diff --git a/security/wazuh-agent/Makefile b/security/wazuh-agent/Makefile index 40268cb0adb2..b3a01c28f3dc 100644 --- a/security/wazuh-agent/Makefile +++ b/security/wazuh-agent/Makefile @@ -1,227 +1,227 @@ PORTNAME= wazuh DISTVERSION= 4.14.1 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources PKGNAMESUFFIX= -agent DISTFILES= ${EXTERNAL_DISTFILES} DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= acm@FreeBSD.org COMMENT= Security tool to monitor and check logs and intrusions (agent) WWW= https://github.com/wazuh/wazuh LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libnghttp2.so:www/libnghttp2 USES= cmake:indirect cpe gmake perl5 readline shebangfix sqlite:3 uidfix USE_GITHUB= yes GH_TUPLE= alonsobsd:wazuh-freebsd:${WAZUH_EXTRAFILE_TAGNAME}:wazuh USE_RC_SUBR= ${PORTNAME}${PKGNAMESUFFIX} MAKE_ARGS+= TARGET=agent WAZUH_EXTRAFILE= alonsobsd-${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME}_GH0${EXTRACT_SUFX} WAZUH_EXTRAFILE_TAGNAME=2f1307c EXTERNAL_DISTFILES= cJSON.tar.gz:wazuh_sources \ curl.tar.gz:wazuh_sources \ libdb.tar.gz:wazuh_sources \ libffi.tar.gz:wazuh_sources \ libyaml.tar.gz:wazuh_sources \ openssl.tar.gz:wazuh_sources \ procps.tar.gz:wazuh_sources \ sqlite.tar.gz:wazuh_sources \ zlib.tar.gz:wazuh_sources \ audit-userspace.tar.gz:wazuh_sources \ msgpack.tar.gz:wazuh_sources \ bzip2.tar.gz:wazuh_sources \ nlohmann.tar.gz:wazuh_sources \ googletest.tar.gz:wazuh_sources \ libpcre2.tar.gz:wazuh_sources \ libplist.tar.gz:wazuh_sources \ libarchive.tar.gz:wazuh_sources \ popt.tar.gz:wazuh_sources OPTIONS_DEFAULT= INOTIFY OPTIONS_DEFINE= INOTIFY PRELUDE ZEROMQ INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq INOTIFY_DESC= Kevent based real time monitoring PRELUDE_DESC= Sensor support from Prelude SIEM ZEROMQ_DESC= ZeroMQ support ZEROMQ_MAKE_ENV= USE_ZEROMQ=yes PRELUDE_MAKE_ENV= USE_PRELUDE=yes INOTIFY_MAKE_ENV= USE_INOTIFY=yes INOTIFY_USES= pkgconfig WAZUH_USER= wazuh WAZUH_GROUP= wazuh USERS= ${WAZUH_USER} GROUPS= ${WAZUH_GROUP} CONFLICTS= ossec-* wazuh-manager SUB_FILES= pkg-message WZBIN_FILES= agent-auth manage_agents wazuh-agentd wazuh-execd wazuh-logcollector \ wazuh-modulesd WZARBIN_FILES= default-firewall-drop pf npf ipfw firewalld-drop disable-account \ host-deny ip-customblock restart-wazuh route-null kaspersky wazuh-slack WAZUHMOD750= / /logs/wazuh /bin /lib /queue /queue/diff /queue/logcollector \ /queue/syscollector /queue/syscollector/db /ruleset /ruleset/sca /wodles \ /active-response /active-response/bin /agentless /var /backup \ /wodles/aws /wodles/azure /wodles/docker /wodles/gcloud \ /wodles/gcloud/buckets /wodles/gcloud/pubsub WAZUHMOD770= /etc/shared/default /logs /queue/alerts /queue/fim \ /queue/fim/db /queue/rids /queue/sockets /etc /etc/shared \ /var/run /var/upgrade /var/selinux /var/wodles /var/incoming WAZUHPREFIX= /var/ossec .include .if ${ARCH} == powerpc64 MAKE_ENV+= OSSL_TARGET=BSD-ppc64 .elif ${ARCH} == powerpc64le MAKE_ENV+= OSSL_TARGET=BSD-ppc64le .elif ${ARCH} == riscv64 MAKE_ENV+= OSSL_TARGET=BSD-riscv64 .endif .include .if ${OSVERSION} >= 1300139 && ${OSVERSION} < 1400000 FBSD_MAJOR_VERSION=13 .elif ${OSVERSION} >= 1400000 && ${OSVERSION} < 1500000 FBSD_MAJOR_VERSION=14 .elif ${OSVERSION} >= 1500000 && ${OSVERSION} < 1600000 FBSD_MAJOR_VERSION=15 .elif ${OSVERSION} >= 1600000 FBSD_MAJOR_VERSION=16 .else IGNORE= FreeBSD ${OSVERSION} ${ARCH} is not supported .endif post-extract: .for FILE in ${EXTERNAL_DISTFILES} @cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${FILE:S/:wazuh_sources//} ${EXTRACT_AFTER_ARGS} .endfor @${MKDIR} ${WRKSRC}/ruleset/sca/freebsd @cd ${WRKDIR} && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${WAZUH_EXTRAFILE} ${EXTRACT_AFTER_ARGS} @${MV} ${WRKDIR}/${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME} ${WRKDIR}/wazuh-freebsd @cd ${WRKDIR}/wazuh-freebsd/var/ossec/ruleset/sca && ${CP} *.yml ${WRKSRC}/ruleset/sca/freebsd/ post-patch: ${REINPLACE_CMD} -e 's|CC=|CC?=|g' -e 's|AR=|AR?=|g' ${WRKSRC}/src/external/bzip2/Makefile ${REINPLACE_CMD} -e 's|%%FBSD_MAJOR_VERSION%%|${FBSD_MAJOR_VERSION}|g' ${WRKSRC}/etc/ossec-agent.conf do-build: cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} ${MAKE_ARGS} do-install: ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/bin ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/lib ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/tmp .for DIRE in ${WAZUHMOD750} ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor .for DIRE in ${WAZUHMOD770} ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor .for FILE in ${WZBIN_FILES} ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/bin .endfor ${INSTALL_PROGRAM} ${WRKSRC}/src/syscheckd/build/bin/wazuh-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/init/wazuh-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/wazuh-control ${TOUCH} ${STAGEDIR}${WAZUHPREFIX}/etc/localtime ${INSTALL_DATA} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/syscollector/norm_config.json ${STAGEDIR}${WAZUHPREFIX}/queue/syscollector ${INSTALL_DATA} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf.sample ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys.sample ${INSTALL_DATA} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/ ${INSTALL_DATA} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/ .for FILE in ${WZARBIN_FILES} ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/active-response/bin .endfor ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-slack ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.py ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_PROGRAM} ${WRKSRC}/src/default-firewall-drop ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/firewall-drop ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/default ${INSTALL_SCRIPT} ${WRKSRC}/wodles/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/utils.py ${STAGEDIR}${WAZUHPREFIX}/wodles/utils.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/aws_s3.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3 ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/exceptions.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/exceptions.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/gcloud.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/integration.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/integration.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/tools.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/tools.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/bucket.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/bucket.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/access_logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/access_logs.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/pubsub/subscriber.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/pubsub/subscriber.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud ${INSTALL_SCRIPT} ${WRKSRC}/wodles/docker-listener/DockerListener.py ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure-logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs ${INSTALL_DATA} ${WRKSRC}/ruleset/sca/generic/sca_distro_independent_linux.yml ${STAGEDIR}${WAZUHPREFIX}/ruleset/sca/ ${INSTALL_LIB} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/libwazuhshared.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/dbsync/build/lib/libdbsync.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/rsync/build/lib/librsync.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/syscheckd/build/lib/libfimdb.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/wazuh_modules/syscollector/build/lib/libsyscollector.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/data_provider/build/lib/libsysinfo.so ${STAGEDIR}${WAZUHPREFIX}/lib ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/etc/templates ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/src cd ${WRKSRC}/etc/templates && ${COPYTREE_SHARE} config \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/etc/templates/ cd ${WRKSRC}/ruleset && ${COPYTREE_SHARE} sca \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ cd ${WRKSRC}/src && ${COPYTREE_SHARE} init \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/src/ ${INSTALL_SCRIPT} ${WRKSRC}/gen_ossec.