Duplicated `ca_store` in RPM package when upgrading (rpmnew)

[rauldpm]

Description

Testing the 4.8.1 -> 4.9.0 AIX upgrade, I found a possible error in the ossec.conf file generated, as it is duplicating the ca_store tag of the active_response block

The rpmnew file is the new package file saved as .rpmnew so the current ossec.conf is not overwritten if modified

How-To

1. Install 4.8.1 RPM agent
2. Modify the ossec.conf
3. Install 4.9.0 RPM agent
4. Check the /var/ossec/etc/ossec.conf.rpmnew file

  <!-- Active response -->
  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_store>/path/to/my_cert.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

This has been reproduced using an RPM Wazuh agent and the AIX package, the DEB packages should be checked too.

A fresh RPM 4.9.0 install has the following content

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Related

• https://github.com/wazuh/wazuh/issues/24722#issuecomment-2243834311

[vikman90]

@rauldpm I've reproduced that in AlmaLinux 9:

Clean 4.8.1

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Upgrade to 4.9.0

rpmnew

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_store>/path/to/my_cert.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

ossec.conf

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Clean 4.9.0

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Clean 4.8.0

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Upgrade to 4.8.1

  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Clean 4.9.0 from sources

  <!-- Active response -->
  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_store>/path/to/my_cert.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

Rationale

The behavior regarding the content of ossec.conf file is correct.

What we need to figure out is why the 4.9.0 package is leaving an "rpmsave" file on upgrade.

