indexer-security-init.sh - DNS/Domain Detection vs IP (isDNS vs isIP)

[richevanscybermyte]

|Wazuh version|Install type|Action performed|Platform| |4.8.1|Indexer|Install|Rocky 8|

During installation of Wazuh manually (didn't not verify helper or ansible) I ran into an issue where the indexer-security-init.sh script was not detecting our DNS name as an isDNS. We use a couple of levels of sub domains to separate out our sites and zones. I found that the regex used in the script (line 68 I believe) does not detect my hostnames. I rewrote a new regex to handle my hosts.

^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$ or ^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z0-9]{2,})+$

or the full line 68 in the indexer-security-init.sh script:

                isDNS=$(echo "${HOST}" | grep -P "^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$")

                isDNS=$(echo "${HOST}" | grep -P "^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z0-9]{2,})+$")

the old line is:

                isDNS=$(echo "${2}" | grep -P "^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+$")

I tested a bunch of different domain names and the only issue I can see is if the name is not in a FQDN format, it will not match the regex. i.e onwordname, node-01 or namewith-num01 will not match the expression. But it didn't seem like that worked with the other regex either. I am not sure which regex is better. I modified the one in the current script and added a 0-9 but only after coming up with my own. I imagine it needs more testing to make sure it doesn't get tripped up on something.