search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
98 stars 89 forks source link

Move Vulnerability Detection Template to Templates Folder #2836

Closed mateocervilla closed 4 months ago

mateocervilla commented 4 months ago
Related issue
wazuh/wazuh#21955

Description

This PR aims to move the Vulnerability Detection template vd_states_template.json from /var/ossec/queue/indexer/ to a templates folder located in /var/ossec/ and update its references.

Related PR for Wazuh-Wazuh: https://github.com/wazuh/wazuh/pull/21985

Logs/Alerts example

root@ubuntu:/# ls /var/ossec/
active-response  agentless  api  backup  bin  etc  framework  integrations  lib  logs  queue  ruleset  stats  templates  tmp  var  wodles
root@ubuntu:/# ls /var/ossec/templates/
vd_states_template.json

Extra changes

The workflow build-rpm-packages.yml was modified in a way that it takes the wazuh build branch with the same name as the current PR. If there is no branch, then it will take the name it was using before.

This change was necessary because the test was using a branch without the changes needed by this PR.

Before: https://github.com/wazuh/wazuh-packages/actions/runs/7976772784/job/21778103562?pr=2836

```console Run REVISION=$( echo 21955-move-vd-template | sed 's/-/./g; s/\//./g' ) REVISION=$( echo 21955-move-vd-template | sed 's/-/./g; s/\//./g' ) bash generate_rpm_package.sh -b master -t manager -a x86_64 --dev -j 2 --dont-build-docker --tag 5.0 -r $REVISION echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV shell: /usr/bin/bash -e {0} env: TAG: 5.0 VERSION: master CONTAINER_NAME: rpm_manager_builder_x86 + build_target=manager + wazuh_branch=master + architecture_target=x86_64 ``` ... ```console Processing files: wazuh-manager-5.0.0-21955.move.vd.template.x86_64 error: Directory not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates error: File not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates/vd_states_template.json RPM build errors: Directory not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates File not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-5.0.0-21955.move.vd.template.x86_64/var/ossec/templates/vd_states_template.json Error: Process completed with exit code 1. ```

After: https://github.com/wazuh/wazuh-packages/actions/runs/7977777570/job/21781434613?pr=2836

