fdalmaup commented 1 year ago

Wazuh version
4.8.0

Description

As part of https://github.com/wazuh/wazuh/issues/13388, the AWS module is being refactored in order to get quality unit tests. Some structural changes are being made to it, separating the module into different files in order to have a more maintainable and cohesive code.

Tasks

[x] Review that the changes made to the AWS Module have their counterpart in the corresponding wazuh-packages files (e.g. solaris/solaris11/SPECS/template_agent.json)
[x] Test the correct build of the packages that required a modification on their files.

fdalmaup commented 1 year ago

Issue Update

I have modified the solaris/solaris11/SPECS/template_agent.json file to have all the AWS module files. Without these changes, the built packages did not contain the rest of the files required for the module to work. After the changes, the Solaris 11 package was successfully built and its installation was tested:

root@solaris-vagrant:/var/ossec/wodles/aws# ls -l
total 110
-rwxr-x---   1 root     wazuh          0 Sep  1 22:19 __init__.py
-rwxr-x---   1 root     wazuh      16489 Sep  1 22:19 aws_tools.py
-rwxr-x---   1 root     wazuh       9407 Sep  1 22:19 aws-s3
drwxr-x---   2 root     wazuh         12 Sep  1 22:32 buckets_s3
drwxr-x---   2 root     wazuh          6 Sep  1 22:32 services
drwxr-x---   2 root     wazuh          6 Sep  1 22:32 subscribers
-rwxr-x---   1 root     wazuh      22836 Sep  1 22:32 wazuh_integration.py
root@solaris-vagrant:/var/ossec/wodles/aws# ls -l buckets_s3/
total 187
-rwxr-x---   1 root     wazuh        462 Sep  1 22:32 __init__.py
-rwxr-x---   1 root     wazuh      41203 Sep  1 22:32 aws_bucket.py
-rwxr-x---   1 root     wazuh       1889 Sep  1 22:32 cloudtrail.py
-rwxr-x---   1 root     wazuh       8844 Sep  1 22:32 config.py
-rwxr-x---   1 root     wazuh       4353 Sep  1 22:32 guardduty.py
-rwxr-x---   1 root     wazuh       5729 Sep  1 22:32 load_balancers.py
-rwxr-x---   1 root     wazuh       9151 Sep  1 22:32 server_access.py
-rwxr-x---   1 root     wazuh       2718 Sep  1 22:32 umbrella.py
-rwxr-x---   1 root     wazuh      10934 Sep  1 22:32 vpcflow.py
-rwxr-x---   1 root     wazuh       2897 Sep  1 22:32 waf.py
root@solaris-vagrant:/var/ossec/wodles/aws# ls -l services/
total 78
-rwxr-x---   1 root     wazuh        166 Sep  1 22:32 __init__.py
-rwxr-x---   1 root     wazuh       5955 Sep  1 22:32 aws_service.py
-rwxr-x---   1 root     wazuh      24429 Sep  1 22:32 cloudwatchlogs.py
-rwxr-x---   1 root     wazuh       6373 Sep  1 22:32 inspector.py
root@solaris-vagrant:/var/ossec/wodles/aws# ls -l subscribers/
total 43
-rwxr-x---   1 root     wazuh        201 Sep  1 22:32 __init__.py
-rwxr-x---   1 root     wazuh      10400 Sep  1 22:32 s3_log_handler.py
-rwxr-x---   1 root     wazuh       1795 Sep  1 22:32 sqs_message_processor.py
-rwxr-x---   1 root     wazuh       6214 Sep  1 22:32 sqs_queue.py

fdalmaup commented 1 year ago

Manual test

The module was tested using Python 3.7.6 giving the following results:

root@vagrant:/# cat /etc/release
                             Oracle Solaris 11.4 X86
  Copyright (c) 1983, 2018, Oracle and/or its affiliates.  All rights reserved.
                            Assembled 16 August 2018
root@vagrant:/# /var/ossec/wodles/aws/aws-s3 -b wazuh-aws-wodle-cloudtrail -t cloudtrail -s 2021-Dec-01 -p dev -d2
DEBUG: +++ Debug mode on - Level: 2
DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG: +++ Table does not exist; create
DEBUG: +++ Working on 123456789123 - us-west-1
DEBUG: +++ Marker: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_VZJxNKcpNdyJysGy.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_ZKdiPZvOQPGUJMUh.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_ZsQHQAHDMsYfvPHx.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_wcnIRHvPJuYpSXZr.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/23/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxgfdNInHa.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/01/25/123456789123_CloudTrail_us-west-1_20220125T0000Z_HASDOtJxgfdNInHa.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/02/11/123456789123_CloudTrail_us-west-1_20220211T0000Z_HASDOtJxgfdNInHa.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdNInHa.json.gz
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdNInHa.json.zip
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdkdIOa.json.txt
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0002Z_HASDoKlxgfdNInHa.json.zip
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/04/06/123456789123_CloudTrail_us-west-1_20230406T0002Z_HASDoKlxgfdNInHa.json
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/04/06/123456789123_CloudTrail_us-west-1_20230406T0002Z_HASDoKlxgfdNInHb.json
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/04/11/123456789123_CloudTrail_us-west-1_20230411T1755Z_2CqtXDyI0zFiYm1J.json
DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/09/06/123456789123_CloudTrail_us-west-1_20230906T1755Z_2CqtXDyI0zFiYm1J.json
DEBUG: +++ DB Maintenance
DEBUG: +++ Working on 123123456789 - us-west-1
DEBUG: +++ Marker: AWSLogs/123123456789/CloudTrail/us-west-1/2021/12/01
DEBUG: ++ Found new log: AWSLogs/123123456789/CloudTrail/us-west-1/2021/12/23/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxgfdNInHa.json.gz
DEBUG: ++ Found new log: AWSLogs/123123456789/CloudTrail/us-west-1/2021/12/23/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxxxxxxxxx.json.gz
DEBUG: +++ DB Maintenance
DEBUG: +++ Working on 789123123456 - us-west-1
DEBUG: +++ Marker: AWSLogs/789123123456/CloudTrail/us-west-1/2021/12/01
DEBUG: ++ Found new log: AWSLogs/789123123456/CloudTrail/us-west-1/2023/01/25/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxxxxxxxxx.json.gz
DEBUG: +++ DB Maintenance

It was needed to compile the mentioned Python version since it is not native to Solaris 11 and certain bugs that could not be solved arose. This led to not being able to install the pyarrow and numpy packages and therefore the need to comment out the sections of code that used them to perform this manual test. The errors found were:

numpy related error

conv_template:> build/src.solaris-2.11-i86pc.64bit-3.7/numpy/core/src/multiarray/multiarray_tests.c building extension "numpy.core.operand_flag_tests" sources conv_template:> build/src.solaris-2.11-i86pc.64bit-3.7/numpy/core/src/umath/operand_flag_tests.c building extension "numpy.fft.fftpack_lite" sources building extension "numpy.linalg.lapack_lite" sources creating build/src.solaris-2.11-i86pc.64bit-3.7/numpy/linalg ### Warning: Using unoptimized lapack ### adding 'numpy/linalg/lapack_lite/python_xerbla.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_z_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_c_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_d_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_s_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_blas.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_config.c' to sources. adding 'numpy/linalg/lapack_lite/f2c.c' to sources. building extension "numpy.linalg._umath_linalg" sources ### Warning: Using unoptimized lapack ### adding 'numpy/linalg/lapack_lite/python_xerbla.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_z_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_c_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_d_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_s_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_lapack.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_blas.c' to sources. adding 'numpy/linalg/lapack_lite/f2c_config.c' to sources. adding 'numpy/linalg/lapack_lite/f2c.c' to sources. conv_template:> build/src.solaris-2.11-i86pc.64bit-3.7/numpy/linalg/umath_linalg.c building extension "numpy.random.mtrand" sources creating build/src.solaris-2.11-i86pc.64bit-3.7/numpy/random building data_files sources build_src: building npy-pkg config files creating /tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info writing /tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info/PKG-INFO writing dependency_links to /tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info/dependency_links.txt writing top-level names to /tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info/top_level.txt writing manifest file '/tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info/SOURCES.txt' unifing config_cc, config, build_clib, build_ext, build commands --compiler options unifing config_fc, config, build_clib, build_ext, build commands --fcompiler options reading manifest file '/tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no previously-included files matching '*.pyo' found anywhere in distribution warning: no previously-included files matching '*.pyd' found anywhere in distribution warning: no previously-included files matching '*.swp' found anywhere in distribution warning: no previously-included files matching '*.bak' found anywhere in distribution warning: no previously-included files matching '*~' found anywhere in distribution adding license file 'LICENSE.txt' writing manifest file '/tmp/pip-modern-metadata-zzbx57x9/numpy.egg-info/SOURCES.txt' creating '/tmp/pip-modern-metadata-zzbx57x9/numpy-1.14.5.dist-info' Running from numpy source directory. /tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/setup.py:369: UserWarning: Unrecognized setuptools command, proceeding with generating Cython sources and expanding templates run_build = parse_setuppy_commands() /tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/numpy/distutils/system_info.py:624: UserWarning: Atlas (http://math-atlas.sourceforge.net/) libraries not found. Directories to search for the libraries can be specified in the numpy/distutils/site.cfg file (section [atlas]) or by setting the ATLAS environment variable. self.calc_info() /tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/numpy/distutils/system_info.py:624: UserWarning: Blas (http://www.netlib.org/blas/) libraries not found. Directories to search for the libraries can be specified in the numpy/distutils/site.cfg file (section [blas]) or by setting the BLAS environment variable. self.calc_info() /tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/numpy/distutils/system_info.py:624: UserWarning: Blas (http://www.netlib.org/blas/) sources not found. Directories to search for the sources can be specified in the numpy/distutils/site.cfg file (section [blas_src]) or by setting the BLAS_SRC environment variable. self.calc_info() /tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/numpy/distutils/system_info.py:624: UserWarning: Lapack (http://www.netlib.org/lapack/) libraries not found. Directories to search for the libraries can be specified in the numpy/distutils/site.cfg file (section [lapack]) or by setting the LAPACK environment variable. self.calc_info() /tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/numpy/distutils/system_info.py:624: UserWarning: Lapack (http://www.netlib.org/lapack/) sources not found. Directories to search for the sources can be specified in the numpy/distutils/site.cfg file (section [lapack_src]) or by setting the LAPACK_SRC environment variable. self.calc_info() /tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/dist.py:265: UserWarning: Unknown distribution option: 'define_macros' warnings.warn(msg) /tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated. !! ******************************************************************************** Please avoid running ``setup.py`` directly. Instead, use pypa/build, pypa/installer or other standards-based tools. See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details. ******************************************************************************** !! self.initialize_options() /tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/command/sdist.py:117: SetuptoolsDeprecationWarning: `build_py` command does not inherit from setuptools' `build_py`. !! ******************************************************************************** Custom 'build_py' does not implement 'get_data_files_without_manifest'. Please extend command classes from setuptools instead of distutils. See https://peps.python.org/pep-0632/ for details. ******************************************************************************** !! self._add_data_files(self._safe_data_files(build_py)) Traceback (most recent call last): File "/opt/python3/lib/python3.7/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 353, in main() File "/opt/python3/lib/python3.7/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 335, in main json_out['return_val'] = hook(**hook_input['kwargs']) File "/opt/python3/lib/python3.7/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 149, in prepare_metadata_for_build_wheel return hook(metadata_directory, config_settings) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 380, in prepare_metadata_for_build_wheel self.run_setup() File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 488, in run_setup self).run_setup(setup_script=setup_script) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 338, in run_setup exec(code, locals()) File "", line 394, in File "", line 386, in setup_package File "/tmp/pip-install-hkjfy_gq/numpy_ec046ad59ee54da5ac9791469f00e751/numpy/distutils/core.py", line 169, in setup return old_setup(**new_attr) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/__init__.py", line 107, in setup return distutils.core.setup(**attrs) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/core.py", line 185, in setup return run_commands(dist) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/core.py", line 201, in run_commands dist.run_commands() File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands self.run_command(cmd) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 1234, in run_command super().run_command(command) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/dist.py", line 988, in run_command cmd_obj.run() File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/command/dist_info.py", line 104, in run bdist_wheel = self.get_finalized_command('bdist_wheel') File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/cmd.py", line 304, in get_finalized_command cmd_obj = self.distribution.get_command_obj(command, create) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_distutils/dist.py", line 860, in get_command_obj klass = self.get_command_class(command) File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 979, in get_command_class self.cmdclass[command] = cmdclass = ep.load() File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/setuptools/_vendor/importlib_metadata/__init__.py", line 208, in load module = import_module(match.group('module')) File "/opt/python3/lib/python3.7/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1006, in _gcd_import File "", line 983, in _find_and_load File "", line 967, in _find_and_load_unlocked File "", line 677, in _load_unlocked File "", line 728, in exec_module File "", line 219, in _call_with_frames_removed File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/wheel/bdist_wheel.py", line 28, in from .macosx_libfile import calculate_macosx_platform_tag File "/tmp/pip-build-env-ry3lnybq/overlay/lib/python3.7/site-packages/wheel/macosx_libfile.py", line 43, in import ctypes File "/opt/python3/lib/python3.7/ctypes/__init__.py", line 7, in from _ctypes import Union, Structure, Array ModuleNotFoundError: No module named '_ctypes' [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: metadata-generation-failed × Encountered error while generating package metadata. ╰─> See above for output. note: This is an issue with the package mentioned above, not pip. hint: See above for details. [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: subprocess-exited-with-error × pip subprocess to install build dependencies did not run successfully. │ exit code: 1 ╰─> See above for output. note: This error originates from a subprocess, and is likely not a problem with pip.

