ${{ matrix.TYPE }} ${{ matrix.ARCHITECTURE }} package as artifact + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.deb_images_manager_amd64 == 'true' || steps.changes.outputs.deb_images_agent_amd64 == 'true') && matrix.ARCHITECTURE == 'amd64') + uses: actions/upload-artifact@v2 + with: + name: ${{ env.PACKAGE_NAME }} + path: ${{github.workspace}}/debs/output/${{ env.PACKAGE_NAME }} + if-no-files-found: error diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml new file mode 100644 index 0000000000..4ec751130f --- /dev/null +++ b/.github/workflows/build-rpm-packages.yml @@ -0,0 +1,81 @@ +name: Build Wazuh Packages - RPM - x86_64 and i386 +on: + pull_request: + paths: + - 'rpms/SPECS/*' + - 'rpms/generate_rpm_package.sh' + workflow_dispatch: + workflow_call: + + +jobs: + Wazuh-agent-rpm-package-build: + runs-on: ubuntu-latest + strategy: + matrix: + TYPE: [agent, manager] + ARCHITECTURE : [x86_64, i386] + exclude: + - TYPE: manager + ARCHITECTURE: i386 + fail-fast: false + + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + rpm_images: + - 'rpms/CentOS/**' + - 'rpms/build.sh' + rpm_images_agent_i386: + - 'rpms/CentOS/6/i386/**' + - 'rpms/build.sh' + rpm_images_agent_x86_64: + - 'rpms/CentOS/6/x86_64/**' + - 'rpms/build.sh' + rpm_images_manager_x86_64: + - 'rpms/CentOS/7/x86_64/**' + - 'rpms/build.sh' + rpm_packages: + - 'rpms/SPECS/**' + - 'rpms/generate_rpm_package.sh' + + - name: Set tag and container name + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.rpm_images_manager_x86_64 == 'true' || steps.changes.outputs.rpm_images_agent_x86_64 == 'true') && matrix.ARCHITECTURE == 'x86_64') + run: | + MAJOR=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION) + if [ "${{ steps.changes.outputs.rpm_images }}" == "true" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$MAJOR" >> $GITHUB_ENV ; fi + if [ $MAJOR == "4.9" ]; then echo "VERSION=master" >> $GITHUB_ENV ; else echo "VERSION=$(cat $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi + if [ "${{ matrix.ARCHITECTURE }}" == "x86_64" ]; then echo "CONTAINER_NAME=rpm_${{ matrix.TYPE }}_builder_x86" >> $GITHUB_ENV ; else echo "CONTAINER_NAME=rpm_${{ matrix.TYPE }}_builder_${{ matrix.ARCHITECTURE }}" >> $GITHUB_ENV ; fi + + - name: Download docker image for package building + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.rpm_images_manager_x86_64 == 'true' || steps.changes.outputs.rpm_images_agent_x86_64 == 'true') && matrix.ARCHITECTURE == 'x86_64') + run: | + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/pull_image_from_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} $CONTAINER_NAME ${{ env.TAG }} + + - name: Build the ${{ matrix.ARCHITECTURE }} rpm Wazuh ${{ matrix.TYPE }} package + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.rpm_images_manager_x86_64 == 'true' || steps.changes.outputs.rpm_images_agent_x86_64 == 'true') && matrix.ARCHITECTURE == 'x86_64') + working-directory: ./rpms + run: | + REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g; s/\//./g' ) + bash generate_rpm_package.sh -b ${{ env.VERSION }} -t ${{ matrix.TYPE }} -a ${{ matrix.ARCHITECTURE }} --dev -j 2 --dont-build-docker --tag ${{ env.TAG }} -r $REVISION + echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV + + - name: Upload Wazuh ${{ matrix.TYPE }} ${{ matrix.ARCHITECTURE }} package as artifact + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || ((steps.changes.outputs.rpm_images_manager_x86_64 == 'true' || steps.changes.outputs.rpm_images_agent_x86_64 == 'true') && matrix.ARCHITECTURE == 'x86_64') + uses: actions/upload-artifact@v2 + with: + name: ${{ env.PACKAGE_NAME }} + path: ${{github.workspace}}/rpms/output/${{ env.PACKAGE_NAME }} + if-no-files-found: error diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml new file mode 100644 index 0000000000..66f1f5b0ef --- /dev/null +++ b/.github/workflows/bump-version.yml @@ -0,0 +1,63 @@ + +name: Bump version - wazuh-packages +on: + workflow_dispatch: + inputs: + version: + description: 'Version to bump to' + required: true + revision: + description: 'Revision to bump to. Defalut: 1' + required: false + date: + description: 'Date to bump to. Default: today' + required: false + +jobs: + bump-version: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + ref: ${{ github.head_ref }} + + # - uses: peterjgrainger/action-create-branch@v2.2.0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # branch: bump-version-${{ event.inputs.version }} + # sha: ${{ github.head_ref }} + + # - uses: actions/checkout@v3 + # with: + # token: ${{ secrets.GITHUB_TOKEN }} + # ref: bump-version-${{ event.inputs.version }} + + # - name: Set execution parameters + # run: | + # EXEC_PARAMS="" + # if [ -n "${{ github.event.inputs.version }}" ]; then + # echo "EXEC_PARAMS=EXEC_PARAMS+\" -v ${{ github.event.inputs.version }}\"" + # fi + # if [ -n "${{ github.event.inputs.revision }}" ]; then + # echo "EXEC_PARAMS=EXEC_PARAMS+\" -r ${{ github.event.inputs.revision }}\"" + # fi + # if [ -n "${{ github.event.inputs.date }}" ]; then + # echo "EXEC_PARAMS=EXEC_PARAMS+\" -d ${{ github.event.inputs.date }}\"" + # fi + # echo "EXEC_PARAMS" >> $GITHUB_ENV + # shell: bash + + # - name: Bump version + # run: | + # python3 ./bump_version.py $EXEC_PARAMS + # shell: bash + + # - name: "Commit changes and push" + # run: | + # git config --global user.name "wazuhci" + # git config --global user.email "wazuhci@wazuh.com" + # git add . + # git commit -m "Bump version to ${{ github.event.inputs.version }}" + # shell: bash diff --git a/.github/workflows/clean-worflow-runs.yml b/.github/workflows/clean-worflow-runs.yml new file mode 100644 index 0000000000..cd7ee9eb08 --- /dev/null +++ b/.github/workflows/clean-worflow-runs.yml @@ -0,0 +1,19 @@ +name: Clean workflow runs +on: + schedule: + - cron: '0 0 * * 5' + workflow_dispatch: + +jobs: + Clean-runs: + runs-on: ubuntu-latest + steps: + - name: Delete workflow runs + uses: dmvict/clean-workflow-runs@v1.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + run_conclusions: | + cancelled + skipped + timed_out + save_period: 5 \ No newline at end of file diff --git a/.github/workflows/offline-installation.yml b/.github/workflows/offline-installation.yml new file mode 100644 index 0000000000..f0abc40a59 --- /dev/null +++ b/.github/workflows/offline-installation.yml @@ -0,0 +1,63 @@ +name: Offline installation test +on: + pull_request: + paths: + - 'unattended_installer/install_functions/wazuh-offline-download.sh' + workflow_dispatch: + +jobs: + Build-wazuh-install-script: + runs-on: ubuntu-latest + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v2 + + - name: Build wazuh-install script and use staging packages + working-directory: ./unattended_installer + run: | + bash builder.sh -i -d staging + + - uses: actions/upload-artifact@v3 + with: + name: script + path: | + unattended_installer/wazuh-install.sh + if-no-files-found: error + + Test-offline-installation-debian: + runs-on: ubuntu-latest + needs: Build-wazuh-install-script + steps: + - uses: actions/checkout@v2 + + - uses: actions/download-artifact@v3 + with: + name: script + + - name: Move unattended script + run: cp $GITHUB_WORKSPACE/wazuh-install.sh $GITHUB_WORKSPACE/.github/actions/offline-installation/wazuh-install.sh + + - name: Run script + run: sudo bash $GITHUB_WORKSPACE/.github/actions/offline-installation/offline-installation.sh + + Test-offline-installation-rpm: + runs-on: ubuntu-latest + needs: Build-wazuh-install-script + steps: + - uses: actions/checkout@v2 + + - uses: actions/download-artifact@v3 + with: + name: script + + - name: Move unattended script + run: cp $GITHUB_WORKSPACE/wazuh-install.sh $GITHUB_WORKSPACE/.github/actions/offline-installation/wazuh-install.sh + + - name: Launch docker and run script + run: sudo docker run -v $GITHUB_WORKSPACE/.github/actions/offline-installation/:/tests centos:centos7 bash /tests/offline-installation.sh diff --git a/.github/workflows/password-tool.yml b/.github/workflows/password-tool.yml index e578c48898..561a16219f 100644 --- a/.github/workflows/password-tool.yml +++ b/.github/workflows/password-tool.yml @@ -13,8 +13,7 @@ jobs: working-directory: ./unattended_installer run: | bash builder.sh -p - bash builder.sh -i -d - sed -i 's/pre-release/staging/g' wazuh-install.sh + bash builder.sh -i -d staging shell: bash - uses: actions/upload-artifact@v3 with: @@ -34,7 +33,7 @@ jobs: name: scripts - name: Install wazuh run: | - sudo bash wazuh-install.sh -a + sudo bash wazuh-install.sh -a -v - name: Uncompress wazuh install files run: sudo tar -xvf wazuh-install-files.tar - name: Run script @@ -50,7 +49,7 @@ jobs: name: scripts - name: Install wazuh run: | - sudo bash wazuh-install.sh -a + sudo bash wazuh-install.sh -a -v - name: Uncompress wazuh install files run: sudo tar -xvf wazuh-install-files.tar - name: Run script diff --git a/.github/workflows/test-install-deb.yml b/.github/workflows/test-install-deb.yml new file mode 100644 index 0000000000..8ce9a46921 --- /dev/null +++ b/.github/workflows/test-install-deb.yml @@ -0,0 +1,93 @@ +name: Test install Wazuh agent and manager - DEB +on: + pull_request: + paths: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + workflow_dispatch: + workflow_call: + +jobs: + + Wait-for-package-building: + runs-on: ubuntu-latest + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - name: Wait for the package to be built + uses: ArcticLampyrid/action-wait-for-workflow@v1.0.4 + id: wait-for-build + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-deb-packages.yml + sha: ${{ github.event.pull_request.head.sha || github.sha }} + wait-interval: 60 + + Test-install-deb-systems: + needs: Wait-for-package-building + runs-on: ubuntu-latest + strategy: + matrix: + distro_name: ['ubuntu:xenial', 'ubuntu:bionic', 'ubuntu:focal', 'ubuntu:jammy', 'debian:stretch', 'debian:buster', 'debian:bullseye'] + type: [agent, manager] + arch: [amd64, i386] + exclude: + - type: manager + arch: i386 + - distro_name: 'ubuntu:jammy' + arch: i386 + fail-fast: false + steps: + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + deb_images: + - 'debs/Debian/**' + - 'debs/build.sh' + deb_images_agent_i386: + - 'debs/Debian/7/i386/**' + - 'debs/build.sh' + deb_images_amd64: + - 'debs/Debian/7/amd64/**' + - 'debs/Debian/8/amd64/**' + - 'debs/build.sh' + deb_packages: + - 'debs/SPECS/**' + - 'debs/generate_debian_package.sh' + + - name: Setup directories and variables + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: | + VERSION=$(cat $GITHUB_WORKSPACE/VERSION) + REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g; s/\//./g' ) + echo "PACKAGE_NAME=wazuh-${{ matrix.type }}_${VERSION}-${REVISION}_${{ matrix.arch }}.deb" >> $GITHUB_ENV + + - name: Download the Wazuh ${{ matrix.type }} package for ${{ matrix.system.NAME }} + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + id: download-artifact + continue-on-error: true + uses: dawidd6/action-download-artifact@v2 + with: + workflow: build-deb-packages.yml + workflow_conclusion: success + name: ${{env.PACKAGE_NAME}} + if_no_artifact_found: fail + + - name: Move the Wazuh ${{ matrix.type }} package for ${{ matrix.distro_name }} to the packages directory + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: | + mkdir $GITHUB_WORKSPACE/packages + mv ${{env.PACKAGE_NAME}} $GITHUB_WORKSPACE/packages + + - name: Launch docker + if: steps.changes.outputs.deb_packages == 'true' || (steps.changes.outputs.deb_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.deb_images_amd64 == 'true' && matrix.ARCHITECTURE == 'amd64') + run: sudo docker run -v $GITHUB_WORKSPACE/.github/actions/test-install-components/:/tests -v $GITHUB_WORKSPACE/packages/:/packages ${{ matrix.arch }}/${{ matrix.distro_name }} bash /tests/install_component.sh $PACKAGE_NAME ${{ matrix.type }} diff --git a/.github/workflows/test-install-rpm.yml b/.github/workflows/test-install-rpm.yml new file mode 100644 index 0000000000..58f3d56f76 --- /dev/null +++ b/.github/workflows/test-install-rpm.yml @@ -0,0 +1,102 @@ +name: Test install Wazuh agent and manager - RPM +on: + pull_request: + paths: + - 'rpms/SPECS/*' + - 'rpms/generate_rpm_package.sh' + workflow_dispatch: + workflow_call: + +jobs: + Wait-for-package-building: + runs-on: ubuntu-latest + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - name: Wait for the package to be built + uses: ArcticLampyrid/action-wait-for-workflow@v1.0.4 + id: wait-for-build + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-rpm-packages.yml + sha: ${{ github.event.pull_request.head.sha || github.sha }} + wait-interval: 60 + + Test-install-rpm-systems: + needs: Wait-for-package-building + runs-on: ubuntu-latest + strategy: + matrix: + system: + - {NAME: 'oraclelinux:9', ARCH: "x86_64"} + - {NAME: 'almalinux:9', ARCH: "x86_64"} + - {NAME: 'rockylinux:9', ARCH: "x86_64"} + - {NAME: 'centos:7', ARCH: "x86_64"} + - {NAME: 'centos:8', ARCH: "x86_64"} + - {NAME: 'i386/centos:7', ARCH: "i386"} + - {NAME: 'redhat/ubi8:latest', ARCH: "x86_64"} + - {NAME: 'redhat/ubi9:latest', ARCH: "x86_64"} + - {NAME: 'amazonlinux:2', ARCH: "x86_64"} + - {NAME: 'fedora:34', ARCH: "x86_64"} + - {NAME: 'centos:6.9', ARCH: "x86_64", INIT: "initd"} + type: [agent, manager] + exclude: + - system: {ARCH: "i386"} + type: manager + - system: {INIT: "initd"} + type: manager + fail-fast: false + steps: + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + rpm_images: + - 'rpms/CentOS/**' + - 'rpms/build.sh' + rpm_images_agent_i386: + - 'rpms/CentOS/6/i386/**' + - 'rpms/build.sh' + rpm_images_x86_64: + - 'rpms/CentOS/6/x86_64/**' + - 'rpms/CentOS/7/x86_64/**' + - 'rpms/build.sh' + rpm_packages: + - 'rpms/SPECS/**' + - 'rpms/generate_rpm_package.sh' + + - name: Setup directories and variables + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: | + VERSION=$(cat $GITHUB_WORKSPACE/VERSION) + REVISION=$( echo ${{ github.head_ref }} | sed 's/-/./g; s/\//./g' ) + echo "PACKAGE_NAME=wazuh-${{ matrix.type }}-${VERSION}-${REVISION}.${{matrix.system.ARCH}}.rpm" >> $GITHUB_ENV + + - name: Download the Wazuh ${{ matrix.type }} package for ${{ matrix.system.NAME }} + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + id: download-artifact + continue-on-error: true + uses: dawidd6/action-download-artifact@v2 + with: + workflow: build-rpm-packages.yml + workflow_conclusion: success + name: ${{env.PACKAGE_NAME}} + if_no_artifact_found: fail + + - name: Move the Wazuh ${{ matrix.type }} package for ${{ matrix.system.NAME }} to the packages directory + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: | + mkdir $GITHUB_WORKSPACE/packages + mv ${{env.PACKAGE_NAME}} $GITHUB_WORKSPACE/packages + + - name: Launch docker + if : steps.changes.outputs.rpm_packages == 'true' || (steps.changes.outputs.rpm_images_agent_i386 == 'true' && matrix.ARCHITECTURE == 'i386') || (steps.changes.outputs.rpm_images_x86_64 == 'true' && matrix.ARCHITECTURE == 'x86_64') + run: sudo docker run -v $GITHUB_WORKSPACE/.github/actions/test-install-components/:/tests -v $GITHUB_WORKSPACE/packages/:/packages ${{ matrix.system.NAME }} bash /tests/install_component.sh $PACKAGE_NAME ${{ matrix.type }} diff --git a/.github/workflows/upload-deb-images.yml b/.github/workflows/upload-deb-images.yml new file mode 100644 index 0000000000..319981e65a --- /dev/null +++ b/.github/workflows/upload-deb-images.yml @@ -0,0 +1,70 @@ +name: Upload package creation Docker images - DEB - amd64 and i386 +on: + pull_request: + paths: + - 'debs/Debian/**' + - 'debs/build.sh' + types: + - opened + - synchronize + - closed + workflow_dispatch: + +jobs: + Upload-deb-package-building-images: + runs-on: ubuntu-latest + strategy: + matrix: + image: [ {CONTAINER_NAME: deb_manager_builder_amd64, DOCKERFILE_PATH: debs/Debian/8/amd64}, {CONTAINER_NAME: deb_agent_builder_amd64, DOCKERFILE_PATH: debs/Debian/7/amd64}, {CONTAINER_NAME: deb_agent_builder_i386, DOCKERFILE_PATH: debs/Debian/7/i386}] + fail-fast: false + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + i386: + - 'debs/Debian/7/i386/**' + - 'debs/build.sh' + manager_amd64: + - 'debs/Debian/8/amd64/**' + - 'debs/build.sh' + agent_amd64: + - 'debs/Debian/7/amd64/**' + - 'debs/build.sh' + generation_script: + - 'debs/generate_debian_package.sh' + + - name: Copy build.sh to Dockerfile path + run: + cp $GITHUB_WORKSPACE/debs/build.sh $GITHUB_WORKSPACE/${{ matrix.image.DOCKERFILE_PATH }} + + - name: Set tag as version + run: + if [ "${{ github.event.pull_request.merged }}" == "false" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi + + - name: Build and push image ${{ matrix.image.CONTAINER_NAME }} with tag ${{ env.TAG }} to Github Container Registry + if: (steps.changes.outputs.generation_script == 'true' ) || ( steps.changes.outputs.i386 == 'true' && matrix.image.CONTAINER_NAME == 'deb_agent_builder_i386' ) || ( steps.changes.outputs.manager_amd64 == 'true' && matrix.image.CONTAINER_NAME == 'deb_manager_builder_amd64') || ( steps.changes.outputs.agent_amd64 == 'true' && matrix.image.CONTAINER_NAME == 'deb_agent_builder_amd64' ) + run: + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} ${{matrix.image.CONTAINER_NAME}} ${{ matrix.image.DOCKERFILE_PATH }} ${{ env.TAG }} + + Build-packages-deb: + needs: Upload-deb-package-building-images + if: github.event_name == 'pull_request' + uses: ./.github/workflows/build-deb-packages.yml + secrets: inherit + + Test-packages-deb: + needs: Build-packages-deb + if: github.event_name == 'pull_request' + uses: ./.github/workflows/test-install-deb.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/upload-rpm-images.yml b/.github/workflows/upload-rpm-images.yml new file mode 100644 index 0000000000..a73d2849c7 --- /dev/null +++ b/.github/workflows/upload-rpm-images.yml @@ -0,0 +1,70 @@ +name: Upload package creation Docker images - RPM - x86 and i386 +on: + pull_request: + paths: + - 'rpms/CentOS/**' + - 'rpms/build.sh' + types: + - opened + - synchronize + - closed + workflow_dispatch: + +jobs: + Upload-rpm-package-building-images: + runs-on: ubuntu-latest + strategy: + matrix: + image: [ {CONTAINER_NAME: rpm_manager_builder_x86, DOCKERFILE_PATH: rpms/CentOS/7/x86_64}, {CONTAINER_NAME: rpm_agent_builder_x86, DOCKERFILE_PATH: rpms/CentOS/6/x86_64}, {CONTAINER_NAME: rpm_agent_builder_i386, DOCKERFILE_PATH: rpms/CentOS/6/i386}] + fail-fast: false + steps: + - name: Cancel previous runs + uses: fkirc/skip-duplicate-actions@master + with: + cancel_others: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} + skip_after_successful_duplicate: 'false' + + - uses: actions/checkout@v3 + + - name: Get changed files + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + i386: + - 'rpms/CentOS/6/i386/**' + - 'rpms/build.sh' + manager_x86_64: + - 'rpms/CentOS/7/x86_64/**' + - 'rpms/build.sh' + agent_x86_64: + - 'rpms/CentOS/6/x86_64/**' + - 'rpms/build.sh' + generation_script: + - 'rpms/generate_rpm_package.sh' + + - name: Copy build.sh to Dockerfile path + run: + cp $GITHUB_WORKSPACE/rpms/build.sh $GITHUB_WORKSPACE/${{ matrix.image.DOCKERFILE_PATH }} + + - name: Set tag as version + run: + if [ "${{ github.event.pull_request.merged }}" == "false" ]; then echo "TAG=${{ github.head_ref }}" >> $GITHUB_ENV; else echo "TAG=$(sed 's/\([0-9]*\.[0-9]*\)\.[0-9]*/\1/' $GITHUB_WORKSPACE/VERSION)" >> $GITHUB_ENV; fi + + - name: Build and push image ${{ matrix.image.CONTAINER_NAME }} with tag ${{ env.TAG }} to Github Container Registry + if: (steps.changes.outputs.generation_script == 'true' ) || ( steps.changes.outputs.i386 == 'true' && matrix.image.CONTAINER_NAME == 'rpm_agent_builder_i386' ) || ( steps.changes.outputs.manager_x86_64 == 'true' && matrix.image.CONTAINER_NAME == 'rpm_manager_builder_x86' ) || ( steps.changes.outputs.agent_x86_64 == 'true' && matrix.image.CONTAINER_NAME == 'rpm_agent_builder_x86' ) + run: + bash $GITHUB_WORKSPACE/.github/actions/ghcr-pull-and-push/build_and_push_image_to_ghcr.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.actor}} ${{matrix.image.CONTAINER_NAME}} ${{ matrix.image.DOCKERFILE_PATH }} ${{ env.TAG }} + + Build-packages-rpm: + needs: Upload-rpm-package-building-images + if: github.event_name == 'pull_request' + uses: ./.github/workflows/build-rpm-packages.yml + secrets: inherit + + Test-packages-rpm: + needs: Build-packages-rpm + if: github.event_name == 'pull_request' + uses: ./.github/workflows/test-install-rpm.yml + secrets: inherit \ No newline at end of file diff --git a/.gitignore b/.gitignore index 822b7b01b9..9b7c195b3c 100644 --- a/.gitignore +++ b/.gitignore @@ -19,9 +19,10 @@ ova/Config_files/filebeat.yml *.pkg.tar.zst .gradle .java -stack/dashboard/base/output -stack/indexer/base/output +stack/indexer/rpm/output +stack/indexer/deb/output .cache +.m2 wpk/versions solaris/packer/builds/ solaris/packer/packer-solaris11_3-virtualbox/ @@ -39,3 +40,4 @@ unattended_installer/wazuh-certs-tool.sh unattended_installer/wazuh-passwords-tool.sh unattended_installer/wazuh-passwords.txt tests/unattended/unit/*.log +output diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d948e15bb..c57928b03e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,40 @@ # Change Log All notable changes to this project will be documented in this file. +## [4.8.1] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.8.1 + +## [4.8.0] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.8.0 + +## [4.7.2] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.7.2 + +## [4.7.1] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.7.1 + +## [v4.7.0] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.7.0 + +## [v4.6.0] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.6.0 + +## [v4.5.4] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.4 + +## [v4.5.3] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.3 + +## [v4.5.2] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.2 ## [v4.5.1] @@ -9,6 +44,10 @@ All notable changes to this project will be documented in this file. - https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.0 +## [v4.4.5] + +- https://github.com/wazuh/wazuh-packages/releases/tag/v4.4.5 + ## [v4.4.4] - https://github.com/wazuh/wazuh-packages/releases/tag/v4.4.4 diff --git a/README.md b/README.md index 298b173f86..cc74389571 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,9 @@ The following table shows the references for the versions of each component. |-----------------|-----------------------| | 4.3.x | 1.2.0 | | 4.4.0 | 2.4.1 | -| 4.4.1 - 4.5.1 | 2.6.0 | +| 4.4.1 - 4.5.x | 2.6.0 | +| 4.6.x - 4.7.x | 2.8.0 | +| 4.8.x - current | 2.10.0 | ### Wazuh indexer @@ -44,7 +46,9 @@ The following table shows the references for the versions of each component. |-----------------|-----------------------| | 4.3.x | 1.2.4 | | 4.4.0 | 2.4.1 | -| 4.4.1 - 4.5.1 | 2.6.0 | +| 4.4.1 - 4.5.x | 2.6.0 | +| 4.6.x - 4.7.x | 2.8.0 | +| 4.8.x - current | 2.10.0 | ## Contribute diff --git a/VERSION b/VERSION index 4404a17bae..697e993915 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.5.1 +4.8.1 diff --git a/aix/SPECS/wazuh-agent-aix.spec b/aix/SPECS/wazuh-agent-aix.spec index 10040e1f7b..ac82df8561 100644 --- a/aix/SPECS/wazuh-agent-aix.spec +++ b/aix/SPECS/wazuh-agent-aix.spec @@ -1,6 +1,6 @@ # Spec file for AIX systems Name: wazuh-agent -Version: 4.5.1 +Version: 4.8.1 Release: 1 License: GPL URL: https://www.wazuh.com/ @@ -290,10 +290,30 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/* %changelog -* Tue Aug 01 2023 support - 4.5.1 +* Wed Feb 28 2024 support - 4.8.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html +* Wed Feb 21 2024 support - 4.8.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html +* Tue Jan 09 2024 support - 4.7.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html +* Wed Dec 13 2023 support - 4.7.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html +* Tue Nov 21 2023 support - 4.7.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html +* Tue Oct 31 2023 support - 4.6.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html +* Tue Oct 24 2023 support - 4.5.4 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html +* Tue Oct 10 2023 support - 4.5.3 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html +* Thu Aug 31 2023 support - 4.5.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html +* Thu Aug 24 2023 support - 4.5.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5.1.html -* Wed Jul 19 2023 support - 4.5.0 +* Thu Aug 10 2023 support - 4.5.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html +* Mon Jul 10 2023 support - 4.4.5 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html * Tue Jun 13 2023 support - 4.4.4 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-4.html * Thu May 25 2023 support - 4.4.3 diff --git a/alpine/build_package.sh b/alpine/build_package.sh index 1c9b6880d4..b00cb64406 100755 --- a/alpine/build_package.sh +++ b/alpine/build_package.sh @@ -161,7 +161,7 @@ help() { echo -e " [Optional] Use the SPECS files stored in the host instead of downloading them from GitHub." echo -e "" echo -e " --future" - echo -e " [Optional] Build test future package 99.99.0 Used for development purposes." + echo -e " [Optional] Build test future package {MAJOR}.30.0 Used for development purposes." echo -e "" echo -e " -h, --help" echo -e " Show this help." diff --git a/alpine/builder.sh b/alpine/builder.sh index d193489170..c97470b725 100644 --- a/alpine/builder.sh +++ b/alpine/builder.sh @@ -41,7 +41,12 @@ fi export version="$(cat wazuh*/src/VERSION | cut -d 'v' -f 2)" if [ "${future}" = "yes" ]; then - export version="99.99.0" + old_version=$version + MAJOR=$(echo $version | cut -dv -f2 | cut -d. -f1) + export version="${MAJOR}.30.0" + sed -i "s/${old_version}/${version}/g" "/wazuh"*"/src/init/wazuh-server.sh" + sed -i "s/${old_version}/${version}/g" "/wazuh"*"/src/init/wazuh-client.sh" + sed -i "s/${old_version}/${version}/g" "/wazuh"*"/src/init/wazuh-local.sh" fi diff --git a/arch/build.sh b/arch/build.sh index a191c05160..ffd74d30d8 100755 --- a/arch/build.sh +++ b/arch/build.sh @@ -61,7 +61,7 @@ if [[ "${future}" == "yes" ]]; then base_version=${wazuh_version} MAJOR=$(echo ${base_version} | cut -dv -f2 | cut -d. -f1) MINOR=$(echo ${base_version} | cut -d. -f2) - wazuh_version="99.99.0" + wazuh_version="${MAJOR}.30.0" package_full_name=wazuh-${build_target}-${wazuh_version} # PREPARE FUTURE SPECS AND SOURCES @@ -70,6 +70,9 @@ if [[ "${future}" == "yes" ]]; then sources_dir="${tmp_sources_dir}" find "${sources_dir}" "${specs_path}" \( -name "*VERSION*" -o -name "*changelog*" \) -exec sed -i "s/${base_version}/${wazuh_version}/g" {} \; sed -i "s/\$(VERSION)/${MAJOR}.${MINOR}/g" "${sources_dir}/src/Makefile" + sed -i "s/${base_version}/${wazuh_version}/g" "${sources_dir}/src/init/wazuh-server.sh" + sed -i "s/${base_version}/${wazuh_version}/g" "${sources_dir}/src/init/wazuh-client.sh" + sed -i "s/${base_version}/${wazuh_version}/g" "${sources_dir}/src/init/wazuh-local.sh" fi cd ${sources_dir} && tar -czf ${pacman_dir}/${package_full_name}.tar.gz . diff --git a/arch/generate_arch_package.sh b/arch/generate_arch_package.sh index 55ec324135..b63a006f58 100755 --- a/arch/generate_arch_package.sh +++ b/arch/generate_arch_package.sh @@ -105,7 +105,7 @@ help() { echo " --sources [Optional] Absolute path containing wazuh source code. This option will use local source code instead of downloading it from GitHub." echo " --packages-branch [Required] Select Git branch or tag from wazuh-packages repository. e.g ${PACKAGES_BRANCH}" echo " --dev [Optional] Use the SPECS files stored in the host instead of downloading them from GitHub." - echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." + echo " --future [Optional] Build test future package {MAJOR}.30.0 Used for development purposes." echo " -h, --help Show this help." echo exit $1 diff --git a/bump_version.py b/bump_version.py new file mode 100644 index 0000000000..2dddb27176 --- /dev/null +++ b/bump_version.py @@ -0,0 +1,202 @@ +""" +This script is used to bump the version of the Wazuh packages repository. + Copyright (C) 2015-2020, Wazuh Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. +""" +import argparse +import datetime +import glob +import re +from packaging.version import Version + +FORMAT_STRING="%m-%d-%Y" + +arg_parser=argparse.ArgumentParser() +arg_parser.add_argument('-v', '--version', action='store', dest='version', + help='Version to bump to', required=True) +arg_parser.add_argument('-r', '--revision', action='store', dest='revision', + help='Revision to bump to. Default: 1', default=1) +arg_parser.add_argument('-d', '--date', action='store', dest='date', + help='Date to bump to. Format: m-d-Y. Default: today', + default=datetime.date.today().strftime(FORMAT_STRING)) +args=arg_parser.parse_args() + +date=datetime.datetime.strptime(args.date, FORMAT_STRING) +version=Version(args.version) + +## Find files to bump .spec, changelog, pkginfo, .pkgproj, test-*.sh, +## installVariables.sh, CHANGELOG.md +spec_files=glob.glob('**/*.spec', recursive=True) +changelog_files=glob.glob('**/changelog', recursive=True) +copyright_files=glob.glob('**/copyright', recursive=True) +pkginfo_files=glob.glob('**/pkginfo', recursive=True) +pkgproj_files=glob.glob('**/*.pkgproj', recursive=True) +test_files=glob.glob('**/test-*.sh', recursive=True) +install_variables_files=glob.glob('**/installVariables.sh', recursive=True) +changelog_md_files=glob.glob('**/CHANGELOG.md', recursive=True) +VERSION_files=glob.glob('**/VERSION', recursive=True) + +## Bump version in .spec files +SPEC_FORMAT_STRING="%a %b %d %Y" +spec_date=date.strftime(SPEC_FORMAT_STRING) +for spec_file in spec_files: + with open(spec_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + spec_file) + filedata=file.read() + # Replace version and revision + REGEX=r'Version:\s*(\d+\.\d+\.\d+)' + filedata=re.sub(REGEX, f"Version: {version}", filedata) + REGEX=r'Revision:\s*(\d+)' + filedata=re.sub(REGEX, 'Revision: ' + str(args.revision), + filedata) + # Add new version to changelog + REGEX=r'%changelog' + changelog_string=(f"* {spec_date} support - {version}" + "\n- More info: https://documentation.wazuh.com/current/release-" + f"notes/release-{version.major}-{version.minor}-" + f"{version.micro}.html") + filedata=re.sub(REGEX, '%changelog\n' + changelog_string, filedata) + + with open(spec_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in deb changelog files +DEB_FORMAT_STRING="%a, %d %b %Y %H:%M:%S +0000" +deb_changelog_date=date.strftime(DEB_FORMAT_STRING) +for changelog_file in changelog_files: + with open(changelog_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + changelog_file) + filedata=file.read() + install_type=re.search(r'(wazuh-(agent|manager|indexer|dashboard))', + filedata).group(1) + changelog_string=(f"{install_type} ({version}-RELEASE) stable; " + "urgency=low\n\n * More info: https://documentation.wazuh.com/" + f"current/release-notes/release-{version.major}-{version.minor}-" + f"{version.micro}.html\n\n -- " + f"Wazuh, Inc {deb_changelog_date}\n\n") + # Add new version to changelog + filedata=changelog_string + filedata + + with open(changelog_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in deb copyrigth files + +for copyrigth_file in copyright_files: + with open(copyrigth_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + copyrigth_file) + filedata=file.read() + # Replace version and revision + REGEX=(r'Wazuh, Inc on ' + r'(\w+),\s(\d+)\s(\w+)\s(\d+)\s(\d+):(\d+):(\d+)\s\+(\d+)') + filedata=re.sub(REGEX, + f"Wazuh, Inc on {deb_changelog_date}", + filedata) + + with open(copyrigth_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in pkginfo files + +PKGINFO_FORMAT_STRING="%d%b%Y" + +for pkginfo_file in pkginfo_files: + with open(pkginfo_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + pkginfo_file) + filedata=file.read() + # Replace version and revision + REGEX=r'VERSION=\"(\d+\.\d+\.\d+)\"' + filedata=re.sub(REGEX, f'VERSION=\"{version}\"', filedata) + REGEX=r'PSTAMP=(.*)' + filedata=re.sub(REGEX, + f'PSTAMP=\"{date.strftime(PKGINFO_FORMAT_STRING)}\"', + filedata) + + with open(pkginfo_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in .pkgproj files + +for pkgproj_file in pkgproj_files: + with open(pkgproj_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + pkgproj_file) + filedata=file.read() + # Replace version and revision + REGEX=r'(\d+\.\d+\.\d+)-(\d+)' + filedata=re.sub(REGEX, f'{version}-{args.revision}', + filedata) + REGEX=r'wazuh-agent-(\d+\.\d+\.\d+)-(\d+)' + filedata=re.sub(REGEX, + f'wazuh-agent-{version}-{args.revision}', + filedata) + + with open(pkgproj_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in test-*.sh files + +for test_file in test_files: + with open(test_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + test_file) + filedata=file.read() + # Replace version and revision + REGEX=r'wazuh-manager.x86_64\s+(\d+\.\d+\.\d+)-(\d+)' + filedata=re.sub(REGEX, + f'wazuh-manager.x86_64 {version}-{args.revision}', + filedata) + REGEX=r'wazuh_version=\"(\d+\.\d+\.\d+)\"' + filedata=re.sub(REGEX, f'wazuh_version=\"{version}\"', filedata) + + with open(test_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in installVariables.sh files + +for install_variables_file in install_variables_files: + with open(install_variables_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + install_variables_file) + filedata=file.read() + # Replace version and revision + REGEX=r'wazuh_major=\"(\d+\.\d+)\"' + filedata=re.sub(REGEX, + f'wazuh_major=\"{version.major}.{version.minor}\"', + filedata) + REGEX=r'wazuh_version=\"(\d+\.\d+\.\d+)\"' + filedata=re.sub(REGEX, f'wazuh_version=\"{version}\"', filedata) + + with open(install_variables_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in CHANGELOG.md files + +for changelog_md_file in changelog_md_files: + with open(changelog_md_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + changelog_md_file) + filedata=file.read() + # Add new version to changelog + REGEX=(r'All notable changes to this project ' + r'will be documented in this file.') + changelog_string=(f"## [{version}]\n\n- https://github.com/wazuh/" + f"wazuh-packages/releases/tag/v{version}\n") + filedata=re.sub(REGEX, REGEX + '\n' + changelog_string, + filedata) + + with open(changelog_md_file, 'w', encoding="utf-8") as file: + file.write(filedata) + +## Bump version in VERSION files + +for VERSION_file in VERSION_files: + with open(VERSION_file, 'r', encoding="utf-8") as file: + print('Bumping version in ' + VERSION_file) + filedata=file.read() + # Replace version and revision + REGEX=r'(\d+\.\d+\.\d+)' + filedata=re.sub(REGEX, f'{version}', filedata) + + with open(VERSION_file, 'w', encoding="utf-8") as file: + file.write(filedata) diff --git a/debs/Debian/amd64/Dockerfile b/debs/Debian/7/amd64/Dockerfile similarity index 93% rename from debs/Debian/amd64/Dockerfile rename to debs/Debian/7/amd64/Dockerfile index cab85b23cd..b89a783073 100644 --- a/debs/Debian/amd64/Dockerfile +++ b/debs/Debian/7/amd64/Dockerfile @@ -20,7 +20,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64:${LD_LIBRARY_PATH}" diff --git a/debs/Debian/i386/Dockerfile b/debs/Debian/7/i386/Dockerfile similarity index 94% rename from debs/Debian/i386/Dockerfile rename to debs/Debian/7/i386/Dockerfile index c43803f4bf..717926819b 100644 --- a/debs/Debian/i386/Dockerfile +++ b/debs/Debian/7/i386/Dockerfile @@ -23,7 +23,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ linux32 ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib:${LD_LIBRARY_PATH}" diff --git a/debs/Debian/8/amd64/Dockerfile b/debs/Debian/8/amd64/Dockerfile new file mode 100644 index 0000000000..177a91925d --- /dev/null +++ b/debs/Debian/8/amd64/Dockerfile @@ -0,0 +1,43 @@ +FROM debian:8 + +ENV DEBIAN_FRONTEND noninteractive + +# Installing necessary packages +RUN echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf && \ + echo "deb http://archive.debian.org/debian jessie contrib main non-free" > /etc/apt/sources.list && \ + echo "deb http://archive.debian.org/debian-security jessie/updates main" >> /etc/apt/sources.list && \ + apt-get update && apt-get install -y --force-yes apt-utils && \ + apt-get install -y --force-yes \ + curl g++ bzip2 debhelper gcc rename make sudo wget expect gnupg perl-base perl \ + libc-bin libc6 libc6-dev build-essential dpkg-dev\ + cdbs devscripts equivs automake autoconf libtool libaudit-dev selinux-basics \ + libdb5.3 libdb5.3-dev libssl1.0.0 libssl-dev procps gawk libsigsegv2 + +RUN echo "deb-src http://archive.debian.org/debian jessie contrib main non-free" >> /etc/apt/sources.list && \ + apt-get update && apt-get build-dep python3 -y --force-yes + +RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ + tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && \ + ./contrib/download_prerequisites && \ + ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ + --disable-libsanitizer && \ + make -j$(nproc) && make install && \ + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + +ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" +ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64:${LD_LIBRARY_PATH}" +ENV PATH "/usr/local/gcc-9.4.0/bin:${PATH}" + +RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ + tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && \ + ./bootstrap --no-system-curl CXX=/usr/local/gcc-9.4.0/bin/g++ \ + CC=/usr/local/gcc-9.4.0/bin/gcc && \ + make -j$(nproc) && make install && ln -s /usr/local/bin/cmake /usr/bin/cmake && \ + cd / && rm -rf cmake-* + +# Add the script to build the Debian package +ADD build.sh /usr/local/bin/build_package +RUN chmod +x /usr/local/bin/build_package + +# Set the entrypoint +ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/debs/Debian/arm64/Dockerfile b/debs/Debian/9/arm64/Dockerfile similarity index 93% rename from debs/Debian/arm64/Dockerfile rename to debs/Debian/9/arm64/Dockerfile index f2d641ed3c..43f3da0a71 100644 --- a/debs/Debian/arm64/Dockerfile +++ b/debs/Debian/9/arm64/Dockerfile @@ -24,7 +24,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/debs/Debian/armhf/Dockerfile b/debs/Debian/9/armhf/Dockerfile similarity index 94% rename from debs/Debian/armhf/Dockerfile rename to debs/Debian/9/armhf/Dockerfile index ae6aa76d71..e243406dc8 100644 --- a/debs/Debian/armhf/Dockerfile +++ b/debs/Debian/9/armhf/Dockerfile @@ -25,7 +25,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ --with-fpu=vfpv3-d16 --with-float=hard --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/debs/Debian/ppc64le/Dockerfile b/debs/Debian/9/ppc64le/Dockerfile similarity index 92% rename from debs/Debian/ppc64le/Dockerfile rename to debs/Debian/9/ppc64le/Dockerfile index 2afa693182..23319b1cbb 100644 --- a/debs/Debian/ppc64le/Dockerfile +++ b/debs/Debian/9/ppc64le/Dockerfile @@ -2,6 +2,8 @@ FROM ppc64le/debian:stretch ENV DEBIAN_FRONTEND noninteractive +RUN apt-get -v + # Installing necessary packages RUN echo "deb http://archive.debian.org/debian stretch contrib main non-free" > /etc/apt/sources.list && \ echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list && \ @@ -21,7 +23,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64:${LD_LIBRARY_PATH}" diff --git a/debs/SPECS/wazuh-agent/debian/changelog b/debs/SPECS/wazuh-agent/debian/changelog index beefffdbd6..61e41c1eed 100644 --- a/debs/SPECS/wazuh-agent/debian/changelog +++ b/debs/SPECS/wazuh-agent/debian/changelog @@ -1,14 +1,74 @@ +wazuh-agent (4.8.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html + + -- Wazuh, Inc Tue, 13 Feb 2024 00:00:00 +0000 + +wazuh-agent (4.8.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html + + -- Wazuh, Inc Wed, 21 Feb 2024 00:00:00 +0000 + +wazuh-agent (4.7.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html + + -- Wazuh, Inc Tue, 09 Jan 2024 00:00:00 +0000 + +wazuh-agent (4.7.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html + + -- Wazuh, Inc Wed, 13 Dec 2023 00:00:00 +0000 + +wazuh-agent (4.7.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html + + -- Wazuh, Inc Tue, 05 Nov 2023 00:00:00 +0000 + +wazuh-agent (4.6.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html + + -- Wazuh, Inc Tue, 31 Oct 2023 00:00:00 +0000 + +wazuh-agent (4.5.4-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html + + -- Wazuh, Inc Tue, 24 Oct 2023 00:00:00 +0000 + +wazuh-agent (4.5.3-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html + + -- Wazuh, Inc Tue, 10 Oct 2023 00:00:00 +0000 + +wazuh-agent (4.5.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html + + -- Wazuh, Inc Thu, 31 Aug 2023 00:00:00 +0000 + wazuh-agent (4.5.1-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-1.html - -- Wazuh, Inc Tue, 01 Aug 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 24 Aug 2023 15:56:43 +0000 wazuh-agent (4.5.0-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html - -- Wazuh, Inc Wed, 19 Jul 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 10 Aug 2023 15:56:43 +0000 + +wazuh-agent (4.4.5-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html + + -- Wazuh, Inc Mon, 10 Jul 2023 15:56:43 +0000 wazuh-agent (4.4.4-RELEASE) stable; urgency=low @@ -162,13 +222,13 @@ wazuh-agent (4.2.0-RELEASE) stable; urgency=low wazuh-agent (4.1.5-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-5.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-5.html -- Wazuh, Inc Thu, 22 Apr 2021 16:50:05 +0000 wazuh-agent (4.1.4-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-4.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-4.html -- Wazuh, Inc Mon, 29 Mar 2021 16:23:09 +0000 @@ -180,13 +240,13 @@ wazuh-agent (4.1.3-RELEASE) stable; urgency=low wazuh-agent (4.1.2-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-2.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-2.html -- Wazuh, Inc Mon, 08 Mar 2021 14:00:25 +0000 wazuh-agent (4.1.1-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-1.