search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
96 stars 89 forks source link

Added check when generating certificates for multiple DNS #3006

Closed davidcr01 closed 6 days ago

davidcr01 commented 1 week ago
Related issue
https://github.com/wazuh/wazuh-packages/issues/2371

Description

The aim of this PR is to add a check in the certificates generation. This check ensures that every DNS specified in the config.yml file was valid. This comprobation was already done by the certificates tool, but it was enhanced to cover the multiple DNS use case:

Before

With the following YAML file, the certificates were created. Notice that the localhost DNS is invalid:

nodes:
  server:
    - name: wazuh-server
      ip: www.google.es
      ip: facebook.es
      ip: wikipedia.org

After

Now, with the check, the invalid DNS is fetched and the certificates generation is stopped.

root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v
17/06/2024 16:11:51 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
17/06/2024 16:11:51 DEBUG: Reading configuration file.
17/06/2024 16:11:52 ERROR: The DNS localhost is not valid.
root@ubuntu22:/home/vagrant#

Testing

The performed testing is in the following comment: https://github.com/wazuh/wazuh-packages/issues/2371#issuecomment-2173818359. Also, it has been checked that this change does not affect to the IP certificates generation.