```console Run if [ "X`git ls-remote --heads https://github.com/wazuh/wazuh.git ${BRANCH_NAME}`" != "X" ]; then if [ "X`git ls-remote --heads https://github.com/wazuh/wazuh.git ${BRANCH_NAME}`" != "X" ]; then W_BRANCH=${BRANCH_NAME} else W_BRANCH=4.8.0 fi REVISION=$( echo 21955-move-vd-template | sed 's/-/./g; s/\//./g' ) bash generate_rpm_package.sh -b ${W_BRANCH} -t manager -a x86_64 --dev -j 2 --dont-build-docker --tag 4.8 -r $REVISION echo "PACKAGE_NAME=$(ls ./output | grep .rpm | head -n 1)" >> $GITHUB_ENV shell: /usr/bin/bash -e {0} env: BRANCH_NAME: 21955-move-vd-template TAG: 4.8 VERSION: 4.8.0 CONTAINER_NAME: rpm_manager_builder_x86 + build_target=manager + wazuh_branch=21955-move-vd-template + architecture_target=x86_64 ``` ... ```console Processing files: wazuh-manager-4.8.0-21955.move.vd.template.x86_64 warning: File listed twice: /var/ossec/wodles/aws warning: File listed twice: /var/ossec/wodles/aws/__init__.py warning: File listed twice: /var/ossec/wodles/aws/aws-s3 warning: File listed twice: /var/ossec/wodles/aws/aws-s3.py warning: File listed twice: /var/ossec/wodles/aws/aws_tools.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3 warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/__init__.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/aws_bucket.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/cloudtrail.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/config.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/guardduty.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/load_balancers.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/server_access.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/umbrella.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/vpcflow.py warning: File listed twice: /var/ossec/wodles/aws/buckets_s3/waf.py warning: File listed twice: /var/ossec/wodles/aws/services warning: File listed twice: /var/ossec/wodles/aws/services/__init__.py warning: File listed twice: /var/ossec/wodles/aws/services/aws_service.py warning: File listed twice: /var/ossec/wodles/aws/services/cloudwatchlogs.py warning: File listed twice: /var/ossec/wodles/aws/services/inspector.py warning: File listed twice: /var/ossec/wodles/aws/subscribers warning: File listed twice: /var/ossec/wodles/aws/subscribers/__init__.py warning: File listed twice: /var/ossec/wodles/aws/subscribers/s3_log_handler.py warning: File listed twice: /var/ossec/wodles/aws/subscribers/sqs_message_processor.py warning: File listed twice: /var/ossec/wodles/aws/subscribers/sqs_queue.py warning: File listed twice: /var/ossec/wodles/aws/wazuh_integration.py warning: File listed twice: /var/ossec/wodles/azure warning: File listed twice: /var/ossec/wodles/azure/azure-logs warning: File listed twice: /var/ossec/wodles/azure/azure-logs.py warning: File listed twice: /var/ossec/wodles/azure/orm.py warning: File listed twice: /var/ossec/wodles/docker warning: File listed twice: /var/ossec/wodles/docker/DockerListener warning: File listed twice: /var/ossec/wodles/docker/DockerListener.py warning: File listed twice: /var/ossec/wodles/gcloud warning: File listed twice: /var/ossec/wodles/gcloud/buckets warning: File listed twice: /var/ossec/wodles/gcloud/buckets/access_logs.py warning: File listed twice: /var/ossec/wodles/gcloud/buckets/bucket.py warning: File listed twice: /var/ossec/wodles/gcloud/exceptions.py warning: File listed twice: /var/ossec/wodles/gcloud/gcloud warning: File listed twice: /var/ossec/wodles/gcloud/gcloud.py warning: File listed twice: /var/ossec/wodles/gcloud/integration.py warning: File listed twice: /var/ossec/wodles/gcloud/pubsub warning: File listed twice: /var/ossec/wodles/gcloud/pubsub/subscriber.py warning: File listed twice: /var/ossec/wodles/gcloud/tools.py Provides: wazuh-manager = 4.8.0-21955.move.vd.template wazuh-manager(x86-64) = 4.8.0-21955.move.vd.template Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(pre): /bin/sh /usr/sbin/groupadd /usr/sbin/useradd Requires(post): /bin/sh Requires(preun): /bin/sh Requires(postun): /bin/sh /usr/sbin/groupdel /usr/sbin/userdel Requires(posttrans): /bin/sh Conflicts: ossec-hids ossec-hids-agent wazuh-agent wazuh-local Obsoletes: wazuh-api < 4.0.0 Checking for unpackaged file(s): /usr/local/lib/rpm/check-files /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-4.8.0-21955.move.vd.template.x86_64 Wrote: /build_wazuh/rpmbuild/SRPMS/wazuh-manager-4.8.0-21955.move.vd.template.src.rpm Wrote: /build_wazuh/rpmbuild/RPMS/x86_64/wazuh-manager-4.8.0-21955.move.vd.template.x86_64.rpm Executing(%clean): /bin/sh -e /usr/local/var/tmp/rpm-tmp.Vhobso + umask 022 + cd /build_wazuh/rpmbuild/BUILD + cd wazuh-manager-4.8.0 + rm -fr /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-4.8.0-21955.move.vd.template.x86_64 + RPM_EC=0 ++ jobs -p + exit 0 + [[ no == \y\e\s ]] + [[ no == \y\e\s ]] + find /build_wazuh/rpmbuild/RPMS/x86_64 -maxdepth 3 -type f -name 'wazuh-manager-4.8.0-21955.move.vd.template*' -exec mv '{}' /var/local/wazuh ';' Package wazuh-manager-4.8.0-21955.move.vd.template.x86_64.rpm added to /home/runner/work/wazuh-packages/wazuh-packages/rpms/output/. ```

Tests