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ ${INSTALL_SCRIPT} ${WRKSRC}/add_localfiles.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/agent_installation_scripts/ ${INSTALL_DATA} ${WRKSRC}/VERSION.json ${STAGEDIR}${WAZUHPREFIX} .include diff --git a/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp index 7765db26eb93..58bb3ac01b91 100644 --- a/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp +++ b/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp @@ -1,389 +1,387 @@ ---- src/data_provider/src/sysInfoFreeBSD.cpp.orig 2025-12-29 18:29:38.128837000 -0400 -+++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-12-30 01:04:57.828191000 -0400 +--- src/data_provider/src/sysInfoFreeBSD.cpp 2025-11-07 00:46:03.000000000 -0800 ++++ src/data_provider/src/sysInfoFreeBSD.cpp 2026-01-01 13:18:42.411755000 -0800 @@ -11,20 +11,28 @@ #include "sysInfo.hpp" #include "cmdHelper.h" #include "stringHelper.h" +#include "timeHelper.h" #include "osinfo/sysOsParsers.h" +#include "sqliteWrapperTemp.h" +#include "filesystemHelper.h" #include #include #include #include "sharedDefs.h" +#include +const std::string PKG_DB_PATHNAME {"/var/db/pkg/local.sqlite"}; +const std::string PKG_QUERY {"SELECT p.name, p.maintainer, p.version, p.arch, p.comment, p.flatsize, p.time, v.annotation AS repository,p.origin FROM packages p LEFT JOIN (SELECT pa.package_id, pa.value_id FROM pkg_annotation pa JOIN annotation t ON t.annotation_id = pa.tag_id AND t.annotation = 'repository') pr ON pr.package_id = p.id LEFT JOIN annotation v ON v.annotation_id = pr.value_id;"}; + static void getMemory(nlohmann::json& info) { + constexpr auto vmFree{"vm.stats.vm.v_free_count"}; + constexpr auto vmInactive{"vm.stats.vm.v_inactive_count"}; constexpr auto vmPageSize{"vm.stats.vm.v_page_size"}; - constexpr auto vmTotal{"vm.vmtotal"}; + constexpr auto vmTotal{"hw.physmem"}; uint64_t ram{0}; - const std::vector mib{CTL_HW, HW_PHYSMEM}; size_t len{sizeof(ram)}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), &ram, &len, nullptr, 0)}; + auto ret{sysctlbyname(vmTotal, &ram, &len, nullptr, 0)}; if (ret) { @@ -52,11 +60,23 @@ }; } - struct vmtotal vmt {}; + uint64_t freeMem{0}; + len = sizeof(freeMem); + ret = sysctlbyname(vmFree, &freeMem, &len, nullptr, 0); - len = sizeof(vmt); + if (ret) + { + throw std::system_error + { + ret, + std::system_category(), + "Error reading free memory size." + }; + } - ret = sysctlbyname(vmTotal, &vmt, &len, nullptr, 0); + uint64_t inactiveMem{0}; + len = sizeof(inactiveMem); + ret = sysctlbyname(vmInactive, &inactiveMem, &len, nullptr, 0); if (ret) { @@ -64,11 +84,11 @@ { ret, std::system_category(), - "Error reading total memory." + "Error reading inactive memory size." }; } - const auto ramFree{(vmt.t_free * pageSize) / KByte}; + const auto ramFree{(freeMem + inactiveMem) * pageSize / KByte}; info["ram_free"] = ramFree; info["ram_usage"] = 100 - (100 * ramFree / ramTotal); } @@ -184,8 +204,12 @@ nlohmann::json SysInfo::getProcessesInfo() const { - // Currently not supported for this OS - return nlohmann::json {}; + nlohmann::json ret; + getProcessesInfo([&ret](nlohmann::json & data) + { + ret.push_back(data); + }); + return ret; } nlohmann::json SysInfo::getOsInfo() const @@ -196,11 +220,12 @@ if (!spParser->parseUname(Utils::exec("uname -r"), ret)) { - ret["os_name"] = "BSD"; ret["os_platform"] = "bsd"; ret["os_version"] = UNKNOWN_VALUE; } + ret["os_name"] = "FreeBSD"; + if (uname(&uts) >= 0) { ret["sysname"] = uts.sysname; -@@ -215,44 +240,257 @@ +@@ -215,43 +240,256 @@ nlohmann::json SysInfo::getPorts() const { - // Currently not supported for this OS. - return nlohmann::json {}; -} + nlohmann::json ports {}; + + /* USER COMMAND PID FD PROTO LOCAL_ADDRESS FOREIGN_ADDRESS PATH_STATE CONN_STATE */ + +#if __FreeBSD_version > 1500045 + const auto query{exec(R"(sockstat -46qs --libxo json)")}; -void SysInfo::getProcessesInfo(std::function /*callback*/) const -{ - // Currently not supported for this OS. --} + if (!query.empty()) + { + nlohmann::json portsjson; + portsjson = nlohmann::json::parse(query); + auto &portsResult = portsjson["sockstat"]["socket"]; - --void SysInfo::getPackages(std::function callback) const --{ -- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; ++ + for(auto &port : portsResult) { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - ++ + if (port["pid"] != nullptr) { + + localip = port["local"]["address"]; + remoteip = port["foreign"]["address"]; + statedata = port["conn-state"] != nullptr ? (port["conn-state"] == "LISTEN" ? "listening" : Utils::toLowerCase(port["conn-state"])) : statedata; + + if (port["local"]["address"] == "*") { + if ((port["proto"] == "udp4") || (port["proto"] == "tcp4")) { + localip = "0.0.0.0"; + } else { + localip = "::"; + } + } + + localport = port["local"]["port"]; + + if (port["foreign"]["address"] == "*") { + if ((port["proto"] == "udp4") || (port["proto"] == "tcp4")) { + remoteip = 0.0.0.0; + } else { + remoteip = "::"; + } + } + + remoteport = port["foreign"]["port"]; + + nlohmann::json portRecord {}; + + portRecord["protocol"] = port["proto"]; + portRecord["local_ip"] = localip; + portRecord["local_port"] = localport == "*" ? "0" : localport; + portRecord["remote_ip"] = remoteip; + portRecord["remote_port"] = remoteport == "*" ? "0" : remoteport; + portRecord["tx_queue"] = 0; + portRecord["rx_queue"] = 0; + portRecord["inode"] = port["fd"]; + portRecord["state"] = statedata == "??" ? "" : statedata; + portRecord["pid"] = port["pid"]; + portRecord["process"] = port["command"]; + + ports.push_back(portRecord); + } + } + } +#else + const auto query{Utils::exec(R"(sockstat -46qs)")}; + - if (!query.empty()) - { -- const auto lines{Utils::split(query, '\n')}; ++ if (!query.empty()) ++ { + const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')}; - ++ + std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)"); + - for (const auto& line : lines) - { -- const auto data{Utils::split(line, '|')}; -- nlohmann::json package; ++ for (const auto& line : lines) ++ { + std::smatch data; - -- package["name"] = data[0]; -- package["vendor"] = data[1]; -- package["version"] = data[2]; -- package["install_time"] = UNKNOWN_VALUE; -- package["location"] = UNKNOWN_VALUE; -- package["architecture"] = data[3]; -- package["groups"] = UNKNOWN_VALUE; -- package["description"] = data[4]; -- package["size"] = 0; -- package["priority"] = UNKNOWN_VALUE; -- package["source"] = UNKNOWN_VALUE; -- package["format"] = "pkg"; -- // The multiarch field won't have a default value ++ + if (std::regex_search(line, data, expression)) + { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - -- callback(package); ++ + auto localdata{Utils::split(data[6], ':')}; + auto remotedata{Utils::split(data[7], ':')}; + + if (data[8].matched ) { + statedata = data[8] == "LISTEN" ? "listening" : Utils::toLowerCase(data[8]); + } + + localport = localdata[localdata.size() - 1]; + localdata.pop_back(); + localip = Utils::join(localdata, ":"); + remoteport = remotedata[remotedata.size() - 1]; + remotedata.pop_back(); + remoteip = Utils::join(remotedata, ":"); + + if(localip == "*") { + if((data[5] == "tcp4") || (data[5] == "udp4")) { + localip = "0.0.0.0"; + } else { + localip = "::"; + } + } + + if(remoteip == "*") { + if((data[5] == "tcp4") || (data[5] == "udp4")) { + remoteip = "0.0.0.0"; + } else { + remoteip = "::"; + } + } + + if(data[0] != "?") { + nlohmann::json port {}; + + port["protocol"] = data[5]; + port["local_ip"] = localip; + port["local_port"] = localport == "*" ? "0" : localport; + port["remote_ip"] = remoteip; + port["remote_port"] = remoteport == "*" ? "0" : remoteport; + port["tx_queue"] = 