SPEC diff from 4.8.1 to 4.9.0

```diff diff --git a/rpms/SPECS/wazuh-agent.spec b/../wazuh/packages/rpms/SPECS/wazuh-agent.spec index 544be1a28..eddae2b98 100644 --- a/rpms/SPECS/wazuh-agent.spec +++ b/../wazuh/packages/rpms/SPECS/wazuh-agent.spec @@ -5,9 +5,15 @@ %define __strip /bin/true %endif +%if %{_isstage} == no + %define _rpmfilename %%{NAME}_%%{VERSION}-%%{RELEASE}_%%{ARCH}_%{_hashcommit}.rpm +%else + %define _rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm +%endif + Summary: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring Name: wazuh-agent -Version: 4.8.1 +Version: %{_version} Release: %{_release} License: GPL Group: System Environment/Daemons @@ -49,7 +55,7 @@ make clean make deps TARGET=agent make -j%{_threads} TARGET=agent USE_SELINUX=yes DEBUG=%{_debugenabled} %else - %ifnarch x86_64 + %ifnarch amd64 MSGPACK="USE_MSGPACK_OPT=no" %endif deps_version=`cat Makefile | grep "DEPS_VERSION =" | cut -d " " -f 3` @@ -103,19 +109,23 @@ rm -f ${RPM_BUILD_ROOT}%{_localstatedir}/ruleset/sca/* # Install configuration assesment files and files templates mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/{generic} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2,2023} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/{8,7,6,5} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/{9} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/{9,8,7,6,5} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/{11,12,15} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/{11,12} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/{29,30,31,32,33,34} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/{8,9} +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/{8,9} -cp -r ruleset/sca/{generic,centos,rhel,sles,amazon} ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp +cp -r ruleset/sca/{generic,centos,rhel,ol,sles,amazon,rocky,almalinux} ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp cp etc/templates/config/generic/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic cp etc/templates/config/amzn/1/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1 cp etc/templates/config/amzn/2/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 +cp etc/templates/config/amzn/2023/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 cp etc/templates/config/centos/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos cp etc/templates/config/centos/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8 @@ -123,6 +133,8 @@ cp etc/templates/config/centos/7/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tm cp etc/templates/config/centos/6/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/6 cp etc/templates/config/centos/5/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5 +cp etc/templates/config/ol/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/9 + cp etc/templates/config/rhel/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel cp etc/templates/config/rhel/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/9 cp etc/templates/config/rhel/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/8 @@ -147,6 +159,11 @@ cp etc/templates/config/fedora/32/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/t cp etc/templates/config/fedora/33/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/33 cp etc/templates/config/fedora/34/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/34 +cp etc/templates/config/almalinux/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/8 +cp etc/templates/config/almalinux/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/9 + +cp etc/templates/config/rocky/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/8 +cp etc/templates/config/rocky/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/9 # Add configuration scripts mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/ @@ -194,6 +211,11 @@ fi # Stop the services to upgrade the package if [ $1 = 2 ]; then + if [ ! -d "%{_localstatedir}" ]; then + echo "Error: Directory %{_localstatedir} does not exist. Cannot perform upgrade" >&2 + exit 1 + fi + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then systemctl stop wazuh-agent.service > /dev/null 2>&1 touch %{_localstatedir}/tmp/wazuh.restart @@ -258,10 +280,16 @@ rm -f %{_localstatedir}/etc/shared/*.rpmnew if [ -r "/etc/almalinux-release" ]; then DIST_NAME=almalinux DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.*[0-9]{0,2}.*/\1/p' /etc/almalinux-release` +#Rocky +elif [ -r "/etc/rocky-release" ]; then + DIST_NAME=rocky + DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.*[0-9]{0,2}.*/\1/p' /etc/rocky-release` # CentOS elif [ -r "/etc/centos-release" ]; then if grep -q "AlmaLinux" /etc/centos-release; then DIST_NAME=almalinux + elif grep -q "Rocky" /etc/centos-release; then + DIST_NAME=almalinux else DIST_NAME="centos" fi @@ -270,10 +298,16 @@ elif [ -r "/etc/centos-release" ]; then elif [ -r "/etc/fedora-release" ]; then DIST_NAME="fedora" DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.*[0-9]{0,2}.*/\1/p' /etc/fedora-release` +# Oracle Linux +elif [ -r "/etc/oracle-release" ]; then + DIST_NAME="ol" + DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.*[0-9]{0,2}.*/\1/p' /etc/oracle-release` # RedHat elif [ -r "/etc/redhat-release" ]; then if grep -q "AlmaLinux" /etc/redhat-release; then DIST_NAME=almalinux + elif grep -q "Rocky" /etc/redhat-release; then + DIST_NAME=almalinux elif grep -q "CentOS" /etc/redhat-release; then DIST_NAME="centos" else @@ -296,7 +330,7 @@ elif [ -r "/etc/os-release" ]; then if [ "X$DIST_VER" = "X" ]; then DIST_VER="0" fi - if [ "$DIST_NAME" = "amzn" ] && [ "$DIST_VER" != "2" ]; then + if [ "$DIST_NAME" = "amzn" ] && [ "$DIST_VER" != "2" ] && [ "$DIST_VER" != "2023" ]; then DIST_VER="1" fi DIST_SUBVER=$(echo $VERSION_ID | sed -rn 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p') @@ -312,8 +346,8 @@ SCA_DIR="${DIST_NAME}/${DIST_VER}" SCA_BASE_DIR="%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp" mkdir -p %{_localstatedir}/ruleset/sca -SCA_TMP_DIR="${SCA_BASE_DIR}/${SCA_DIR}" +SCA_TMP_DIR="${SCA_BASE_DIR}/${SCA_DIR}" # Install the configuration files needed for this hosts if [ -r "${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/${DIST_SUBVER}/sca.files" ]; then SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/${DIST_SUBVER}" @@ -326,7 +360,6 @@ else fi SCA_TMP_FILE="${SCA_TMP_DIR}/sca.files" - if [ -r ${SCA_TMP_FILE} ]; then rm -f %{_localstatedir}/ruleset/sca/* || true @@ -424,8 +457,28 @@ fi %postun -# If the package is been uninstalled -if [ $1 = 0 ];then +DELETE_WAZUH_USER_AND_GROUP=0 + +# If the upgrade downgrades to earlier versions, it will create the ossec +# group and user, we need to delete wazuh ones +if [ $1 = 1 ]; then + if command -v %{_localstatedir}/bin/ossec-control > /dev/null 2>&1; then + find %{_localstatedir} -group wazuh -exec chgrp ossec {} + + find %{_localstatedir} -user wazuh -exec chown ossec {} + + DELETE_WAZUH_USER_AND_GROUP=1 + fi + + if [ ! -f %{_localstatedir}/etc/client.keys ]; then + if [ -f %{_localstatedir}/etc/client.keys.rpmsave ]; then + mv %{_localstatedir}/etc/client.keys.rpmsave %{_localstatedir}/etc/client.keys + elif [ -f %{_localstatedir}/etc/client.keys.rpmnew ]; then + mv %{_localstatedir}/etc/client.keys.rpmnew %{_localstatedir}/etc/client.keys + fi + fi +fi + +# If the package is been uninstalled or we want to delete wazuh user and group +if [ $1 = 0 ] || [ $DELETE_WAZUH_USER_AND_GROUP = 1 ]; then # Remove the wazuh user if it exists if getent passwd wazuh > /dev/null 2>&1; then userdel wazuh >/dev/null 2>&1 @@ -437,15 +490,17 @@ if [ $1 = 0 ];then groupdel wazuh >/dev/null 2>&1 fi - # Remove lingering folders and files - rm -rf %{_localstatedir}/etc/shared/ - rm -rf %{_localstatedir}/queue/ - rm -rf %{_localstatedir}/var/ - rm -rf %{_localstatedir}/bin/ - rm -rf %{_localstatedir}/logs/ - rm -rf %{_localstatedir}/backup/ - rm -rf %{_localstatedir}/ruleset/ - rm -rf %{_localstatedir}/tmp + if [ $1 = 0 ];then + # Remove lingering folders and files + rm -rf %{_localstatedir}/etc/shared/ + rm -rf %{_localstatedir}/queue/ + rm -rf %{_localstatedir}/var/ + rm -rf %{_localstatedir}/bin/ + rm -rf %{_localstatedir}/logs/ + rm -rf %{_localstatedir}/backup/ + rm -rf %{_localstatedir}/ruleset/ + rm -rf %{_localstatedir}/tmp + fi fi # posttrans code is the last thing executed in a install/upgrade @@ -551,6 +606,8 @@ rm -fr %{buildroot} %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/sca.files %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5 @@ -561,6 +618,8 @@ rm -fr %{buildroot} %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/7/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8 %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/9 +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/9/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/sca.files %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/5 @@ -590,6 +649,10 @@ rm -fr %{buildroot} %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amazon/* %dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora %attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/* +%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky +%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/* %dir %attr(1770, root, wazuh) %{_localstatedir}/tmp %dir %attr(750, root, wazuh) %{_localstatedir}/var %dir %attr(770, root, wazuh) %{_localstatedir}/var/incoming @@ -610,7 +673,9 @@ rm -fr %{buildroot} %attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud/* %changelog -* Thu Jul 18 2024 support - 4.8.1 +* Wed Jul 10 2024 support - 4.9.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html +* Wed Jun 26 2024 support - 4.8.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html * Wed Jun 12 2024 support - 4.8.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html ```

[rauldpm]

@vikman90 the .rpmnew file is a file generated by the package manager based on the changes in the system package DDBB when the original file has changed, so the new file does not overwrite it and data is lost, I think that the upgrade is not generating the correct configuration file when it not being overwritten (maybe sources?), I do not see that the SPEC file manages something about the ossec.conf generation

This behavior is also defined in the SPEC files, we have the second case here

https://kc.jetpatch.com/hc/en-us/articles/360043017992-rpmnew-and-rpmsave-handling

• If a config file is the same between the old RPM and new RPM, the installed file is left as-is
• If there are changes between the old and new RPMs, and the file is marked 'noreplace' (usually true) then it leaves the local file as is and writes the new config file to .rpmnew
• If there are changes between the old and new RPMs, and the file is not marked 'noreplace' then it moves the local file to .rpmsave and replaces it with the one from the new RPM

The v4.9.0-alpha3 SPEC file for the Wazuh agent has the following configuration

%attr(660, root, wazuh) %config(noreplace) %{_localstatedir}/etc/ossec.conf

[jotacarma90]

Update 23/07/2024

• I have been reading the active threads and the information on the issue itself.
• Trying to get into the context, tomorrow I will go in depth to reproduce the problem and look for the reason that is causing it.

[jotacarma90]

Investigation

Hello team, I have been researching and testing this behavior as much as possible.

The key is in the option already discussed by the SPECS by marking the ossec.conf file with (noreplace). This setting indicates that if during an upgrade, the file metioned is different between versions (the default file of each version must be different), when upgrading the ossec.conf file will remain the same as the initial version, and the one corresponding to the new version will be renamed with the rpmnew. This has been the case for older versions of Wazuh, as it has always been marked with the option (noreplace). I have been testing doing an upgrade from version 4.4.0 to version 4.8.0 (to make sure that the default files are different), and indeed the ossec.conf.rpmnew file appears (with the same error of the duplicated ca_store tag).

So in conclusion this issue is not new in version 4.9.0.

Here is the verbose output of a 4.4.0->4.8.0 upgrade and the ossec.conf and ossec.conf.rpmnew files:

[root@centos9stream vagrant]# rpm -i wazuh-agent-4.4.0-1.x86_64.rpm
warning: wazuh-agent-4.4.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY
[root@centos9stream vagrant]# rpm -Uvvv wazuh-agent-4.8.0-1.x86_64.rpm

config-files.zip

output

