Release 4.3.6 - Release Candidate 1 - E2E UX tests - GitHub integration


Test name	GitHub Integration
Category	Cloud Security
Deployment option	See table below
Main release issue	https://github.com/wazuh/wazuh/issues/14260
Release candidate #	4.3.6-RC1

Component	Guide	Cluster / Single	OS
indexer	step-by-step	Single	Centos8
server	sources	Single	Centos8
dashboard	step-by-step	Single	Centos8
agent	sources	Single	Centos8

All test results must have one of the following statuses:
:green_circle:	All checks passed.
:red_circle:	There is at least one failed result.
:yellow_circle:	There is at least one expected failure or skipped test and no failures.


Status	Test	Failure type	Notes
:green_circle:	Environment preparation	-	We should consider warning the user about the common firewalls present in modern distributions
🟢	Indexer Installation	-	-
🟢	Indexer Configuration	-	-
🟢	Indexer Check	-	-
🟡	Server Install dependencies	-	Documentation issues, see comments below https://github.com/wazuh/wazuh-documentation/issues/5481
🟡	Server install wazuh-manager	-	Documentation issues, see comments below https://github.com/wazuh/wazuh-documentation/issues/5481
🟡	Server install additional components	-	Documentation issues, see comments below https://github.com/wazuh/wazuh-documentation/issues/5481
🟡	Agent install from sources	-	Documentation issues, see comments below https://github.com/wazuh/wazuh-documentation/issues/5482
🟡	Agent manual enrollment using API	-	Documentation issues, see comments below https://github.com/wazuh/wazuh-documentation/issues/5482
🟢	Dashboard step-by-step installation	-	-
🟢	Dashboard configuration	-	-
🟡	Dashboard only for distributed deployments - wazuh.yml config file	-	Sample config file comes with options that might not work https://github.com/wazuh/wazuh-kibana-app/issues/4349
⚫	GitHub setup trial account	-	-
🟢	Agent's configuration for GitHub	-	We might consider changing the `git` value to `all` in `api_parameter` in the default configuration shown in the documentation
🟡	Agent´s restart	-	We do not show the user how to check if the GitHub module is active, or how to troubleshoot it in case of a problem https://github.com/wazuh/wazuh-documentation/issues/5483
🟡	UI usage	-	Our documentation does not mention that we need to enable GitHub module on the UI https://github.com/wazuh/wazuh-documentation/issues/5483

Environment preparation

Vagrant file containg the description of the 4 machines using centos

``` Vagrant.configure("2") do |config| config.vm.define "indexer" do |indexer| indexer.vm.box = "generic/centos8" indexer.vm.hostname = "indexer" indexer.vm.network "public_network", bridge: "Default Switch" indexer.vm.provider "hyperv" do |h| h.vmname = "indexer" h.enable_checkpoints = true h.enable_automatic_checkpoints = true h.enable_enhanced_session_mode = true h.memory = 8192 h.maxmemory = 8192 h.cpus = 8 end end config.vm.define "server" do |server| server.vm.box = "generic/centos8" server.vm.hostname = "server" server.vm.network "public_network", bridge: "Default Switch" server.vm.provider "hyperv" do |h| h.vmname = "server" h.enable_checkpoints = true h.enable_automatic_checkpoints = true h.enable_enhanced_session_mode = true h.memory = 8192 h.maxmemory = 8192 h.cpus = 8 end end config.vm.define "dashboard" do |dashboard| dashboard.vm.box = "generic/centos8" dashboard.vm.hostname = "dashboard" dashboard.vm.network "public_network", bridge: "Default Switch" dashboard.vm.provider "hyperv" do |h| h.vmname = "dashboard" h.enable_checkpoints = true h.enable_automatic_checkpoints = true h.enable_enhanced_session_mode = true h.memory = 8192 h.maxmemory = 8192 h.cpus = 8 end end config.vm.define "agent" do |agent| agent.vm.box = "generic/centos8" agent.vm.hostname = "agent" agent.vm.network "public_network", bridge: "Default Switch" agent.vm.provider "hyperv" do |h| h.vmname = "agent" h.enable_checkpoints = true h.enable_automatic_checkpoints = true h.enable_enhanced_session_mode = true h.memory = 8192 h.maxmemory = 8192 h.cpus = 8 end end end ```

Network configuration

🟡 Because I know Centos 8 comes with firewalls enabled by default in the vagrant box I am using, I have opted for disabling it, instead of implementing the adequate firewall policy for Wazuh. We should consider adding a note to the documentation talking about firewalls and wazuh.

``` nodes: indexer: - name: indexer ip: 172.26.19.181 server: - name: server ip: 172.26.31.140 dashboard: - name: dashboard ip: 172.26.27.112 ```

Indexer

Installation

Set up pre-release repository ``` # **rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH** # **echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo** [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-$releasever - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 # **yum install -y wazuh-indexer** Last metadata expiration check: 0:00:26 ago on Mon 18 Jul 2022 08:15:35 PM UTC. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: wazuh-indexer x86_64 4.3.6-1 wazuh 361 M Transaction Summary ======================================================================================================================== Install 1 Package Total download size: 361 M Installed size: 614 M Downloading Packages: wazuh-indexer-4.3.6-1.x86_64.rpm 21 MB/s | 361 MB 00:17 ------------------------------------------------------------------------------------------------------------------------ Total 21 MB/s | 361 MB 00:17 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.3.6-1.x86_64 1/1 Installing : wazuh-indexer-4.3.6-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.3.6-1.x86_64 1/1 Verifying : wazuh-indexer-4.3.6-1.x86_64 1/1 Installed: wazuh-indexer-4.3.6-1.x86_64 Complete! ```

Configuration

``` # vim /etc/wazuh-indexer/opensearch.yml # cat /etc/wazuh-indexer/opensearch.yml network.host: "172.26.19.181" node.name: "indexer" cluster.initial_master_nodes: - "indexer" #- "node-2" #- "node-3" cluster.name: "wazuh-cluster" discovery.seed_hosts: - "172.26.19.181" # - "node-2-ip" # - "node-3-ip" node.max_local_storage_nodes: "3" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false plugins.security.authcz.admin_dn: - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: - "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US" #- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US" #- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US" plugins.security.restapi.roles_enabled: - "all_access" - "security_rest_api_access" plugins.security.system_indices.enabled: true plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] ### Option to allow Filebeat-oss 7.10.2 to work ### compatibility.override_main_response_version: true # NODE_NAME="indexer" # mkdir /etc/wazuh-indexer/certs # tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem # mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem # mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem # chmod 500 /etc/wazuh-indexer/certs # chmod 400 /etc/wazuh-indexer/certs/* # chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs # systemctl daemon-reload # systemctl enable wazuh-indexer Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. # systemctl start wazuh-indexer # /usr/share/wazuh-indexer/bin/indexer-security-init.sh Security Admin v7 Will connect to 172.26.19.181:9300 ... done Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US OpenSearch Version: 1.2.4 OpenSearch Security Version: 1.2.4.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml SUCC: Configuration for 'config' created or updated Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml SUCC: Configuration for 'roles' created or updated Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml SUCC: Configuration for 'audit' created or updated Done with success ```

Checks

``` # curl -k -u admin:admin https://172.26.19.181:9200 { "name" : "indexer", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "awsDhhM6SBO8vhATQGcsWw", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "e505b10357c03ae8d26d675172402f2f2144ef0f", "build_date" : "2022-01-14T03:38:06.881862Z", "build_snapshot" : false, "lucene_version" : "8.10.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } # curl -k -u admin:admin https://172.26.19.181:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name 172.26.19.181 16 35 3 0.16 0.09 0.03 dimr * indexer ```

Server

Install dependencies

🟡 When installing dependencies, if you copy & paste the whole block of commands it won't work appropriately, as the first command does not have a -y option. This makes the command ask for user input, so it does not execute the other pasted commands.

``` # yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils m-config-manager --enable powertools yum install libstdc++-static -yLast metadata expiration check: 2:08:47 ago on Mon 18 Jul 2022 06:27:49 PM UTC. Package make-1:4.2.1-10.el8.x86_64 is already installed. Package cmake-3.20.2-4.el8.x86_64 is already installed. Package gcc-8.5.0-4.el8_5.x86_64 is already installed. Package gcc-c++-8.5.0-4.el8_5.x86_64 is already installed. Package python36-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64 is already installed. Package automake-1.16.1-7.el8.noarch is already installed. Package autoconf-2.69-29.el8.noarch is already installed. Package libtool-2.4.6-25.el8.x86_64 is already installed. Package yum-utils-4.0.21-3.el8.noarch is already installed. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: openssl-devel x86_64 1:1.1.1k-5.el8_5 baseos 2.3 M python3-policycoreutils noarch 2.9-16.el8 baseos 2.2 M Installing dependencies: checkpolicy x86_64 2.9-1.el8 baseos 348 k keyutils-libs-devel x86_64 1.5.10-9.el8 baseos 48 k krb5-devel x86_64 1.18.2-14.el8 baseos 560 k libcom_err-devel x86_64 1.45.6-2.el8 baseos 38 k libkadm5 x86_64 1.18.2-14.el8 baseos 187 k libselinux-devel x86_64 2.9-5.el8 baseos 200 k libsepol-devel x86_64 2.9-3.el8 baseos 87 k libverto-devel x86_64 0.3.0-5.el8 baseos 18 k pcre2-devel x86_64 10.32-2.el8 baseos 605 k pcre2-utf16 x86_64 10.32-2.el8 baseos 229 k pcre2-utf32 x86_64 10.32-2.el8 baseos 220 k python3-audit x86_64 3.0-0.17.20191104git1c2f876.el8 baseos 86 k python3-libsemanage x86_64 2.9-6.el8 baseos 127 k python3-setools x86_64 4.3.0-2.el8 baseos 626 k zlib-devel x86_64 1.2.11-17.el8 baseos 58 k Transaction Summary ======================================================================================================================== Install 17 Packages Total download size: 7.9 M Installed size: 19 M Is this ok [y/N]: Is this ok [y/N]: y Is this ok [y/N]: y Downloading Packages: (1/17): keyutils-libs-devel-1.5.10-9.el8.x86_64.rpm 137 kB/s | 48 kB 00:00 (2/17): libcom_err-devel-1.45.6-2.el8.x86_64.rpm 1.0 MB/s | 38 kB 00:00 (3/17): checkpolicy-2.9-1.el8.x86_64.rpm 866 kB/s | 348 kB 00:00 (4/17): krb5-devel-1.18.2-14.el8.x86_64.rpm 1.3 MB/s | 560 kB 00:00 (5/17): libselinux-devel-2.9-5.el8.x86_64.rpm 4.7 MB/s | 200 kB 00:00 (6/17): libsepol-devel-2.9-3.el8.x86_64.rpm 2.4 MB/s | 87 kB 00:00 (7/17): libkadm5-1.18.2-14.el8.x86_64.rpm 2.8 MB/s | 187 kB 00:00 (8/17): libverto-devel-0.3.0-5.el8.x86_64.rpm 611 kB/s | 18 kB 00:00 (9/17): pcre2-utf16-10.32-2.el8.x86_64.rpm 6.3 MB/s | 229 kB 00:00 (10/17): pcre2-devel-10.32-2.el8.x86_64.rpm 9.2 MB/s | 605 kB 00:00 (11/17): pcre2-utf32-10.32-2.el8.x86_64.rpm 5.9 MB/s | 220 kB 00:00 (12/17): python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64.rpm 1.8 MB/s | 86 kB 00:00 (13/17): python3-libsemanage-2.9-6.el8.x86_64.rpm 3.6 MB/s | 127 kB 00:00 (14/17): openssl-devel-1.1.1k-5.el8_5.x86_64.rpm 15 MB/s | 2.3 MB 00:00 (15/17): python3-setools-4.3.0-2.el8.x86_64.rpm 11 MB/s | 626 kB 00:00 (16/17): zlib-devel-1.2.11-17.el8.x86_64.rpm 1.1 MB/s | 58 kB 00:00 (17/17): python3-policycoreutils-2.9-16.el8.noarch.rpm 17 MB/s | 2.2 MB 00:00 ------------------------------------------------------------------------------------------------------------------------ Total 11 MB/s | 7.9 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : zlib-devel-1.2.11-17.el8.x86_64 1/17 Installing : python3-setools-4.3.0-2.el8.x86_64 2/17 Installing : python3-libsemanage-2.9-6.el8.x86_64 3/17 Installing : python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64 4/17 Installing : pcre2-utf32-10.32-2.el8.x86_64 5/17 Installing : pcre2-utf16-10.32-2.el8.x86_64 6/17 Installing : pcre2-devel-10.32-2.el8.x86_64 7/17 Installing : libverto-devel-0.3.0-5.el8.x86_64 8/17 Installing : libsepol-devel-2.9-3.el8.x86_64 9/17 Installing : libselinux-devel-2.9-5.el8.x86_64 10/17 Installing : libkadm5-1.18.2-14.el8.x86_64 11/17 Installing : libcom_err-devel-1.45.6-2.el8.x86_64 12/17 Installing : keyutils-libs-devel-1.5.10-9.el8.x86_64 13/17 Installing : krb5-devel-1.18.2-14.el8.x86_64 14/17 Installing : checkpolicy-2.9-1.el8.x86_64 15/17 Installing : python3-policycoreutils-2.9-16.el8.noarch 16/17 Installing : openssl-devel-1:1.1.1k-5.el8_5.x86_64 17/17 Running scriptlet: openssl-devel-1:1.1.1k-5.el8_5.x86_64 17/17 Verifying : checkpolicy-2.9-1.el8.x86_64 1/17 Verifying : keyutils-libs-devel-1.5.10-9.el8.x86_64 2/17 Verifying : krb5-devel-1.18.2-14.el8.x86_64 3/17 Verifying : libcom_err-devel-1.45.6-2.el8.x86_64 4/17 Verifying : libkadm5-1.18.2-14.el8.x86_64 5/17 Verifying : libselinux-devel-2.9-5.el8.x86_64 6/17 Verifying : libsepol-devel-2.9-3.el8.x86_64 7/17 Verifying : libverto-devel-0.3.0-5.el8.x86_64 8/17 Verifying : openssl-devel-1:1.1.1k-5.el8_5.x86_64 9/17 Verifying : pcre2-devel-10.32-2.el8.x86_64 10/17 Verifying : pcre2-utf16-10.32-2.el8.x86_64 11/17 Verifying : pcre2-utf32-10.32-2.el8.x86_64 12/17 Verifying : python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64 13/17 Verifying : python3-libsemanage-2.9-6.el8.x86_64 14/17 Verifying : python3-policycoreutils-2.9-16.el8.noarch 15/17 Verifying : python3-setools-4.3.0-2.el8.x86_64 16/17 Verifying : zlib-devel-1.2.11-17.el8.x86_64 17/17 Installed: checkpolicy-2.9-1.el8.x86_64 keyutils-libs-devel-1.5.10-9.el8.x86_64 krb5-devel-1.18.2-14.el8.x86_64 libcom_err-devel-1.45.6-2.el8.x86_64 libkadm5-1.18.2-14.el8.x86_64 libselinux-devel-2.9-5.el8.x86_64 libsepol-devel-2.9-3.el8.x86_64 libverto-devel-0.3.0-5.el8.x86_64 openssl-devel-1:1.1.1k-5.el8_5.x86_64 pcre2-devel-10.32-2.el8.x86_64 pcre2-utf16-10.32-2.el8.x86_64 pcre2-utf32-10.32-2.el8.x86_64 python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64 python3-libsemanage-2.9-6.el8.x86_64 python3-policycoreutils-2.9-16.el8.noarch python3-setools-4.3.0-2.el8.x86_64 zlib-devel-1.2.11-17.el8.x86_64 Complete! ```

Execute the other commands manually:

``` [root@server wz]# yum-config-manager --enable powertools [root@server wz]# yum install libstdc++-static -y CentOS Linux 8 - PowerTools 6.6 MB/s | 2.3 MB 00:00 Last metadata expiration check: 0:00:01 ago on Mon 18 Jul 2022 08:37:08 PM UTC. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: libstdc++-static x86_64 8.5.0-4.el8_5 powertools 599 k Transaction Summary ======================================================================================================================== Install 1 Package Total download size: 599 k Installed size: 5.1 M Downloading Packages: libstdc++-static-8.5.0-4.el8_5.x86_64.rpm 1.7 MB/s | 599 kB 00:00 ------------------------------------------------------------------------------------------------------------------------ Total 1.7 MB/s | 599 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libstdc++-static-8.5.0-4.el8_5.x86_64 1/1 Running scriptlet: libstdc++-static-8.5.0-4.el8_5.x86_64 1/1 Verifying : libstdc++-static-8.5.0-4.el8_5.x86_64 1/1 Installed: libstdc++-static-8.5.0-4.el8_5.x86_64 Complete! [root@server wz]# ```

🟡 Trying to compile Python from source, following the optional instructions does not work, as the package python34 does not exist in Centos 8 latest version. Following the documentation, I've changed to python3 as the package name. Does our code requires a specific version of python to work?

The documentation also say: _Nevertheless, you can download the CPython sources by adding the PYTHONSOURCE flag when running make deps.

But I was unable to find when to execute that command to add the PYTHON_SOURCE flag.

``` yum-builddep python34 -y enabling appstream-source repository enabling baseos-source repository enabling extras-source repository enabling powertools-source repository enabling epel-source repository enabling epel-modular-source repository CentOS Linux 8 - BaseOS - Source 493 kB/s | 326 kB 00:00 CentOS Linux 8 - AppStream - Source 1.4 MB/s | 835 kB 00:00 CentOS Linux 8 - PowerTools - Source 216 kB/s | 196 kB 00:00 CentOS Linux 8 - Extras - Source 13 kB/s | 7.6 kB 00:00 Extra Packages for Enterprise Linux 8 - x86_64 - Source 3.7 MB/s | 2.5 MB 00:00 Extra Packages for Enterprise Linux Modular 8 - x86_64 - Source 33 kB/s | 18 kB 00:00 no package matched: python34 Error: Some packages could not be found. # cat /etc/centos-release CentOS Linux release 8.5.2111 # yum-builddep python3 -y [ output elided as this command installs over 100 packages ] ```

Install Wazuh Manager

Downloading the package required an updated URL to use the pre-release

``` # curl -Ls https://github.com/wazuh/wazuh/archive/v4.3.6-rc1.tar.gz | tar zx ```

