Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPECS for new SCA Alma Linux 8 #2283

Closed
72nomada opened this issue Jul 16, 2023 · 7 comments · Fixed by #2302
Closed

SPECS for new SCA Alma Linux 8 #2283

72nomada opened this issue Jul 16, 2023 · 7 comments · Fixed by #2302
Assignees
@DFolchA @mjcr99
Labels
level/subtask Task issue type/enhancement Enhancement issue

Comments

@72nomada
Copy link
Contributor

72nomada commented Jul 16, 2023
edited
Loading

Create SPECS as needed for a new OS SCA

PR - wazuh/wazuh#17790 Is ready to merge
Branch - https://github.com/wazuh/wazuh/tree/create-sca-policy-for-alma-linux-os-8

PLEASE confirm with @wazuh/threat-intel before merging.
@vikman90 vikman90 added level/subtask Task issue type/enhancement Enhancement issue labels Jul 17, 2023
@vikman90
Copy link
Member

vikman90 commented Jul 17, 2023
edited
Loading

This is a subtask of wazuh/wazuh#15463.

@wazuhci wazuhci moved this to Backlog in Release 4.5.1 Jul 17, 2023
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.5.1 Jul 18, 2023
@DFolchA
Copy link
Contributor

DFolchA commented Jul 19, 2023

Update: Testing

AGENT

[root@almalinux8 vagrant]# yum install https://s3.us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/test/4.5/rpm/var/wazuh-agent-4.5.1-0.0.0.alma8.x86_64.rpm -y
Last metadata expiration check: 2:45:21 ago on Wed 19 Jul 2023 12:20:57 PM UTC.
wazuh-agent-4.5.1-0.0.0.alma8.x86_64.rpm                                                                    612 kB/s | 8.8 MB     00:14    
Package wazuh-agent-4.5.1-0.0.0.alma8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@almalinux8 vagrant]# ls /var/ossec/ruleset/sca/
cis_alma_linux_8.yml

MANAGER

[root@almalinux8 vagrant]# yum install https://s3.us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/test/4.5/rpm/var/wazuh-manager-4.5.1-0.0.0.alma8.x86_64.rpm -y
Last metadata expiration check: 2:55:46 ago on Wed 19 Jul 2023 12:20:57 PM UTC.
wazuh-manager-4.5.1-0.0.0.alma8.x86_64.rpm                                                                  4.0 MB/s | 164 MB     00:41    
Dependencies resolved.
============================================================================================================================================
 Package                           Architecture               Version                                Repository                        Size
============================================================================================================================================
Installing:
 wazuh-manager                     x86_64                     4.5.1-0.0.0.alma8                      @commandline                     164 M

Transaction Summary
============================================================================================================================================
Install  1 Package

Total size: 164 M
Installed size: 598 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                    1/1 
  Running scriptlet: wazuh-manager-4.5.1-0.0.0.alma8.x86_64                                                                             1/1 
  Installing       : wazuh-manager-4.5.1-0.0.0.alma8.x86_64                                                                             1/1 
  Running scriptlet: wazuh-manager-4.5.1-0.0.0.alma8.x86_64                                                                             1/1 
  Verifying        : wazuh-manager-4.5.1-0.0.0.alma8.x86_64                                                                             1/1 

Installed:
  wazuh-manager-4.5.1-0.0.0.alma8.x86_64                                                                                                    

Complete!
[root@almalinux8 vagrant]# ls /var/ossec/ruleset/sca/
cis_alma_linux_8.yml                cis_iis_10.yml.disabled               cis_sqlserver_2014.yml.disabled
cis_amazon_linux_1.yml.disabled     cis_mongodb_36.yml.disabled           cis_sqlserver_2016.yml.disabled
cis_amazon_linux_2.yml.disabled     cis_mysql5-6_community.yml.disabled   cis_sqlserver_2017.yml.disabled
cis_apache_24.yml.disabled          cis_mysql5-6_enterprise.yml.disabled  cis_sqlserver_2019.yml.disabled
cis_apple_macOS_10.11.yml.disabled  cis_nginx_1.yml.disabled              cis_ubuntu14-04.yml.disabled
cis_apple_macOS_10.12.yml.disabled  cis_oracle_database_19c.yml.disabled  cis_ubuntu16-04.yml.disabled
cis_apple_macOS_10.13.yml.disabled  cis_postgre-sql-13.yml.disabled       cis_ubuntu18-04.yml.disabled
cis_apple_macOS_10.14.yml.disabled  cis_rhel5_linux.yml.disabled          cis_ubuntu20-04.yml.disabled
cis_apple_macOS_10.15.yml.disabled  cis_rhel6_linux.yml.disabled          cis_ubuntu22-04.yml.disabled
cis_apple_macOS_11.1.yml.disabled   cis_rhel7_linux.yml.disabled          cis_win10_enterprise.yml.disabled
cis_apple_macOS_12.0.yml.disabled   cis_rhel8_linux.yml.disabled          cis_win11_enterprise.yml.disabled
cis_centos6_linux.yml.disabled      cis_rhel9_linux.yml.disabled          cis_win2012r2.yml.disabled
cis_centos7_linux.yml.disabled      cis_sles11_linux.yml.disabled         cis_win2016.yml.disabled
cis_centos8_linux.yml.disabled      cis_sles12_linux.yml.disabled         cis_win2019.yml.disabled
cis_debian10.yml.disabled           cis_sles15_linux.yml.disabled         cis_win2022.yml.disabled
cis_debian7.yml.disabled            cis_solaris11.4.yml.disabled          sca_unix_audit.yml.disabled
cis_debian8.yml.disabled            cis_solaris11.yml.disabled            web_vulnerabilities.yml.disabled
cis_debian9.yml.disabled            cis_sqlserver_2012.yml.disabled

