Post publication live checks for 4.7.1

[davidjiglesias]

Description

This issue attempts to ensure the publication process was correct, attempting checks and live tests for published packages and images.

Tasks

• [x] Ensure that production files are present.
• [x] Deploy the Wazuh Installation Assistant and check the version installed is 4.7.1.
• [x] AMD64 Live installation test.
  • https://ci.wazuh.info/job/Test_install_tier/823/
• [x] WPK versions check.
• [x] WPK upgrade test.
  • [x] Linux
  • [x] MacOS Intel
  • [x] Windows
• [x] AMI published.
• [x] Puppet forge module published.
• [x] Docker images published and README updated.

[rauldpm]

Wazuh installation assistant check

root@ubuntu2204:/home/vagrant# curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
20/12/2023 15:37:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.7.1
20/12/2023 15:37:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/12/2023 15:37:57 INFO: Wazuh web interface port will be 443.
20/12/2023 15:37:59 INFO: --- Dependencies ----
20/12/2023 15:37:59 INFO: Installing apt-transport-https.
20/12/2023 15:38:01 INFO: Wazuh repository added.
20/12/2023 15:38:01 INFO: --- Configuration files ---
20/12/2023 15:38:01 INFO: Generating configuration files.
20/12/2023 15:38:02 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
20/12/2023 15:38:02 INFO: --- Wazuh indexer ---
20/12/2023 15:38:02 INFO: Starting Wazuh indexer installation.
20/12/2023 15:38:45 INFO: Wazuh indexer installation finished.
20/12/2023 15:38:45 INFO: Wazuh indexer post-install configuration finished.
20/12/2023 15:38:45 INFO: Starting service wazuh-indexer.
20/12/2023 15:38:53 INFO: wazuh-indexer service started.
20/12/2023 15:38:53 INFO: Initializing Wazuh indexer cluster security settings.
20/12/2023 15:39:03 INFO: Wazuh indexer cluster initialized.
20/12/2023 15:39:03 INFO: --- Wazuh server ---
20/12/2023 15:39:03 INFO: Starting the Wazuh manager installation.
20/12/2023 15:39:29 INFO: Wazuh manager installation finished.
20/12/2023 15:39:29 INFO: Starting service wazuh-manager.
20/12/2023 15:39:44 INFO: wazuh-manager service started.
20/12/2023 15:39:44 INFO: Starting Filebeat installation.
20/12/2023 15:39:47 INFO: Filebeat installation finished.
20/12/2023 15:39:48 INFO: Filebeat post-install configuration finished.
20/12/2023 15:39:48 INFO: Starting service filebeat.
20/12/2023 15:39:49 INFO: filebeat service started.
20/12/2023 15:39:49 INFO: --- Wazuh dashboard ---
20/12/2023 15:39:49 INFO: Starting Wazuh dashboard installation.
20/12/2023 15:40:19 INFO: Wazuh dashboard installation finished.
20/12/2023 15:40:19 INFO: Wazuh dashboard post-install configuration finished.
20/12/2023 15:40:19 INFO: Starting service wazuh-dashboard.
20/12/2023 15:40:19 INFO: wazuh-dashboard service started.
20/12/2023 15:40:37 INFO: Initializing Wazuh dashboard web application.
20/12/2023 15:40:38 INFO: Wazuh dashboard web application initialized.
20/12/2023 15:40:38 INFO: --- Summary ---
20/12/2023 15:40:38 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: .EcE3Xr+X?P1?gqW1UJGGOXbLcWNQ4UR
20/12/2023 15:40:38 INFO: Installation finished.
root@ubuntu2204:/home/vagrant# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.1"
WAZUH_REVISION="40709"
WAZUH_TYPE="server"
root@ubuntu2204:/home/vagrant# cat /usr/share/wazuh-indexer/VERSION 
4.7.1
root@ubuntu2204:/home/vagrant# cat /usr/share/wazuh-dashboard/VERSION 
4.7.1

[juliamagan]