Building wazuh-manager using the provided script

``` ./install.sh ** Para instalação em português, escolha [br]. ** 要使用中文进行安装, 请选择 [cn]. ** Für eine deutsche Installation, wählen Sie [de]. ** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el]. ** For installation in English, choose [en]. ** Para instalar en español, elija [es]. ** Pour une installation en français, choisissez [fr] ** A Magyar nyelvű telepítéshez válassza [hu]. ** Per l'installazione in Italiano, scegli [it]. ** 日本語でインストールします．選択して下さい．[jp]. ** Voor installatie in het Nederlands, kies [nl]. ** Aby instalować w języku Polskim, wybierz [pl]. ** Для инструкций по установке на русском ,введите [ru]. ** Za instalaciju na srpskom, izaberi [sr]. ** Türkçe kurulum için seçin [tr]. (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: Wazuh v4.3.6 (Rev. 40318) Installation Script - http://www.wazuh.com You are about to start the installation process of Wazuh. You must have a C compiler pre-installed in your system. - System: Linux server 4.18.0-348.7.1.el8_5.x86_64 (centos 8.5) - User: root - Host: server -- Press ENTER to continue or Ctrl-C to abort. -- 1- What kind of installation do you want (manager, agent, local, hybrid or help)? manager - Manager (server) installation chosen. 2- Choose where to install Wazuh [/var/ossec]: - Installation will be made at /var/ossec . 3- Configuring Wazuh. 3.1- Do you want e-mail notification? (y/n) [n]: --- Email notification disabled. 3.2- Do you want to run the integrity check daemon? (y/n) [y]: - Running syscheck (integrity check daemon). 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: - Running rootcheck (rootkit detection). 3.5- Active response allows you to execute a specific command based on the events received. By default, no active responses are defined. - Default white list for the active response: - 172.26.16.1 - Do you want to add more IPs to the white list? (y/n)? [n]: 3.6- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: - Remote syslog enabled. 3.7 - Do you want to run the Auth daemon? (y/n) [y]: - Running Auth daemon. 3.8- Do you want to start Wazuh after the installation? (y/n) [y]: - Wazuh will start at the end of installation. 3.9- Setting the configuration to analyze the following logs: -- /var/log/audit/audit.log -- /var/ossec/logs/active-responses.log -- /var/log/messages -- /var/log/secure -- /var/log/maillog - If you want to monitor any other file, just change the ossec.conf and add a new localfile entry. Any questions about the configuration can be answered by visiting us online at https://documentation.wazuh.com/. --- Press ENTER to continue --- 4- Installing the system DIR="/var/ossec" - Running the Makefile curl -so external/cJSON.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/cJSON.tar.gz || true cd external && test -e cJSON.tar.gz && gunzip cJSON.tar.gz || true cd external && test -e cJSON.tar && tar -xf cJSON.tar || true test -e external/cJSON.tar && rm external/cJSON.tar || true test -d external/cJSON ||\ (curl -so external/cJSON.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/cJSON.tar.gz &&\ cd external && gunzip cJSON.tar.gz && tar -xf cJSON.tar && rm cJSON.tar) curl -so external/curl.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/curl.tar.gz || true cd external && test -e curl.tar.gz && gunzip curl.tar.gz || true cd external && test -e curl.tar && tar -xf curl.tar || true test -e external/curl.tar && rm external/curl.tar || true test -d external/curl ||\ (curl -so external/curl.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/curl.tar.gz &&\ cd external && gunzip curl.tar.gz && tar -xf curl.tar && rm curl.tar) curl -so external/libdb.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libdb.tar.gz || true cd external && test -e libdb.tar.gz && gunzip libdb.tar.gz || true cd external && test -e libdb.tar && tar -xf libdb.tar || true test -e external/libdb.tar && rm external/libdb.tar || true test -d external/libdb ||\ (curl -so external/libdb.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libdb.tar.gz &&\ cd external && gunzip libdb.tar.gz && tar -xf libdb.tar && rm libdb.tar) curl -so external/libffi.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libffi.tar.gz || true cd external && test -e libffi.tar.gz && gunzip libffi.tar.gz || true cd external && test -e libffi.tar && tar -xf libffi.tar || true test -e external/libffi.tar && rm external/libffi.tar || true test -d external/libffi ||\ (curl -so external/libffi.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libffi.tar.gz &&\ cd external && gunzip libffi.tar.gz && tar -xf libffi.tar && rm libffi.tar) curl -so external/libyaml.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libyaml.tar.gz || true cd external && test -e libyaml.tar.gz && gunzip libyaml.tar.gz || true cd external && test -e libyaml.tar && tar -xf libyaml.tar || true test -e external/libyaml.tar && rm external/libyaml.tar || true test -d external/libyaml ||\ (curl -so external/libyaml.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libyaml.tar.gz &&\ cd external && gunzip libyaml.tar.gz && tar -xf libyaml.tar && rm libyaml.tar) curl -so external/openssl.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/openssl.tar.gz || true cd external && test -e openssl.tar.gz && gunzip openssl.tar.gz || true cd external && test -e openssl.tar && tar -xf openssl.tar || true test -e external/openssl.tar && rm external/openssl.tar || true test -d external/openssl ||\ (curl -so external/openssl.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/openssl.tar.gz &&\ cd external && gunzip openssl.tar.gz && tar -xf openssl.tar && rm openssl.tar) curl -so external/procps.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/procps.tar.gz || true cd external && test -e procps.tar.gz && gunzip procps.tar.gz || true cd external && test -e procps.tar && tar -xf procps.tar || true test -e external/procps.tar && rm external/procps.tar || true test -d external/procps ||\ (curl -so external/procps.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/procps.tar.gz &&\ cd external && gunzip procps.tar.gz && tar -xf procps.tar && rm procps.tar) curl -so external/sqlite.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/sqlite.tar.gz || true cd external && test -e sqlite.tar.gz && gunzip sqlite.tar.gz || true cd external && test -e sqlite.tar && tar -xf sqlite.tar || true test -e external/sqlite.tar && rm external/sqlite.tar || true test -d external/sqlite ||\ (curl -so external/sqlite.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/sqlite.tar.gz &&\ cd external && gunzip sqlite.tar.gz && tar -xf sqlite.tar && rm sqlite.tar) curl -so external/zlib.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/zlib.tar.gz || true cd external && test -e zlib.tar.gz && gunzip zlib.tar.gz || true cd external && test -e zlib.tar && tar -xf zlib.tar || true test -e external/zlib.tar && rm external/zlib.tar || true test -d external/zlib ||\ (curl -so external/zlib.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/zlib.tar.gz &&\ cd external && gunzip zlib.tar.gz && tar -xf zlib.tar && rm zlib.tar) curl -so external/audit-userspace.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/audit-userspace.tar.gz || true cd external && test -e audit-userspace.tar.gz && gunzip audit-userspace.tar.gz || true cd external && test -e audit-userspace.tar && tar -xf audit-userspace.tar || true test -e external/audit-userspace.tar && rm external/audit-userspace.tar || true test -d external/audit-userspace ||\ (curl -so external/audit-userspace.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/audit-userspace.tar.gz &&\ cd external && gunzip audit-userspace.tar.gz && tar -xf audit-userspace.tar && rm audit-userspace.tar) curl -so external/msgpack.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/msgpack.tar.gz || true cd external && test -e msgpack.tar.gz && gunzip msgpack.tar.gz || true cd external && test -e msgpack.tar && tar -xf msgpack.tar || true test -e external/msgpack.tar && rm external/msgpack.tar || true test -d external/msgpack ||\ (curl -so external/msgpack.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/msgpack.tar.gz &&\ cd external && gunzip msgpack.tar.gz && tar -xf msgpack.tar && rm msgpack.tar) curl -so external/bzip2.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/bzip2.tar.gz || true cd external && test -e bzip2.tar.gz && gunzip bzip2.tar.gz || true cd external && test -e bzip2.tar && tar -xf bzip2.tar || true test -e external/bzip2.tar && rm external/bzip2.tar || true test -d external/bzip2 ||\ (curl -so external/bzip2.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/bzip2.tar.gz &&\ cd external && gunzip bzip2.tar.gz && tar -xf bzip2.tar && rm bzip2.tar) curl -so external/nlohmann.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/nlohmann.tar.gz || true cd external && test -e nlohmann.tar.gz && gunzip nlohmann.tar.gz || true gzip: nlohmann.tar.gz: not in gzip format cd external && test -e nlohmann.tar && tar -xf nlohmann.tar || true test -e external/nlohmann.tar && rm external/nlohmann.tar || true test -d external/nlohmann ||\ (curl -so external/nlohmann.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/nlohmann.tar.gz &&\ cd external && gunzip nlohmann.tar.gz && tar -xf nlohmann.tar && rm nlohmann.tar) curl -so external/googletest.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/googletest.tar.gz || true cd external && test -e googletest.tar.gz && gunzip googletest.tar.gz || true gzip: googletest.tar.gz: not in gzip format cd external && test -e googletest.tar && tar -xf googletest.tar || true test -e external/googletest.tar && rm external/googletest.tar || true test -d external/googletest ||\ (curl -so external/googletest.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/googletest.tar.gz &&\ cd external && gunzip googletest.tar.gz && tar -xf googletest.tar && rm googletest.tar) curl -so external/libpcre2.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libpcre2.tar.gz || true cd external && test -e libpcre2.tar.gz && gunzip libpcre2.tar.gz || true cd external && test -e libpcre2.tar && tar -xf libpcre2.tar || true test -e external/libpcre2.tar && rm external/libpcre2.tar || true test -d external/libpcre2 ||\ (curl -so external/libpcre2.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libpcre2.tar.gz &&\ cd external && gunzip libpcre2.tar.gz && tar -xf libpcre2.tar && rm libpcre2.tar) curl -so external/libplist.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libplist.tar.gz || true cd external && test -e libplist.tar.gz && gunzip libplist.tar.gz || true cd external && test -e libplist.tar && tar -xf libplist.tar || true test -e external/libplist.tar && rm external/libplist.tar || true test -d external/libplist ||\ (curl -so external/libplist.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libplist.tar.gz &&\ cd external && gunzip libplist.tar.gz && tar -xf libplist.tar && rm libplist.tar) curl -so external/pacman.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/pacman.tar.gz || true cd external && test -e pacman.tar.gz && gunzip pacman.tar.gz || true cd external && test -e pacman.tar && tar -xf pacman.tar || true test -e external/pacman.tar && rm external/pacman.tar || true test -d external/pacman ||\ (curl -so external/pacman.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/pacman.tar.gz &&\ cd external && gunzip pacman.tar.gz && tar -xf pacman.tar && rm pacman.tar) curl -so external/libarchive.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libarchive.tar.gz || true cd external && test -e libarchive.tar.gz && gunzip libarchive.tar.gz || true cd external && test -e libarchive.tar && tar -xf libarchive.tar || true test -e external/libarchive.tar && rm external/libarchive.tar || true test -d external/libarchive ||\ (curl -so external/libarchive.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libarchive.tar.gz &&\ cd external && gunzip libarchive.tar.gz && tar -xf libarchive.tar && rm libarchive.tar) curl -so external/popt.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/popt.tar.gz || true cd external && test -e popt.tar.gz && gunzip popt.tar.gz || true cd external && test -e popt.tar && tar -xf popt.tar || true test -e external/popt.tar && rm external/popt.tar || true test -d external/popt ||\ (curl -so external/popt.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/popt.tar.gz &&\ cd external && gunzip popt.tar.gz && tar -xf popt.tar && rm popt.tar) curl -so external/rpm.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/rpm.tar.gz || true cd external && test -e rpm.tar.gz && gunzip rpm.tar.gz || true cd external && test -e rpm.tar && tar -xf rpm.tar || true test -e external/rpm.tar && rm external/rpm.tar || true test -d external/rpm ||\ (curl -so external/rpm.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/rpm.tar.gz &&\ cd external && gunzip rpm.tar.gz && tar -xf rpm.tar && rm rpm.tar) curl -so external/cpython.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/cpython.tar.gz || true cd external && test -e cpython.tar.gz && gunzip cpython.tar.gz || true test -e external/cpython.tar ||\ (curl -so external/cpython.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/cpython.tar.gz &&\ cd external && gunzip cpython.tar.gz && tar -xf cpython.tar && rm cpython.tar) test -d external/cpython || (cd external && gzip cpython.tar) checkmodule -M -m -o selinux/wazuh.mod selinux/wazuh.te semodule_package -o selinux/wazuh.pp -m selinux/wazuh.mod make build_sysinfo build_shared_modules build_syscollector make[1]: Entering directory '/wz/wazuh-4.3.6-rc1/src' CC libwazuhext.so cd data_provider/ && mkdir -p build && cd build && cmake .. && make cd shared_modules/dbsync/ && mkdir -p build && cd build && cmake .. && make -- The C compiler identification is GNU 8.5.0 -- The C compiler identification is GNU 8.5.0 -- The CXX compiler identification is GNU 8.5.0 -- The CXX compiler identification is GNU 8.5.0 -- Detecting C compiler ABI info -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compiler ABI info - done -- Check for working C compiler: /usr/bin/cc - skipped -- Check for working C compiler: /usr/bin/cc - skipped -- Detecting C compile features -- Detecting C compile features -- Detecting C compile features - done -- Detecting C compile features - done -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compiler ABI info - done -- Check for working CXX compiler: /usr/bin/c++ - skipped -- Detecting CXX compile features -- Check for working CXX compiler: /usr/bin/c++ - skipped -- Detecting CXX compile features - done -- Detecting CXX compile features -- Detecting CXX compile features - done -- Configuring done -- Generating done -- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/data_provider/build -- Configuring done make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' -- Generating done -- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [ 23%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserExtra.cpp.o [ 23%] Building CXX object CMakeFiles/sysinfo.dir/src/network/networkInterfaceLinux.cpp.o [ 23%] Building CXX object CMakeFiles/sysinfo.dir/src/osinfo/sysOsParsers.cpp.o [ 30%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserDeb.cpp.o [ 38%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserRpm.cpp.o [ 46%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserRpmLegacy.cpp.o make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [ 53%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/rpmPackageManager.cpp.o make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [ 10%] Building CXX object CMakeFiles/dbsync.dir/src/dbsync.cpp.o [ 61%] Building CXX object CMakeFiles/sysinfo.dir/src/sysInfoLinux.cpp.o [ 69%] Building CXX object CMakeFiles/sysinfo.dir/src/utilsWrapperLinux.cpp.o [ 76%] Building CXX object CMakeFiles/sysinfo.dir/src/sysInfo.cpp.o [ 20%] Building CXX object CMakeFiles/dbsync.dir/src/dbsyncPipelineFactory.cpp.o [ 30%] Building CXX object CMakeFiles/dbsync.dir/src/dbsync_implementation.cpp.o [ 40%] Building CXX object CMakeFiles/dbsync.dir/src/sqlite/sqlite_dbengine.cpp.o [ 50%] Building CXX object CMakeFiles/dbsync.dir/src/sqlite/sqlite_wrapper.cpp.o [ 84%] Linking CXX shared library lib/libsysinfo.so make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' [ 84%] Built target sysinfo make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' [ 92%] Building CXX object testtool/CMakeFiles/sysinfo_test_tool.dir/main.cpp.o [ 60%] Linking CXX shared library lib/libdbsync.so make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [ 60%] Built target dbsync make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [ 70%] Building CXX object testtool/CMakeFiles/dbsync_test_tool.dir/main.cpp.o [ 80%] Building CXX object example/CMakeFiles/dbsync_example.dir/main.cpp.o [ 90%] Linking CXX executable ../bin/dbsync_example make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [ 90%] Built target dbsync_example [100%] Linking CXX executable ../bin/sysinfo_test_tool make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' [100%] Built target sysinfo_test_tool make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build' [100%] Linking CXX executable ../bin/dbsync_test_tool make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' [100%] Built target dbsync_test_tool make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build' cd shared_modules/rsync/ && mkdir -p build && cd build && cmake .. && make -- The C compiler identification is GNU 8.5.0 -- The CXX compiler identification is GNU 8.5.0 -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working C compiler: /usr/bin/cc - skipped -- Detecting C compile features -- Detecting C compile features - done -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Check for working CXX compiler: /usr/bin/c++ - skipped -- Detecting CXX compile features -- Detecting CXX compile features - done -- Configuring