``` ufdio: 1 reads, 17654 total bytes in 0.000004 secs ufdio: 1 reads, 5653 total bytes in 0.000002 secs ufdio: 1 reads, 17654 total bytes in 0.000008 secs D: ============== wazuh-agent-4.8.0-1.x86_64.rpm D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key D: loading keyring from rpmdb D: PRAGMA secure_delete = OFF: 0 D: PRAGMA case_sensitive_like = ON: 0 D: read h# 638 Header SHA256 digest: OK Header SHA1 digest: OK D: added key gpg-pubkey-1d997668-621e3cac to keyring D: added subkey 0 of main key gpg-pubkey-1d997668-621e3cac to keyring D: read h# 641 Header SHA256 digest: OK Header SHA1 digest: OK D: added key gpg-pubkey-8483c65d-5ccc5b19 to keyring D: read h# 642 Header SHA256 digest: OK Header SHA1 digest: OK D: added key gpg-pubkey-3228467c-613798eb to keyring D: read h# 675 Header SHA256 digest: OK Header SHA1 digest: OK D: added key gpg-pubkey-50d0b1fd-6502aaab to keyring D: read h# 742 Header SHA256 digest: OK Header SHA1 digest: OK D: added key gpg-pubkey-baadae52-49beffa4 to keyring D: Using legacy gpg-pubkey(s) from rpmdb warning: wazuh-agent-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY D: wazuh-agent-4.8.0-1.x86_64.rpm: Header SHA256 digest: OK D: wazuh-agent-4.8.0-1.x86_64.rpm: Header SHA1 digest: OK ufdio: 6 reads, 77440 total bytes in 0.000041 secs D: Plugin: calling hook init in systemd_inhibit plugin D: read h# 822 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: added binary package [0] D: found 0 source and 1 binary packages D: ========== +++ wazuh-agent-4.8.0-1 x86_64/linux 0x0 D: read h# 45 Header V4 RSA/SHA256 Signature, key ID 8483c65d: OK Header SHA256 digest: OK Header SHA1 digest: OK D: Requires: /bin/sh YES (db files) D: Requires: /bin/sh YES (cached) D: Requires: /bin/sh YES (cached) D: Requires: /bin/sh YES (cached) D: Requires: /bin/sh YES (cached) D: Requires: /bin/sh YES (cached) D: read h# 94 Header V4 RSA/SHA256 Signature, key ID 8483c65d: OK Header SHA256 digest: OK Header SHA1 digest: OK D: Requires: /usr/sbin/groupadd YES (db files) D: Requires: /usr/sbin/groupdel YES (db files) D: Requires: /usr/sbin/useradd YES (db files) D: Requires: /usr/sbin/userdel YES (db files) D: read h# 120 Header V4 RSA/SHA256 Signature, key ID 8483c65d: OK Header SHA256 digest: OK Header SHA1 digest: OK D: Requires: coreutils YES (db provides) D: Requires: rpmlib(CompressedFileNames) <= 3.0.4-1 YES (rpmlib provides) D: Requires: rpmlib(FileDigests) <= 4.6.0-1 YES (rpmlib provides) D: Requires: rpmlib(PayloadFilesHavePrefix) <= 4.0-1 YES (rpmlib provides) D: Conflicts: ossec-hids NO D: Conflicts: ossec-hids-agent NO D: Conflicts: wazuh-local NO D: Conflicts: wazuh-manager NO D: ========== --- wazuh-agent-4.4.0-1 x86_64/linux 0x0 D: ========== recording tsort relations D: ========== tsorting packages (order, #predecessors, #succesors, depth) D: 0 0 0 1 +wazuh-agent-4.8.0-1.x86_64 D: 1 0 0 1 -wazuh-agent-4.4.0-1.x86_64 D: installing binary packages D: PRAGMA secure_delete = OFF: 0 D: PRAGMA case_sensitive_like = ON: 0 D: PRAGMA journal_mode = WAL: 0 D: PRAGMA wal_autocheckpoint = 0: 0 D: CREATE INDEX IF NOT EXISTS 'Name_key_idx' ON 'Name'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Basenames_key_idx' ON 'Basenames'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Basenames_hnum_idx' ON 'Basenames'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Group_key_idx' ON 'Group'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Requirename_key_idx' ON 'Requirename'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Requirename_hnum_idx' ON 'Requirename'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Providename_key_idx' ON 'Providename'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Providename_hnum_idx' ON 'Providename'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Conflictname_key_idx' ON 'Conflictname'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Conflictname_hnum_idx' ON 'Conflictname'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Obsoletename_key_idx' ON 'Obsoletename'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Obsoletename_hnum_idx' ON 'Obsoletename'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Triggername_key_idx' ON 'Triggername'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Triggername_hnum_idx' ON 'Triggername'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Dirnames_key_idx' ON 'Dirnames'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Dirnames_hnum_idx' ON 'Dirnames'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Sha1header_key_idx' ON 'Sha1header'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Filetriggername_key_idx' ON 'Filetriggername'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Filetriggername_hnum_idx' ON 'Filetriggername'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Transfiletriggername_key_idx' ON 'Transfiletriggername'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Transfiletriggername_hnum_idx' ON 'Transfiletriggername'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Recommendname_key_idx' ON 'Recommendname'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Recommendname_hnum_idx' ON 'Recommendname'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Suggestname_key_idx' ON 'Suggestname'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Suggestname_hnum_idx' ON 'Suggestname'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Supplementname_key_idx' ON 'Supplementname'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Supplementname_hnum_idx' ON 'Supplementname'(hnum ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Enhancename_key_idx' ON 'Enhancename'(key ASC): 0 D: CREATE INDEX IF NOT EXISTS 'Enhancename_hnum_idx' ON 'Enhancename'(hnum ASC): 0 D: sanity checking 2 elements D: read h# 822 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: read h# 822 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: read h# 822 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK Verifying packages... ufdio: 327 reads, 10533037 total bytes in 0.001062 secs D: Plugin: calling hook tsm_pre in selinux plugin D: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) D: Plugin: calling hook tsm_pre in systemd_inhibit plugin D: System shutdown blocked (fd 10) D: running pre-transaction scripts D: computing 685 file fingerprints Preparing packages... D: computing file dispositions ufdio: 2 reads, 1175 total bytes in 0.000009 secs ufdio: 1 reads, 0 total bytes in 0.000003 secs ufdio: 2 reads, 320 total bytes in 0.000001 secs ufdio: 2 reads, 5526 total bytes in 0.000003 secs ufdio: 2 reads, 28411 total bytes in 0.000005 secs ufdio: 2 reads, 12576 total bytes in 0.000002 secs ufdio: 2 reads, 7609 total bytes in 0.000001 secs ufdio: 2 reads, 10297 total bytes in 0.000002 secs ufdio: 2 reads, 35781 total bytes in 0.000010 secs ufdio: 2 reads, 33870 total bytes in 0.000006 secs ufdio: 2 reads, 36957 total bytes in 0.000007 secs ufdio: 2 reads, 17658 total bytes in 0.000003 secs ufdio: 2 reads, 34376 total bytes in 0.000146 secs ufdio: 2 reads, 35081 total bytes in 0.000006 secs ufdio: 2 reads, 94877 total bytes in 0.000013 secs ufdio: 2 reads, 28006 total bytes in 0.000006 secs ufdio: 2 reads, 100530 total bytes in 0.000013 secs ufdio: 3 reads, 376002 total bytes in 0.000040 secs ufdio: 2 reads, 16174 total bytes in 0.000004 secs ufdio: 2 reads, 5548 total bytes in 0.000002 secs ufdio: 2 reads, 4466 total bytes in 0.000003 secs ufdio: 2 reads, 3285 total bytes in 0.000004 secs ufdio: 2 reads, 5214 total bytes in 0.000002 secs ufdio: 2 reads, 4277 total bytes in 0.000003 secs ufdio: 2 reads, 7314 total bytes in 0.000004 secs D: /var/ossec/packages_files/agent_installation_scripts/add_localfiles.