WPK upgrade test

Windows :green_circle:

- Agent info:  - Agent info (in manager): ```shell root@test:/home/vagrant# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: WIN-JLGVA4CR4VI IP address: any Status: Active Operating system: Microsoft Windows Server 2019 Standard Evaluation Client version: Wazuh v4.7.0 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703087395 Syscheck last started at: Wed Dec 20 15:48:59 2023 Syscheck last ended at: Wed Dec 20 15:49:11 2023 ``` - Agent update: ```shell root@test:/home/vagrant# /var/ossec/bin/agent_upgrade -a 001 Upgrading... Upgraded agents: Agent 001 upgraded: Wazuh v4.7.0 -> Wazuh v4.7.1 ``` - Agent info:  - Agent info (in manager): ```shell root@test:/home/vagrant# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: WIN-JLGVA4CR4VI IP address: any Status: Active Operating system: Microsoft Windows Server 2019 Standard Evaluation Client version: Wazuh v4.7.1 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703087494 Syscheck last started at: Wed Dec 20 15:50:34 2023 Syscheck last ended at: Wed Dec 20 15:50:46 2023 ``` - Upgrade.log ``` 2023-12-20 07:50:26Z - Sysnative Powershell will be used to access the registry. 2023-12-20 07:50:26Z - Current version: v4.7.0. 2023-12-20 07:50:26Z - Generating backup. 2023-12-20 07:50:26Z - Backing up Wazuh home files. 2023-12-20 07:50:28Z - Searching Wazuh-Agent cached MSI through the registry. 2023-12-20 07:50:29Z - Backing up Wazuh-Agent cached MSI: "C:\Windows\Installer\18d1a.msi". 2023-12-20 07:50:29Z - Trying to stop Wazuh service. 2023-12-20 07:50:32Z - Starting upgrade processs. 2023-12-20 07:50:33Z - Restarting Wazuh-Agent service. 2023-12-20 07:50:33Z - Installation finished. 2023-12-20 07:50:33Z - Process ID: 580. 2023-12-20 07:50:44Z - Reading status file: status='connected'. 2023-12-20 07:50:44Z - Upgrade finished successfully. 2023-12-20 07:50:44Z - New version: v4.7.1. ```

Linux 🟢

Agent info: ``` [root@localhost vagrant]# /var/ossec/bin/wazuh-control info 🟢 WAZUH_VERSION="v4.7.0" WAZUH_REVISION="40704" WAZUH_TYPE="agent" ``` Agent info (in manager): ``` [root@localhost vagrant]# /var/ossec/bin/agent_control -i 001 🟢 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: agente IP address: any Status: Active Operating system: Linux |agente |4.18.0-240.1.1.el8_3.x86_64 |#1 SMP Thu Nov 19 17:20:08 UTC 2020 |x86_64 Client version: Wazuh v4.7.0 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703088111 Syscheck last started at: Wed Dec 20 02:59:43 2023 Syscheck last ended at: Wed Dec 20 02:59:47 2023 ``` Agent update: 🟢 ``` [root@localhost vagrant]# /var/ossec/bin/agent_upgrade -a 001 Upgrading... Upgraded agents: Agent 001 upgraded: Wazuh v4.7.0 -> Wazuh v4.7.1 ``` Agent info: 🟢 ``` [root@localhost vagrant]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.1" WAZUH_REVISION="40709" WAZUH_TYPE="agent" ``` Agent info (in manager): 🟢 ``` [root@localhost vagrant]# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: agente IP address: any Status: Active Operating system: Linux |agente |4.18.0-240.1.1.el8_3.x86_64 |#1 SMP Thu Nov 19 17:20:08 UTC 2020 |x86_64 Client version: Wazuh v4.7.1 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703088424 Syscheck last started at: Wed Dec 20 03:04:32 2023 Syscheck last ended at: Wed Dec 20 03:04:38 2023 ```

[rauldpm]

