diff --git a/security/wazuh-agent/Makefile b/security/wazuh-agent/Makefile index 9a81020fe9a5..7fce39e00bf9 100644 --- a/security/wazuh-agent/Makefile +++ b/security/wazuh-agent/Makefile @@ -1,227 +1,227 @@ PORTNAME= wazuh DISTVERSION= 4.14.1 DISTVERSIONPREFIX= v -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources PKGNAMESUFFIX= -agent DISTFILES= ${EXTERNAL_DISTFILES} DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= acm@FreeBSD.org COMMENT= Security tool to monitor and check logs and intrusions (agent) WWW= https://github.com/wazuh/wazuh LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libnghttp2.so:www/libnghttp2 USES= cmake:indirect cpe gmake perl5 readline shebangfix sqlite:3 uidfix USE_GITHUB= yes GH_TUPLE= alonsobsd:wazuh-freebsd:${WAZUH_EXTRAFILE_TAGNAME}:wazuh USE_RC_SUBR= ${PORTNAME}${PKGNAMESUFFIX} MAKE_ARGS+= TARGET=agent WAZUH_EXTRAFILE= alonsobsd-${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME}_GH0${EXTRACT_SUFX} -WAZUH_EXTRAFILE_TAGNAME=2f1307c +WAZUH_EXTRAFILE_TAGNAME=830a911 EXTERNAL_DISTFILES= cJSON.tar.gz:wazuh_sources \ curl.tar.gz:wazuh_sources \ libdb.tar.gz:wazuh_sources \ libffi.tar.gz:wazuh_sources \ libyaml.tar.gz:wazuh_sources \ openssl.tar.gz:wazuh_sources \ procps.tar.gz:wazuh_sources \ sqlite.tar.gz:wazuh_sources \ zlib.tar.gz:wazuh_sources \ audit-userspace.tar.gz:wazuh_sources \ msgpack.tar.gz:wazuh_sources \ bzip2.tar.gz:wazuh_sources \ nlohmann.tar.gz:wazuh_sources \ googletest.tar.gz:wazuh_sources \ libpcre2.tar.gz:wazuh_sources \ libplist.tar.gz:wazuh_sources \ libarchive.tar.gz:wazuh_sources \ popt.tar.gz:wazuh_sources OPTIONS_DEFAULT= INOTIFY OPTIONS_DEFINE= INOTIFY PRELUDE ZEROMQ INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq INOTIFY_DESC= Kevent based real time monitoring PRELUDE_DESC= Sensor support from Prelude SIEM ZEROMQ_DESC= ZeroMQ support ZEROMQ_MAKE_ENV= USE_ZEROMQ=yes PRELUDE_MAKE_ENV= USE_PRELUDE=yes INOTIFY_MAKE_ENV= USE_INOTIFY=yes INOTIFY_USES= pkgconfig WAZUH_USER= wazuh WAZUH_GROUP= wazuh USERS= ${WAZUH_USER} GROUPS= ${WAZUH_GROUP} CONFLICTS= ossec-* wazuh-manager SUB_FILES= pkg-message WZBIN_FILES= agent-auth manage_agents wazuh-agentd wazuh-execd wazuh-logcollector \ wazuh-modulesd WZARBIN_FILES= default-firewall-drop pf npf ipfw firewalld-drop disable-account \ host-deny ip-customblock restart-wazuh route-null kaspersky wazuh-slack WAZUHMOD750= / /logs/wazuh /bin /lib /queue /queue/diff /queue/logcollector \ /queue/syscollector /queue/syscollector/db /ruleset /ruleset/sca /wodles \ /active-response /active-response/bin /agentless /var /backup \ /wodles/aws /wodles/azure /wodles/docker /wodles/gcloud \ /wodles/gcloud/buckets /wodles/gcloud/pubsub WAZUHMOD770= /etc/shared/default /logs /queue/alerts /queue/fim \ /queue/fim/db /queue/rids /queue/sockets /etc /etc/shared \ /var/run /var/upgrade /var/selinux /var/wodles /var/incoming WAZUHPREFIX= /var/ossec .include .if ${ARCH} == powerpc64 MAKE_ENV+= OSSL_TARGET=BSD-ppc64 .elif ${ARCH} == powerpc64le MAKE_ENV+= OSSL_TARGET=BSD-ppc64le .elif ${ARCH} == riscv64 MAKE_ENV+= OSSL_TARGET=BSD-riscv64 .endif .include .if ${OSVERSION} >= 1300139 && ${OSVERSION} < 1400000 FBSD_MAJOR_VERSION=13 .elif ${OSVERSION} >= 1400000 && ${OSVERSION} < 1500000 FBSD_MAJOR_VERSION=14 .elif ${OSVERSION} >= 1500000 && ${OSVERSION} < 1600000 