fdalmaup commented 1 year ago

Issue Update

RPM package

Package installation

[root@604e1a4e2394 /]# yum install wazuh-agent-4.8.0-1.x86_64.rpm Loaded plugins: fastestmirror, ovl Examining wazuh-agent-4.8.0-1.x86_64.rpm: wazuh-agent-4.8.0-1.x86_64 Marking wazuh-agent-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-agent.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-agent x86_64 4.8.0-1 /wazuh-agent-4.8.0-1.x86_64 27 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 27 M Installed size: 27 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-agent-4.8.0-1.x86_64 1/1 Verifying : wazuh-agent-4.8.0-1.x86_64 1/1 Installed: wazuh-agent.x86_64 0:4.8.0-1 Complete!

AWS Module Files

[root@604e1a4e2394 /]# ll /var/ossec/wodles/aws/ total 68 -rwxr-x--- 1 root wazuh 0 Sep 28 13:54 __init__.py -rwxr-x--- 1 root wazuh 9407 Sep 28 13:54 aws-s3 -rwxr-x--- 1 root wazuh 16489 Sep 28 13:54 aws_tools.py drwxr-x--- 2 root wazuh 4096 Sep 28 16:27 buckets_s3 drwxr-x--- 2 root wazuh 4096 Sep 28 16:27 services drwxr-x--- 2 root wazuh 4096 Sep 28 16:27 subscribers -rwxr-x--- 1 root wazuh 22836 Sep 28 13:54 wazuh_integration.py [root@604e1a4e2394 /]# ll var/ossec/wodles/aws/buckets_s3/ total 112 -rwxr-x--- 1 root wazuh 462 Sep 28 13:54 __init__.py -rwxr-x--- 1 root wazuh 41203 Sep 28 13:54 aws_bucket.py -rwxr-x--- 1 root wazuh 1889 Sep 28 13:54 cloudtrail.py -rwxr-x--- 1 root wazuh 8844 Sep 28 13:54 config.py -rwxr-x--- 1 root wazuh 4353 Sep 28 13:54 guardduty.py -rwxr-x--- 1 root wazuh 5729 Sep 28 13:54 load_balancers.py -rwxr-x--- 1 root wazuh 9151 Sep 28 13:54 server_access.py -rwxr-x--- 1 root wazuh 2718 Sep 28 13:54 umbrella.py -rwxr-x--- 1 root wazuh 10934 Sep 28 13:54 vpcflow.py -rwxr-x--- 1 root wazuh 2897 Sep 28 13:54 waf.py [root@604e1a4e2394 /]# ll var/ossec/wodles/aws/services/ total 44 -rwxr-x--- 1 root wazuh 166 Sep 28 13:54 __init__.py -rwxr-x--- 1 root wazuh 5955 Sep 28 13:54 aws_service.py -rwxr-x--- 1 root wazuh 24429 Sep 28 13:54 cloudwatchlogs.py -rwxr-x--- 1 root wazuh 6373 Sep 28 13:54 inspector.py [root@604e1a4e2394 /]# ll var/ossec/wodles/aws/subscribers/ total 28 -rwxr-x--- 1 root wazuh 201 Sep 28 13:54 __init__.py -rwxr-x--- 1 root wazuh 10400 Sep 28 13:54 s3_log_handler.py -rwxr-x--- 1 root wazuh 1795 Sep 28 13:54 sqs_message_processor.py -rwxr-x--- 1 root wazuh 6214 Sep 28 13:54 sqs_queue.py