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-1.html -- Wazuh, Inc Fri, 05 Mar 2021 13:24:41 +0000 @@ -246,7 +306,7 @@ wazuh-agent (4.0.0-RELEASE) stable; urgency=low wazuh-agent (3.13.3-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-3.html + * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-3.html -- Wazuh, Inc Sat, 24 Apr 2021 07:01:55 +0000 diff --git a/debs/SPECS/wazuh-agent/debian/copyright b/debs/SPECS/wazuh-agent/debian/copyright index 3d783aefb6..f5fd1968da 100644 --- a/debs/SPECS/wazuh-agent/debian/copyright +++ b/debs/SPECS/wazuh-agent/debian/copyright @@ -1,6 +1,6 @@ This work was packaged for Debian by: - Wazuh, Inc on Tue, 01 Aug 2023 15:56:43 +0000 + Wazuh, Inc on Wed, 28 Feb 2024 00:00:00 +0000 It was downloaded from: diff --git a/debs/SPECS/wazuh-agent/debian/postinst b/debs/SPECS/wazuh-agent/debian/postinst index 63c1de494c..6de2eb2df6 100644 --- a/debs/SPECS/wazuh-agent/debian/postinst +++ b/debs/SPECS/wazuh-agent/debian/postinst @@ -19,6 +19,10 @@ case "$1" in OSMYSHELL="/sbin/nologin" + if [ -d /run/systemd/system ]; then + rm -f /etc/init.d/wazuh-agent + fi + if [ ! -f ${OSMYSHELL} ]; then if [ -f "/bin/false" ]; then OSMYSHELL="/bin/false" diff --git a/debs/SPECS/wazuh-agent/debian/postrm b/debs/SPECS/wazuh-agent/debian/postrm index ee822e0e52..bb30d5af0a 100644 --- a/debs/SPECS/wazuh-agent/debian/postrm +++ b/debs/SPECS/wazuh-agent/debian/postrm @@ -40,10 +40,10 @@ case "$1" in purge) - if getent passwd wazuh ; then + if getent passwd wazuh >/dev/null 2>&1; then deluser wazuh > /dev/null 2>&1 fi - if getent group wazuh ; then + if getent group wazuh >/dev/null 2>&1; then delgroup wazuh > /dev/null 2>&1 fi rm -rf ${DIR}/* diff --git a/debs/SPECS/wazuh-agent/debian/rules b/debs/SPECS/wazuh-agent/debian/rules index 41fd65fabe..b79b4ce99f 100644 --- a/debs/SPECS/wazuh-agent/debian/rules +++ b/debs/SPECS/wazuh-agent/debian/rules @@ -105,6 +105,7 @@ override_dh_install: mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/9 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/10 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/11 + mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/12 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/12/04 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/14/04 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/16/04 @@ -123,6 +124,7 @@ override_dh_install: cp etc/templates/config/debian/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/9 cp etc/templates/config/debian/10/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/10 cp etc/templates/config/debian/11/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/11 + cp etc/templates/config/debian/12/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/12 cp etc/templates/config/ubuntu/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu cp etc/templates/config/ubuntu/12/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/12/04 diff --git a/debs/SPECS/wazuh-manager/debian/changelog b/debs/SPECS/wazuh-manager/debian/changelog index 55c234b74c..9b9c056024 100644 --- a/debs/SPECS/wazuh-manager/debian/changelog +++ b/debs/SPECS/wazuh-manager/debian/changelog @@ -1,15 +1,74 @@ +wazuh-manager (4.8.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html + + -- Wazuh, Inc Tue, 13 Feb 2024 00:00:00 +0000 + +wazuh-manager (4.8.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html + + -- Wazuh, Inc Wed, 21 Feb 2024 00:00:00 +0000 + +wazuh-manager (4.7.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html + + -- Wazuh, Inc Tue, 09 Jan 2024 00:00:00 +0000 + +wazuh-manager (4.7.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html + + -- Wazuh, Inc Wed, 13 Dec 2023 00:00:00 +0000 + +wazuh-manager (4.7.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html + + -- Wazuh, Inc Tue, 05 Nov 2023 00:00:00 +0000 + +wazuh-manager (4.6.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html + + -- Wazuh, Inc Tue, 31 Oct 2023 00:00:00 +0000 + +wazuh-manager (4.5.4-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html + + -- Wazuh, Inc Tue, 24 Oct 2023 00:00:00 +0000 + +wazuh-manager (4.5.3-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html + + -- Wazuh, Inc Tue, 10 Oct 2023 00:00:00 +0000 + +wazuh-manager (4.5.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html + + -- Wazuh, Inc Thu, 31 Aug 2023 00:00:00 +0000 wazuh-manager (4.5.1-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-1.html - -- Wazuh, Inc Tue, 01 Aug 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 24 Aug 2023 15:56:43 +0000 wazuh-manager (4.5.0-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html - -- Wazuh, Inc Wed, 19 Jul 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 10 Aug 2023 13:45:36 +0000 + +wazuh-manager (4.4.5-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html + + -- Wazuh, Inc Mon, 10 Jul 2023 15:56:43 +0000 wazuh-manager (4.4.4-RELEASE) stable; urgency=low @@ -163,13 +222,13 @@ wazuh-manager (4.2.0-RELEASE) stable; urgency=low wazuh-manager (4.1.5-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-5.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-5.html -- Wazuh, Inc Thu, 22 Apr 2021 16:50:05 +0000 wazuh-manager (4.1.4-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-4.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-4.html -- Wazuh, Inc Mon, 29 Mar 2021 16:23:09 +0000 @@ -181,13 +240,13 @@ wazuh-manager (4.1.3-RELEASE) stable; urgency=low wazuh-manager (4.1.2-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-2.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-2.html -- Wazuh, Inc Mon, 08 Mar 2021 14:00:25 +0000 wazuh-manager (4.1.1-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-1.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-1-1.html -- Wazuh, Inc Fri, 05 Mar 2021 13:24:41 +0000 @@ -247,7 +306,7 @@ wazuh-manager (4.0.0-RELEASE) stable; urgency=low wazuh-manager (3.13.3-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-3.html + * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-3.html -- Wazuh, Inc Sat, 24 Apr 2021 07:01:55 +0000 diff --git a/debs/SPECS/wazuh-manager/debian/control b/debs/SPECS/wazuh-manager/debian/control index bbdeb2a7c6..907ba3812b 100644 --- a/debs/SPECS/wazuh-manager/debian/control +++ b/debs/SPECS/wazuh-manager/debian/control @@ -8,7 +8,7 @@ Homepage: http://www.wazuh.com Package: wazuh-manager Architecture: any -Depends: ${shlibs:Depends}, libc6 (>= 2.7), lsb-release, debconf, adduser +Depends: ${shlibs:Depends}, libc6 (>= 2.7), lsb-release, debconf, adduser, xz-utils Suggests: expect Conflicts: ossec-hids-agent, wazuh-agent, ossec-hids, wazuh-api Replaces: wazuh-api diff --git a/debs/SPECS/wazuh-manager/debian/copyright b/debs/SPECS/wazuh-manager/debian/copyright index 3d783aefb6..f5fd1968da 100644 --- a/debs/SPECS/wazuh-manager/debian/copyright +++ b/debs/SPECS/wazuh-manager/debian/copyright @@ -1,6 +1,6 @@ This work was packaged for Debian by: - Wazuh, Inc on Tue, 01 Aug 2023 15:56:43 +0000 + Wazuh, Inc on Wed, 28 Feb 2024 00:00:00 +0000 It was downloaded from: diff --git a/debs/SPECS/wazuh-manager/debian/postinst b/debs/SPECS/wazuh-manager/debian/postinst index 1a187b89de..fcb507b51a 100644 --- a/debs/SPECS/wazuh-manager/debian/postinst +++ b/debs/SPECS/wazuh-manager/debian/postinst @@ -15,6 +15,11 @@ case "$1" in OSMYSHELL="/sbin/nologin" SCRIPTS_DIR="${WAZUH_GLOBAL_TMP_DIR}/manager_installation_scripts" SCA_BASE_DIR="${SCRIPTS_DIR}/sca" + VD_FILENAME='vd_1.0.0_vd_4.8.0.tar.xz' + + if [ -d /run/systemd/system ]; then + rm -f /etc/init.d/wazuh-manager + fi if [ ! -f ${OSMYSHELL} ]; then if [ -f "/bin/false" ]; then @@ -67,6 +72,13 @@ case "$1" in chown ${USER}:${GROUP} ${DIR}/queue/db/global.db* fi + if [ -f "${DIR}/${VD_FILENAME}" ]; then + tar -xf ${DIR}/${VD_FILENAME} -C ${DIR} + chown ${USER}:${GROUP} ${DIR}/queue/vd + chown ${USER}:${GROUP} ${DIR}/queue/vd_updater + rm -rf ${DIR}/${VD_FILENAME} + fi + # Delete uncompatible DBs versions if [ ! -z $2 ]; then @@ -89,8 +101,8 @@ case "$1" in rm -rf ${DIR}/backup/groups # Generation auto-signed certificate if not exists - if type openssl >/dev/null 2>&1 && [ ! -f "${DIR}/etc/sslmanager.key" ] && [ ! -f "${DIR}/etc/sslmanager.cert" ]; then - openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -subj "/C=US/ST=California/CN=Wazuh/" -keyout ${DIR}/etc/sslmanager.key -out ${DIR}/etc/sslmanager.cert 2>/dev/null + if [ ! -f "${DIR}/etc/sslmanager.key" ] && [ ! -f "${DIR}/etc/sslmanager.cert" ]; then + ${DIR}/bin/wazuh-authd -C 365 -B 2048 -S "/C=US/ST=California/CN=Wazuh/" -K ${DIR}/etc/sslmanager.key -X ${DIR}/etc/sslmanager.cert 2>/dev/null fi chmod 640 ${DIR}/etc/sslmanager.cert ${DIR}/etc/sslmanager.key > /dev/null 2>&1 || true @@ -166,6 +178,8 @@ case "$1" in chmod 0660 ${DIR}/logs/active-responses.log chmod 0640 ${DIR}/logs/integrations.log + # Set merged.mg permissions to new ones + find ${DIR}/etc/shared/ -type f -name 'merged.mg' -exec chmod 644 {} \; if [ -f ${DIR}/etc/shared/ar.conf ]; then chown root:wazuh ${DIR}/etc/shared/ar.conf @@ -228,6 +242,11 @@ case "$1" in fi + # Ensure that the 'Indexer' is configured + CONFIG_INDEXER_TEMPLATE="${SCRIPTS_DIR}/etc/templates/config/generic/wodle-indexer.manager.template" + . ${SCRIPTS_DIR}/src/init/update-indexer.sh + updateIndexerTemplate "${DIR}/etc/ossec.conf" $CONFIG_INDEXER_TEMPLATE + # Restoring file permissions ${SCRIPTS_DIR}/restore-permissions.sh > /dev/null 2>&1 || true @@ -242,17 +261,17 @@ case "$1" in # Remove old ossec user and group if exists and change ownwership of files if getent group ossec > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user root -print0 | xargs -0 chown root:wazuh > /dev/null 2>&1 || true if getent passwd ossec > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossec -exec chown ${USER}:${GROUP} {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user ossec -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true deluser ossec > /dev/null 2>&1 fi if getent passwd ossecm > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossecm -exec chown ${USER}:${GROUP} {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user ossecm -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true deluser ossecm > /dev/null 2>&1 fi if getent passwd ossecr > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossecr -exec chown ${USER}:${GROUP} {} \; > /dev/null 2>&1 || true + find ${DIR}/ -group ossec -user ossecr -print0 | xargs -0 chown ${USER}:${GROUP} > /dev/null 2>&1 || true deluser ossecr > /dev/null 2>&1 fi if getent group ossec > /dev/null 2>&1; then diff --git a/debs/SPECS/wazuh-manager/debian/rules b/debs/SPECS/wazuh-manager/debian/rules index a387f56bfb..9186a8c0ce 100644 --- a/debs/SPECS/wazuh-manager/debian/rules +++ b/debs/SPECS/wazuh-manager/debian/rules @@ -64,6 +64,7 @@ override_dh_install: USER_GENERATE_AUTHD_CERT="y" \ USER_AUTO_START="n" \ USER_CREATE_SSL_CERT="n" \ + DOWNLOAD_CONTENT="yes" \ ./install.sh # Copying init.d script @@ -118,6 +119,7 @@ override_dh_install: mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/generic mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/amzn/1 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/amzn/2 + mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/amzn/2023 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/centos/5 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/centos/6 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/centos/7 @@ -129,11 +131,13 @@ override_dh_install: mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/20 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/21 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/22 + mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/23 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/7 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/8 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/9 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/10 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/11 + mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/12 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rhel/5 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rhel/6 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rhel/7 @@ -152,6 +156,7 @@ override_dh_install: mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/22/04 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/windows mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sunos/5/11 + mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/8 mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/9 cp -r ruleset/sca/* ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca @@ -162,6 +167,7 @@ override_dh_install: cp etc/templates/config/amzn/1/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/amzn/1 cp etc/templates/config/amzn/2/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/amzn/2 + cp etc/templates/config/amzn/2023/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/amzn/2023 cp etc/templates/config/darwin/15/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/15 cp etc/templates/config/darwin/16/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/16 @@ -171,6 +177,7 @@ override_dh_install: cp etc/templates/config/darwin/20/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/20 cp etc/templates/config/darwin/21/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/21 cp etc/templates/config/darwin/22/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/22 + cp etc/templates/config/darwin/23/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/darwin/23 cp etc/templates/config/debian/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian cp etc/templates/config/debian/7/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/7 @@ -178,6 +185,7 @@ override_dh_install: cp etc/templates/config/debian/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/9 cp etc/templates/config/debian/10/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/10 cp etc/templates/config/debian/11/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/11 + cp etc/templates/config/debian/12/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/12 cp etc/templates/config/centos/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/centos cp etc/templates/config/centos/5/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/centos/5 @@ -206,16 +214,17 @@ override_dh_install: cp etc/templates/config/ubuntu/20/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/20/04 cp etc/templates/config/ubuntu/22/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/22/04 - cp etc/templates/config/rocky/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/9 + cp etc/templates/config/rocky/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/8 + cp etc/templates/config/rocky/8/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/rocky/9 override_dh_fixperms: dh_fixperms # Fix Python permissions - chmod 0750 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/bin/2to3-3.9 - chmod 0750 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/bin/pydoc3.9 + chmod 0750 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/bin/2to3-3.10 + chmod 0750 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/bin/pydoc3.10 chmod 0750 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/bin/python3-config - chmod 0640 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/lib/pkgconfig/python-3.9-embed.pc - chmod 0640 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/lib/pkgconfig/python-3.9.pc + chmod 0640 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/lib/pkgconfig/python-3.10-embed.pc + chmod 0640 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/lib/pkgconfig/python-3.10.pc chmod 0640 ${TARGET_DIR}$(INSTALLATION_DIR)/framework/python/lib/pkgconfig/python3.pc override_dh_auto_clean: diff --git a/debs/build.sh b/debs/build.sh index 4291313e50..7896c49081 100755 --- a/debs/build.sh +++ b/debs/build.sh @@ -73,6 +73,9 @@ if [[ "${future}" == "yes" ]]; then # PREPARE FUTURE SPECS AND SOURCES find "${build_dir}/${package_name}" "${specs_path}" \( -name "*VERSION*" -o -name "*changelog*" \) -exec sed -i "s/${base_version}/${wazuh_version}/g" {} \; sed -i "s/\$(VERSION)/${MAJOR}.${MINOR}/g" "${build_dir}/${build_target}/${package_full_name}/src/Makefile" + sed -i "s/${base_version}/${wazuh_version}/g" "${build_dir}/${build_target}/${package_full_name}/src/init/wazuh-server.sh" + sed -i "s/${base_version}/${wazuh_version}/g" "${build_dir}/${build_target}/${package_full_name}/src/init/wazuh-client.sh" + sed -i "s/${base_version}/${wazuh_version}/g" "${build_dir}/${build_target}/${package_full_name}/src/init/wazuh-local.sh" fi cp -pr ${specs_path}/wazuh-${build_target}/debian ${sources_dir}/debian cp -p ${package_files}/gen_permissions.sh ${sources_dir} diff --git a/debs/generate_debian_package.sh b/debs/generate_debian_package.sh index 6195db8ebb..4f14917329 100755 --- a/debs/generate_debian_package.sh +++ b/debs/generate_debian_package.sh @@ -16,17 +16,24 @@ TARGET="" JOBS="2" DEBUG="no" BUILD_DOCKER="yes" +DOCKER_TAG="latest" INSTALLATION_PATH="/var/ossec" -DEB_AMD64_BUILDER="deb_builder_amd64" -DEB_I386_BUILDER="deb_builder_i386" -DEB_PPC64LE_BUILDER="deb_builder_ppc64le" -DEB_ARM64_BUILDER="deb_builder_arm64" -DEB_ARMHF_BUILDER="deb_builder_armhf" -DEB_AMD64_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/amd64" -DEB_I386_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/i386" -DEB_PPC64LE_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/ppc64le" -DEB_ARM64_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/arm64" -DEB_ARMHF_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/armhf" +DEB_MANAGER_AMD64_BUILDER="deb_manager_builder_amd64" +DEB_MANAGER_ARM64_BUILDER="deb_manager_builder_arm64" +DEB_MANAGER_PPC64LE_BUILDER="deb_manager_builder_ppc64le" +DEB_AGENT_AMD64_BUILDER="deb_agent_builder_amd64" +DEB_AGENT_I386_BUILDER="deb_agent_builder_i386" +DEB_AGENT_PPC64LE_BUILDER="deb_agent_builder_ppc64le" +DEB_AGENT_ARM64_BUILDER="deb_agent_builder_arm64" +DEB_AGENT_ARMHF_BUILDER="deb_agent_builder_armhf" +DEB_MANAGER_AMD64_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/8/amd64" +DEB_AGENT_AMD64_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/7/amd64" +DEB_MANAGER_ARM64_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/9/arm64" +DEB_AGENT_ARM64_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/9/arm64" +DEB_AGENT_I386_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/7/i386" +DEB_AGENT_PPC64LE_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/9/ppc64le" +DEB_MANAGER_PPC64LE_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/9/ppc64le" +DEB_AGENT_ARMHF_BUILDER_DOCKERFILE="${CURRENT_PATH}/Debian/9/armhf" CHECKSUMDIR="" CHECKSUM="no" PACKAGES_BRANCH="master" @@ -66,7 +73,7 @@ build_deb() { # Build the Docker image if [[ ${BUILD_DOCKER} == "yes" ]]; then - docker build -t ${CONTAINER_NAME} ${DOCKERFILE_PATH} || return 1 + docker build -t ${CONTAINER_NAME}:${DOCKER_TAG} ${DOCKERFILE_PATH} || return 1 fi # Build the Debian package with a Docker container @@ -74,7 +81,7 @@ build_deb() { -v ${CHECKSUMDIR}:/var/local/checksum:Z \ -v ${LOCAL_SPECS}:/specs:Z \ ${CUSTOM_CODE_VOL} \ - ${CONTAINER_NAME} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ + ${CONTAINER_NAME}:${DOCKER_TAG} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ ${REVISION} ${JOBS} ${INSTALLATION_PATH} ${DEBUG} \ ${CHECKSUM} ${PACKAGES_BRANCH} ${USE_LOCAL_SPECS} \ ${USE_LOCAL_SOURCE_CODE} ${FUTURE}|| return 1 @@ -86,50 +93,54 @@ build_deb() { build() { - if [[ "${ARCHITECTURE}" = "x86_64" ]] || [[ "${ARCHITECTURE}" = "amd64" ]]; then + if [[ "${ARCHITECTURE}" == "x86_64" ]] || [[ "${ARCHITECTURE}" == "amd64" ]]; then ARCHITECTURE="amd64" - elif [[ "${ARCHITECTURE}" = "aarch64" ]] || [[ "${ARCHITECTURE}" = "arm64" ]]; then + elif [[ "${ARCHITECTURE}" == "aarch64" ]] || [[ "${ARCHITECTURE}" == "arm64" ]]; then ARCHITECTURE="arm64" elif [[ ${ARCHITECTURE} == "arm32" ]] || [[ ${ARCHITECTURE} == "armhf" ]] || [[ ${ARCHITECTURE} == "armv7hl" ]] ; then ARCHITECTURE="armhf" fi - if [[ "${TARGET}" == "api" ]]; then - - if [[ "${ARCHITECTURE}" = "ppc64le" ]]; then - build_deb ${DEB_PPC64LE_BUILDER} ${DEB_PPC64LE_BUILDER_DOCKERFILE} || return 1 - elif [[ "${ARCHITECTURE}" = "arm64" ]]; then - build_deb ${DEB_ARM64_BUILDER} ${DEB_ARM64_BUILDER_DOCKERFILE} || return 1 - elif [[ "${ARCHITECTURE}" = "armhf" ]]; then - build_deb ${DEB_ARMHF_BUILDER} ${DEB_ARMHF_BUILDER_DOCKERFILE} || return 1 + if [[ "${TARGET}" == "manager" ]]; then + BUILD_NAME="" + FILE_PATH="" + if [[ "${ARCHITECTURE}" == "amd64" ]]; then + BUILD_NAME="${DEB_MANAGER_AMD64_BUILDER}" + FILE_PATH="${DEB_MANAGER_AMD64_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "arm64" ]]; then + BUILD_NAME="${DEB_MANAGER_ARM64_BUILDER}" + FILE_PATH="${DEB_MANAGER_ARM64_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "ppc64le" ]]; then + BUILD_NAME="${DEB_MANAGER_PPC64LE_BUILDER}" + FILE_PATH="${DEB_MANAGER_PPC64LE_BUILDER_DOCKERFILE}" else - build_deb ${DEB_AMD64_BUILDER} ${DEB_AMD64_BUILDER_DOCKERFILE} || return 1 + echo "Invalid architecture '${ARCHITECTURE}' for '${TARGET}'. Choose one of amd64/arm64/ppc64le." + return 1 fi + build_deb ${BUILD_NAME} ${FILE_PATH} || return 1 - elif [[ "${TARGET}" == "manager" ]] || [[ "${TARGET}" == "agent" ]] ; then - - BUILD_NAME="" - FILE_PATH="" - if [[ "${ARCHITECTURE}" = "amd64" ]]; then - BUILD_NAME="${DEB_AMD64_BUILDER}" - FILE_PATH="${DEB_AMD64_BUILDER_DOCKERFILE}" - elif [[ "${ARCHITECTURE}" = "i386" ]]; then - BUILD_NAME="${DEB_I386_BUILDER}" - FILE_PATH="${DEB_I386_BUILDER_DOCKERFILE}" - elif [[ "${ARCHITECTURE}" = "ppc64le" ]]; then - BUILD_NAME="${DEB_PPC64LE_BUILDER}" - FILE_PATH="${DEB_PPC64LE_BUILDER_DOCKERFILE}" - elif [[ "${ARCHITECTURE}" = "arm64" ]]; then - BUILD_NAME="${DEB_ARM64_BUILDER}" - FILE_PATH="${DEB_ARM64_BUILDER_DOCKERFILE}" - elif [[ "${ARCHITECTURE}" = "armhf" ]]; then - BUILD_NAME="${DEB_ARMHF_BUILDER}" - FILE_PATH="${DEB_ARMHF_BUILDER_DOCKERFILE}" + elif [[ "${TARGET}" == "agent" ]] ; then + if [[ "${ARCHITECTURE}" == "amd64" ]]; then + BUILD_NAME="${DEB_AGENT_AMD64_BUILDER}" + FILE_PATH="${DEB_AGENT_AMD64_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "i386" ]]; then + BUILD_NAME="${DEB_AGENT_I386_BUILDER}" + FILE_PATH="${DEB_AGENT_I386_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "arm64" ]]; then + BUILD_NAME="${DEB_AGENT_ARM64_BUILDER}" + FILE_PATH="${DEB_AGENT_ARM64_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "ppc64le" ]]; then + BUILD_NAME="${DEB_AGENT_PPC64LE_BUILDER}" + FILE_PATH="${DEB_AGENT_PPC64LE_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "armhf" ]]; then + BUILD_NAME="${DEB_AGENT_ARMHF_BUILDER}" + FILE_PATH="${DEB_AGENT_ARMHF_BUILDER_DOCKERFILE}" else - echo "Invalid architecture. Choose one of amd64/i386/ppc64le/arm64/arm32." + echo "Invalid architecture '${ARCHITECTURE}' for '${TARGET}'. Choose one of amd64/i386/ppc64le/arm64/arm32." return 1 fi build_deb ${BUILD_NAME} ${FILE_PATH} || return 1 + else echo "Invalid target. Choose: manager or agent." return 1 @@ -152,6 +163,7 @@ help() { echo " -d, --debug [Optional] Build the binaries with debug symbols. By default: no." echo " -c, --checksum [Optional] Generate checksum on the desired path (by default, if no path is specified it will be generated on the same directory than the package)." echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." + echo " --tag [Optional] Tag to use with the docker image." echo " --sources [Optional] Absolute path containing wazuh source code. This option will use local source code instead of downloading it from GitHub." echo " --packages-branch [Optional] Select Git branch or tag from wazuh-packages repository. e.g master." echo " --dev [Optional] Use the SPECS files stored in the host instead of downloading them from GitHub." @@ -237,6 +249,14 @@ main() { BUILD_DOCKER="no" shift 1 ;; + "--tag") + if [ -n "$2" ]; then + DOCKER_TAG="$2" + shift 2 + else + help 1 + fi + ;; "-s"|"--store") if [ -n "$2" ]; then OUTDIR="$2" diff --git a/documentation-templates/wazuh/config.yml b/documentation-templates/wazuh/config.yml index 73b1f5d559..13cfe54586 100644 --- a/documentation-templates/wazuh/config.yml +++ b/documentation-templates/wazuh/config.yml @@ -2,27 +2,27 @@ nodes: # Wazuh indexer nodes indexer: - name: node-1 - ip: + ip: "" #- name: node-2 - # ip: + # ip: "" #- name: node-3 - # ip: + # ip: "" # Wazuh server nodes # If there is more than one Wazuh server # node, each one must have a node_type server: - name: wazuh-1 - ip: + ip: "" # node_type: master #- name: wazuh-2 - # ip: + # ip: "" # node_type: worker #- name: wazuh-3 - # ip: + # ip: "" # node_type: worker # Wazuh dashboard nodes dashboard: - name: dashboard - ip: \ No newline at end of file + ip: "" \ No newline at end of file diff --git a/hp-ux/generate_wazuh_packages.sh b/hp-ux/generate_wazuh_packages.sh index 896808cc81..caf58ddce6 100755 --- a/hp-ux/generate_wazuh_packages.sh +++ b/hp-ux/generate_wazuh_packages.sh @@ -8,9 +8,9 @@ install_path="/var/ossec" current_path=`pwd` +build_tools_path="/home/okkam" source_directory=${current_path}/wazuh-sources configuration_file="${source_directory}/etc/preloaded-vars.conf" -PATH=$PATH:/usr/local/bin target_dir="${current_path}/output" checksum_dir="" wazuh_version="" @@ -18,6 +18,12 @@ wazuh_revision="1" depot_path="" control_binary="" +# Needed variables to build Wazuh with custom GCC and cmake +PATH=${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin:${build_tools_path}/cmake_prefix_install/bin:$PATH:/usr/local/bin +LD_LIBRARY_PATH=${build_tools_path}/bootstrap-gcc/gcc94_prefix/lib +export LD_LIBRARY_PATH +CXX=${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin/g++ + build_environment() { # Resizing partitions for Site Ox boxes (used by Wazuh team) @@ -53,7 +59,6 @@ build_environment() { swinstall -s $depot \* /usr/local/bin/depothelper $fpt_connection -f curl /usr/local/bin/depothelper $fpt_connection -f unzip - /usr/local/bin/depothelper $fpt_connection -f gcc /usr/local/bin/depothelper $fpt_connection -f make /usr/local/bin/depothelper $fpt_connection -f bash /usr/local/bin/depothelper $fpt_connection -f gzip @@ -65,6 +70,24 @@ build_environment() { /usr/local/bin/depothelper $fpt_connection -f perl /usr/local/bin/depothelper $fpt_connection -f regex /usr/local/bin/depothelper $fpt_connection -f python + + # Install GCC 9.4 + mkdir ${build_tools_path} + cd ${build_tools_path} + mkdir bootstrap-gcc + cd ${build_tools_path}/bootstrap-gcc + curl -k -SO http://packages.wazuh.com/utils/gcc/gcc_9.4_HPUX_build.tar.gz + gunzip gcc_9.4_HPUX_build.tar.gz + tar -xf gcc_9.4_HPUX_build.tar + rm -f gcc_9.4_HPUX_build.tar + cp -f ${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin/gcc ${build_tools_path}/bootstrap-gcc/gcc94_prefix/bin/cc + + # Install cmake 3.22.2 + cd ${build_tools_path} + curl -k -SO http://packages.wazuh.com/utils/cmake/cmake_3.22.2_HPUX_build.tar.gz + gunzip cmake_3.22.2_HPUX_build.tar.gz + tar -xf cmake_3.22.2_HPUX_build.tar + rm -f cmake_3.22.2_HPUX_build.tar } config() { @@ -117,6 +140,12 @@ compile() { gmake deps RESOURCES_URL=http://packages.wazuh.com/deps/${deps_version} TARGET=agent gmake TARGET=agent USE_SELINUX=no bash ${source_directory}/install.sh + # Install std libs needed to run the agent + cp -f ${build_tools_path}/bootstrap-gcc/gcc94_prefix/lib/libstdc++.so.6.28 ${install_path}/lib + cp -f ${build_tools_path}/bootstrap-gcc/gcc94_prefix/lib/libgcc_s.so.0 ${install_path}/lib + ln -s ${install_path}/lib/libstdc++.so.6.28 ${install_path}/lib/libstdc++.so.6 + ln -s ${install_path}/lib/libstdc++.so.6.28 ${install_path}/lib/libstdc++.so + ln -s ${install_path}/lib/libgcc_s.so.0 ${install_path}/lib/libgcc_s.so cd $current_path } @@ -172,6 +201,8 @@ clean() { userdel wazuh groupdel wazuh + rm -rf ${build_tools_path} + exit ${exit_code} } diff --git a/macos/generate_wazuh_packages.sh b/macos/generate_wazuh_packages.sh index af9ef12b49..597cf17825 100755 --- a/macos/generate_wazuh_packages.sh +++ b/macos/generate_wazuh_packages.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -x # Program to build and package OSX wazuh-agent # Wazuh package generator # Copyright (C) 2015, Wazuh Inc. @@ -12,9 +13,9 @@ CURRENT_PATH="$( cd $(dirname ${0}) ; pwd -P )" SOURCES_DIRECTORY="${CURRENT_PATH}/repository" WAZUH_PATH="${SOURCES_DIRECTORY}/wazuh" WAZUH_SOURCE_REPOSITORY="https://github.com/wazuh/wazuh" -AGENT_PKG_FILE="${CURRENT_PATH}/package_files/wazuh-agent.pkgproj" export CONFIG="${WAZUH_PATH}/etc/preloaded-vars.conf" ENTITLEMENTS_PATH="${CURRENT_PATH}/entitlements.plist" +ARCH="intel64" INSTALLATION_PATH="/Library/Ossec" # Installation path VERSION="" # Default VERSION (branch/tag) REVISION="1" # Package revision. @@ -31,14 +32,16 @@ KC_PASS="" # Password of the keychain. NOTARIZE="no" # Notarize the package for macOS Catalina. DEVELOPER_ID="" # Apple Developer ID. ALTOOL_PASS="" # Temporary Application password for altool. +TEAM_ID="" # Team ID of the Apple Developer ID. pkg_name="" +notarization_path="" trap ctrl_c INT function clean_and_exit() { exit_code=$1 - rm -f ${AGENT_PKG_FILE} ${CURRENT_PATH}/package_files/*.sh rm -rf "${SOURCES_DIRECTORY}" + rm "${CURRENT_PATH}"/specs/wazuh-agent.pkgproj-e ${CURRENT_PATH}/uninstall.sh exit ${exit_code} } @@ -54,44 +57,20 @@ function notarize_pkg() { sleep_time="120" build_timestamp="$(date +"%m%d%Y%H%M%S")" if [ "${NOTARIZE}" = "yes" ]; then - if sudo xcrun altool --notarize-app --primary-bundle-id "com.wazuh.agent.${VERSION}.${REVISION}.${build_timestamp}" \ - --username "${DEVELOPER_ID}" --password "${ALTOOL_PASS}" --file ${DESTINATION}/${pkg_name} > request_info.txt ; then - echo "The package ${DESTINATION}/${pkg_name} was successfully upload for notarization." - echo "Waiting ${sleep_time}s to get the results" - sleep ${sleep_time} - - uuid="$(grep -i requestuuid request_info.txt | cut -d' ' -f 3)" - - # Check notarization status - xcrun altool --notarization-info ${uuid} -u "${DEVELOPER_ID}" --password "${ALTOOL_PASS}" > request_result.txt - until ! grep -qi "in progress" request_result.txt ; do - echo "Package is not notarized yet. Waiting ${sleep_time}s" - sleep ${sleep_time} - xcrun altool --notarization-info ${uuid} -u "${DEVELOPER_ID}" --password "${ALTOOL_PASS}" > request_result.txt - done - - echo "Notarization ticket:" - cat request_result.txt - - if grep "Status: success" request_result.txt > /dev/null 2>&1 ; then - echo "Package is notarized and ready to go." - echo "Adding the ticket to the package." - if xcrun stapler staple -v ${DESTINATION}/${pkg_name} ; then - echo "Ticket added. Ready to release the package." - return 0 - else - echo "Something went wrong while adding the package." - clean_and_exit 1 - fi + + if sudo xcrun notarytool submit ${1} --apple-id "${DEVELOPER_ID}" --team-id "${TEAM_ID}" --password "${ALTOOL_PASS}" --wait ; then + echo "Package is notarized and ready to go." + echo "Adding the ticket to the package." + if xcrun stapler staple -v "${1}" ; then + echo "Ticket added. Ready to release the package." + mkdir -p "${DESTINATION}" && cp "${1}" "${DESTINATION}/" + return 0 else - - echo "The package couldn't be notarized." - echo "Check notarization ticket for more info." + echo "Something went wrong while adding the package." clean_and_exit 1 fi - else - echo "Error while uploading the app to be notarized." + echo "Error notarizing the package." clean_and_exit 1 fi fi @@ -150,10 +129,9 @@ function build_package() { # create package if packagesbuild ${AGENT_PKG_FILE} --build-folder ${DESTINATION} ; then - echo "The wazuh agent package for MacOS X has been successfully built." - pkg_name="wazuh-agent-${VERSION}-${REVISION}.pkg" + echo "The wazuh agent package for macOS has been successfully built." + pkg_name="wazuh-agent-${VERSION}-${REVISION}.${ARCH}.pkg" sign_pkg - notarize_pkg if [[ "${CHECKSUM}" == "yes" ]]; then mkdir -p ${CHECKSUMDIR} cd ${DESTINATION} && shasum -a512 "${pkg_name}" > "${CHECKSUMDIR}/${pkg_name}.sha512" @@ -170,6 +148,7 @@ function help() { echo "Usage: $0 [OPTIONS]" echo echo " Build options:" + echo " -a, --architecture [Optional] Target architecture of the package [intel64/arm64]. By Default: intel64." echo " -b, --branch [Required] Select Git branch or tag e.g. $BRANCH" echo " -s, --store-path [Optional] Set the destination absolute path of package." echo " -j, --jobs [Optional] Number of parallel jobs when compiling." @@ -185,8 +164,10 @@ function help() { echo " --keychain-password [Optional] Password of the keychain." echo " --application-certificate [Optional] Apple Developer ID certificate name to sign Apps and binaries." echo " --installer-certificate [Optional] Apple Developer ID certificate name to sign pkg." - echo " --notarize [Optional] Notarize the package for its distribution on macOS Catalina ." + echo " --notarize [Optional] Notarize the package for its distribution on macOS." + echo " --notarize-path [Optional] Path of the package to be notarized." echo " --developer-id [Optional] Your Apple Developer ID." + echo " --team-id [Optional] Your Apple Team ID." echo " --altool-password [Optional] Temporary password to use altool from Xcode." echo exit "$1" @@ -196,14 +177,14 @@ function get_pkgproj_specs() { VERSION=$(< "${WAZUH_PATH}/src/VERSION" cut -d "-" -f1 | cut -c 2-) - pkg_file="specs/wazuh-agent.pkgproj" + pkg_file="specs/wazuh-agent-${ARCH}.pkgproj" if [ ! -f "${pkg_file}" ]; then echo "Warning: the file ${pkg_file} does not exists. Check the version selected." exit 1 else echo "Modifiying ${pkg_file} to match revision." - sed -i -e "s:${VERSION}-.*<:${VERSION}-${REVISION}<:g" "${pkg_file}" + sed -i -e "s:${VERSION}-.*<:${VERSION}-${REVISION}.${ARCH}<:g" "${pkg_file}" cp "${pkg_file}" "${AGENT_PKG_FILE}" fi @@ -236,6 +217,10 @@ function install_deps() { echo "Something went wrong installing packagesbuild." fi + if [ "$(uname -m)" = "arm64" ]; then + echo "Installing build dependencies for arm64 architecture" + brew install gcc binutils autoconf automake libtool cmake + fi exit 0 } @@ -262,6 +247,14 @@ function main() { while [ -n "$1" ] do case "$1" in + "-a"|"--architecture") + if [ -n "$2" ]; then + ARCH="$2" + shift 2 + else + help 1 + fi + ;; "-b"|"--branch") if [ -n "$2" ]; then BRANCH_TAG="$2" @@ -355,6 +348,14 @@ function main() { NOTARIZE="yes" shift 1 ;; + "--notarize-path") + if [ -n "$2" ]; then + notarization_path="$2" + shift 2 + else + help 1 + fi + ;; "--developer-id") if [ -n "$2" ]; then DEVELOPER_ID="$2" @@ -363,6 +364,14 @@ function main() { help 1 fi ;; + "--team-id") + if [ -n "$2" ]; then + TEAM_ID="$2" + shift 2 + else + help 1 + fi + ;; "--altool-password") if [ -n "$2" ]; then ALTOOL_PASS="$2" @@ -382,16 +391,35 @@ function main() { testdep + if [ "${ARCH}" != "intel64" ] && [ "${ARCH}" != "arm64" ]; then + echo "Error: architecture not supported." + echo "Supported architectures: intel64, arm64" + exit 1 + fi + if [ -z "${CHECKSUMDIR}" ]; then CHECKSUMDIR="${DESTINATION}" fi - if [[ "$BUILD" != "no" ]]; then + if [[ "${BUILD}" != "no" ]]; then check_root + AGENT_PKG_FILE="${CURRENT_PATH}/package_files/wazuh-agent-${ARCH}.pkgproj" build_package "${CURRENT_PATH}/uninstall.sh" - else - echo "The branch has not been specified. No package will be generated." + fi + if [ "${NOTARIZE}" = "yes" ]; then + if [ "${BUILD}" = "yes" ]; then + pkg_name="wazuh-agent-${VERSION}-${REVISION}.${ARCH}.pkg" + notarization_path="${DESTINATION}/${pkg_name}" + fi + if [ -z "${notarization_path}" ]; then + echo "The path of the package to be notarized has not been specified." + help 1 + fi + notarize_pkg "${notarization_path}" + fi + if [ "${BUILD}" = "no" ] && [ "${NOTARIZE}" = "no" ]; then + echo "The branch has not been specified and notarization has not been selected." help 1 fi diff --git a/macos/package_files/build.sh b/macos/package_files/build.sh index f94537efbd..522513b789 100755 --- a/macos/package_files/build.sh +++ b/macos/package_files/build.sh @@ -35,10 +35,10 @@ function build() { configure if [ -z "${USER_BINARYINSTALL}" ]; then - make -C ${SOURCES_PATH}/src deps TARGET=agent + make -C ${SOURCES_PATH}/src deps TARGET=agent - echo "Generating Wazuh executables" - make -j$JOBS -C ${SOURCES_PATH}/src DYLD_FORCE_FLAT_NAMESPACE=1 TARGET=agent build + echo "Generating Wazuh executables" + make -j$JOBS -C ${SOURCES_PATH}/src DYLD_FORCE_FLAT_NAMESPACE=1 TARGET=agent build fi echo "Running install script" @@ -60,7 +60,7 @@ function build() { find ${SOURCES_PATH}/src/init/ -name *.sh -type f -exec install -m 0640 {} ${INSTALLATION_SCRIPTS_DIR}/src/init \; mkdir -p ${INSTALLATION_SCRIPTS_DIR}/sca/generic - mkdir -p ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/{15,16,17,18,20,21,22} + mkdir -p ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/{15,16,17,18,20,21,22,23} cp -r ${SOURCES_PATH}/ruleset/sca/darwin ${INSTALLATION_SCRIPTS_DIR}/sca cp -r ${SOURCES_PATH}/ruleset/sca/generic ${INSTALLATION_SCRIPTS_DIR}/sca @@ -73,6 +73,7 @@ function build() { cp ${SOURCES_PATH}/etc/templates/config/darwin/20/sca.files ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/20/ cp ${SOURCES_PATH}/etc/templates/config/darwin/21/sca.files ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/21/ cp ${SOURCES_PATH}/etc/templates/config/darwin/22/sca.files ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/22/ + cp ${SOURCES_PATH}/etc/templates/config/darwin/23/sca.files ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/23/ cp ${SOURCES_PATH}/src/VERSION ${INSTALLATION_SCRIPTS_DIR}/src/ cp ${SOURCES_PATH}/src/REVISION ${INSTALLATION_SCRIPTS_DIR}/src/ diff --git a/macos/specs/wazuh-agent-arm64.pkgproj b/macos/specs/wazuh-agent-arm64.pkgproj new file mode 100644 index 0000000000..bc1fe8d2b8 --- /dev/null +++ b/macos/specs/wazuh-agent-arm64.pkgproj @@ -0,0 +1,1255 @@ + + + + + PACKAGES + + + MUST-CLOSE-APPLICATION-ITEMS + + MUST-CLOSE-APPLICATIONS + + PACKAGE_FILES + + DEFAULT_INSTALL_LOCATION + / + HIERARCHY + + CHILDREN + + + CHILDREN + + GID + 80 + PATH + Applications + PATH_TYPE + 0 + PERMISSIONS + 509 + TYPE + 1 + UID + 0 + + + CHILDREN + + + CHILDREN + + GID + 80 + PATH + Application Support + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Automator + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Documentation + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Extensions + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Filesystems + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Frameworks + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Input Methods + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Internet Plug-Ins + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + LaunchAgents + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + LaunchDaemons + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/.ssh + PATH_TYPE + 0 + PERMISSIONS + 448 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/active-response + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/agentless + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/bin + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/internal_options.conf + PATH_TYPE + 0 + PERMISSIONS + 416 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/localtime + PATH_TYPE + 0 + PERMISSIONS + 416 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/client.keys + PATH_TYPE + 0 + PERMISSIONS + 416 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/local_internal_options.conf + PATH_TYPE + 0 + PERMISSIONS + 416 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/ossec.conf + PATH_TYPE + 0 + PERMISSIONS + 416 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/shared + PATH_TYPE + 0 + PERMISSIONS + 504 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/etc/wpk_root.pem + PATH_TYPE + 0 + PERMISSIONS + 416 + TYPE + 3 + UID + 0 + + + EXPANDED + + GID + 0 + PATH + /Library/Ossec/etc + PATH_TYPE + 0 + PERMISSIONS + 504 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/lib + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/logs + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/queue + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/tmp + PATH_TYPE + 0 + PERMISSIONS + 1000 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/packages_files + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/var + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/wodles + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + /Library/Ossec/ruleset + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + EXPANDED + + GID + 0 + PATH + /Library/Ossec + PATH_TYPE + 0 + PERMISSIONS + 488 + TYPE + 3 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + PreferencePanes + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Preferences + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 80 + PATH + Printers + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + PrivilegedHelperTools + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + QuickLook + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + QuickTime + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Screen Savers + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Scripts + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Services + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + GID + 0 + PATH + Widgets + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + GID + 0 + PATH + Library + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + CHILDREN + + + CHILDREN + + GID + 0 + PATH + Shared + PATH_TYPE + 0 + PERMISSIONS + 1023 + TYPE + 1 + UID + 0 + + + GID + 80 + PATH + Users + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + + GID + 0 + PATH + / + PATH_TYPE + 0 + PERMISSIONS + 493 + TYPE + 1 + UID + 0 + + PAYLOAD_TYPE + 0 + SHOW_INVISIBLE + + SPLIT_FORKS + + TREAT_MISSING_FILES_AS_WARNING + + VERSION + 4 + + PACKAGE_SCRIPTS + + POSTINSTALL_PATH + + PATH + postinstall.sh + PATH_TYPE + 1 + + PREINSTALL_PATH + + PATH + preinstall.sh + PATH_TYPE + 1 + + RESOURCES + + + PACKAGE_SETTINGS + + AUTHENTICATION + 1 + CONCLUSION_ACTION + 0 + FOLLOW_SYMBOLIC_LINKS + + IDENTIFIER + com.wazuh.pkg.wazuh-agent + LOCATION + 0 + NAME + agent + OVERWRITE_PERMISSIONS + + PAYLOAD_SIZE + -1 + RELOCATABLE + + USE_HFS+_COMPRESSION + + VERSION + 4.8.1-1 + + TYPE + 0 + UUID + 7BC88EDC-74AB-498A-992B-DE940686D898 + + + PROJECT + + PROJECT_COMMENTS + + NOTES + + PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M + IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv + c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l + cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7 + IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250 + ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp + dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u + dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD + b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjE1MDQuODMiPgo8c3R5bGUg + dHlwZT0idGV4dC9jc3MiPgo8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5 + Pgo8L2JvZHk+CjwvaHRtbD4K + + + PROJECT_PRESENTATION + + BACKGROUND + + INSTALLATION TYPE + + HIERARCHIES + + INSTALLER + + LIST + + + DESCRIPTION + + OPTIONS + + HIDDEN + + STATE + 0 + + PACKAGE_UUID + 7BC88EDC-74AB-498A-992B-DE940686D898 + REQUIREMENTS + + TITLE + + + LANGUAGE + English + VALUE + Wazuh Agent + + + TOOLTIP + + TYPE + 0 + UUID + B5127C49-7EF4-4B73-97D7-2819981073A4 + + + REMOVED + + + + MODE + 0 + + INSTALLATION_STEPS + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewIntroductionController + INSTALLER_PLUGIN + Introduction + LIST_TITLE_KEY + InstallerSectionTitle + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewReadMeController + INSTALLER_PLUGIN + ReadMe + LIST_TITLE_KEY + InstallerSectionTitle + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewLicenseController + INSTALLER_PLUGIN + License + LIST_TITLE_KEY + InstallerSectionTitle + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewDestinationSelectController + INSTALLER_PLUGIN + TargetSelect + LIST_TITLE_KEY + InstallerSectionTitle + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewInstallationTypeController + INSTALLER_PLUGIN + PackageSelection + LIST_TITLE_KEY + InstallerSectionTitle + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewInstallationController + INSTALLER_PLUGIN + Install + LIST_TITLE_KEY + InstallerSectionTitle + + + ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS + ICPresentationViewSummaryController + INSTALLER_PLUGIN + Summary + LIST_TITLE_KEY + InstallerSectionTitle + + + INTRODUCTION + + LOCALIZATIONS + + + LANGUAGE + English + VALUE + + PATH + introduction.txt + PATH_TYPE + 1 + + + + + LICENSE + + LOCALIZATIONS + + MODE + 0 + + README + + LOCALIZATIONS + + + TITLE + + LOCALIZATIONS + + + LANGUAGE + English + VALUE + Wazuh Agent + + + + + PROJECT_REQUIREMENTS + + LIST + + + BEHAVIOR + 3 + DICTIONARY + + IC_REQUIREMENT_CPU_ARCHITECTURE_FAMILY + 3 + IC_REQUIREMENT_CPU_INTEL_ARCHITECTURE_TYPE + 0 + IC_REQUIREMENT_CPU_MINIMUM_CPU_CORES_COUNT + 1 + IC_REQUIREMENT_CPU_MINIMUM_FREQUENCY + 866666 + IC_REQUIREMENT_CPU_POWERPC_ARCHITECTURE_TYPE + 0 + + IC_REQUIREMENT_CHECK_TYPE + 0 + IDENTIFIER + fr.whitebox.Packages.requirement.cpu + MESSAGE + + + LANGUAGE + English + SECONDARY_VALUE + + VALUE + This installer has been built for Apple Silicon architecture. It won't install in other platforms. + + + + NAME + Processor + STATE + + + + BEHAVIOR + 3 + DICTIONARY + + IC_REQUIREMENT_OS_DISK_TYPE + 0 + IC_REQUIREMENT_OS_DISTRIBUTION_TYPE + 0 + IC_REQUIREMENT_OS_MINIMUM_VERSION + 100800 + + IC_REQUIREMENT_CHECK_TYPE + 1 + IDENTIFIER + fr.whitebox.Packages.requirement.os + MESSAGE + + NAME + Operating System + STATE + + + + RESOURCES + + ROOT_VOLUME_ONLY + + + PROJECT_SETTINGS + + BUILD_FORMAT + 0 + BUILD_PATH + + PATH + build + PATH_TYPE + 1 + + EXCLUDED_FILES + + + PATTERNS_ARRAY + + + REGULAR_EXPRESSION + + STRING + .DS_Store + TYPE + 0 + + + PROTECTED + + PROXY_NAME + Remove .DS_Store files + PROXY_TOOLTIP + Remove ".DS_Store" files created by the Finder. + STATE + + + + PATTERNS_ARRAY + + + REGULAR_EXPRESSION + + STRING + .pbdevelopment + TYPE + 0 + + + PROTECTED + + PROXY_NAME + Remove .pbdevelopment files + PROXY_TOOLTIP + Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. + STATE + + + + PATTERNS_ARRAY + + + REGULAR_EXPRESSION + + STRING + CVS + TYPE + 1 + + + REGULAR_EXPRESSION + + STRING + .cvsignore + TYPE + 0 + + + REGULAR_EXPRESSION + + STRING + .cvspass + TYPE + 0 + + + REGULAR_EXPRESSION + + STRING + .svn + TYPE + 1 + + + REGULAR_EXPRESSION + + STRING + .git + TYPE + 1 + + + REGULAR_EXPRESSION + + STRING + .gitignore + TYPE + 0 + + + PROTECTED + + PROXY_NAME + Remove SCM metadata + PROXY_TOOLTIP + Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. + STATE + + + + PATTERNS_ARRAY + + + REGULAR_EXPRESSION + + STRING + classes.nib + TYPE + 0 + + + REGULAR_EXPRESSION + + STRING + designable.db + TYPE + 0 + + + REGULAR_EXPRESSION + + STRING + info.nib + TYPE + 0 + + + PROTECTED + + PROXY_NAME + Optimize nib files + PROXY_TOOLTIP + Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. + STATE + + + + PATTERNS_ARRAY + + + REGULAR_EXPRESSION + + STRING + Resources Disabled + TYPE + 1 + + + PROTECTED + + PROXY_NAME + Remove Resources Disabled folders + PROXY_TOOLTIP + Remove "Resources Disabled" folders. + STATE + + + + SEPARATOR + + + + NAME + wazuh-agent-4.8.1-1.arm64 + PAYLOAD_ONLY + + TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING + + + + TYPE + 0 + VERSION + 2 + + diff --git a/macos/specs/wazuh-agent.pkgproj b/macos/specs/wazuh-agent-intel64.pkgproj similarity index 99% rename from macos/specs/wazuh-agent.pkgproj rename to macos/specs/wazuh-agent-intel64.pkgproj index f7e4169d10..d6fc49771c 100644 --- a/macos/specs/wazuh-agent.pkgproj +++ b/macos/specs/wazuh-agent-intel64.pkgproj @@ -812,7 +812,7 @@ USE_HFS+_COMPRESSION VERSION - 4.5.1-1 + 4.8.1-1 TYPE 0 @@ -996,7 +996,7 @@ BEHAVIOR - 3 + 2 DICTIONARY IC_REQUIREMENT_CPU_ARCHITECTURE_FAMILY @@ -1022,7 +1022,7 @@ SECONDARY_VALUE VALUE - This installer has been built for 64-bit Intel architecture. It won't install in other platforms. + This installer has been built for 64-bit Intel architecture. NAME @@ -1239,7 +1239,7 @@ NAME - wazuh-agent-4.5.1-1 + wazuh-agent-4.8.1-1.intel64 PAYLOAD_ONLY TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING diff --git a/macos/uninstall.sh b/macos/uninstall.sh index 6f894e64fb..7f344720f7 100755 --- a/macos/uninstall.sh +++ b/macos/uninstall.sh @@ -1,29 +1,29 @@ -#/bin/sh +#!/bin/sh ## Stop and remove application sudo /Library/Ossec/bin/wazuh-control stop sudo /bin/rm -r /Library/Ossec* ## stop and unload dispatcher -#sudo /bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist +/bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist # remove launchdaemons -sudo /bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist +/bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist ## remove StartupItems -sudo /bin/rm -rf /Library/StartupItems/WAZUH +/bin/rm -rf /Library/StartupItems/WAZUH ## Remove User and Groups -sudo /usr/bin/dscl . -delete "/Users/wazuh" -sudo /usr/bin/dscl . -delete "/Groups/wazuh" +/usr/bin/dscl . -delete "/Users/wazuh" +/usr/bin/dscl . -delete "/Groups/wazuh" -sudo /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent -sudo /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent-etc +/usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent +/usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent-etc # In case it was installed via Puppet pkgdmg provider if [ -e /var/db/.puppet_pkgdmg_installed_wazuh-agent ]; then - sudo rm -f /var/db/.puppet_pkgdmg_installed_wazuh-agent + rm -f /var/db/.puppet_pkgdmg_installed_wazuh-agent fi echo diff --git a/ova/Vagrantfile b/ova/Vagrantfile index 1dabeaec6c..4a3409ab1c 100755 --- a/ova/Vagrantfile +++ b/ova/Vagrantfile @@ -3,7 +3,8 @@ Vagrant.configure("2") do |config| - config.vm.box = "centos/7" + config.vm.box_url = "https://packages-dev.wazuh.com/vms/ova/amazonlinux-2.box" + config.vm.box = "amazonlinux-2" config.vm.hostname = "wazuh-server" config.vm.provider "virtualbox" do |vb| vb.name = "vm_wazuh" @@ -11,13 +12,15 @@ Vagrant.configure("2") do |config| vb.cpus = "4" end + config.ssh.username = "wazuh-user" + config.ssh.password = "wazuh" + config.ssh.insert_key = true + # Synced folder configuration config.vm.synced_folder ".", "/vagrant", disabled: true config.vm.synced_folder ".", "/tmp", type: "rsync", :rsync__exclude => ['output'] # Provision stage config.vm.provision :shell, path: "provision.sh", :args => "#{ENV['PACKAGES_REPOSITORY']} #{ENV['DEBUG']}" - # Provision cleanup stage - config.vm.provision :shell, path: "assets/postProvision.sh", :args => "#{ENV['DEBUG']}" end diff --git a/ova/assets/custom/enable_fips.sh b/ova/assets/custom/enable_fips.sh new file mode 100644 index 0000000000..dca9e59d2c --- /dev/null +++ b/ova/assets/custom/enable_fips.sh @@ -0,0 +1,9 @@ +# Update the Operating System (OS) packages to ensure the OS is up to date +sudo yum update -y + +# Install and enable the FIPS module +sudo yum install -y dracut-fips +sudo dracut -f + +# Enable FIPS mode by adding kernel argument: +sudo /sbin/grubby --update-kernel=ALL --args="fips=1" diff --git a/ova/assets/custom/grub/grub b/ova/assets/custom/grub/grub index 2eb9b7ade9..6cc85d8b52 100644 --- a/ova/assets/custom/grub/grub +++ b/ova/assets/custom/grub/grub @@ -1,9 +1,8 @@ - -GRUB_CMDLINE_LINUX="console=tty12" +GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 nvme_core.io_timeout=4294967295 rd.emergency=poweroff quiet splash rd.plymouth=0 plymouth.enable=0 loglevel=0 systemd.show_status=0 systemd.log_level=0 vt.cur_default=0 rd.shell=0 root=/dev/sda1" GRUB_DEFAULT=0 GRUB_TIMEOUT=0 GRUB_HIDDEN_TIMEOUT=2 GRUB_DISABLE_RECOVERY="true" GRUB_DISABLE_SUBMENU=y -GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 biosdevname=0 quiet splash rd.plymouth=0 plymouth.enable=0 loglevel=0 systemd.show_status=0 systemd.log_level=0 vt.cur_default=0" +GRUB_DISABLE_LINUX_UUID=true GRUB_BACKGROUND="/boot/grub2/wazuh.png" \ No newline at end of file diff --git a/ova/assets/custom/messages.sh b/ova/assets/custom/messages.sh index 24cc05aa5c..5f9b3cc28b 100644 --- a/ova/assets/custom/messages.sh +++ b/ova/assets/custom/messages.sh @@ -12,15 +12,16 @@ cat > /etc/issue < /etc/motd < /etc/update-motd.d/30-banner < {}' \; -find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' \; - -rm /root/anaconda-ks.cfg -rm /root/original-ks.cfg - -history -c -shutdown -r now > /dev/null 2>&1 diff --git a/ova/assets/steps.sh b/ova/assets/steps.sh index 634ac0d7f4..2a76dcbc3f 100644 --- a/ova/assets/steps.sh +++ b/ova/assets/steps.sh @@ -13,6 +13,11 @@ systemConfig() { mv ${CUSTOM_PATH}/grub/grub /etc/default/ grub2-mkconfig -o /boot/grub2/grub.cfg > /dev/null 2>&1 + # Enable fips + mv ${CUSTOM_PATH}/enable_fips.sh /tmp/ + chmod 755 /tmp/enable_fips.sh + bash /tmp/enable_fips.sh + # Update Wazuh indexer jvm heap mv ${CUSTOM_PATH}/automatic_set_ram.sh /etc/ chmod 755 /etc/automatic_set_ram.sh @@ -20,14 +25,10 @@ systemConfig() { systemctl daemon-reload systemctl enable updateIndexerHeap.service + # Change root password (root:wazuh) sed -i "s/root:.*:/root:\$1\$pNjjEA7K\$USjdNwjfh7A\.vHCf8suK41::0:99999:7:::/g" /etc/shadow - # Add custom user ($1$pNjjEA7K$USjdNwjfh7A.vHCf8suK41 -> wazuh) - adduser ${SYSTEM_USER} - sed -i "s/${SYSTEM_USER}:!!/${SYSTEM_USER}:\$1\$pNjjEA7K\$USjdNwjfh7A\.vHCf8suK41/g" /etc/shadow - - gpasswd -a ${SYSTEM_USER} wheel hostname ${HOSTNAME} # AWS instance has this enabled @@ -66,4 +67,15 @@ clean() { rm -f /securityadmin_demo.sh yum clean all + systemctl daemon-reload + + # Clear synced files + rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore + + # Remove logs + find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \; + find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' \; + + cat /dev/null > ~/.bash_history && history -c + } diff --git a/ova/generate_ova.sh b/ova/generate_ova.sh index deb3883013..329917aac5 100755 --- a/ova/generate_ova.sh +++ b/ova/generate_ova.sh @@ -41,7 +41,7 @@ help () { echo -e "DESCRIPTION" echo -e " -r, --repository" echo -e " Use development or production repository." - echo -e " Values: [prod|dev]. By default: ${PACKAGES_REPOSITORY}." + echo -e " Values: [prod|dev|staging]. By default: ${PACKAGES_REPOSITORY}." echo -e "" echo -e " -s, --store" echo -e " Set the destination absolute path where the OVA file will be stored." @@ -104,7 +104,7 @@ build_ova() { --product "Wazuh v${OVA_VERSION} OVA" \ --producturl "https://packages.wazuh.com/vm/wazuh-${OVA_VERSION}.ova" \ --vendor "Wazuh, inc " --vendorurl "https://wazuh.com" \ - --version "$OVA_VERSION" --description "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring." \ + --version "$OVA_VERSION" --description "Wazuh enhances security visibility in your infrastructure by monitoring endpoints at the operating system and application levels. Its capabilities include log analysis, file integrity monitoring, intrusion detection, and compliance monitoring." \ || clean 1 vagrant destroy -f @@ -141,14 +141,14 @@ main() { "-r" | "--repository") if [ -n "$2" ]; then - if [ "$2" != "prod" ] && [ "$2" != "dev" ]; then - echo "ERROR: Repository must be: [prod/dev]" + if [ "$2" != "prod" ] && [ "$2" != "dev" ] && [ "$2" != "staging" ]; then + echo "ERROR: Repository must be: [prod/dev/staging]" help 1 fi PACKAGES_REPOSITORY="$2" shift 2 else - echo "ERROR: Value must be: [prod/dev]" + echo "ERROR: Value must be: [prod/dev/staging]" help 1 fi ;; @@ -231,4 +231,3 @@ main() { } main "$@" - diff --git a/ova/provision.sh b/ova/provision.sh index 4fec68fd37..96ebd8abdd 100755 --- a/ova/provision.sh +++ b/ova/provision.sh @@ -17,6 +17,8 @@ INSTALL_ARGS="-a" if [[ "${PACKAGES_REPOSITORY}" == "dev" ]]; then BUILDER_ARGS+=" -d" +elif [[ "${PACKAGES_REPOSITORY}" == "staging" ]]; then + BUILDER_ARGS+=" -d staging" fi if [[ "${DEBUG}" = "yes" ]]; then diff --git a/ova/wazuh_ovf_template b/ova/wazuh_ovf_template index 893216b01d..e65d539ae3 100644 --- a/ova/wazuh_ovf_template +++ b/ova/wazuh_ovf_template @@ -26,11 +26,11 @@ A human-readable annotation - Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring. + Wazuh enhances security visibility in your infrastructure by monitoring endpoints at the operating system and application levels. Its capabilities include log analysis, file integrity monitoring, intrusion detection, and compliance monitoring. - + The kind of installed guest operating system - Linux -CentOS Linux release 7.7 + Linux - Amazon Linux 2 Virtual hardware requirements diff --git a/rpms/CentOS/5/i386/Dockerfile b/rpms/CentOS/5/i386/Dockerfile index 7c19499b5c..af68534de5 100644 --- a/rpms/CentOS/5/i386/Dockerfile +++ b/rpms/CentOS/5/i386/Dockerfile @@ -31,7 +31,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ linux32 ./contrib/download_prerequisites && \ linux32 ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib --disable-libsanitizer && \ linux32 make -j2 && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/rpms/CentOS/5/x86_64/Dockerfile b/rpms/CentOS/5/x86_64/Dockerfile index 01e4e65e64..2a6b2d9581 100644 --- a/rpms/CentOS/5/x86_64/Dockerfile +++ b/rpms/CentOS/5/x86_64/Dockerfile @@ -35,7 +35,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j2 && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/6/i386/CentOS-Base.repo b/rpms/CentOS/6/i386/CentOS-Base.repo index 1f492ab2b8..aac76933ec 100644 --- a/rpms/CentOS/6/i386/CentOS-Base.repo +++ b/rpms/CentOS/6/i386/CentOS-Base.repo @@ -8,7 +8,7 @@ # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # -# + [base] name=CentOS-$releasever - Base diff --git a/rpms/CentOS/6/i386/Dockerfile b/rpms/CentOS/6/i386/Dockerfile index 04cdb78fa5..289dee9946 100644 --- a/rpms/CentOS/6/i386/Dockerfile +++ b/rpms/CentOS/6/i386/Dockerfile @@ -46,7 +46,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ linux32 ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/rpms/CentOS/6/x86_64/Dockerfile b/rpms/CentOS/6/x86_64/Dockerfile index 898fb35bf9..d6968907c6 100644 --- a/rpms/CentOS/6/x86_64/Dockerfile +++ b/rpms/CentOS/6/x86_64/Dockerfile @@ -46,7 +46,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/7/aarch64/Dockerfile b/rpms/CentOS/7/aarch64/Dockerfile index cedd1811a7..1b4a6ad33d 100644 --- a/rpms/CentOS/7/aarch64/Dockerfile +++ b/rpms/CentOS/7/aarch64/Dockerfile @@ -30,7 +30,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer --disable-bootstrap && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/7/armv7hl/Dockerfile b/rpms/CentOS/7/armv7hl/Dockerfile index dc929b2005..f4e81eae0c 100644 --- a/rpms/CentOS/7/armv7hl/Dockerfile +++ b/rpms/CentOS/7/armv7hl/Dockerfile @@ -10,7 +10,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ --with-float=hard --with-fpu=vfpv3-d16 --enable-languages=c,c++ --disable-multilib \ --disable-libsanitizer && \ linux32 make -j$(nproc) && linux32 make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib/" diff --git a/rpms/CentOS/7/ppc64le/Dockerfile b/rpms/CentOS/7/ppc64le/Dockerfile index 23a0620696..e588b6c2e2 100644 --- a/rpms/CentOS/7/ppc64le/Dockerfile +++ b/rpms/CentOS/7/ppc64le/Dockerfile @@ -27,7 +27,8 @@ RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ --disable-multilib --disable-libsanitizer && \ make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && cd / && rm -rf gcc-* + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" diff --git a/rpms/CentOS/7/x86_64/Dockerfile b/rpms/CentOS/7/x86_64/Dockerfile new file mode 100644 index 0000000000..e5bd06ac20 --- /dev/null +++ b/rpms/CentOS/7/x86_64/Dockerfile @@ -0,0 +1,62 @@ +FROM centos:7 + +# Install all the necessary tools to build the packages +RUN yum install -y gcc make wget git \ + openssh-clients sudo gnupg file-devel\ + automake autoconf libtool policycoreutils-python \ + yum-utils system-rpm-config rpm-devel \ + gettext nspr nspr-devel \ + nss nss-devel libdb libdb-devel \ + zlib zlib-devel rpm-build bison \ + sharutils bzip2-devel xz-devel lzo-devel \ + e2fsprogs-devel libacl-devel libattr-devel \ + openssl-devel libxml2-devel kexec-tools elfutils \ + libcurl-devel elfutils-libelf-devel \ + elfutils-libelf elfutils-devel libgcrypt-devel \ + libarchive-devel libarchive bluez-libs-devel bzip2 \ + desktop-file-utils expat-devel findutils gcc-c++ gdbm-devel \ + glibc-devel gmp-devel gnupg2 libappstream-glib \ + libffi-devel libtirpc-devel libGL-devel libuuid-devel \ + libX11-devel ncurses-devel pkgconfig readline-devel \ + redhat-rpm-config sqlite-devel gdb tar tcl-devel tix-devel tk-devel \ + valgrind-devel python-rpm-macros python3 + +# Update rpmbuild, rpm and autoconf +RUN curl -O http://packages.wazuh.com/utils/autoconf/autoconf-2.69.tar.gz && \ + gunzip autoconf-2.69.tar.gz && tar xvf autoconf-2.69.tar && \ + cd autoconf-2.69 && ./configure && make -j$(nproc) && \ + make install && cd / && rm -rf autoconf-* + +RUN curl -O http://packages.wazuh.com/utils/rpm/rpm-4.15.1.tar.bz2 && \ + tar -xjf rpm-4.15.1.tar.bz2 && cd rpm-4.15.1 && \ + ./configure --without-lua && make -j$(nproc) && make install && cd / && rm -rf rpm-* + +RUN mkdir -p /usr/local/var/lib/rpm && \ + cp /var/lib/rpm/Packages /usr/local/var/lib/rpm/Packages && \ + /usr/local/bin/rpm --rebuilddb && rm -rf /root/rpmbuild + +RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ + tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && \ + ./contrib/download_prerequisites && \ + ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ + --disable-multilib --disable-libsanitizer && \ + make -j$(nproc) && make install && \ + ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* + +ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" +ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" +ENV PATH "/usr/local/gcc-9.4.0/bin:${PATH}" + +RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ + tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && \ + ./bootstrap --no-system-curl CC=/usr/local/gcc-9.4.0/bin/gcc \ + CXX=/usr/local/gcc-9.4.0/bin/g++ && \ + make -j$(nproc) && make install && cd / && rm -rf cmake-* + +# Add the scripts to build the RPM package +ADD build.sh /usr/local/bin/build_package +RUN chmod +x /usr/local/bin/build_package + +# Set the entrypoint +ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/rpms/SPECS/wazuh-agent.spec b/rpms/SPECS/wazuh-agent.spec index 19958f5315..5dcc62a460 100644 --- a/rpms/SPECS/wazuh-agent.spec +++ b/rpms/SPECS/wazuh-agent.spec @@ -7,7 +7,7 @@ Summary: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring Name: wazuh-agent -Version: 4.5.1 +Version: 4.8.1 Release: %{_release} License: GPL Group: System Environment/Daemons @@ -103,7 +103,7 @@ rm -f ${RPM_BUILD_ROOT}%{_localstatedir}/ruleset/sca/* # Install configuration assesment files and files templates mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/{generic} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2,2023} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/{8,7,6,5} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/{9,8,7,6,5} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/{11,12,15} @@ -112,10 +112,12 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fe mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/{8,9} cp -r ruleset/sca/{generic,centos,rhel,sles,amazon,rocky} ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp + cp etc/templates/config/generic/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic cp etc/templates/config/amzn/1/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1 cp etc/templates/config/amzn/2/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 +cp etc/templates/config/amzn/2023/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 cp etc/templates/config/centos/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos cp etc/templates/config/centos/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8 @@ -147,6 +149,7 @@ cp etc/templates/config/fedora/32/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/t cp etc/templates/config/fedora/33/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/33 cp etc/templates/config/fedora/34/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/34 +cp etc/templates/config/rocky/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/8 cp etc/templates/config/rocky/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/9 # Add configuration scripts @@ -245,31 +248,10 @@ if [ $1 = 1 ]; then %{_localstatedir}/packages_files/agent_installation_scripts/src/init/register_configure_agent.sh %{_localstatedir} > /dev/null || : fi -if [ -f /etc/os-release ]; then - source /etc/os-release - if [ "${NAME}" = "Red Hat Enterprise Linux" ] && [ "$((${VERSION_ID:0:1}))" -ge 9 ]; then - rm -f %{_initrddir}/wazuh-agent - fi +if [[ -d /run/systemd/system ]]; then + rm -f %{_initrddir}/wazuh-agent fi - # We create this fix for the operating system that deprecated the SySV. For now, this fix is for suse/openSUSE - sles="" - if [ -f /etc/SuSE-release ]; then - sles="suse" - elif [ -f /etc/os-release ]; then - if `grep -q "\"sles" /etc/os-release` ; then - sles="suse" - elif `grep -q -i "\"opensuse" /etc/os-release` ; then - sles="opensuse" - fi - fi - - if [ -n "$sles" ] && [ $(ps --no-headers -o comm 1) == "systemd" ]; then - if [ -f /etc/init.d/wazuh-agent ]; then - rm -f /etc/init.d/wazuh-agent - fi - fi - # Delete the installation files used to configure the agent rm -rf %{_localstatedir}/packages_files @@ -326,7 +308,7 @@ elif [ -r "/etc/os-release" ]; then if [ "X$DIST_VER" = "X" ]; then DIST_VER="0" fi - if [ "$DIST_NAME" = "amzn" ] && [ "$DIST_VER" != "2" ]; then + if [ "$DIST_NAME" = "amzn" ] && [ "$DIST_VER" != "2" ] && [ "$DIST_VER" != "2023" ]; then DIST_VER="1" fi DIST_SUBVER=$(echo $VERSION_ID | sed -rn 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p') @@ -571,6 +553,7 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/lib/libsysinfo.so %attr(750, root, wazuh) %{_localstatedir}/lib/libstdc++.so.6 %attr(750, root, wazuh) %{_localstatedir}/lib/libgcc_s.so.1 +%attr(750, root, wazuh) %{_localstatedir}/lib/libfimdb.so %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic/* @@ -579,6 +562,8 @@ rm -fr %{buildroot} %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/sca.files %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5 @@ -640,10 +625,30 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud/* %changelog -* Tue Aug 01 2023 support - 4.5.1 +* Wed Feb 28 2024 support - 4.8.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html +* Wed Feb 21 2024 support - 4.8.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html +* Tue Jan 09 2024 support - 4.7.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html +* Wed Dec 13 2023 support - 4.7.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html +* Tue Nov 21 2023 support - 4.7.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html +* Tue Oct 31 2023 support - 4.6.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html +* Tue Oct 24 2023 support - 4.5.4 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html +* Tue Oct 10 2023 support - 4.5.3 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html +* Thu Aug 31 2023 support - 4.5.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html +* Thu Aug 24 2023 support - 4.5.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5.1.html -* Wed Jul 19 2023 support - 4.5.0 +* Thu Aug 10 2023 support - 4.5.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html +* Mon Jul 10 2023 support - 4.4.5 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html * Tue Jun 13 2023 support - 4.4.4 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-4.html * Thu May 25 2023 support - 4.4.3 diff --git a/rpms/SPECS/wazuh-manager.spec b/rpms/SPECS/wazuh-manager.spec index 70e785bb37..83b5c1c76d 100644 --- a/rpms/SPECS/wazuh-manager.spec +++ b/rpms/SPECS/wazuh-manager.spec @@ -7,7 +7,7 @@ Summary: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring Name: wazuh-manager -Version: 4.5.1 +Version: 4.8.1 Release: %{_release} License: GPL Group: System Environment/Daemons @@ -22,7 +22,7 @@ Conflicts: ossec-hids ossec-hids-agent wazuh-agent wazuh-local Obsoletes: wazuh-api < 4.0.0 AutoReqProv: no -Requires: coreutils +Requires: coreutils xz BuildRequires: coreutils glibc-devel automake autoconf libtool policycoreutils-python curl perl ExclusiveOS: linux @@ -78,6 +78,7 @@ echo 'USER_CA_STORE="/path/to/my_cert.pem"' >> ./etc/preloaded-vars.conf echo 'USER_GENERATE_AUTHD_CERT="y"' >> ./etc/preloaded-vars.conf echo 'USER_AUTO_START="n"' >> ./etc/preloaded-vars.conf echo 'USER_CREATE_SSL_CERT="n"' >> ./etc/preloaded-vars.conf +echo 'DOWNLOAD_CONTENT="yes"' >> ./etc/preloaded-vars.conf ./install.sh # Create directories @@ -86,18 +87,15 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/.ssh # Copy the installed files into RPM_BUILD_ROOT directory cp -pr %{_localstatedir}/* ${RPM_BUILD_ROOT}%{_localstatedir}/ -mkdir -p ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/ossec-hids-rh.init install -m 0755 src/init/templates/ossec-hids-rh.init ${RPM_BUILD_ROOT}%{_initrddir}/wazuh-manager +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/wazuh-manager.service install -m 0644 src/init/templates/wazuh-manager.service ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ # Clean the preinstalled configuration assesment files rm -f ${RPM_BUILD_ROOT}%{_localstatedir}/ruleset/sca/* -# Install Vulnerability Detector files -install -m 0440 src/wazuh_modules/vulnerability_detector/*.json ${RPM_BUILD_ROOT}%{_localstatedir}/queue/vulnerabilities/dictionaries - # Add configuration scripts mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/manager_installation_scripts/ cp gen_ossec.sh ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/manager_installation_scripts/ @@ -113,10 +111,10 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/manager_installation_ # Install configuration assesment files and files templates mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/{applications,generic} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2,2023} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/{8,7,6,5} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/{15,16,17,18,19,20,21,22} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/debian/{7,8,9,10,11} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/{15,16,17,18,19,20,21,22,23} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/debian/{7,8,9,10,11,12} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ubuntu/{12,14,16,18,20,22}/04 mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/{9,8,7,6,5} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/{11,12,15} @@ -132,6 +130,7 @@ cp etc/templates/config/generic/{sca.files,sca.manager.files} ${RPM_BUILD_ROOT}% cp etc/templates/config/amzn/1/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1 cp etc/templates/config/amzn/2/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 +cp etc/templates/config/amzn/2023/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 cp etc/templates/config/centos/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos cp etc/templates/config/centos/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8 @@ -163,6 +162,7 @@ cp etc/templates/config/fedora/32/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/t cp etc/templates/config/fedora/33/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/33 cp etc/templates/config/fedora/34/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/34 +cp etc/templates/config/rocky/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/8 cp etc/templates/config/rocky/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/9 # Add SUSE initscript @@ -288,6 +288,8 @@ fi %post echo "VERSION=\"$(%{_localstatedir}/bin/wazuh-control info -v)\"" > /etc/ossec-init.conf + +# Upgrade install code block if [ $1 = 2 ]; then if [ -d %{_localstatedir}/logs/ossec ]; then rm -rf %{_localstatedir}/logs/wazuh @@ -298,6 +300,19 @@ if [ $1 = 2 ]; then rm -rf %{_localstatedir}/queue/sockets cp -rp %{_localstatedir}/queue/ossec %{_localstatedir}/queue/sockets fi + + # Ensure that the 'Indexer' is configured + CONFIG_INDEXER_TEMPLATE="%{_localstatedir}/packages_files/manager_installation_scripts/etc/templates/config/generic/wodle-indexer.manager.template" + . %{_localstatedir}/packages_files/manager_installation_scripts/src/init/update-indexer.sh + updateIndexerTemplate "%{_localstatedir}/etc/ossec.conf" $CONFIG_INDEXER_TEMPLATE +fi + +%define _vdfilename vd_1.0.0_vd_4.8.0.tar.xz +if [ -f "%{_localstatedir}/%{_vdfilename}" ]; then + tar -xf %{_localstatedir}/%{_vdfilename} -C %{_localstatedir} + chown wazuh:wazuh %{_localstatedir}/queue/vd + chown wazuh:wazuh %{_localstatedir}/queue/vd_updater + rm -rf %{_localstatedir}/%{_vdfilename} fi # Fresh install code block @@ -319,34 +334,9 @@ if [ $1 = 1 ]; then %{_localstatedir}/packages_files/manager_installation_scripts/add_localfiles.sh %{_localstatedir} >> %{_localstatedir}/etc/ossec.conf fi - # We create this fix for the operating system that deprecated SySV. For now, this fix is for suse/openSUSE - sles="" - if [ -f /etc/SuSE-release ]; then - sles="suse" - elif [ -f /etc/os-release ]; then - if `grep -q "\"sles" /etc/os-release` ; then - sles="suse" - elif `grep -q -i "\"opensuse" /etc/os-release` ; then - sles="opensuse" - fi - fi - - if [ -n "$sles" ] && [ $(ps --no-headers -o comm 1) == "systemd" ]; then - if [ -f /etc/init.d/wazuh-manager ]; then - rm -f /etc/init.d/wazuh-manager - fi - fi - -if [ -f /etc/os-release ]; then - source /etc/os-release - if [ "${NAME}" = "Red Hat Enterprise Linux" ] && [ "$((${VERSION_ID:0:1}))" -ge 9 ]; then - rm -f %{_initrddir}/wazuh-manager - fi -fi - # Generation auto-signed certificate if not exists -if type openssl >/dev/null 2>&1 && [ ! -f "%{_localstatedir}/etc/sslmanager.key" ] && [ ! -f "%{_localstatedir}/etc/sslmanager.cert" ]; then - openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -subj "/C=US/ST=California/CN=Wazuh/" -keyout %{_localstatedir}/etc/sslmanager.key -out %{_localstatedir}/etc/sslmanager.cert 2>/dev/null +if [ ! -f "%{_localstatedir}/etc/sslmanager.key" ] && [ ! -f "%{_localstatedir}/etc/sslmanager.cert" ]; then + %{_localstatedir}/bin/wazuh-authd -C 365 -B 2048 -S "/C=US/ST=California/CN=Wazuh/" -K %{_localstatedir}/etc/sslmanager.key -X %{_localstatedir}/etc/sslmanager.cert 2>/dev/null chmod 640 %{_localstatedir}/etc/sslmanager.key chmod 640 %{_localstatedir}/etc/sslmanager.cert fi @@ -354,6 +344,9 @@ fi rm -f %{_localstatedir}/etc/shared/ar.conf >/dev/null 2>&1 rm -f %{_localstatedir}/etc/shared/merged.mg >/dev/null 2>&1 +# Set merged.mg permissions to new ones +find %{_localstatedir}/etc/shared/ -type f -name 'merged.mg' -exec chmod 644 {} \; + #AlmaLinux if [ -r "/etc/almalinux-release" ]; then DIST_NAME=almalinux @@ -404,7 +397,7 @@ elif [ -r "/etc/os-release" ]; then if [ "X$DIST_VER" = "X" ]; then DIST_VER="0" fi - if [ "$DIST_NAME" = "amzn" ] && [ "$DIST_VER" != "2" ]; then + if [ "$DIST_NAME" = "amzn" ] && [ "$DIST_VER" != "2" ] && [ "$DIST_VER" != "2023" ]; then DIST_VER="1" fi DIST_SUBVER=$(echo $VERSION_ID | sed -rn 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p') @@ -476,17 +469,17 @@ rm -f %{_localstatedir}/etc/shared/default/*.rpmnew # Remove old ossec user and group if exists and change ownwership of files if getent group ossec > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user root -print0 | xargs -0 chown root:wazuh > /dev/null 2>&1 || true if getent passwd ossec > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user ossec -print0 | xargs -0 chown wazuh:wazuh > /dev/null 2>&1 || true userdel ossec > /dev/null 2>&1 fi if getent passwd ossecm > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossecm -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user ossecm -print0 | xargs -0 chown wazuh:wazuh > /dev/null 2>&1 || true userdel ossecm > /dev/null 2>&1 fi if getent passwd ossecr > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossecr -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true + find %{_localstatedir}/ -group ossec -user ossecr -print0 | xargs -0 chown wazuh:wazuh > /dev/null 2>&1 || true userdel ossecr > /dev/null 2>&1 fi if getent group ossec > /dev/null 2>&1; then @@ -655,6 +648,7 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/bin/wazuh-clusterd %attr(750, root, root) %{_localstatedir}/bin/wazuh-db %attr(750, root, root) %{_localstatedir}/bin/wazuh-modulesd +%attr(750, root, wazuh) %{_localstatedir}/bin/rbac_control %dir %attr(770, wazuh, wazuh) %{_localstatedir}/etc %attr(660, root, wazuh) %config(noreplace) %{_localstatedir}/etc/ossec.conf %attr(640, root, wazuh) %config(noreplace) %{_localstatedir}/etc/client.keys @@ -700,13 +694,20 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/lib/libjemalloc.so.2 %attr(750, root, wazuh) %{_localstatedir}/lib/libstdc++.so.6 %attr(750, root, wazuh) %{_localstatedir}/lib/libgcc_s.so.1 -%{_localstatedir}/lib/libpython3.9.so.1.0 +%attr(750, root, wazuh) %{_localstatedir}/lib/libfimdb.so +%attr(750, root, wazuh) %{_localstatedir}/lib/libcontent_manager.so +%attr(750, root, wazuh) %{_localstatedir}/lib/libindexer_connector.so +%attr(750, root, wazuh) %{_localstatedir}/lib/librocksdb.so.8 +%attr(750, root, wazuh) %{_localstatedir}/lib/librouter.so +%attr(750, root, wazuh) %{_localstatedir}/lib/libvulnerability_scanner.so +%{_localstatedir}/lib/libpython3.10.so.1.0 %dir %attr(770, wazuh, wazuh) %{_localstatedir}/logs %attr(660, wazuh, wazuh) %ghost %{_localstatedir}/logs/active-responses.log %attr(660, wazuh, wazuh) %ghost %{_localstatedir}/logs/api.log %attr(640, wazuh, wazuh) %ghost %{_localstatedir}/logs/integrations.log %attr(660, wazuh, wazuh) %ghost %{_localstatedir}/logs/ossec.log %attr(660, wazuh, wazuh) %ghost %{_localstatedir}/logs/ossec.json +%attr(0440, root, wazuh) %{_localstatedir}/queue/indexer/vd_states_template.json %dir %attr(750, wazuh, wazuh) %{_localstatedir}/logs/api %dir %attr(750, wazuh, wazuh) %{_localstatedir}/logs/archives %dir %attr(750, wazuh, wazuh) %{_localstatedir}/logs/alerts @@ -730,6 +731,7 @@ rm -fr %{buildroot} %attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/manager_installation_scripts/etc/templates/config/centos/* %dir %attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/manager_installation_scripts/etc/templates/config/rhel %attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/manager_installation_scripts/etc/templates/config/rhel/* +%attr(750, wazuh, wazuh) %{_localstatedir}/%{_vdfilename} %dir %attr(750, root, wazuh) %{_localstatedir}/queue %attr(600, root, wazuh) %ghost %{_localstatedir}/queue/agents-timestamp %dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/agentless @@ -746,11 +748,10 @@ rm -fr %{buildroot} %dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/rids %dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/tasks %dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/sockets -%dir %attr(660, root, wazuh) %{_localstatedir}/queue/vulnerabilities -%dir %attr(440, root, wazuh) %{_localstatedir}/queue/vulnerabilities/dictionaries +%dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/vd +%dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/indexer +%dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/router %dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/logcollector -%attr(0440, root, wazuh) %{_localstatedir}/queue/vulnerabilities/dictionaries/cpe_helper.json -%attr(0440, root, wazuh) %ghost %{_localstatedir}/queue/vulnerabilities/dictionaries/msu.json.gz %dir %attr(750, root, wazuh) %{_localstatedir}/ruleset %dir %attr(750, root, wazuh) %{_localstatedir}/ruleset/sca %dir %attr(750, root, wazuh) %{_localstatedir}/ruleset/decoders @@ -776,6 +777,8 @@ rm -fr %{buildroot} %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/sca.files %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5 @@ -803,6 +806,8 @@ rm -fr %{buildroot} %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/21/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/22 %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/22/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/23 +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/darwin/23/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/debian %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/debian/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel @@ -864,10 +869,30 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud/* %changelog -* Tue Aug 01 2023 support - 4.5.1 +* Wed Feb 28 2024 support - 4.8.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html +* Wed Feb 21 2024 support - 4.8.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html +* Tue Jan 09 2024 support - 4.7.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html +* Wed Dec 13 2023 support - 4.7.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html +* Tue Nov 21 2023 support - 4.7.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html +* Tue Oct 31 2023 support - 4.6.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html +* Tue Oct 24 2023 support - 4.5.4 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html +* Tue Oct 10 2023 support - 4.5.3 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html +* Thu Aug 31 2023 support - 4.5.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html +* Thu Aug 24 2023 support - 4.5.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5.1.html -* Wed Jul 19 2023 support - 4.5.0 +* Thu Aug 10 2023 support - 4.5.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html +* Mon Jul 10 2023 support - 4.4.5 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html * Tue Jun 13 2023 support - 4.4.4 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-4.html * Thu May 25 2023 support - 4.4.3 diff --git a/rpms/build.sh b/rpms/build.sh index b6006f30af..05d1224fda 100755 --- a/rpms/build.sh +++ b/rpms/build.sh @@ -73,7 +73,7 @@ else specs_path="/specs" fi -if [[ "${future}" == "yes" ]]; then +if [[ "${future}" == "yes" ]]; then # MODIFY VARIABLES base_version=$wazuh_version MAJOR=$(echo $base_version | cut -dv -f2 | cut -d. -f1) @@ -88,7 +88,9 @@ if [[ "${future}" == "yes" ]]; then mv "${build_dir}/${old_package_name}" "${build_dir}/${package_name}" find "${build_dir}/${package_name}" "${specs_path}/" \( -name "*VERSION*" -o -name "*.spec" \) -exec sed -i "s/${base_version}/${wazuh_version}/g" {} \; sed -i "s/\$(VERSION)/${MAJOR}.