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/alerts.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/ar-commands.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/ar-definitions.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/auth.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/cluster.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/global-ar.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/global.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/header-comments.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-commands.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/apache-logs.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/audit-logs.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/ossec-logs.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/pgsql-logs.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/snort-logs.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/syslog-logs.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/logging.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/osquery.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/remote-secure.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rule_test.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rules.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.manager.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/syscheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/syscheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-ciscat.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-syscollector.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/rootcheck.agent.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/rootcheck.manager.template skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/sca.files skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/gen_ossec.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/REVISION skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/VERSION skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/adduser.sh skipped due to missingok flagD: /var/ossec/packages_files/agent_installation_scripts/src/init/darwin-addusers.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/darwin-delete-oldusers.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/darwin-init.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/delete-oldusers.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/dist-detect.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/functions.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/fw-check.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/init.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/inst-functions.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/language.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/ossec-hids-suse.init skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/pkg_installer.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/pkg_installer_mac.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/register_configure_agent.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/replace_manager_ip.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/shared.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/template-select.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/update.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/wazuh-client.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/wazuh-local.sh skipped due to missingok flag D: /var/ossec/packages_files/agent_installation_scripts/src/init/wazuh-server.sh skipped due to missingok flag D: 0x00000804 4096 25995175 7183202 rotational:-1 / ufdio: 2 reads, 207588 total bytes in 0.000024 secs ufdio: 2 reads, 236482 total bytes in 0.000023 secs ufdio: 2 reads, 30 total bytes in 0.000004 secs ufdio: 2 reads, 30 total bytes in 0.000002 secs ufdio: 2 reads, 31 total bytes in 0.000001 secs ufdio: 2 reads, 209410 total bytes in 0.000019 secs ufdio: 2 reads, 31 total bytes in 0.000002 secs ufdio: 3 reads, 262834 total bytes in 0.000022 secs ufdio: 2 reads, 31 total bytes in 0.000003 secs ufdio: 2 reads, 31 total bytes in 0.000001 secs ufdio: 2 reads, 31 total bytes in 0.000001 secs ufdio: 1 reads, 0 total bytes in 0.000001 secs ufdio: 1 reads, 0 total bytes in 0.000001 secs ufdio: 1 reads, 0 total bytes in 0.000001 secs ufdio: 1 reads, 0 total bytes in 0.000000 secs ufdio: 1 reads, 0 total bytes in 0.000001 secs ufdio: 2 reads, 1 total bytes in 0.000001 secs ufdio: 1 reads, 0 total bytes in 0.000001 secs ufdio: 2 reads, 26 total bytes in 0.000005 secs ufdio: 2 reads, 19044 total bytes in 0.000003 secs ufdio: 2 reads, 56847 total bytes in 0.000008 secs ufdio: 2 reads, 26 total bytes in 0.000003 secs ufdio: 2 reads, 210233 total bytes in 0.000019 secs ufdio: 2 reads, 26 total bytes in 0.000003 secs ufdio: 2 reads, 256697 total bytes in 0.000021 secs ufdio: 2 reads, 26 total bytes in 0.000002 secs ufdio: 2 reads, 233310 total bytes in 0.000019 secs ufdio: 2 reads, 27 total bytes in 0.000001 secs ufdio: 3 reads, 306660 total bytes in 0.000025 secs ufdio: 2 reads, 27 total bytes in 0.000002 secs ufdio: 2 reads, 27 total bytes in 0.000000 secs ufdio: 2 reads, 60600 total bytes in 0.000005 secs ufdio: 2 reads, 28 total bytes in 0.000001 secs ufdio: 2 reads, 62666 total bytes in 0.000005 secs ufdio: 2 reads, 28 total bytes in 0.000001 secs ufdio: 2 reads, 180645 total bytes in 0.000387 secs ufdio: 2 reads, 29 total bytes in 0.000004 secs ufdio: 2 reads, 29 total bytes in 0.000003 secs ufdio: 2 reads, 28 total bytes in 0.000003 secs ufdio: 2 reads, 28 total bytes in 0.000001 secs ufdio: 2 reads, 29 total bytes in 0.000001 secs D: read h# 822 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: Plugin: calling hook psm_pre in selinux plugin D: ========== +++ wazuh-agent-4.8.0-1 x86_64-linux 0x0 D: wazuh-agent-4.8.0-1.x86_64: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY D: wazuh-agent-4.8.0-1.x86_64: Header SHA256 digest: OK D: wazuh-agent-4.8.0-1.x86_64: Header SHA1 digest: OK D: install: wazuh-agent-4.8.0-1.x86_64 has 356 files D: Plugin: calling hook psm_pre in selinux plugin D: read h# 43 Header V4 RSA/SHA256 Signature, key ID 8483c65d: OK Header SHA256 digest: OK Header SHA1 digest: OK D: %prein(wazuh-agent-4.8.0-1.x86_64): scriptlet start fdio: 2 writes, 1312 total bytes in 0.000011 secs D: %prein(wazuh-agent-4.8.0-1.x86_64): execv(/bin/sh) pid 363587 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + command -v getent + getent group wazuh + getent group wazuh + getent passwd wazuh + '[' 2 = 2 ']' + command -v systemctl + systemctl + systemctl is-active --quiet wazuh-agent + command -v service + grep 'is running' + service wazuh-agent status + /var/ossec/bin/wazuh-control status + grep 'is running' + /var/ossec/bin/ossec-control status + grep 'is running' + /var/ossec/bin/ossec-control stop + /var/ossec/bin/wazuh-control stop D: %prein(wazuh-agent-4.8.0-1.x86_64): waitpid(363587) rc 363587 status 0 wazuh-agent-4.8.0-1.x86_64 D: skip 