Module execution

[root@604e1a4e2394 /]# /var/ossec/wodles/aws/aws-s3 -b wazuh-aws-wodle-cloudtrail -t cloudtrail -s 2021-Dec-01 -p dev -d2 DEBUG: +++ Debug mode on - Level: 2 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10 DEBUG: +++ Table does not exist; create DEBUG: +++ Working on 456789123123 - us-west-1 DEBUG: +++ Marker: AWSLogs/456789123123/CloudTrail/us-west-1/2021/12/01 DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2021/12/01/456789123123_CloudTrail_us-west-1_20211201T0000Z_VZJxNKcpNdyJysGy.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2021/12/01/456789123123_CloudTrail_us-west-1_20211201T0000Z_ZKdiPZvOQPGUJMUh.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2021/12/01/456789123123_CloudTrail_us-west-1_20211201T0000Z_ZsQHQAHDMsYfvPHx.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2021/12/01/456789123123_CloudTrail_us-west-1_20211201T0000Z_wcnIRHvPJuYpSXZr.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2021/12/23/456789123123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2022/01/25/456789123123_CloudTrail_us-west-1_20220125T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2022/02/11/456789123123_CloudTrail_us-west-1_20220211T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2022/03/30/456789123123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2022/03/30/456789123123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdNInHa.json.zip DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2022/03/30/456789123123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdkdIOa.json.txt DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2022/03/30/456789123123_CloudTrail_us-west-1_20220330T0002Z_HASDoKlxgfdNInHa.json.zip DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2023/04/06/456789123123_CloudTrail_us-west-1_20230406T0002Z_HASDoKlxgfdNInHa.json DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2023/04/06/456789123123_CloudTrail_us-west-1_20230406T0002Z_HASDoKlxgfdNInHb.json DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2023/04/11/456789123123_CloudTrail_us-west-1_20230411T1755Z_2CqtXDyI0zFiYm1J.json DEBUG: ++ Found new log: AWSLogs/456789123123/CloudTrail/us-west-1/2023/09/06/456789123123_CloudTrail_us-west-1_20230906T1755Z_2CqtXDyI0zFiYm1J.json DEBUG: +++ DB Maintenance DEBUG: +++ Working on 123456789123 - us-west-1 DEBUG: +++ Marker: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01 DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/23/456789123123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/23/456789123123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxxxxxxxxx.json.gz DEBUG: +++ DB Maintenance DEBUG: +++ Working on 789123123456 - us-west-1 DEBUG: +++ Marker: AWSLogs/789123123456/CloudTrail/us-west-1/2021/12/01 DEBUG: ++ Found new log: AWSLogs/789123123456/CloudTrail/us-west-1/2023/01/25/456789123123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxxxxxxxxx.json.gz DEBUG: +++ DB Maintenance

