From nobody Sun Jul 31 21:02:24 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LwtxF0SJDz4XR6L; Sun, 31 Jul 2022 21:02:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LwtxF07tnz3f5K; Sun, 31 Jul 2022 21:02:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659301345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aR5XTD9uV4wP/3NiMwmAo0xVdvH3P5nDvCwnnwRTtlo=; b=Wi5i78ahoqAz+uYdFhUm1gtNhhhvQarBPeglh+r+537d9RN22XrEvAI2EQxbPKzZEUhro+ oQZV3N/pqed/KncO7Gq8IzyqQmmZ1VUQhIcGIiXEIsfK2TCKuJZugToLOlDLVeVI9AOf0d /jcHYld/e6Iv22PgB8DCpdPmcwtzkeM0tI41tJOe8RcdOhJBM4LrqycjsEAj3qzOM+TTVY dtqxu+qYAfT6Mnv1PIIQnrx9embhUy4oG9ME8x2+5LMkL21ZLZ3rmRxdJBmlCqR6yP0Hik 88+GM4cw6+/hKPY6y/FPgUHfHFBUVRf9kRI/2X8QjZSmVzQRuTkV1B0tX2GEwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LwtxD6CSfz17Xk; Sun, 31 Jul 2022 21:02:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26VL2OdD029596; Sun, 31 Jul 2022 21:02:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26VL2OCe029595; Sun, 31 Jul 2022 21:02:24 GMT (envelope-from git) Date: Sun, 31 Jul 2022 21:02:24 GMT Message-Id: <202207312102.26VL2OCe029595@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Jose Alonso Cardenas Marquez Subject: git: f9711a59ffd8 - main - security/wazuh-agent: update to 4.3.6 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: acm X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f9711a59ffd87f7f283df30ec2e2bafb33a667bc Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659301345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aR5XTD9uV4wP/3NiMwmAo0xVdvH3P5nDvCwnnwRTtlo=; b=O1Mdh9+4wv0N7rZ15IjD7xP2a1CvFCwrkrzQdvggR6/azehGRBM+DAnN6WAjC8yqoudAbc qtFy9EuRUv4+KaMYW+spQOl+S8X9ALZ8dYJAV4xDm2dpB0CzqjpT5koeZKF++9SJnfzuYs JFLESnVW7FOD9VnoOO4pdlesMwZoHRcbC68XgQeE+y/FaLIjmcuwjs4beSbK5hk+2uA7Hj /lEUNo87B0TN6oQPSq1Rq38i/IFhCbQnS27DpNuhBgkKS8TynPnn4bi1l1lL1FjkltUPeS EMWzwLWnYHXl5Xe+3NnKQMpk02G+9x4lfgMbmfDOr1l+d3C0gI4z2Ec+xXoPVg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659301345; a=rsa-sha256; cv=none; b=PkHgmOKLWhido0tVYBdSExY7s9LkD+XtFNAME8DlaiboVCKl+wvbDqp3QzPGZJ18bDbsoz QNpVPb3h0rjpqkfxiah0zRsNb73ddUrN4Jhh9xqnj12ppOTUQuCzsdFM/PTxuZuVRrCL2v WXdsMPZKxaIjJPGVPgTzNUraQUwgEXiQYdqe+yIHCLepW7Je+uWQM5VkmfNaVxeWUnmO/p SsV2jFne5O+7DKFDlDICkZ+9uiWsi5hSZamMzcMgUQ3KDTP4MNHVfmrPRX/sqon3PUcGX3 GkXsbbmOUlxyhcYL6HxyBxdn5vOSv7QR5TRMk4FTZoPqc1M0jf2UadrCEs6gOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by acm: URL: https://cgit.FreeBSD.org/ports/commit/?id=f9711a59ffd87f7f283df30ec2e2bafb33a667bc commit f9711a59ffd87f7f283df30ec2e2bafb33a667bc Author: Jose Alonso Cardenas Marquez AuthorDate: 2022-07-31 20:59:44 +0000 Commit: Jose Alonso Cardenas Marquez CommitDate: 2022-07-31 21:01:49 +0000 security/wazuh-agent: update to 4.3.6 - Take maintership ChangeLog at: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html Approved by: maintainer via email --- security/wazuh-agent/Makefile | 237 ++++--- security/wazuh-agent/distinfo | 70 ++- security/wazuh-agent/files/patch-api_Makefile | 19 + .../wazuh-agent/files/patch-framework_Makefile | 21 + security/wazuh-agent/files/patch-src-Makefile | 76 +++ .../wazuh-agent/files/patch-tools-mitre_mitredb-py | 16 + security/wazuh-agent/files/pkg-message.in | 32 + security/wazuh-agent/files/wazuh-agent.in | 6 +- security/wazuh-agent/pkg-message | 7 - security/wazuh-agent/pkg-plist | 683 ++++++++++++++++++--- 10 files changed, 951 insertions(+), 216 deletions(-) diff --git a/security/wazuh-agent/Makefile b/security/wazuh-agent/Makefile index c3f747f5080a..c40bedff0efc 100644 --- a/security/wazuh-agent/Makefile +++ b/security/wazuh-agent/Makefile @@ -1,98 +1,189 @@ PORTNAME= wazuh +DISTVERSION= 4.3.6 DISTVERSIONPREFIX= v -DISTVERSION= 4.1.5 CATEGORIES= security -MASTER_SITES= https://packages.wazuh.com/deps/11/libraries/sources/ +MASTER_SITES= https://packages.wazuh.com/deps/16/libraries/sources/:wazuh_sources PKGNAMESUFFIX= -agent -DISTFILES= cJSON.tar.gz libplist.tar.gz curl.tar.gz libdb.tar.gz libffi.tar.gz \ - libyaml.tar.gz openssl.tar.gz procps.tar.gz sqlite.tar.gz zlib.tar.gz \ - audit-userspace.tar.gz msgpack.tar.gz bzip2.tar.gz libpcre2.tar.gz +DISTFILES= ${EXTERNAL_DISTFILES} DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} -MAINTAINER= m.muenz@gmail.com -COMMENT= Security tool to monitor and check logs and intrusions +MAINTAINER= acm@FreeBSD.org +COMMENT= Security tool to monitor and check logs and intrusions (agent) LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE -BROKEN_aarch64= fails to compile: rootcheck/os_string.c:188:20: use of undeclared identifier '__LDPGSZ' -BROKEN_i386= fails to build external OpenSSL dependency +BUILD_DEPENDS= cmake:devel/cmake \ + +USES= cpe gmake perl5 readline shebangfix sqlite:3 uidfix -USES= cpe gmake perl5 readline shebangfix uidfix USE_GITHUB= yes -USE_RC_SUBR= ${PORTNAME}-agent +USE_RC_SUBR= ${PORTNAME}${PKGNAMESUFFIX} + +MAKE_ARGS+= TARGET=agent + +EXTERNAL_DISTFILES= cJSON.tar.gz:wazuh_sources \ + curl.tar.gz:wazuh_sources \ + libdb.tar.gz:wazuh_sources \ + libffi.tar.gz:wazuh_sources \ + libyaml.tar.gz:wazuh_sources \ + openssl.tar.gz:wazuh_sources \ + procps.tar.gz:wazuh_sources \ + sqlite.tar.gz:wazuh_sources \ + zlib.tar.gz:wazuh_sources \ + audit-userspace.tar.gz:wazuh_sources \ + msgpack.tar.gz:wazuh_sources \ + bzip2.tar.gz:wazuh_sources \ + nlohmann.tar.gz:wazuh_sources \ + googletest.tar.gz:wazuh_sources \ + libpcre2.tar.gz:wazuh_sources \ + libplist.tar.gz:wazuh_sources \ + libarchive.tar.gz:wazuh_sources \ + popt.tar.gz:wazuh_sources + +OPTIONS_DEFINE= INOTIFY PRELUDE ZEROMQ + +INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify +PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude +ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq + +INOTIFY_DESC= Kevent based real time monitoring +PRELUDE_DESC= Sensor support from Prelude SIEM +ZEROMQ_DESC= ZeroMQ support + +ZEROMQ_MAKE_ENV= USE_ZEROMQ=yes +PRELUDE_MAKE_ENV= USE_PRELUDE=yes +INOTIFY_MAKE_ENV= USE_INOTIFY=yes +INOTIFY_USES= pkgconfig + +WAZUH_USER= wazuh +WAZUH_GROUP= wazuh +USERS= ${WAZUH_USER} +GROUPS= ${WAZUH_GROUP} + +CONFLICTS= ossec-* wazuh-manager +SUB_FILES= pkg-message + +WZBIN_FILES= agent-auth manage_agents wazuh-agentd wazuh-execd wazuh-logcollector \ + wazuh-modulesd wazuh-syscheckd + +WZARBIN_FILES= default-firewall-drop pf npf ipfw firewalld-drop disable-account \ + host-deny ip-customblock restart-wazuh route-null kaspersky wazuh-slack + +WAZUHMOD750= / /logs/wazuh /bin /lib /queue /queue/diff /queue/logcollector \ + /queue/syscollector /queue/syscollector/db /ruleset /ruleset/sca /wodles \ + /active-response /active-response/bin /agentless /var /backup \ + /wodles/aws /wodles/azure /wodles/docker /wodles/gcloud \ + /wodles/gcloud/buckets /wodles/gcloud/pubsub + +WAZUHMOD770= /etc/shared/default /logs /queue/alerts /queue/fim \ + /queue/fim/db /queue/rids /queue/sockets /etc /etc/shared \ + /var/run /var/upgrade /var/selinux /var/wodles /var/incoming -SHEBANG_FILES= ${WRKSRC}/contrib/util.sh \ - ${WRKSRC}/src/external/openssl/Configurations/unix-checker.pm \ - ${WRKSRC}/src/init/ossec-client.sh \ - ${WRKSRC}/wodles/oscap/oscap.py \ - ${WRKSRC}/active-response/*.sh +WAZUHPREFIX= /var/ossec -CONFLICTS_INSTALL= ossec +.include -USERS= ossec ossecm ossecr -GROUPS= ossec +post-extract: +.for FILE in ${EXTERNAL_DISTFILES} + @cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${FILE:S/:wazuh_sources//} ${EXTRACT_AFTER_ARGS} +.endfor -OSSEC_GROUP= ossec -OSSEC_USER= ossec +post-patch: + ${REINPLACE_CMD} -e 's|HOST_NAME_MAX|_POSIX_HOST_NAME_MAX|g' ${WRKSRC}/src/wazuh_modules/wm_database.c + ${REINPLACE_CMD} -e 's|CC=|CC?=|g' -e 's|AR=|AR?=|g' ${WRKSRC}/src/external/bzip2/Makefile + ${REINPLACE_CMD} '115d' ${WRKSRC}/src/wazuh_modules/syscollector/CMakeLists.txt -WAZUHMOD750= / /logs/ossec /bin /lib /queue /queue/diff /ruleset /ruleset/sca /wodles \ - /active-response /active-response/bin /agentless /var /backup /queue/rids \ - /wodles/oscap /wodles/oscap/content +do-build: + cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ + ${MAKE_CMD} ${MAKE_ARGS} -WAZUHMOD770= /logs /queue/alerts /queue/fim /queue/fim/db /queue/ossec /etc /etc/shared \ - /.ssh /var/run /var/upgrade /var/wodles /var/incoming /queue/ossec/fim \ - /queue/ossec/fim/db +do-install: + ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/bin + ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/lib + ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/tmp -WAZUHPREFIX= /var/ossec +.for DIRE in ${WAZUHMOD750} + ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}${DIRE} +.endfor -# extract all extra distfiles in src/external -post-extract: - @for file in ${DISTFILES}; do \ - if ! (cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/$$file ${EXTRACT_AFTER_ARGS}); \ - then \ - exit 1; \ - fi; \ - done +.for DIRE in ${WAZUHMOD770} + ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}${DIRE} +.endfor -do-build: - @cd ${WRKSRC}/src && ${GMAKE} TARGET=agent +.for FILE in ${WZBIN_FILES} + ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/bin +.endfor + ${INSTALL_SCRIPT} ${WRKSRC}/src/init/wazuh-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/wazuh-control + + ${TOUCH} ${STAGEDIR}${WAZUHPREFIX}/etc/localtime + + ${INSTALL_DATA} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc + ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/syscollector/norm_config.json ${STAGEDIR}${WAZUHPREFIX}/queue/syscollector + ${INSTALL_DATA} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf + + ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys + ${INSTALL_DATA} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/ + + ${INSTALL_DATA} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf -do-install: - @for mod750 in ${WAZUHMOD750}; do \ - ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}$$mod750; \ - done - - @for mod770 in ${WAZUHMOD770}; do \ - ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}$$mod770; \ - done - - ${MKDIR} -m 1770 ${STAGEDIR}${WAZUHPREFIX}/tmp - ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-logcollector ${STAGEDIR}${WAZUHPREFIX}/bin - ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin - ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-execd ${STAGEDIR}${WAZUHPREFIX}/bin - ${INSTALL_PROGRAM} ${WRKSRC}/src/manage_agents ${STAGEDIR}${WAZUHPREFIX}/bin - ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-modulesd ${STAGEDIR}${WAZUHPREFIX}/bin/ - ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-agentd ${STAGEDIR}${WAZUHPREFIX}/bin - ${INSTALL_PROGRAM} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib - ${INSTALL_PROGRAM} ${WRKSRC}/src/agent-auth ${STAGEDIR}${WAZUHPREFIX}/bin - ${CP} ${WRKSRC}/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/ - ${CP} ${WRKSRC}/active-response/firewalls/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/ - ${CP} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ - ${CP} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf - ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf - ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample - ${CP} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys - ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log - ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json - ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log - ${INSTALL_SCRIPT} ${WRKSRC}/contrib/util.