0; + port["rx_queue"] = 0; + port["inode"] = data[4]; + port["state"] = statedata == "??" ? "" : statedata; + port["pid"] = data[3]; + port["process"] = data[2]; + + ports.push_back(port); + } + } + } + } +#endif + return ports; -+} -+ + } + +-void SysInfo::getPackages(std::function callback) const +void SysInfo::getProcessesInfo(std::function callback) const -+{ + { +- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; + const auto query{Utils::exec(R"(ps -ax -w -o pid,comm,state,ppid,usertime,systime,user,ruser,svuid,group,rgroup,svgid,pri,nice,ssiz,vsz,rss,pmem,etimes,sid,pgid,tpgid,tty,cpu,nlwp,args --libxo json)")}; -+ -+ if (!query.empty()) -+ { + + if (!query.empty()) + { +- const auto lines{Utils::split(query, '\n')}; + nlohmann::json psjson; + psjson = nlohmann::json::parse(query); + auto &processes = psjson["process-information"]["process"]; -+ + +- for (const auto& line : lines) + for(auto &process : processes) { + std::string user_time{""}; + std::string system_time{""}; + + user_time = process["user-time"].get(); + system_time = process["system-time"].get(); + + nlohmann::json jsProcessInfo{}; + jsProcessInfo["pid"] = process["pid"].get(); + jsProcessInfo["name"] = process["command"].get(); + jsProcessInfo["state"] = process["state"].get(); + jsProcessInfo["ppid"] = process["ppid"].get(); + jsProcessInfo["utime"] = Utils::timeToSeconds(user_time); + jsProcessInfo["stime"] = Utils::timeToSeconds(system_time); + jsProcessInfo["cmd"] = process["command"].get(); + jsProcessInfo["argvs"] = process["arguments"].get(); + jsProcessInfo["euser"] = process["user"].get(); + jsProcessInfo["ruser"] = process["real-user"].get(); + jsProcessInfo["suser"] = process["saved-uid"].get(); + jsProcessInfo["egroup"] = process["group"].get(); + jsProcessInfo["rgroup"] = process["real-group"].get(); + jsProcessInfo["sgroup"] = process["saved-gid"].get(); + jsProcessInfo["fgroup"] = process["group"].get(); + jsProcessInfo["priority"] = process["priority"].get(); + jsProcessInfo["nice"] = process["nice"].get(); + jsProcessInfo["size"] = process["stack-size"].get(); + jsProcessInfo["vm_size"] = process["virtual-size"].get(); + jsProcessInfo["resident"] = process["rss"].get(); + //jsProcessInfo["share"] = process["percent-memory"].get(); + jsProcessInfo["start_time"] = process["elapsed-times"].get() == "-" ? "0" : process["elapsed-times"].get(); + jsProcessInfo["pgrp"] = process["process-group"].get(); + jsProcessInfo["session"] = process["sid"].get(); + jsProcessInfo["tgid"] = process["terminal-process-gid"].get(); + //jsProcessInfo["tty"] = process["tty"].get(); // this field should be TEXT into local.db + jsProcessInfo["processor"] = process["on-cpu"].get(); + jsProcessInfo["nlwp"] = process["threads"].get(); + + callback(jsProcessInfo); + } + } +} + +void SysInfo::getPackages(std::function callback) const +{ + if (Utils::existsRegular(PKG_DB_PATHNAME)) + { + try -+ { -+ std::shared_ptr sqliteConnection = std::make_shared(PKG_DB_PATHNAME); -+ + { +- const auto data{Utils::split(line, '|')}; +- nlohmann::json package; ++ std::shared_ptr sqliteConnection = std::make_shared(PKG_DB_PATHNAME, SQLITE_OPEN_READONLY); + +- package["name"] = data[0]; +- package["vendor"] = data[1]; +- package["version"] = data[2]; +- package["install_time"] = UNKNOWN_VALUE; +- package["location"] = UNKNOWN_VALUE; +- package["architecture"] = data[3]; +- package["groups"] = UNKNOWN_VALUE; +- package["description"] = data[4]; +- package["size"] = 0; +- package["priority"] = UNKNOWN_VALUE; +- package["source"] = UNKNOWN_VALUE; +- package["format"] = "pkg"; +- // The multiarch field won't have a default value + SQLite::Statement stmt + { + sqliteConnection, + PKG_QUERY + }; -+ + +- callback(package); + while (SQLITE_ROW == stmt.step()) + { + try + { + auto pkg_name{ stmt.column(0) }; + auto pkg_maintainer{ stmt.column(1) }; + auto pkg_version{ stmt.column(2) }; + auto pkg_arch{ stmt.column(3) }; + auto pkg_comment{ stmt.column(4) }; + auto pkg_flatsize{ stmt.column(5) }; + auto pkg_time{ stmt.column(6) }; + auto pkg_repository{ stmt.column(7) }; + auto pkg_origin{ stmt.column(8) }; + + const auto archdata{Utils::split(pkg_arch->value(std::string{}), ':')}; + const auto sectiondata{Utils::split(pkg_origin->value(std::string{}), '/')}; + + nlohmann::json package; + + package["name"] = pkg_name->value(std::string{}); + package["vendor"] = pkg_maintainer->value(std::string{}); + package["version"] = pkg_version->value(std::string{}); + package["install_time"] = pkg_time->value(std::string{}); + package["location"] = UNKNOWN_VALUE; + package["architecture"] = archdata[2]; + package["groups"] = UNKNOWN_VALUE; + package["description"] = pkg_comment->value(std::string{}); + package["size"] = pkg_flatsize->value(uint64_t{}); + package["priority"] = UNKNOWN_VALUE; + package["source"] = pkg_repository->value(std::string{}); + package["section"] = sectiondata[0]; + package["format"] = "pkg"; + // The multiarch field won't have a default value + + callback(package); + } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; + } + } - } ++ } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; -+ } + } } } - diff --git a/security/wazuh-agent/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h b/security/wazuh-agent/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h new file mode 100644 index 000000000000..a6eeb2973d97 --- /dev/null +++ b/security/wazuh-agent/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h @@ -0,0 +1,34 @@ +--- src/shared_modules/utils/sqliteWrapperTemp.h 2025-11-07 00:46:03.000000000 -0800 ++++ src/shared_modules/utils/sqliteWrapperTemp.h 2026-01-01 13:52:11.656050000 -0800 +@@ -235,8 +235,8 @@ + public: + ~Connection() = default; + +- explicit Connection(const std::string& path) +- : m_db{ openSQLiteDb(path), [](sqlite3 * p) ++ explicit Connection(const std::string& path, const int flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE) ++ : m_db{ openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + } } +@@ -245,7 +245,10 @@ + + if (path.compare(DB_MEMORY) != 0) + { +- const auto result { chmod(path.c_str(), DB_PERMISSIONS) }; ++ const auto result = ++ (flags == SQLITE_OPEN_READONLY) ++ ? 0 ++ : chmod(path.c_str(), DB_PERMISSIONS); + + if (result != 0) + { +@@ -255,7 +258,7 @@ + }; + } + +- m_db.reset(openSQLiteDb(path, SQLITE_OPEN_READWRITE), [](sqlite3 * p) ++ m_db.reset(openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + }); diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile index 372e09d50a67..3d9d2e467c60 100644 --- a/security/wazuh-manager/Makefile +++ b/security/wazuh-manager/Makefile @@ -1,453 +1,455 @@ PORTNAME= wazuh DISTVERSIONPREFIX= v DISTVERSION= 4.14.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources \ LOCAL/acm/${PORTNAME}/:wazuh_cache PKGNAMESUFFIX= -manager DISTFILES= ${EXTERNAL_DISTFILES} \ ${PORTNAME}-cache-any-${DISTVERSION}${EXTRACT_SUFX}:wazuh_cache \ ${PORTNAME}-python-${DISTVERSION}${EXTRACT_SUFX}:wazuh_cache DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= acm@FreeBSD.org COMMENT= Security tool to monitor and check logs and intrusions (manager) WWW= https://wazuh.com/ LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE ONLY_FOR_ARCHS= aarch64 amd64 BUILD_DEPENDS= autoconf>=2.71:devel/autoconf \ bash>0:shells/bash \ cmake:devel/cmake-core LIB_DEPENDS+= libarrow.so:databases/arrow \ libcurl.so:ftp/curl \ libepoll-shim.so:devel/libepoll-shim \ libffi.so:devel/libffi \ libgdbm.so:databases/gdbm \ libnghttp2.so:www/libnghttp2 \ libopenblas.so:math/openblas RUN_DEPENDS= bash>0:shells/bash -USES= cpe gmake perl5 python:3.11 readline shebangfix sqlite:3 uidfix +USES= cpe dos2unix gmake perl5 python:3.11 readline shebangfix sqlite:3 uidfix USE_GITHUB= yes GH_TUPLE= alonsobsd:wazuh-freebsd:${WAZUH_EXTRAFILE_TAGNAME}:wazuh USE_RC_SUBR= ${PORTNAME}${PKGNAMESUFFIX} MAKE_ARGS+= TARGET=server INSTALLDIR=${WAZUHPREFIX} INSTALL_SHARED="${INSTALL_LIB}" PYTHON_SOURCE=yes