Vulnerability Detector comparison test extension

[juliamagan]

Description

In https://github.com/wazuh/wazuh/issues/22494 we compared the vulnerabilities reported for the same environment in 4.7.3 and 4.8.0. Now, let's extend this test to more operating systems.

Test requirements

• The test must be performed with the same box/image for both versions.
• The environment must be unmodified, except for the installation of Wazuh.
• The final report delivered must have the same format for both versions.
• Modulesd must be in debug mode.
• Logs must also be attached.
• List of operating systems:
  • RHEL9
  • CentOS 7
  • Debian 12
  • Oracle Linux 9
  • AL2023
  • OpenSUSE/SUSE 15
  • Fedora 39
  • MacOS 14

Test results

OS	Box	4.7.3	4.8.0	Evidences
RHEL 9	roboxes/rhel9	392	615	rhel9.zip
AL2023	gbailey/al2023	81	59	al2023.zip
macOS 14	macos_1400 (WazuhQAEnviroment)	116	140	macOS_14.zip
CentOS 7	centos/7	1347	2589	centos7.zip
Debian 12	debian/bookworm64	139	616	bookworm.zip
Oracle Linux 9	oraclelinux/9	65	136	OracleLinux.zip
SUSE 15	SLES15-SP2	302	529	Suse.zip
Fedora 39	roboxes/fedora39	15	44	Fedora_39.zip
Ubuntu Jammy	ubuntu/jammy64	170	55	ubuntujammy.zip

[MARCOSD4]

RHEL 9

Agent info

```console [root@rhel9 vagrant]# uname -r 5.14.0-362.8.1.el9_3.x86_64 [root@rhel9 vagrant]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="9.3 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.3" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.3 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.3 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.3" ```

4.7.3 Vulnerabilities

Detected: 392 - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14640116/vulnerabilities.csv) - Logs: - Agent: [ossec_agent.log](https://github.com/wazuh/wazuh-qa/files/14640118/ossec_agent.log) - Manager: [ossec.log](https://github.com/wazuh/wazuh-qa/files/14640120/ossec.log) - Syscollector: - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14640278/packages.csv)

OS detected by Syscollector

```console { "data": { "affected_items": [ { "os": { "major": "9", "minor": "3", "name": "Red Hat Enterprise Linux", "platform": "rhel", "version": "9.3 (Plow)" }, "scan": { "id": 0, "time": "2024-03-18T15:43:22+00:00" }, "architecture": "x86_64", "version": "#1 SMP PREEMPT_DYNAMIC Tue Oct 3 11:12:36 EDT 2023", "hostname": "rhel9.localdomain", "release": "5.14.0-362.8.1.el9_3.x86_64", "sysname": "Linux", "agent_id": "003" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

4.8.0 Vulnerabilities

Detected: 615 - CSV: [vulnerabilities_inventory-2024-03-18T16_16_06.178Z.csv](https://github.com/wazuh/wazuh-qa/files/14640166/vulnerabilities_inventory-2024-03-18T16_16_06.178Z.csv) - Logs: - Agent: [ossec_agent.log](https://github.com/wazuh/wazuh-qa/files/14640156/ossec_agent.log) - Manager: [manager_ossec_log.zip](https://github.com/wazuh/wazuh-qa/files/14640162/manager_ossec_log.zip) - Syscollector: - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14640283/packages.csv)

OS detected by Syscollector

```console { "data": { "affected_items": [ { "os": { "major": "9", "minor": "3", "name": "Red Hat Enterprise Linux", "platform": "rhel", "version": "9.3 (Plow)" }, "scan": { "id": 0, "time": "2024-03-18T15:49:54+00:00" }, "architecture": "x86_64", "sysname": "Linux", "release": "5.14.0-362.8.1.el9_3.x86_64", "hostname": "rhel9.localdomain", "version": "#1 SMP PREEMPT_DYNAMIC Tue Oct 3 11:12:36 EDT 2023", "agent_id": "003" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

[rafabailon]

Fedora 39

Agent Info