${MINOR}/g" "${build_dir}/${package_name}/src/Makefile" - + sed -i "s/${base_version}/${wazuh_version}/g" "${build_dir}/${package_name}/src/init/wazuh-server.sh" + sed -i "s/${base_version}/${wazuh_version}/g" "${build_dir}/${package_name}/src/init/wazuh-client.sh" + sed -i "s/${base_version}/${wazuh_version}/g" "${build_dir}/${package_name}/src/init/wazuh-local.sh" fi cp ${specs_path}/wazuh-${build_target}.spec ${rpm_build_dir}/SPECS/${package_name}.spec @@ -103,11 +105,19 @@ fi if [ "${legacy}" = "no" ]; then echo "%_source_filedigest_algorithm 8" >> /root/.rpmmacros echo "%_binary_filedigest_algorithm 8" >> /root/.rpmmacros - echo " %rhel 6" >> /root/.rpmmacros - echo " %centos 6" >> /root/.rpmmacros - echo " %centos_ver 6" >> /root/.rpmmacros - echo " %dist .el6" >> /root/.rpmmacros - echo " %el6 1" >> /root/.rpmmacros + if [ "${build_target}" = "agent" ]; then + echo " %rhel 6" >> /root/.rpmmacros + echo " %centos 6" >> /root/.rpmmacros + echo " %centos_ver 6" >> /root/.rpmmacros + echo " %dist .el6" >> /root/.rpmmacros + echo " %el6 1" >> /root/.rpmmacros + elif [ "${build_target}" = "manager" ]; then + echo " %rhel 7" >> /root/.rpmmacros + echo " %centos 7" >> /root/.rpmmacros + echo " %centos_ver 7" >> /root/.rpmmacros + echo " %dist .el7" >> /root/.rpmmacros + echo " %el7 1" >> /root/.rpmmacros + fi rpmbuild="/usr/local/bin/rpmbuild" fi diff --git a/rpms/generate_rpm_package.sh b/rpms/generate_rpm_package.sh index 89d57977dd..b2c3ee8f36 100755 --- a/rpms/generate_rpm_package.sh +++ b/rpms/generate_rpm_package.sh @@ -19,20 +19,29 @@ TARGET="" JOBS="2" DEBUG="no" BUILD_DOCKER="yes" +DOCKER_TAG="latest" USER_PATH="no" SRC="no" -RPM_AARCH64_BUILDER="rpm_builder_aarch64" -RPM_ARMV7HL_BUILDER="rpm_builder_armv7hl" -RPM_X86_BUILDER="rpm_builder_x86" -RPM_I386_BUILDER="rpm_builder_i386" -RPM_PPC64LE_BUILDER="rpm_builder_ppc64le" -RPM_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/6" -RPM_AARCH64_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7" -RPM_ARMV7HL_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7" -RPM_PPC64LE_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7" +RPM_MANAGER_AARCH64_BUILDER="rpm_manager_builder_aarch64" +RPM_MANAGER_X86_BUILDER="rpm_manager_builder_x86" +RPM_MANAGER_PPC64LE_BUILDER="rpm_manager_builder_ppc64le" +RPM_AGENT_AARCH64_BUILDER="rpm_agent_builder_aarch64" +RPM_AGENT_ARMV7HL_BUILDER="rpm_agent_builder_armv7hl" +RPM_AGENT_X86_BUILDER="rpm_agent_builder_x86" +RPM_AGENT_I386_BUILDER="rpm_agent_builder_i386" +RPM_AGENT_PPC64LE_BUILDER="rpm_agent_builder_ppc64le" LEGACY_RPM_X86_BUILDER="rpm_legacy_builder_x86" LEGACY_RPM_I386_BUILDER="rpm_legacy_builder_i386" -LEGACY_RPM_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/5" +RPM_AGENT_X86_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/6/x86_64" +RPM_AGENT_I386_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/6/i386" +RPM_MANAGER_X86_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7/x86_64" +RPM_AGENT_AARCH64_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7/aarch64" +RPM_MANAGER_AARCH64_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7/aarch64" +RPM_AGENT_ARMV7HL_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7/armv7hl" +RPM_AGENT_PPC64LE_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7/ppc64le" +RPM_MANAGER_PPC64LE_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/7/ppc64le" +LEGACY_RPM_AGENT_I386_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/5/i386" +LEGACY_RPM_AGENT_X86_BUILDER_DOCKERFILE="${CURRENT_PATH}/CentOS/5/x86_64" LEGACY_TAR_FILE="${LEGACY_RPM_BUILDER_DOCKERFILE}/i386/centos-5-i386.tar.gz" TAR_URL="https://packages-dev.wazuh.com/utils/centos-5-i386-build/centos-5-i386.tar.gz" INSTALLATION_PATH="/var/ossec" @@ -46,11 +55,15 @@ FUTURE="no" trap ctrl_c INT -if command -v curl > /dev/null 2>&1 ; then - DOWNLOAD_TAR="curl ${TAR_URL} -o ${LEGACY_TAR_FILE} -s" -elif command -v wget > /dev/null 2>&1 ; then - DOWNLOAD_TAR="wget ${TAR_URL} -o ${LEGACY_TAR_FILE} -q" -fi +download_file() { + URL=$1 + DESTDIR=$2 + if command -v curl > /dev/null 2>&1 ; then + (cd ${DESTDIR} && curl -sO ${URL}) + elif command -v wget > /dev/null 2>&1 ; then + wget ${URL} -P ${DESTDIR} -q + fi +} clean() { exit_code=$1 @@ -74,8 +87,8 @@ build_rpm() { # Download the legacy tar file if it is needed - if [ "${CONTAINER_NAME}" = "${LEGACY_RPM_I386_BUILDER}" ] && [ ! -f "${LEGACY_TAR_FILE}" ]; then - ${DOWNLOAD_TAR} + if ([[ "${CONTAINER_NAME}" == "${LEGACY_RPM_I386_BUILDER}" ]] || [[ "${CONTAINER_NAME}" == "${LEGACY_RPM_X86_BUILDER}" ]] ) && [ ! -f "${LEGACY_TAR_FILE}" ]; then + download_file ${TAR_URL} ${DOCKERFILE_PATH} fi # Create an optional parameter to share the local source code as a volume @@ -86,7 +99,7 @@ build_rpm() { # Build the Docker image if [[ ${BUILD_DOCKER} == "yes" ]]; then - docker build -t ${CONTAINER_NAME} ${DOCKERFILE_PATH} || return 1 + docker build -t ${CONTAINER_NAME}:${DOCKER_TAG} ${DOCKERFILE_PATH} || return 1 fi # Build the RPM package with a Docker container @@ -94,7 +107,7 @@ build_rpm() { -v ${CHECKSUMDIR}:/var/local/checksum:Z \ -v ${LOCAL_SPECS}:/specs:Z \ ${CUSTOM_CODE_VOL} \ - ${CONTAINER_NAME} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ + ${CONTAINER_NAME}:${DOCKER_TAG} ${TARGET} ${BRANCH} ${ARCHITECTURE} \ ${JOBS} ${REVISION} ${INSTALLATION_PATH} ${DEBUG} \ ${CHECKSUM} ${PACKAGES_BRANCH} ${USE_LOCAL_SPECS} ${SRC} \ ${LEGACY} ${USE_LOCAL_SOURCE_CODE} ${FUTURE}|| return 1 @@ -115,51 +128,67 @@ build() { ARCHITECTURE="armv7hl" fi - if [[ "${TARGET}" == "api" ]]; then - if [[ "${ARCHITECTURE}" = "ppc64le" ]]; then - build_rpm ${RPM_PPC64LE_BUILDER} ${RPM_PPC64LE_BUILDER_DOCKERFILE}/${ARCHITECTURE} || return 1 - elif [[ "${ARCHITECTURE}" = "aarch64" ]]; then - build_rpm ${RPM_AARCH64_BUILDER} ${RPM_AARCH64_BUILDER_DOCKERFILE}/${ARCHITECTURE} || return 1 - elif [[ "${ARCHITECTURE}" = "armv7hl" ]]; then - build_rpm ${RPM_ARMV7HL_BUILDER} ${RPM_ARMV7HL_BUILDER_DOCKERFILE}/${ARCHITECTURE} || return 1 + if [[ "${TARGET}" == "manager" ]]; then + + BUILD_NAME="" + FILE_PATH="" + if [[ "${LEGACY}" == "yes" ]]; then + echo "Legacy is only avaliable on 'agent' target." + return 1 + elif [[ "${ARCHITECTURE}" == "x86_64" ]]; then + BUILD_NAME="${RPM_MANAGER_X86_BUILDER}" + FILE_PATH="${RPM_MANAGER_X86_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "ppc64le" ]]; then + BUILD_NAME="${RPM_MANAGER_PPC64LE_BUILDER}" + FILE_PATH="${RPM_MANAGER_PPC64LE_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "aarch64" ]]; then + BUILD_NAME="${RPM_MANAGER_AARCH64_BUILDER}" + FILE_PATH="${RPM_MANAGER_AARCH64_BUILDER_DOCKERFILE}" else - build_rpm ${RPM_X86_BUILDER} ${RPM_BUILDER_DOCKERFILE}/${ARCHITECTURE} || return 1 + echo "Invalid architecture '${ARCHITECTURE}' for '${TARGET}'. Choose one of amd64/arm64/ppc64le" + return 1 fi + build_rpm ${BUILD_NAME} ${FILE_PATH} || return 1 - elif [[ "${TARGET}" == "manager" ]] || [[ "${TARGET}" == "agent" ]]; then + elif [[ "${TARGET}" == "agent" ]]; then BUILD_NAME="" FILE_PATH="" - if [[ "${LEGACY}" == "yes" ]] && [[ "${ARCHITECTURE}" == "x86_64" ]]; then - REVISION="${REVISION}.el5" - BUILD_NAME="${LEGACY_RPM_X86_BUILDER}" - FILE_PATH="${LEGACY_RPM_BUILDER_DOCKERFILE}/${ARCHITECTURE}" - elif [[ "${LEGACY}" == "yes" ]] && [[ "${ARCHITECTURE}" == "i386" ]]; then - REVISION="${REVISION}.el5" - BUILD_NAME="${LEGACY_RPM_I386_BUILDER}" - FILE_PATH="${LEGACY_RPM_BUILDER_DOCKERFILE}/${ARCHITECTURE}" - elif [[ "${LEGACY}" == "no" ]] && [[ "${ARCHITECTURE}" == "x86_64" ]]; then - BUILD_NAME="${RPM_X86_BUILDER}" - FILE_PATH="${RPM_BUILDER_DOCKERFILE}/${ARCHITECTURE}" - elif [[ "${LEGACY}" == "no" ]] && [[ "${ARCHITECTURE}" == "i386" ]]; then - BUILD_NAME="${RPM_I386_BUILDER}" - FILE_PATH="${RPM_BUILDER_DOCKERFILE}/${ARCHITECTURE}" - elif [[ "${LEGACY}" == "no" ]] && [[ "${ARCHITECTURE}" == "ppc64le" ]]; then - BUILD_NAME="${RPM_PPC64LE_BUILDER}" - FILE_PATH="${RPM_PPC64LE_BUILDER_DOCKERFILE}/${ARCHITECTURE}" - elif [[ "${LEGACY}" == "no" ]] && [[ "${ARCHITECTURE}" == "aarch64" ]]; then - BUILD_NAME="${RPM_AARCH64_BUILDER}" - FILE_PATH="${RPM_AARCH64_BUILDER_DOCKERFILE}/${ARCHITECTURE}" - elif [[ "${LEGACY}" == "no" ]] && [[ "${ARCHITECTURE}" == "armv7hl" ]]; then - BUILD_NAME="${RPM_ARMV7HL_BUILDER}" - FILE_PATH="${RPM_ARMV7HL_BUILDER_DOCKERFILE}/${ARCHITECTURE}" + if [[ "${LEGACY}" == "yes" ]]; then + if [[ "${ARCHITECTURE}" == "x86_64" ]]; then + REVISION="${REVISION}.el5" + BUILD_NAME="${LEGACY_RPM_X86_BUILDER}" + FILE_PATH="${LEGACY_RPM_AGENT_X86_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "i386" ]]; then + REVISION="${REVISION}.el5" + BUILD_NAME="${LEGACY_RPM_I386_BUILDER}" + FILE_PATH="${LEGACY_RPM_AGENT_I386_BUILDER_DOCKERFILE}" + else + echo "Legacy is not available on '${ARCHITECTURE}'. Choose one of x86_64/i386" + return 1 + fi + elif [[ "${ARCHITECTURE}" == "x86_64" ]]; then + BUILD_NAME="${RPM_AGENT_X86_BUILDER}" + FILE_PATH="${RPM_AGENT_X86_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "i386" ]]; then + BUILD_NAME="${RPM_AGENT_I386_BUILDER}" + FILE_PATH="${RPM_AGENT_I386_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "ppc64le" ]]; then + BUILD_NAME="${RPM_AGENT_PPC64LE_BUILDER}" + FILE_PATH="${RPM_AGENT_PPC64LE_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "aarch64" ]]; then + BUILD_NAME="${RPM_AGENT_AARCH64_BUILDER}" + FILE_PATH="${RPM_AGENT_AARCH64_BUILDER_DOCKERFILE}" + elif [[ "${ARCHITECTURE}" == "armv7hl" ]]; then + BUILD_NAME="${RPM_AGENT_ARMV7HL_BUILDER}" + FILE_PATH="${RPM_AGENT_ARMV7HL_BUILDER_DOCKERFILE}" else - echo "Invalid architecture. Choose: x86_64 (amd64 is accepted too), ppc64le or i386" + echo "Invalid architecture '${ARCHITECTURE}' for '${TARGET}'. Choose one of x86_64/i386/ppc64le/aarch64/armv7hl." return 1 fi build_rpm ${BUILD_NAME} ${FILE_PATH} || return 1 else - echo "Invalid target. Choose: manager, agent or api." + echo "Invalid target. Choose: manager or agent." return 1 fi @@ -181,6 +210,7 @@ help() { echo " -d, --debug [Optional] Build the binaries with debug symbols and create debuginfo packages. By default: no." echo " -c, --checksum [Optional] Generate checksum on the desired path (by default, if no path is specified it will be generated on the same directory than the package)." echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." + echo " --tag [Optional] Tag to use with the docker image." echo " --sources [Optional] Absolute path containing wazuh source code. This option will use local source code instead of downloading it from GitHub." echo " --packages-branch [Optional] Select Git branch or tag from wazuh-packages repository. e.g ${PACKAGES_BRANCH}" echo " --dev [Optional] Use the SPECS files stored in the host instead of downloading them from GitHub." @@ -261,6 +291,14 @@ main() { BUILD_DOCKER="no" shift 1 ;; + "--tag") + if [ -n "$2" ]; then + DOCKER_TAG="$2" + shift 2 + else + help 1 + fi + ;; "-c"|"--checksum") if [ -n "$2" ]; then CHECKSUMDIR="$2" @@ -328,4 +366,4 @@ main() { clean 0 } -main "$@" \ No newline at end of file +main "$@" diff --git a/solaris/solaris10/pkginfo b/solaris/solaris10/pkginfo index 60e15665e6..38bb68dad3 100644 --- a/solaris/solaris10/pkginfo +++ b/solaris/solaris10/pkginfo @@ -1,11 +1,11 @@ NAME=Wazuh - Wazuh unifies historically separate functions into a single agent and platform architecture. Providing protection for public clouds, private clouds, and on-premise data centers. PKG="wazuh-agent" -VERSION="4.5.1" +VERSION="4.8.1" ARCH="i386" CLASSES="none" CATEGORY="system" VENDOR="Wazuh, Inc " -PSTAMP="26Jun2023" +PSTAMP="28Feb2024" EMAIL="info@wazuh.com" ISTATES="S s 1 2 3" RSTATES="S s 1 2 3" diff --git a/solaris/solaris11/SPECS/template_agent.json b/solaris/solaris11/SPECS/template_agent.json index ec6b503f6e..818341a493 100644 --- a/solaris/solaris11/SPECS/template_agent.json +++ b/solaris/solaris11/SPECS/template_agent.json @@ -679,6 +679,14 @@ "type": "file", "user": "root" }, + "/var/ossec/lib/libfimdb.so": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, "/var/ossec/lib/libsysinfo.so": { "class": "static", "group": "wazuh", @@ -1831,6 +1839,198 @@ "type": "file", "user": "root" }, + "/var/ossec/wodles/aws/__init__.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/aws_tools.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/wazuh_integration.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "drwxr-x---", + "type": "directory", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/__init__.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/aws_bucket.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/cloudtrail.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/config.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/guardduty.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/load_balancers.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/server_access.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/umbrella.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/vpcflow.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/buckets_s3/waf.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/services": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "drwxr-x---", + "type": "directory", + "user": "root" + }, + "/var/ossec/wodles/aws/services/__init__.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/services/aws_service.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/services/cloudwatchlogs.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/services/inspector.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/subscribers": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "drwxr-x---", + "type": "directory", + "user": "root" + }, + "/var/ossec/wodles/aws/subscribers/__init__.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/subscribers/s3_log_handler.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/subscribers/sqs_message_processor.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, + "/var/ossec/wodles/aws/subscribers/sqs_queue.py": { + "class": "static", + "group": "wazuh", + "mode": "0750", + "prot": "-rwxr-x---", + "type": "file", + "user": "root" + }, "/var/ossec/wodles/azure": { "class": "static", "group": "wazuh", diff --git a/stack/dashboard/base/builder.sh b/stack/dashboard/base/builder.sh index 9180c092ea..501345f743 100755 --- a/stack/dashboard/base/builder.sh +++ b/stack/dashboard/base/builder.sh @@ -8,7 +8,7 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -set -e +set -ex # Script parameters to build the package architecture="$1" @@ -16,9 +16,11 @@ revision="$2" future="$3" repository="$4" reference="$5" -opensearch_version="2.6.0" +opensearch_version="2.10.0" base_dir=/opt/wazuh-dashboard-base +# ----------------------------------------------------------------------------- +# Set environment # ----------------------------------------------------------------------------- if [ -z "${revision}" ]; then @@ -42,7 +44,7 @@ if [ "${future}" = "yes" ];then fi wazuh_minor=$(echo ${version} | cut -c1-3) -# Obtain Wazuh plugin URL +# Obtain the Wazuh plugin URL if [ "${repository}" ];then valid_url='(https?|ftp|file)://[-[:alnum:]\+&@#/%?=~_|!:,.;]*[-[:alnum:]\+&@#/%=~_|]' if [[ $repository =~ $valid_url ]];then @@ -58,45 +60,76 @@ else url="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${version}-${revision}.zip" fi -# ----------------------------------------------------------------------------- - +# Set directories mkdir -p /tmp/output cd /opt +# ----------------------------------------------------------------------------- +# Install OpenSeach Dashboards +# ----------------------------------------------------------------------------- + curl -sL https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/"${opensearch_version}"/opensearch-dashboards-"${opensearch_version}"-linux-${architecture}.tar.gz | tar xz +pip3 install pathfix.py +/usr/bin/pathfix.py -pni "/usr/bin/python3 -s" opensearch-dashboards-"${opensearch_version}" > /dev/null 2>&1 + # Remove unnecessary files and set up configuration mv opensearch-dashboards-* "${base_dir}" cd "${base_dir}" find -type l -exec rm -rf {} \; rm -rf ./config/* cp -r /root/stack/dashboard/base/files/etc ./ + +# ----------------------------------------------------------------------------- +# OpenSeach Dashboards Node fixes +# ----------------------------------------------------------------------------- + +# Add fix to Node variables as Node is not using the NODE_OPTIONS environment variables +sed -i 's/NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"/NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"\n/g' ./bin/use_node +sed -i 's/exec "${NODE}"/NODE_ENV=production exec "${NODE}" ${NODE_OPTIONS} /g' ./bin/use_node + +# ----------------------------------------------------------------------------- +# Provision data (SVG, Styles) +# ----------------------------------------------------------------------------- + +# Styles cp ./etc/custom_welcome/template.js.hbs ./src/legacy/ui/ui_render/bootstrap/template.js.hbs cp ./etc/custom_welcome/light_theme.style.css ./src/core/server/core_app/assets/legacy_light_theme.css -cp ./etc/custom_welcome/*svg ./src/core/server/core_app/assets/ -cp ./etc/custom_welcome/Assets/default_branding/logo_full_alpha.svg ./src/core/server/core_app/assets/default_branding/opensearch_logo_default_mode.svg -cp ./etc/custom_welcome/Assets/default_branding/logo_full_alpha.svg ./src/core/server/core_app/assets/default_branding/opensearch_logo_dark_mode.svg -cp ./etc/custom_welcome/Assets/default_branding/home.svg ./src/core/server/core_app/assets/default_branding/ -cp ./etc/custom_welcome/Assets/default_branding/home_dark_mode.svg ./src/core/server/core_app/assets/default_branding/ +# SVG +cp ./etc/custom_welcome/Assets/default_branding/*svg ./src/core/server/core_app/assets/logos/ +# Copy Home button +# Copy favicons cp ./etc/custom_welcome/Assets/Favicons/* ./src/core/server/core_app/assets/favicons/ cp ./etc/custom_welcome/Assets/Favicons/favicon.ico ./src/core/server/core_app/assets/favicons/favicon.ico +# Copy loaders cp ./etc/http_service.js ./src/core/server/http/http_service.js cp ./etc/template.js ./src/core/server/rendering/views/template.js cp ./etc/styles.js ./src/core/server/rendering/views/styles.js + +# ----------------------------------------------------------------------------- +# Customize OpenSearch Dashboards with Wazuh +# ----------------------------------------------------------------------------- + # Replace App Title sed -i "s|defaultValue: ''|defaultValue: \'Wazuh\'|g" ./src/core/server/opensearch_dashboards_config.js sed -i "90s|defaultValue: true|defaultValue: false|g" ./src/core/server/opensearch_dashboards_config.js -# Replace config path -sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards -sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-keystore -sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-plugin -sed -i "s'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$OSD_NODE_OPTS \$NODE_OPTIONS\" NODE_ENV=production exec \"\${NODE}\" \"\${DIR}/src/cli/dist\" \${@}'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$OSD_NODE_OPTS \$NODE_OPTIONS\"'g" ./bin/opensearch-dashboards -echo "NODE_ENV=production exec \"\${NODE}\" \${NODE_OPTIONS} \"\${DIR}/src/cli/dist\" \${@}" >> ./bin/opensearch-dashboards -# Replace the redirection to `home` in the header logo -sed -i "s'/app/home'/app/wazuh'g" ./src/core/target/public/core.entry.js -# Replace others redirections to `home` -sed -i 's/navigateToApp("home")/navigateToApp("wazuh")/g' ./src/core/target/public/core.entry.js -# Changed from Opensearch Documentation links to Wazuh Documentation + +# Remove the `home` button from the sidebar menu +sed -i 's|\["EuiHorizontalRule"\],{margin:"none"})),external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_ElasticEui_\["EuiFlexItem"\],{grow:false,style:{flexShrink:0}},external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_ElasticEui_\["EuiCollapsibleNavGroup"\]|["EuiHorizontalRule"],{margin:"none"})),false\&\&external_osdSharedDeps_React_default.a.createElem(external_osdSharedDeps_ElasticEui_["EuiFlexItem"],{grow:false,style:{flexShrink:0}},external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_ElasticEui_["EuiCollapsibleNavGroup"]|' ./src/core/target/public/core.entry.js + +# Remove OpenSearch login default configuration title and subtitle +sed -i 's|Log in to OpenSearch Dashboards||g' ./plugins/securityDashboards/server/index.js +sed -i 's|Log in to OpenSearch Dashboards||g' ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js +sed -i 's|If you have forgotten your username or password, contact your system administrator.||g' ./plugins/securityDashboards/server/index.js +sed -i 's|If you have forgotten your username or password, contact your system administrator.||g' ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js + +# Disable first-time pop-up tenant selector +sed -i 's|setShouldShowTenantPopup(shouldShowTenantPopup)|setShouldShowTenantPopup(false)|g' ./plugins/securityDashboards/target/public/securityDashboards.plugin.js + +# Remove the Overview plugin from the OpenSearch Dashboards menu. +# Remove the "updater" property and set the plugin "status" as inaccessible (status:1) +sed -i 's|updater\$:appUpdater\$|status:1|' ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js + # Help menu ## Help header - Version sed -i 's|"core.ui.chrome.headerGlobalNav.helpMenuVersion",defaultMessage:"v {version}"|"core.ui.chrome.headerGlobalNav.helpMenuVersion",defaultMessage:"v'${version}'"|' ./src/core/target/public/core.entry.js @@ -106,51 +139,149 @@ sed -i 's|href:opensearchDashboardsDocLink,|href:"https://documentation.wazuh.co ## Help link - Ask OpenSearch sed -i 's|Ask OpenSearch|Ask Wazuh|' ./src/core/target/public/core.entry.js sed -i 's|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://github.com/opensearch-project"|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://wazuh.com/community/join-us-on-slack"|' ./src/core/target/public/core.entry.js +## Help link - Community +sed -i 's|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://forum.opensearch.org/"|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://wazuh.com/community/join-us-on-slack"|' ./src/core/target/public/core.entry.js +sed -i 's|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://forum.opensearch.org/"|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://wazuh.com/community/join-us-on-slack"|' ./plugins/alertingDashboards/target/public/alertingDashboards.plugin.js +sed -i 's|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://forum.opensearch.org/"|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://wazuh.com/community/join-us-on-slack"|' ./plugins/indexManagementDashboards/target/public/indexManagementDashboards.plugin.js +sed -i 's|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://forum.opensearch.org/"|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://wazuh.com/community/join-us-on-slack"|' ./plugins/notificationsDashboards/target/public/notificationsDashboards.plugin.js +sed -i 's|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://forum.opensearch.org/"|OPENSEARCH_DASHBOARDS_ASK_OPENSEARCH_LINK="https://wazuh.com/community/join-us-on-slack"|' ./plugins/securityDashboards/target/public/securityDashboards.plugin.js ## Help link - Give feedback -sed -i 's|OPENSEARCH_DASHBOARDS_FEEDBACK_LINK="https://github.com/opensearch-project"|OPENSEARCH_DASHBOARDS_FEEDBACK_LINK="https://wazuh.com/community/join-us-on-slack"|' ./src/core/target/public/core.entry.js +sed -i 's|https://survey.opensearch.org|https://wazuh.com/community/join-us-on-slack|' src/core/server/opensearch_dashboards_config.js ## Help link - Open an issue in GitHub sed -i 's|GITHUB_CREATE_ISSUE_LINK="https://github.com/opensearch-project/OpenSearch-Dashboards/issues/new/choose"|GITHUB_CREATE_ISSUE_LINK="https://github.com/wazuh/wazuh/issues/new/choose"|' ./src/core/target/public/core.entry.js -# Replace home logo -sed -i 's|DEFAULT_MARK="opensearch_mark_default_mode.svg"|DEFAULT_MARK="home.svg"|g' ./src/core/target/public/core.entry.js -sed -i 's|DEFAULT_DARK_MARK="opensearch_mark_dark_mode.svg"|DEFAULT_DARK_MARK="home_dark_mode.svg"|g' ./src/core/target/public/core.entry.js -# Build the compressed files -gzip -c ./src/core/target/public/core.entry.js > ./src/core/target/public/core.entry.js.gz -brotli -c ./src/core/target/public/core.entry.js > ./src/core/target/public/core.entry.js.br -# Remove Overview plugin from the OpenSearch Dashboards menu. -# Remove "updater" property and set the plugin "status" as inaccesible (status:1) -sed -i 's|updater\$:appUpdater\$|status:1|' ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js -gzip -c ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js > ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js.gz -brotli -c ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js > ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js.br -# Remove "New to OpenSearch Dashboards" message with link to OpenSearch Dashboards sample data in Dashboard plugin -sed -i 's|external_osdSharedDeps_React_default.a.createElement("p",null,external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_OsdI18nReact_\["FormattedMessage"\],{id:"dashboard.listing.createNewDashboard.newToOpenSearchDashboardsDescription",defaultMessage:"New to OpenSearch Dashboards|false\&\&external_osdSharedDeps_React_default.a.createElement("p",null,external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_OsdI18nReact_["FormattedMessage"],{id:"dashboard.listing.createNewDashboard.newToOpenSearchDashboardsDescription",defaultMessage:"New to OpenSearch Dashboards|' ./src/plugins/dashboard/target/public/dashboard.chunk.1.js -gzip -c ./src/plugins/dashboard/target/public/dashboard.chunk.1.js > ./src/plugins/dashboard/target/public/dashboard.chunk.1.js.gz -brotli -c ./src/plugins/dashboard/target/public/dashboard.chunk.1.js > ./src/plugins/dashboard/target/public/dashboard.chunk.1.js.br -# Remove `home` button from the sidebar menu -sed -i 's|\["EuiHorizontalRule"\],{margin:"none"})),external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_ElasticEui_\["EuiFlexItem"\],{grow:false,style:{flexShrink:0}},external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_ElasticEui_\["EuiCollapsibleNavGroup"\]|["EuiHorizontalRule"],{margin:"none"})),false\&\&external_osdSharedDeps_React_default.a.createElem(external_osdSharedDeps_ElasticEui_["EuiFlexItem"],{grow:false,style:{flexShrink:0}},external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_ElasticEui_["EuiCollapsibleNavGroup"]|' ./src/core/target/public/core.entry.js -# Replace OpenSearch login default configuration title with Wazuh login title text -sed -i 's|Log in to OpenSearch Dashboards||g' ./plugins/securityDashboards/server/index.js -sed -i 's|If you have forgotten your username or password, contact your system administrator.||g' ./plugins/securityDashboards/server/index.js -# Replace OpenSearch login logo with Wazuh login logo -sed -i 's|opensearch_logo_h_default.a|"/ui/Wazuh-Logo.svg"|g' ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js -# Replace OpenSearch login title with Wazuh login title -sed -i 's|Log in to OpenSearch Dashboards||g' ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js -# Replace OpenSearch login subtitle with Wazuh login subtitle -sed -i 's|If you have forgotten your username or password, contact your system administrator.||g' ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js -# Disable first time pop-up tenant selector -sed -i 's|setShouldShowTenantPopup(shouldShowTenantPopup)|setShouldShowTenantPopup(false)|g' ./plugins/securityDashboards/target/public/securityDashboards.plugin.js -# Replace home logo -sed -i 's|DEFAULT_MARK="opensearch_mark_default_mode.svg"|DEFAULT_MARK="home.svg"|g' ./plugins/securityDashboards/target/public/securityDashboards.plugin.js -sed -i 's|DEFAULT_DARK_MARK="opensearch_mark_dark_mode.svg"|DEFAULT_DARK_MARK="home_dark_mode.svg"|g' ./plugins/securityDashboards/target/public/securityDashboards.plugin.js -gzip -c ./plugins/securityDashboards/target/public/securityDashboards.plugin.js > ./plugins/securityDashboards/target/public/securityDashboards.plugin.js.gz -brotli -c ./plugins/securityDashboards/target/public/securityDashboards.plugin.js > ./plugins/securityDashboards/target/public/securityDashboards.plugin.js.br + +# Custom logos +## Custom logos - Login logo +sed -i 's|props.chrome.logos.OpenSearch.url|props.http.basePath.prepend("/ui/logos/wazuh_dashboard_login_mark.svg")|g' ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js + +# Collapse initially the application categories in the side menu +sed -i 's|_storage\$getItem!==void 0?_storage\$getItem:"true"|_storage\$getItem!==void 0?_storage\$getItem:"false"|' ./src/core/target/public/core.entry.js + +# Redirections +## Redirections - Replace the redirections to the home app +app_home='wz-home' +## Redirections - Replace the redirection to `home` in the header logo +sed -i "s'/app/home'/app/${app_home}'g" ./src/core/target/public/core.entry.js +## Redirections - Replace others redirections to `home` +sed -i "s/navigateToApp(\"home\")/navigateToApp(\"${app_home}\")/g" ./src/core/target/public/core.entry.js + +# Define categories +category_explore='{id:"explore",label:"Explore",order:100,euiIconType:"search"}' +category_dashboard_management='{id:"management",label:"Indexer/dashboard management",order:5e3,euiIconType:"managementApp"}' + +# Add custom categories (explore) to the built-in +sed -i -e "s|DEFAULT_APP_CATEGORIES=Object.freeze({|DEFAULT_APP_CATEGORIES=Object.freeze({explore:${category_explore},|" ./src/core/target/public/core.entry.js + +# Replace management built-in app category +sed -i -e "s|management:{id:\"management\",label:external_osdSharedDeps_OsdI18n_\[\"i18n\"\].translate(\"core.ui.managementNavList.label\",{defaultMessage:\"Management\"}),order:5e3,euiIconType:\"managementApp\"}|management:${category_dashboard_management}|" ./src/core/target/public/core.entry.js + +# Replace app category to Discover app +sed -i -e 's|category:core_public_\["DEFAULT_APP_CATEGORIES"\].opensearchDashboards|category:core_public_["DEFAULT_APP_CATEGORIES"].explore|' ./src/plugins/discover/target/public/discover.plugin.js + +# Replace app category to Dashboard app +sed -i -e 's|category:core_public_\["DEFAULT_APP_CATEGORIES"\].opensearchDashboards|category:core_public_["DEFAULT_APP_CATEGORIES"].explore|' ./src/plugins/dashboard/target/public/dashboard.plugin.js + +# Replace app category to Visualize app +sed -i -e 's|category:core_public_\["DEFAULT_APP_CATEGORIES"\].opensearchDashboards|category:core_public_["DEFAULT_APP_CATEGORIES"].explore|' ./src/plugins/visualize/target/public/visualize.plugin.js + +# Replace app category to Reporting app +sed -i -e "s|category:{id:\"opensearch\",label:_i18n.i18n.translate(\"opensearch.reports.categoryName\",{defaultMessage:\"OpenSearch Plugins\"}),order:2e3}|category:${category_explore}|" ./plugins/reportsDashboards/target/public/reportsDashboards.plugin.js + +# Replace app category to Alerting app +sed -i -e "s|category:{id:\"opensearch\",label:\"OpenSearch Plugins\",order:2e3}|category:${category_explore}|" ./plugins/alertingDashboards/target/public/alertingDashboards.plugin.js + +# Replace app category to Maps app +sed -i -e "s|category:{id:\"opensearch\",label:\"OpenSearch Plugins\",order:2e3}|category:${category_explore}|" ./plugins/customImportMapDashboards/target/public/customImportMapDashboards.plugin.js + +# Replace app category to Notifications app +sed -i -e "s|category:DEFAULT_APP_CATEGORIES.management|category:${category_explore}|" ./plugins/notificationsDashboards/target/public/notificationsDashboards.plugin.js + +# Replace app category to Index Management app +sed -i -e "s|category:DEFAULT_APP_CATEGORIES.management|category:${category_dashboard_management}|g" ./plugins/indexManagementDashboards/target/public/indexManagementDashboards.plugin.js + +# Replace app category to Dev Tools app +sed -i -e "s|category:public_["DEFAULT_APP_CATEGORIES"].management|category:${category_dashboard_management}|g" ./src/plugins/dev_tools/target/public/devTools.plugin.js + +# Replace app category to Dashboards Management (Stack management) app +sed -i -e "s|category:public_["DEFAULT_APP_CATEGORIES"].management|category:${category_dashboard_management}|g" ./src/plugins/management/target/public/management.plugin.js + +# Replace app category to Security app +sed -i -e "s|category:DEFAULT_APP_CATEGORIES.management|category:${category_dashboard_management}|g" ./plugins/securityDashboards/target/public/securityDashboards.plugin.js + +# Replace app order to Discover app +app_order_discover=1000 +sed -i -e "s|order:1e3|order:${app_order_discover}|g" ./src/plugins/discover/target/public/discover.plugin.js + +# Replace app order to Dashboard app +app_order_dashboard=1010 +sed -i -e "s|order:2500|order:${app_order_dashboard}|g" ./src/plugins/dashboard/target/public/dashboard.plugin.js + +# Replace app order to Visualize app +app_order_visualize=1020 +sed -i -e "s|order:8e3|order:${app_order_visualize}|g" ./src/plugins/visualize/target/public/visualize.plugin.js + +# Replace app order to Dev tools app +app_order_dev_tools=9010 +sed -i -e "s|order:9070|order:${app_order_dev_tools}|g" ./src/plugins/dev_tools/target/public/devTools.plugin.js + +# Replace app order to Dashboard management app +app_order_dashboard_management=9020 +sed -i -e "s|order:9030|order:${app_order_dashboard_management}|g" ./src/plugins/management/target/public/management.plugin.js + +# Replace app order to Security app +app_order_security=9030 +sed -i -e "s|order:9050|order:${app_order_security}|g" ./plugins/securityDashboards/target/public/securityDashboards.plugin.js + +# Replace app order to Index management app +app_order_index_management=9040 +sed -i -e "s|order:9010|order:${app_order_index_management}|g" ./plugins/indexManagementDashboards/target/public/indexManagementDashboards.plugin.js + +# Replace app order to Snapshot management app +app_order_snapshot_management=9050 +sed -i -e "s|order:9020|order:${app_order_snapshot_management}|g" ./plugins/indexManagementDashboards/target/public/indexManagementDashboards.plugin.js + +# Avoid the management Overview application is registered to feature catalog +sed -i -e "s|home.featureCatalogue|false \&\& home.featureCatalogue|g" ./src/plugins/management_overview/target/public/managementOverview.plugin.js + +# Avoid the management Overview application is registered (appears on the side menu) +sed -i -e "s|application.register|false \&\& application.register|g" ./src/plugins/management_overview/target/public/managementOverview.plugin.js + # Generate compressed files -gzip -c ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js > ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js.gz -brotli -c ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js > ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js.br +files_to_recreate=( + ./src/core/target/public/core.entry.js + ./src/plugins/discover/target/public/discover.plugin.js + ./src/plugins/dashboard/target/public/dashboard.plugin.js + ./src/plugins/visualize/target/public/visualize.plugin.js + ./plugins/reportsDashboards/target/public/reportsDashboards.plugin.js + ./plugins/alertingDashboards/target/public/alertingDashboards.plugin.js + ./plugins/customImportMapDashboards/target/public/customImportMapDashboards.plugin.js + ./plugins/notificationsDashboards/target/public/notificationsDashboards.plugin.js + ./plugins/indexManagementDashboards/target/public/indexManagementDashboards.plugin.js + ./src/plugins/dev_tools/target/public/devTools.plugin.js + ./src/plugins/management/target/public/management.plugin.js + ./plugins/securityDashboards/target/public/securityDashboards.plugin.js + ./src/plugins/management_overview/target/public/managementOverview.plugin.js + ./plugins/securityDashboards/target/public/securityDashboards.chunk.5.js + ./src/plugins/opensearch_dashboards_overview/target/public/opensearchDashboardsOverview.plugin.js +) + +for value in "${files_to_recreate[@]}" +do + gzip -c "$value" > "$value.gz" + brotli -c "$value" > "$value.br" +done + +# ----------------------------------------------------------------------------- +# Wazuh customizations +# ----------------------------------------------------------------------------- + # Add VERSION file cp /root/VERSION . -# Add exception for wazuh plugin install + +# Add an exception for wazuh plugin install wazuh_plugin="if (plugin.includes(\'wazuh\')) {\n return plugin;\n } else {\n return \`\${LATEST_PLUGIN_BASE_URL}\/\${version}\/latest\/\${platform}\/\${arch}\/tar\/builds\/opensearch-dashboards\/plugins\/\${plugin}-\${version}.zip\`;\n }" sed -i "s|return \`\${LATEST_PLUGIN_BASE_URL}\/\${version}\/latest\/\${platform}\/\${arch}\/tar\/builds\/opensearch-dashboards\/plugins\/\${plugin}-\${version}.zip\`;|$wazuh_plugin|" ./src/cli_plugin/install/settings.js + # Generate build number for package.json curl -sO ${url} unzip *.zip 'opensearch-dashboards/wazuh/package.json' @@ -160,6 +291,9 @@ rm -f ./*.zip jq ".build.number=${build_number}" ./package.json > ./package.json.tmp mv ./package.json.tmp ./package.json +# ----------------------------------------------------------------------------- +# Clean +# ----------------------------------------------------------------------------- # Remove plugins /bin/bash ./bin/opensearch-dashboards-plugin remove queryWorkbenchDashboards --allow-root @@ -167,13 +301,19 @@ mv ./package.json.tmp ./package.json /bin/bash ./bin/opensearch-dashboards-plugin remove observabilityDashboards --allow-root /bin/bash ./bin/opensearch-dashboards-plugin remove securityAnalyticsDashboards --allow-root /bin/bash ./bin/opensearch-dashboards-plugin remove searchRelevanceDashboards --allow-root +/bin/bash ./bin/opensearch-dashboards-plugin remove mlCommonsDashboards --allow-root + +# ----------------------------------------------------------------------------- +# Set permissions +# ----------------------------------------------------------------------------- find -type d -exec chmod 750 {} \; find -type f -perm 644 -exec chmod 640 {} \; find -type f -perm 755 -exec chmod 750 {} \; find -type f -perm 744 -exec chmod 740 {} \; - +# ----------------------------------------------------------------------------- +# Create the base file # ----------------------------------------------------------------------------- # Base output diff --git a/stack/dashboard/base/docker/Dockerfile b/stack/dashboard/base/docker/Dockerfile index f1c74650d2..1f48bfa54d 100644 --- a/stack/dashboard/base/docker/Dockerfile +++ b/stack/dashboard/base/docker/Dockerfile @@ -16,10 +16,12 @@ RUN yum install -y \ autoconf \ automake \ libtool \ + python3-devel \ + python3-pip \ jq \ unzip -RUN git clone https://github.com/google/brotli.git +RUN git clone https://github.com/google/brotli.git -b v1.0.9 RUN cd brotli && chmod +x ./bootstrap && ./bootstrap && ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib64/brotli --libdir=/usr/lib64/brotli --datarootdir=/usr/share --mandir=/usr/share/man/man1 --docdir=/usr/share/doc \ && make && make install diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/home.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/home.svg deleted file mode 100644 index a62df5484a..0000000000 --- a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/home.svg +++ /dev/null @@ -1,7 +0,0 @@ - - - - Wazuh home - - diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/home_dark_mode.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/home_dark_mode.svg deleted file mode 100644 index 8258f69eff..0000000000 --- a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/home_dark_mode.svg +++ /dev/null @@ -1,8 +0,0 @@ - - - - Wazuh home - - diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/logo_full_alpha.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/logo_full_alpha.svg deleted file mode 100644 index 035a60b514..0000000000 --- a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/logo_full_alpha.svg +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_mark_default_mode.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch.svg similarity index 100% rename from stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_mark_default_mode.svg rename to stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch.svg diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_center_mark.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_center_mark.svg new file mode 100644 index 0000000000..7445c31da2 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_center_mark.svg @@ -0,0 +1,13 @@ + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_mark_dark_mode.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_center_mark_dark.svg similarity index 100% rename from stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_mark_dark_mode.svg rename to stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_center_mark_dark.svg diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_dashboards_on_dark.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_dashboards_on_dark.svg new file mode 100644 index 0000000000..ea25e5d2f9 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_dashboards_on_dark.svg @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_dashboards_on_light.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_dashboards_on_light.svg new file mode 100644 index 0000000000..a931095bb7 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_dashboards_on_light.svg @@ -0,0 +1,23 @@ + + + + + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark.svg new file mode 100644 index 0000000000..7445c31da2 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark.svg @@ -0,0 +1,13 @@ + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark_on_dark.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark_on_dark.svg new file mode 100644 index 0000000000..902e504f75 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark_on_dark.svg @@ -0,0 +1,14 @@ + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark_on_light.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark_on_light.svg new file mode 100644 index 0000000000..7445c31da2 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_mark_on_light.svg @@ -0,0 +1,13 @@ + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_on_dark.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_on_dark.svg new file mode 100644 index 0000000000..902e504f75 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_on_dark.svg @@ -0,0 +1,14 @@ + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_on_light.