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ - ${INSTALL_SCRIPT} ${WRKSRC}/src/init/ossec-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ossec-control ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/ - ${INSTALL_SCRIPT} ${WRKSRC}/src/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/ - ${INSTALL_SCRIPT} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/ - ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/oscap.py ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap - ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/template_*.xsl ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap -.include +.for FILE in ${WZARBIN_FILES} + ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/active-response/bin +.endfor + ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-slack ${STAGEDIR}${WAZUHPREFIX}/active-response/bin + + ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin + ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.py ${STAGEDIR}${WAZUHPREFIX}/active-response/bin + + ${INSTALL_PROGRAM} ${WRKSRC}/src/default-firewall-drop ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/firewall-drop + + ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared + + ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/default + + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/__init__.py + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/utils.py ${STAGEDIR}${WAZUHPREFIX}/wodles/utils.py + + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/aws_s3.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3.py + ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3 + + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/gcloud.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud.py + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/integration.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/integration.py + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/tools.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/tools.py + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/bucket.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/bucket.py + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/access_logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/access_logs.py + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/pubsub/subscriber.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/pubsub/subscriber.py + ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud + + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/docker-listener/DockerListener.py ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener.py + ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener + + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure-logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs.py + ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs + + ${FIND} ${WRKSRC}/ruleset/sca -type f -name "*.yml" -exec ${INSTALL_DATA} "{}" ${STAGEDIR}${WAZUHPREFIX}/ruleset/sca \; + + ${INSTALL_LIB} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib + ${INSTALL_LIB} ${WRKSRC}/src/libwazuhshared.so ${STAGEDIR}${WAZUHPREFIX}/lib + ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/dbsync/build/lib/libdbsync.so ${STAGEDIR}${WAZUHPREFIX}/lib + ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/rsync/build/lib/librsync.so ${STAGEDIR}${WAZUHPREFIX}/lib + ${INSTALL_LIB} ${WRKSRC}/src/wazuh_modules/syscollector/build/lib/libsyscollector.so ${STAGEDIR}${WAZUHPREFIX}/lib + ${INSTALL_LIB} ${WRKSRC}/src/data_provider/build/lib/libsysinfo.so ${STAGEDIR}${WAZUHPREFIX}/lib + + ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/etc/templates + ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/src + + cd ${WRKSRC}/etc/templates && ${COPYTREE_SHARE} config \ + ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/etc/templates/ + cd ${WRKSRC}/ruleset && ${COPYTREE_SHARE} sca \ + ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ + cd ${WRKSRC}/src && ${COPYTREE_SHARE} init \ + ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/src/ + + ${INSTALL_SCRIPT} ${WRKSRC}/gen_ossec.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ + ${INSTALL_SCRIPT} ${WRKSRC}/add_localfiles.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ + +.include diff --git a/security/wazuh-agent/distinfo b/security/wazuh-agent/distinfo index 43ec668c2489..c4a4ff18bcd8 100644 --- a/security/wazuh-agent/distinfo +++ b/security/wazuh-agent/distinfo @@ -1,31 +1,39 @@ -TIMESTAMP = 1620770195 -SHA256 (wazuh-4.1.5/cJSON.tar.gz) = 678d796318da57d5f38075e74bbb3b77375dc3f8bb49da341ad1b43c417e8cc1 -SIZE (wazuh-4.1.5/cJSON.tar.gz) = 27863 -SHA256 (wazuh-4.1.5/libplist.tar.gz) = 88278d4bdfc1bd6a3a1a55a4f3d933683d2732ba09cf7a749fe8ec8eec406e3c -SIZE (wazuh-4.1.5/libplist.tar.gz) = 1520623 -SHA256 (wazuh-4.1.5/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66 -SIZE (wazuh-4.1.5/curl.tar.gz) = 3692998 -SHA256 (wazuh-4.1.5/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b -SIZE (wazuh-4.1.5/libdb.tar.gz) = 4283467 -SHA256 (wazuh-4.1.5/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69 -SIZE (wazuh-4.1.5/libffi.tar.gz) = 964576 -SHA256 (wazuh-4.1.5/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a -SIZE (wazuh-4.1.5/libyaml.tar.gz) = 424656 -SHA256 (wazuh-4.1.5/openssl.tar.gz) = a88f46d7dd7b1a88db1faa94943911bf24a0081f90fd1a28bbf06ad54eeab013 -SIZE (wazuh-4.1.5/openssl.tar.gz) = 12936469 -SHA256 (wazuh-4.1.5/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2 -SIZE (wazuh-4.1.5/procps.tar.gz) = 55692 -SHA256 (wazuh-4.1.5/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2 -SIZE (wazuh-4.1.5/sqlite.tar.gz) = 1980218 -SHA256 (wazuh-4.1.5/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01 -SIZE (wazuh-4.1.5/zlib.tar.gz) = 643568 -SHA256 (wazuh-4.1.5/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434 -SIZE (wazuh-4.1.5/audit-userspace.tar.gz) = 1682820 -SHA256 (wazuh-4.1.5/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2 -SIZE (wazuh-4.1.5/msgpack.tar.gz) = 591294 -SHA256 (wazuh-4.1.5/bzip2.tar.gz) = 27688ee0316a64b39e511b2c224070cad97c394a5f711f9d055fc1809d895bcd -SIZE (wazuh-4.1.5/bzip2.tar.gz) = 71277 -SHA256 (wazuh-4.1.5/libpcre2.tar.gz) = d0bafc3579fa0af0a39951586edfa349e1f4be83d28bed86abe0a3fc4b34fcfa -SIZE (wazuh-4.1.5/libpcre2.tar.gz) = 1252173 -SHA256 (wazuh-4.1.5/wazuh-wazuh-v4.1.5_GH0.tar.gz) = 506161168fc4fdf45988c2e88f9938ac829bb79a441035c9061bf84173c6a179 -SIZE (wazuh-4.1.5/wazuh-wazuh-v4.1.5_GH0.tar.gz) = 18380705 +TIMESTAMP = 1659299134 +SHA256 (wazuh-4.3.6/cJSON.tar.gz) = 678d796318da57d5f38075e74bbb3b77375dc3f8bb49da341ad1b43c417e8cc1 +SIZE (wazuh-4.3.6/cJSON.tar.gz) = 27863 +SHA256 (wazuh-4.3.6/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66 +SIZE (wazuh-4.3.6/curl.tar.gz) = 3692998 +SHA256 (wazuh-4.3.6/libdb.tar.gz) = 7e9c44e8c7fdb186ff521a8d085b1bfa634d342dcc777ecea1fbf9a98ab5dc5e +SIZE (wazuh-4.3.6/libdb.tar.gz) = 3874990 +SHA256 (wazuh-4.3.6/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69 +SIZE (wazuh-4.3.6/libffi.tar.gz) = 964576 +SHA256 (wazuh-4.3.6/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a +SIZE (wazuh-4.3.6/libyaml.tar.gz) = 424656 +SHA256 (wazuh-4.3.6/openssl.tar.gz) = cdd47d1de792c94eef02344a768afee151c16f5fb92582ba3b97168a7b65ffc0 +SIZE (wazuh-4.3.6/openssl.tar.gz) = 10162682 +SHA256 (wazuh-4.3.6/procps.tar.gz) = 221f395e29d1bdbe4bacc9db39602eee0bae685a935437be0d7feb42e3192d07 +SIZE (wazuh-4.3.6/procps.tar.gz) = 55897 +SHA256 (wazuh-4.3.6/sqlite.tar.gz) = e68521637d9e4e60115707cd7f35275a92ce6d0fc1ff04e22d7bbf0c393f8ff1 +SIZE (wazuh-4.3.6/sqlite.tar.gz) = 2296429 +SHA256 (wazuh-4.3.6/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01 +SIZE (wazuh-4.3.6/zlib.tar.gz) = 643568 +SHA256 (wazuh-4.3.6/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434 +SIZE (wazuh-4.3.6/audit-userspace.tar.gz) = 1682820 +SHA256 (wazuh-4.3.6/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2 +SIZE (wazuh-4.3.6/msgpack.tar.gz) = 591294 +SHA256 (wazuh-4.3.6/bzip2.tar.gz) = 27688ee0316a64b39e511b2c224070cad97c394a5f711f9d055fc1809d895bcd +SIZE (wazuh-4.3.6/bzip2.tar.gz) = 71277 +SHA256 (wazuh-4.3.6/nlohmann.tar.gz) = b5c3a99e9eb5331d958e2bdd3a6283c4b9ea7ad674dd4669ee26d5c5eef845fe +SIZE (wazuh-4.3.6/nlohmann.tar.gz) = 134429 +SHA256 (wazuh-4.3.6/googletest.tar.gz) = 8c1e8a0a7f221c2125e99e6acb709da2ba472476b4d057c58de504bebf38d417 +SIZE (wazuh-4.3.6/googletest.tar.gz) = 885874 +SHA256 (wazuh-4.3.6/libpcre2.tar.gz) = d0bafc3579fa0af0a39951586edfa349e1f4be83d28bed86abe0a3fc4b34fcfa +SIZE (wazuh-4.3.6/libpcre2.tar.gz) = 1252173 +SHA256 (wazuh-4.3.6/libplist.tar.gz) = 88278d4bdfc1bd6a3a1a55a4f3d933683d2732ba09cf7a749fe8ec8eec406e3c +SIZE (wazuh-4.3.6/libplist.tar.gz) = 1520623 +SHA256 (wazuh-4.3.6/libarchive.tar.gz) = f863f382ead9f61abc560ff0ead0be3aa9e95b6f8c62756e1f034f4c2386ba79 +SIZE (wazuh-4.3.6/libarchive.tar.gz) = 7040169 +SHA256 (wazuh-4.3.6/popt.tar.gz) = d6880a06622ca32dc4aa39ad5dcf7bef2faa81bd931afbe64ba434ad8fee1daa +SIZE (wazuh-4.3.6/popt.tar.gz) = 891309 +SHA256 (wazuh-4.3.6/wazuh-wazuh-v4.3.6_GH0.tar.gz) = 81b7d549b5956e59ba2ded9f1305cfda57377858a8560891573a27b9139d2472 +SIZE (wazuh-4.3.6/wazuh-wazuh-v4.3.6_GH0.tar.gz) = 8346134 diff --git a/security/wazuh-agent/files/patch-api_Makefile b/security/wazuh-agent/files/patch-api_Makefile new file mode 100644 index 000000000000..de54bfba725e --- /dev/null +++ b/security/wazuh-agent/files/patch-api_Makefile @@ -0,0 +1,19 @@ +--- api/Makefile 2022-07-26 15:51:47.002374000 -0500 ++++ api/Makefile 2022-07-26 15:52:25.960498000 -0500 +@@ -8,11 +8,11 @@ + INSTALLDIR ?= /var/ossec + + RM_FILE = rm -f +-INSTALL_DIR = install -o root -g ${WAZUH_GROUP} -m 0750 -d +-INSTALL_RW_DIR = install -o root -g ${WAZUH_GROUP} -m 0770 -d +-INSTALL_EXEC = install -o root -g ${WAZUH_GROUP} -m 0750 +-INSTALL_FILE = install -o root -g ${WAZUH_GROUP} -m 0640 +-INSTALL_CONFIG_FILE = install -o root -g ${WAZUH_GROUP} -m 0660 ++INSTALL_DIR = install -m 0750 -d ++INSTALL_RW_DIR = install -m 0770 -d ++INSTALL_EXEC = install -m 0750 ++INSTALL_FILE = install -m 0640 ++INSTALL_CONFIG_FILE = install -m 0660 + PYTHON_BIN = $(INSTALLDIR)/framework/python/bin/python3 + + diff --git a/security/wazuh-agent/files/patch-framework_Makefile b/security/wazuh-agent/files/patch-framework_Makefile new file mode 100644 index 000000000000..0a225f120456 --- /dev/null +++ b/security/wazuh-agent/files/patch-framework_Makefile @@ -0,0 +1,21 @@ +--- framework/Makefile 2022-07-26 15:50:26.898033000 -0500 ++++ framework/Makefile 2022-07-26 15:51:11.464092000 -0500 +@@ -7,13 +7,13 @@ + WAZUH_GROUP = wazuh + INSTALLDIR ?= /var/ossec + +-CC = gcc +-CFLAGS = -pipe -Wall -Wextra ++CC ?= gcc ++CFLAGS ?