done -- Generating done -- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' [ 25%] Building CXX object CMakeFiles/rsync.dir/src/rsync.cpp.o [ 25%] Building CXX object CMakeFiles/rsync.dir/src/rsyncImplementation.cpp.o [ 37%] Linking CXX shared library lib/librsync.so make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' [ 37%] Built target rsync make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' [ 62%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/main.cpp.o [ 62%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/agentEmulator.cpp.o [ 87%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/managerEmulator.cpp.o [ 87%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/oneTimeSync.cpp.o [100%] Linking CXX executable ../bin/rsync_test_tool make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' [100%] Built target rsync_test_tool make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build' cd wazuh_modules/syscollector/ && mkdir -p build && cd build && cmake .. && make -- The C compiler identification is GNU 8.5.0 -- The CXX compiler identification is GNU 8.5.0 -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working C compiler: /usr/bin/cc - skipped -- Detecting C compile features -- Detecting C compile features - done -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Check for working CXX compiler: /usr/bin/c++ - skipped -- Detecting CXX compile features -- Detecting CXX compile features - done -- Configuring done -- Generating done -- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' [ 50%] Building CXX object CMakeFiles/syscollector.dir/src/syscollectorImp.cpp.o [ 50%] Building CXX object CMakeFiles/syscollector.dir/src/syscollectorNormalizer.cpp.o [ 50%] Building CXX object CMakeFiles/syscollector.dir/src/syscollector.cpp.o [ 66%] Linking CXX shared library lib/libsyscollector.so make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' [ 66%] Built target syscollector make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' [ 83%] Building CXX object testtool/CMakeFiles/syscollector_test_tool.dir/main.cpp.o [100%] Linking CXX executable ../bin/syscollector_test_tool make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' [100%] Built target syscollector_test_tool make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build' make[1]: Leaving directory '/wz/wazuh-4.3.6-rc1/src' make wazuh-maild - wazuh-csyslogd - wazuh-agentlessd - wazuh-execd - wazuh-logcollector - wazuh-remoted wazuh-agentd manage_agents utils active-responses wazuh-syscheckd wazuh-monitord wazuh-reportd wazuh-authd wazuh-analysisd wazuh-logtest-legacy wazuh-dbd - wazuh-integratord wazuh-modulesd wazuh-db make[1]: Entering directory '/wz/wazuh-4.3.6-rc1/src' CC os_maild/maild.o CC os_maild/sendmail.o CC os_maild/sendcustomemail.o CC os_maild/config.o CC os_maild/os_maild_client.o CC os_maild/mail_list.o CC os_maild/mailcom.o CC config/wmodules-aws.o CC config/localfile-config.o os_maild/os_maild_client.c: In function ‘PrintTable’: os_maild/os_maild_client.c:802:21: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=] strncat(printed, endline, strlen(endline)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:767:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=] strncat(printed, delimitator, strlen(delimitator)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:786:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=] strncat(printed, endline, strlen(endline)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:777:17: warning: ‘strncat’ specified bound 1 equals source length [-Wstringop-overflow=] strncat(printed, space, strlen(space)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:749:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=] strncat(printed, delimitator, strlen(delimitator)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:751:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=] strncat(printed, endline, strlen(endline)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c: In function ‘OS_RecvMailQ’: os_maild/os_maild_client.c:334:9: warning: ‘strncpy’ output may be truncated copying 128 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(msg_sms_tmp->body, logs, 128); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC config/rootcheck-config.o CC config/agentlessd-config.o CC config/active-response.o CC config/wmodules-osquery-monitor.o CC config/integrator-config.o os_maild/os_maild_client.c: In function ‘PrintTable’: os_maild/os_maild_client.c:800:21: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(printed, tab, strlen(tab)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:801:21: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(printed, item->string, strlen(item->string)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:765:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(printed, tab, strlen(tab)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:766:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(printed, item->string, strlen(item->string)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:747:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(printed, tab, strlen(tab)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c:744:34: note: length computed here log_size = strlen(key) + strlen(tab) + strlen(item->string) + strlen(delimitator) + strlen(endline); ^~~~~~~~~~~ os_maild/os_maild_client.c:748:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(printed, item->string, strlen(item->string)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ os_maild/os_maild_client.c: In function ‘OS_RecvMailQ_JSON’: os_maild/os_maild_client.c:697:9: warning: ‘strncpy’ output may be truncated copying 128 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(msg_sms_tmp->body, logs, 128); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC config/wmodules-agent-upgrade.o CC config/socket-config.o CC config/remote-config.o CC config/reports-config.o CC config/wmodules_syscollector.o CC config/wmodules-oscap.o CC config/config.o CC config/wmodules-github.o CC config/wmodules-docker.o CC config/email-alerts-config.o CC config/global-config.o CC config/client-config.o CC config/labels-config.o CC config/wmodules-sca.o CC config/authd-config.o CC config/buffer-config.o CC config/cluster-config.o CC config/wmodules-key-request.o CC config/rules-config.o CC config/wmodules-vuln-detector.o CC config/dbd-config.o CC config/wmodules-gcp.o CC config/wmodules-azure.o CC config/syscheck-config.o CC config/wmodules-office365.o CC config/alerts-config.o CC config/wmodules-command.o CC config/wmodules-task-manager.o CC config/csyslogd-config.o CC config/wmodules-ciscat.o CC config/wmodules-fluent.o CC config/logtest-config.o config/syscheck-config.c: In function ‘read_data_unit’: config/syscheck-config.c:1261:13: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(value_str, content, len_value_str - 2); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ config/syscheck-config.c:1251:28: note: length computed here size_t len_value_str = strlen(content); ^~~~~~~~~~~~~~~ CC config/wmodules-config.o CC wazuh_modules/wm_control.o CC wazuh_modules/wmcom.o CC wazuh_modules/wm_oscap.o CC wazuh_modules/wm_gcp.o CC wazuh_modules/wmodules.o CC wazuh_modules/wm_azure.o CC wazuh_modules/wm_office365.o CC wazuh_modules/wm_exec.o CC wazuh_modules/wm_osquery_monitor.o CC wazuh_modules/wm_task_general.o CC wazuh_modules/wm_aws.o CC wazuh_modules/wm_syscollector.o CC wazuh_modules/wm_keyrequest.o CC wazuh_modules/wm_github.o wazuh_modules/wm_office365.c: In function ‘wm_office365_execute_scan’: wazuh_modules/wm_office365.c:441:33: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(url, next_page, strlen(next_page)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC wazuh_modules/wm_database.o CC wazuh_modules/wm_download.o CC wazuh_modules/wm_docker.o CC wazuh_modules/wm_sca.o CC wazuh_modules/wm_fluent.o wazuh_modules/wm_github.c: In function ‘wm_github_execute_scan’: wazuh_modules/wm_github.c:329:41: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(url, next_page, strlen(next_page)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC wazuh_modules/wm_command.o CC wazuh_modules/wm_ciscat.o CC wazuh_modules/agent_upgrade/wm_agent_upgrade.o CC wazuh_modules/vulnerability_detector/wm_vuln_detector.o CC wazuh_modules/vulnerability_detector/wm_vuln_detector_evr.o CC wazuh_modules/vulnerability_detector/wm_vuln_detector_nvd.o CC wazuh_modules/task_manager/wm_task_manager.o CC wazuh_modules/task_manager/wm_task_manager_parsing.o CC wazuh_modules/task_manager/wm_task_manager_commands.o CC wazuh_modules/task_manager/wm_task_manager_tasks.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_tasks.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_manager.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_validate.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_upgrades.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_parsing.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_commands.o CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_tasks_callbacks.o CC wazuh_db/wdb_metadata.o CC wazuh_db/wdb_agents.o CC wazuh_db/wdb_integrity.o CC wazuh_db/wdb.o CC wazuh_db/wdb_scan_info.o CC wazuh_db/wdb_syscollector.o CC wazuh_db/wdb_upgrade.o CC wazuh_db/wdb_task.o CC wazuh_db/wdb_sca.o CC wazuh_db/wdb_global.o CC wazuh_db/wdb_parser.o CC wazuh_db/wdb_fim.o CC wazuh_db/wdb_rootcheck.o CC wazuh_db/wdb_ciscat.o CC wazuh_db/helpers/wdb_global_helpers.o CC wazuh_db/helpers/wdb_agents_helpers.o wazuh_db/wdb_parser.c: In function ‘wdb_parse_syscheck’: wazuh_db/wdb_parser.c:1264:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(unsc_checksum + unsc_size, mark, mark_size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wazuh_db/wdb_parser.c:1262:32: note: length computed here size_t mark_size = strlen(mark); ^~~~~~~~~~~~ CC wazuh_db/schema_upgrade_v2.o In function ‘wm_vuldet_adapt_title’, inlined from ‘wm_vuldet_json_rh_parser.isra.14’ at wazuh_modules/vulnerability_detector/wm_vuln_detector.c:4809:9, inlined from ‘wm_vuldet_json_parser.isra.30’ at wazuh_modules/vulnerability_detector/wm_vuln_detector.c:5017:26: wazuh_modules/vulnerability_detector/wm_vuln_detector.c:3557:5: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(title, title_ofs, strlen(title_ofs) + 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wazuh_modules/vulnerability_detector/wm_vuln_detector.c: In function ‘wm_vuldet_json_parser.isra.30’: wazuh_modules/vulnerability_detector/wm_vuln_detector.c:3557:31: note: length computed here strncpy(title, title_ofs, strlen(title_ofs) + 1); ^~~~~~~~~~~~~~~~~ CC wazuh_db/schema_upgrade_v9.o CC wazuh_db/schema_upgrade_v3.o CC wazuh_db/schema_upgrade_v1.o CC wazuh_db/schema_upgrade_v6.o CC wazuh_db/schema_agents.o CC wazuh_db/schema_global_upgrade_v1.o CC wazuh_db/schema_task_manager.o CC wazuh_db/schema_upgrade_v8.o CC wazuh_db/schema_upgrade_v4.o CC wazuh_db/schema_global.o CC wazuh_db/schema_global_upgrade_v2.o CC wazuh_db/schema_upgrade_v5.o CC wazuh_db/schema_global_upgrade_v3.o CC wazuh_db/schema_vuln_detector.o CC wazuh_db/schema_upgrade_v7.o CC os_crypto/blowfish/bf_op.o CC os_crypto/md5/md5_op.o CC os_crypto/sha1/sha1_op.o CC os_crypto/shared/keys.o CC os_crypto/shared/msgs.o CC os_crypto/md5_sha1/md5_sha1_op.o CC os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.o CC os_crypto/sha256/sha256_op.o CC os_crypto/sha512/sha512_op.o CC os_crypto/aes/aes_op.o CC os_crypto/hmac/hmac.o CC os_crypto/signature/signature.o os_crypto/shared/keys.c: In function ‘OS_ReadKeys’: os_crypto/shared/keys.c:251:13: warning: ‘strncpy’ output may be truncated copying 127 bytes from a string of length 2048 [-Wstringop-truncation] strncpy(id, valid_str, KEYSIZE - 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC shared/file-queue.o CC shared/json-queue.o CC shared/read-alert.o CC shared/enrollment_op.o CC shared/fs_op.o CC shared/rootcheck_op.o CC shared/store_op.o CC shared/bzip2_op.o shared/enrollment_op.c: In function ‘w_enrollment_concat_src_ip’: shared/enrollment_op.c:554:13: warning: ‘strncat’ output may be truncated copying 254 bytes from a string of length 255 [-Wstringop-truncation] strncat(buff,opt_buf,254); ^~~~~~~~~~~~~~~~~~~~~~~~~ CC shared/exec_op.o CC shared/request_op.o CC shared/log_builder.o CC shared/mem_op.o CC shared/file_op.o CC shared/pthreads_op.o CC shared/os_utils.o CC shared/rbtree_op.o CC shared/cluster_utils.o shared/mem_op.c: In function ‘os_LoadString’: shared/mem_op.c:112:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ shared/mem_op.c:101:26: note: length computed here size_t strsize = strlen(str); ^~~~~~~~~~~ CC shared/integrity_op.o CC shared/time_op.o CC shared/syscheck_op.o CC shared/queue_linked_op.o CC shared/yaml2json.o CC shared/vector_op.o CC shared/report_op.o CC shared/audit_op.o CC shared/sym_load.o CC shared/wait_op.o CC shared/help.o CC shared/labels_op.o CC shared/auth_client.o CC shared/list_op.o CC shared/privsep_op.o CC shared/url.o CC shared/b64.o CC shared/custom_output_search_replace.o CC shared/debug_op.o CC shared/math_op.o CC shared/atomic.o shared/custom_output_search_replace.c: In function ‘searchAndReplace’: shared/custom_output_search_replace.c:51:9: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(tmp + tmp_offset, value, value_len); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ shared/custom_output_search_replace.c:19:30: note: length computed here const size_t value_len = strlen(value); ^~~~~~~~~~~~~ CC shared/rules_op.o CC shared/regex_op.o CC shared/read-agents.o CC shared/version_op.o CC shared/remoted_op.o CC shared/mq_op.o CC shared/hash_op.o CC shared/notify_op.o CC shared/buffer_op.o shared/read-agents.c: In function ‘_do_print_syscheck’: shared/read-agents.c:431:17: warning: ‘strncpy’ output may be truncated copying 23 bytes from a string of length 24 [-Wstringop-truncation] strncpy(saved_read_day, read_day, 23); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC shared/validate_op.o CC shared/sig_op.o CC shared/json_op.o CC shared/schedule_scan.o CC shared/string_op.o shared/validate_op.c: In function ‘__gethour’: shared/validate_op.c:541:38: warning: ‘%02d’ directive output may be truncated writing between 2 and 11 bytes into a region of size 6 [-Wformat-truncation=] snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin); ^~~~ shared/validate_op.c:541:37: note: directive argument in the range [-2147483636, 2147483647] snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin); ^~~~~~~~~~~ shared/validate_op.c:541:13: note: ‘snprintf’ output between 6 and 24 bytes into a destination of size 6 snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC shared/expression.o CC shared/sysinfo_utils.o CC shared/bqueue_op.o CC shared/queue_op.o CC shared/utf8_op.o CC shared/randombytes.o CC shared/agent_op.o CC shared/wazuhdb_op.o shared/string_op.c: In function ‘wstr_split’: shared/string_op.c:504:17: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(new_term_it, acc_strs[count], strlen(acc_strs[count])); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ shared/string_op.c:501:21: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(new_term_it, new_delim, new_delim_size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ shared/string_op.c:461:29: note: length computed here size_t new_delim_size = strlen(replace_delim ? replace_delim : delim); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC os_net/os_net.o CC os_regex/os_regex_match.o CC os_regex/os_regex.o CC os_regex/os_regex_str.o CC os_regex/os_match.o CC os_regex/os_regex_compile.o CC os_regex/os_regex_startswith.o CC os_regex/os_regex_free_pattern.o CC os_regex/os_match_compile.o CC os_regex/os_match_free_pattern.o CC os_regex/os_regex_maps.o CC os_regex/os_regex_strbreak.o CC os_regex/os_regex_execute.o CC os_regex/os_match_execute.o CC os_xml/os_xml_variables.o CC os_xml/os_xml.o CC os_xml/os_xml_access.o CC os_xml/os_xml_node_access.o CC os_xml/os_xml_writer.o CC os_zlib/os_zlib.o CC os_auth/ssl.o CC os_auth/check_cert.o CC addagent/validate.o CC analysisd/logmsg.o CC os_csyslogd/config.o CC os_csyslogd/csyscom.o CC os_csyslogd/main.o CC os_csyslogd/csyslogd.o addagent/validate.c: In function ‘OS_AddNewAgent’: addagent/validate.c:50:27: warning: ‘%03d’ directive output may be truncated writing between 3 and 11 bytes into a region of size 9 [-Wformat-truncation=] snprintf(_id, 9, "%03d", ++keys->id_counter); ^~~~ addagent/validate.c:50:26: note: directive argument in the range [-2147483647, 2147483647] snprintf(_id, 9, "%03d", ++keys->id_counter); ^~~~~~ addagent/validate.c:50:9: note: ‘snprintf’ output between 4 and 12 bytes into a destination of size 9 snprintf(_id, 9, "%03d", ++keys->id_counter); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC os_csyslogd/alert.o CC agentlessd/lessdcom.o CC agentlessd/main.o CC agentlessd/agentlessd.o CC os_execd/exec.o CC os_execd/config.o CC os_execd/execd.o CC os_execd/win_execd.o CC os_execd/wcom.o CC active-response/active_responses.o os_execd/exec.c: In function ‘ReadExecConfig’: os_execd/exec.c:72:9: warning: ‘strncpy’ output may be truncated copying 256 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(exec_names[exec_size], str_pt, OS_FLSIZE); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC logcollector/read_ossecalert.o CC logcollector/read_command.o CC logcollector/state.o CC logcollector/read_djb_multilog.o CC logcollector/read_postgresql_log.o CC logcollector/main.o CC logcollector/read_ucs2_le.o CC logcollector/config.o CC logcollector/read_win_el.o CC logcollector/lccom.o logcollector/read_postgresql_log.c: In function ‘read_postgresql_log’: logcollector/read_postgresql_log.c:114:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(buffer, str, str_len + 2); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logcollector/read_postgresql_log.c:106:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(buffer, str, str_len + 2); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC logcollector/read_macos.o CC logcollector/read_mssql_log.o CC logcollector/read_json.o CC logcollector/read_win_event_channel.o CC logcollector/read_syslog.o CC logcollector/macos_log.o CC logcollector/read_audit.o CC logcollector/read_multiline_regex.o CC logcollector/read_nmapg.o CC logcollector/logcollector.o CC logcollector/read_mysql_log.o logcollector/read_mssql_log.c: In function ‘read_mssql_log’: logcollector/read_mssql_log.c:117:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(buffer, str, str_len + 2); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logcollector/read_mssql_log.c:108:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(buffer, str, str_len + 2); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logcollector/read_audit.c: In function ‘audit_send_msg’: logcollector/read_audit.c:31:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(message + n, cache[i], z); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logcollector/read_audit.c:25:13: note: length computed here z = strlen(cache[i]); ^~~~~~~~~~~~~~~~ CC logcollector/read_ucs2_be.o CC logcollector/read_multiline.o CC logcollector/read_fullcommand.o CC logcollector/read_snortfull.o CC remoted/manager.o logcollector/read_nmapg.c: In function ‘read_nmapg’: logcollector/read_nmapg.c:246:13: warning: ‘strncat’ output may be truncated copying between 27 and 65533 bytes from a string of length 65536 [-Wstringop-truncation] strncat(final_msg, buffer, final_msg_s); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC remoted/sendmsg.o CC remoted/request.o logcollector/read_snortfull.c: In function ‘read_snortfull’: logcollector/read_snortfull.c:54:17: warning: ‘strncpy’ output may be truncated copying 65536 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(f_msg, str, OS_MAXSTR); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logcollector/read_multiline.c: In function ‘read_multiline’: logcollector/read_multiline.c:96:9: warning: ‘strncpy’ output may be truncated copying between 0 and 65534 bytes from a string of length 65536 [-Wstringop-truncation] strncpy(buffer + buffer_size, str, OS_MAXSTR - buffer_size - 2); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC remoted/cfga-forward.o CC remoted/queue.o CC remoted/ar-forward.o CC remoted/netcounter.o In function ‘find_group_from_file’, inlined from ‘lookfor_agent_group’ at remoted/manager.c:1371:41: remoted/manager.c:1209:21: warning: ‘strncpy’ specified bound 65536 equals destination size [-Wstringop-truncation] strncpy(group, groups[i]->name, OS_SIZE_65536); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘find_multi_group_from_file’, inlined from ‘lookfor_agent_group’ at remoted/manager.c:1371:84: remoted/manager.c:1228:21: warning: ‘strncpy’ specified bound 65536 equals destination size [-Wstringop-truncation] strncpy(multigroup, multi_groups[i]->name, OS_SIZE_65536); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC remoted/config.o remoted/manager.c: In function ‘validate_shared_files’: remoted/manager.c:1071:17: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation] strncpy((*f_sum)[(*f_size)]->sum, md5sum, 32); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC remoted/secure.o CC remoted/remoted.o remoted/manager.c: In function ‘c_group’: remoted/manager.c:525:13: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation] strncpy((*_f_sum)[0]->sum, md5sum, 32); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ remoted/manager.c:541:13: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation] strncpy((*_f_sum)[f_size]->sum, md5sum, 32); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ remoted/manager.c:568:9: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation] strncpy((*_f_sum)[0]->sum, md5sum, 32); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC remoted/state.o CC remoted/main.o CC remoted/syslog.o In function ‘HandleSecureMessage’, inlined from ‘rem_handler_main’ at remoted/secure.c:349:13: remoted/secure.c:476:17: warning: ‘strncpy’ specified bound 129 equals destination size [-Wstringop-truncation] strncpy(agname, keys.keyentries[id]->name, sizeof(agname)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ remoted/manager.c: In function ‘process_deleted_multi_groups’: remoted/manager.c:950:17: warning: ‘strncpy’ output may be truncated copying 8 bytes from a string of length 64 [-Wstringop-truncation] strncpy(_hash, multi_group_hash, 8); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC remoted/shared_download.o CC remoted/syslogtcp.o CC remoted/netbuffer.o CC client-agent/sendmsg.o CC client-agent/request.o remoted/manager.c: In function ‘send_file_toagent.constprop’: remoted/manager.c:1417:13: warning: ‘strncpy’ output may be truncated copying 8 bytes from a string of length 64 [-Wstringop-truncation] strncpy(_hash, multi_group_hash, 8); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC client-agent/config.o CC client-agent/agentd.o CC client-agent/event-forward.o CC client-agent/rotate_log.o CC client-agent/state.o CC client-agent/receiver-win.o CC client-agent/main.o CC client-agent/restart_agent.o CC client-agent/receiver.o CC client-agent/buffer.o CC client-agent/start_agent.o CC client-agent/agcom.o CC client-agent/notify.o CC monitord/rotate_log.o CC monitord/compress_log.o CC addagent/read_from_user.o CC addagent/main.o CC addagent/manage_keys.o CC addagent/manage_agents.o CC util/clear_stats.o CC util/agent_control.o monitord/rotate_log.c: In function ‘w_rotate_log’: monitord/rotate_log.c:211:42: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:211:13: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ monitord/rotate_log.c:244:38: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:244:9: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ monitord/rotate_log.c:244:38: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:244:9: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ monitord/rotate_log.c:288:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:288:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ monitord/rotate_log.c:298:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:298:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ monitord/rotate_log.c:308:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:308:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ monitord/rotate_log.c:318:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~ monitord/rotate_log.c:318:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC util/verify-agent-conf.o CC util/wazuh-regex.o CC util/parallel-regex.o CC active-response/firewalls/default-firewall-drop.o CC shared/file_op_proc.o CC shared/debug_op_proc.o CC active-response/firewalls/pf.o CC active-response/firewalls/npf.o CC active-response/firewalls/ipfw.o CC active-response/firewalld-drop.o active-response/firewalls/default-firewall-drop.c: In function ‘main’: active-response/firewalls/default-firewall-drop.c:102:13: warning: ‘strncpy’ output may be truncated copying 4095 bytes from a string of length 4095 [-Wstringop-truncation] strncpy(iptables, iptables_path, COMMANDSIZE_4096 - 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC active-response/disable-account.o CC active-response/host-deny.o CC active-response/ip-customblock.o CC active-response/restart-wazuh.o CC active-response/route-null.o CC active-response/kaspersky.o CC active-response/wazuh-slack.o active-response/firewalld-drop.c: In function ‘main’: active-response/firewalld-drop.c:110:13: warning: ‘strncpy’ output may be truncated copying 4095 bytes from a string of length 4095 [-Wstringop-truncation] strncpy(fw_cmd, fw_cmd_path, COMMANDSIZE_4096 - 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC syscheckd/db/schema_fim_db.o CC syscheckd/create_db.o CC syscheckd/syscom.o CC syscheckd/syscheck.o CC syscheckd/config.o CC syscheckd/fim_diff_changes.o CC syscheckd/fim_sync.o CC syscheckd/run_check.o CC syscheckd/main.o CC syscheckd/run_realtime.o CC syscheckd/db/fim_db.o CC syscheckd/db/fim_db_files.o CC syscheckd/db/fim_db_registries.o CC syscheckd/whodata/audit_healthcheck.o CC syscheckd/whodata/audit_rule_handling.o CC syscheckd/whodata/syscheck_audit.o CC syscheckd/whodata/audit_parse.o CC syscheckd/whodata/win_whodata.o CC syscheckd/registry/registry.o CC syscheckd/registry/events.o CC rootcheck/config.o CC rootcheck/check_rc_files.o CC rootcheck/win-process.o CC rootcheck/check_rc_ports.o CC rootcheck/common_rcl.o CC rootcheck/unix-process.o CC rootcheck/common.o CC rootcheck/rootcheck.o CC rootcheck/check_rc_if.o CC rootcheck/check_open_ports.o CC rootcheck/os_string.o CC rootcheck/win-common.o rootcheck/unix-process.c: In function ‘os_get_process_list’: rootcheck/unix-process.c:28:40: warning: ‘ -p ’ directive output may be truncated writing 4 bytes into a region of size between 0 and 1024 [-Wformat-truncation=] snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid); ^~~~ rootcheck/unix-process.c:28:37: note: directive argument in the range [1, 32769] snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid); ^~~~~~~~~~~~~~~~~~~~~~~ rootcheck/unix-process.c:28:5: note: ‘snprintf’ output between 19 and 1047 bytes into a destination of size 1024 snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ./headers/shared.h:220, from rootcheck/common.c:11: In function ‘is_file.part.1’, inlined from ‘is_file’ at rootcheck/common.c:446:5: ./headers/debug_op.h:46:32: warning: argument 6 null where non-null expected [-Wnonnull] #define mterror(tag, msg, ...) _mterror(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ rootcheck/common.c:454:9: note: in expansion of macro ‘mterror’ mterror(ARGV0, "RK: Invalid file name: %s!", file_name); ^~~~~~~ In file included from ./headers/shared.h:220, from rootcheck/common.c:11: rootcheck/common.c: In function ‘is_file’: ./headers/debug_op.h:61:6: note: in a call to function ‘_mterror’ declared here void _mterror(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); ^~~~~~~~ CC rootcheck/check_rc_readproc.o CC rootcheck/check_rc_dev.o rootcheck/check_rc_if.c: In function ‘check_rc_if’: rootcheck/check_rc_if.c:87:9: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] strncpy(_ifr.ifr_name, _ir->ifr_name, sizeof(_ifr.ifr_name)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC rootcheck/check_rc_sys.o CC rootcheck/run_rk_check.o CC rootcheck/check_rc_policy.o CC rootcheck/check_rc_pids.o CC rootcheck/check_rc_trojans.o rootcheck/check_rc_dev.c: In function ‘read_dev_dir’: rootcheck/check_rc_dev.c:41:47: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 1018 [-Wformat-truncation=] snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev." ^~ rootcheck/check_rc_dev.c:140:23: read_dev_file(f_name); ~~~~~~ rootcheck/check_rc_dev.c:41:9: note: ‘snprintf’ output between 47 and 4144 bytes into a destination of size 1024 snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev." ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ " Possible hidden file.", file_name); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC monitord/sign_log.o CC monitord/manage_files.o rootcheck/check_rc_sys.c: In function ‘read_sys_dir’: rootcheck/check_rc_sys.c:93:52: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 998 [-Wformat-truncation=] snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file " ^~~~~~~~~~~~~~~~~~~~~~~~~~~ rootcheck/check_rc_sys.c:284:23: read_sys_file(f_name, do_read); ~~~~~~ rootcheck/check_rc_sys.c:94:32: note: format string is defined here "'%s'. File size doesn't match what we found. " ^~ rootcheck/check_rc_sys.c:93:21: note: ‘snprintf’ output between 99 and 4196 bytes into a destination of size 1024 snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file " ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "'%s'. File size doesn't match what we found. " ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Possible kernel level rootkit.", ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ file_name); ~~~~~~~~~~ rootcheck/check_rc_sys.c:122:51: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 1018 [-Wformat-truncation=] snprintf(op_msg, OS_SIZE_1024, "File '%s' is owned by root " ^~ rootcheck/check_rc_sys.c:284:23: read_sys_file(f_name, do_read); ~~~~~~ rootcheck/check_rc_sys.c:122:13: note: ‘snprintf’ output between 64 and 4161 bytes into a destination of size 1024 snprintf(op_msg, OS_SIZE_1024, "File '%s' is owned by root " ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "and has written permissions to anyone.", file_name); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ rootcheck/check_rc_sys.c:40:67: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 998 [-Wformat-truncation=] snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file '%s'. " ^~ rootcheck/check_rc_sys.c:284:23: read_sys_file(f_name, do_read); ~~~~~~ rootcheck/check_rc_sys.c:40:9: note: ‘snprintf’ output between 106 and 4203 bytes into a destination of size 1024 snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file '%s'. " ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Hidden from stats, but showing up on readdir. " ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Possible kernel level rootkit.", ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ file_name); ~~~~~~~~~~ CC monitord/moncom.o CC monitord/monitord.o CC monitord/main.o CC monitord/generate_reports.o CC monitord/monitor_actions.o CC reportd/report.o CC os_auth/main-server.o CC os_auth/local-server.o CC os_auth/config.o CC os_auth/authcom.o CC os_auth/auth.o ./analysisd/compiled_rules/register_rule.sh build CC analysisd/output/jsonout.o CC analysisd/output/prelude.o CC analysisd/output/zeromq.o CC analysisd/format/json_extended.o CC analysisd/format/to_json.o CC analysisd/alerts/exec.o CC analysisd/alerts/log.o CC analysisd/alerts/getloglocation.o CC analysisd/cdb/cdb_hash.o CC analysisd/cdb/uint32_pack.o CC analysisd/cdb/uint32_unpack.o CC analysisd/cdb/cdb_make.o CC analysisd/cdb/cdb.o analysisd/alerts/getloglocation.c: In function ‘openlog’: analysisd/alerts/getloglocation.c:134:13: warning: ‘strncpy’ output may be truncated copying 256 bytes from a string of length 256 [-Wstringop-truncation] strncpy(path, next, OS_FLSIZE); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC analysisd/decoders/decoder-live.o CC analysisd/decoders/hostinfo-live.o CC analysisd/decoders/decode-xml-live.o CC analysisd/decoders/winevtchannel-live.o CC analysisd/decoders/dbsync-live.o CC analysisd/decoders/syscheck-live.o CC analysisd/decoders/plugin_decoders-live.o *Build completed. analysisd/decoders/decode-xml.c: In function ‘_loadmemory’: analysisd/decoders/decode-xml.c:901:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/decoders/decode-xml.c:880:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ CC analysisd/decoders/syscollector-live.o CC analysisd/decoders/security_configuration_assessment-live.o CC analysisd/decoders/geoip-live.o CC analysisd/decoders/rootcheck-live.o CC analysisd/decoders/ciscat-live.o CC analysisd/decoders/decoders_list-live.o CC analysisd/decoders/plugins/pf_decoder-live.o CC analysisd/decoders/plugins/json_decoder-live.o CC analysisd/decoders/plugins/sonicwall_decoder-live.o CC analysisd/decoders/plugins/symantecws_decoder-live.o CC analysisd/decoders/plugins/ossecalert_decoder-live.o CC analysisd/compiled_rules/generic_samples-live.o CC analysisd/rules_list-test.o CC analysisd/state-test.o CC analysisd/stats-test.o CC analysisd/mitre-test.o CC analysisd/lists-test.o CC analysisd/active-response-test.o CC analysisd/fts-test.o CC analysisd/lists_list-test.o CC analysisd/config-test.o CC analysisd/labels-test.o CC analysisd/cleanevent-test.o CC analysisd/asyscom-test.o CC analysisd/eventinfo-test.o CC analysisd/eventinfo_list-test.o CC analysisd/ar_json-test.o CC analysisd/lists_make-test.o CC analysisd/config_json-test.o CC analysisd/logtest-test.o CC analysisd/accumulator-test.o CC analysisd/rules-test.o CC analysisd/dodiff-test.o CC analysisd/testrule-test.o CC analysisd/analysisd-test.o analysisd/eventinfo.c: In function ‘ParseRuleComment’: analysisd/eventinfo.c:909:9: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(&final[n], str, z); ^~~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/eventinfo.c:906:22: note: length computed here if (n + (z = strlen(str)) >= OS_COMMENT_MAX) ^~~~~~~~~~~ analysisd/eventinfo.c:975:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(&final[n], field, z); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/eventinfo.c:972:26: note: length computed here if (n + (z = strlen(field)) >= OS_COMMENT_MAX) ^~~~~~~~~~~~~ analysisd/eventinfo.c:983:5: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(&final[n], str, z); ^~~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/eventinfo.c:980:18: note: length computed here if (n + (z = strlen(str)) >= OS_COMMENT_MAX) ^~~~~~~~~~~ CC analysisd/decoders/hostinfo-test.o CC analysisd/decoders/decoder-test.o CC analysisd/decoders/decode-xml-test.o CC analysisd/decoders/winevtchannel-test.o analysisd/rules.c: In function ‘loadmemory’: analysisd/rules.c:2033:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/rules.c:2009:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ CC analysisd/decoders/dbsync-test.o CC analysisd/decoders/syscheck-test.o CC analysisd/decoders/plugin_decoders-test.o CC analysisd/decoders/syscollector-test.o analysisd/decoders/decode-xml.c: In function ‘_loadmemory’: analysisd/decoders/decode-xml.c:901:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/decoders/decode-xml.c:880:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ CC analysisd/decoders/security_configuration_assessment-test.o CC analysisd/decoders/geoip-test.o analysisd/analysisd.c: In function ‘w_log_rotate_thread’: analysisd/analysisd.c:2207:17: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation] strncpy(prev_month, mon, 3); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ CC analysisd/decoders/rootcheck-test.o analysisd/analysisd.c: In function ‘OS_ReadMSG_analysisd’: analysisd/analysisd.c:909:9: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation] strncpy(lf->mon, prev_month, 3); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC analysisd/decoders/ciscat-test.o CC analysisd/decoders/decoders_list-test.o CC analysisd/decoders/plugins/pf_decoder-test.o CC analysisd/decoders/plugins/json_decoder-test.o CC analysisd/decoders/plugins/sonicwall_decoder-test.o CC analysisd/decoders/plugins/symantecws_decoder-test.o CC analysisd/decoders/plugins/ossecalert_decoder-test.o CC analysisd/compiled_rules/generic_samples-test.o CC os_dbd/config.o CC os_dbd/db_op.o CC os_dbd/rules.o CC os_dbd/main.o CC os_dbd/server.o CC os_dbd/alert.o CC os_dbd/dbd.o CC os_integrator/integrator.o CC os_integrator/intgcom.o CC os_integrator/config.o CC os_integrator/main.o CC wazuh_modules/main.o CC wazuh_db/main.o LINK libwazuh.a CC libwazuhshared.so LINK rootcheck.a CC analysisd/rules_list-live.o CC analysisd/state-live.o RANLIB rootcheck.a CC analysisd/stats-live.o CC analysisd/mitre-live.o RANLIB libwazuh.a CC analysisd/lists-live.o CC analysisd/active-response-live.o CC analysisd/fts-live.o CC analysisd/lists_list-live.o CC analysisd/config-live.o CC analysisd/labels-live.o CC analysisd/cleanevent-live.o CC analysisd/asyscom-live.o CC analysisd/eventinfo-live.o CC analysisd/eventinfo_list-live.o CC analysisd/ar_json-live.o CC analysisd/lists_make-live.o CC analysisd/config_json-live.o CC analysisd/logtest-live.o CC analysisd/accumulator-live.o CC analysisd/rules-live.o CC analysisd/dodiff-live.o CC analysisd/analysisd-live.o LINK alerts.a analysisd/eventinfo.c: In function ‘ParseRuleComment’: analysisd/eventinfo.c:909:9: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(&final[n], str, z); ^~~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/eventinfo.c:906:22: note: length computed here if (n + (z = strlen(str)) >= OS_COMMENT_MAX) ^~~~~~~~~~~ analysisd/eventinfo.c:975:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(&final[n], field, z); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/eventinfo.c:972:26: note: length computed here if (n + (z = strlen(field)) >= OS_COMMENT_MAX) ^~~~~~~~~~~~~ analysisd/eventinfo.c:983:5: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(&final[n], str, z); ^~~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/eventinfo.c:980:18: note: length computed here if (n + (z = strlen(str)) >= OS_COMMENT_MAX) ^~~~~~~~~~~ LINK cdb.a LINK decoders-live.a LINK decoders-test.a RANLIB cdb.a CC wazuh-dbd CC wazuh-integratord CC wazuh-modulesd analysisd/rules.c: In function ‘loadmemory’: analysisd/rules.c:2033:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncat(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ analysisd/rules.c:2009:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(at, str, strsize); ^~~~~~~~~~~~~~~~~~~~~~~~~ CC wazuh-db CC wazuh-maild CC wazuh-csyslogd CC wazuh-agentlessd CC wazuh-execd CC wazuh-logcollector CC wazuh-remoted CC wazuh-agentd CC manage_agents CC clear_stats CC agent_control CC verify-agent-conf analysisd/analysisd.c: In function ‘w_log_rotate_thread’: analysisd/analysisd.c:2207:17: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation] strncpy(prev_month, mon, 3); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ CC wazuh-regex CC parallel-regex CC default-firewall-drop CC pf CC npf analysisd/analysisd.c: In function ‘OS_ReadMSG’: analysisd/analysisd.c:909:9: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation] strncpy(lf->mon, prev_month, 3); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ipfw CC firewalld-drop CC disable-account CC host-deny CC ip-customblock CC restart-wazuh CC route-null CC kaspersky CC wazuh-slack CC wazuh-syscheckd CC wazuh-monitord CC wazuh-reportd CC wazuh-authd CC wazuh-logtest-legacy CC wazuh-analysisd make[1]: Leaving directory '/wz/wazuh-4.3.6-rc1/src' make settings make[1]: Entering directory '/wz/wazuh-4.3.6-rc1/src' General settings: TARGET: server V: DEBUG: DEBUGAD INSTALLDIR: /var/ossec DATABASE: ONEWAY: no CLEANFULL: no RESOURCES_URL: https://packages.wazuh.com/deps/16 EXTERNAL_SRC_ONLY: User settings: WAZUH_GROUP: wazuh WAZUH_USER: wazuh USE settings: USE_ZEROMQ: no USE_GEOIP: no USE_PRELUDE: no USE_INOTIFY: no USE_BIG_ENDIAN: no USE_SELINUX: yes USE_AUDIT: yes DISABLE_SYSC: no DISABLE_CISCAT: no Mysql settings: includes: libs: Pgsql settings: includes: libs: Defines: -DOSSECHIDS -DUSER="wazuh" -DGROUPGLOBAL="wazuh" -DLinux -DINOTIFY_ENABLED -D_XOPEN_SOURCE=600 -D_GNU_SOURCE -DENABLE_SYSC -DENABLE_CISCAT -DENABLE_AUDIT Compiler: CFLAGS -pthread -Iexternal/libdb/build_unix/ -Iexternal/pacman/lib/libalpm/ -Iexternal/libarchive/libarchive -Wl,--start-group -Iexternal/audit-userspace/lib -DNDEBUG -O2 -DOSSECHIDS -DUSER="wazuh" -DGROUPGLOBAL="wazuh" -DLinux -DINOTIFY_ENABLED -D_XOPEN_SOURCE=600 -D_GNU_SOURCE -DENABLE_SYSC -DENABLE_CISCAT -DENABLE_AUDIT -pipe -Wall -Wextra -std=gnu99 -I./ -I./headers/ -Iexternal/openssl/include -Iexternal/cJSON/ -Iexternal/libyaml/include -Iexternal/curl/include -Iexternal/msgpack/include -Iexternal/bzip2/ -Ishared_modules/common -Ishared_modules/dbsync/include -Ishared_modules/rsync/include -Iwazuh_modules/syscollector/include -Idata_provider/include -Iexternal/libpcre2/include -Iexternal/rpm//builddir/output/include LDFLAGS '-Wl,-rpath,/../lib' -pthread -lrt -ldl -O2 -Lshared_modules/dbsync/build/lib -Lshared_modules/rsync/build/lib -Lwazuh_modules/syscollector/build/lib -Ldata_provider/build/lib LIBS -lrt -ldl -lm CC cc MAKE make make[1]: Leaving directory '/wz/wazuh-4.3.6-rc1/src' Done building server Wait for success... success Removing old SCA policies... Installing SCA policies... Installing additional SCA policies... mkdir -p /var/ossec/framework/python cp external/cpython.tar.gz /var/ossec/framework/python/cpython.tar.gz && tar -xf /var/ossec/framework/python/cpython.tar.gz -C /var/ossec/framework/python && rm -rf /var/ossec/framework/python/cpython.tar.gz find /var/ossec/framework/python -name "*libpython3.9.so.1.0" -exec ln -f {} /var/ossec/lib/libpython3.9.so.1.0 \; cd ../framework && /var/ossec/framework/python/bin/python3 setup.py clean --all install --prefix=/var/ossec/framework/python --wazuh-version=v4.3.6 --install-type=server running clean 'build/lib' does not exist -- can't clean it 'build/bdist.linux-x86_64' does not exist -- can't clean it 'build/scripts-3.9' does not exist -- can't clean it running install running bdist_egg running egg_info creating wazuh.egg-info writing wazuh.egg-info/PKG-INFO writing dependency_links to wazuh.egg-info/dependency_links.txt writing top-level names to wazuh.egg-info/top_level.txt writing manifest file 'wazuh.egg-info/SOURCES.txt' reading manifest file 'wazuh.egg-info/SOURCES.txt' writing manifest file 'wazuh.egg-info/SOURCES.txt' installing library code to build/bdist.linux-x86_64/egg running install_lib running build_py creating build creating build/lib creating build/lib/wazuh copying wazuh/__init__.py -> build/lib/wazuh copying wazuh/__main__.py -> build/lib/wazuh copying wazuh/active_response.py -> build/lib/wazuh copying wazuh/agent.py -> build/lib/wazuh copying wazuh/cdb_list.py -> build/lib/wazuh copying wazuh/ciscat.py -> build/lib/wazuh copying wazuh/cluster.py -> build/lib/wazuh copying wazuh/decoder.py -> build/lib/wazuh copying wazuh/logtest.py -> build/lib/wazuh copying wazuh/manager.py -> build/lib/wazuh copying wazuh/mitre.py -> build/lib/wazuh copying wazuh/rootcheck.py -> build/lib/wazuh copying wazuh/rule.py -> build/lib/wazuh copying wazuh/sca.py -> build/lib/wazuh copying wazuh/security.py -> build/lib/wazuh copying wazuh/stats.py -> build/lib/wazuh copying wazuh/syscheck.py -> build/lib/wazuh copying wazuh/syscollector.py -> build/lib/wazuh copying wazuh/task.py -> build/lib/wazuh copying wazuh/vulnerability.py -> build/lib/wazuh creating build/lib/wazuh/core copying wazuh/core/InputValidator.py -> build/lib/wazuh/core copying wazuh/core/__init__.py -> build/lib/wazuh/core copying wazuh/core/active_response.py -> build/lib/wazuh/core copying wazuh/core/agent.py -> build/lib/wazuh/core copying wazuh/core/cdb_list.py -> build/lib/wazuh/core copying wazuh/core/common.py -> build/lib/wazuh/core copying wazuh/core/configuration.py -> build/lib/wazuh/core copying wazuh/core/database.py -> build/lib/wazuh/core copying wazuh/core/decoder.py -> build/lib/wazuh/core copying wazuh/core/exception.py -> build/lib/wazuh/core copying wazuh/core/logtest.py -> build/lib/wazuh/core copying wazuh/core/manager.py -> build/lib/wazuh/core copying wazuh/core/mitre.py -> build/lib/wazuh/core copying wazuh/core/pyDaemonModule.py -> build/lib/wazuh/core copying wazuh/core/results.py -> build/lib/wazuh/core copying wazuh/core/rootcheck.py -> build/lib/wazuh/core copying wazuh/core/rule.py -> build/lib/wazuh/core copying wazuh/core/sca.py -> build/lib/wazuh/core copying wazuh/core/security.py -> build/lib/wazuh/core copying wazuh/core/stats.py -> build/lib/wazuh/core copying wazuh/core/syscheck.py -> build/lib/wazuh/core copying wazuh/core/syscollector.py -> build/lib/wazuh/core copying wazuh/core/task.py -> build/lib/wazuh/core copying wazuh/core/utils.py -> build/lib/wazuh/core copying wazuh/core/vulnerability.py -> build/lib/wazuh/core copying wazuh/core/wazuh_queue.py -> build/lib/wazuh/core copying wazuh/core/wazuh_socket.py -> build/lib/wazuh/core copying wazuh/core/wdb.py -> build/lib/wazuh/core copying wazuh/core/wlogging.py -> build/lib/wazuh/core creating build/lib/wazuh/rbac copying wazuh/rbac/__init__.py -> build/lib/wazuh/rbac copying wazuh/rbac/auth_context.py -> build/lib/wazuh/rbac copying wazuh/rbac/decorators.py -> build/lib/wazuh/rbac copying wazuh/rbac/orm.py -> build/lib/wazuh/rbac copying wazuh/rbac/preprocessor.py -> build/lib/wazuh/rbac copying wazuh/rbac/utils.py -> build/lib/wazuh/rbac creating build/lib/wazuh/core/cluster copying wazuh/core/cluster/__init__.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/client.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/cluster.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/common.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/control.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/local_client.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/local_server.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/master.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/server.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/utils.py -> build/lib/wazuh/core/cluster copying wazuh/core/cluster/worker.py -> build/lib/wazuh/core/cluster creating build/lib/wazuh/core/cluster/dapi copying wazuh/core/cluster/dapi/__init__.py -> build/lib/wazuh/core/cluster/dapi copying wazuh/core/cluster/dapi/dapi.py -> build/lib/wazuh/core/cluster/dapi copying wazuh/core/wazuh.json -> build/lib/wazuh/core copying wazuh/core/cluster/cluster.json -> build/lib/wazuh/core/cluster creating build/lib/wazuh/rbac/default copying wazuh/rbac/default/policies.yaml -> build/lib/wazuh/rbac/default copying wazuh/rbac/default/relationships.yaml -> build/lib/wazuh/rbac/default copying wazuh/rbac/default/roles.yaml -> build/lib/wazuh/rbac/default copying wazuh/rbac/default/rules.yaml -> build/lib/wazuh/rbac/default copying wazuh/rbac/default/users.yaml -> build/lib/wazuh/rbac/default creating build/bdist.linux-x86_64 creating build/bdist.linux-x86_64/egg creating build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/__init__.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/__main__.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/active_response.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/agent.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/cdb_list.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/ciscat.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/cluster.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/decoder.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/logtest.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/manager.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/mitre.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/rootcheck.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/rule.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/sca.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/security.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/stats.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/syscheck.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/syscollector.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/task.py -> build/bdist.linux-x86_64/egg/wazuh copying build/lib/wazuh/vulnerability.py -> build/bdist.linux-x86_64/egg/wazuh creating build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/InputValidator.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/active_response.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/agent.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/cdb_list.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/common.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/configuration.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/database.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/decoder.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/exception.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/logtest.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/manager.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/mitre.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/pyDaemonModule.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/results.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/rootcheck.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/rule.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/sca.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/security.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/stats.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/syscheck.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/syscollector.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/task.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/utils.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/vulnerability.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/wazuh_queue.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/wazuh_socket.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/wdb.py -> build/bdist.linux-x86_64/egg/wazuh/core copying build/lib/wazuh/core/wlogging.py -> build/bdist.linux-x86_64/egg/wazuh/core creating build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/client.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/cluster.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/common.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/control.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/local_client.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/local_server.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/master.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/server.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/utils.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/cluster/worker.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster creating build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi copying build/lib/wazuh/core/cluster/dapi/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi copying build/lib/wazuh/core/cluster/dapi/dapi.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi copying build/lib/wazuh/core/cluster/cluster.json -> build/bdist.linux-x86_64/egg/wazuh/core/cluster copying build/lib/wazuh/core/wazuh.json -> build/bdist.linux-x86_64/egg/wazuh/core creating build/bdist.linux-x86_64/egg/wazuh/rbac copying build/lib/wazuh/rbac/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/rbac copying build/lib/wazuh/rbac/auth_context.py -> build/bdist.linux-x86_64/egg/wazuh/rbac copying build/lib/wazuh/rbac/decorators.py -> build/bdist.linux-x86_64/egg/wazuh/rbac copying build/lib/wazuh/rbac/orm.py -> build/bdist.linux-x86_64/egg/wazuh/rbac copying build/lib/wazuh/rbac/preprocessor.py -> build/bdist.linux-x86_64/egg/wazuh/rbac copying build/lib/wazuh/rbac/utils.py -> build/bdist.linux-x86_64/egg/wazuh/rbac creating build/bdist.linux-x86_64/egg/wazuh/rbac/default copying build/lib/wazuh/rbac/default/policies.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default copying build/lib/wazuh/rbac/default/relationships.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default copying build/lib/wazuh/rbac/default/roles.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default copying build/lib/wazuh/rbac/default/rules.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default copying build/lib/wazuh/rbac/default/users.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default byte-compiling build/bdist.linux-x86_64/egg/wazuh/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/__main__.py to __main__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/active_response.py to active_response.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/agent.py to agent.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/cdb_list.py to cdb_list.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/ciscat.py to ciscat.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/cluster.py to cluster.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/decoder.py to decoder.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/logtest.py to logtest.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/manager.py to manager.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/mitre.py to mitre.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rootcheck.py to rootcheck.