FBSD_MAJOR_VERSION=15 .elif ${OSVERSION} >= 1600000 FBSD_MAJOR_VERSION=16 .else IGNORE= FreeBSD ${OSVERSION} ${ARCH} is not supported .endif post-extract: .for FILE in ${EXTERNAL_DISTFILES} @cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${FILE:S/:wazuh_sources//} ${EXTRACT_AFTER_ARGS} .endfor @${MKDIR} ${WRKSRC}/ruleset/sca/freebsd @cd ${WRKDIR} && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${WAZUH_EXTRAFILE} ${EXTRACT_AFTER_ARGS} @${MV} ${WRKDIR}/${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME} ${WRKDIR}/wazuh-freebsd @cd ${WRKDIR}/wazuh-freebsd/var/ossec/ruleset/sca && ${CP} *.yml ${WRKSRC}/ruleset/sca/freebsd/ post-patch: ${REINPLACE_CMD} -e 's|CC=|CC?=|g' -e 's|AR=|AR?=|g' ${WRKSRC}/src/external/bzip2/Makefile ${REINPLACE_CMD} -e 's|%%FBSD_MAJOR_VERSION%%|${FBSD_MAJOR_VERSION}|g' ${WRKSRC}/etc/ossec-agent.conf do-build: cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} ${MAKE_ARGS} do-install: ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/bin ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/lib ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/tmp .for DIRE in ${WAZUHMOD750} ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor .for DIRE in ${WAZUHMOD770} ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor .for FILE in ${WZBIN_FILES} ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/bin .endfor ${INSTALL_PROGRAM} ${WRKSRC}/src/syscheckd/build/bin/wazuh-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/init/wazuh-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/wazuh-control ${TOUCH} ${STAGEDIR}${WAZUHPREFIX}/etc/localtime ${INSTALL_DATA} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/syscollector/norm_config.json ${STAGEDIR}${WAZUHPREFIX}/queue/syscollector ${INSTALL_DATA} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf.sample ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys.sample ${INSTALL_DATA} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/ ${INSTALL_DATA} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/ .for FILE in ${WZARBIN_FILES} ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/active-response/bin .endfor ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-slack ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.py ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_PROGRAM} ${WRKSRC}/src/default-firewall-drop ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/firewall-drop ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/default ${INSTALL_SCRIPT} ${WRKSRC}/wodles/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/utils.py ${STAGEDIR}${WAZUHPREFIX}/wodles/utils.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/aws_s3.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3 ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/exceptions.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/exceptions.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/gcloud.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/integration.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/integration.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/tools.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/tools.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/bucket.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/bucket.