WPK upgrade test - macOS

Wazuh manager

``` [root@centos7 vagrant]# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: This-MacBook-Pro.local IP address: any Status: Active Operating system: Darwin |This-MacBook-Pro.local |16.7.0 |Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 |x86_64 Client version: Wazuh v4.7.0 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703087085 Syscheck last started at: Wed Dec 20 15:42:05 2023 Syscheck last ended at: Wed Dec 20 15:42:09 2023 [root@centos7 vagrant]# /var/ossec/bin/agent_upgrade -a 001 Upgrading... Upgraded agents: Agent 001 upgraded: Wazuh v4.7.0 -> Wazuh v4.7.1 [root@centos7 vagrant]# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: This-MacBook-Pro.local IP address: any Status: Active Operating system: Darwin |This-MacBook-Pro.local |16.7.0 |Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 |x86_64 Client version: Wazuh v4.7.1 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703087182 Syscheck last started at: Wed Dec 20 15:45:43 2023 Syscheck last ended at: Wed Dec 20 15:45:46 2023 ```

Wazuh agent

``` h-3.2# curl -sO https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.0-1.intel64.pkg sh-3.2# echo "WAZUH_MANAGER='192.168.56.4'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.7.0-1.intel64.pkg -target / installer: Package name is Wazuh Agent installer: Installing at base path / installer: The install was successful. sh-3.2# /Library/Ossec/bin/wazuh-control start Starting Wazuh v4.7.0... Started wazuh-execd... Started wazuh-agentd... Started wazuh-syscheckd... Started wazuh-logcollector... Started wazuh-modulesd... Completed. sh-3.2# /Library/Ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.0" WAZUH_REVISION="40704" WAZUH_TYPE="agent" ``` ``` sh-3.2# /Library/Ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.1" WAZUH_REVISION="40709" WAZUH_TYPE="agent" ``` ``` sh-3.2# cat /Library/Ossec/logs/upgrade.log 2023/12/20 07:45:36 - Generating Backup. tar: Removing leading '/' from member names a Library/Ossec/active-response a Library/Ossec/active-response/bin a Library/Ossec/active-response/bin/default-firewall-drop a Library/Ossec/active-response/bin/disable-account a Library/Ossec/active-response/bin/firewall-drop a Library/Ossec/active-response/bin/firewalld-drop a Library/Ossec/active-response/bin/host-deny a Library/Ossec/active-response/bin/ip-customblock a Library/Ossec/active-response/bin/ipfw a Library/Ossec/active-response/bin/kaspersky a Library/Ossec/active-response/bin/kaspersky.py a Library/Ossec/active-response/bin/npf a Library/Ossec/active-response/bin/pf a Library/Ossec/active-response/bin/restart-wazuh a Library/Ossec/active-response/bin/restart.sh a Library/Ossec/active-response/bin/route-null a Library/Ossec/active-response/bin/wazuh-slack a Library/Ossec/bin a Library/Ossec/bin/agent-auth a Library/Ossec/bin/manage_agents a Library/Ossec/bin/wazuh-agentd a Library/Ossec/bin/wazuh-control a Library/Ossec/bin/wazuh-execd a Library/Ossec/bin/wazuh-logcollector a Library/Ossec/bin/wazuh-modulesd a Library/Ossec/bin/wazuh-syscheckd a Library/Ossec/etc a Library/Ossec/etc/client.keys a Library/Ossec/etc/internal_options.conf a Library/Ossec/etc/local_internal_options.conf a Library/Ossec/etc/localtime a Library/Ossec/etc/ossec.conf a Library/Ossec/etc/shared a Library/Ossec/etc/wpk_root.pem a Library/Ossec/etc/shared/agent.conf a Library/Ossec/etc/shared/ar.conf a Library/Ossec/etc/shared/cis_apache2224_rcl.txt a Library/Ossec/etc/shared/cis_debian_linux_rcl.txt a Library/Ossec/etc/shared/cis_mysql5-6_community_rcl.txt a Library/Ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt a Library/Ossec/etc/shared/cis_rhel5_linux_rcl.txt a Library/Ossec/etc/shared/cis_rhel6_linux_rcl.txt a Library/Ossec/etc/shared/cis_rhel7_linux_rcl.txt a Library/Ossec/etc/shared/cis_rhel_linux_rcl.txt a Library/Ossec/etc/shared/cis_sles11_linux_rcl.txt a Library/Ossec/etc/shared/cis_sles12_linux_rcl.txt a Library/Ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt a Library/Ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt a Library/Ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt a Library/Ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt a Library/Ossec/etc/shared/merged.mg a Library/Ossec/etc/shared/rootkit_files.txt a Library/Ossec/etc/shared/rootkit_trojans.txt a Library/Ossec/etc/shared/system_audit_rcl.txt a Library/Ossec/etc/shared/system_audit_ssh.txt a Library/Ossec/etc/shared/win_applications_rcl.txt a Library/Ossec/etc/shared/win_audit_rcl.txt a Library/Ossec/etc/shared/win_malware_rcl.txt a Library/Ossec/lib a Library/Ossec/lib/libdbsync.dylib a Library/Ossec/lib/libfimdb.dylib a Library/Ossec/lib/librsync.dylib a Library/Ossec/lib/libsyscollector.dylib a Library/Ossec/lib/libsysinfo.dylib a Library/Ossec/lib/libwazuhext.dylib a Library/Ossec/lib/libwazuhshared.dylib a Library/Ossec/queue a Library/Ossec/queue/alerts a Library/Ossec/queue/fim a Library/Ossec/queue/logcollector a Library/Ossec/queue/rids a Library/Ossec/queue/sockets a Library/Ossec/queue/syscollector a Library/Ossec/queue/syscollector/db a Library/Ossec/queue/syscollector/norm_config.json a Library/Ossec/queue/syscollector/db/local.db a Library/Ossec/queue/syscollector/db/local.db-journal a Library/Ossec/queue/sockets/.agent_info a Library/Ossec/queue/sockets/com: tar format cannot archive socket a Library/Ossec/queue/sockets/control: tar format cannot archive socket a Library/Ossec/queue/sockets/logcollector: tar format cannot archive socket a Library/Ossec/queue/sockets/queue: tar format cannot archive socket a Library/Ossec/queue/sockets/syscheck: tar format cannot archive socket a Library/Ossec/queue/sockets/upgrade: tar format cannot archive socket a Library/Ossec/queue/sockets/wmodules: tar format cannot archive socket a Library/Ossec/queue/rids/001 a Library/Ossec/queue/rids/sender_counter a Library/Ossec/queue/fim/db a Library/Ossec/queue/fim/db/fim.db a Library/Ossec/queue/fim/db/fim.db-journal a Library/Ossec/queue/alerts/cfgaq: tar format cannot archive socket a Library/Ossec/queue/alerts/execq: tar format cannot archive socket a Library/Ossec/ruleset a Library/Ossec/ruleset/sca a Library/Ossec/ruleset/sca/cis_apple_macOS_10.12.yml a Library/Ossec/wodles a Library/Ossec/wodles/__init__.py a Library/Ossec/wodles/aws a Library/Ossec/wodles/azure a Library/Ossec/wodles/docker a Library/Ossec/wodles/gcloud a Library/Ossec/wodles/utils.py a Library/Ossec/wodles/gcloud/buckets a Library/Ossec/wodles/gcloud/exceptions.py a Library/Ossec/wodles/gcloud/gcloud a Library/Ossec/wodles/gcloud/integration.py a Library/Ossec/wodles/gcloud/pubsub a Library/Ossec/wodles/gcloud/tools.py a Library/Ossec/wodles/gcloud/pubsub/subscriber.py a Library/Ossec/wodles/gcloud/buckets/access_logs.py a Library/Ossec/wodles/gcloud/buckets/bucket.py a Library/Ossec/wodles/docker/DockerListener a Library/Ossec/wodles/azure/azure-logs a Library/Ossec/wodles/azure/orm.py a Library/Ossec/wodles/aws/aws-s3 a Library/Ossec/agentless a Library/Ossec/agentless/main.exp a Library/Ossec/agentless/register_host.sh a Library/Ossec/agentless/ssh.exp a Library/Ossec/agentless/ssh_asa-fwsmconfig_diff a Library/Ossec/agentless/ssh_foundry_diff a Library/Ossec/agentless/ssh_generic_diff a Library/Ossec/agentless/ssh_integrity_check_bsd a Library/Ossec/agentless/ssh_integrity_check_linux a Library/Ossec/agentless/ssh_nopass.exp a Library/Ossec/agentless/ssh_pixconfig_diff a Library/Ossec/agentless/sshlogin.exp a Library/Ossec/agentless/su.exp a Library/Ossec/logs/wazuh a Library/Ossec/var/selinux a Library/LaunchDaemons/com.wazuh.agent.plist a Library/StartupItems/WAZUH a Library/StartupItems/WAZUH/StartupParameters.plist a Library/StartupItems/WAZUH/WAZUH a Library/StartupItems/WAZUH/Wazuh-launcher 2023/12/20 07:45:36 - Backup generated in /Library/Ossec/backup/backup_[12-20-2023_07-45-36].tar.gz 2023/12/20 07:45:36 - Upgrade started. installer: Package name is Wazuh Agent installer: Upgrading at base path / installer: The upgrade was successful. 2023/12/20 07:45:49 - Installation result = 0 2023/12/20 07:45:49 - Waiting connection... Remaining attempts: 30. 2023/12/20 07:45:50 - Status = connected. 2023/12/20 07:45:50 - Connected to manager. 2023/12/20 07:45:50 - Upgrade finished successfully. ```