100640 1 ( 0, 991) 0 /etc/ossec-init.conf D: touch 100755 1 ( 0, 0) 1175 /etc/rc.d/init.d/wazuh-agent D: create 100644 1 ( 0, 0) 377 /usr/lib/systemd/system/wazuh-agent.service;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec D: create 040770 1 ( 0, 991) 0 /var/ossec/.ssh D: create 040750 1 ( 0, 991) 0 /var/ossec/active-response D: create 040750 1 ( 0, 991) 0 /var/ossec/active-response/bin D: create 100750 1 ( 0, 991) 21152 /var/ossec/active-response/bin/default-firewall-drop;66a0f291 D: create 100750 1 ( 0, 991) 17832 /var/ossec/active-response/bin/disable-account;66a0f291 D: create 100750 1 ( 0, 991) 21152 /var/ossec/active-response/bin/firewall-drop;66a0f291 D: create 100750 1 ( 0, 991) 18216 /var/ossec/active-response/bin/firewalld-drop;66a0f291 D: create 100750 1 ( 0, 991) 19400 /var/ossec/active-response/bin/host-deny;66a0f291 D: create 100750 1 ( 0, 991) 17400 /var/ossec/active-response/bin/ip-customblock;66a0f291 D: create 100750 1 ( 0, 991) 18008 /var/ossec/active-response/bin/ipfw;66a0f291 D: create 100750 1 ( 0, 991) 16648 /var/ossec/active-response/bin/kaspersky;66a0f291 D: create 100750 1 ( 0, 991) 14491 /var/ossec/active-response/bin/kaspersky.py;66a0f291 D: create 100750 1 ( 0, 991) 17760 /var/ossec/active-response/bin/npf;66a0f291 D: create 100750 1 ( 0, 991) 19464 /var/ossec/active-response/bin/pf;66a0f291 D: create 100750 1 ( 0, 991) 16424 /var/ossec/active-response/bin/restart-wazuh;66a0f291 D: create 100750 1 ( 0, 991) 695 /var/ossec/active-response/bin/restart.sh;66a0f291 D: create 100750 1 ( 0, 991) 17432 /var/ossec/active-response/bin/route-null;66a0f291 D: create 100750 1 ( 0, 991) 19352 /var/ossec/active-response/bin/wazuh-slack;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/agentless D: create 100750 1 ( 0, 991) 2453 /var/ossec/agentless/main.exp;66a0f291 D: create 100750 1 ( 0, 991) 2406 /var/ossec/agentless/register_host.sh;66a0f291 D: create 100750 1 ( 0, 991) 1476 /var/ossec/agentless/ssh.exp;66a0f291 D: create 100750 1 ( 0, 991) 5283 /var/ossec/agentless/ssh_asa-fwsmconfig_diff;66a0f291 D: create 100750 1 ( 0, 991) 5403 /var/ossec/agentless/ssh_foundry_diff;66a0f291 D: create 100750 1 ( 0, 991) 898 /var/ossec/agentless/ssh_generic_diff;66a0f291 D: create 100750 1 ( 0, 991) 1091 /var/ossec/agentless/ssh_integrity_check_bsd;66a0f291 D: create 100750 1 ( 0, 991) 1099 /var/ossec/agentless/ssh_integrity_check_linux;66a0f291 D: create 100750 1 ( 0, 991) 1616 /var/ossec/agentless/ssh_nopass.exp;66a0f291 D: create 100750 1 ( 0, 991) 5265 /var/ossec/agentless/ssh_pixconfig_diff;66a0f291 D: create 100750 1 ( 0, 991) 915 /var/ossec/agentless/sshlogin.exp;66a0f291 D: create 100750 1 ( 0, 991) 1381 /var/ossec/agentless/su.exp;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/backup D: create 040750 1 ( 0, 0) 0 /var/ossec/bin D: create 100750 1 ( 0, 0)237966 /var/ossec/bin/agent-auth;66a0f291 D: create 100750 1 ( 0, 0)240732 /var/ossec/bin/manage_agents;66a0f291 D: create 100750 1 ( 0, 0)804956 /var/ossec/bin/wazuh-agentd;66a0f291 D: create 100750 1 ( 0, 0) 7144 /var/ossec/bin/wazuh-control;66a0f291 D: create 100750 1 ( 0, 0)774299 /var/ossec/bin/wazuh-execd;66a0f291 D: create 100750 1 ( 0, 0)816629 /var/ossec/bin/wazuh-logcollector;66a0f291 D: create 100750 1 ( 0, 0)744322 /var/ossec/bin/wazuh-modulesd;66a0f291 D: create 100750 1 ( 0, 0)948582 /var/ossec/bin/wazuh-syscheckd;66a0f291 D: create 040770 1 ( 995, 991) 0 /var/ossec/etc D: touch 100640 1 ( 0, 991) 0 /var/ossec/etc/client.keys D: create 100640 1 ( 0, 991) 14480 /var/ossec/etc/internal_options.conf;66a0f291 D: touch 100640 1 ( 0, 991) 320 /var/ossec/etc/local_internal_options.conf D: create 100640 1 ( 0, 991) 118 /var/ossec/etc/localtime;66a0f291 D: altname 100660 1 ( 0, 991) 5185 /var/ossec/etc/ossec.conf;66a0f291 D: create 040770 1 ( 0, 991) 0 /var/ossec/etc/shared D: touch 100660 1 ( 0, 991) 28411 /var/ossec/etc/shared/cis_apache2224_rcl.txt D: touch 100660 1 ( 0, 991) 12576 /var/ossec/etc/shared/cis_debian_linux_rcl.txt D: touch 100660 1 ( 0, 991) 7609 /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt D: touch 100660 1 ( 0, 991) 10297 /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt D: touch 100660 1 ( 0, 991) 35781 /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt D: touch 100660 1 ( 0, 991) 33870 /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt D: touch 100660 1 ( 0, 991) 36957 /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt D: touch 100660 1 ( 0, 991) 17658 /var/ossec/etc/shared/cis_rhel_linux_rcl.txt D: touch 100660 1 ( 0, 991) 34376 /var/ossec/etc/shared/cis_sles11_linux_rcl.txt D: touch 100660 1 ( 0, 991) 35081 /var/ossec/etc/shared/cis_sles12_linux_rcl.txt D: touch 100660 1 ( 0, 991) 94877 /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt D: touch 100660 1 ( 0, 991) 28006 /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt D: touch 100660 1 ( 0, 991)100530 /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt D: touch 100660 1 ( 0, 991)376002 /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt D: touch 100660 1 ( 0, 991) 16174 /var/ossec/etc/shared/rootkit_files.txt D: touch 100660 1 ( 0, 991) 5548 /var/ossec/etc/shared/rootkit_trojans.txt D: touch 100660 1 ( 0, 991) 4466 /var/ossec/etc/shared/system_audit_rcl.txt D: touch 100660 1 ( 0, 991) 3285 /var/ossec/etc/shared/system_audit_ssh.txt D: touch 100660 1 ( 0, 991) 5214 /var/ossec/etc/shared/win_applications_rcl.txt D: touch 100660 1 ( 0, 991) 4277 /var/ossec/etc/shared/win_audit_rcl.txt D: touch 100660 1 ( 0, 991) 7314 /var/ossec/etc/shared/win_malware_rcl.txt D: create 100640 1 ( 0, 991) 1367 /var/ossec/etc/wpk_root.pem;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/lib D: create 100750 1 ( 0, 991)500832 /var/ossec/lib/libdbsync.so;66a0f291 D: create 100750 1 ( 0, 991)466696 /var/ossec/lib/libfimdb.so;66a0f291 D: create 100750 1 ( 0, 991)103662 /var/ossec/lib/libgcc_s.so.1;66a0f291 D: create 100750 1 ( 0, 991)381568 /var/ossec/lib/librsync.so;66a0f291 D: create 100750 1 ( 0, 991)2452662 /var/ossec/lib/libstdc++.so.6;66a0f291 D: create 100750 1 ( 0, 991)554848 /var/ossec/lib/libsyscollector.so;66a0f291 D: create 100750 1 ( 0, 991)866768 /var/ossec/lib/libsysinfo.so;66a0f291 D: create 100750 1 ( 0, 991)15762599 /var/ossec/lib/libwazuhext.so;66a0f291 D: create 100750 1 ( 0, 991)180714 /var/ossec/lib/libwazuhshared.so;66a0f291 D: create 040770 1 ( 995, 991) 0 /var/ossec/logs D: skip 100660 1 ( 995, 991) 0 /var/ossec/logs/active-responses.log D: skip 100660 1 ( 0, 991) 0 /var/ossec/logs/ossec.json D: skip 100660 1 ( 0, 991) 0 /var/ossec/logs/ossec.log D: create 040750 1 ( 995, 991) 0 /var/ossec/logs/wazuh D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts D: skip 100750 1 ( 0, 0) 696 /var/ossec/packages_files/agent_installation_scripts/add_localfiles.sh D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 31 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 31 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 31 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 31 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8/sca.files D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 31 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/sca.files D: skip 100750 1 ( 0, 0) 110 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/alerts.template D: skip 100750 1 ( 0, 0) 937 