= -pipe -Wall -Wextra + THREAD_FLAGS = -pthread + RM_FILE = rm -f +-INSTALL_DIR = install -o root -g ${WAZUH_GROUP} -m 0750 -d +-INSTALL_EXEC = install -o root -g ${WAZUH_GROUP} -m 0750 +-INSTALL_FILE = install -o root -g ${WAZUH_GROUP} -m 0640 ++INSTALL_DIR = install -m 0750 -d ++INSTALL_EXEC = install -m 0750 ++INSTALL_FILE = install -m 0640 + + ifdef DEBUG + CFLAGS+=-g -I ../src diff --git a/security/wazuh-agent/files/patch-src-Makefile b/security/wazuh-agent/files/patch-src-Makefile new file mode 100644 index 000000000000..c778601ff76c --- /dev/null +++ b/security/wazuh-agent/files/patch-src-Makefile @@ -0,0 +1,76 @@ +--- src/Makefile 2022-07-15 04:10:46.000000000 -0500 ++++ src/Makefile 2022-07-29 01:20:22.816107000 -0500 +@@ -16,8 +16,10 @@ + uname_M := $(shell sh -c 'uname -m 2>/dev/null || echo not') + HAS_CHECKMODULE = $(shell command -v checkmodule > /dev/null && echo YES) + HAS_SEMODULE_PACKAGE = $(shell command -v semodule_package > /dev/null && echo YES) ++ifeq (${uname_S},Linux) + CHECK_ARCHLINUX := $(shell sh -c 'grep "Arch Linux" /etc/os-release > /dev/null && echo YES || echo not') + CHECK_CENTOS5 := $(shell sh -c 'grep "CentOS release 5." /etc/redhat-release > /dev/null && echo YES || echo not') ++endif + + ARCH_FLAGS = + +@@ -208,10 +210,10 @@ + ifeq (${uname_S},FreeBSD) + DEFINES+=-DFreeBSD + OSSEC_CFLAGS+=-pthread -I/usr/local/include +- OSSEC_LDFLAGS+=-pthread ++ OSSEC_LDFLAGS+=-pthread -lnghttp2 + OSSEC_LDFLAGS+=-L/usr/local/lib + OSSEC_LDFLAGS+='-Wl,-rpath,$$ORIGIN/../lib' +- AR_LDFLAGS+=-pthread ++ AR_LDFLAGS+=-pthread -lnghttp2 + AR_LDFLAGS+=-L/usr/local/lib + AR_LDFLAGS+='-Wl,-rpath,$$ORIGIN/../../lib' + PRECOMPILED_OS:=freebsd +@@ -812,6 +814,8 @@ + EXTERNAL_LIBS += $(LIBCURL_LIB) + else ifeq (${uname_S},Linux) + EXTERNAL_LIBS += $(LIBCURL_LIB) ++else ifeq (${uname_S},FreeBSD) ++ EXTERNAL_LIBS += $(LIBCURL_LIB) + else ifeq (${uname_S},Darwin) + EXTERNAL_LIBS += $(LIBCURL_LIB) + endif +@@ -2112,26 +2116,28 @@ + mkdir -p ${WPYTHON_DIR} + cp external/${WPYTHON_TAR} ${WPYTHON_DIR}/${WPYTHON_TAR} && ${TAR} ${WPYTHON_DIR}/${WPYTHON_TAR} -C ${WPYTHON_DIR} && rm -rf ${WPYTHON_DIR}/${WPYTHON_TAR} + endif +- find ${WPYTHON_DIR} -name "*${WLIBPYTHON}" -exec ln -f {} ${INSTALLDIR}/lib/${WLIBPYTHON} \; + ++ mkdir -p $(STAGEDIR)${INSTALLDIR}/lib ++ find $(STAGEDIR)${WPYTHON_DIR} -name "*${WLIBPYTHON}" -exec ln -f {} $(STAGEDIR)${INSTALLDIR}/lib/${WLIBPYTHON} \; ++ + python_dependencies := requirements.txt + +-install_dependencies: install_python ++install_dependencies: + ifneq (,$(wildcard ${EXTERNAL_CPYTHON})) +- ${WPYTHON_DIR}/bin/python3 -m pip install --upgrade pip --index-url=file://${ROUTE_PATH}/${EXTERNAL_CPYTHON}/Dependencies/simple +- LD_LIBRARY_PATH="${INSTALLDIR}/lib" LDFLAGS="-L${INSTALLDIR}/lib" ${WPYTHON_DIR}/bin/pip3 install -r ../framework/${python_dependencies} --index-url=file://${ROUTE_PATH}/${EXTERNAL_CPYTHON}/Dependencies/simple ++ $(STAGEDIR)${WPYTHON_DIR}/bin/python3 -B -m pip install --upgrade pip --prefix=${WPYTHON_DIR} --root=$(STAGEDIR) --no-index --find-links=wazuh-cache/ --cache-dir=wazuh-cache/ --no-compile ++ LD_LIBRARY_PATH="$(STAGEDIR)${INSTALLDIR}/lib" LDFLAGS="-L$(STAGEDIR)${INSTALLDIR}/lib" $(STAGEDIR)${WPYTHON_DIR}/bin/python3 -m pip install wazuh-cache-any/*.whl --root=$(STAGEDIR) --prefix=${WPYTHON_DIR} --no-deps --no-compile ++ LD_LIBRARY_PATH="$(STAGEDIR)${INSTALLDIR}/lib" LDFLAGS="-L$(STAGEDIR)${INSTALLDIR}/lib" $(STAGEDIR)${WPYTHON_DIR}/bin/python3 -m pip install wazuh-cache-${uname_M}/*.whl --root=$(STAGEDIR) --prefix=${WPYTHON_DIR} --no-deps --no-compile + endif + +-install_framework: install_python +- cd ../framework && ${WPYTHON_DIR}/bin/python3 setup.py clean --all install --prefix=${WPYTHON_DIR} --wazuh-version=$(shell cat VERSION) --install-type=${TARGET} +- chown -R root:${WAZUH_GROUP} ${WPYTHON_DIR} +- chmod -R o=- ${WPYTHON_DIR} ++install_framework: ++ cd ../framework && $(STAGEDIR)${WPYTHON_DIR}/bin/python3 -B setup.py clean --all install --prefix=${WPYTHON_DIR} --root=$(STAGEDIR) --wazuh-version=$(shell cat VERSION) --install-type=${TARGET} --no-compile ++ chmod -R o=- $(STAGEDIR)${WPYTHON_DIR} + +-install_api: install_python +- cd ../api && ${WPYTHON_DIR}/bin/python3 setup.py clean --all install --prefix=${WPYTHON_DIR} ++install_api: ++ cd ../api && $(STAGEDIR)${WPYTHON_DIR}/bin/python3 -B setup.py clean --all install --prefix=${WPYTHON_DIR} --root=$(STAGEDIR) --no-compile + +-install_mitre: install_python +- cd ../tools/mitre && ${WPYTHON_DIR}/bin/python3 mitredb.py -d ${INSTALLDIR}/var/db/mitre.db ++install_mitre: ++ cd ../tools/mitre && $(STAGEDIR)${WPYTHON_DIR}/bin/python3 mitredb.py -d $(STAGEDIR)${INSTALLDIR}/var/db/mitre.db + + + #################### diff --git a/security/wazuh-agent/files/patch-tools-mitre_mitredb-py b/security/wazuh-agent/files/patch-tools-mitre_mitredb-py new file mode 100644 index 000000000000..58c0b5aa4b92 --- /dev/null +++ b/security/wazuh-agent/files/patch-tools-mitre_mitredb-py @@ -0,0 +1,16 @@ +--- tools/mitre/mitredb.py 2022-07-26 14:50:02.401104000 -0500 ++++ tools/mitre/mitredb.py 2022-07-26 15:25:13.375626000 -0500 +@@ -763,13 +763,6 @@ + # Parse enterprise-attack.json file: + parse_json(pathfile, session, database) + +- # User and group permissions +- os.chmod(database, 0o660) +- uid = pwd.getpwnam("root").pw_uid +- gid = grp.getgrnam("wazuh").gr_gid +- os.chown(database, uid, gid) +- +- + if __name__ == '__main__': + parser = argparse.ArgumentParser(description='This script installs mitre.db in a directory.') + parser.add_argument('--database', '-d', help='-d /your/directory/mitre.db (default: /var/ossec/var/db/mitre.db') diff --git a/security/wazuh-agent/files/pkg-message.in b/security/wazuh-agent/files/pkg-message.in new file mode 100644 index 000000000000..046a60f40c6c --- /dev/null +++ b/security/wazuh-agent/files/pkg-message.in @@ -0,0 +1,32 @@ +[ +{ type: install + message: < /dev/null RETVAL=$? if [ $RETVAL -eq 0 ]; then @@ -40,7 +40,7 @@ wazuh_agent_start() { } wazuh_agent_stop() { - echo -n "Stopping Wazuh: " + echo -n "Stopping Wazuh Agent: " ${command} stop > /dev/null RETVAL=$? if [ $RETVAL -eq 0 ]; then diff --git