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/access_logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/access_logs.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/pubsub/subscriber.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/pubsub/subscriber.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud ${INSTALL_SCRIPT} ${WRKSRC}/wodles/docker-listener/DockerListener.py ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure-logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs ${INSTALL_DATA} ${WRKSRC}/ruleset/sca/generic/sca_distro_independent_linux.yml ${STAGEDIR}${WAZUHPREFIX}/ruleset/sca/ ${INSTALL_LIB} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/libwazuhshared.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/dbsync/build/lib/libdbsync.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/rsync/build/lib/librsync.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/syscheckd/build/lib/libfimdb.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/wazuh_modules/syscollector/build/lib/libsyscollector.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/data_provider/build/lib/libsysinfo.so ${STAGEDIR}${WAZUHPREFIX}/lib ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/etc/templates ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/src cd ${WRKSRC}/etc/templates && ${COPYTREE_SHARE} config \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/etc/templates/ cd ${WRKSRC}/ruleset && ${COPYTREE_SHARE} sca \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ cd ${WRKSRC}/src && ${COPYTREE_SHARE} init \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/src/ ${INSTALL_SCRIPT} ${WRKSRC}/gen_ossec.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ ${INSTALL_SCRIPT} ${WRKSRC}/add_localfiles.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ ${INSTALL_DATA} ${WRKSRC}/VERSION.json ${STAGEDIR}${WAZUHPREFIX} .include diff --git a/security/wazuh-agent/distinfo b/security/wazuh-agent/distinfo index d937b05666dc..8033f494b83b 100644 --- a/security/wazuh-agent/distinfo +++ b/security/wazuh-agent/distinfo @@ -1,41 +1,41 @@ -TIMESTAMP = 1763764526 +TIMESTAMP = 1768122381 SHA256 (wazuh-4.14.1/cJSON.tar.gz) = da809f70b7d03ac529ae6223d4390bfa26cd29f8c32c8e8b3b631efa1667892d SIZE (wazuh-4.14.1/cJSON.tar.gz) = 27920 SHA256 (wazuh-4.14.1/curl.tar.gz) = 30cf7142e4282718ceb237e17b5cbf75afcd7c9f3880a039c5efea62db094709 SIZE (wazuh-4.14.1/curl.tar.gz) = 4537356 SHA256 (wazuh-4.14.1/libdb.tar.gz) = 7e9c44e8c7fdb186ff521a8d085b1bfa634d342dcc777ecea1fbf9a98ab5dc5e SIZE (wazuh-4.14.1/libdb.tar.gz) = 3874990 SHA256 (wazuh-4.14.1/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69 SIZE (wazuh-4.14.1/libffi.tar.gz) = 964576 SHA256 (wazuh-4.14.1/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a SIZE (wazuh-4.14.1/libyaml.tar.gz) = 424656 SHA256 (wazuh-4.14.1/openssl.tar.gz) = 0386fe3a0bf48bae2ca4d1742a53df9a8fcb1b73583ba22e8f8a7ddfa1375cd9 SIZE (wazuh-4.14.1/openssl.tar.gz) = 53793192 SHA256 (wazuh-4.14.1/procps.tar.gz) = 221f395e29d1bdbe4bacc9db39602eee0bae685a935437be0d7feb42e3192d07 SIZE (wazuh-4.14.1/procps.tar.gz) = 55897 SHA256 (wazuh-4.14.1/sqlite.tar.gz) = a81bff30bb4affd1b06a4983ff88ef827b4abaea3191b39aff7edb28d1ddd003 SIZE (wazuh-4.14.1/sqlite.tar.gz) = 2564870 SHA256 (wazuh-4.14.1/zlib.tar.gz) = b59d38149f0c29ec54d2766611ebc5a51a032bf9717e39a9af00fb6cb8532b8b