```console [root@fedora39 vagrant]# uname -r 6.5.6-300.fc39.x86_64 [root@fedora39 vagrant]# cat /etc/os-release NAME="Fedora Linux" VERSION="39 (Thirty Nine)" ID=fedora VERSION_ID=39 VERSION_CODENAME="" PLATFORM_ID="platform:f39" PRETTY_NAME="Fedora Linux 39 (Thirty Nine)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:39" DEFAULT_HOSTNAME="fedora" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f39/system-administrators-guide/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=39 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=39 SUPPORT_END=2024-05-14 ``` ```json { "data": { "affected_items": [ { "os": { "arch": "x86_64", "codename": "Thirty Nine", "major": "39", "name": "Fedora Linux", "platform": "fedora", "uname": "Linux |fedora39.localdomain |6.5.6-300.fc39.x86_64 |#1 SMP PREEMPT_DYNAMIC Fri Oct 6 19:57:21 UTC 2023 |x86_64", "version": "39" }, "node_name": "node01", "status_code": 0, "ip": "10.0.2.15", "lastKeepAlive": "2024-03-18T16:33:42+00:00", "version": "Wazuh v4.7.3", "id": "002", "name": "fedora39", "manager": "ip-172-31-47-224", "status": "active", "group": [ "default" ], "dateAdd": "2024-03-18T14:56:45+00:00", "mergedSum": "4a8724b20dee0124ff9656783c490c4e", "configSum": "ab73af41699f13fdd81903b5f23d8d00", "registerIP": "any", "group_config_status": "synced" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All selected agents information was returned", "error": 0 } ```

4.7.3 Vulnerabilities

- Vulnerabilities Detector - Detected: 15 - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14648625/vulnerabilities.csv) - Reported in https://github.com/wazuh/wazuh/issues/22589 (Solved) - Syscollector - Detected: 381 - CSV: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14638144/packages.csv) - Logs - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14648862/ossec.zip) - Agent: [ossec.log](https://github.com/wazuh/wazuh-qa/files/14648644/ossec.log)

4.8.0 Vulnerabilities

- Vulnerabilities Detector - Detected: 44 - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14639110/vulnerabilities.csv) - Syscollector - Detected: 281 - CSV: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14649013/packages.csv) - Logs - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14640143/ossec.zip) - Agent: [ossec.log](https://github.com/wazuh/wazuh-qa/files/14639573/ossec.log)

[Rebits]

Oracle Linux 9 :red_circle:

Environment Details

- Environment Initialization ``` vagrant init oraclelinux/9 https://oracle.github.io/vagrant-projects/boxes/oraclelinux/9.json ``` - Os Details: ``` [root@oraclelinux2 vagrant]# cat /etc/os-release NAME="Oracle Linux Server" VERSION="9.3" ID="ol" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="9.3" PLATFORM_ID="platform:el9" PRETTY_NAME="Oracle Linux Server 9.3" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:oracle:linux:9:3:server" HOME_URL="https://linux.oracle.com/" BUG_REPORT_URL="https://github.com/oracle/oracle-linux" ORACLE_BUGZILLA_PRODUCT="Oracle Linux 9" ORACLE_BUGZILLA_PRODUCT_VERSION=9.3 ORACLE_SUPPORT_PRODUCT="Oracle Linux" ORACLE_SUPPORT_PRODUCT_VERSION=9.3 ``` - OS Detected by Syscollector ``` { "data": { "affected_items": [ { "os": { "major": "9", "name": "Oracle Linux Server" }, "id": "005" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All selected agents information was returned", "error": 0 ```

4.8.0 Vulnerabilities

- Syscollector packages: [oraclelinux_9_4.8.0_packages.csv](https://github.com/wazuh/wazuh-qa/files/14640020/oraclelinux_9_4.8.0_packages.csv) - Vulnerabilities: [oraclelinux_9_4.8.0_vuln.csv](https://github.com/wazuh/wazuh-qa/files/14640019/oraclelinux_9_4.8.0_vuln.csv) - Configuration: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14666745/ossec.zip) - Logs: [osseclog.zip](https://github.com/wazuh/wazuh-qa/files/14666746/osseclog.zip) -

4.7.3 Vulnerabilities

- Syscollector packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14640052/packages.csv) - Vulnerabilities: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14640039/vulnerabilities.csv) - Configuration: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14666739/ossec.zip) - Logs: [osseclog.zip](https://github.com/wazuh/wazuh-qa/files/14666740/osseclog.zip)

Summary

v4.8.0	v4.7.3
136	65

[juliamagan]

AL2023

Agent info

```shell [root@localhost vagrant]# uname -r 6.1.72-96.166.amzn2023.x86_6 ``` ```shell [root@localhost vagrant]# cat /etc/os-release NAME="Amazon Linux" VERSION="2023" ID="amzn" ID_LIKE="fedora" VERSION_ID="2023" PLATFORM_ID="platform:al2023" PRETTY_NAME="Amazon Linux 2023" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023" HOME_URL="https://aws.amazon.com/linux/" BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023" SUPPORT_END="2028-03-15" ```

4.7.3 vulnerabilities

Detected: **81** - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14639118/vulnerabilities.csv) - Logs: - Manager: [ossec.log](https://github.com/wazuh/wazuh-qa/files/14639122/ossec.log) - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14639131/agent_ossec.log) - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14639135/packages.csv)

OS:

```json { "data": { "affected_items": [ { "os": { "major": "2023", "name": "Amazon Linux", "platform": "amzn", "version": "2023" }, "scan": { "id": 0, "time": "2024-03-18T16:03:38+00:00" }, "hostname": "localhost", "version": "#1 SMP PREEMPT_DYNAMIC Wed Jan 17 00:42:52 UTC 2024", "architecture": "x86_64", "release": "6.1.72-96.166.amzn2023.x86_64", "sysname": "Linux", "agent_id": "004" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

4.8.0 vulnerabilities

Opened: https://github.com/wazuh/wazuh/issues/22581 Detected: **59** - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14639706/vulnerabilities_inventory-2024-03-18T16.36.01.729Z.csv) - Logs: - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14639722/ossec.zip) - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14639714/agent_ossec.log) - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14639699/packages.csv)

OS:

```json { "data": { "affected_items": [ { "os": { "major": "2023", "name": "Amazon Linux", "platform": "amzn", "version": "2023" }, "scan": { "id": 0, "time": "2024-03-18T16:38:20+00:00" }, "architecture": "x86_64", "sysname": "Linux", "release": "6.1.72-96.166.amzn2023.x86_64", "hostname": "localhost", "version": "#1 SMP PREEMPT_DYNAMIC Wed Jan 17 00:42:52 UTC 2024", "agent_id": "006" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

[santipadilla]

macOS 14

4.8.0

Ubuntu Jammy Manager

System information

```console root@ip-172-31-42-97:/home/ubuntu# cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS" PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ```

Manager version

```console root@ip-172-31-42-97:/home/ubuntu# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40806" WAZUH_TYPE="server" ```

Manager status

```console root@ip-172-31-42-97:/home/ubuntu# systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-03-18 14:36:56 UTC; 1h 38min ago Process: 56672 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0> Tasks: 172 (limit: 9254) Memory: 795.8M CPU: 1min 56.829s CGroup: /system.slice/wazuh-manager.service ├─56729 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─56730 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─56733 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─56736 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─56777 /var/ossec/bin/wazuh-authd ├─56793 /var/ossec/bin/wazuh-db ├─56818 /var/ossec/bin/wazuh-execd ├─56836 /var/ossec/bin/wazuh-analysisd ├─56897 /var/ossec/bin/wazuh-syscheckd ├─56914 /var/ossec/bin/wazuh-remoted ├─56948 /var/ossec/bin/wazuh-logcollector ├─56970 /var/ossec/bin/wazuh-monitord └─57020 /var/ossec/bin/wazuh-modulesd Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd[57018] main.c:77 at > Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd[57018] wmodules-osqu> Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd[57018] wmodules-osqu> Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd[57018] wmodules-vuln> Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd[57018] wmodules-vuln> Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd:router[57018] wm_rou> Mar 18 14:36:53 ip-172-31-42-97 env[57018]: 2024/03/18 14:36:53 wazuh-modulesd:content_manager[5701> Mar 18 14:36:54 ip-172-31-42-97 env[56672]: Started wazuh-modulesd... Mar 18 14:36:56 ip-172-31-42-97 env[56672]: Completed. Mar 18 14:36:56 ip-172-31-42-97 systemd[1]: Started Wazuh manager. ```

Configuration

```console root@ip-172-31-14-197:/home/qa# echo "wazuh_modules.debug=2" >> /var/ossec/etc/local_internal_options.conf root@ip-172-31-14-197:/home/qa# nano /var/ossec/etc/ossec.conf yes yes 60m yes https://172.31.14.197:9200 /etc/filebeat/certs/root-ca.pem /etc/filebeat/certs/wazuh-server.pem /etc/filebeat/certs/wazuh-server-key.pem ```

macOS Sonoma Agent

System information

```console sh-3.2# sw_vers ProductName: macOS ProductVersion: 14.0 BuildVersion: 23A344 ```

Agent version

```console sh-3.2# /Library/Ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40806" WAZUH_TYPE="agent" ```

Agent status

```console sh-3.2# sudo /Library/Ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```