Notes: :warning:

• macOS ossec.log has been erased after the upgrade, this needs to be investigated -> Expected (happens in older versions)
• After trying to upgrade the agent without the upgrade module started (after shared configuration restart), multiple errors have been observed (expected) but after the error messages, a restart occurs, this needs to be investigated

[Rebits]

WPK upgrade test - Linux :green_circle:

Agent Info :green_circle:

``` root@ubuntu2:/home/vagrant# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.0" WAZUH_REVISION="40704" WAZUH_TYPE="agent" ```

Agent info in manager :green_circle:

``` root@ubuntu22:/home/vagrant# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: ubuntu2 IP address: any Status: Active Operating system: Linux |ubuntu2 |5.4.0-139-generic |#156-Ubuntu SMP Fri Jan 20 17:27:18 UTC 2023 |x86_64 Client version: Wazuh v4.7.0 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703088526 Syscheck last started at: Wed Dec 20 16:07:52 2023 Syscheck last ended at: Wed Dec 20 16:07:58 2023 ```

Agent update :green_circle:

``` root@ubuntu22:/home/vagrant# /var/ossec/bin/agent_upgrade -a 001 Upgrading... Upgraded agents: Agent 001 upgraded: Wazuh v4.7.0 -> Wazuh v4.7.1 ```

Agent info :green_circle:

``` root@ubuntu2:/var/ossec# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.1" WAZUH_REVISION="40709" WAZUH_TYPE="agent" ```

Agent info in manager :green_circle:

``` root@ubuntu22:/home/vagrant# /var/ossec/bin/agent_control -i 001 Wazuh agent_control. Agent information: Agent ID: 001 Agent Name: ubuntu2 IP address: any Status: Active Operating system: Linux |ubuntu2 |5.4.0-139-generic |#156-Ubuntu SMP Fri Jan 20 17:27:18 UTC 2023 |x86_64 Client version: Wazuh v4.7.1 Configuration hash: ab73af41699f13fdd81903b5f23d8d00 Shared file hash: 4a8724b20dee0124ff9656783c490c4e Last keep alive: 1703088817 Syscheck last started at: Wed Dec 20 16:12:32 2023 Syscheck last ended at: Wed Dec 20 16:12:38 2023 ```

upgrade.log