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/ar-commands.template D: skip 100750 1 ( 0, 0) 87 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/ar-definitions.template D: skip 100750 1 ( 0, 0) 533 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/auth.template D: skip 100750 1 ( 0, 0) 296 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/cluster.template D: skip 100750 1 ( 0, 0) 142 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/global-ar.template D: skip 100750 1 ( 0, 0) 632 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/global.template D: skip 100750 1 ( 0, 0) 183 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/header-comments.template D: skip 100750 1 ( 0, 0) 673 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-commands.template D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs D: skip 100750 1 ( 0, 0) 396 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/apache-logs.template D: skip 100750 1 ( 0, 0) 31 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/audit-logs.template D: skip 100750 1 ( 0, 0) 62 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/ossec-logs.template D: skip 100750 1 ( 0, 0) 109 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/pgsql-logs.template D: skip 100750 1 ( 0, 0) 27 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/snort-logs.template D: skip 100750 1 ( 0, 0) 876 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs/syslog-logs.template D: skip 100750 1 ( 0, 0) 151 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/logging.template D: skip 100750 1 ( 0, 0) 282 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/osquery.template D: skip 100750 1 ( 0, 0) 146 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/remote-secure.template D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 160 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rule_test.template D: skip 100750 1 ( 0, 0) 446 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/rules.template D: skip 100750 1 ( 0, 0) 26 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.files D: skip 100750 1 ( 0, 0) 1691 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.manager.files D: skip 100750 1 ( 0, 0) 141 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/sca.template D: skip 100750 1 ( 0, 0) 1525 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/syscheck.agent.template D: skip 100750 1 ( 0, 0) 1759 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/syscheck.manager.template D: skip 100750 1 ( 0, 0) 245 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-ciscat.template D: create 100750 1 ( 0, 0) 372 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-indexer.manager.template;66a0f291 D: skip 100750 1 ( 0, 0) 450 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-syscollector.template D: create 100750 1 ( 0, 0) 174 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-vulnerability-detection.manager.template;66a0f291 D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 26 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 26 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 26 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 27 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 27 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9/sca.files D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 27 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 28 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 593 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 28 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 29 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15/sca.files D: skip 100750 1 ( 0, 0) 29 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 28 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 593 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 28 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12/sca.files D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15 D: skip 100750 1 ( 0, 0) 585 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/rootcheck.agent.template D: skip 100750 1 ( 0, 0) 591 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/rootcheck.manager.template D: skip 100750 1 ( 0, 0) 29 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15/sca.files D: skip 100750 1 ( 0, 0) 29 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/sca.files D: skip 100750 1 ( 0, 0) 1930 /var/ossec/packages_files/agent_installation_scripts/gen_ossec.sh D: skip 100750 1 ( 0, 0) 6 /var/ossec/packages_files/agent_installation_scripts/src/REVISION D: skip 100750 1 ( 0, 0) 7 /var/ossec/packages_files/agent_installation_scripts/src/VERSION D: create 040750 1 ( 0, 0) 0 /var/ossec/packages_files/agent_installation_scripts/src/init D: skip 100750 1 ( 0, 0) 3128 /var/ossec/packages_files/agent_installation_scripts/src/init/adduser.sh D: skip 100750 1 ( 0, 0) 3058 /var/ossec/packages_files/agent_installation_scripts/src/init/darwin-addusers.sh D: skip 100750 1 ( 0, 0) 980 /var/ossec/packages_files/agent_installation_scripts/src/init/darwin-delete-oldusers.sh D: skip 100750 1 ( 0, 0) 2753 /var/ossec/packages_files/agent_installation_scripts/src/init/darwin-init.sh D: skip 100750 1 ( 0, 0) 1619 /var/ossec/packages_files/agent_installation_scripts/src/init/delete-oldusers.sh D: skip 100750 1 ( 0, 0) 4558 /var/ossec/packages_files/agent_installation_scripts/src/init/dist-detect.sh D: skip 100750 1 ( 0, 0) 320 /var/ossec/packages_files/agent_installation_scripts/src/init/functions.sh D: skip 100750 1 ( 0, 0) 865 /var/ossec/packages_files/agent_installation_scripts/src/init/fw-check.sh D: skip 100750 1 ( 0, 0) 7212 /var/ossec/packages_files/agent_installation_scripts/src/init/init.sh D: skip 100750 1 ( 0, 0) 61865 /var/ossec/packages_files/agent_installation_scripts/src/init/inst-functions.sh D: skip 100750 1 ( 0, 0) 1071 /var/ossec/packages_files/agent_installation_scripts/src/init/language.sh D: skip 100750 1 ( 0, 0) 2018 /var/ossec/packages_files/agent_installation_scripts/src/init/ossec-hids-suse.init D: skip 100750 1 ( 0, 0) 9904 /var/ossec/packages_files/agent_installation_scripts/src/init/pkg_installer.sh D: skip 100750 1 ( 0, 0) 4597 /var/ossec/packages_files/agent_installation_scripts/src/init/pkg_installer_mac.sh D: skip 100750 1 ( 0, 0) 11656 /var/ossec/packages_files/agent_installation_scripts/src/init/register_configure_agent.sh D: skip 100750 1 ( 0, 0) 1932 /var/ossec/packages_files/agent_installation_scripts/src/init/replace_manager_ip.sh D: skip 100750 1 ( 0, 0) 1684 /var/ossec/packages_files/agent_installation_scripts/src/init/shared.sh D: skip 100750 1 ( 0, 0) 1082 /var/ossec/packages_files/agent_installation_scripts/src/init/template-select.sh D: create 100750 1 ( 0, 0) 1361 /var/ossec/packages_files/agent_installation_scripts/src/init/update-indexer.sh;66a0f291 D: skip 100750 1 ( 0, 0) 16532 /var/ossec/packages_files/agent_installation_scripts/src/init/update.sh D: skip 100750 1 ( 0, 0) 7144 /var/ossec/packages_files/agent_installation_scripts/src/init/wazuh-client.sh D: skip 100750 1 ( 0, 0) 9838 /var/ossec/packages_files/agent_installation_scripts/src/init/wazuh-local.sh D: skip 100750 1 ( 0, 0) 16160 /var/ossec/packages_files/agent_installation_scripts/src/init/wazuh-server.sh D: create 040750 1 ( 0, 991) 0 /var/ossec/queue D: create 040770 1 ( 995, 991) 0 /var/ossec/queue/alerts