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_on_light.svg new file mode 100644 index 0000000000..7445c31da2 --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_on_light.svg @@ -0,0 +1,13 @@ + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner.svg new file mode 100644 index 0000000000..605f05e17f --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner.svg @@ -0,0 +1,13 @@ + + + + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner_on_dark.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner_on_dark.svg new file mode 100644 index 0000000000..528236b80c --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner_on_dark.svg @@ -0,0 +1,14 @@ + + + + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner_on_light.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner_on_light.svg new file mode 100644 index 0000000000..605f05e17f --- /dev/null +++ b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/opensearch_spinner_on_light.svg @@ -0,0 +1,13 @@ + + + + + + + + + + + + diff --git a/stack/dashboard/base/files/etc/custom_welcome/wazuh_wazuh_bg.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_dashboard_login_background.svg similarity index 100% rename from stack/dashboard/base/files/etc/custom_welcome/wazuh_wazuh_bg.svg rename to stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_dashboard_login_background.svg diff --git a/stack/dashboard/base/files/etc/custom_welcome/Wazuh-Logo.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_dashboard_login_mark.svg similarity index 100% rename from stack/dashboard/base/files/etc/custom_welcome/Wazuh-Logo.svg rename to stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_dashboard_login_mark.svg diff --git a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_logo_white.svg b/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_logo_white.svg deleted file mode 100644 index a7c056fadd..0000000000 --- a/stack/dashboard/base/files/etc/custom_welcome/Assets/default_branding/wazuh_logo_white.svg +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - diff --git a/stack/dashboard/base/files/etc/custom_welcome/light_theme.style.css b/stack/dashboard/base/files/etc/custom_welcome/light_theme.style.css index 8532a673cc..f25261c6b8 100644 --- a/stack/dashboard/base/files/etc/custom_welcome/light_theme.style.css +++ b/stack/dashboard/base/files/etc/custom_welcome/light_theme.style.css @@ -1,7 +1,18 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Any modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + /*! * Bootstrap v3.3.6 (http://getbootstrap.com) * Copyright 2011-2015 Twitter, Inc. - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */ /* @notice * This product bundles bootstrap@3.3.6 which is available under a @@ -60,13 +71,71 @@ margin-left: -15px; margin-right: -15px; } -.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12 { +.col-xs-1, +.col-sm-1, +.col-md-1, +.col-lg-1, +.col-xs-2, +.col-sm-2, +.col-md-2, +.col-lg-2, +.col-xs-3, +.col-sm-3, +.col-md-3, +.col-lg-3, +.col-xs-4, +.col-sm-4, +.col-md-4, +.col-lg-4, +.col-xs-5, +.col-sm-5, +.col-md-5, +.col-lg-5, +.col-xs-6, +.col-sm-6, +.col-md-6, +.col-lg-6, +.col-xs-7, +.col-sm-7, +.col-md-7, +.col-lg-7, +.col-xs-8, +.col-sm-8, +.col-md-8, +.col-lg-8, +.col-xs-9, +.col-sm-9, +.col-md-9, +.col-lg-9, +.col-xs-10, +.col-sm-10, +.col-md-10, +.col-lg-10, +.col-xs-11, +.col-sm-11, +.col-md-11, +.col-lg-11, +.col-xs-12, +.col-sm-12, +.col-md-12, +.col-lg-12 { position: relative; min-height: 1px; padding-left: 15px; padding-right: 15px; } -.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12 { +.col-xs-1, +.col-xs-2, +.col-xs-3, +.col-xs-4, +.col-xs-5, +.col-xs-6, +.col-xs-7, +.col-xs-8, +.col-xs-9, +.col-xs-10, +.col-xs-11, +.col-xs-12 { float: left; } .col-xs-12 { @@ -223,7 +292,18 @@ margin-left: 0%; } @media (min-width: 768px) { - .col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12 { + .col-sm-1, + .col-sm-2, + .col-sm-3, + .col-sm-4, + .col-sm-5, + .col-sm-6, + .col-sm-7, + .col-sm-8, + .col-sm-9, + .col-sm-10, + .col-sm-11, + .col-sm-12 { float: left; } .col-sm-12 { @@ -381,7 +461,18 @@ } } @media (min-width: 992px) { - .col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12 { + .col-md-1, + .col-md-2, + .col-md-3, + .col-md-4, + .col-md-5, + .col-md-6, + .col-md-7, + .col-md-8, + .col-md-9, + .col-md-10, + .col-md-11, + .col-md-12 { float: left; } .col-md-12 { @@ -539,7 +630,18 @@ } } @media (min-width: 1200px) { - .col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12 { + .col-lg-1, + .col-lg-2, + .col-lg-3, + .col-lg-4, + .col-lg-5, + .col-lg-6, + .col-lg-7, + .col-lg-8, + .col-lg-9, + .col-lg-10, + .col-lg-11, + .col-lg-12 { float: left; } .col-lg-12 { @@ -829,7 +931,7 @@ table th[class*="col-"] { .table > thead > tr.info > th, .table > tbody > tr.info > th, .table > tfoot > tr.info > th { - background-color: #3595F9; + background-color: #006BB4; } .table-hover > tbody > tr > td.info:hover, .table-hover > tbody > tr > th.info:hover, @@ -941,12 +1043,16 @@ table th[class*="col-"] { background-image: none; border: 1px solid #D3DAE6; border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -webkit-transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s; + -o-transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s; transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s; } .form-control:focus { - border-color: #3595F9; + border-color: #006BB4; outline: 0; + -webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(0, 107, 180, 0.6); box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(0, 107, 180, 0.6); } .form-control::-moz-placeholder { @@ -1164,10 +1270,12 @@ select[multiple].input-lg { } .has-success .form-control { border-color: #FFF; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); } .has-success .form-control:focus { border-color: #e6e6e6; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; } .has-success .input-group-addon { @@ -1192,10 +1300,12 @@ select[multiple].input-lg { } .has-warning .form-control { border-color: #FFF; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); } .has-warning .form-control:focus { border-color: #e6e6e6; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; } .has-warning .input-group-addon { @@ -1220,10 +1330,12 @@ select[multiple].input-lg { } .has-error .form-control { border-color: #FFF; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); } .has-error .form-control:focus { border-color: #e6e6e6; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; } .has-error .input-group-addon { @@ -1381,7 +1493,7 @@ a.text-danger:focus { color: #e6e6e6; } .bg-info { - background-color: #3595F9; + background-color: #006BB4; } a.bg-info:hover, a.bg-info:focus { @@ -1407,6 +1519,8 @@ a.bg-info:focus { } .fade { opacity: 0; + -webkit-transition: opacity 0.15s linear; + -o-transition: opacity 0.15s linear; transition: opacity 0.15s linear; } .fade.in { @@ -1428,8 +1542,11 @@ tbody.collapse.in { position: relative; height: 0; overflow: hidden; + -webkit-transition-property: height, visibility; transition-property: height, visibility; + -webkit-transition-duration: 0.35s; transition-duration: 0.35s; + -webkit-transition-timing-function: ease; transition-timing-function: ease; } /** @@ -1475,6 +1592,7 @@ tbody.collapse.in { .btn.active { outline: 0; background-image: none; + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); } .btn.disabled, @@ -1483,6 +1601,7 @@ fieldset[disabled] .btn { cursor: not-allowed; opacity: 0.65; filter: alpha(opacity=65); + -webkit-box-shadow: none; box-shadow: none; } a.btn.disabled, @@ -1491,8 +1610,8 @@ fieldset[disabled] a.btn { } .btn-default { color: #FFF; - background-color: #3595F9; - border-color: #3595F9; + background-color: #006BB4; + border-color: #006BB4; } .btn-default:focus, .btn-default.focus { @@ -1539,17 +1658,17 @@ fieldset[disabled] .btn-default:focus, .btn-default.disabled.focus, .btn-default[disabled].focus, fieldset[disabled] .btn-default.focus { - background-color: #3595F9; - border-color: #3595F9; + background-color: #006BB4; + border-color: #006BB4; } .btn-default .badge { - color: #3595F9; + color: #006BB4; background-color: #FFF; } .btn-primary { color: #FFF; - background-color: #3595F9; - border-color: #3595F9; + background-color: #006BB4; + border-color: #006BB4; } .btn-primary:focus, .btn-primary.focus { @@ -1596,11 +1715,11 @@ fieldset[disabled] .btn-primary:focus, .btn-primary.disabled.focus, .btn-primary[disabled].focus, fieldset[disabled] .btn-primary.focus { - background-color: #3595F9; - border-color: #3595F9; + background-color: #006BB4; + border-color: #006BB4; } .btn-primary .badge { - color: #3595F9; + color: #006BB4; background-color: #FFF; } .btn-xs { @@ -1803,6 +1922,7 @@ fieldset[disabled] .btn-primary.focus { padding: 10px 10px; border-top: 1px solid transparent; border-bottom: 1px solid transparent; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); margin-top: 6.5px; margin-bottom: 6.5px; @@ -1872,6 +1992,7 @@ fieldset[disabled] .btn-primary.focus { margin-right: 0; padding-top: 0; padding-bottom: 0; + -webkit-box-shadow: none; box-shadow: none; } } @@ -2123,10 +2244,19 @@ button.close { outline: 0; } .modal.fade .modal-dialog { + -webkit-transform: translate(0, -25%); + -ms-transform: translate(0, -25%); + -o-transform: translate(0, -25%); transform: translate(0, -25%); + -webkit-transition: -webkit-transform 0.3s ease-out; + -moz-transition: -moz-transform 0.3s ease-out; + -o-transition: -o-transform 0.3s ease-out; transition: transform 0.3s ease-out; } .modal.in .modal-dialog { + -webkit-transform: translate(0, 0); + -ms-transform: translate(0, 0); + -o-transform: translate(0, 0); transform: translate(0, 0); } .modal-open .modal { @@ -2144,6 +2274,7 @@ button.close { border: 1px solid #98A2B3; border: 1px solid rgba(0, 0, 0, 0.2); border-radius: 4px; + -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); background-clip: padding-box; outline: 0; @@ -2198,6 +2329,7 @@ button.close { margin: 30px auto; } .modal-content { + -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); } .modal-sm { @@ -2231,6 +2363,7 @@ button.close { margin-bottom: 20px; background-color: #b8bec8; border-radius: 4px; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); } .progress-bar { @@ -2242,40 +2375,53 @@ button.close { color: #FFF; text-align: center; background-color: #54B399; + -webkit-transition: width 0.6s ease; + -o-transition: width 0.6s ease; transition: width 0.6s ease; } .progress-striped .progress-bar, .progress-bar-striped { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); background-size: 40px 40px; } .progress.active .progress-bar, .progress-bar.active { -webkit-animation: progress-bar-stripes 2s linear infinite; + -o-animation: progress-bar-stripes 2s linear infinite; animation: progress-bar-stripes 2s linear infinite; } .progress-bar-success { background-color: #017D73; } .progress-striped .progress-bar-success { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); } .progress-bar-info { - background-color: #3595F9; + background-color: #006BB4; } .progress-striped .progress-bar-info { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); } .progress-bar-warning { background-color: #F5A700; } .progress-striped .progress-bar-warning { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); } .progress-bar-danger { background-color: #BD271E; } .progress-striped .progress-bar-danger { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); } .list-group { @@ -2394,7 +2540,7 @@ button.list-group-item-success.active:focus { } .list-group-item-info { color: #FFF; - background-color: #3595F9; + background-color: #006BB4; } a.list-group-item-info, button.list-group-item-info { @@ -2520,7 +2666,7 @@ button.list-group-item-danger.active:focus { .nav .open > a:hover, .nav .open > a:focus { background-color: #D3DAE6; - border-color: #3595F9; + border-color: #006BB4; } .nav .nav-divider { height: 1px; @@ -2614,7 +2760,7 @@ button.list-group-item-danger.active:focus { .nav-pills > li.active > a:hover, .nav-pills > li.active > a:focus { color: #FFF; - background-color: #3595F9; + background-color: #006BB4; } .nav-stacked > li { float: none; @@ -2723,7 +2869,7 @@ button.list-group-item-danger.active:focus { color: #e6e6e6; } .alert-info { - background-color: #3595F9; + background-color: #006BB4; border-color: #004d81; color: #FFF; } @@ -3134,9 +3280,7 @@ button.list-group-item-danger.active:focus { white-space: nowrap; } .dropdown-menu > li > button { - -webkit-appearance: none; - -moz-appearance: none; - appearance: none; + appearance: none; background: none; border: none; width: 100%; @@ -3359,7 +3503,7 @@ select[multiple].input-group-sm > .input-group-addon { padding: 5px 15px; line-height: 1.42857143; text-decoration: none; - color: #3595F9; + color: #006BB4; background-color: transparent; border: 1px solid transparent; margin-left: -1px; @@ -3380,7 +3524,7 @@ select[multiple].input-group-sm > .input-group-addon { .pagination > li > a:focus, .pagination > li > span:focus { z-index: 2; - color: #3595F9; + color: #006BB4; background-color: rgba(0, 0, 0, 0); border-color: transparent; } @@ -3479,7 +3623,7 @@ select[multiple].input-group-sm > .input-group-addon { } .label { display: inline; - padding: .2em .6em .3em; + padding: 0.2em 0.6em 0.3em; font-size: 75%; font-weight: bold; line-height: 1; @@ -3487,7 +3631,7 @@ select[multiple].input-group-sm > .input-group-addon { text-align: center; white-space: nowrap; vertical-align: baseline; - border-radius: .25em; + border-radius: 0.25em; } a.label:hover, a.label:focus { @@ -3499,7 +3643,7 @@ a.label:focus { display: none; } .label-default { - background-color: #3595F9; + background-color: #006BB4; } .label-default[href]:hover, .label-default[href]:focus { @@ -3520,7 +3664,7 @@ a.label:focus { background-color: #014a44; } .label-info { - background-color: #3595F9; + background-color: #006BB4; } .label-info[href]:hover, .label-info[href]:focus { @@ -3545,6 +3689,7 @@ a.label:focus { background-color: #FFF; border: 1px solid transparent; border-radius: 4px; + -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); } .panel-body { @@ -3833,14 +3978,14 @@ a.label:focus { } .panel-info > .panel-heading { color: #FFF; - background-color: #3595F9; + background-color: #006BB4; border-color: #004d81; } .panel-info > .panel-heading + .panel-collapse > .panel-body { border-top-color: #004d81; } .panel-info > .panel-heading .badge { - color: #3595F9; + color: #006BB4; background-color: #FFF; } .panel-info > .panel-footer + .panel-collapse > .panel-body { @@ -4113,12 +4258,12 @@ a.label:focus { background-color: #FFF; color: #F5F7FA; } -.navbar-inverse .kbnGlobalNav__logoBrand { +.navbar-inverse .osdGlobalNav__logoBrand { height: 45px; width: 252px; background-color: #4b4f5d; } -.navbar-inverse .kbnGlobalNav__smallLogoBrand { +.navbar-inverse .osdGlobalNav__smallLogoBrand { height: 45px; width: 45px; background-color: #4b4f5d; @@ -4130,10 +4275,7 @@ a.label:focus { .navbar-brand { cursor: default; font-size: 1.8em; - -webkit-user-select: none; - -moz-user-select: none; - -ms-user-select: none; - user-select: none; + user-select: none; } .navbar-nav { font-size: 12px; @@ -4163,7 +4305,7 @@ a.label:focus { } .text-info, .text-info:hover { - color: #3595F9; + color: #006BB4; } table .success, .table .success, @@ -4196,10 +4338,12 @@ table .info a, .form-control, input { border-width: 1px; + -webkit-box-shadow: none; box-shadow: none; } .form-control:focus, input:focus { + -webkit-box-shadow: none; box-shadow: none; } .has-warning .help-block, @@ -4269,9 +4413,11 @@ input:focus { } .panel { border-radius: 0; + -webkit-box-shadow: 0 0 0 rgba(0, 0, 0, 0); box-shadow: 0 0 0 rgba(0, 0, 0, 0); } .progress { + -webkit-box-shadow: none; box-shadow: none; } .progress .progress-bar { @@ -4279,12 +4425,14 @@ input:focus { line-height: 10px; } .well { + -webkit-box-shadow: none; box-shadow: none; } + /*------------- WAZUH -------------*/ .wz-login { - background: url(./wazuh_wazuh_bg.svg) !important; + background: url(./logos/wazuh_dashboard_login_background.svg) !important; width: 100% !important; height: 100% !important; background-size: cover !important; @@ -4325,25 +4473,9 @@ input:focus { margin-top: 32px; } -.loginWelcome__logo { - display: inline-block; - width: 80px; - height: 80px; - line-height: 80px; - text-align: center; - background-color: #FFF; - border-radius: 100%; - padding: 16px; - box-shadow: 0 6px 12px -1px rgba(152, 162, 179, 0.2), 0 4px 4px -1px rgba(152, 162, 179, 0.2), 0 2px 2px 0 rgba(152, 162, 179, 0.2); - margin-bottom: 32px; -} - div.euiFormRow > div.euiFormRow__fieldWrapper > button { background-color: #3595F9!important; border-color: #3595F9!important; color: #fff; } -.loginWelcome__logo { - background: url(./wazuh_logo_circle.svg) center center no-repeat !important; -} diff --git a/stack/dashboard/base/files/etc/opensearch_dashboards.yml b/stack/dashboard/base/files/etc/opensearch_dashboards.yml index ccdac621c6..b5a48982de 100644 --- a/stack/dashboard/base/files/etc/opensearch_dashboards.yml +++ b/stack/dashboard/base/files/etc/opensearch_dashboards.yml @@ -4,12 +4,12 @@ opensearch.hosts: https://localhost:9200 opensearch.ssl.verificationMode: certificate #opensearch.username: #opensearch.password: -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] +opensearch.requestHeadersAllowlist: ["securitytenant","authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem" server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem" opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wazuh +uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/stack/dashboard/base/files/etc/services/default b/stack/dashboard/base/files/etc/services/default index c4f94fd368..250239f4c8 100644 --- a/stack/dashboard/base/files/etc/services/default +++ b/stack/dashboard/base/files/etc/services/default @@ -5,3 +5,4 @@ chdir="/" nice="" KILL_ON_STOP_TIMEOUT=0 +OSD_PATH_CONF="/etc/wazuh-dashboard" diff --git a/stack/dashboard/base/files/etc/services/wazuh-dashboard.service b/stack/dashboard/base/files/etc/services/wazuh-dashboard.service index 3fd27c5a1a..ef1d2afd42 100644 --- a/stack/dashboard/base/files/etc/services/wazuh-dashboard.service +++ b/stack/dashboard/base/files/etc/services/wazuh-dashboard.service @@ -7,7 +7,7 @@ User=wazuh-dashboard Group=wazuh-dashboard EnvironmentFile=-/etc/default/wazuh-dashboard EnvironmentFile=-/etc/sysconfig/wazuh-dashboard -ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards "-c /etc/wazuh-dashboard/opensearch_dashboards.yml" +ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards WorkingDirectory=/usr/share/wazuh-dashboard [Install] diff --git a/stack/dashboard/base/files/etc/styles.js b/stack/dashboard/base/files/etc/styles.js index 1637d9905d..0d179fb933 100644 --- a/stack/dashboard/base/files/etc/styles.js +++ b/stack/dashboard/base/files/etc/styles.js @@ -128,7 +128,7 @@ const Styles = ({ font-weight: 400; } - .osdLoaderWrap svg { + .osdLoaderWrap svg, .osdLoaderWrap img { width: 384px; height: 112px; margin: auto; diff --git a/stack/dashboard/base/files/etc/template.js b/stack/dashboard/base/files/etc/template.js index 983ce71bc1..d8b53e813d 100644 --- a/stack/dashboard/base/files/etc/template.js +++ b/stack/dashboard/base/files/etc/template.js @@ -57,46 +57,23 @@ const Template = ({ }) => { var _injectedMetadata$bra, _injectedMetadata$bra2, _injectedMetadata$bra3, _injectedMetadata$bra4; - const openSearchLogo = /*#__PURE__*/_react.default.createElement("svg", { - width: "64", - height: "64", - viewBox: "0 0 64 64", - fill: "none", - xmlns: "http://www.w3.org/2000/svg" - }, /*#__PURE__*/_react.default.createElement("path", { - d: "M61.7374 23.5C60.4878 23.5 59.4748 24.513 59.4748 25.7626C59.4748 44.3813 44.3813 59.4748 25.7626 59.4748C24.513 59.4748 23.5 60.4878 23.5 61.7374C23.5 62.987 24.513 64 25.7626 64C46.8805 64 64 46.8805 64 25.7626C64 24.513 62.987 23.5 61.7374 23.5Z", - fill: "#005EB8" - }), /*#__PURE__*/_react.default.createElement("path", { - d: "M48.0814 38C50.2572 34.4505 52.3615 29.7178 51.9475 23.0921C51.0899 9.36725 38.6589 -1.04463 26.9206 0.0837327C22.3253 0.525465 17.6068 4.2712 18.026 10.9805C18.2082 13.8961 19.6352 15.6169 21.9544 16.9399C24.1618 18.1992 26.9978 18.9969 30.2128 19.9011C34.0962 20.9934 38.6009 22.2203 42.063 24.7717C46.2125 27.8295 49.0491 31.3743 48.0814 38Z", - fill: "#003B5C" - }), /*#__PURE__*/_react.default.createElement("path", { - d: "M3.91861 14C1.74276 17.5495 -0.361506 22.2822 0.0524931 28.9079C0.910072 42.6327 13.3411 53.0446 25.0794 51.9163C29.6747 51.4745 34.3932 47.7288 33.974 41.0195C33.7918 38.1039 32.3647 36.3831 30.0456 35.0601C27.8382 33.8008 25.0022 33.0031 21.7872 32.0989C17.9038 31.0066 13.3991 29.7797 9.93694 27.2283C5.78746 24.1704 2.95092 20.6257 3.91861 14Z", - fill: "#005EB8" - })); + const openSearchLogo = _react.default.createElement("img", { + alt: 'Loading logo', + className: 'loadingLogo', + src: `${uiPublicUrl}/logos/opensearch.svg` + }); - const openSearchLogoSpinner = _react.default.createElement("svg", { - viewBox:"0 0 1024 200", - fill: "none", - xmlns: "http://www.w3.org/2000/svg" - }, - _react.default.createElement("polygon",{points:"204.11 142.81 174.37 46.12 150.88 46.12 121.13 142.81 91.65 46.06 64.64 46.06 107.69 187.04 129.61 187.04 162.63 85 195.5 187.04 217.42 187.04 260.48 46.12 233.6 46.12 204.11 142.81", fill:"black"}), - _react.default.createElement("polygon",{points:"451.67 70.52 524.33 70.52 444.36 182.73 444.36 187.04 563.74 187.04 563.74 162.64 487.81 162.64 567.65 50.56 567.65 46.12 451.67 46.12 451.67 70.52", fill:"black"}), - _react.default.createElement("path",{d:"M390,61c-12.09-12.61-28.57-19.24-48-19.24-41,0-72,32.22-72,75s30.95,75,72,75c19.35,0,35.84-6.6,48-19.12v16.16h27.58V44.7H390Zm-45.15,104.7c-27.1,0-46.77-20.6-46.77-49s19.67-48.84,46.77-48.84S391.5,88.4,391.5,116.7,371.89,165.68,344.88,165.68Z", fill:"black"}), - _react.default.createElement("path",{d:"M696.14,125.88c0,25.29-13.92,39.8-38.18,39.8s-38.32-14.51-38.32-39.8V44.7H592v83.39c0,46.91,35.51,63.56,65.92,63.56s65.77-16.65,65.77-63.56V44.7H696.14Z", fill:"black"}), - _react.default.createElement("path",{d:"M883.3,93.62A85.09,85.09,0,0,0,878.86,76a56.88,56.88,0,0,0-9.46-16.64A45.46,45.46,0,0,0,853.3,47q-9.93-4.71-24.54-4.7-19.05,0-32.48,8.22A53,53,0,0,0,782.19,63V8.35h-24.4V187h27.66V113.71q0-12.52,2.8-21.27A37.82,37.82,0,0,1,796,78.35a28.86,28.86,0,0,1,11.42-7.76,39.44,39.44,0,0,1,13.83-2.42c7.47,0,13.55,1.53,18.2,4.57a31.27,31.27,0,0,1,10.82,12,52.22,52.22,0,0,1,5.22,16.12,107.39,107.39,0,0,1,1.38,16.89V187h27.66V108.75A114.2,114.2,0,0,0,883.3,93.62Z", fill:"black"}), - _react.default.createElement("circle",{fill:"#3585F9",cx:"937.12",cy:"167.6",r:"22.24"})); + const openSearchLogoSpinner = _react.default.createElement("img", { + alt: 'Loading logo', + className: 'loadingLogo', + src: `${uiPublicUrl}/logos/opensearch_spinner_on_light.svg` + }); - const openSearchLogoSpinnerDark = _react.default.createElement("svg", { - viewBox:"0 0 1024 200", - fill: "none", - xmlns: "http://www.w3.org/2000/svg" - }, - _react.default.createElement("polygon",{points:"204.11 142.81 174.37 46.12 150.88 46.12 121.13 142.81 91.65 46.06 64.64 46.06 107.69 187.04 129.61 187.04 162.63 85 195.5 187.04 217.42 187.04 260.48 46.12 233.6 46.12 204.11 142.81", fill:"white"}), - _react.default.createElement("polygon",{points:"451.67 70.52 524.33 70.52 444.36 182.73 444.36 187.04 563.74 187.04 563.74 162.64 487.81 162.64 567.65 50.56 567.65 46.12 451.67 46.12 451.67 70.52", fill:"white"}), - _react.default.createElement("path",{d:"M390,61c-12.09-12.61-28.57-19.24-48-19.24-41,0-72,32.22-72,75s30.95,75,72,75c19.35,0,35.84-6.6,48-19.12v16.16h27.58V44.7H390Zm-45.15,104.7c-27.1,0-46.77-20.6-46.77-49s19.67-48.84,46.77-48.84S391.5,88.4,391.5,116.7,371.89,165.68,344.88,165.68Z", fill:"white"}), - _react.default.createElement("path",{d:"M696.14,125.88c0,25.29-13.92,39.8-38.18,39.8s-38.32-14.51-38.32-39.8V44.7H592v83.39c0,46.91,35.51,63.56,65.92,63.56s65.77-16.65,65.77-63.56V44.7H696.14Z", fill:"white"}), - _react.default.createElement("path",{d:"M883.3,93.62A85.09,85.09,0,0,0,878.86,76a56.88,56.88,0,0,0-9.46-16.64A45.46,45.46,0,0,0,853.3,47q-9.93-4.71-24.54-4.7-19.05,0-32.48,8.22A53,53,0,0,0,782.19,63V8.35h-24.4V187h27.66V113.71q0-12.52,2.8-21.27A37.82,37.82,0,0,1,796,78.35a28.86,28.86,0,0,1,11.42-7.76,39.44,39.44,0,0,1,13.83-2.42c7.47,0,13.55,1.53,18.2,4.57a31.27,31.27,0,0,1,10.82,12,52.22,52.22,0,0,1,5.22,16.12,107.39,107.39,0,0,1,1.38,16.89V187h27.66V108.75A114.2,114.2,0,0,0,883.3,93.62Z", fill:"white"}), - _react.default.createElement("circle",{fill:"#3585F9",cx:"937.12",cy:"167.6",r:"22.24"})); + const openSearchLogoSpinnerDark = _react.default.createElement("img", { + alt: 'Loading logo', + className: 'loadingLogo', + src: `${uiPublicUrl}/logos/opensearch_spinner_on_dark.svg` + }); const loadingLogoDefault = (_injectedMetadata$bra = injectedMetadata.branding.loadingLogo) === null || _injectedMetadata$bra === void 0 ? void 0 : _injectedMetadata$bra.defaultUrl; diff --git a/stack/dashboard/base/generate_base.sh b/stack/dashboard/base/generate_base.sh index e1a665e83f..9904e6d397 100755 --- a/stack/dashboard/base/generate_base.sh +++ b/stack/dashboard/base/generate_base.sh @@ -69,16 +69,32 @@ build() { # ----------------------------------------------------------------------------- help() { - echo - echo "Usage: $0 [OPTIONS]" - echo - echo " --app-url [Optional] Set the repository from where the Wazuh plugin should be downloaded. By default, will be used pre-release." - echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." - echo " --reference [Optional] wazuh-packages branch or tag" - echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." - echo " -r, --revision [Optional] Package revision. By default ${revision}" - echo " -h, --help Show this help." - echo + echo -e "" + echo -e "NAME" + echo -e " $(basename "$0") - Build Wazuh dashboard base file." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename "$0") -a | -s | -b | -f | -r | -h" + echo -e "" + echo -e "DESCRIPTION" + echo -e " --app-url " + echo -e " [Optional] Set the repository from where the Wazuh plugin should be downloaded." + echo -e "" + echo -e " -s, --store " + echo -e " [Optional] Set the destination path of package. By default, an output folder will be created." + echo -e "" + echo -e " --reference " + echo -e " [Optional] wazuh-packages branch or tag." + echo -e "" + echo -e " --future" + echo -e " [Optional] Build test future package. Used for development purposes." + echo -e "" + echo -e " -r, --revision " + echo -e " [Optional] Package revision." + echo -e "" + echo -e " -h, --help" + echo -e " Show this help." + echo -e "" exit $1 } diff --git a/stack/dashboard/deb/build_package.sh b/stack/dashboard/deb/build_package.sh index e75e9aa1d1..0b1da825b4 100755 --- a/stack/dashboard/deb/build_package.sh +++ b/stack/dashboard/deb/build_package.sh @@ -17,8 +17,14 @@ deb_amd64_builder="deb_dashboard_builder_amd64" deb_builder_dockerfile="${current_path}/docker" future="no" base_cmd="" -url="" +plugin_main="" +plugin_updates="" +plugin_core="" build_base="yes" +have_main=false +have_updates=false +have_core=false +version="" trap ctrl_c INT @@ -35,12 +41,26 @@ ctrl_c() { clean 1 } +set_version() { + if [ "${reference}" ];then + version=$(curl -sL https://raw.githubusercontent.com/wazuh/wazuh-packages/${reference}/VERSION | cat) + else + version=$(cat ${current_path}/../../../VERSION) + fi +} + build_deb() { container_name="$1" dockerfile_path="$2" - if [ "${repository}" ];then - url="${repository}" + if [ "${plugin_main_reference}" ];then + plugin_main="${plugin_main_reference}" + fi + if [ "${plugin_updates_reference}" ];then + plugin_updates="${plugin_updates_reference}" + fi + if [ "${plugin_core_reference}" ];then + plugin_core="${plugin_core_reference}" fi # Copy the necessary files @@ -54,10 +74,16 @@ build_deb() { if [ "${reference}" ];then base_cmd+="--reference ${reference}" fi - if [ "${url}" ];then - base_cmd+="--app-url ${url}" + if [ "${plugin_main_reference}" ];then + base_cmd+="--app-url ${plugin_main_reference}" fi ../base/generate_base.sh -s ${outdir} -r ${revision} ${base_cmd} + else + basefile="${outdir}/wazuh-dashboard-base-${version}-${revision}-linux-x64.tar.xz" + if ! test -f "${basefile}"; then + echo "Did not find expected Wazuh dashboard base file: ${basefile} in output path. Exiting..." + exit 1 + fi fi # Build the Docker image @@ -70,12 +96,12 @@ build_deb() { if [ "${reference}" ];then docker run -t --rm ${volumes} \ ${container_name} ${architecture} ${revision} \ - ${future} ${url} ${reference} || return 1 + ${future} ${plugin_main} ${plugin_updates} ${plugin_core} ${reference} || return 1 else docker run -t --rm ${volumes} \ -v ${current_path}/../../..:/root:Z \ ${container_name} ${architecture} ${revision} \ - ${future} ${url} || return 1 + ${future} ${plugin_main} ${plugin_updates} ${plugin_core} || return 1 fi echo "Package $(ls -Art ${outdir} | tail -n 1) added to ${outdir}." @@ -100,19 +126,47 @@ build() { } help() { - echo - echo "Usage: $0 [OPTIONS]" - echo - echo " -a, --architecture [Optional] Target architecture of the package [amd64]." - echo " --app-url [Optional] Set the repository from where the Wazuh plugin should be downloaded. By default, will be used pre-release." - echo " -b, --build-base [Optional] Build a new base or use a existing one. By default, yes." - echo " -r, --revision [Optional] Package revision. By default: 1." - echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." - echo " --reference [Optional] wazuh-packages branch to download SPECs, not used by default." - echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." - echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." - echo " -h, --help Show this help." - echo + echo -e "" + echo -e "NAME" + echo -e " $(basename "$0") - Build Wazuh dashboard base file." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename "$0") -a | -m | -u | -c | -s | -b | -f | -r | -h" + echo -e "" + echo -e "DESCRIPTION" + echo -e " -a, --architecture " + echo -e " [Optional] Target architecture of the package [amd64]." + echo -e "" + echo -e " -m, --main-app " + echo -e " [Optional] Wazuh main plugin URL." + echo -e "" + echo -e " -u, --updates-app " + echo -e " [Optional] Wazuh Check Updates plugin URL." + echo -e "" + echo -e " -c, --core-app " + echo -e " [Optional] Wazuh Core plugin URL." + echo -e "" + echo -e " -b, --build-base " + echo -e " [Optional] Build a new base or use a existing one. By default, yes." + echo -e "" + echo -e " -r, --revision " + echo -e " [Optional] Package revision. By default: 1." + echo -e "" + echo -e " -s, --store " + echo -e " [Optional] Set the destination path of package. By default, an output folder will be created." + echo -e "" + echo -e " --reference " + echo -e " [Optional] wazuh-packages branch to download SPECs, not used by default." + echo -e "" + echo -e " --dont-build-docker" + echo -e " [Optional] Locally built docker image will be used instead of generating a new one." + echo -e "" + echo -e " --future" + echo -e " [Optional] Build test future package 99.99.0 Used for development purposes." + echo -e "" + echo -e " -h, --help" + echo -e " Show this help." + echo -e "" exit $1 } @@ -132,9 +186,28 @@ main() { help 1 fi ;; - "--app-url") + "-m"|"--main-app-url") + if [ -n "$2" ]; then + plugin_main_reference="$2" + have_main=true + shift 2 + else + help 1 + fi + ;; + "-u"|"--updates-app-url") + if [ -n "$2" ]; then + plugin_updates_reference="$2" + have_updates=true + shift 2 + else + help 1 + fi + ;; + "-c"|"--core-app-url") if [ -n "$2" ]; then - repository="$2" + plugin_core_reference="$2" + have_core=true shift 2 else help 1 @@ -185,6 +258,15 @@ main() { esac done + set_version + + if [ ! "${plugin_main_reference}" ] && [ ! "${plugin_updates_reference}" ] && [ ! "${plugin_core_reference}" ]; then + echo "No Wazuh plugins have been defined, ${version} pre-release development packages with revision ${revision} will be used." + elif [[ ${have_main} != ${have_updates} ]] || [[ ${have_updates} != ${have_core} ]]; then + echo "The -m, -u, and -c options must be used together." + exit 1 + fi + build || clean 1 clean 0 diff --git a/stack/dashboard/deb/builder.sh b/stack/dashboard/deb/builder.sh index c3fd61076f..fafd97ada0 100755 --- a/stack/dashboard/deb/builder.sh +++ b/stack/dashboard/deb/builder.sh @@ -14,8 +14,10 @@ target="wazuh-dashboard" architecture=$1 revision=$2 future=$3 -repository=$4 -reference=$5 +plugin_main=$4 +plugin_updates=$5 +plugin_core=$6 +reference=$7 directory_base="/usr/share/wazuh-dashboard" if [ -z "${revision}" ]; then @@ -32,19 +34,39 @@ else fi fi -if [ "${repository}" ];then +if [ "${plugin_main}" ] && [ "${plugin_updates}" ] && [ "${plugin_core}" ] ;then valid_url='(https?|ftp|file)://[-[:alnum:]\+&@#/%?=~_|!:,.;]*[-[:alnum:]\+&@#/%=~_|]' - if [[ $repository =~ $valid_url ]];then - url="${repository}" - if ! curl --output /dev/null --silent --head --fail "${url}"; then - echo "The given URL to download the Wazuh plugin zip does not exist: ${url}" + if [[ "${plugin_main}" =~ $valid_url ]];then + url_main="${plugin_main}" + if ! curl --output /dev/null --silent --head --fail "${url_main}"; then + echo "The given URL to download the Wazuh main plugin ZIP does not exist: ${url_main}" exit 1 fi else - url="https://packages-dev.wazuh.com/${repository}/ui/dashboard/wazuh-${version}-${revision}.zip" + url_main="https://packages-dev.wazuh.com/${app_url}/ui/dashboard/wazuh-${version}-${revision}.zip" + fi + if [[ "${plugin_updates}" =~ $valid_url ]];then + url_updates="${plugin_updates}" + if ! curl --output /dev/null --silent --head --fail "${url_updates}"; then + echo "The given URL to download the Wazuh Check Updates plugin ZIP does not exist: ${url_updates}" + exit 1 + fi + else + url_updates="https://packages-dev.wazuh.com/${app_url}/ui/dashboard/wazuhCheckUpdates-${version}-${revision}.zip" + fi + if [[ "${plugin_core}" =~ $valid_url ]];then + url_core="${plugin_core}" + if ! curl --output /dev/null --silent --head --fail "${url_core}"; then + echo "The given URL to download the Wazuh Core plugin ZIP does not exist: ${url_core}" + exit 1 + fi + else + url_core="https://packages-dev.wazuh.com/${app_url}/ui/dashboard/wazuhCore-${version}-${revision}.zip" fi else - url="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${version}-${revision}.zip" + url_main="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${version}-${revision}.zip" + url_updates="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${version}-${revision}.zip" + url_core="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${version}-${revision}.zip" fi # Build directories @@ -52,7 +74,6 @@ build_dir=/build pkg_name="${target}-${version}" pkg_path="${build_dir}/${target}" source_dir="${pkg_path}/${pkg_name}" - mkdir -p ${source_dir}/debian # Including spec file @@ -78,7 +99,7 @@ cd ${source_dir} mk-build-deps -ir -t "apt-get -o Debug::pkgProblemResolver=yes -y" # Build package -debuild --no-lintian -eINSTALLATION_DIR="${directory_base}" -eVERSION="${version}" -eREVISION="${revision}" -eURL="${url}" -b -uc -us +debuild --no-lintian -eINSTALLATION_DIR="${directory_base}" -eVERSION="${version}" -eREVISION="${revision}" -eURLPLUGINMAIN="${url_main}" -eURLPLUGINUPDATES="${url_updates}" -eURLPLUGINCORE="${url_core}" -b -uc -us deb_file="${target}_${version}-${revision}_${architecture}.deb" diff --git a/stack/dashboard/deb/debian/changelog b/stack/dashboard/deb/debian/changelog index 2940b0b2e3..c7394d052d 100644 --- a/stack/dashboard/deb/debian/changelog +++ b/stack/dashboard/deb/debian/changelog @@ -1,14 +1,74 @@ +wazuh-dashboard (4.8.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html + + -- Wazuh, Inc Tue, 13 Feb 2024 00:00:00 +0000 + +wazuh-dashboard (4.8.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html + + -- Wazuh, Inc Wed, 21 Feb 2024 00:00:00 +0000 + +wazuh-dashboard (4.7.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html + + -- Wazuh, Inc Tue, 09 Jan 2024 00:00:00 +0000 + +wazuh-dashboard (4.7.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html + + -- Wazuh, Inc Wed, 13 Dec 2023 00:00:00 +0000 + +wazuh-dashboard (4.7.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html + + -- Wazuh, Inc Tue, 05 Nov 2023 00:00:00 +0000 + +wazuh-dashboard (4.6.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html + + -- Wazuh, Inc Tue, 31 Oct 2023 00:00:00 +0000 + +wazuh-dashboard (4.5.4-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html + + -- Wazuh, Inc Tue, 24 Oct 2023 00:00:00 +0000 + +wazuh-dashboard (4.5.3-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html + + -- Wazuh, Inc Tue, 10 Oct 2023 00:00:00 +0000 + +wazuh-dashboard (4.5.