OPTIMIZE_CPYTHON=no +DOS2UNIX_FILES= ${WRKSRC}/api/api/configuration/api.yaml + # WITH_CCACHE_BUILD= yes # CCACHE_DIR= /zdata/ccache WAZUH_CACHEFILE= ${PORTNAME}-cache-any-${DISTVERSION}${EXTRACT_SUFX} WAZUH_EXTRAFILE= alonsobsd-${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME}_GH0${EXTRACT_SUFX} WAZUH_EXTRAFILE_TAGNAME=2f1307c EXTERNAL_DISTFILES= audit-userspace.tar.gz:wazuh_sources \ benchmark.tar.gz:wazuh_sources \ bzip2.tar.gz:wazuh_sources \ cJSON.tar.gz:wazuh_sources \ cpp-httplib.tar.gz:wazuh_sources \ cpython-3.11.14.tar.gz:wazuh_cache \ curl.tar.gz:wazuh_sources \ flatbuffers.tar.gz:wazuh_sources \ googletest.tar.gz:wazuh_sources \ http-request-cd50797.tar.gz:wazuh_cache \ jemalloc.tar.gz:wazuh_sources \ libarchive.tar.gz:wazuh_sources \ libdb.tar.gz:wazuh_sources \ libffi.tar.gz:wazuh_sources \ libpcre2.tar.gz:wazuh_sources \ libplist.tar.gz:wazuh_sources \ libyaml.tar.gz:wazuh_sources \ lua.tar.gz:wazuh_sources \ lzma.tar.gz:wazuh_sources \ msgpack.tar.gz:wazuh_sources \ nlohmann.tar.gz:wazuh_cache \ openssl.tar.gz:wazuh_sources \ popt.tar.gz:wazuh_sources \ procps.tar.gz:wazuh_sources \ rocksdb.tar.gz:wazuh_sources \ simdjson.tar.gz:wazuh_sources \ sqlite.tar.gz:wazuh_sources \ zlib.tar.gz:wazuh_sources OPTIONS_DEFINE= INOTIFY PRELUDE ZEROMQ OPTIONS_GROUP_DATABASE= MYSQL PGSQL OPTIONS_GROUP= DATABASE INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq INOTIFY_DESC= Kevent based real time monitoring PRELUDE_DESC= Sensor support from Prelude SIEM ZEROMQ_DESC= ZeroMQ support ZEROMQ_MAKE_ENV= USE_ZEROMQ=yes PRELUDE_MAKE_ENV= USE_PRELUDE=yes INOTIFY_MAKE_ENV= USE_INOTIFY=yes INOTIFY_USES= pkgconfig PGSQL_MAKE_ARGS=DATABASE=pgsql PGSQL_USES= pgsql MYSQL_MAKE_ARGS=DATABASE=mysql MYSQL_USES= mysql WAZUH_USER= wazuh WAZUH_GROUP= wazuh USERS= ${WAZUH_USER} GROUPS= ${WAZUH_GROUP} SUB_FILES= pkg-message CONFLICTS= ossec-* wazuh-agent WZBIN_FILES= agent_control wazuh-logcollector wazuh-execd manage_agents wazuh-modulesd \ wazuh-agentlessd wazuh-analysisd wazuh-monitord wazuh-reportd wazuh-maild \ wazuh-logtest-legacy wazuh-csyslogd wazuh-dbd verify-agent-conf clear_stats \ wazuh-regex wazuh-integratord wazuh-db wazuh-remoted wazuh-authd wazuh-keystore WZARBIN_FILES= default-firewall-drop pf npf ipfw firewalld-drop disable-account \ host-deny ip-customblock restart-wazuh route-null kaspersky wazuh-slack WZSHEBANG_FILES=chardetect connexion cygdb cython cythonize f2py fixup_pubsub_v1_keywords.py \ httpx jp.py jsonschema normalizer openapi-spec-validator \ pyrsa-decrypt pyrsa-encrypt pyrsa-keygen pyrsa-priv2pub pyrsa-sign \ pyrsa-verify rstpep2html.py rst2s5.py rst2xetex.py rst2man.py rst2odt.py \ rst2latex.py rst2pseudoxml.py rst2odt_prepstyles.py rst2html.py rst2html5.py \ rst2html4.py rst2xml.py tabulate uvicorn wsdump.py WAZUHMOD660= /queue/indexer /queue/vd WAZUHMOD750= / /logs/wazuh /logs/archives /logs/alerts /logs/firewall \ /logs/api /logs/cluster /bin /lib /queue /queue/agentless \ /queue/db /queue/diff /queue/fts /queue/keystore /queue/logcollector \ /queue/syscollector /queue/syscollector/db /ruleset \ /ruleset/decoders /ruleset/rules /ruleset/sca /wodles \ /active-response /active-response/bin /agentless /var /backup \ /backup/db /backup/agents /backup/groups /backup/shared \ /wodles/aws /wodles/aws/buckets_s3 /wodles/aws/services /wodles/aws/subscribers \ /wodles/azure /wodles/azure/azure_services /wodles/azure/db \ /wodles/docker /wodles/gcloud /wodles/gcloud/buckets /wodles/gcloud/pubsub \ /stats /integrations WAZUHMOD770= /etc/decoders /etc/lists /etc/lists/amazon /etc/lists/malicious-ioc /etc/rootcheck \ /etc/rules /etc/shared/default /logs /queue/agent-groups \ /queue/alerts /queue/cluster /queue/fim /queue/fim/db \ /queue/rids /queue/sockets /queue/tasks /etc /etc/shared \ /.ssh /var/db /var/download /var/db/agents /var/run /var/upgrade \ /var/selinux /var/wodles /var/multigroups /queue/rids /queue/router WAZUHPREFIX= /var/ossec WZPYTHONWHEELS= cffi-1.15.1-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ cryptography-44.0.1-cp37-abi3-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ greenlet-2.0.2-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ grpcio-1.69.0-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ lazy_object_proxy-1.10.0-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ markupsafe-2.1.2-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ multidict-5.2.0-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ numpy-1.26.4-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ psutil-5.9.0-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ pyarrow-21.0.0-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ pyyaml-6.0.1-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ rpds_py-0.15.2-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl \ uvloop-0.17.0-cp311-cp311-${FBSD_VERSION_BASE}_${ARCH_BASE}.whl ARCH_BASE= ${ARCH:S/aarch64/arm64/g} UNAME_r= ${_OSRELEASE:tl} FBSD_RELEASE= freebsd_${UNAME_r:S/./_/g:S/-/_/g} .include .if ${ARCH} == "aarch64" && ${OSVERSION} < 1400000 IGNORE= FreeBSD ${OSVERSION} ${ARCH} is not supported .endif .if ${ARCH} == "aarch64" FBSD14_PATCH_LEVEL= _p5 .endif .if ${ARCH} != "aarch64" FBSD13_PATCH_LEVEL= _p6 FBSD14_PATCH_LEVEL= _p5 .endif .if ${OSVERSION} >= 1300139 && ${OSVERSION} < 1400000 FBSD_VERSION_BASE=freebsd_13_5_release${FBSD13_PATCH_LEVEL} FBSD_MAJOR_VERSION=13 WAZUH_CACHENAME=${PORTNAME}-cache-fbsd13-${ARCH}-${DISTVERSION} DISTFILES+= ${WAZUH_CACHENAME}${EXTRACT_SUFX}:wazuh_cache .elif ${OSVERSION} >= 1400000 && ${OSVERSION} < 1500000 FBSD_VERSION_BASE=freebsd_14_3_release${FBSD14_PATCH_LEVEL} FBSD_MAJOR_VERSION=14 WAZUH_CACHENAME=${PORTNAME}-cache-fbsd14-${ARCH}-${DISTVERSION} DISTFILES+= ${WAZUH_CACHENAME}${EXTRACT_SUFX}:wazuh_cache .elif ${OSVERSION} >= 1500000 && ${OSVERSION} < 1600000 FBSD_VERSION_BASE=freebsd_15_0_release FBSD_MAJOR_VERSION=15 WAZUH_CACHENAME=${PORTNAME}-cache-fbsd15-${ARCH}-${DISTVERSION} DISTFILES+= ${WAZUH_CACHENAME}${EXTRACT_SUFX}:wazuh_cache .elif ${OSVERSION} >= 1600000 FBSD_VERSION_BASE=freebsd_16_0_current FBSD_MAJOR_VERSION=16 WAZUH_CACHENAME=${PORTNAME}-cache-fbsd16-${ARCH}-${DISTVERSION} DISTFILES+= ${WAZUH_CACHENAME}${EXTRACT_SUFX}:wazuh_cache .else IGNORE= FreeBSD ${OSVERSION} ${ARCH} is not supported .endif post-extract: .for FILE in ${EXTERNAL_DISTFILES} .if ${FILE} == "http-request-cd50797.tar.gz:wazuh_cache" @cd ${WRKSRC}/src/shared_modules && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${FILE:S/:wazuh_cache//} ${EXTRACT_AFTER_ARGS} .else @cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${FILE:S/:wazuh_sources//:S/:wazuh_cache//} ${EXTRACT_AFTER_ARGS} .endif .endfor @cd ${WRKDIR} && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${WAZUH_EXTRAFILE} ${EXTRACT_AFTER_ARGS} @${MV} ${WRKDIR}/${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME} ${WRKDIR}/wazuh-freebsd @cd ${WRKSRC}/src && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${WAZUH_CACHEFILE} ${EXTRACT_AFTER_ARGS} @cd ${WRKSRC}/src && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${WAZUH_CACHENAME}${EXTRACT_SUFX} ${EXTRACT_AFTER_ARGS} @cd ${WRKSRC}/src && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${PORTNAME}-python-${DISTVERSION}${EXTRACT_SUFX} ${EXTRACT_AFTER_ARGS} . for FILE in ${WZPYTHONWHEELS} @${MV} ${WRKSRC}/src/wazuh-cache/${FILE} ${WRKSRC}/src/wazuh-cache/${FILE:S/${FBSD_VERSION_BASE}/${FBSD_RELEASE}/} . endfor @${RM} ${WRKSRC}/src/external/cpython/python ${WRKSRC}/src/external/cpython/libpython* ${WRKSRC}/src/external/cpython/Modules/*.o @${MKDIR} ${WRKSRC}/ruleset/sca/freebsd @cd ${WRKDIR}/wazuh-freebsd/var/ossec/ruleset/sca && ${CP} *.yml ${WRKSRC}/ruleset/sca/freebsd/ ${FIND} ${WRKSRC}/ruleset/sca -type f -name "*.yml" -exec ${MV} "{}" "{}.disabled" \; ${CP} ${FILESDIR}/pthreads_portable.c ${WRKSRC}/src/shared/ ${CP} ${FILESDIR}/pthreads_portable.h ${WRKSRC}/src/headers/ post-patch: ${REINPLACE_CMD} -e 's|CC=|CC?=|g' -e 's|AR=|AR?