SIZE (wazuh-4.14.1/zlib.tar.gz) = 1593304 SHA256 (wazuh-4.14.1/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434 SIZE (wazuh-4.14.1/audit-userspace.tar.gz) = 1682820 SHA256 (wazuh-4.14.1/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2 SIZE (wazuh-4.14.1/msgpack.tar.gz) = 591294 SHA256 (wazuh-4.14.1/bzip2.tar.gz) = 27688ee0316a64b39e511b2c224070cad97c394a5f711f9d055fc1809d895bcd SIZE (wazuh-4.14.1/bzip2.tar.gz) = 71277 SHA256 (wazuh-4.14.1/nlohmann.tar.gz) = 6e304c0942ac65f76f012a0ec64dde90e00273b6cc5a498b37cfdd16155e08b0 SIZE (wazuh-4.14.1/nlohmann.tar.gz) = 141576 SHA256 (wazuh-4.14.1/googletest.tar.gz) = 8c1e8a0a7f221c2125e99e6acb709da2ba472476b4d057c58de504bebf38d417 SIZE (wazuh-4.14.1/googletest.tar.gz) = 885874 SHA256 (wazuh-4.14.1/libpcre2.tar.gz) = 5a80d654d7d14b3db9fa3a49d7bf44a498683b46784a88cec514a8b194767b92 SIZE (wazuh-4.14.1/libpcre2.tar.gz) = 1329651 SHA256 (wazuh-4.14.1/libplist.tar.gz) = 88278d4bdfc1bd6a3a1a55a4f3d933683d2732ba09cf7a749fe8ec8eec406e3c SIZE (wazuh-4.14.1/libplist.tar.gz) = 1520623 SHA256 (wazuh-4.14.1/libarchive.tar.gz) = 540ff4a55defa75778a2c40567a830648ce5367b8aea123366874d96b734ef80 SIZE (wazuh-4.14.1/libarchive.tar.gz) = 2360242 SHA256 (wazuh-4.14.1/popt.tar.gz) = d6880a06622ca32dc4aa39ad5dcf7bef2faa81bd931afbe64ba434ad8fee1daa SIZE (wazuh-4.14.1/popt.tar.gz) = 891309 SHA256 (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed SIZE (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = 19810038 -SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = a955c569217122779ab5b6b58bdfabbfa1cd452b4719cc35c791f7047b1f364f -SIZE (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = 221983 +SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-830a911_GH0.tar.gz) = 4babef38a076f8be886d7190e18f6432f72671753ec96aaedc7e8d25b5c90259 +SIZE (wazuh-4.14.1/alonsobsd-wazuh-freebsd-830a911_GH0.tar.gz) = 221974 diff --git a/security/wazuh-agent/files/patch-etc_ossec-agent.conf b/security/wazuh-agent/files/patch-etc_ossec-agent.conf index a51c1b8f6039..584f94c64e36 100644 --- a/security/wazuh-agent/files/patch-etc_ossec-agent.conf +++ b/security/wazuh-agent/files/patch-etc_ossec-agent.conf @@ -1,59 +1,59 @@ ---- etc/ossec-agent.conf 2024-05-10 13:50:56.929321000 -0700 -+++ etc/ossec-agent.conf 2024-05-10 14:08:22.272131000 -0700 +--- etc/ossec-agent.conf 2025-11-07 00:46:03.000000000 -0800 ++++ etc/ossec-agent.conf 2026-01-11 01:07:20.394414000 -0800 @@ -8,8 +8,10 @@
IP
+ 1514 -+ udp ++ tcp - debian, debian8 + freebsd, freebsd%%FBSD_MAJOR_VERSION%% aes @@ -32,7 +34,7 @@ /var/ossec/etc/shared/system_audit_rcl.txt /var/ossec/etc/shared/system_audit_ssh.txt - /var/ossec/etc/shared/cis_debian_linux_rcl.txt + /var/ossec/etc/shared/cis_freebsd%%FBSD_MAJOR_VERSION%%.yml yes @@ -135,10 +137,25 @@ syslog - /var/log/syslog + /var/log/cron + syslog + /var/log/daemon.log + + + + syslog + /var/log/debug.log + + + + syslog + /var/log/userlog + + + command df -P 360 @@ -146,7 +163,7 @@ full_command - netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort + (netstat -n -f inet && netstat -n -f inet) | grep -e "udp" -e "tcp" | sed 's/\([[:alnum:]]*\)\ *[[:digit:]]*\ *[[:digit:]]*\ *\([[:digit:]\.]*\)\.\([[:digit:]]*\)\ *\([[:digit:]\.]*\).*/\1 \2 == \3 == \4/' | sort -k4 -g | sed 's/ == \(.*\) ==/.\1/' 360