DEB package

Package installation

apt-get install ./wazuh-agent_4.8.0-1_amd64.deb Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'wazuh-agent' instead of './wazuh-agent_4.8.0-1_amd64.deb' The following additional packages will be installed: distro-info-data file libexpat1 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib libpython3.6-minimal libpython3.6-stdlib libreadline7 libsqlite3-0 libssl1.1 lsb-release mime-support python3 python3-minimal python3.6 python3.6-minimal readline-common xz-utils Suggested packages: lsb python3-doc python3-tk python3-venv python3.6-venv python3.6-doc binutils binfmt-support readline-doc The following NEW packages will be installed: distro-info-data file libexpat1 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib libpython3.6-minimal libpython3.6-stdlib libreadline7 libsqlite3-0 libssl1.1 lsb-release mime-support python3 python3-minimal python3.6 python3.6-minimal readline-common wazuh-agent xz-utils 0 upgraded, 21 newly installed, 0 to remove and 15 not upgraded. Need to get 6685 kB/16.1 MB of archives. After this operation, 66.2 MB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 /wazuh-agent_4.8.0-1_amd64.deb wazuh-agent amd64 4.8.0-1 [9448 kB] Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libssl1.1 amd64 1.1.1-1ubuntu2.1~18.04.23 [1303 kB] Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3.6-minimal amd64 3.6.9-1~18.04ubuntu1.12 [533 kB] Get:4 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libexpat1 amd64 2.2.5-3ubuntu0.9 [82.8 kB] Get:5 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3.6-minimal amd64 3.6.9-1~18.04ubuntu1.12 [1609 kB] Get:6 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-minimal amd64 3.6.7-1~18.04 [23.7 kB] Get:7 http://archive.ubuntu.com/ubuntu bionic/main amd64 mime-support all 3.60ubuntu1 [30.1 kB] Get:8 http://archive.ubuntu.com/ubuntu bionic/main amd64 libmpdec2 amd64 2.4.2-1ubuntu1 [84.1 kB] Get:9 http://archive.ubuntu.com/ubuntu bionic/main amd64 readline-common all 7.0-3 [52.9 kB] Get:10 http://archive.ubuntu.com/ubuntu bionic/main amd64 libreadline7 amd64 7.0-3 [124 kB] Get:11 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libsqlite3-0 amd64 3.22.0-1ubuntu0.7 [499 kB] Get:12 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3.6-stdlib amd64 3.6.9-1~18.04ubuntu1.12 [1713 kB] Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3.6 amd64 3.6.9-1~18.04ubuntu1.12 [203 kB] Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3-stdlib amd64 3.6.7-1~18.04 [7240 B] Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3 amd64 3.6.7-1~18.04 [47.2 kB] Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 distro-info-data all 0.37ubuntu0.17 [4872 B] Get:17 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libmagic-mgc amd64 1:5.32-2ubuntu0.4 [184 kB] Get:18 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libmagic1 amd64 1:5.32-2ubuntu0.4 [68.6 kB] Get:19 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 file amd64 1:5.32-2ubuntu0.4 [22.1 kB] Get:20 http://archive.ubuntu.com/ubuntu bionic/main amd64 lsb-release all 9.20170808ubuntu1 [11.0 kB] Get:21 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 xz-utils amd64 5.2.2-1.3ubuntu0.1 [83.8 kB] Fetched 6685 kB in 2s (3090 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libssl1.1:amd64. (Reading database ... 4051 files and directories currently installed.) Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.23_amd64.deb ... Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.23) ... Selecting previously unselected package libpython3.6-minimal:amd64. Preparing to unpack .../libpython3.6-minimal_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking libpython3.6-minimal:amd64 (3.6.9-1~18.04ubuntu1.12) ... Selecting previously unselected package libexpat1:amd64. Preparing to unpack .../libexpat1_2.2.5-3ubuntu0.9_amd64.deb ... Unpacking libexpat1:amd64 (2.2.5-3ubuntu0.9) ... Selecting previously unselected package python3.6-minimal. Preparing to unpack .../python3.6-minimal_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking python3.6-minimal (3.6.9-1~18.04ubuntu1.12) ... Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.23) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.26.1 /usr/local/share/perl/5.26.1 /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.26 /usr/share/perl/5.26 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.) debconf: falling back to frontend: Teletype Setting up libpython3.6-minimal:amd64 (3.6.9-1~18.04ubuntu1.12) ... Setting up libexpat1:amd64 (2.2.5-3ubuntu0.9) ... Setting up python3.6-minimal (3.6.9-1~18.04ubuntu1.12) ... Selecting previously unselected package python3-minimal. (Reading database ... 4308 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.6.7-1~18.04_amd64.deb ... Unpacking python3-minimal (3.6.7-1~18.04) ... Selecting previously unselected package mime-support. Preparing to unpack .../1-mime-support_3.60ubuntu1_all.deb ... Unpacking mime-support (3.60ubuntu1) ... Selecting previously unselected package libmpdec2:amd64. Preparing to unpack .../2-libmpdec2_2.4.2-1ubuntu1_amd64.deb ... Unpacking libmpdec2:amd64 (2.4.2-1ubuntu1) ... Selecting previously unselected package readline-common. Preparing to unpack .../3-readline-common_7.0-3_all.deb ... Unpacking readline-common (7.0-3) ... Selecting previously unselected package libreadline7:amd64. Preparing to unpack .../4-libreadline7_7.0-3_amd64.deb ... Unpacking libreadline7:amd64 (7.0-3) ... Selecting previously unselected package libsqlite3-0:amd64. Preparing to unpack .../5-libsqlite3-0_3.22.0-1ubuntu0.7_amd64.deb ... Unpacking libsqlite3-0:amd64 (3.22.0-1ubuntu0.7) ... Selecting previously unselected package libpython3.6-stdlib:amd64. Preparing to unpack .../6-libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking libpython3.6-stdlib:amd64 (3.6.9-1~18.04ubuntu1.12) ... Selecting previously unselected package python3.6. Preparing to unpack .../7-python3.6_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking python3.6 (3.6.9-1~18.04ubuntu1.12) ... Selecting previously unselected package libpython3-stdlib:amd64. Preparing to unpack .../8-libpython3-stdlib_3.6.7-1~18.04_amd64.deb ... Unpacking libpython3-stdlib:amd64 (3.6.7-1~18.04) ... Setting up python3-minimal (3.6.7-1~18.04) ... Selecting previously unselected package python3. (Reading database ... 4766 files and directories currently installed.) Preparing to unpack .../0-python3_3.6.7-1~18.04_amd64.deb ... Unpacking python3 (3.6.7-1~18.04) ... Selecting previously unselected package distro-info-data. Preparing to unpack .../1-distro-info-data_0.37ubuntu0.17_all.deb ... Unpacking distro-info-data (0.37ubuntu0.17) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../2-libmagic-mgc_1%3a5.32-2ubuntu0.4_amd64.deb ... Unpacking libmagic-mgc (1:5.32-2ubuntu0.4) ... Selecting previously unselected package libmagic1:amd64. Preparing to unpack .../3-libmagic1_1%3a5.32-2ubuntu0.4_amd64.deb ... Unpacking libmagic1:amd64 (1:5.32-2ubuntu0.4) ... Selecting previously unselected package file. Preparing to unpack .../4-file_1%3a5.32-2ubuntu0.4_amd64.deb ... Unpacking file (1:5.32-2ubuntu0.4) ... Selecting previously unselected package lsb-release. Preparing to unpack .../5-lsb-release_9.20170808ubuntu1_all.deb ... Unpacking lsb-release (9.20170808ubuntu1) ... Selecting previously unselected package xz-utils. Preparing to unpack .../6-xz-utils_5.2.2-1.3ubuntu0.1_amd64.deb ... Unpacking xz-utils (5.2.2-1.3ubuntu0.1) ... Selecting previously unselected package wazuh-agent. Preparing to unpack .../7-wazuh-agent_4.8.0-1_amd64.deb ... Unpacking wazuh-agent (4.8.0-1) ... Setting up readline-common (7.0-3) ... Setting up mime-support (3.60ubuntu1) ... Setting up libreadline7:amd64 (7.0-3) ... Setting up distro-info-data (0.37ubuntu0.17) ... Setting up libmagic-mgc (1:5.32-2ubuntu0.4) ... Setting up libmagic1:amd64 (1:5.32-2ubuntu0.4) ... Setting up xz-utils (5.2.2-1.3ubuntu0.1) ... update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/lzma.1.gz because associated file /usr/share/man/man1/xz.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/unlzma.1.gz because associated file /usr/share/man/man1/unxz.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzcat.1.gz because associated file /usr/share/man/man1/xzcat.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzmore.1.gz because associated file /usr/share/man/man1/xzmore.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzless.1.gz because associated file /usr/share/man/man1/xzless.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzdiff.1.gz because associated file /usr/share/man/man1/xzdiff.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzcmp.1.gz because associated file /usr/share/man/man1/xzcmp.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzgrep.1.gz because associated file /usr/share/man/man1/xzgrep.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzegrep.1.gz because associated file /usr/share/man/man1/xzegrep.1.gz (of link group lzma) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man1/lzfgrep.1.gz because associated file /usr/share/man/man1/xzfgrep.1.gz (of link group lzma) doesn't exist Setting up libsqlite3-0:amd64 (3.22.0-1ubuntu0.7) ... Setting up libmpdec2:amd64 (2.4.2-1ubuntu1) ... Setting up libpython3.6-stdlib:amd64 (3.6.9-1~18.04ubuntu1.12) ... Setting up python3.6 (3.6.9-1~18.04ubuntu1.12) ... Setting up file (1:5.32-2ubuntu0.4) ... Setting up libpython3-stdlib:amd64 (3.6.7-1~18.04) ... Setting up python3 (3.6.7-1~18.04) ... running python rtupdate hooks for python3.6... running python post-rtupdate hooks for python3.6... Setting up lsb-release (9.20170808ubuntu1) ... Setting up wazuh-agent (4.8.0-1) ... Processing triggers for libc-bin (2.27-3ubuntu1.6) ...