Configuration

```console sh-3.2# echo "wazuh_modules.debug=2" >> /Library/Ossec/etc/local_internal_options.conf sh-3.2# vi /Library/Ossec/etc/ossec.conf no 1h yes yes yes yes yes yes yes ```

Report 4.8.0

Detected: 140

• CSV: vulnerabilities_inventory-2024-03-18T15 54 55.189Z.csv

• Logs:

  • Manager: ossec.zip

• Syscollector:

  • OS: syscollector_os.json
  • Packages: syscollector_packages.json
  • packages.csv

4.7.3

macOS Sonoma Agent

System information

```console sh-3.2# sw_vers ProductName: macOS ProductVersion: 14.0 BuildVersion: 23A344 ```

Agent version

```console sh-3.2# /Library/Ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.3" WAZUH_REVISION="40714" WAZUH_TYPE="agent" ```

Agent status

```console sh-3.2# sudo /Library/Ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```

Configuration

```console sh-3.2# vi /Library/Ossec/etc/ossec.conf no 1h yes yes yes yes yes yes yes ```

Report 4.7.3

Detected: 116

• CSV: vulnerabilities.csv

• Logs:

  • Manager: ossecmac.zip

• Syscollector:

  • OS: syscollector_os_2.json
  • Packages: syscollector_packages_2.json
  • packages(2).csv

[MARCOSD4]

CentOS 7

Agent info

```console [root@localhost vagrant]# uname -r 3.10.0-1127.el7.x86_64 [root@localhost vagrant]# cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" ```

4.7.3 Vulnerabilities

Detected: 1347 - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14640778/vulnerabilities.csv) - Logs: - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14640782/agent_ossec.log) - Manager: [manager_ossec_log.zip](https://github.com/wazuh/wazuh-qa/files/14640785/manager_ossec_log.zip) - Syscollector: - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14640788/packages.csv)

OS detected by Syscollector

```console { "data": { "affected_items": [ { "os": { "codename": "Core", "major": "7", "minor": "8", "name": "CentOS Linux", "platform": "centos", "version": "7.8.2003" }, "scan": { "id": 0, "time": "2024-03-18T17:53:32+00:00" }, "architecture": "x86_64", "hostname": "localhost.localdomain", "sysname": "Linux", "version": "#1 SMP Tue Mar 31 23:36:51 UTC 2020", "release": "3.10.0-1127.el7.x86_64", "agent_id": "008" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

4.8.0 Vulnerabilities

Detected: 2589 - CSV: [vulnerabilities_inventory-2024-03-18T18_07_19.280Z.csv](https://github.com/wazuh/wazuh-qa/files/14640702/vulnerabilities_inventory-2024-03-18T18_07_19.280Z.csv) - Logs: - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14640620/agent_ossec.log) - Manager: [manager_ossec_log.zip](https://github.com/wazuh/wazuh-qa/files/14640623/manager_ossec_log.zip) - Syscollector: - Packages: [packages_syscollector.csv](https://github.com/wazuh/wazuh-qa/files/14640689/packages_syscollector.csv)

OS detected by Syscollector

```console { "data": { "affected_items": [ { "os": { "codename": "Core", "major": "7", "minor": "8", "name": "CentOS Linux", "platform": "centos", "version": "7.8.2003" }, "scan": { "id": 0, "time": "2024-03-18T17:54:48+00:00" }, "architecture": "x86_64", "sysname": "Linux", "release": "3.10.0-1127.el7.x86_64", "hostname": "localhost.localdomain", "version": "#1 SMP Tue Mar 31 23:36:51 UTC 2020", "agent_id": "009" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

[juliamagan]

Debian 12

Agent info

```shell root@bookworm:/home/vagrant# uname -r 6.1.0-9-amd64 ``` ```shell root@bookworm:/home/vagrant# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ```

4.7.3 vulnerabilities

Detected: **139** - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14640147/vulnerabilities.csv) - Logs: - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14640155/ossec.zip) - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14640149/agent_ossec.log) - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14640152/packages.csv)

OS:

```json { "data": { "affected_items": [ { "os": { "codename": "bookworm", "major": "12", "name": "Debian GNU/Linux", "platform": "debian", "version": "12 (bookworm)" }, "scan": { "id": 0, "time": "2024-03-18T17:10:54+00:00" }, "architecture": "x86_64", "hostname": "bookworm", "sysname": "Linux", "version": "#1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08)", "release": "6.1.0-9-amd64", "agent_id": "006" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

4.8.0 vulnerabilities

Detected: **616** - CSV: [vulnerabilities_inventory-2024-03-18T17 32 48.337Z.csv](https://github.com/wazuh/wazuh-qa/files/14640359/vulnerabilities_inventory-2024-03-18T17.32.48.337Z.csv) - Logs: - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14640368/ossec.zip) - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14640362/agent_ossec.log) - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14640366/packages.csv)