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rule.py to rule.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/sca.py to sca.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/security.py to security.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/stats.py to stats.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/syscheck.py to syscheck.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/syscollector.py to syscollector.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/task.py to task.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/vulnerability.py to vulnerability.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/InputValidator.py to InputValidator.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/active_response.py to active_response.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/agent.py to agent.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cdb_list.py to cdb_list.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/common.py to common.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/configuration.py to configuration.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/database.py to database.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/decoder.py to decoder.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/exception.py to exception.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/logtest.py to logtest.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/manager.py to manager.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/mitre.py to mitre.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/pyDaemonModule.py to pyDaemonModule.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/results.py to results.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/rootcheck.py to rootcheck.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/rule.py to rule.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/sca.py to sca.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/security.py to security.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/stats.py to stats.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/syscheck.py to syscheck.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/syscollector.py to syscollector.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/task.py to task.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/utils.py to utils.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/vulnerability.py to vulnerability.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wazuh_queue.py to wazuh_queue.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wazuh_socket.py to wazuh_socket.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wdb.py to wdb.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wlogging.py to wlogging.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/client.py to client.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/cluster.py to cluster.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/common.py to common.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/control.py to control.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/local_client.py to local_client.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/local_server.py to local_server.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/master.py to master.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/server.py to server.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/utils.py to utils.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/worker.py to worker.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi/dapi.py to dapi.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/auth_context.py to auth_context.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/decorators.py to decorators.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/orm.py to orm.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/preprocessor.py to preprocessor.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/utils.py to utils.cpython-39.pyc creating build/bdist.linux-x86_64/egg/EGG-INFO copying wazuh.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO copying wazuh.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying wazuh.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying wazuh.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO copying wazuh.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO creating dist creating 'dist/wazuh-4.3.6-py3.9.egg' and adding 'build/bdist.linux-x86_64/egg' to it removing 'build/bdist.linux-x86_64/egg' (and everything under it) Processing wazuh-4.3.6-py3.9.egg creating /var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.3.6-py3.9.egg Extracting wazuh-4.3.6-py3.9.egg to /var/ossec/framework/python/lib/python3.9/site-packages Adding wazuh 4.3.6 to easy-install.pth file Installed /var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.3.6-py3.9.egg Processing dependencies for wazuh==4.3.6 Finished processing dependencies for wazuh==4.3.6 chown -R root:wazuh /var/ossec/framework/python chmod -R o=- /var/ossec/framework/python cd ../api && /var/ossec/framework/python/bin/python3 setup.py clean --all install --prefix=/var/ossec/framework/python running clean 'build/lib' does not exist -- can't clean it 'build/bdist.linux-x86_64' does not exist -- can't clean it 'build/scripts-3.9' does not exist -- can't clean it running install running bdist_egg running egg_info creating api.egg-info writing api.egg-info/PKG-INFO writing dependency_links to api.egg-info/dependency_links.txt writing top-level names to api.egg-info/top_level.txt writing manifest file 'api.egg-info/SOURCES.txt' reading manifest file 'api.egg-info/SOURCES.txt' writing manifest file 'api.egg-info/SOURCES.txt' installing library code to build/bdist.linux-x86_64/egg running install_lib running build_py creating build creating build/lib creating build/lib/api copying api/__init__.py -> build/lib/api copying api/alogging.py -> build/lib/api copying api/api_exception.py -> build/lib/api copying api/authentication.py -> build/lib/api copying api/configuration.py -> build/lib/api copying api/constants.py -> build/lib/api copying api/encoder.py -> build/lib/api copying api/middlewares.py -> build/lib/api copying api/signals.py -> build/lib/api copying api/uri_parser.py -> build/lib/api copying api/util.py -> build/lib/api copying api/validator.py -> build/lib/api creating build/lib/api/controllers copying api/controllers/__init__.py -> build/lib/api/controllers copying api/controllers/active_response_controller.py -> build/lib/api/controllers copying api/controllers/agent_controller.py -> build/lib/api/controllers copying api/controllers/cdb_list_controller.py -> build/lib/api/controllers copying api/controllers/ciscat_controller.py -> build/lib/api/controllers copying api/controllers/cluster_controller.py -> build/lib/api/controllers copying api/controllers/decoder_controller.py -> build/lib/api/controllers copying api/controllers/default_controller.py -> build/lib/api/controllers copying api/controllers/experimental_controller.py -> build/lib/api/controllers copying api/controllers/logtest_controller.py -> build/lib/api/controllers copying api/controllers/manager_controller.py -> build/lib/api/controllers copying api/controllers/mitre_controller.py -> build/lib/api/controllers copying api/controllers/overview_controller.py -> build/lib/api/controllers copying api/controllers/rootcheck_controller.py -> build/lib/api/controllers copying api/controllers/rule_controller.py -> build/lib/api/controllers copying api/controllers/sca_controller.py -> build/lib/api/controllers copying api/controllers/security_controller.py -> build/lib/api/controllers copying api/controllers/syscheck_controller.py -> build/lib/api/controllers copying api/controllers/syscollector_controller.py -> build/lib/api/controllers copying api/controllers/task_controller.py -> build/lib/api/controllers copying api/controllers/vulnerability_controller.py -> build/lib/api/controllers creating build/lib/api/models copying api/models/__init__.py -> build/lib/api/models copying api/models/active_response_model.py -> build/lib/api/models copying api/models/agent_added_model.py -> build/lib/api/models copying api/models/agent_inserted_model.py -> build/lib/api/models copying api/models/base_model_.py -> build/lib/api/models copying api/models/basic_info_model.py -> build/lib/api/models copying api/models/configuration_model.py -> build/lib/api/models copying api/models/group_added_model.py -> build/lib/api/models copying api/models/logtest_model.py -> build/lib/api/models copying api/models/security_model.py -> build/lib/api/models copying api/models/security_token_response_model.py -> build/lib/api/models creating build/lib/api/spec copying api/spec/spec.yaml -> build/lib/api/spec creating build/bdist.linux-x86_64 creating build/bdist.linux-x86_64/egg creating build/bdist.linux-x86_64/egg/api copying build/lib/api/__init__.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/alogging.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/api_exception.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/authentication.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/configuration.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/constants.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/encoder.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/middlewares.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/signals.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/uri_parser.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/util.py -> build/bdist.linux-x86_64/egg/api copying build/lib/api/validator.py -> build/bdist.linux-x86_64/egg/api creating build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/__init__.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/active_response_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/agent_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/cdb_list_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/ciscat_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/cluster_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/decoder_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/default_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/experimental_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/logtest_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/manager_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/mitre_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/overview_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/rootcheck_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/rule_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/sca_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/security_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/syscheck_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/syscollector_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/task_controller.py -> build/bdist.linux-x86_64/egg/api/controllers copying build/lib/api/controllers/vulnerability_controller.py -> build/bdist.linux-x86_64/egg/api/controllers creating build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/__init__.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/active_response_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/agent_added_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/agent_inserted_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/base_model_.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/basic_info_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/configuration_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/group_added_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/logtest_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/security_model.py -> build/bdist.linux-x86_64/egg/api/models copying build/lib/api/models/security_token_response_model.py -> build/bdist.linux-x86_64/egg/api/models creating build/bdist.linux-x86_64/egg/api/spec copying build/lib/api/spec/spec.yaml -> build/bdist.linux-x86_64/egg/api/spec byte-compiling build/bdist.linux-x86_64/egg/api/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/alogging.py to alogging.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/api_exception.py to api_exception.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/authentication.py to authentication.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/configuration.py to configuration.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/constants.py to constants.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/encoder.py to encoder.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/middlewares.py to middlewares.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/signals.py to signals.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/uri_parser.py to uri_parser.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/util.py to util.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/validator.py to validator.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/active_response_controller.py to active_response_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/agent_controller.py to agent_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/cdb_list_controller.py to cdb_list_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/ciscat_controller.py to ciscat_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/cluster_controller.py to cluster_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/decoder_controller.py to decoder_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/default_controller.py to default_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/experimental_controller.py to experimental_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/logtest_controller.py to logtest_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/manager_controller.py to manager_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/mitre_controller.py to mitre_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/overview_controller.py to overview_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/rootcheck_controller.py to rootcheck_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/rule_controller.py to rule_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/sca_controller.py to sca_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/security_controller.py to security_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/syscheck_controller.py to syscheck_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/syscollector_controller.py to syscollector_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/task_controller.py to task_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/controllers/vulnerability_controller.py to vulnerability_controller.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/__init__.py to __init__.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/active_response_model.py to active_response_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/agent_added_model.py to agent_added_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/agent_inserted_model.py to agent_inserted_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/base_model_.py to base_model_.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/basic_info_model.py to basic_info_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/configuration_model.py to configuration_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/group_added_model.py to group_added_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/logtest_model.py to logtest_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/security_model.py to security_model.cpython-39.pyc byte-compiling build/bdist.linux-x86_64/egg/api/models/security_token_response_model.py to security_token_response_model.cpython-39.pyc creating build/bdist.linux-x86_64/egg/EGG-INFO copying api.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO copying api.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying api.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying api.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO copying api.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO creating dist creating 'dist/api-4.3.6-py3.9.egg' and adding 'build/bdist.linux-x86_64/egg' to it removing 'build/bdist.linux-x86_64/egg' (and everything under it) Processing api-4.3.6-py3.9.egg creating /var/ossec/framework/python/lib/python3.9/site-packages/api-4.3.6-py3.9.egg Extracting api-4.3.6-py3.9.egg to /var/ossec/framework/python/lib/python3.9/site-packages Adding api 4.3.6 to easy-install.pth file Installed /var/ossec/framework/python/lib/python3.9/site-packages/api-4.3.6-py3.9.egg Processing dependencies for api==4.3.6 Finished processing dependencies for api==4.3.6 cd ../tools/mitre && /var/ossec/framework/python/bin/python3 mitredb.py -d /var/ossec/var/db/mitre.db Generating self-signed certificate for wazuh-authd... Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. Starting Wazuh... server - Configuration finished properly. - To start Wazuh: /var/ossec/bin/wazuh-control start - To stop Wazuh: /var/ossec/bin/wazuh-control stop - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf Thanks for using Wazuh. Please don't hesitate to contact us if you need help or find any bugs. Use our public Mailing List at: https://groups.google.com/forum/#!forum/wazuh More information can be found at: - http://www.wazuh.com --- Press ENTER to finish (maybe more information below). --- - In order to connect agent and server, you need to add each agent to the server. More information at: https://documentation.wazuh.com/ # ```

🟡 The script will start the wazuh-manager service by default, but we do not include instructions to check if the service is running. I have modified the command to check if it was running and it was.