D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/diff D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/fim D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/fim/db D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/logcollector D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/rids D: create 040770 1 ( 995, 991) 0 /var/ossec/queue/sockets D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/syscollector D: create 040750 1 ( 995, 991) 0 /var/ossec/queue/syscollector/db D: create 100640 1 ( 0, 991) 4206 /var/ossec/queue/syscollector/norm_config.json;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/ruleset D: create 040750 1 ( 0, 991) 0 /var/ossec/ruleset/sca D: create 041770 1 ( 0, 991) 0 /var/ossec/tmp D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/amazon D: create 100640 1 ( 0, 991)207513 /var/ossec/tmp/sca-4.8.0-1-tmp/amazon/cis_amazon_linux_1.yml;66a0f291 D: create 100640 1 ( 0, 991)236403 /var/ossec/tmp/sca-4.8.0-1-tmp/amazon/cis_amazon_linux_2.yml;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/1 D: create 100640 1 ( 0, 991) 30 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/1/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/2 D: create 100640 1 ( 0, 991) 30 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/2/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/centos D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/5 D: create 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/5/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/6 D: create 100640 1 ( 0, 991)209419 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/6/cis_centos6_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/6/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/7 D: create 100640 1 ( 0, 991)262843 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/7/cis_centos7_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/7/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8 D: create 100640 1 ( 0, 991)232169 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8/cis_centos8_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8/sca.files;66a0f291 D: create 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora D: create 040640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/29 D: create 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/29/sca.files;66a0f291 D: create 040640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/30 D: create 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/30/sca.files;66a0f291 D: create 040640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/31 D: create 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/31/sca.files;66a0f291 D: create 040640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/32 D: create 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/32/sca.files;66a0f291 D: create 040640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/33 D: create 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/33/sca.files;66a0f291 D: create 040640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/34 D: create 100640 1 ( 0, 991) 1 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/34/sca.files;66a0f291 D: create 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/generic D: create 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.8.0-1-tmp/generic/sca.files;66a0f291 D: create 100640 1 ( 0, 991) 19044 /var/ossec/tmp/sca-4.8.0-1-tmp/generic/sca_unix_audit.yml;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/5 D: create 100640 1 ( 0, 991) 56850 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/5/cis_rhel5_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/5/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/6 D: create 100640 1 ( 0, 991)210236 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/6/cis_rhel6_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/6/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/7 D: create 100640 1 ( 0, 991)260180 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/7/cis_rhel7_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/7/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/8 D: create 100640 1 ( 0, 991)233313 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/8/cis_rhel8_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 27 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/8/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/9 D: create 100640 1 ( 0, 991)277254 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/9/cis_rhel9_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 27 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/9/sca.files;66a0f291 D: create 100640 1 ( 0, 991) 27 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/sles D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/11 D: create 100640 1 ( 0, 991) 60607 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/11/cis_sles11_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/11/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/12 D: create 100640 1 ( 0, 991) 62673 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/12/cis_sles12_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/12/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/15 D: create 100640 1 ( 0, 991)180651 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/15/cis_sles15_linux.yml;66a0f291 D: create 100640 1 ( 0, 991) 29 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/15/sca.files;66a0f291 D: create 100640 1 ( 0, 991) 29 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/11 D: create 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/11/sca.files;66a0f291 D: create 040750 1 ( 995, 991) 0 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/12 D: create 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/12/sca.files;66a0f291 D: create 100640 1 ( 0, 991) 29 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/sca.files;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/var D: create 040770 1 ( 0, 991) 0 /var/ossec/var/incoming D: create 040770 1 ( 0, 991) 0 /var/ossec/var/run D: create 040770 1 ( 0, 991) 0 /var/ossec/var/selinux D: create 100640 1 ( 0, 991) 3199 /var/ossec/var/selinux/wazuh.pp;66a0f291 D: create 040770 1 ( 0, 991) 0 /var/ossec/var/upgrade D: create 040770 1 ( 0, 991) 0 /var/ossec/var/wodles D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles D: create 100750 1 ( 0, 991) 0 /var/ossec/wodles/__init__.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/aws D: create 100750 1 ( 0, 991) 0 /var/ossec/wodles/aws/__init__.py;66a0f291 D: create 100750 1 ( 0, 991) 9801 /var/ossec/wodles/aws/aws-s3;66a0f291 D: create 100750 1 ( 0, 991) 17232 /var/ossec/wodles/aws/aws_tools.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/aws/buckets_s3 D: create 100750 1 ( 0, 991) 462 /var/ossec/wodles/aws/buckets_s3/__init__.py;66a0f291 D: create 100750 1 ( 0, 991) 41705 /var/ossec/wodles/aws/buckets_s3/aws_bucket.py;66a0f291 D: create 100750 1 ( 0, 991) 1889 /var/ossec/wodles/aws/buckets_s3/cloudtrail.py;66a0f291 D: create 100750 1 ( 0, 991) 8844 /var/ossec/wodles/aws/buckets_s3/config.py;66a0f291 D: create 100750 1 ( 0, 991) 4353 /var/ossec/wodles/aws/buckets_s3/guardduty.py;66a0f291 D: create 100750 1 ( 0, 991) 5729 /var/ossec/wodles/aws/buckets_s3/load_balancers.py;66a0f291 D: create 100750 1 ( 0, 991) 9254 /var/ossec/wodles/aws/buckets_s3/server_access.py;66a0f291 D: create 100750 1 ( 0, 991) 2718 /var/ossec/wodles/aws/buckets_s3/umbrella.py;66a0f291 D: create 100750 1 ( 0, 991) 11310 /var/ossec/wodles/aws/buckets_s3/vpcflow.py;66a0f291 D: create 100750 1 ( 0, 991) 2897 /var/ossec/wodles/aws/buckets_s3/waf.