AWS Module Files

root@5e06e4c242c7:/# ll /var/ossec/wodles/aws/ total 76 drwxr-x--- 5 root wazuh 4096 Sep 28 16:48 ./ drwxr-x--- 6 root wazuh 4096 Sep 28 16:48 ../ -rwxr-x--- 1 root wazuh 0 Sep 28 15:11 __init__.py* -rwxr-x--- 1 root wazuh 9407 Sep 28 15:11 aws-s3* -rwxr-x--- 1 root wazuh 16489 Sep 28 15:11 aws_tools.py* drwxr-x--- 2 root wazuh 4096 Sep 28 16:48 buckets_s3/ drwxr-x--- 2 root wazuh 4096 Sep 28 16:48 services/ drwxr-x--- 2 root wazuh 4096 Sep 28 16:48 subscribers/ -rwxr-x--- 1 root wazuh 22836 Sep 28 15:11 wazuh_integration.py* root@5e06e4c242c7:/# ll /var/ossec/wodles/aws/buckets_s3/ total 120 drwxr-x--- 2 root wazuh 4096 Sep 28 16:48 ./ drwxr-x--- 5 root wazuh 4096 Sep 28 16:48 ../ -rwxr-x--- 1 root wazuh 462 Sep 28 15:11 __init__.py* -rwxr-x--- 1 root wazuh 41203 Sep 28 15:11 aws_bucket.py* -rwxr-x--- 1 root wazuh 1889 Sep 28 15:11 cloudtrail.py* -rwxr-x--- 1 root wazuh 8844 Sep 28 15:11 config.py* -rwxr-x--- 1 root wazuh 4353 Sep 28 15:11 guardduty.py* -rwxr-x--- 1 root wazuh 5729 Sep 28 15:11 load_balancers.py* -rwxr-x--- 1 root wazuh 9151 Sep 28 15:11 server_access.py* -rwxr-x--- 1 root wazuh 2718 Sep 28 15:11 umbrella.py* -rwxr-x--- 1 root wazuh 10934 Sep 28 15:11 vpcflow.py* -rwxr-x--- 1 root wazuh 2897 Sep 28 15:11 waf.py* root@5e06e4c242c7:/# ll /var/ossec/wodles/aws/services/ total 52 drwxr-x--- 2 root wazuh 4096 Sep 28 16:48 ./ drwxr-x--- 5 root wazuh 4096 Sep 28 16:48 ../ -rwxr-x--- 1 root wazuh 166 Sep 28 15:11 __init__.py* -rwxr-x--- 1 root wazuh 5955 Sep 28 15:11 aws_service.py* -rwxr-x--- 1 root wazuh 24429 Sep 28 15:11 cloudwatchlogs.py* -rwxr-x--- 1 root wazuh 6373 Sep 28 15:11 inspector.py* root@5e06e4c242c7:/# ll /var/ossec/wodles/aws/subscribers/ total 36 drwxr-x--- 2 root wazuh 4096 Sep 28 16:48 ./ drwxr-x--- 5 root wazuh 4096 Sep 28 16:48 ../ -rwxr-x--- 1 root wazuh 201 Sep 28 15:11 __init__.py* -rwxr-x--- 1 root wazuh 10400 Sep 28 15:11 s3_log_handler.py* -rwxr-x--- 1 root wazuh 1795 Sep 28 15:11 sqs_message_processor.py* -rwxr-x--- 1 root wazuh 6214 Sep 28 15:11 sqs_queue.py*