``` [root@server wazuh-4.3.6-rc1]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2022-07-18 21:03:40 UTC; 1min 3s ago Process: 47441 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 174 (limit: 49487) Memory: 523.0M CGroup: /system.slice/wazuh-manager.service ├─47500 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─47542 /var/ossec/bin/wazuh-authd ├─47556 /var/ossec/bin/wazuh-db ├─47581 /var/ossec/bin/wazuh-execd ├─47593 /var/ossec/bin/wazuh-analysisd ├─47603 /var/ossec/bin/wazuh-syscheckd ├─47707 /var/ossec/bin/wazuh-remoted ├─47734 /var/ossec/bin/wazuh-logcollector ├─47745 /var/ossec/bin/wazuh-monitord ├─47755 /var/ossec/bin/wazuh-modulesd ├─48191 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py └─48194 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py [root@server wazuh-4.3.6-rc1]# ```

Installing other components

🟡 The documentation refereces other guide, but it is not clear what steps the user should follow. For example to install filebeat we need to also set up the wazuh repositories.

Filebeat installation

``` # rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH # echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-$releasever - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 # yum -y install filebeat EL-8 - Wazuh 2.8 MB/s | 9.4 MB 00:03 Last metadata expiration check: 0:00:03 ago on Mon 18 Jul 2022 09:15:41 PM UTC. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ======================================================================================================================== Install 1 Package Total download size: 21 M Installed size: 70 M # Wazuh - Filebeat configuration file Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 7.8 MB/s | 21 MB 00:02 ------------------------------------------------------------------------------------------------------------------------ Total 7.8 MB/s | 21 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat-7.10.2-1.x86_64 Complete! # curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.3/tpl/wazuh/filebeat/filebeat.yml # vim /etc/filebeat/filebeat.yml # cat /etc/filebeat/filebeat.yml # Wazuh - Filebeat configuration file output.elasticsearch: hosts: ["172.26.19.181:9200"] protocol: https username: ${username} password: ${password} ssl.certificate_authorities: - /etc/filebeat/certs/root-ca.pem ssl.certificate: "/etc/filebeat/certs/filebeat.pem" ssl.key: "/etc/filebeat/certs/filebeat-key.pem" setup.template.json.enabled: true setup.template.json.path: '/etc/filebeat/wazuh-template.json' setup.template.json.name: 'wazuh' setup.ilm.overwrite: true setup.ilm.enabled: false filebeat.modules: - module: wazuh alerts: enabled: true archives: enabled: false logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644 # filebeat keystore create Created filebeat keystore # echo admin | filebeat keystore add username --stdin --force ho admin | filebeat keystore add password --stdin --forceSuccessfully updated the keystore # echo admin | filebeat keystore add password --stdin --force Successfully updated the keystore # curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json d go+r /etc/filebeat/wazuh-template.json# chmod go+r /etc/filebeat/wazuh-template.json # curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/module.yml # NODE_NAME=server # cd /wz # ls wazuh-4.3.5 wazuh-4.3.6-rc1 wazuh-certificates.tar # mkdir /etc/filebeat/certs r -xf ./wazuh-certificates.tar # tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/f# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem -n /etc/filebeat/certs/$N# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem tc/filebeat/certs chmod 400 /# chmod 500 /etc/filebeat/certs etc/filebeat/# chmod 400 /etc/filebeat/certs/* -R root:root # chown -R root:root /etc/filebeat/certs # ls -l /etc/filebeat/certs/ total 12 -r--------. 1 root root 1704 Jul 18 18:42 filebeat-key.pem -r--------. 1 root root 1233 Jul 18 18:42 filebeat.pem -r--------. 1 root root 1204 Jul 18 18:42 root-ca.pem # systemctl daemon-reload systemctl enable filebeat systemctl start filebeat# systemctl enable filebeat Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. # systemctl start filebeat # # systeemctl status filebeat -bash: systeemctl: command not found # systemctl status filebeat ● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch. Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2022-07-18 21:19:06 UTC; 16s ago Docs: https://www.elastic.co/products/beats/filebeat Main PID: 50190 (filebeat) Tasks: 13 (limit: 49487) Memory: 18.0M CGroup: /system.slice/filebeat.service └─50190 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /us> Jul 18 21:19:06 server systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch.. # ```

Agent

Following the documentation to install from sources.

🟡 When installing dependencies, if you copy & paste the whole block of commands won't work appropriately, as the first command does not have a -y option. This makes the command ask for user input, so it does not execute the other pasted commands.

In this case, the CMake installation is not optional.

Built from sources using the provided script. (output elided due to size)

Enrolling the agent manually, following the documentation.

🟡 Because the enrollment is separated into two stages, we might want to tell the user to save the key which was just obtained for the next step, right when the key is obtained, in addition to the general process.

``` # TOKEN=$(curl -u wazuh:wazuh -k -X GET "https://172.26.31.140:55000/security/user/authentic ate?raw=true") % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 398 100 398 0 0 1220 0 --:--:-- --:--:-- --:--:-- 1217 # echo $TOKEN eyJh...........OOSYwO # curl -k -X POST -d '{"name":"agent"}' "https://172.26.31.140:55000/agents?pretty=true" -H "Content-Type:application/json" -H "Authorization: Bearer $TOKEN" { "data": { "id": "001", "key": "MD........mEx" }, "error": 0 }# /var/ossec/bin/manage_agents -i MD.........mEx Agent information: ID:001 Name:agent IP Address:any Confirm adding it?(y/n): y Added. # cat /var/ossec/etc/ossec.conf

172.26.31.140

1514 tcp

centos, centos8, centos8.5

yes aes no 5000 500 no yes yes yes yes yes yes yes 43200 etc/shared/rootkit_files.txt etc/shared/rootkit_trojans.txt yes yes 1800 1d

yes

wodles/java wodles/ciscat yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes no 1h yes yes yes yes yes yes yes 10 yes yes 12h yes no 43200 yes /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 100 yes 5m 1h 10 audit /var/log/audit/audit.log syslog /var/ossec/logs/active-responses.log syslog /var/log/messages syslog /var/log/secure syslog /var/log/maillog command df -P 360 full_command netstat -tulpn | sed 's/$[[:alnum:]]\+$\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+$.*$:$[[:digit:]]*$\ \+$[0-9\.\:\*]\+$.\+\ $[[:digit:]]*\/[[:alnum:]\-]*$.*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == $.*$ ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360

no etc/wpk_root.pem yes

plain # systemctl restart wazuh-agent # systemctl status wazuh-agent ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2022-07-18 21:41:30 UTC; 10s ago Process: 42632 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 39 (limit: 49487) Memory: 341.1M CGroup: /system.slice/wazuh-agent.service ├─43287 /var/ossec/bin/wazuh-execd ├─43296 /var/ossec/bin/wazuh-agentd ├─43313 /var/ossec/bin/wazuh-syscheckd ├─43327 /var/ossec/bin/wazuh-logcollector ├─43342 /var/ossec/bin/wazuh-modulesd ├─43931 sh -c /bin/ps -p 669 > /dev/null 2>&1 └─43932 /bin/ps -p 669 Jul 18 21:41:25 agent systemd[1]: Starting Wazuh agent... Jul 18 21:41:25 agent env[42632]: Starting Wazuh v4.3.6... Jul 18 21:41:25 agent env[42632]: Started wazuh-execd... Jul 18 21:41:26 agent env[42632]: Started wazuh-agentd... ```

Dashboard

Installation using the step-by-step guide.

I have modified the install commands to use the pre-release packages.

``` # cp /home/vagrant/wazuh-certificates.tar . # clear # yum install libcap Last metadata expiration check: 0:36:02 ago on Tue 19 Jul 2022 06:13:42 AM UTC. Package libcap-2.26-5.el8.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! # rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH # echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-$releasever - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 # yum -y install wazuh-dashboard EL-8 - Wazuh 2.6 MB/s | 9.4 MB 00:03 Last metadata expiration check: 0:00:04 ago on Tue 19 Jul 2022 06:50:49 AM UTC. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: wazuh-dashboard x86_64 4.3.6-1 wazuh 150 M Transaction Summary ======================================================================================================================== Install 1 Package Total download size: 150 M Installed size: 588 M Downloading Packages: wazuh-dashboard-4.3.6-1.x86_64.rpm 21 MB/s | 150 MB 00:07 ------------------------------------------------------------------------------------------------------------------------ Total 21 MB/s | 150 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.3.6-1.x86_64 1/1 Installing : wazuh-dashboard-4.3.6-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.3.6-1.x86_64 1/1 Verifying : wazuh-dashboard-4.3.6-1.x86_64 1/1 Installed: wazuh-dashboard-4.3.6-1.x86_64 Complete! # ```

Configuring wazuh-dashboard

``` # vi /etc/wazuh-dashboard/opensearch_dashboards.yml # cat /etc/wazuh-dashboard/opensearch_dashboards.yml server.host: 0.0.0.0 server.port: 443 opensearch.hosts: https://172.26.19.181:9200 opensearch.ssl.verificationMode: certificate #opensearch.username: #opensearch.password: opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem" server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem" opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] uiSettings.overrides.defaultRoute: /app/wazuh # NODE_NAME=dashboard # mkdir /etc/wazuh-dashboard/certs -xf ./wazuh-certificates.tar -# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem v -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem chmod 500 /etc/wazuh-dashboard/certs chmod 400 /etc/wazuh-dashboard/certs/* chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem # mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem # chmod 500 /etc/wazuh-dashboard/certs # chmod 400 /etc/wazuh-dashboard/certs/* # chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs # ls /etc/wazuh-dashboard/certs/ dashboard-key.pem dashboard.pem root-ca.pem # systemctl daemon-reload systemctl enable wazuh-dashboard systemctl start wazuh-dashboard# systemctl enable wazuh-dashboard Synchronizing state of wazuh-dashboard.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-dashboard Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. # systemctl start wazuh-dashboard # systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2022-07-19 06:55:01 UTC; 10s ago Main PID: 74578 (node) Tasks: 11 (limit: 49487) Memory: 165.9M CGroup: /system.slice/wazuh-dashboard.service └─74578 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandl> Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info> Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info> Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info> Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info> Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["info> Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["info> Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["list> Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["info> Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["erro> Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["erro> # ```

Only for distributed deployments

``` # vim /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml # tail -n 8 /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml # run_as: hosts: - default: url: https://172.26.31.140 port: 55000 username: wazuh-wui password: wazuh-wui run_as: false ```

wazuh / wazuh