=|g' ${WRKSRC}/src/external/bzip2/Makefile ${REINPLACE_CMD} -e 's|^\( *MULTIARCH=\).*--print-multiarch.*|\1|' ${WRKSRC}/src/external/cpython/configure ${REINPLACE_CMD} -e 's|coroutine|coroutines|g' ${WRKSRC}/framework/wazuh/core/cluster/client.py \ ${WRKSRC}/framework/wazuh/rbac/decorators.py do-build: cd ${WRKSRC} && ${CC} ${CFLAGS} -o check_pid ${FILESDIR}/check_pid.c cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} ${MAKE_ARGS} do-install: ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/bin ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/lib ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/libexec ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/tmp ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/templates ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/.ssh .for DIRE in ${WAZUHMOD660} ${MKDIR} -m 0660 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor .for DIRE in ${WAZUHMOD750} ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor .for DIRE in ${WAZUHMOD770} ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}${DIRE} .endfor ${INSTALL_PROGRAM} ${WRKSRC}/check_pid ${STAGEDIR}${WAZUHPREFIX}/libexec/check_pid ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log .for FILE in ${WZBIN_FILES} ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/bin .endfor ${INSTALL_PROGRAM} ${WRKSRC}/src/syscheckd/build/bin/wazuh-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/init/wazuh-server.sh ${STAGEDIR}${WAZUHPREFIX}/bin/wazuh-control ${TOUCH} ${STAGEDIR}${WAZUHPREFIX}/etc/localtime ${INSTALL_DATA} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/syscollector/norm_config.json ${STAGEDIR}${WAZUHPREFIX}/queue/syscollector ${INSTALL_DATA} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf.sample ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys.sample ${INSTALL_DATA} ${WRKSRC}/etc/ossec-server.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/ .for FILE in ${WZARBIN_FILES} ${INSTALL_PROGRAM} ${WRKSRC}/src/${FILE} ${STAGEDIR}${WAZUHPREFIX}/active-response/bin .endfor ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/active-response/*.py ${STAGEDIR}${WAZUHPREFIX}/active-response/bin ${INSTALL_PROGRAM} ${WRKSRC}/src/default-firewall-drop ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/firewall-drop # Install rules files ${INSTALL_DATA} ${WRKSRC}/ruleset/rules/*.xml ${STAGEDIR}${WAZUHPREFIX}/ruleset/rules ${INSTALL_DATA} ${WRKDIR}/wazuh-freebsd/var/ossec/ruleset/rules/*.xml ${STAGEDIR}${WAZUHPREFIX}/ruleset/rules # Install decoders files ${INSTALL_DATA} ${WRKSRC}/ruleset/decoders/*.xml ${STAGEDIR}${WAZUHPREFIX}/ruleset/decoders ${INSTALL_DATA} ${WRKDIR}/wazuh-freebsd/var/ossec/ruleset/decoders/*.xml ${STAGEDIR}${WAZUHPREFIX}/ruleset/decoders ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/rootcheck ${INSTALL_DATA} ${WRKSRC}/etc/local_decoder.xml ${STAGEDIR}${WAZUHPREFIX}/etc/decoders/local_decoder.xml.sample ${INSTALL_DATA} ${WRKSRC}/etc/local_rules.xml ${STAGEDIR}${WAZUHPREFIX}/etc/rules/local_rules.xml.sample ${INSTALL_DATA} ${WRKSRC}/ruleset/lists/amazon/* ${STAGEDIR}${WAZUHPREFIX}/etc/lists/amazon/ ${INSTALL_DATA} ${WRKSRC}/ruleset/lists/malicious-ioc/* ${STAGEDIR}${WAZUHPREFIX}/etc/lists/malicious-ioc/ ${INSTALL_DATA} ${WRKSRC}/ruleset/lists/audit-keys ${STAGEDIR}${WAZUHPREFIX}/etc/lists/audit-keys ${INSTALL_DATA} ${WRKSRC}/ruleset/lists/security-eventchannel ${STAGEDIR}${WAZUHPREFIX}/etc/lists/security-eventchannel ${INSTALL_SCRIPT} ${WRKSRC}/integrations/maltiverse.py ${STAGEDIR}${WAZUHPREFIX}/integrations/maltiverse.py ${INSTALL_SCRIPT} ${WRKSRC}/integrations/pagerduty.py ${STAGEDIR}${WAZUHPREFIX}/integrations/pagerduty.py ${INSTALL_SCRIPT} ${WRKSRC}/integrations/slack.py ${STAGEDIR}${WAZUHPREFIX}/integrations/slack.py ${INSTALL_SCRIPT} ${WRKSRC}/integrations/shuffle.py ${STAGEDIR}${WAZUHPREFIX}/integrations/shuffle.py ${INSTALL_SCRIPT} ${WRKSRC}/integrations/virustotal.py ${STAGEDIR}${WAZUHPREFIX}/integrations/virustotal.py ${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/queue/agents-timestamp ${INSTALL_DATA} ${WRKSRC}/ruleset/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/default ${INSTALL_DATA} ${WRKSRC}/etc/agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/shared/default/agent.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/shared/agent-template.conf ${INSTALL_SCRIPT} ${WRKSRC}/wodles/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/utils.py ${STAGEDIR}${WAZUHPREFIX}/wodles/utils.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/aws_s3.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/aws_tools.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws_tools.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/wazuh_integration.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/wazuh_integration.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/aws_bucket.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/aws_bucket.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/cloudtrail.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/cloudtrail.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/config.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/config.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/guardduty.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/guardduty.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/load_balancers.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/load_balancers.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/server_access.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/server_access.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/umbrella.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/umbrella.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/vpcflow.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/vpcflow.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/buckets_s3/waf.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/buckets_s3/waf.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/services/aws_service.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/services/aws_service.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/services/cloudwatchlogs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/services/cloudwatchlogs.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/services/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/services/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/services/inspector.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/services/inspector.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/subscribers/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/subscribers/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/subscribers/sqs_queue.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/subscribers/sqs_queue.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/subscribers/s3_log_handler.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/subscribers/s3_log_handler.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/aws/subscribers/sqs_message_processor.py ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/subscribers/sqs_message_processor.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/aws/aws-s3 ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/exceptions.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/exceptions.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/gcloud.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/integration.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/integration.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/tools.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/tools.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/bucket.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/bucket.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/buckets/access_logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/buckets/access_logs.