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html + + -- Wazuh, Inc Thu, 31 Aug 2023 00:00:00 +0000 + wazuh-dashboard (4.5.1-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-1.html - -- Wazuh, Inc Tue, 01 Aug 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 24 Aug 2023 15:56:43 +0000 -wazuh-dashboard (4.5.0-RELEASE) stable; urgency=low +wazuh-dashboard (4.5.0-RELEASE) unstable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/ + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html + + -- Wazuh, Inc Thu, 10 Aug 2023 13:45:36 +0000 + +wazuh-dashboard (4.4.5-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html - -- Wazuh, Inc Wed, 19 Jul 2023 13:45:36 +0000 + -- Wazuh, Inc Mon, 10 Jul 2023 13:45:36 +0000 wazuh-dashboard (4.4.4-RELEASE) stable; urgency=low @@ -40,68 +100,74 @@ wazuh-dashboard (4.4.0-RELEASE) stable; urgency=low -- Wazuh, Inc Wed, 18 Jan 2023 12:31:50 +0000 -wazuh-dashboard (4.3.10-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.10-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-10.html -- Wazuh, Inc Thu, 10 Nov 2022 15:00:00 +0000 -wazuh-dashboard (4.3.9-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.9-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-9.html -- Wazuh, Inc Mon, 03 Oct 2022 15:00:00 +0000 -wazuh-dashboard (4.3.8-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.8-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-8.html -- Wazuh, Inc Mon, 19 Sep 2022 15:00:00 +0000 -wazuh-dashboard (4.3.7-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.7-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-7.html -- Wazuh, Inc Mon, 08 Aug 2022 15:00:00 +0000 -wazuh-dashboard (4.3.6-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.6-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html -- Wazuh, Inc Thu, 07 Jul 2022 15:00:00 +0000 -wazuh-dashboard (4.3.5-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.5-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-5.html -- Wazuh, Inc Wed, 29 Jun 2022 15:00:00 +0000 -wazuh-dashboard (4.3.4-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.4-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-4.html -- Wazuh, Inc Tue, 07 Jun 2022 15:41:39 +0000 -wazuh-dashboard (4.3.3-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.3-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-3.html -- Wazuh, Inc Tue, 31 May 2022 15:41:39 +0000 -wazuh-dashboard (4.3.2-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.2-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-2.html -- Wazuh, Inc Mon, 30 May 2022 15:41:39 +0000 -wazuh-dashboard (4.3.1-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.1-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html -- Wazuh, Inc Wed, 18 May 2022 12:14:41 +0000 -wazuh-dashboard (4.3.0-RELEASE) stable; urgency=low +wazuh-dashboard (4.3.0-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html -- Wazuh, Inc Thu, 05 May 2022 12:15:57 +0000 + +wazuh-dashboard (4.2.5-1) UNRELEASED; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/ + + -- Wazuh, Inc Mon, 15 Nov 2021 16:47:07 +0000 diff --git a/stack/dashboard/deb/debian/copyright b/stack/dashboard/deb/debian/copyright index 177faa0cdd..b823f076a5 100644 --- a/stack/dashboard/deb/debian/copyright +++ b/stack/dashboard/deb/debian/copyright @@ -1,6 +1,6 @@ This work was packaged for Debian by: - Wazuh, Inc on Tue, 01 Aug 2023 15:56:43 +0000 + Wazuh, Inc on Wed, 28 Feb 2024 00:00:00 +0000 It was downloaded from: diff --git a/stack/dashboard/deb/debian/postinst b/stack/dashboard/deb/debian/postinst index 4084750dc6..bd4afd0999 100644 --- a/stack/dashboard/deb/debian/postinst +++ b/stack/dashboard/deb/debian/postinst @@ -27,6 +27,7 @@ case "$1" in chmod 750 "${TARGET_DIR}""${INSTALLATION_DIR}" chown -R "${NAME}":"${NAME}" "${TARGET_DIR}""${INSTALLATION_DIR}" setcap 'cap_net_bind_service=+ep' "${INSTALLATION_DIR}"/node/bin/node + setcap 'cap_net_bind_service=+ep' "${INSTALLATION_DIR}"/node/fallback/bin/node if [ -f "${INSTALLATION_DIR}"/"${NAME}".restart ]; then rm -f "${INSTALLATION_DIR}"/"${NAME}".restart if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 ; then @@ -36,10 +37,18 @@ case "$1" in service wazuh-dashboard restart > /dev/null 2>&1 fi fi - if [ ! -f "${INSTALLATION_DIR}"/config/opensearch_dashboards.keystore ]; then + # Move keystore file if upgrade (file exists in install dir in <= 4.6.0) + if [ -f "${INSTALLATION_DIR}"/config/opensearch_dashboards.keystore ]; then + mv "${INSTALLATION_DIR}"/config/opensearch_dashboards.keystore "${CONFIG_DIR}"/opensearch_dashboards.keystore + elif [ ! -f "${CONFIG_DIR}"/opensearch_dashboards.keystore ]; then runuser "${NAME}" --shell="/bin/bash" --command="${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 + chmod 640 "${CONFIG_DIR}"/opensearch_dashboards.keystore + fi + + if ! grep -q "/app/wz-home" "${CONFIG_DIR}"/opensearch_dashboards.yml; then + sed -i 's/\/app\/wazuh/\/app\/wz-home/g' "${CONFIG_DIR}"/opensearch_dashboards.yml fi ;; diff --git a/stack/dashboard/deb/debian/rules b/stack/dashboard/deb/debian/rules index 22f2c14cad..a25a426555 100644 --- a/stack/dashboard/deb/debian/rules +++ b/stack/dashboard/deb/debian/rules @@ -58,6 +58,8 @@ override_dh_install: useradd -g $(GROUP) $(USER) tar -xf $(DASHBOARD_FILE) + sed -i 's/OSD_NODE_OPTS_PREFIX/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_NODE_OPTS_PREFIX/g' "wazuh-dashboard-base/bin/opensearch-dashboards" + sed -i 's/OSD_USE_NODE_JS_FILE_PATH/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_USE_NODE_JS_FILE_PATH/g' "wazuh-dashboard-base/bin/opensearch-dashboards-keystore" mkdir -p $(TARGET_DIR)$(CONFIG_DIR) mkdir -p $(TARGET_DIR)$(INSTALLATION_DIR) @@ -81,8 +83,12 @@ override_dh_install: if [ "$(VERSION)" = "99.99.0" ]; then \ runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/futures/ui/dashboard/wazuh-99.99.0-$(REVISION).zip" ;\ + runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/futures/ui/dashboard/wazuhCheckUpdates-99.99.0-$(REVISION).zip" ;\ + runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/futures/ui/dashboard/wazuhCore-99.99.0-$(REVISION).zip" ;\ else \ - runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install $(URL)" ;\ + runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install $(URLPLUGINMAIN)" ;\ + runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install $(URLPLUGINUPDATES)" ;\ + runuser $(USER) --shell="/bin/bash" --command="$(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-dashboards-plugin install $(URLPLUGINCORE)" ;\ fi find $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/wazuh/ -exec chown $(USER):$(GROUP) {} \; @@ -104,7 +110,7 @@ override_dh_fixperms: chmod 750 $(TARGET_DIR)/etc/default/wazuh-dashboard chmod 640 "$(TARGET_DIR)$(CONFIG_DIR)"/opensearch_dashboards.yml chmod 640 "$(TARGET_DIR)$(CONFIG_DIR)"/node.options - chmod 640 $(TARGET_DIR)/etc/systemd/system/wazuh-dashboard.service + chmod 640 "$(TARGET_DIR)"/etc/systemd/system/wazuh-dashboard.service find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type d -exec chmod 750 {} \; find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 644 -exec chmod 640 {} \; find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 755 -exec chmod 750 {} \; diff --git a/stack/dashboard/rpm/build_package.sh b/stack/dashboard/rpm/build_package.sh index 06d48f526b..a4d1b55046 100755 --- a/stack/dashboard/rpm/build_package.sh +++ b/stack/dashboard/rpm/build_package.sh @@ -17,8 +17,14 @@ rpm_x86_builder="rpm_dashboard_builder_x86" rpm_builder_dockerfile="${current_path}/docker" future="no" base_cmd="" -url="" +plugin_main="" +plugin_updates="" +plugin_core="" build_base="yes" +have_main=false +have_updates=false +have_core=false +version="" trap ctrl_c INT @@ -35,12 +41,26 @@ ctrl_c() { clean 1 } +set_version() { + if [ "${reference}" ];then + version=$(curl -sL https://raw.githubusercontent.com/wazuh/wazuh-packages/${reference}/VERSION | cat) + else + version=$(cat ${current_path}/../../../VERSION) + fi +} + build_rpm() { container_name="$1" dockerfile_path="$2" - if [ "${repository}" ];then - url="${repository}" + if [ "${plugin_main_reference}" ];then + plugin_main="${plugin_main_reference}" + fi + if [ "${plugin_updates_reference}" ];then + plugin_updates="${plugin_updates_reference}" + fi + if [ "${plugin_core_reference}" ];then + plugin_core="${plugin_core_reference}" fi # Copy the necessary files @@ -54,10 +74,16 @@ build_rpm() { if [ "${reference}" ];then base_cmd+="--reference ${reference}" fi - if [ "${url}" ];then - base_cmd+="--app-url ${url}" + if [ "${plugin_main_reference}" ];then + base_cmd+="--app-url ${plugin_main_reference}" fi ../base/generate_base.sh -s ${outdir} -r ${revision} ${base_cmd} + else + basefile="${outdir}/wazuh-dashboard-base-${version}-${revision}-linux-x64.tar.xz" + if ! test -f "${basefile}"; then + echo "Did not find expected Wazuh dashboard base file: ${basefile} in output path. Exiting..." + exit 1 + fi fi # Build the Docker image @@ -70,12 +96,12 @@ build_rpm() { if [ "${reference}" ];then docker run -t --rm ${volumes} \ ${container_name} ${architecture} ${revision} \ - ${future} ${url} ${reference} || return 1 + ${future} ${plugin_main} ${plugin_updates} ${plugin_core} ${reference} || return 1 else docker run -t --rm ${volumes} \ -v ${current_path}/../../..:/root:Z \ ${container_name} ${architecture} \ - ${revision} ${future} ${url} || return 1 + ${revision} ${future} ${plugin_main} ${plugin_updates} ${plugin_core} || return 1 fi echo "Package $(ls -Art ${outdir} | tail -n 1) added to ${outdir}." @@ -100,20 +126,47 @@ build() { } help() { - echo - echo "Usage: $0 [OPTIONS]" - echo - echo " -a, --architecture [Optional] Target architecture of the package [x86_64]." - echo " --app-url [Optional] Set the repository from where the Wazuh plugin should be downloaded. By default, will be used pre-release." - echo " -b, --build-base [Optional] Build a new base or use a existing one. By default, yes." - echo " -r, --revision [Optional] Package revision. By default: 1." - echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." - echo " --reference [Optional] wazuh-packages branch to download SPECs, not used by default." - echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." - echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." - echo " --app-url [Optional] Valid URL for custom app." - echo " -h, --help Show this help." - echo + echo -e "" + echo -e "NAME" + echo -e " $(basename "$0") - Build Wazuh dashboard base file." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename "$0") -a | -m | -u | -c | -s | -b | -f | -r | -h" + echo -e "" + echo -e "DESCRIPTION" + echo -e " -a, --architecture " + echo -e " [Optional] Target architecture of the package [x86_64]." + echo -e "" + echo -e " -m, --main-app " + echo -e " [Optional] Wazuh main plugin URL." + echo -e "" + echo -e " -u, --updates-app " + echo -e " [Optional] Wazuh Check Updates plugin URL." + echo -e "" + echo -e " -c, --core-app " + echo -e " [Optional] Wazuh Core plugin URL." + echo -e "" + echo -e " -b, --build-base " + echo -e " [Optional] Build a new base or use a existing one. By default, yes." + echo -e "" + echo -e " -r, --revision " + echo -e " [Optional] Package revision. By default: 1." + echo -e "" + echo -e " -s, --store " + echo -e " [Optional] Set the destination path of package. By default, an output folder will be created." + echo -e "" + echo -e " --reference " + echo -e " [Optional] wazuh-packages branch to download SPECs, not used by default." + echo -e "" + echo -e " --dont-build-docker" + echo -e " [Optional] Locally built docker image will be used instead of generating a new one." + echo -e "" + echo -e " --future" + echo -e " [Optional] Build test future package 99.99.0 Used for development purposes." + echo -e "" + echo -e " -h, --help" + echo -e " Show this help." + echo -e "" exit $1 } @@ -133,9 +186,28 @@ main() { help 1 fi ;; - "--app-url") + "-m"|"--main-app-url") if [ -n "$2" ]; then - repository="$2" + plugin_main_reference="$2" + have_main=true + shift 2 + else + help 1 + fi + ;; + "-u"|"--updates-app-url") + if [ -n "$2" ]; then + plugin_updates_reference="$2" + have_updates=true + shift 2 + else + help 1 + fi + ;; + "-c"|"--core-app-url") + if [ -n "$2" ]; then + plugin_core_reference="$2" + have_core=true shift 2 else help 1 @@ -186,6 +258,16 @@ main() { esac done + + set_version + + if [ ! "${plugin_main_reference}" ] && [ ! "${plugin_updates_reference}" ] && [ ! "${plugin_core_reference}" ]; then + echo "No Wazuh plugins have been defined, ${version} pre-release development packages with revision ${revision} will be used." + elif [[ ${have_main} != ${have_updates} ]] || [[ ${have_updates} != ${have_core} ]]; then + echo "The -m, -u, and -c options must be used together." + exit 1 + fi + build || clean 1 clean 0 diff --git a/stack/dashboard/rpm/builder.sh b/stack/dashboard/rpm/builder.sh index ee16f0a797..0f19d1e3fb 100755 --- a/stack/dashboard/rpm/builder.sh +++ b/stack/dashboard/rpm/builder.sh @@ -14,8 +14,10 @@ target="wazuh-dashboard" architecture=$1 revision=$2 future=$3 -repository=$4 -reference=$5 +plugin_main=$4 +plugin_updates=$5 +plugin_core=$6 +reference=$7 directory_base="/usr/share/wazuh-dashboard" if [ -z "${revision}" ]; then @@ -32,19 +34,39 @@ else fi fi -if [ "${repository}" ];then +if [ "${plugin_main}" ] && [ "${plugin_updates}" ] && [ "${plugin_core}" ] ;then valid_url='(https?|ftp|file)://[-[:alnum:]\+&@#/%?=~_|!:,.;]*[-[:alnum:]\+&@#/%=~_|]' - if [[ $repository =~ $valid_url ]];then - url="${repository}" - if ! curl --output /dev/null --silent --head --fail "${url}"; then - echo "The given URL to download the Wazuh plugin zip does not exist: ${url}" + if [[ "${plugin_main}" =~ $valid_url ]];then + url_main="${plugin_main}" + if ! curl --output /dev/null --silent --head --fail "${url_main}"; then + echo "The given URL to download the Wazuh main plugin ZIP does not exist: ${url_main}" exit 1 fi else - url="https://packages-dev.wazuh.com/${repository}/ui/dashboard/wazuh-${version}-${revision}.zip" + url_main="https://packages-dev.wazuh.com/${app_url}/ui/dashboard/wazuh-${version}-${revision}.zip" + fi + if [[ "${plugin_updates}" =~ $valid_url ]];then + url_updates="${plugin_updates}" + if ! curl --output /dev/null --silent --head --fail "${url_updates}"; then + echo "The given URL to download the Wazuh Check Updates plugin ZIP does not exist: ${url_updates}" + exit 1 + fi + else + url_updates="https://packages-dev.wazuh.com/${app_url}/ui/dashboard/wazuhCheckUpdates-${version}-${revision}.zip" + fi + if [[ "${plugin_core}" =~ $valid_url ]];then + url_core="${plugin_core}" + if ! curl --output /dev/null --silent --head --fail "${url_core}"; then + echo "The given URL to download the Wazuh Core plugin ZIP does not exist: ${url_core}" + exit 1 + fi + else + url_core="https://packages-dev.wazuh.com/${app_url}/ui/dashboard/wazuhCore-${version}-${revision}.zip" fi else - url="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${version}-${revision}.zip" + url_main="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${version}-${revision}.zip" + url_updates="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${version}-${revision}.zip" + url_core="https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${version}-${revision}.zip" fi # Build directories @@ -59,7 +81,6 @@ mkdir -p ${rpm_build_dir}/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} pkg_name=${target}-${version} mkdir ${build_dir}/${pkg_name} - # Including spec file if [ "${reference}" ];then curl -sL https://github.com/wazuh/wazuh-packages/tarball/${reference} | tar zx @@ -69,14 +90,13 @@ else cp /root/stack/dashboard/rpm/${target}.spec ${rpm_build_dir}/SPECS/${pkg_name}.spec fi - # Generating source tar.gz cd ${build_dir} && tar czf "${rpm_build_dir}/SOURCES/${pkg_name}.tar.gz" "${pkg_name}" # Building RPM /usr/bin/rpmbuild --define "_topdir ${rpm_build_dir}" --define "_version ${version}" \ --define "_release ${revision}" --define "_localstatedir ${directory_base}" \ - --define "_url ${url}" \ + --define "_url_plugin_main ${url_main}" --define "_url_plugin_updates ${url_updates}" --define "_url_plugin_core ${url_core}" \ --target ${architecture} -ba ${rpm_build_dir}/SPECS/${pkg_name}.spec cd ${pkg_path} && sha512sum ${rpm_file} > /tmp/${rpm_file}.sha512 diff --git a/stack/dashboard/rpm/docker/x86_64/Dockerfile b/stack/dashboard/rpm/docker/x86_64/Dockerfile index a41bd3c320..e7635a2d64 100644 --- a/stack/dashboard/rpm/docker/x86_64/Dockerfile +++ b/stack/dashboard/rpm/docker/x86_64/Dockerfile @@ -1,13 +1,16 @@ -FROM centos:7 +FROM amd64/centos:7 + +# Enable EPEL +RUN yum install -y http://packages.wazuh.com/utils/pkg/epel-release-latest-7.noarch.rpm # Install all the necessary tools to build the packages RUN yum clean all && yum update -y RUN yum install -y openssh-clients sudo gnupg \ - yum-utils epel-release redhat-rpm-config rpm-devel \ + yum-utils redhat-rpm-config rpm-devel \ zlib zlib-devel rpm-build autoconf automake \ glibc-devel libtool perl -RUN yum install -y https://repo.ius.io/ius-release-el$(rpm -E '%{rhel}').rpm +RUN yum install -y https://repo.ius.io/ius-release-el$(rpm -E '%{rhel}').rpm RUN yum update -y && yum install -y python3 @@ -18,4 +21,4 @@ ADD builder.sh /usr/local/bin/builder RUN chmod +x /usr/local/bin/builder # Set the entrypoint -ENTRYPOINT ["/usr/local/bin/builder"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/builder"] diff --git a/stack/dashboard/rpm/wazuh-dashboard.spec b/stack/dashboard/rpm/wazuh-dashboard.spec index a5f1f045f6..d32e96d1ab 100644 --- a/stack/dashboard/rpm/wazuh-dashboard.spec +++ b/stack/dashboard/rpm/wazuh-dashboard.spec @@ -31,6 +31,8 @@ ExclusiveOS: linux %global PID_DIR /run/%{name} %global INSTALL_DIR /usr/share/%{name} %global DASHBOARD_FILE wazuh-dashboard-base-%{version}-%{release}-linux-x64.tar.xz +%define _source_payload w9.gzdio +%define _binary_payload w9.gzdio # ----------------------------------------------------------------------------- @@ -53,6 +55,10 @@ useradd -g %{GROUP} %{USER} tar -xf %{DASHBOARD_FILE} +# Set custom config dir +sed -i 's/OSD_NODE_OPTS_PREFIX/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_NODE_OPTS_PREFIX/g' "wazuh-dashboard-base/bin/opensearch-dashboards" +sed -i 's/OSD_USE_NODE_JS_FILE_PATH/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_USE_NODE_JS_FILE_PATH/g' "wazuh-dashboard-base/bin/opensearch-dashboards-keystore" + # ----------------------------------------------------------------------------- %install @@ -88,8 +94,12 @@ chown root:root %{buildroot}/etc/systemd/system/wazuh-dashboard.service if [ "%{version}" = "99.99.0" ];then runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/futures/ui/dashboard/wazuh-99.99.0-%{release}.zip" + runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/futures/ui/dashboard/wazuhCheckUpdates-99.99.0-%{release}.zip" + runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/futures/ui/dashboard/wazuhCore-99.99.0-%{release}.zip" else - runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install %{_url}" + runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install %{_url_plugin_main}" + runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install %{_url_plugin_updates}" + runuser %{USER} --shell="/bin/bash" --command="%{buildroot}%{INSTALL_DIR}/bin/opensearch-dashboards-plugin install %{_url_plugin_core}" fi find %{buildroot}%{INSTALL_DIR}/plugins/wazuh/ -exec chown %{USER}:%{GROUP} {} \; @@ -129,12 +139,7 @@ fi %post setcap 'cap_net_bind_service=+ep' %{INSTALL_DIR}/node/bin/node - -if [ ! -f %{INSTALLATION_DIR}/config/opensearch_dashboards.keystore ]; then - runuser %{USER} --shell="/bin/bash" --command="%{INSTALL_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 - runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 - runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 -fi +setcap 'cap_net_bind_service=+ep' %{INSTALL_DIR}/node/fallback/bin/node # ----------------------------------------------------------------------------- @@ -181,6 +186,20 @@ if [ ! -d %{PID_DIR} ]; then chown %{USER}:%{GROUP} %{PID_DIR} fi +# Move keystore file if upgrade (file exists in install dir in <= 4.6.0) +if [ -f "%{INSTALL_DIR}"/config/opensearch_dashboards.keystore ]; then + mv "%{INSTALL_DIR}"/config/opensearch_dashboards.keystore "%{CONFIG_DIR}"/opensearch_dashboards.keystore +elif [ ! -f %{CONFIG_DIR}/opensearch_dashboards.keystore ]; then + runuser %{USER} --shell="/bin/bash" --command="%{INSTALL_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 + runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 + runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 + chmod 640 "%{CONFIG_DIR}"/opensearch_dashboards.keystore +fi + +if ! grep -q "/app/wz-home" %{CONFIG_DIR}/opensearch_dashboards.yml; then + sed -i 's/\/app\/wazuh/\/app\/wz-home/g' %{CONFIG_DIR}/opensearch_dashboards.yml +fi + if [ -f %{INSTALL_DIR}/wazuh-dashboard.restart ]; then rm -f %{INSTALL_DIR}/wazuh-dashboard.restart if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then @@ -202,15 +221,17 @@ rm -fr %{buildroot} %files %defattr(-,%{USER},%{GROUP}) -%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR} -%attr(0750, %{USER}, %{GROUP}) "/etc/default/wazuh-dashboard" -%config(noreplace) %attr(0640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/opensearch_dashboards.yml" -%attr(440, %{USER}, %{GROUP}) %{INSTALL_DIR}/VERSION +%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR} %dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR} +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node" +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node_modules" +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/data" +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/plugins" +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin" +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/config" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/core" -%attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/core/*" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/remove" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/list" @@ -230,7 +251,6 @@ rm -fr %{buildroot} %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/__fixtures__/plugin" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/__fixtures__/plugin/foo" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/plugins" -%attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/plugins/* %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests" @@ -249,158 +269,96 @@ rm -fr %{buildroot} %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/keystore" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui" +%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/apm" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/apm" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/docs" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node_modules" -%attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node_modules/*" -%attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node_modules/.yarn-integrity" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node" + +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/*.json" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/*.yml" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/*.txt" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/remove/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/list/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/downloaders/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/*.zip" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/*.jpg" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/utils/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/root/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/harden/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/__fixtures__/plugin/foo/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/__fixtures__/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests/__fixtures__/*.yml" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests/__fixtures__/reload_logging_config/*.yml" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/lib/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/utils/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/rotate/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/core/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/localization/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/warnings/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/http/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/keystore/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap/*.hbs" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/apm/*.js" +%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/docs/*.js" + %attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node/*" -%attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node/bin/node" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/data" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/plugins" +%attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/core/*" +%attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/plugins/* +%attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node_modules/*" %attr(-, %{USER}, %{GROUP}) "%{INSTALL_DIR}/plugins/*" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/remove/settings.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/remove/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/remove/remove.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/dev.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/list/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/list/list.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/lib/logger.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/lib/errors.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/lib/log_warnings.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/opensearch_dashboards.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/downloaders/file.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/downloaders/http.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/zip.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/download.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/install.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/settings.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/rename.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/invalid_name.zip" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/test_plugin_different_version.zip" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/banana.jpg" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/test_plugin_no_opensearch_dashboards.zip" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/test_plugin.zip" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/corrupt.zip" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/__fixtures__/replies/test_plugin_many.zip" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/cleanup.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/pack.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/install/progress.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/cli.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_plugin/dist.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/cli_keystore.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/add.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/create.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/utils/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/utils/prompt.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/dev.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/get_keystore.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/remove.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/dist.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli_keystore/list.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/apm.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/root/force.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/root/is_root.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/root/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/polyfill.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/node_version_validator.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/harden/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/harden/child_process.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/harden/lodash_template.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/no_transpilation.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/exit_on_warning.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/setup_node_env/dist.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/np_ui_plugin_public_dirs.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/optimize_mixin.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/proxy_bundles_route.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/file_hash.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/file_hash_cache.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/__fixtures__/plugin/foo/plugin.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/__fixtures__/outside_output.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/bundles_route.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/optimize/bundles_route/dynamic_asset_response.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/command.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/help.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/cli.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/serve.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/read_keystore.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests/__fixtures__/invalid_config.yml" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests/__fixtures__/reload_logging_config/opensearch_dashboards_log_file.test.yml" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests/__fixtures__/reload_logging_config/opensearch_dashboards_log_console.test.yml" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/serve/integration_tests/__fixtures__/reload_logging_config/opensearch_dashboards.test.yml" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/cli/dist.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/utils/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/utils/unset.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/utils/version.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/utils/artifact_type.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/utils/deep_clone_with_buffers.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/rotate/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/rotate/log_rotator.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/apply_filters_to_keys.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/log_format.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/log_reporter.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/log_format_json.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/log_with_metadata.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/configuration.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/log_interceptor.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/logging/log_format_string.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/core/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/localization/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/localization/telemetry_localization_collector.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/localization/file_integrity.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/get_translations_path.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/i18n/constants.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/osd_server.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/warnings/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/http/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/http/register_hapi_plugins.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/http/setup_base_path_provider.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config/override.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config/complete.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config/schema.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/config/config.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/keystore/keystore.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/keystore/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/server/keystore/errors.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_mixin.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/ui_render_mixin.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap/osd_bundles_loader_source.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap/template.js.hbs" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/ui_render/bootstrap/app_bootstrap.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/legacy/ui/apm/index.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/docs/docs_repo.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/src/docs/cli.js" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/package.json" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/manifest.yml" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/LICENSE.txt" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/NOTICE.txt" -%attr(640, %{USER}, %{GROUP}) "%{INSTALL_DIR}/README.txt" + +%attr(440, %{USER}, %{GROUP}) "%{INSTALL_DIR}/VERSION" +%attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/node_modules/.yarn-integrity" +%attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin/use_node" %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin/opensearch-dashboards" %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin/opensearch-dashboards-plugin" %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin/opensearch-dashboards-keystore" -%dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/config" +%attr(750, %{USER}, %{GROUP}) "/etc/default/wazuh-dashboard" %attr(640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/node.options" %attr(640, root, root) "/etc/systemd/system/wazuh-dashboard.service" +%config(noreplace) %attr(640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/opensearch_dashboards.yml" %changelog -* Tue Aug 01 2023 support - 4.5.1 +* Wed Feb 28 2024 support - 4.8.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html +* Wed Feb 21 2024 support - 4.8.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html +* Tue Jan 09 2024 support - 4.7.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html +* Wed Dec 13 2023 support - 4.7.1 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html +* Tue Nov 21 2023 support - 4.7.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html +* Tue Oct 31 2023 support - 4.6.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html +* Tue Oct 24 2023 support - 4.5.4 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html +* Tue Oct 10 2023 support - 4.5.3 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html +* Thu Aug 31 2023 support - 4.5.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html +* Thu Aug 24 2023 support - 4.5.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5.1.html -* Wed Jul 19 2023 support - 4.5.0 +* Thu Aug 10 2023 support - 4.5.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html +* Mon Jul 10 2023 support - 4.4.5 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html * Tue Jun 13 2023 support - 4.4.4 - More info: https://documentation.wazuh.com/current/release-notes/release-4-4-4.html * Thu May 25 2023 support - 4.4.3 diff --git a/stack/indexer/base/builder.sh b/stack/indexer/base/builder.sh index 14c413e603..4186c79ba7 100644 --- a/stack/indexer/base/builder.sh +++ b/stack/indexer/base/builder.sh @@ -10,13 +10,14 @@ set -x # License (version 2) as published by the FSF - Free Software # Foundation. -set -e +set -ex architecture="$1" revision="$2" -future="$3" -reference="$4" -opensearch_version="2.6.0" +filebeat_module_reference="$3" +future="$4" +reference="$5" +opensearch_version="2.10.0" base_dir=/opt/wazuh-indexer-base # ----------------------------------------------------------------------------- @@ -58,18 +59,23 @@ find -type l -exec rm -rf {} \; find -name "*.bat" -exec rm -rf {} \; rm -rf README.md manifest.yml opensearch-tar-install.sh logs sed -i 's|OPENSEARCH_DISTRIBUTION_TYPE=tar|OPENSEARCH_DISTRIBUTION_TYPE=rpm|g' bin/opensearch-env -sed -i 's|"$OPENSEARCH_HOME"/config|/etc/wazuh-indexer|g' bin/opensearch-env +sed -i 's|"$OPENSEARCH_HOME"/config|/etc/wazuh-indexer|g' bin/opensearch-env cp -r /root/stack/indexer/base/files/systemd-entrypoint bin/ mkdir -p ./etc/wazuh-indexer/ cp -r ./config/* ./etc/wazuh-indexer/ rm -rf ./config cp -r /root/stack/indexer/base/files/etc/wazuh-indexer/* ./etc/wazuh-indexer/ +curl -so ./etc/wazuh-indexer/wazuh-template.json "https://raw.githubusercontent.com/wazuh/wazuh/${filebeat_module_reference}/extensions/elasticsearch/7.x/wazuh-template.json" cp -r /root/stack/indexer/base/files/etc/sysconfig ./etc/ cp -r /root/stack/indexer/base/files/etc/init.d ./etc/ cp -r /root/stack/indexer/base/files/usr ./ +cp -r /root/stack/indexer/indexer-ism-init.sh bin/ +cp -r /root/stack/indexer/indexer-init.sh bin/ rm -rf ./plugins/opensearch-security/tools/install_demo_configuration.sh cp /root/VERSION . + + # ----------------------------------------------------------------------------- # Compile systemD module @@ -85,6 +91,12 @@ sed -i 's|-SNAPSHOT||g' "${base_dir}"/modules/systemd/plugin-descriptor.properti cd "${base_dir}" rm -rf OpenSearch +find -type d -exec chmod 750 {} \; +find -type f -perm 644 -exec chmod 640 {} \; +find -type f -perm 664 -exec chmod 660 {} \; +find -type f -perm 755 -exec chmod 750 {} \; +find -type f -perm 744 -exec chmod 740 {} \; + # ----------------------------------------------------------------------------- # Base output diff --git a/stack/indexer/base/files/usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service b/stack/indexer/base/files/usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service index b19fba0d09..d759f92022 100644 --- a/stack/indexer/base/files/usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service +++ b/stack/indexer/base/files/usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service @@ -4,11 +4,12 @@ PartOf=wazuh-indexer.service After=wazuh-indexer.service [Service] -ExecStart=/usr/share/wazuh-indexer/bin/performance-analyzer-agent-cli +ExecStart=/usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli Restart=on-failure User=wazuh-indexer Group=wazuh-indexer Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer +Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer/ WorkingDirectory=/usr/share/wazuh-indexer [Install] diff --git a/stack/indexer/base/generate_base.sh b/stack/indexer/base/generate_base.sh index 20a224e92c..78fcf47e51 100755 --- a/stack/indexer/base/generate_base.sh +++ b/stack/indexer/base/generate_base.sh @@ -18,6 +18,7 @@ container_name="indexer_base_builder" architecture="x64" future="no" revision="1" +filebeat_module_reference="" # ----------------------------------------------------------------------------- @@ -48,11 +49,11 @@ build_base() { # Build the RPM package with a Docker container if [ "${reference}" ];then docker run -t --rm -v ${outdir}/:/tmp/output:Z \ - ${container_name} ${architecture} ${revision} ${future} ${reference} || return 1 + ${container_name} ${architecture} ${revision} ${filebeat_module_reference} ${future} ${reference} || return 1 else docker run -t --rm -v ${outdir}/:/tmp/output:Z \ -v ${current_path}/../../..:/root:Z \ - ${container_name} ${architecture} ${revision} ${future} || return 1 + ${container_name} ${architecture} ${revision} ${filebeat_module_reference} ${future} || return 1 fi echo "Base file $(ls -Art ${outdir} | tail -n 1) added to ${outdir}." @@ -66,11 +67,12 @@ help() { echo echo "Usage: $0 [OPTIONS]" echo - echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." - echo " --reference [Optional] wazuh-packages branch or tag" - echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." - echo " -r, --revision [Optional] Package revision. By default ${revision}" - echo " -h, --help Show this help." + echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." + echo " --reference [Optional] wazuh-packages branch or tag." + echo " -f, --filebeat-module-reference [Optional] wazuh/wazuh Filebeat template branch or tag." + echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." + echo " -r, --revision [Optional] Package revision. By default ${revision}" + echo " -h, --help Show this help." echo exit "${1}" } @@ -100,6 +102,14 @@ main() { help 1 fi ;; + "-f"|"--filebeat-module-reference") + if [ -n "${2}" ]; then + filebeat_module_reference="${2}" + shift 2 + else + help 1 + fi + ;; "--future") future="yes" shift 1 @@ -112,11 +122,16 @@ main() { help 1 fi ;; + *) help 1 esac done + if [ -z "${filebeat_module_reference}" ]; then + filebeat_module_reference=$(cat ${current_path}/../../../VERSION) + fi + build_base || clean 1 clean 0 diff --git a/stack/indexer/deb/build_package.sh b/stack/indexer/deb/build_package.sh index b5032d0760..cb08a00680 100755 --- a/stack/indexer/deb/build_package.sh +++ b/stack/indexer/deb/build_package.sh @@ -18,6 +18,7 @@ deb_builder_dockerfile="${current_path}/docker" future="no" base_cmd="" build_base="yes" +filebeat_module_reference="" trap ctrl_c INT @@ -49,7 +50,18 @@ build_deb() { if [ "${reference}" ];then base_cmd+="--reference ${reference}" fi - ../base/generate_base.sh -s ${outdir} -r ${revision} ${base_cmd} + ../base/generate_base.sh -s ${outdir} -r ${revision} -f ${filebeat_module_reference} ${base_cmd} + else + if [ "${reference}" ];then + version=$(curl -sL https://raw.githubusercontent.com/wazuh/wazuh-packages/${reference}/VERSION | cat) + else + version=$(cat ${current_path}/../../../VERSION) + fi + basefile="${outdir}/wazuh-indexer-base-${version}-${revision}-linux-x64.tar.xz" + if ! test -f "${basefile}"; then + echo "Did not find expected Wazuh indexer base file: ${basefile} in output path. Exiting..." + exit 1 + fi fi # Build the Docker image @@ -96,14 +108,15 @@ help() { echo echo "Usage: $0 [OPTIONS]" echo - echo " -a, --architecture [Optional] Target architecture of the package [amd64]." - echo " -b, --build-base [Optional] Build a new base or use a existing one. By default, yes." - echo " -r, --revision [Optional] Package revision. By default: 1." - echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." - echo " --reference [Optional] wazuh-packages branch to download SPECs, not used by default." - echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." - echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." - echo " -h, --help Show this help." + echo " -a, --architecture [Optional] Target architecture of the package [amd64]." + echo " -b, --build-base [Optional] Build a new base or use a existing one. By default, yes." + echo " -r, --revision [Optional] Package revision. By default: 1." + echo " -s, --store [Optional] Set the destination path of package. By default, an output folder will be created." + echo " --reference [Optional] wazuh-packages branch to download SPECs, not used by default." + echo " -f, --filebeat-module-reference [Optional] wazuh/wazuh Filebeat template branch or tag." + echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." + echo " --future [Optional] Build test future package 99.99.0 Used for development purposes." + echo " -h, --help Show this help." echo exit $1 } @@ -148,6 +161,14 @@ main() { help 1 fi ;; + "-f"|"--filebeat-module-reference") + if [ -n "${2}" ]; then + filebeat_module_reference="${2}" + shift 2 + else + help 1 + fi + ;; "--dont-build-docker") build_docker="no" shift 1 @@ -169,6 +190,10 @@ main() { esac done + if [ -z "${filebeat_module_reference}" ]; then + filebeat_module_reference=$(cat ${current_path}/../../../VERSION) + fi + build || clean 1 clean 0 diff --git a/stack/indexer/deb/debian/changelog b/stack/indexer/deb/debian/changelog index 5e9b93c25a..9233e80909 100644 --- a/stack/indexer/deb/debian/changelog +++ b/stack/indexer/deb/debian/changelog @@ -1,14 +1,74 @@ +wazuh-indexer (4.8.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html + + -- Wazuh, Inc Tue, 13 Feb 2024 00:00:00 +0000 + +wazuh-indexer (4.8.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html + + -- Wazuh, Inc Wed, 21 Feb 2024 00:00:00 +0000 + +wazuh-indexer (4.7.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html + + -- Wazuh, Inc Tue, 09 Jan 2024 00:00:00 +0000 + +wazuh-indexer (4.7.1-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html + + -- Wazuh, Inc Wed, 13 Dec 2023 00:00:00 +0000 + +wazuh-indexer (4.7.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html + + -- Wazuh, Inc Tue, 05 Nov 2023 00:00:00 +0000 + +wazuh-indexer (4.6.