a/security/wazuh-agent/pkg-message b/security/wazuh-agent/pkg-message deleted file mode 100644 index e15f1afce5dd..000000000000 --- a/security/wazuh-agent/pkg-message +++ /dev/null @@ -1,7 +0,0 @@ -************************************************************************************ -* * -* You must edit /var/ossec/etc/ossec.conf.sample for your setup, and * -* follow the other directions for wazuh client configuration at: * -* https://documentation.wazuh.com/3.12/user-manual/reference/ossec-conf/index.html * -* * -************************************************************************************ diff --git a/security/wazuh-agent/pkg-plist b/security/wazuh-agent/pkg-plist index 1a070d817003..344d8b37c28e 100644 --- a/security/wazuh-agent/pkg-plist +++ b/security/wazuh-agent/pkg-plist @@ -1,102 +1,581 @@ -@info(root,ossec,0750) /var/ossec/active-response/bin/default-firewall-drop.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/disable-account.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/firewalld-drop.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/host-deny.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/ip-customblock.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/ipfw.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/ipfw_mac.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/kaspersky.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/npf.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/ossec-slack.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/ossec-tweeter.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/pf.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/restart-ossec.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/restart.sh -@info(root,ossec,0750) /var/ossec/active-response/bin/route-null.sh -@info(root,ossec,0750) /var/ossec/agentless/main.exp -@info(root,ossec,0750) /var/ossec/agentless/register_host.sh -@info(root,ossec,0750) /var/ossec/agentless/ssh.exp -@info(root,ossec,0750) /var/ossec/agentless/ssh_asa-fwsmconfig_diff -@info(root,ossec,0750) /var/ossec/agentless/ssh_foundry_diff -@info(root,ossec,0750) /var/ossec/agentless/ssh_generic_diff -@info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_bsd -@info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_linux -@info(root,ossec,0750) /var/ossec/agentless/ssh_nopass.exp -@info(root,ossec,0750) /var/ossec/agentless/ssh_pixconfig_diff -@info(root,ossec,0750) /var/ossec/agentless/sshlogin.exp -@info(root,ossec,0750) /var/ossec/agentless/su.exp -@info(root,root,0750) /var/ossec/bin/agent-auth -@info(root,root,0750) /var/ossec/bin/manage_agents -@info(root,root,0750) /var/ossec/bin/ossec-agentd -@info(root,root,0750) /var/ossec/bin/ossec-control -@info(root,root,0750) /var/ossec/bin/ossec-execd -@info(root,root,0750) /var/ossec/bin/ossec-logcollector -@info(root,root,0750) /var/ossec/bin/ossec-syscheckd -@info(root,root,0750) /var/ossec/bin/util.sh -@info(root,root,0750) /var/ossec/bin/wazuh-modulesd -@info(root,ossec,0640) /var/ossec/etc/client.keys -@info(root,ossec,0640) /var/ossec/etc/internal_options.conf -@info(root,ossec,0640) /var/ossec/etc/local_internal_options.conf -@info(root,ossec,0640) /var/ossec/etc/ossec.conf.sample -@info(root,ossec,0640) /var/ossec/etc/ossec.conf -@info(root,ossec,0660) /var/ossec/etc/shared/cis_apache2224_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_debian_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_sles11_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_sles12_linux_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/rootkit_files.txt -@info(root,ossec,0660) /var/ossec/etc/shared/rootkit_trojans.txt -@info(root,ossec,0660) /var/ossec/etc/shared/system_audit_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/system_audit_ssh.txt -@info(root,ossec,0660) /var/ossec/etc/shared/win_applications_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/win_audit_rcl.txt -@info(root,ossec,0660) /var/ossec/etc/shared/win_malware_rcl.txt -@info(root,ossec,0640) /var/ossec/etc/wpk_root.pem -@info(root,ossec,0750) /var/ossec/lib/libwazuhext.so -@info(ossec,ossec,0666) /var/ossec/logs/active-responses.log -@info(ossec,ossec,0666) /var/ossec/logs/ossec.json -@info(ossec,ossec,0666) /var/ossec/logs/ossec.log -@info(root,ossec,0750) /var/ossec/wodles/oscap/oscap.py -@info(root,ossec,0750) /var/ossec/wodles/oscap/template_oval.xsl -@info(root,ossec,0750) /var/ossec/wodles/oscap/template_xccdf.xsl -@dir(root,ossec,0770) /var/ossec/.ssh -@dir(root,ossec,0750) /var/ossec/active-response/bin -@dir(root,ossec,0750) /var/ossec/active-response -@dir(root,ossec,0750) /var/ossec/agentless -@dir(root,ossec,0750) /var/ossec/backup -@dir(root,wheel,0750) /var/ossec/bin -@dir(root,ossec,0770) /var/ossec/etc/shared -@dir(ossec,ossec,0770) /var/ossec/etc -@dir(root,ossec,0750) /var/ossec/lib -@dir(ossec,ossec,0750) /var/ossec/logs/ossec -@dir(ossec,ossec,0770) /var/ossec/logs -@dir(ossec,ossec,0770) /var/ossec/queue/alerts -@dir(ossec,ossec,0750) /var/ossec/queue/diff -@dir(ossec,ossec,0770) /var/ossec/queue/fim/db -@dir(ossec,ossec,0770) /var/ossec/queue/fim -@dir(ossec,ossec,0770) /var/ossec/queue/ossec/fim/db -@dir(ossec,ossec,0770) /var/ossec/queue/ossec/fim -@dir(ossec,ossec,0770) /var/ossec/queue/ossec -@dir(ossec,ossec,0750) /var/ossec/queue/rids -@dir(root,ossec,0750) /var/ossec/queue -@dir(root,ossec,0750) /var/ossec/ruleset/sca -@dir(root,ossec,0750) /var/ossec/ruleset -@dir(root,ossec,1770) /var/ossec/tmp -@dir(root,ossec,0770) /var/ossec/var/incoming -@dir(root,ossec,0770) /var/ossec/var/run -@dir(root,ossec,0770) /var/ossec/var/upgrade -@dir(root,ossec,0770) /var/ossec/var/wodles -@dir(root,ossec,0750) /var/ossec/var -@dir(root,ossec,0750) /var/ossec/wodles/oscap/content -@dir(root,ossec,0750) /var/ossec/wodles/oscap -@dir(root,ossec,0750) /var/ossec/wodles -@dir(root,ossec,0750) /var/ossec +@mode 750 +@owner root +@group wazuh +/var/ossec/active-response/bin/default-firewall-drop +/var/ossec/active-response/bin/disable-account +/var/ossec/active-response/bin/firewall-drop +/var/ossec/active-response/bin/firewalld-drop +/var/ossec/active-response/bin/host-deny +/var/ossec/active-response/bin/ip-customblock +/var/ossec/active-response/bin/ipfw +/var/ossec/active-response/bin/kaspersky +/var/ossec/active-response/bin/kaspersky.py +/var/ossec/active-response/bin/npf +/var/ossec/active-response/bin/pf +/var/ossec/active-response/bin/restart-wazuh +/var/ossec/active-response/bin/restart.sh +/var/ossec/active-response/bin/route-null +/var/ossec/active-response/bin/wazuh-slack +@mode 750 +@owner root +@group wazuh +/var/ossec/agentless/main.exp +/var/ossec/agentless/register_host.sh +/var/ossec/agentless/ssh.exp +/var/ossec/agentless/ssh_asa-fwsmconfig_diff +/var/ossec/agentless/ssh_foundry_diff +/var/ossec/agentless/ssh_generic_diff +/var/ossec/agentless/ssh_integrity_check_bsd +/var/ossec/agentless/ssh_integrity_check_linux +/var/ossec/agentless/ssh_nopass.exp +/var/ossec/agentless/ssh_pixconfig_diff +/var/ossec/agentless/sshlogin.exp +/var/ossec/agentless/su.exp +/var/ossec/bin/agent-auth +/var/ossec/bin/manage_agents +/var/ossec/bin/wazuh-agentd +/var/ossec/bin/wazuh-control +/var/ossec/bin/wazuh-execd +/var/ossec/bin/wazuh-logcollector +/var/ossec/bin/wazuh-modulesd +/var/ossec/bin/wazuh-syscheckd +@mode 640 +@owner root +@group wazuh +/var/ossec/etc/client.keys +/var/ossec/etc/internal_options.conf +/var/ossec/etc/local_internal_options.conf +/var/ossec/etc/localtime +@mode 660 +@owner root +@group wazuh +/var/ossec/etc/ossec.conf +/var/ossec/etc/shared/cis_apache2224_rcl.txt +/var/ossec/etc/shared/cis_debian_linux_rcl.txt +/var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt +/var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt +/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt +/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt +/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt +/var/ossec/etc/shared/cis_rhel_linux_rcl.txt +/var/ossec/etc/shared/cis_sles11_linux_rcl.txt +/var/ossec/etc/shared/cis_sles12_linux_rcl.txt +/var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt +/var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt +/var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt +/var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt +/var/ossec/etc/shared/default/cis_apache2224_rcl.txt +/var/ossec/etc/shared/default/cis_debian_linux_rcl.txt +/var/ossec/etc/shared/default/cis_mysql5-6_community_rcl.txt +/var/ossec/etc/shared/default/cis_mysql5-6_enterprise_rcl.txt +/var/ossec/etc/shared/default/cis_rhel5_linux_rcl.txt +/var/ossec/etc/shared/default/cis_rhel6_linux_rcl.txt +/var/ossec/etc/shared/default/cis_rhel7_linux_rcl.txt +/var/ossec/etc/shared/default/cis_rhel_linux_rcl.txt +/var/ossec/etc/shared/default/cis_sles11_linux_rcl.txt +/var/ossec/etc/shared/default/cis_sles12_linux_rcl.txt +/var/ossec/etc/shared/default/cis_win2012r2_domainL1_rcl.txt +/var/ossec/etc/shared/default/cis_win2012r2_domainL2_rcl.txt +/var/ossec/etc/shared/default/cis_win2012r2_memberL1_rcl.txt +/var/ossec/etc/shared/default/cis_win2012r2_memberL2_rcl.txt +/var/ossec/etc/shared/default/rootkit_files.txt +/var/ossec/etc/shared/default/rootkit_trojans.txt +/var/ossec/etc/shared/default/system_audit_rcl.txt +/var/ossec/etc/shared/default/system_audit_ssh.txt +/var/ossec/etc/shared/default/win_applications_rcl.txt +/var/ossec/etc/shared/default/win_audit_rcl.txt +/var/ossec/etc/shared/default/win_malware_rcl.txt +/var/ossec/etc/shared/rootkit_files.txt +/var/ossec/etc/shared/rootkit_trojans.txt +/var/ossec/etc/shared/system_audit_rcl.txt +/var/ossec/etc/shared/system_audit_ssh.txt +/var/ossec/etc/shared/win_applications_rcl.txt +/var/ossec/etc/shared/win_audit_rcl.txt +/var/ossec/etc/shared/win_malware_rcl.txt +/var/ossec/etc/wpk_root.pem +@mode 750 +@owner root +@group wazuh +/var/ossec/lib/libdbsync.so +/var/ossec/lib/librsync.so +/var/ossec/lib/libsyscollector.so +/var/ossec/lib/libsysinfo.so +/var/ossec/lib/libwazuhext.so +/var/ossec/lib/libwazuhshared.so +@mode 660 +@owner root +@group wazuh +/var/ossec/packages_files/agent_installation_scripts/add_localfiles.sh +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/HP-UX/localfile-commands.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/HP-UX/wodle-syscollector.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/README.md +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/aix/localfile-commands.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/aix/wodle-syscollector.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/amzn/1/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/amzn/2/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/bsd/localfile-commands.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/bsd/wodle-syscollector.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/15/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/16/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/17/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/18/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/19/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/20/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/21/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/localfile-commands.