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/gcloud/pubsub/subscriber.py ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/pubsub/subscriber.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/gcloud/gcloud ${INSTALL_SCRIPT} ${WRKSRC}/wodles/docker-listener/DockerListener.py ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/docker/DockerListener ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure-logs.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure_utils.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure_utils.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure_services/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure_services/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure_services/analytics.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure_services/analytics.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure_services/graph.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure_services/graph.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/azure_services/storage.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure_services/storage.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/db/__init__.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/db/__init__.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/db/orm.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/db/orm.py ${INSTALL_SCRIPT} ${WRKSRC}/wodles/azure/db/utils.py ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/db/utils.py ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/wodles/azure/azure-logs ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/integrations/maltiverse ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/integrations/pagerduty ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/integrations/slack ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/integrations/virustotal ${INSTALL_SCRIPT} ${WRKSRC}/framework/wrappers/generic_wrapper.sh ${STAGEDIR}${WAZUHPREFIX}/integrations/shuffle # Install SCA files ${FIND} ${WRKSRC}/ruleset/sca -type f -name "*.yml.disabled" -exec ${INSTALL_DATA} "{}" ${STAGEDIR}${WAZUHPREFIX}/ruleset/sca/ \; ${INSTALL_LIB} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/libwazuhshared.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/build/shared_modules/content_manager/libcontent_manager.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/build/shared_modules/indexer_connector/libindexer_connector.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/build/wazuh_modules/inventory_harvester/libinventory_harvester.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/build/shared_modules/router/librouter.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/build/wazuh_modules/vulnerability_scanner/libvulnerability_scanner.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/data_provider/build/lib/libsysinfo.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/external/jemalloc/lib/libjemalloc.so.2 ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/external/rocksdb/build/librocksdb.so.8.3.2 ${STAGEDIR}${WAZUHPREFIX}/lib/librocksdb.so.8 ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/dbsync/build/lib/libdbsync.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/shared_modules/rsync/build/lib/librsync.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/syscheckd/build/lib/libfimdb.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_LIB} ${WRKSRC}/src/wazuh_modules/syscollector/build/lib/libsyscollector.so ${STAGEDIR}${WAZUHPREFIX}/lib ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/vulnerability_scanner/indexer/template/index-template.json ${STAGEDIR}${WAZUHPREFIX}/templates/vd_states_template.json ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/vulnerability_scanner/indexer/template/update-mappings.json ${STAGEDIR}${WAZUHPREFIX}/templates/vd_states_update_mappings.json ${INSTALL_DATA} ${WRKSRC}/src/wazuh_modules/inventory_harvester/indexer/template/wazuh-states-inventory-* ${STAGEDIR}${WAZUHPREFIX}/templates/ ${INSTALL_DATA} ${WRKSRC}/VERSION.json ${STAGEDIR}${WAZUHPREFIX} cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} install_python ${MAKE_ARGS} cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} install_dependencies ${MAKE_ARGS} cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} install_framework ${MAKE_ARGS} cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} install_api ${MAKE_ARGS} cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \ ${MAKE_CMD} install_mitre ${MAKE_ARGS} cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} \ ${MAKE_CMD} --quiet -C framework install INSTALLDIR=${STAGEDIR}${WAZUHPREFIX} cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} \ ${MAKE_CMD} --quiet -C api install INSTALLDIR=${STAGEDIR}${WAZUHPREFIX} @cd ${STAGEDIR}${WAZUHPREFIX}/framework/python/lib && \ ${STAGEDIR}${WAZUHPREFIX}/framework/python/bin/python3 -m compileall -x 'bad_coding|badsyntax|lib2to3/tests/data' -f -p ${WAZUHPREFIX}/framework/python/lib/ "${PYTHON_VERSION}" @cd ${STAGEDIR}${WAZUHPREFIX}/framework/python/lib && \ ${STAGEDIR}${WAZUHPREFIX}/framework/python/bin/python3 -O -m compileall -x 'bad_coding|badsyntax|lib2to3/tests/data' -f -p ${WAZUHPREFIX}/framework/python/lib/ "${PYTHON_VERSION}" @cd ${STAGEDIR}${WAZUHPREFIX}/framework/python/lib && \ ${STAGEDIR}${WAZUHPREFIX}/framework/python/bin/python3 -OO -m compileall -x 'bad_coding|badsyntax|lib2to3/tests/data' -f -p ${WAZUHPREFIX}/framework/python/lib/ "${PYTHON_VERSION}" ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/etc/templates ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/databases ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/src cd ${WRKSRC}/etc/templates && ${COPYTREE_SHARE} config \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/etc/templates/ cd ${WRKSRC}/src && ${COPYTREE_SHARE} init \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/src/ cd ${WRKSRC}/ruleset && ${COPYTREE_SHARE} sca \ ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/ ${INSTALL_SCRIPT} ${WRKSRC}/gen_ossec.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/ ${INSTALL_SCRIPT} ${WRKSRC}/add_localfiles.sh ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/ ${INSTALL_DATA} ${WRKSRC}/src/os_dbd/mysql.schema ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/databases ${INSTALL_DATA} ${WRKSRC}/src/os_dbd/postgresql.schema ${STAGEDIR}${WAZUHPREFIX}/packages_files/manager_installation_scripts/databases @${FIND} ${STAGEDIR}${WAZUHPREFIX}/framework/python/lib/${PYTHON_VERSION}/site-packages/numpy/distutils/ -type f -name "*.bak" -delete -o -name "*.orig" -delete @${RM} ${STAGEDIR}${WAZUHPREFIX}/framework/python/lib/${PYTHON_VERSION}/site-packages/numpy/f2py/tests/src/temp @${RM} ${STAGEDIR}${WAZUHPREFIX}/framework/python/lib/${PYTHON_VERSION}/site-packages/numpy/core/tests/examples/temp post-install: @${STRIP_CMD} ${STAGEDIR}${WAZUHPREFIX}/framework/python/bin/${PYTHON_VERSION} @${FIND} ${STAGEDIR}${WAZUHPREFIX}/framework -type f -name "*.so" -exec ${STRIP_CMD} "{}" \; .for FILE in ${WZSHEBANG_FILES} @${REINPLACE_CMD} -i "" -e 's|${STAGEDIR}||g' ${STAGEDIR}${WAZUHPREFIX}/framework/python/bin/${FILE} .endfor .include diff --git a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp index 7765db26eb93..58bb3ac01b91 100644 --- a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp +++ b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp @@ -1,389 +1,387 @@ ---- src/data_provider/src/sysInfoFreeBSD.cpp.orig 2025-12-29 18:29:38.128837000 -0400 -+++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-12-30 01:04:57.828191000 -0400 +--- src/data_provider/src/sysInfoFreeBSD.cpp 2025-11-07 00:46:03.000000000 -0800 ++++ src/data_provider/src/sysInfoFreeBSD.cpp 2026-01-01 13:18:42.411755000 -0800 @@ -11,20 +11,28 @@ #include "sysInfo.hpp" #include "cmdHelper.h" #include "stringHelper.h" +#include "timeHelper.h" #include "osinfo/sysOsParsers.h" +#include "sqliteWrapperTemp.h" +#include "filesystemHelper.h" #include #include #include #include "sharedDefs.h" +#include +const std::string PKG_DB_PATHNAME {"/var/db/pkg/local.sqlite"}; +const std::string PKG_QUERY {"SELECT p.name, p.maintainer, p.version, p.arch, p.comment, p.flatsize, p.time, v.annotation AS repository,p.origin FROM packages p LEFT JOIN (SELECT pa.package_id, pa.value_id FROM pkg_annotation pa JOIN annotation t ON t.annotation_id = pa.tag_id AND t.annotation = 'repository') pr ON pr.package_id = p.id LEFT JOIN annotation v ON v.annotation_id = pr.value_id;"}; + static void getMemory(nlohmann::json& info) { + constexpr auto vmFree{"vm.stats.vm.v_free_count"}; + constexpr auto vmInactive{"vm.stats.vm.v_inactive_count"}; constexpr auto vmPageSize{"vm.stats.vm.v_page_size"}; - constexpr auto vmTotal{"vm.vmtotal"}; + constexpr auto vmTotal{"hw.physmem"}; uint64_t ram{0}; - const std::vector mib{CTL_HW, HW_PHYSMEM}; size_t len{sizeof(ram)}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), &ram, &len, nullptr, 0)}; + auto ret{sysctlbyname(vmTotal, &ram, &len, nullptr, 0)}; if (ret) { @@ -52,11 +60,23 @@ }; } - struct vmtotal vmt {}; + uint64_t freeMem{0}; + len = sizeof(freeMem); + ret = sysctlbyname(vmFree, &freeMem, &len, nullptr, 0); - len = sizeof(vmt); + if (ret) + { + throw std::system_error + { + ret, + std::system_category(), + "Error reading free memory size." + }; + } - ret = sysctlbyname(vmTotal, &vmt, &len, nullptr, 0); + uint64_t inactiveMem{0}; + len = sizeof(inactiveMem); + ret = sysctlbyname(vmInactive, &inactiveMem, &len, nullptr, 0); if (ret) { @@ -64,11 +84,11 @@ { ret, std::system_category(), - "Error reading total memory." + "Error reading inactive memory size." }; } - const auto ramFree{(vmt.t_free * pageSize) / KByte}; + const auto ramFree{(freeMem + inactiveMem) * pageSize / KByte}; info["ram_free"] = ramFree; info["ram_usage"] = 100 - (100 * ramFree / ramTotal); } @@ -184,8 +204,12 @@ nlohmann::json SysInfo::getProcessesInfo() const { - // Currently not supported for this OS - return nlohmann::json {}; + nlohmann::json ret; + getProcessesInfo([&ret](nlohmann::json & data) + { + ret.push_back(data); + }); + return ret; } nlohmann::json SysInfo::getOsInfo() const @@ -196,11 +220,12 @@ if (!spParser->parseUname(Utils::exec("uname -r"), ret)) { - ret["os_name"] = "BSD"; ret["os_platform"] = "bsd"; ret["os_version"] = UNKNOWN_VALUE; } + ret["os_name"] = "FreeBSD"; + if (uname(&uts) >= 0) { ret["sysname"] = uts.sysname; -@@ -215,44 +240,257 @@ +@@ -215,43 +240,256 @@ nlohmann::json SysInfo::getPorts() const { - // Currently not supported for this OS. - return nlohmann::json {}; -} + nlohmann::json ports {}; + + /* USER COMMAND PID FD PROTO LOCAL_ADDRESS FOREIGN_ADDRESS PATH_STATE CONN_STATE */ + +#if __FreeBSD_version > 1500045 + const auto query{exec(R"(sockstat -46qs --libxo json)")}; -void SysInfo::getProcessesInfo(std::function /*callback*/) const -{ - // Currently not supported for this OS. --} + if (!query.empty()) + { + nlohmann::json portsjson; + portsjson = nlohmann::json::parse(query); + auto &portsResult = portsjson["sockstat"]["socket"]; - --void SysInfo::getPackages(std::function callback) const --{ -- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; ++ + for(auto &port : portsResult) { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - ++ + if (port["pid"] != nullptr) { + + localip = port["local"]["address"]; + remoteip = port["foreign"]["address"]; + statedata = port["conn-state"] != nullptr ? (port["conn-state"] == "LISTEN" ? "listening" : Utils::toLowerCase(port["conn-state"])) : statedata; + + if (port["local"]["address"] == "*") { + if ((port["proto"] == "udp4") || (port["proto"] == "tcp4")) { + localip = "0.0.0.0"; + } else { + localip = "::"; + } + } + + localport = port["local"]["port"]; + + if (port["foreign"]["address"] == "*") { + if ((port["proto"] == "udp4") || (port["proto"] == "tcp4")) { + remoteip = 0.0.0.0; + } else { + remoteip = "::"; + } + } + + remoteport = port["foreign"]["port"]; + + nlohmann::json portRecord {}; + + portRecord["protocol"] = port["proto"]; + portRecord["local_ip"] = localip; + portRecord["local_port"] = localport == "*" ? "0" : localport; + portRecord["remote_ip"] = remoteip; + portRecord["remote_port"] = remoteport == "*" ? "0" : remoteport; + portRecord["tx_queue"] = 0; + portRecord["rx_queue"] = 0; + portRecord["inode"] = port["fd"]; + portRecord["state"] = statedata == "??" ? "" : statedata; + portRecord["pid"] = port["pid"]; + portRecord["process"] = port["command"]; + + ports.push_back(portRecord); + } + } + } +#else + const auto query{Utils::exec(R"(sockstat -46qs)")}; + - if (!query.empty()) - { -- const auto lines{Utils::split(query, '\n')}; ++ if (!query.empty()) ++ { + const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')}; - ++ + std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)"); + - for (const auto& line : lines) - { -- const auto data{Utils::split(line, '|')}; -- nlohmann::json package; ++ for (const auto& line : lines) ++ { + std::smatch data; - -- package["name"] = data[0]; -- package["vendor"] = data[1]; -- package["version"] = data[2]; -- package["install_time"] = UNKNOWN_VALUE; -- package["location"] = UNKNOWN_VALUE; -- package["architecture"] = data[3]; -- package["groups"] = UNKNOWN_VALUE; -- package["description"] = data[4]; -- package["size"] = 0; -- package["priority"] = UNKNOWN_VALUE; -- package["source"] = UNKNOWN_VALUE; -- package["format"] = "pkg"; -- // The multiarch field won't have a default value ++ + if (std::regex_search(line, data, expression)) + { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - -- callback(package); ++ + auto localdata{Utils::split(data[6], ':')}; + auto remotedata{Utils::split(data[7], ':')}; + + if (data[8].matched ) { + statedata = data[8] == "LISTEN" ? "listening" : Utils::toLowerCase(data[8]); + } + + localport = localdata[localdata.size() - 1]; + localdata.pop_back(); + localip = Utils::join(localdata, ":"); + remoteport = remotedata[remotedata.size() - 1]; + remotedata.pop_back(); + remoteip = Utils::join(remotedata, ":"); + + if(localip == "*") { + if((data[5] == "tcp4") || (data[5] == "udp4")) { + localip = "0.0.0.0"; + } else { + localip = "::"; + } + } + + if(remoteip == "*") { + if((data[5] == "tcp4") || (data[5] == "udp4")) { + remoteip = "0.0.0.0"; + } else { + remoteip = "::"; + } + } + + if(data[0] != "?") { + nlohmann::json port {}; + + port["protocol"] = data[5]; + port["local_ip"] = localip; + port["local_port"] = localport == "*" ? "0" : localport; + port["remote_ip"] = remoteip; + port["remote_port"] = remoteport == "*" ? "0" : remoteport; + port["tx_queue"] = 0; + port["rx_queue"] = 0; + port["inode"] = data[4]; + port["state"] = statedata == "??" ? "" : statedata; + port["pid"] = data[3]; + port["process"] = data[2]; + + ports.push_back(port); + } + } + } + } +#endif + return ports; -+} -+ + } + +-void SysInfo::getPackages(std::function callback) const +void SysInfo::getProcessesInfo(std::function callback) const -+{ + { +- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; + const auto query{Utils::exec(R"(ps -ax -w -o pid,comm,state,ppid,usertime,systime,user,ruser,svuid,group,rgroup,svgid,pri,nice,ssiz,vsz,rss,pmem,etimes,sid,pgid,tpgid,tty,cpu,nlwp,args --libxo json)")}; -+ -+ if (!query.empty()) -+ { + + if (!query.empty()) + { +- const auto lines{Utils::split(query, '\n')}; + nlohmann::json psjson; + psjson = nlohmann::json::parse(query); + auto &processes = psjson["process-information"]["process"]; -+ + +- for (const auto& line : lines) + for(auto &process : processes) { + std::string user_time{""}; + std::string system_time{""}; + + user_time = process["user-time"].get(); + system_time = process["system-time"].get(); + + nlohmann::json