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html + + -- Wazuh, Inc Tue, 31 Oct 2023 00:00:00 +0000 + +wazuh-indexer (4.5.4-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html + + -- Wazuh, Inc Tue, 24 Oct 2023 00:00:00 +0000 + +wazuh-indexer (4.5.3-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html + + -- Wazuh, Inc Tue, 10 Oct 2023 00:00:00 +0000 + +wazuh-indexer (4.5.2-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html + + -- Wazuh, Inc Thu, 31 Aug 2023 00:00:00 +0000 + wazuh-indexer (4.5.1-RELEASE) stable; urgency=low - * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html + * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-1.html - -- Wazuh, Inc Tue, 01 Aug 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 24 Aug 2023 15:56:43 +0000 wazuh-indexer (4.5.0-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html - -- Wazuh, Inc Wed, 19 Jul 2023 15:56:43 +0000 + -- Wazuh, Inc Thu, 10 Aug 2023 15:56:43 +0000 + +wazuh-indexer (4.4.5-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html + + -- Wazuh, Inc Mon, 10 Jul 2023 12:31:50 +0000 wazuh-indexer (4.4.4-RELEASE) stable; urgency=low @@ -40,68 +100,74 @@ wazuh-indexer (4.4.0-RELEASE) stable; urgency=low -- Wazuh, Inc Wed, 18 Jan 2023 12:31:50 +0000 -wazuh-indexer (4.3.10-RELEASE) stable; urgency=low +wazuh-indexer (4.3.10-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-10.html -- Wazuh, Inc Thu, 10 Nov 2022 15:00:00 +0000 -wazuh-indexer (4.3.9-RELEASE) stable; urgency=low +wazuh-indexer (4.3.9-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-9.html -- Wazuh, Inc Mon, 03 Oct 2022 15:00:00 +0000 -wazuh-indexer (4.3.8-RELEASE) stable; urgency=low +wazuh-indexer (4.3.8-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-8.html -- Wazuh, Inc Mon, 19 Sep 2022 15:00:00 +0000 -wazuh-indexer (4.3.7-RELEASE) stable; urgency=low +wazuh-indexer (4.3.7-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-7.html -- Wazuh, Inc Mon, 08 Aug 2022 15:00:00 +0000 -wazuh-indexer (4.3.6-RELEASE) stable; urgency=low +wazuh-indexer (4.3.6-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html -- Wazuh, Inc Thu, 07 Jul 2022 15:00:00 +0000 -wazuh-indexer (4.3.5-RELEASE) stable; urgency=low +wazuh-indexer (4.3.5-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-5.html -- Wazuh, Inc Wed, 29 Jun 2022 15:00:00 +0000 -wazuh-indexer (4.3.4-RELEASE) stable; urgency=low +wazuh-indexer (4.3.4-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-4.html -- Wazuh, Inc Tue, 07 Jun 2022 15:41:39 +0000 -wazuh-indexer (4.3.3-RELEASE) stable; urgency=low +wazuh-indexer (4.3.3-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-3.html -- Wazuh, Inc Tue, 31 May 2022 15:41:39 +0000 -wazuh-indexer (4.3.2-RELEASE) stable; urgency=low +wazuh-indexer (4.3.2-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-2.html -- Wazuh, Inc Mon, 30 May 2022 15:41:39 +0000 -wazuh-indexer (4.3.1-RELEASE) stable; urgency=low +wazuh-indexer (4.3.1-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html -- Wazuh, Inc Wed, 18 May 2022 12:14:41 +0000 -wazuh-indexer (4.3.0-RELEASE) stable; urgency=low +wazuh-indexer (4.3.0-RELEASE) unstable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html -- Wazuh, Inc Thu, 05 May 2022 12:15:57 +0000 + + wazuh-indexer (4.2.5-1) UNRELEASED; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/ + + -- Wazuh, Inc Mon, 15 Nov 2021 16:47:07 +0000 diff --git a/stack/indexer/deb/debian/copyright b/stack/indexer/deb/debian/copyright index 177faa0cdd..b823f076a5 100644 --- a/stack/indexer/deb/debian/copyright +++ b/stack/indexer/deb/debian/copyright @@ -1,6 +1,6 @@ This work was packaged for Debian by: - Wazuh, Inc on Tue, 01 Aug 2023 15:56:43 +0000 + Wazuh, Inc on Wed, 28 Feb 2024 00:00:00 +0000 It was downloaded from: diff --git a/stack/indexer/deb/debian/postinst b/stack/indexer/deb/debian/postinst index 0ce951f7bf..0972bec1d9 100644 --- a/stack/indexer/deb/debian/postinst +++ b/stack/indexer/deb/debian/postinst @@ -35,6 +35,10 @@ fi export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-${CONFIG_DIR}} +if [ -d /run/systemd/system ]; then + rm -f /etc/init.d/wazuh-indexer +fi + # To pick up /usr/lib/sysctl.d/wazuh-indexer.conf if command -v systemctl > /dev/null 2>&1; then systemctl restart systemd-sysctl.service > /dev/null 2>&1 || true diff --git a/stack/indexer/deb/debian/prerm b/stack/indexer/deb/debian/prerm index 8004e9a316..863ddabea2 100644 --- a/stack/indexer/deb/debian/prerm +++ b/stack/indexer/deb/debian/prerm @@ -69,7 +69,7 @@ if [ "$STOP_REQUIRED" = "true" ]; then elif [ -x /etc/rc.d/init.d/wazuh-indexer ] ; then /etc/rc.d/init.d/wazuh-indexer stop > /dev/null 2>&1 else # Anything else - kill -15 `pgrep -f opensearch` > /dev/null 2>&1 + kill -15 `pgrep -f opensearch` > /dev/null 2>&1 || true fi echo " OK" fi @@ -87,4 +87,3 @@ if [ "$REMOVE_SERVICE" = "true" ]; then update-rc.d wazuh-indexer remove >/dev/null || true fi fi - diff --git a/stack/indexer/deb/debian/rules b/stack/indexer/deb/debian/rules index 9759cd1907..1c12b726b5 100644 --- a/stack/indexer/deb/debian/rules +++ b/stack/indexer/deb/debian/rules @@ -100,6 +100,7 @@ override_dh_install: cp /root/documentation-templates/wazuh/config.yml $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/config.yml # Copy Wazuh's config files for the security plugin + cp -pr $(REPO_DIR)/config/indexer/roles/action_groups.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ cp -pr $(REPO_DIR)/config/indexer/roles/roles_mapping.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ cp -pr $(REPO_DIR)/config/indexer/roles/roles.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ cp -pr $(REPO_DIR)/config/indexer/roles/internal_users.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ @@ -134,6 +135,7 @@ override_dh_fixperms: chmod 750 $(TARGET_DIR)$(LOG_DIR) chown -R $(USER):$(GROUP) $(TARGET_DIR)$(LOG_DIR) + chmod 660 $(TARGET_DIR)/etc/default/$(NAME) chown root:$(GROUP) $(TARGET_DIR)/etc/default/$(NAME) chmod 750 $(TARGET_DIR)/etc/init.d/$(NAME) @@ -148,1069 +150,32 @@ override_dh_fixperms: chown root:root $(TARGET_DIR)$(SYS_DIR)/tmpfiles.d/$(NAME).conf chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR) - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/bin - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/bin/performance-analyzer-rca - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/bin/performance-analyzer-agent - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/performance-analyzer-rca-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/sqlite-jdbc-3.32.3.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/log4j-api-2.17.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/commons-lang3-3.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/jsr305-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/log4j-core-2.17.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/annotations-4.1.1.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/commons-io-2.7.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/jooq-3.10.8.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/bcpkix-jdk15on-1.70.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/bcprov-jdk15on-1.70.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/bcutil-jdk15on-1.70.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-api-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-context-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-core-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-netty-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-protobuf-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-protobuf-lite-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/grpc-stub-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/gson-2.9.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/guava-31.1-android.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/jackson-annotations-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/jackson-core-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/jackson-databind-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-buffer-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-codec-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-codec-http-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-codec-http2-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-codec-socks-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-common-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-handler-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-handler-proxy-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-resolver-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-transport-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/netty-transport-native-unix-common-4.1.86.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/perfmark-api-0.25.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/performance-analyzer-rca-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/protobuf-java-3.21.12.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/proto-google-common-protos-2.9.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/animal-sniffer-annotations-1.21.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/checker-qual-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/lib/error_prone_annotations-2.14.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/agent-stats-metadata - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/log4j2.xml - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/opensearch_security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/performance-analyzer.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/plugin-stats-metadata - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/rca.conf - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/rca_cluster_manager.conf - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/rca_idle_cluster_manager.conf - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/performance-analyzer-rca/config/supervisord.conf - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-shard - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-node - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-keystore - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-plugin - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-cli - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-env - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-env-from-file - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-upgrade - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/systemd-entrypoint - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/indexer-security-init.sh - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-performance-analyzer - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-performance-analyzer/performance-analyzer-agent - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/lib - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/hppc-0.8.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-geo-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-cli-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-common-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/java-version-checker-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/log4j-api-2.17.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-x-content-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-plugin-classloader-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jna-5.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/log4j-core-2.17.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/log4j-jul-2.17.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-launchers-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-secure-sm-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/plugin-cli - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/plugin-cli/opensearch-plugin-cli-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/upgrade-cli - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/upgrade-cli/opensearch-upgrade-cli-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/keystore-cli - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/keystore-cli/keystore-cli-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jts-core-1.15.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/t-digest-3.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/opensearch-core-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/spatial4j-0.7.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jackson-core-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jackson-dataformat-cbor-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jackson-dataformat-smile-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jackson-dataformat-yaml-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/joda-time-2.12.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/jopt-simple-5.0.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/HdrHistogram-2.1.12.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-analysis-common-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-backward-codecs-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-core-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-grouping-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-highlighter-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-join-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-memory-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-misc-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-queries-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-queryparser-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-sandbox-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-spatial-extras-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-spatial3d-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/lucene-suggest-9.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/snakeyaml-1.33.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/plugin-cli/bc-fips-1.0.2.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/plugin-cli/bcpg-fips-1.0.7.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/upgrade-cli/jackson-annotations-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/upgrade-cli/jackson-core-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/lib/tools/upgrade-cli/jackson-databind-2.14.2.jar - chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-observability - chmod 660 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-observability/observability.yml - chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-reports-scheduler - chmod 660 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-reports-scheduler/reports-scheduler.yml chmod 660 $(TARGET_DIR)$(CONFIG_DIR)/jvm.options + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/aggs-matrix-stats chmod 660 $(TARGET_DIR)$(CONFIG_DIR)/opensearch.yml - chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-notifications-core - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-notifications-core/notifications-core.yml - chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-notifications - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-notifications/notifications.yml - chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/agent-stats-metadata - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/log4j2.xml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/opensearch_security.policy - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/performance-analyzer.properties - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/plugin-stats-metadata - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/rca.conf - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/rca_cluster_manager.conf - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/rca_idle_cluster_manager.conf - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-performance-analyzer/supervisord.conf - chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/action_groups.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/audit.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/config.yml + chmod 660 $(TARGET_DIR)$(CONFIG_DIR)/wazuh-template.json + chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/roles_mapping.yml chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/internal_users.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/nodes_dn.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/opensearch.yml.example chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/roles.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/roles_mapping.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/tenants.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/whitelist.yml - chmod 640 $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/allowlist.yml chmod 750 $(TARGET_DIR)$(CONFIG_DIR)/jvm.options.d chmod 440 $(TARGET_DIR)$(INSTALLATION_DIR)/VERSION - chmod 660 $(TARGET_DIR)$(CONFIG_DIR)/log4j2.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/NOTICE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/LICENSE.txt - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/opensearch-observability-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/kotlinx-coroutines-core-jvm-1.3.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/guava-31.0.1-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/kotlin-stdlib-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/kotlin-stdlib-common-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/jackson-annotations-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/jackson-databind-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/json-20220924.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/json-base-2.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-observability/json-flattener-0.15.1.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/jsoup-1.15.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/json-20180813.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/kotlinx-coroutines-core-jvm-1.3.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/opensearch-reports-scheduler-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/gson-2.8.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/guava-31.0.1-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/kotlin-stdlib-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/kotlin-stdlib-common-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/kotlin-test-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/jackson-annotations-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/jackson-databind-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/json-base-2.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-reports-scheduler/json-flattener-0.15.1.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/geo-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/resilience4j-core-1.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/core-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/protocol-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/slf4j-api-1.7.36.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/druid-1.0.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/sql-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/opensearch-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/commons-lang3-3.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/reindex-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/gson-2.8.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/j2objc-annotations-1.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/jsr305-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/antlr4-runtime-4.7.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/json-20180813.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/NOTICE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/resilience4j-retry-1.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/LICENSE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/vavr-match-0.10.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/parent-join-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/vavr-0.10.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/presto-matching-0.240.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/legacy-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/opensearch-ssl-config-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/commons-codec-1.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/opensearch-sql-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/commons-math3-3.6.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/ppl-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/common-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/ST4-4.0.8.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/antlr-runtime-3.5.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/antlr4-4.7.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/checker-qual-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/error_prone_annotations-2.7.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/guava-31.0.1-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/icu4j-58.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/jackson-annotations-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/jackson-databind-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/javax.json-1.0.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/opensearch-ml-client-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/org.abego.treelayout.core-1.0.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/spring-aop-5.3.22.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/spring-beans-5.3.22.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/spring-context-5.3.22.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/spring-core-5.3.22.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/spring-expression-5.3.22.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/spring-jcl-5.3.22.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/sql-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/annotations-13.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/kotlin-reflect-1.4.30.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/kotlin-stdlib-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/kotlin-stdlib-common-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.4.30.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/okhttp-4.9.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/okhttp-aws-signer-1.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/okio-jvm-2.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-sql/prometheus-2.6.0.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/ipaddress-5.3.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/annotations-13.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/opensearch-cross-cluster-replication-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-common-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-cross-cluster-replication/kotlinx-coroutines-core-jvm-1.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/commons-lang-2.6.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/opensearch-knn-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/LICENSE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/NOTICE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/guava-30.0-jre.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/lib - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/lib/libgomp.so.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/lib/libopensearchknn_common.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/lib/libopensearchknn_faiss.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-knn/lib/libopensearchknn_nmslib.so - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/ipaddress-5.3.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/annotations-13.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/kotlinx-coroutines-core-jvm-1.3.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/opensearch-index-management-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/commons-codec-1.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/kotlin-stdlib-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/kotlin-stdlib-common-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/kotlin-stdlib-jdk7-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-index-management/opensearch-index-management-spi-2.6.0.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/sqlite-jdbc-3.32.3.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/jsr305-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/opensearch-performance-analyzer-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/annotations-4.1.1.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/javax.annotation-api-1.3.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/commons-io-2.7.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/jooq-3.10.8.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/animal-sniffer-annotations-1.21.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/bcpkix-jdk15on-1.70.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/bcprov-jdk15on-1.70.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/bcutil-jdk15on-1.70.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/checker-qual-3.29.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/commons-lang3-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/error_prone_annotations-2.9.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-api-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-context-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-core-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-netty-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-protobuf-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-protobuf-lite-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/grpc-stub-1.52.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/gson-2.9.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/guava-31.1-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/jackson-annotations-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/jackson-databind-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-buffer-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-codec-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-codec-http-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-codec-http2-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-codec-socks-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-common-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-handler-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-resolver-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-transport-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/netty-transport-native-unix-common-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/perfmark-api-0.25.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/performanceanalyzer-rca-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/protobuf-java-3.21.12.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/proto-google-common-protos-2.9.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-performance-analyzer/protobuf-java-3.21.12.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-job-scheduler - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-job-scheduler/opensearch-job-scheduler-spi-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-job-scheduler/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-job-scheduler/opensearch-job-scheduler-2.6.0.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-saml-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-codec-1.14.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/java-saml-2.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/minimal-json-0.9.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-security-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jakarta.activation-1.2.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-logging-1.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/json-path-2.4.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/aggs-matrix-stats-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/lang-mustache-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/bcprov-jdk15on-1.67.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/json-flattener-0.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/cxf-rt-rs-json-basic-3.5.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-xmlsec-impl-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/txw2-2.3.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/cxf-core-3.5.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/metrics-core-3.1.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-soap-impl-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jsr305-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-messaging-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-storage-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-lang-2.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/mapper-extras-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jakarta.xml.bind-api-2.3.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-saml-impl-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/java-saml-core-2.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-core-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-cli-1.3.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-lang3-3.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/lz4-java-1.7.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/rank-eval-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/ldaptive-1.2.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensearch-security-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/woodstox-core-6.4.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/eventbus-3.2.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/istack-commons-runtime-3.0.12.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/asm-9.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/parent-join-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/json-smart-2.4.7.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/xmlsec-2.2.3.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/SECURITY_ADMIN_TESTS.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/config.yml + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/indexer-security-init.sh + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/indexer-ism-init.sh + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/indexer-init.sh + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/systemd-entrypoint + chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/audit_config_migrater.sh chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/hash.sh chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/securityadmin.sh - chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/audit_config_migrater.sh chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/wazuh-certs-tool.sh chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/wazuh-passwords-tool.sh - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/xmlschema-core-2.2.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/httpclient-cache-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/transport-netty4-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-xmlsec-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/zjsonpatch-0.4.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/accessors-smart-2.4.7.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensearch-rest-high-level-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/cxf-rt-security-3.5.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/java-support-7.5.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/stax2-api-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/cxf-rt-rs-security-jose-3.5.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-profile-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jaxb-runtime-2.3.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-security-impl-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-collections-3.2.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/commons-text-1.10.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/opensaml-soap-api-3.4.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/checker-qual-3.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/compiler-0.9.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/cryptacular-1.2.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/error_prone_annotations-2.3.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/guava-30.0-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/j2objc-annotations-1.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jackson-annotations-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jjwt-api-0.10.8.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jjwt-impl-0.10.8.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jjwt-jackson-0.10.8.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-buffer-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-codec-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-codec-http-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-common-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-handler-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-resolver-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-transport-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/netty-transport-native-unix-common-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/slf4j-api-1.7.30.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/snappy-java-1.1.8.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/zstd-jni-1.5.0-2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/jackson-databind-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/kafka-clients-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/bcpkix-jdk15on-1.70.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/antlr4-runtime-4.10.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/commons-codec-1.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/commons-lang3-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/commons-logging-1.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/cron-utils-9.1.6.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/kotlin-stdlib-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/opensearch-security-analytics-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security-analytics/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/LICENSE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/NOTICE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/commons-lang3-3.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/opensearch-ml-client-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/opensearch-neural-search-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-neural-search/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-asynchronous-search - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-asynchronous-search/opensearch-asynchronous-search-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-asynchronous-search/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-asynchronous-search/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-asynchronous-search/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/commons-lang3-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/commons-lang-2.6.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/gson-2.8.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/opensearch-anomaly-detection-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/org.jacoco.ant-0.8.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/commons-pool2-2.10.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/sketches-core-0.13.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/org.jacoco.agent-0.8.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/memory-0.12.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/commons-codec-1.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/commons-math3-3.6.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/guava-31.0.1-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/jackson-annotations-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/jackson-databind-2.14.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/javassist-3.28.0-GA.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/protostuff-api-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/protostuff-collectionschema-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/protostuff-core-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/protostuff-runtime-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/randomcutforest-core-3.0-rc3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.0-rc3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/randomcutforest-serialization-3.0-rc3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-anomaly-detection/commons-logging-1.2.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/LICENSE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/NOTICE.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/commons-lang3-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/opensearch-geospatial-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/geo-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-geospatial/h3-2.6.0.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/error_prone_annotations-2.3.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/cron-utils-9.1.6.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/slf4j-api-1.7.30.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/ipaddress-5.3.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/j2objc-annotations-1.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/jsr305-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/javax.el-3.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/javassist-3.27.0-GA.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/kotlinx-coroutines-core-1.1.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/annotations-13.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/guava-30.0-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/alerting-core-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/google-java-format-1.10.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/checker-qual-3.5.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/opensearch-alerting-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/kotlinx-coroutines-core-common-1.1.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/commons-codec-1.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/commons-beanutils-1.9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/commons-collections-3.2.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/commons-digester-2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/commons-validator-1.7.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/kotlin-stdlib-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/kotlin-stdlib-common-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/percolator-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-alerting/commons-logging-1.2.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-beanutils-1.9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-codec-1.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-collections-3.2.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-collections4-4.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-io-2.11.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-lang3-3.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-logging-1.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-math3-3.6.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-text-1.10.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-classification-core-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-classification-sgd-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-common-tree-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/gson-2.9.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/guava-31.0.1-jre.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jackson-annotations-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jackson-databind-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jansi-2.4.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/javassist-3.26.0-GA.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jline-builtins-3.21.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jline-reader-3.21.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jline-style-3.21.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jline-terminal-3.21.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jline-terminal-jansi-3.21.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/libsvm-3.25.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/olcut-config-protobuf-5.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/olcut-core-5.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/opencsv-5.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/opensearch-ml-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/opensearch-ml-algorithms-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/opensearch-ml-common-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/protobuf-java-3.21.9.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/protostuff-api-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/protostuff-collectionschema-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/protostuff-core-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/protostuff-runtime-1.8.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/randomcutforest-core-3.0-rc3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/randomcutforest-parkservices-3.0-rc3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/randomcutforest-testutils-3.0-rc3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/reflections-0.9.12.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-anomaly-core-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-anomaly-libsvm-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-clustering-core-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-clustering-kmeans-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-common-libsvm-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-common-sgd-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-core-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-data-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-math-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-regression-core-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-regression-sgd-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-util-infotheory-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-util-onnx-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tribuo-util-tokenization-4.2.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/api-0.19.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/checker-qual-3.12.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/commons-compress-1.21.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/error_prone_annotations-2.7.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/failureaccess-1.0.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/j2objc-annotations-1.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/jsr305-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/log4j-slf4j-impl-2.19.