``` 2023/12/20 16:12:25 - Generating Backup. tar: Removing leading `/' from member names /var/ossec/active-response/ /var/ossec/active-response/bin/ /var/ossec/active-response/bin/host-deny tar: Removing leading `/' from hard link targets /var/ossec/active-response/bin/disable-account /var/ossec/active-response/bin/restart-wazuh /var/ossec/active-response/bin/firewalld-drop /var/ossec/active-response/bin/route-null /var/ossec/active-response/bin/wazuh-slack /var/ossec/active-response/bin/default-firewall-drop /var/ossec/active-response/bin/firewall-drop /var/ossec/active-response/bin/pf /var/ossec/active-response/bin/kaspersky.py /var/ossec/active-response/bin/npf /var/ossec/active-response/bin/kaspersky /var/ossec/active-response/bin/ipfw /var/ossec/active-response/bin/restart.sh /var/ossec/active-response/bin/ip-customblock /var/ossec/bin/ /var/ossec/bin/manage_agents /var/ossec/bin/wazuh-syscheckd /var/ossec/bin/wazuh-execd /var/ossec/bin/wazuh-agentd /var/ossec/bin/wazuh-modulesd /var/ossec/bin/agent-auth /var/ossec/bin/wazuh-logcollector /var/ossec/bin/wazuh-control /var/ossec/etc/ /var/ossec/etc/shared/ /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/win_applications_rcl.txt /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt /var/ossec/etc/shared/merged.mg /var/ossec/etc/shared/rootkit_trojans.txt /var/ossec/etc/shared/win_audit_rcl.txt /var/ossec/etc/shared/cis_sles12_linux_rcl.txt /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt /var/ossec/etc/shared/cis_debian_linux_rcl.txt /var/ossec/etc/shared/system_audit_ssh.txt /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt /var/ossec/etc/shared/cis_sles11_linux_rcl.txt /var/ossec/etc/shared/cis_rhel_linux_rcl.txt /var/ossec/etc/shared/win_malware_rcl.txt /var/ossec/etc/shared/ar.conf /var/ossec/etc/shared/system_audit_rcl.txt /var/ossec/etc/shared/agent.conf /var/ossec/etc/shared/cis_apache2224_rcl.txt /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt /var/ossec/etc/internal_options.conf /var/ossec/etc/wpk_root.pem /var/ossec/etc/localtime /var/ossec/etc/ossec.conf.save /var/ossec/etc/client.keys /var/ossec/etc/local_internal_options.conf /var/ossec/etc/ossec.conf /var/ossec/etc/client.keys.save /var/ossec/etc/local_internal_options.conf.save /var/ossec/lib/ /var/ossec/lib/libsysinfo.so /var/ossec/lib/libwazuhext.so /var/ossec/lib/libdbsync.so /var/ossec/lib/librsync.so /var/ossec/lib/libgcc_s.so.1 /var/ossec/lib/libstdc++.so.6 /var/ossec/lib/libwazuhshared.so /var/ossec/lib/libfimdb.so /var/ossec/lib/libsyscollector.so /var/ossec/queue/ /var/ossec/queue/rids/ /var/ossec/queue/rids/sender_counter /var/ossec/queue/rids/001 /var/ossec/queue/alerts/ tar: /var/ossec/queue/alerts/cfgaq: socket ignored tar: /var/ossec/queue/alerts/execq: socket ignored /var/ossec/queue/logcollector/ /var/ossec/queue/logcollector/file_status.json /var/ossec/queue/sockets/ /var/ossec/queue/sockets/.agent_info tar: /var/ossec/queue/sockets/wmodules: socket ignored tar: /var/ossec/queue/sockets/queue: socket ignored tar: /var/ossec/queue/sockets/com: socket ignored tar: /var/ossec/queue/sockets/syscheck: socket ignored tar: /var/ossec/queue/sockets/logcollector: socket ignored tar: /var/ossec/queue/sockets/control: socket ignored tar: /var/ossec/queue/sockets/upgrade: socket ignored /var/ossec/queue/fim/ /var/ossec/queue/fim/db/ /var/ossec/queue/fim/db/fim.db-journal /var/ossec/queue/fim/db/fim.db /var/ossec/queue/syscollector/ /var/ossec/queue/syscollector/db/ /var/ossec/queue/syscollector/db/local.db /var/ossec/queue/syscollector/db/local.db-journal /var/ossec/queue/syscollector/norm_config.json /var/ossec/ruleset/ /var/ossec/ruleset/sca/ /var/ossec/ruleset/sca/cis_ubuntu20-04.yml /var/ossec/wodles/ /var/ossec/wodles/gcloud/ /var/ossec/wodles/gcloud/gcloud /var/ossec/wodles/gcloud/tools.py /var/ossec/wodles/gcloud/exceptions.py /var/ossec/wodles/gcloud/buckets/ /var/ossec/wodles/gcloud/buckets/bucket.py /var/ossec/wodles/gcloud/buckets/access_logs.py /var/ossec/wodles/gcloud/integration.py /var/ossec/wodles/gcloud/pubsub/ /var/ossec/wodles/gcloud/pubsub/subscriber.py /var/ossec/wodles/docker/ /var/ossec/wodles/docker/DockerListener /var/ossec/wodles/__init__.py /var/ossec/wodles/aws/ /var/ossec/wodles/aws/aws-s3 /var/ossec/wodles/utils.py /var/ossec/wodles/azure/ /var/ossec/wodles/azure/orm.py /var/ossec/wodles/azure/azure-logs /var/ossec/agentless/ /var/ossec/agentless/sshlogin.exp /var/ossec/agentless/ssh_pixconfig_diff /var/ossec/agentless/register_host.sh /var/ossec/agentless/ssh_integrity_check_bsd /var/ossec/agentless/ssh_generic_diff /var/ossec/agentless/ssh_integrity_check_linux /var/ossec/agentless/ssh.exp /var/ossec/agentless/ssh_nopass.exp /var/ossec/agentless/su.exp /var/ossec/agentless/ssh_asa-fwsmconfig_diff /var/ossec/agentless/ssh_foundry_diff /var/ossec/agentless/main.exp /var/ossec/logs/wazuh/ /var/ossec/var/selinux/ /var/ossec/var/selinux/wazuh.pp /usr/lib/systemd/system/wazuh-agent.service 2023/12/20 16:12:26 - Backup generated in /var/ossec/backup/backup_[12-20-2023_16-12-25].tar.gz 2023/12/20 16:12:26 - Upgrade started. Wazuh v4.7.1 (Rev. 40709) Installation Script - https://www.wazuh.com You are about to start the installation process of Wazuh. You must have a C compiler pre-installed in your system. - System: Linux ubuntu2 5.4.0-139-generic (ubuntu 20.04) - User: root - Host: ubuntu2 -- Press ENTER to continue or Ctrl-C to abort. -- - You already have Wazuh installed. Do you want to update it? (y/n): - Installation will be made at /var/ossec . 4- Installing the system DIR="/var/ossec" - Running the Makefile Stopping Wazuh... agent Wait for success... success Removing old SCA policies... Installing SCA policies... Wait for success... success Starting Wazuh... - Configuration finished properly. - To start Wazuh: /var/ossec/bin/wazuh-control start - To stop Wazuh: /var/ossec/bin/wazuh-control stop - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf Thanks for using Wazuh. Please don't hesitate to contact us if you need help or find any bugs. Use our public Mailing List at: https://groups.google.com/forum/#!forum/wazuh More information can be found at: - http://www.wazuh.com --- Press ENTER to finish (maybe more information below). --- - Update completed. 2023/12/20 16:12:37 - Installation result = 0 2023/12/20 16:12:37 - Waiting connection... Remaining attempts: 30. 2023/12/20 16:12:38 - Status = connected. 2023/12/20 16:12:38 - Connected to manager. 2023/12/20 16:12:38 - Upgrade finished successfully. ```

[pro-akim]

Review Notes

LGTM