OS:

```json { "data": { "affected_items": [ { "os": { "codename": "bookworm", "major": "12", "name": "Debian GNU/Linux", "platform": "debian", "version": "12 (bookworm)" }, "scan": { "id": 0, "time": "2024-03-18T17:28:43+00:00" }, "architecture": "x86_64", "sysname": "Linux", "release": "6.1.0-9-amd64", "hostname": "bookworm", "version": "#1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08)", "agent_id": "007" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

[Rebits]

SUSE 15 :red_circle:

Environment Details

- Os Details: ``` suse:/home/vagrant # cat /etc/os-release NAME="SLES" VERSION="15-SP2" VERSION_ID="15.2" PRETTY_NAME="SUSE Linux Enterprise Server 15 SP2" ID="sles" ID_LIKE="suse" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:15:sp2" ``` - OS Detected by Syscollector ``` root@ip-172-31-42-97:/home/ubuntu# curl -k -X GET "https://localhost:55000/syscollector/011/os" -H "Authorization: Bearer $TOKEN" {"data": {"affected_items": [{"os": {"major": "15", "name": "SLES", "platform": "sles", "version": "15-SP2"}, "scan": {"id": 0, "time": "2024-03-18T18:45:37+00:00"}, "architecture": "x86_64", "sysname": "Linux", "release": "5.3.18-22-default", "hostname": "suse", "version": "#1 SMP Wed Jun 3 12:16:43 UTC 2020 (720aeba)", "agent_id": "011"}], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "All specified syscollector information was returned", "error": 0}root@ip-172-31-42-97:/home/ubuntu# ```

4.8.0 Vulnerabilities

- Evidences: [Suse.zip](https://github.com/wazuh/wazuh-qa/files/14641323/Suse.zip)

4.7.3 Vulnerabilities

- Evidences: [Suse.zip](https://github.com/wazuh/wazuh-qa/files/14641323/Suse.zip)

Summary

v4.8.0	v4.7.3
302	529

[juliamagan]

Ubuntu Jammy

Agent info

```shell root@ubuntu-jammy:/home/vagrant# uname -r 5.15.0-91-generic ``` ```shell root@ubuntu-jammy:/home/vagrant# cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.3 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.3 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ```

4.7.3 vulnerabilities

Detected: **170** - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14650684/vulnerabilities.csv) - Logs: - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14650687/ossec.zip) - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14650694/agent_ossec.log) - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14650699/packages.csv)

OS:

```json { "data": { "affected_items": [ { "os": { "codename": "jammy", "major": "22", "minor": "04", "name": "Ubuntu", "platform": "ubuntu", "version": "22.04.3 LTS (Jammy Jellyfish)" }, "scan": { "id": 0, "time": "2024-03-19T12:19:53+00:00" }, "hostname": "ubuntu-jammy", "sysname": "Linux", "architecture": "x86_64", "release": "5.15.0-91-generic", "version": "#101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023", "agent_id": "014" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

4.8.0 vulnerabilities

Detected: **55** - CSV: [vulnerabilities.csv](https://github.com/wazuh/wazuh-qa/files/14651045/vulnerabilities_inventory-2024-03-19T13.07.06.873Z.csv) - Logs: - Manager: [ossec.zip](https://github.com/wazuh/wazuh-qa/files/14651050/ossec.zip) - Agent: [agent_ossec.log](https://github.com/wazuh/wazuh-qa/files/14651053/agent_ossec.log) - Packages: [packages.csv](https://github.com/wazuh/wazuh-qa/files/14651054/packages.csv)

OS:

```json { "data": { "affected_items": [ { "os": { "codename": "jammy", "major": "22", "minor": "04", "name": "Ubuntu", "platform": "ubuntu", "version": "22.04.3 LTS (Jammy Jellyfish)" }, "scan": { "id": 0, "time": "2024-03-19T13:19:30+00:00" }, "hostname": "ubuntu-jammy", "architecture": "x86_64", "sysname": "Linux", "release": "5.15.0-91-generic", "version": "#101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023", "agent_id": "013" } ], "total_affected_items": 1, "total_failed_items": 0, "failed_items": [] }, "message": "All specified syscollector information was returned", "error": 0 } ```

[rauldpm]

LGTM

Analysis is being done by Core team: https://github.com/wazuh/wazuh-qa/issues/5113

For the next iteration we should consider using macOS 14.3 instead of 14.0