jsProcessInfo{}; + jsProcessInfo["pid"] = process["pid"].get(); + jsProcessInfo["name"] = process["command"].get(); + jsProcessInfo["state"] = process["state"].get(); + jsProcessInfo["ppid"] = process["ppid"].get(); + jsProcessInfo["utime"] = Utils::timeToSeconds(user_time); + jsProcessInfo["stime"] = Utils::timeToSeconds(system_time); + jsProcessInfo["cmd"] = process["command"].get(); + jsProcessInfo["argvs"] = process["arguments"].get(); + jsProcessInfo["euser"] = process["user"].get(); + jsProcessInfo["ruser"] = process["real-user"].get(); + jsProcessInfo["suser"] = process["saved-uid"].get(); + jsProcessInfo["egroup"] = process["group"].get(); + jsProcessInfo["rgroup"] = process["real-group"].get(); + jsProcessInfo["sgroup"] = process["saved-gid"].get(); + jsProcessInfo["fgroup"] = process["group"].get(); + jsProcessInfo["priority"] = process["priority"].get(); + jsProcessInfo["nice"] = process["nice"].get(); + jsProcessInfo["size"] = process["stack-size"].get(); + jsProcessInfo["vm_size"] = process["virtual-size"].get(); + jsProcessInfo["resident"] = process["rss"].get(); + //jsProcessInfo["share"] = process["percent-memory"].get(); + jsProcessInfo["start_time"] = process["elapsed-times"].get() == "-" ? "0" : process["elapsed-times"].get(); + jsProcessInfo["pgrp"] = process["process-group"].get(); + jsProcessInfo["session"] = process["sid"].get(); + jsProcessInfo["tgid"] = process["terminal-process-gid"].get(); + //jsProcessInfo["tty"] = process["tty"].get(); // this field should be TEXT into local.db + jsProcessInfo["processor"] = process["on-cpu"].get(); + jsProcessInfo["nlwp"] = process["threads"].get(); + + callback(jsProcessInfo); + } + } +} + +void SysInfo::getPackages(std::function callback) const +{ + if (Utils::existsRegular(PKG_DB_PATHNAME)) + { + try -+ { -+ std::shared_ptr sqliteConnection = std::make_shared(PKG_DB_PATHNAME); -+ + { +- const auto data{Utils::split(line, '|')}; +- nlohmann::json package; ++ std::shared_ptr sqliteConnection = std::make_shared(PKG_DB_PATHNAME, SQLITE_OPEN_READONLY); + +- package["name"] = data[0]; +- package["vendor"] = data[1]; +- package["version"] = data[2]; +- package["install_time"] = UNKNOWN_VALUE; +- package["location"] = UNKNOWN_VALUE; +- package["architecture"] = data[3]; +- package["groups"] = UNKNOWN_VALUE; +- package["description"] = data[4]; +- package["size"] = 0; +- package["priority"] = UNKNOWN_VALUE; +- package["source"] = UNKNOWN_VALUE; +- package["format"] = "pkg"; +- // The multiarch field won't have a default value + SQLite::Statement stmt + { + sqliteConnection, + PKG_QUERY + }; -+ + +- callback(package); + while (SQLITE_ROW == stmt.step()) + { + try + { + auto pkg_name{ stmt.column(0) }; + auto pkg_maintainer{ stmt.column(1) }; + auto pkg_version{ stmt.column(2) }; + auto pkg_arch{ stmt.column(3) }; + auto pkg_comment{ stmt.column(4) }; + auto pkg_flatsize{ stmt.column(5) }; + auto pkg_time{ stmt.column(6) }; + auto pkg_repository{ stmt.column(7) }; + auto pkg_origin{ stmt.column(8) }; + + const auto archdata{Utils::split(pkg_arch->value(std::string{}), ':')}; + const auto sectiondata{Utils::split(pkg_origin->value(std::string{}), '/')}; + + nlohmann::json package; + + package["name"] = pkg_name->value(std::string{}); + package["vendor"] = pkg_maintainer->value(std::string{}); + package["version"] = pkg_version->value(std::string{}); + package["install_time"] = pkg_time->value(std::string{}); + package["location"] = UNKNOWN_VALUE; + package["architecture"] = archdata[2]; + package["groups"] = UNKNOWN_VALUE; + package["description"] = pkg_comment->value(std::string{}); + package["size"] = pkg_flatsize->value(uint64_t{}); + package["priority"] = UNKNOWN_VALUE; + package["source"] = pkg_repository->value(std::string{}); + package["section"] = sectiondata[0]; + package["format"] = "pkg"; + // The multiarch field won't have a default value + + callback(package); + } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; + } + } - } ++ } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; -+ } + } } } - diff --git a/security/wazuh-manager/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h b/security/wazuh-manager/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h new file mode 100644 index 000000000000..a6eeb2973d97 --- /dev/null +++ b/security/wazuh-manager/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h @@ -0,0 +1,34 @@ +--- src/shared_modules/utils/sqliteWrapperTemp.h 2025-11-07 00:46:03.000000000 -0800 ++++ src/shared_modules/utils/sqliteWrapperTemp.h 2026-01-01 13:52:11.656050000 -0800 +@@ -235,8 +235,8 @@ + public: + ~Connection() = default; + +- explicit Connection(const std::string& path) +- : m_db{ openSQLiteDb(path), [](sqlite3 * p) ++ explicit Connection(const std::string& path, const int flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE) ++ : m_db{ openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + } } +@@ -245,7 +245,10 @@ + + if (path.compare(DB_MEMORY) != 0) + { +- const auto result { chmod(path.c_str(), DB_PERMISSIONS) }; ++ const auto result = ++ (flags == SQLITE_OPEN_READONLY) ++ ? 0 ++ : chmod(path.c_str(), DB_PERMISSIONS); + + if (result != 0) + { +@@ -255,7 +258,7 @@ + }; + } + +- m_db.reset(openSQLiteDb(path, SQLITE_OPEN_READWRITE), [](sqlite3 * p) ++ m_db.reset(openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + }); diff --git a/security/wazuh-server/Makefile b/security/wazuh-server/Makefile index 42b85ea3a53a..e0a09cf3873c 100644 --- a/security/wazuh-server/Makefile +++ b/security/wazuh-server/Makefile @@ -1,63 +1,63 @@ PORTNAME= wazuh PORTVERSION= 4.14.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= LOCAL/acm/${PORTNAME}/:config_samples \ https://packages.wazuh.com/4.x/filebeat/:wazuh_module \ https://raw.githubusercontent.com/wazuh/wazuh/v${PORTVERSION}/extensions/elasticsearch/7.x/:indexer_template PKGNAMESUFFIX= -server DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} MAINTAINER= acm@FreeBSD.org COMMENT= Components for analyze the data received from the agents WWW= https://wazuh.com/ LICENSE= GPLv2 USES= dos2unix NO_BUILD= yes DOS2UNIX_FILES= ${WRKDIR}/wazuh-template.json DISTFILES+= filebeat.yml:config_samples \ logstash-${PORTNAME}-${PORTVERSION}.conf:config_samples \ wazuh-filebeat-${WAZUH_MODULE_VER}.tar.gz:wazuh_module \ wazuh-template.json:indexer_template SUB_FILES= pkg-message ETCDIR= ${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX} WAZUH_LOCALBASE= /var/ossec WAZUH_MODULE_VER= 0.4 OPTIONS_DEFINE= FILEBEAT LOGSTASH WAZUH-MANAGER OPTIONS_DEFAULT= FILEBEAT LOGSTASH WAZUH-MANAGER OPTIONS_SUB= yes FILEBEAT_DESC= Install filebeat component LOGSTASH_DESC= Install logstash component WAZUH-MANAGER_DESC= Install wazuh manager component FILEBEAT_RUN_DEPENDS= filebeat:sysutils/beats7 LOGSTASH_RUN_DEPENDS= ${LOCALBASE}/logstash/bin/logstash:sysutils/logstash8 WAZUH-MANAGER_RUN_DEPENDS= wazuh-manager>=0:security/wazuh-manager do-extract: @${MKDIR} ${WRKSRC} @cd ${WRKDIR} && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/${PORTNAME}-filebeat-${WAZUH_MODULE_VER}.tar.gz ${EXTRACT_AFTER_ARGS} ${CP} ${_DISTDIR}/filebeat.yml ${WRKDIR} ${CP} ${_DISTDIR}/logstash-${PORTNAME}-${PORTVERSION}.conf ${WRKDIR}/logstash.conf ${CP} ${_DISTDIR}/wazuh-template.json ${WRKDIR} do-install: ${MKDIR} ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${WRKDIR}/filebeat.yml ${STAGEDIR}${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX}/filebeat.yml ${INSTALL_DATA} ${WRKDIR}/logstash.conf ${STAGEDIR}${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX}/logstash.conf ${INSTALL_DATA} ${WRKDIR}/wazuh-template.json ${STAGEDIR}${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX}/wazuh-template.json do-install-FILEBEAT-on: ${MKDIR} ${STAGEDIR}${PREFIX}/share/beats/filebeat/module/ @cd ${WRKDIR} && ${COPYTREE_SHARE} wazuh ${STAGEDIR}${PREFIX}/share/beats/filebeat/module/ .include diff --git a/security/wazuh-server/files/pkg-message.in b/security/wazuh-server/files/pkg-message.in index 258f0696829f..12e19d9cce62 100644 --- a/security/wazuh-server/files/pkg-message.in +++ b/security/wazuh-server/files/pkg-message.in @@ -1,71 +1,71 @@ [ { type: install message: <