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/onnxruntime_gpu-1.13.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/onnxruntime-engine-0.19.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/pytorch-engine-0.19.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/pytorch-model-zoo-0.19.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/slf4j-api-1.7.36.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-ml/tokenizers-0.19.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/ - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/activation-1.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/aws-java-sdk-core-1.12.48.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/aws-java-sdk-ses-1.12.48.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/aws-java-sdk-sns-1.12.48.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/aws-java-sdk-sts-1.12.48.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/jackson-annotations-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/jackson-databind-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/javax.mail-1.6.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/kotlin-stdlib-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/kotlin-stdlib-common-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/opensearch-notifications-core-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/opensearch-notifications-core-spi-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/commons-logging-1.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications-core/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications/common-utils-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications/kotlin-stdlib-common-1.6.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications/kotlinx-coroutines-core-jvm-1.4.3.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications/opensearch-notifications-2.6.0.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-notifications/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common/jcodings-1.0.58.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common/opensearch-grok-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common/opensearch-dissect-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common/ingest-common-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-common/joni-2.1.44.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/geo - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/geo/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/geo/geo-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/maxmind-db-2.1.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/GeoLite2-Country.mmdb - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/GeoLite2-City.mmdb - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/ingest-geoip-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/GeoLite2-ASN.mmdb - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/geoip2-3.0.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/jackson-annotations-2.14.2.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-geoip/jackson-databind-2.14.2.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/percolator - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/percolator/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/percolator/percolator-client-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/analysis-common - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/analysis-common/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/analysis-common/analysis-common-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/aggs-matrix-stats - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/aggs-matrix-stats/aggs-matrix-stats-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/aggs-matrix-stats/plugin-descriptor.properties - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/repository-url - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/repository-url/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/repository-url/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/repository-url/repository-url-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-mustache - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-mustache/lang-mustache-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-mustache/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-mustache/compiler-0.9.10.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-mustache/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/systemd - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/systemd/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/systemd/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/systemd/systemd-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/transport-netty4-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-buffer-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-codec-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-codec-http-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-common-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-handler-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-resolver-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-transport-4.1.87.Final.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/transport-netty4/netty-transport-native-unix-common-4.1.87.Final.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/lang-expression-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/antlr4-runtime-4.11.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/asm-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/asm-commons-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/asm-tree-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-expression/lucene-expressions-9.5.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/lang-painless-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/opensearch-scripting-painless-spi-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/antlr4-runtime-4.11.1.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/asm-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/asm-analysis-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/asm-commons-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/asm-tree-9.4.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/lang-painless/asm-util-9.4.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/rank-eval - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/rank-eval/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/rank-eval/rank-eval-client-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/reindex-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/opensearch-dashboards-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/opensearch-ssl-config-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/commons-codec-1.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/opensearch-dashboards/commons-logging-1.2.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-user-agent - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-user-agent/ingest-user-agent-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/ingest-user-agent/plugin-descriptor.properties - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/mapper-extras - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/mapper-extras/mapper-extras-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/mapper-extras/plugin-descriptor.properties - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/parent-join - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/parent-join/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/parent-join/parent-join-client-2.6.0.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/httpcore-nio-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/httpasyncclient-4.1.5.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/reindex-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/opensearch-rest-client-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/plugin-security.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/httpclient-4.5.13.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/opensearch-ssl-config-2.6.0.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/commons-codec-1.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/httpcore-4.4.15.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/commons-logging-1.2.jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/parent-join - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/parent-join/plugin-descriptor.properties - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/transport-netty4 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/transport-netty4/plugin-descriptor.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/modules/reindex/transport-netty4/plugin-security.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jrunscript.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jcmd.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/java.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jdeprscan.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/javadoc.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jar.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jdb.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jpackage.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jstatd.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/serialver.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/keytool.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jconsole.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jlink.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jhsdb.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jshell.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/rmiregistry.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/javac.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jstack.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jfr.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jps.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jarsigner.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jmod.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jstat.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jinfo.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jmap.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/jdeps.1 - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/man/man1/javap.1 - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jdeps - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/rmiregistry - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jrunscript - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jdeprscan - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jar - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jmap - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jps - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jstatd - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/java - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jdb - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jimage - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/javadoc - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jconsole - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jcmd - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jstack - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jinfo - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jpackage - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/serialver - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/javap - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/keytool - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jarsigner - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jhsdb - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jlink - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jfr - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jstat - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/javac - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jmod - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/bin/jshell - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/release - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/LICENSE - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/ADDITIONAL_LICENSE_INFO - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/icu.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/c-libutl.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/public_suffix.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/cldr.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/aes.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/ASSEMBLY_EXCEPTION - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/asm.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.base/unicode.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.security.sasl - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.scripting - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.dynalink/dynalink.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.management - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.javadoc/jqueryUI.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.javadoc/jquery.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml/xalan.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml/xerces.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml/jcup.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml/bcel.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml/dom.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.smartcardio - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.smartcardio/pcsclite.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.transaction.xa - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.prefs - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.compiler - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.logging - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.internal.opt/jopt-simple.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml.crypto - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.xml.crypto/santuario.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.localedata/thaidict.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.sql.rowset - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.net.http - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.rmi - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.sql - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.naming - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.datatransfer - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.internal.le/jline.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.crypto.cryptoki/pkcs11cryptotoken.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/jdk.crypto.cryptoki/pkcs11wrapper.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.instrument - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.management.rmi - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/xwd.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/mesa3d.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/harfbuzz.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/lcms.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/giflib.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/jpeg.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/colorimaging.md - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/legal/java.desktop/libpng.md - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/server - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/server/libjsig.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/server/classes.jsa - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/server/classes_nocoops.jsa - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/server/libjvm.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libawt.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libawt_headless.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libsplashscreen.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libnio.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjdwp.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libj2pcsc.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjli.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libsctp.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjimage.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjsig.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjava.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/liblcms.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libawt_xawt.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jexec - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libverify.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libmanagement_agent.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/psfont.properties.ja - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libprefs.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libzip.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjaas.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjsound.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libextnet.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libj2gss.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/tzdb.dat - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libdt_socket.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/psfontj2d.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jvm.cfg - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/ct.sym - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libj2pkcs11.so - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jfr - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jfr/default.jfc - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jfr/profile.jfc - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libmanagement_ext.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/classlist - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libnet.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjavajpeg.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libfontmanager.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/modules - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libinstrument.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libmanagement.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjawt.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libsaproc.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libmlib_image.so - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/security - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/security/cacerts - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/security/public_suffix_list.dat - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/security/default.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/librmi.so - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jspawnhelper - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/jrt-fs.jar - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libattach.so - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/jvmti.h - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/classfile_constants.h - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/jdwpTransport.h - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/jawt.h - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/jni.h - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/jvmticmlr.h - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/linux - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/linux/jawt_md.h - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/include/linux/jni_md.h - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/net.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/sound.properties - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/sdp - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/sdp/sdp.conf.template - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/management - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/management/management.properties - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/management/jmxremote.access - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/management/jmxremote.password.template - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/logging.properties - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/java.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/limited - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/limited/default_US_export.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/limited/exempt_local.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/limited/default_local.policy - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/unlimited - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/unlimited/default_US_export.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/unlimited/default_local.policy - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/policy/README.txt - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/conf/security/java.security - chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.unsupported.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.transaction.xa.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.crypto.cryptoki.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.rmi.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.attach.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jshell.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.xml.dom.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.se.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.ed.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jartool.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.compiler.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.base.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.smartcardio.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.security.auth.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.unsupported.desktop.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.security.sasl.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.incubator.foreign.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.management.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.management.agent.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.xml.crypto.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.vm.ci.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.prefs.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.crypto.ec.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.jvmstat.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.sql.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.xml.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.security.jgss.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.compiler.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.sctp.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.charsets.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.management.jfr.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jlink.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.localedata.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jsobject.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.net.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.hotspot.agent.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jstatd.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.dynalink.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jfr.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.naming.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.le.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jcmd.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.management.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.net.http.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.logging.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.accessibility.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.opt.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.management.rmi.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.security.jgss.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.desktop.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.nio.mapmode.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.vm.compiler.management.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jdwp.agent.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jdi.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.javadoc.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.naming.rmi.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.naming.dns.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.editpad.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jdeps.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.internal.vm.compiler.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.sql.rowset.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.scripting.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.datatransfer.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.httpserver.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.zipfs.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jconsole.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/java.instrument.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/NOTICE - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.incubator.vector.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.jpackage.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/jmods/jdk.random.jmod - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libjsvml.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/libsyslookup.so - chmod 640 $(TARGET_DIR)$(INSTALLATION_DIR)/jdk/lib/security/blocked.certs + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli + chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/opensearch-performance-analyzer/performance-analyzer-agent + + find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type d -exec chmod 750 {} \; + find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 644 -exec chmod 640 {} \; + find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 664 -exec chmod 660 {} \; + find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 755 -exec chmod 750 {} \; + find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 744 -exec chmod 740 {} \; # ----------------------------------------------------------------------------- diff --git a/stack/indexer/indexer-init.sh b/stack/indexer/indexer-init.sh new file mode 100644 index 0000000000..80882e290e --- /dev/null +++ b/stack/indexer/indexer-init.sh @@ -0,0 +1,138 @@ +#!/bin/bash +# Wazuh Copyright (C) 2023 Wazuh Inc. (License GPLv2) +# Wazuh - indexer initialization script + +INSTALL_PATH="/usr/share/wazuh-indexer" +BIN_PATH="${INSTALL_PATH}/bin" + + +######################################################################### +# Parse arguments for security init script. +######################################################################### +function parse_security_args() { + security_args=() + + while [ -n "$1" ]; do + case "$1" in + "-h" | "--help") + security_args+=("${1}") + shift + ;; + "-ho" | "--host") + if [ -n "$2" ]; then + security_args+=("${1}" "${2}") + shift 2 + fi + ;; + "--port") + if [ -n "$2" ]; then + security_args+=("${1}" "${2}") + shift 2 + fi + ;; + "--options") + if [ -n "$2" ]; then + security_args+=("${1}" "${2}") + shift 2 + fi + ;; + *) + shift + ;; + esac + done +} + + +######################################################################### +# Run the security init script. +######################################################################### +function run_security_init() { + echo "Executing Wazuh indexer security init script..." + parse_security_args "$@" + /bin/bash "${BIN_PATH}/indexer-security-init.sh" "${security_args[@]}" +} + + +######################################################################### +# Parse arguments for ISM init script. +######################################################################### +function parse_ism_args() { + ism_args=() + + while [ -n "${1}" ]; do + case "${1}" in + "-a" | "--min-index-age") + if [ -n "${2}" ]; then + ism_args+=("${1}" "${2}") + shift 2 + fi + ;; + "-d" | "--min-doc-count") + if [ -n "${2}" ]; then + ism_args+=("${1}" "${2}") + shift 2 + fi + ;; + "-h" | "--help") + ism_args+=("${1}") + shift + ;; + "-i" | "--indexer-hostname") + if [ -n "${2}" ]; then + ism_args+=("${1}" "${2}") + shift 2 + fi + ;; + "-p" | "--indexer-password") + if [ -n "${2}" ]; then + ism_args+=("${1}" "${2}") + shift 2 + fi + ;; + "-s" | "--min-shard-size") + if [ -n "${2}" ]; then + ism_args+=("${1}" "${2}") + shift 2 + fi + ;; + "-P" | "--priority") + if [ -n "${2}" ]; then + ism_args+=("${1}" "${2}") + shift 2 + fi + ;; + "-v" | "--verbose") + ism_args+=("${1}") + shift + ;; + *) + shift + ;; + esac + done +} + + +######################################################################### +# Run the ISM init script. +######################################################################### +function run_ism_init() { + echo "Executing Wazuh indexer ISM init script..." + parse_ism_args "$@" + /bin/bash "${BIN_PATH}/indexer-ism-init.sh" "${ism_args[@]}"; +} + + +######################################################################### +# Main function. +######################################################################### +function main() { + # If run_security_init returns 0, then run_ism_init + if run_security_init "$@" -gt 0; then + run_ism_init "$@" + fi +} + + +main "$@" diff --git a/stack/indexer/indexer-ism-init.sh b/stack/indexer/indexer-ism-init.sh new file mode 100644 index 0000000000..3529516899 --- /dev/null +++ b/stack/indexer/indexer-ism-init.sh @@ -0,0 +1,438 @@ +#!/bin/bash +# Wazuh Copyright (C) 2023 Wazuh Inc. (License GPLv2) +# Wazuh - Indexer set rollover policy and templates + +# Policy settings +MIN_SHARD_SIZE="25" +MIN_INDEX_AGE="7d" +MIN_DOC_COUNT="600000000" +ISM_INDEX_PATTERNS='["wazuh-alerts-*", "wazuh-archives-*", "-wazuh-alerts-4.x-sample*"]' +ISM_PRIORITY="50" +INDEXER_PASSWORD="admin" +INDEXER_HOSTNAME="localhost" + +POLICY_NAME="rollover_policy" +LOG_FILE="/var/log/wazuh-indexer/ism-init.log" + +INDEXER_URL="https://${INDEXER_HOSTNAME}:9200" + +# curl settings shortcuts +C_AUTH="-u admin:${INDEXER_PASSWORD}" + +ALERTS_TEMPLATE="/etc/wazuh-indexer/wazuh-template.json" + +######################################################################### +# Creates the rollover_policy ISM policy. +# Globals: +# MIN_SHARD_SIZE: The minimum shard size in GB. +# MIN_INDEX_AGE: The minimum index age. +# MIN_DOC_COUNT: The minimum document count. +# ISM_INDEX_PATTERNS: The index patterns to apply the policy. +# ISM_PRIORITY: The policy priority. +# Arguments: +# None. +# Returns: +# The rollover policy as a JSON string +######################################################################### +function generate_rollover_policy() { + cat <<-EOF + { + "policy": { + "description": "Wazuh rollover and alias policy", + "default_state": "active", + "states": [ + { + "name": "active", + "actions": [ + { + "rollover": { + "min_primary_shard_size": "${MIN_SHARD_SIZE}gb", + "min_index_age": "${MIN_INDEX_AGE}", + "min_doc_count": "${MIN_DOC_COUNT}" + } + } + ] + } + ], + "ism_template": { + "index_patterns": ${ISM_INDEX_PATTERNS}, + "priority": "${ISM_PRIORITY}" + } + } + } + EOF +} + +######################################################################### +# Creates an index template with order 3 to set the rollover alias. +# Arguments: +# - The alias name, a string. Also used as index pattern. +# Returns: +# The index template as a JSON string. +######################################################################### +function generate_rollover_template() { + cat <<-EOF + { + "order": 3, + "index_patterns": ["${1}-*"], + "settings": { + "index.plugins.index_state_management.rollover_alias": "${1}" + } + } + EOF +} + +######################################################################### +# Creates an index template to disable replicas on ISM configurastion indices. +# Returns: +# The index template as a JSON string. +######################################################################### +function generate_ism_config_template() { + cat <<-EOF + { + "order": 1, + "index_patterns": [ + ".opendistro-ism-managed-index-history-*", + ".opendistro-ism-config", + ".opendistro-job-scheduler-lock" + ], + "settings": { + "number_of_replicas": 0 + } + } + EOF +} + +######################################################################### +# Creates persistent cluster's settings to disable replicas for ISM history. +# Returns: +# The setting as a JSON string. +######################################################################### +function generate_ism_config() { + cat <<-EOF + { + "persistent": { + "plugins": { + "index_state_management": { + "history": { + "number_of_replicas": "0" + } + } + } + } + } + EOF +} + +######################################################################### +# Loads the index templates for the rollover policy to the indexer. +######################################################################### +function load_templates() { + # Load wazuh-template.json, needed for initial indices creation. + echo "Will create 'wazuh' index template" + if [ -f "${ALERTS_TEMPLATE}" ]; then + cat "${ALERTS_TEMPLATE}" | + if ! curl -s -k ${C_AUTH} \ + -X PUT "${INDEXER_URL}/_template/wazuh" \ + -o "${LOG_FILE}" --create-dirs \ + -H 'Content-Type: application/json' -d @-; then + echo " ERROR: 'wazuh' template creation failed" + return 1 + else + echo " SUCC: 'wazuh' template created or updated" + fi + else + echo " ERROR: ${ALERTS_TEMPLATE} not found" + fi + + # Load template for ISM configuration indices + echo "Will create 'ism_history_indices' index template" + generate_ism_config_template | + if ! curl -s -k ${C_AUTH} \ + -X PUT "${INDEXER_URL}/_template/ism_history_indices" \ + -o "${LOG_FILE}" --create-dirs \ + -H 'Content-Type: application/json' -d @-; then + echo " ERROR: 'ism_history_indices' template creation failed" + return 1 + else + echo " SUCC: 'ism_history_indices' template created or updated" + fi + + # Make settings persistent + echo "Will disable replicas for 'plugins.index_state_management.history' indices" + generate_ism_config | + if ! curl -s -k ${C_AUTH} \ + -X PUT "${INDEXER_URL}/_cluster/settings" \ + -o "${LOG_FILE}" --create-dirs \ + -H 'Content-Type: application/json' -d @-; then + echo " ERROR: cluster's settings update failed" + return 1 + else + echo " SUCC: cluster's settings saved" + fi + + echo "Will create index templates to configure the alias" + for alias in "${aliases[@]}"; do + generate_rollover_template "${alias}" | + if ! curl -s -k ${C_AUTH} \ + -X PUT "${INDEXER_URL}/_template/${alias}-rollover" \ + -o "${LOG_FILE}" --create-dirs \ + -H 'Content-Type: application/json' -d @-; then + echo " ERROR: '${alias}' template creation failed" + return 1 + else + echo " SUCC: '${alias}' template created or updated" + fi + done +} + +######################################################################### +# Uploads the rollover policy. +# If the policy does not exist, the policy "${POLICY_NAME}" is created. +# If the policy exists, but the rollover conditions are different, the +# policy is updated. +# Arguments: +# None. +######################################################################### +function upload_rollover_policy() { + echo "Will create the '${POLICY_NAME}' policy" + policy_exists=$( + curl -s -k ${C_AUTH} \ + -X GET "${INDEXER_URL}/_plugins/_ism/policies/${POLICY_NAME}" \ + -o "${LOG_FILE}" --create-dirs \ + -w "%{http_code}" + ) + + # Check if the ${POLICY_NAME} ISM policy was loaded (404 error if not found) + if [[ "${policy_exists}" == "404" ]]; then + policy_uploaded=$( + curl -s -k ${C_AUTH} \ + -X PUT "${INDEXER_URL}/_plugins/_ism/policies/${POLICY_NAME}" \ + -o "${LOG_FILE}" --create-dirs \ + -H 'Content-Type: application/json' \ + -d "$(generate_rollover_policy)" \ + -w "%{http_code}" + ) + + if [[ "${policy_uploaded}" == "201" ]]; then + echo " SUCC: '${POLICY_NAME}' policy created" + else + echo " ERROR: '${POLICY_NAME}' policy not created => ${policy_uploaded}" + return 1 + fi + else + if [[ "${policy_exists}" == "200" ]]; then + echo " INFO: policy '${POLICY_NAME}' already exists. Skipping policy creation" + else + echo " ERROR: could not check if the policy '${POLICY_NAME}' exists => ${policy_exists}" + return 1 + fi + fi +} + +######################################################################### +# Check if an alias exists in the indexer. +# Arguments: +# 1. The alias to look for. String. +######################################################################### +function check_for_write_index() { + curl -s -k ${C_AUTH} "${INDEXER_URL}/_cat/aliases" | + grep -i "${1}" | + grep -i true | + awk '{print $2}' +} + +######################################################################### +# Creates the settings for the aliased write index. +# Arguments: +# 1. The alias. String. +######################################################################### +function generate_write_index_alias() { + cat <<-EOF + { + "aliases": { + "$1": { + "is_write_index": true + } + } + } + EOF +} + +######################################################################### +# Creates the initial aliased write index. +# Arguments: +# 1. The alias. String. +######################################################################### +function create_write_index() { + if ! curl -s -k ${C_AUTH} -o "${LOG_FILE}" --create-dirs \ + -X PUT "$INDEXER_URL/%3C${1}-4.x-%7Bnow%2Fd%7D-000001%3E" \ + -H 'Content-Type: application/json' \ + -d "$(generate_write_index_alias "${1}")"; then + echo " ERROR: creating '${1}' write index" + return 1 + else + echo " SUCC: '${1}' write index created" + fi +} + +######################################################################### +# Creates the write indices for the aliases given as parameter. +# Arguments: +# 1. List of aliases to initialize. +######################################################################### +function create_indices() { + echo "Will create initial indices for the aliases" + for alias in "${aliases[@]}"; do + # Check if there are any write indices for the current alias + write_index_exists=$(check_for_write_index "${alias}") + + # Create the write index if it does not exist + if [[ -z $write_index_exists ]]; then + create_write_index "${alias}" + else + echo " INFO: '${alias}' write index already exists. Skipping write index creation" + fi + done +} + +######################################################################### +# Shows usage help. +######################################################################### +function show_help() { + echo -e "" + echo -e "NAME" + echo -e " indexer-ism-init.sh - Manages the Index State Management plugin for Wazuh indexer index rollovers policies." + echo -e "" + echo -e "SYNOPSIS" + echo -e " indexer-ism-init.sh [OPTIONS]" + echo -e "" + echo -e "DESCRIPTION" + echo -e " -a, --min-index-age " + echo -e " Set the minimum index age. By default 7d." + echo -e "" + echo -e " -d, --min-doc-count " + echo -e " Set the minimum document count. By default 200000000." + echo -e "" + echo -e " -h, --help" + echo -e " Shows help." + echo -e "" + echo -e " -i, --indexer-hostname " + echo -e " Specifies the Wazuh indexer hostname or IP." + echo -e "" + echo -e " -p, --indexer-password " + echo -e " Specifies the Wazuh indexer admin user password." + echo -e "" + echo -e " -P, --priority " + echo -e " Specifies the policy's priority." + echo -e "" + echo -e " -s, --min-shard-size " + echo -e " Set the minimum shard size in GB. By default 25." + echo -e "" + echo -e " -v, --verbose" + echo -e " Set verbose mode. Prints more information." + echo -e "" + return 1 +} + +######################################################################### +# Main function. +######################################################################### +function main() { + # The list should contain every alias which indices implement the + # rollover policy + aliases=("wazuh-alerts" "wazuh-archives") + + while [ -n "${1}" ]; do + case "${1}" in + "-a" | "--min-index-age") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing after -a|--min-index-age" + show_help + else + MIN_INDEX_AGE="${2}" + shift 2 + fi + ;; + "-d" | "--min-doc-count") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing after -d|--min-doc-count" + show_help + else + MIN_DOC_COUNT="${2}" + shift 2 + fi + ;; + "-h" | "--help") + show_help + ;; + "-i" | "--indexer-hostname") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing after -i|--indexer-hostname" + show_help + else + INDEXER_HOSTNAME="${2}" + INDEXER_URL="https://${INDEXER_HOSTNAME}:9200" + shift 2 + fi + ;; + "-p" | "--indexer-password") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing after -p|--indexer-password" + show_help + else + INDEXER_PASSWORD="${2}" + C_AUTH="-u admin:${INDEXER_PASSWORD}" + shift 2 + fi + ;; + "-s" | "--min-shard-size") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing after -s|--min-shard-size" + show_help + else + MIN_SHARD_SIZE="${2}" + shift 2 + fi + ;; + "-P" | "--priority") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing after -P|--priority" + show_help + else + ISM_PRIORITY="${2}" + shift 2 + fi + ;; + "-t" | "--template") + if [ -z "${2}" ]; then + echo "Error on arguments. Probably missing