Module Execution

root@5e06e4c242c7:/# /var/ossec/wodles/aws/aws-s3 -b wazuh-aws-wodle-cloudtrail -t cloudtrail -s 2021-Dec-01 -p dev -d2 DEBUG: +++ Debug mode on - Level: 2 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10 DEBUG: +++ Table does not exist; create DEBUG: +++ Working on 123456789123 - us-west-1 DEBUG: +++ Marker: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01 DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_VZJxNKcpNdyJysGy.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_ZKdiPZvOQPGUJMUh.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_ZsQHQAHDMsYfvPHx.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/01/123456789123_CloudTrail_us-west-1_20211201T0000Z_wcnIRHvPJuYpSXZr.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2021/12/23/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/01/25/123456789123_CloudTrail_us-west-1_20220125T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/02/11/123456789123_CloudTrail_us-west-1_20220211T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdNInHa.json.zip DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0000Z_HASDoKlxgfdkdIOa.json.txt DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2022/03/30/123456789123_CloudTrail_us-west-1_20220330T0002Z_HASDoKlxgfdNInHa.json.zip DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/04/06/123456789123_CloudTrail_us-west-1_20230406T0002Z_HASDoKlxgfdNInHa.json DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/04/06/123456789123_CloudTrail_us-west-1_20230406T0002Z_HASDoKlxgfdNInHb.json DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/04/11/123456789123_CloudTrail_us-west-1_20230411T1755Z_2CqtXDyI0zFiYm1J.json DEBUG: ++ Found new log: AWSLogs/123456789123/CloudTrail/us-west-1/2023/09/06/123456789123_CloudTrail_us-west-1_20230906T1755Z_2CqtXDyI0zFiYm1J.json DEBUG: +++ DB Maintenance DEBUG: +++ Working on 123123456789 - us-west-1 DEBUG: +++ Marker: AWSLogs/123123456789/CloudTrail/us-west-1/2021/12/01 DEBUG: ++ Found new log: AWSLogs/123123456789/CloudTrail/us-west-1/2021/12/23/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxgfdNInHa.json.gz DEBUG: ++ Found new log: AWSLogs/123123456789/CloudTrail/us-west-1/2021/12/23/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxxxxxxxxx.json.gz DEBUG: +++ DB Maintenance DEBUG: +++ Working on 789123123456 - us-west-1 DEBUG: +++ Marker: AWSLogs/789123123456/CloudTrail/us-west-1/2021/12/01 DEBUG: ++ Found new log: AWSLogs/789123123456/CloudTrail/us-west-1/2023/01/25/123456789123_CloudTrail_us-west-1_20211223T0000Z_HASDOtJxxxxxxxxx.json.gz DEBUG: +++ DB Maintenance

Conclusion

DEB and RPM packages were correctly generated and simple module tests were performed to verify the expected behavior.

wazuh / wazuh-packages

Review package related files due to AWS module refactor #1997

Description

Tasks

Issue Update

Manual test

Issue Update

RPM package

DEB package

Conclusion