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/sca.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/syscheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/syscheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin/wodle-syscollector.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/10/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/10/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/10/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/7/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/8/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/9/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/debian/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/29/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/30/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/31/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/32/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/33/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/34/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/fedora/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/alerts.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/ar-commands.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/ar-definitions.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/auth.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/cluster.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/global-ar.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/global.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/header-comments.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-commands.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/apache-logs.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/audit-logs.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/ossec-logs.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/pgsql-logs.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/snort-logs.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/syslog-logs.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/logging.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/osquery.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/remote-secure.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rule_test.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rules.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.manager.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/syscheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/syscheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-ciscat.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-syscollector.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-vulnerability-detector.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sunos/5/11.4/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sunos/5/11/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sunos/wodle-syscollector.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/12/04/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/14/04/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/16/04/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/18/04/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/20/04/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/22/04/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/rootcheck.agent.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/rootcheck.manager.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/ubuntu/sca.files +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/10/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2003/localfile-events.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2003/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2003/syscheck.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2008/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2008R2/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2012/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2012R2/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2016/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/2019/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/7/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/8.1/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/8/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/Vista/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/xp/localfile-events.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/xp/profile.template +/var/ossec/packages_files/agent_installation_scripts/etc/templates/config/windows/xp/syscheck.template +/var/ossec/packages_files/agent_installation_scripts/gen_ossec.sh +/var/ossec/packages_files/agent_installation_scripts/sca/amazon/cis_amazon_linux_1.yml +/var/ossec/packages_files/agent_installation_scripts/sca/amazon/cis_amazon_linux_2.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_apache_24.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_iis_10.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_mysql5-6_community.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_mysql5-6_enterprise.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_postgre-sql-13.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_sqlserver_2012.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_sqlserver_2014.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_sqlserver_2016.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_sqlserver_2017.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/cis_sqlserver_2019.yml +/var/ossec/packages_files/agent_installation_scripts/sca/applications/web_vulnerabilities.yml *** 310 LINES SKIPPED ***