``

@DFolchA DFolchA mentioned this issue Jul 19, 2023
Merged
30 tasks
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.5.1 Jul 19, 2023
@wazuhci wazuhci moved this from Pending review to Done in Release 4.5.1 Jul 20, 2023
@vikman90 vikman90 reopened this Jul 20, 2023
@vikman90 vikman90 mentioned this issue Jul 20, 2023
Merged
30 tasks
@wazuhci wazuhci moved this from Done to Backlog in Release 4.5.1 Jul 20, 2023
@wazuhci wazuhci removed this from Release 4.5.1 Jul 20, 2023
@DFolchA DFolchA mentioned this issue Jul 20, 2023
Open
@vikman90
Copy link
Member

PR #2303 ready, blocked by wazuh/wazuh#17790.

@mjcr99 mjcr99 linked a pull request Jan 8, 2024 that will close this issue
Include SCA policy for Alma Linux 8 in SPECS #2302
Merged
30 tasks
@mjcr99 mjcr99 self-assigned this Jan 8, 2024
@mjcr99
Copy link
Member

mjcr99 commented Jan 8, 2024
edited
Loading

Issue updates

(08/01/2024) - Updated PR with the requested changes to add Almalinux 8 SCA files. The PR has been tested, the resulting packages contain the new files as expected:

Manager

Manager package build: https://ci.wazuh.info/job/Packages_builder/179409/

Package installation:

[root@almalinux8 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-manager-4.8.1-1.x86_64.rpm -y 
Failed to set locale, defaulting to C.UTF-8
AlmaLinux 8 - BaseOS                            3.1 MB/s | 4.0 MB     00:01    
AlmaLinux 8 - AppStream                         8.8 MB/s |  11 MB     00:01    
AlmaLinux 8 - Extras                             40 kB/s |  20 kB     00:00    
wazuh-manager-4.8.1-1.x86_64.rpm                 19 MB/s | 187 MB     00:09    
Dependencies resolved.
================================================================================
 Package              Architecture  Version           Repository           Size
================================================================================
Installing:
 wazuh-manager        x86_64        4.8.1-1           @commandline        187 M

Transaction Summary
================================================================================
Install  1 Package

Total size: 187 M
Installed size: 672 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-manager-4.8.1-1.x86_64                           1/1 
  Installing       : wazuh-manager-4.8.1-1.x86_64                           1/1 
  Running scriptlet: wazuh-manager-4.8.1-1.x86_64                           1/1 
  Verifying        : wazuh-manager-4.8.1-1.x86_64                           1/1 

Installed:
  wazuh-manager-4.8.1-1.x86_64                                                  

Complete!

SCA file found:

[root@almalinux8 vagrant]# ls /var/ossec/ruleset/sca
cis_alma_linux_8.yml                  cis_rhel5_linux.yml.disabled
cis_amazon_linux_1.yml.disabled       cis_rhel6_linux.yml.disabled
cis_amazon_linux_2.yml.disabled       cis_rhel7_linux.yml.disabled
cis_amazon_linux_2023.yml.disabled    cis_rhel8_linux.yml.disabled
cis_apache_24.yml.disabled            cis_rhel9_linux.yml.disabled
cis_apple_macOS_10.11.yml.disabled    cis_rocky_linux_8.yml.disabled
cis_apple_macOS_10.12.yml.disabled    cis_sles11_linux.yml.disabled
cis_apple_macOS_10.13.yml.disabled    cis_sles12_linux.yml.disabled
cis_apple_macOS_10.14.yml.disabled    cis_sles15_linux.yml.disabled
cis_apple_macOS_10.15.yml.disabled    cis_solaris11.4.yml.disabled
cis_apple_macOS_11.1.yml.disabled     cis_solaris11.yml.disabled
cis_apple_macOS_12.0.yml.disabled     cis_sqlserver_2012.yml.disabled
cis_apple_macOS_13.x.yml.disabled     cis_sqlserver_2014.yml.disabled
cis_apple_macOS_14.0.yml.disabled     cis_sqlserver_2016.yml.disabled
cis_centos6_linux.yml.disabled        cis_sqlserver_2017.yml.disabled
cis_centos7_linux.yml.disabled        cis_sqlserver_2019.yml.disabled
cis_centos8_linux.yml.disabled        cis_ubuntu14-04.yml.disabled
cis_debian10.yml.disabled             cis_ubuntu16-04.yml.disabled
cis_debian11.yml.disabled             cis_ubuntu18-04.yml.disabled
cis_debian12.yml.disabled             cis_ubuntu20-04.yml.disabled
cis_debian7.yml.disabled              cis_ubuntu22-04.yml.disabled
cis_debian8.yml.disabled              cis_win10_enterprise.yml.disabled
cis_debian9.yml.disabled              cis_win11_enterprise.yml.disabled
cis_iis_10.yml.disabled               cis_win2012r2.yml.disabled
cis_mongodb_36.yml.disabled           cis_win2016.yml.disabled
cis_mysql5-6_community.yml.disabled   cis_win2019.yml.disabled
cis_mysql5-6_enterprise.yml.disabled  cis_win2022.yml.disabled
cis_nginx_1.yml.disabled              sca_unix_audit.yml.disabled
cis_oracle_database_19c.yml.disabled  web_vulnerabilities.yml.disabled
cis_postgre-sql-13.yml.disabled
Agent

Agent package build: https://ci.wazuh.info/job/Packages_builder/179410

Package installation:

[root@almalinux8 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-agent-4.8.1-1.x86_64.rpm -y
Failed to set locale, defaulting to C.UTF-8
AlmaLinux 8 - BaseOS                            2.5 MB/s | 4.0 MB     00:01    
AlmaLinux 8 - AppStream                         8.9 MB/s |  11 MB     00:01    
AlmaLinux 8 - Extras                             35 kB/s |  20 kB     00:00    
wazuh-agent-4.8.1-1.x86_64.rpm                  4.1 MB/s | 9.3 MB     00:02    
Dependencies resolved.
================================================================================
 Package             Architecture   Version          Repository            Size
================================================================================
Installing:
 wazuh-agent         x86_64         4.8.1-1          @commandline         9.3 M

Transaction Summary
================================================================================
Install  1 Package

Total size: 9.3 M
Installed size: 28 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-agent-4.8.1-1.x86_64                             1/1 
  Installing       : wazuh-agent-4.8.1-1.x86_64                             1/1 
  Running scriptlet: wazuh-agent-4.8.1-1.x86_64                             1/1 
  Verifying        : wazuh-agent-4.8.1-1.x86_64                             1/1 

Installed:
  wazuh-agent-4.8.1-1.x86_64                                                    

Complete!

SCA file found:

[root@almalinux8 vagrant]# ls /var/ossec/ruleset/sca
cis_alma_linux_8.yml

(09/01/2024) - Addressed requested changes and removed code related to SysV, as it has nothing to do with the PR itself. This modification should be done in the work related to wazuh/wazuh#14888.

@ncvicchi
Copy link
Contributor

LGTM!

1 similar comment
@lchico
Copy link
Member

lchico commented Jan 10, 2024

LGTM!

@ooniagbi ooniagbi mentioned this issue Jan 11, 2024
Closed
18 tasks
@mjcr99 mjcr99 mentioned this issue Jan 11, 2024
Merged
30 tasks
@ncvicchi
Copy link
Contributor

Move ETA to give room for final reviewing

@ncvicchi ncvicchi reopened this Jan 12, 2024
@wazuhci wazuhci moved this to Done in Release 4.9.0 Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DFolchA DFolchA

@mjcr99 mjcr99

Labels
level/subtask Task issue type/enhancement Enhancement issue
Projects
No open projects
Release 4.9.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Include SCA policy for Alma Linux 8 in SPECS wazuh/wazuh-packages
6 participants
@vikman90 @DFolchA @lchico @72nomada @ncvicchi @mjcr99