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/aws/services D: create 100750 1 ( 0, 991) 166 /var/ossec/wodles/aws/services/__init__.py;66a0f291 D: create 100750 1 ( 0, 991) 6109 /var/ossec/wodles/aws/services/aws_service.py;66a0f291 D: create 100750 1 ( 0, 991) 24429 /var/ossec/wodles/aws/services/cloudwatchlogs.py;66a0f291 D: create 100750 1 ( 0, 991) 6909 /var/ossec/wodles/aws/services/inspector.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/aws/subscribers D: create 100750 1 ( 0, 991) 201 /var/ossec/wodles/aws/subscribers/__init__.py;66a0f291 D: create 100750 1 ( 0, 991) 10502 /var/ossec/wodles/aws/subscribers/s3_log_handler.py;66a0f291 D: create 100750 1 ( 0, 991) 1825 /var/ossec/wodles/aws/subscribers/sqs_message_processor.py;66a0f291 D: create 100750 1 ( 0, 991) 6214 /var/ossec/wodles/aws/subscribers/sqs_queue.py;66a0f291 D: create 100750 1 ( 0, 991) 22966 /var/ossec/wodles/aws/wazuh_integration.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/azure D: create 100750 1 ( 0, 991) 38690 /var/ossec/wodles/azure/azure-logs;66a0f291 D: create 100750 1 ( 0, 991) 10097 /var/ossec/wodles/azure/orm.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/docker D: create 100750 1 ( 0, 991) 5111 /var/ossec/wodles/docker/DockerListener;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/gcloud D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/gcloud/buckets D: create 100750 1 ( 0, 991) 1870 /var/ossec/wodles/gcloud/buckets/access_logs.py;66a0f291 D: create 100750 1 ( 0, 991) 12735 /var/ossec/wodles/gcloud/buckets/bucket.py;66a0f291 D: create 100750 1 ( 0, 991) 4704 /var/ossec/wodles/gcloud/exceptions.py;66a0f291 D: create 100750 1 ( 0, 991) 4513 /var/ossec/wodles/gcloud/gcloud;66a0f291 D: create 100750 1 ( 0, 991) 3119 /var/ossec/wodles/gcloud/integration.py;66a0f291 D: create 040750 1 ( 0, 991) 0 /var/ossec/wodles/gcloud/pubsub D: create 100750 1 ( 0, 991) 6085 /var/ossec/wodles/gcloud/pubsub/subscriber.py;66a0f291 D: create 100750 1 ( 0, 991) 4420 /var/ossec/wodles/gcloud/tools.py;66a0f291 D: create 100750 1 ( 0, 991) 3567 /var/ossec/wodles/utils.py;66a0f291 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /etc/rc.d/init.d/wazuh-agent, system_u:object_r:initrc_exec_t:s0) fdio: 1 writes, 377 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /usr/lib/systemd/system/wazuh-agent.service;66a0f291, system_u:object_r:systemd_unit_file_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/.ssh, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/active-response/bin, system_u:object_r:var_t:s0) fdio: 1 writes, 21152 total bytes in 0.000023 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/default-firewall-drop;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 17832 total bytes in 0.000016 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/disable-account;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 21152 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/firewall-drop;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 18216 total bytes in 0.000016 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/firewalld-drop;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 19400 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/host-deny;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 17400 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/ip-customblock;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 18008 total bytes in 0.000035 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/ipfw;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 16648 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/kaspersky;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 14491 total bytes in 0.000010 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/kaspersky.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 17760 total bytes in 0.000012 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/npf;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 19464 total bytes in 0.000012 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/pf;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 16424 total bytes in 0.000041 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/restart-wazuh;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 695 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/restart.sh;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 17432 total bytes in 0.000015 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/route-null;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 19352 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/active-response/bin/wazuh-slack;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/agentless, system_u:object_r:var_t:s0) fdio: 1 writes, 2453 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/main.exp;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 2406 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/register_host.sh;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1476 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh.exp;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 5283 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_asa-fwsmconfig_diff;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 5403 total bytes in 0.000008 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_foundry_diff;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 898 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_generic_diff;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1091 total bytes in 0.000004 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_integrity_check_bsd;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1099 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_integrity_check_linux;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1616 total bytes in 0.000004 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_nopass.exp;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 5265 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/ssh_pixconfig_diff;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 915 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/sshlogin.exp;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1381 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/agentless/su.exp;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/backup, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/bin, system_u:object_r:var_t:s0) fdio: 8 writes, 237966 total bytes in 0.000130 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/agent-auth;66a0f291, system_u:object_r:var_t:s0) fdio: 8 writes, 240732 total bytes in 0.000126 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/manage_agents;66a0f291, system_u:object_r:var_t:s0) fdio: 25 writes, 804956 total bytes in 0.000428 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/wazuh-agentd;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 7144 total bytes in 0.000010 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/wazuh-control;66a0f291, system_u:object_r:var_t:s0) fdio: 24 writes, 774299 total bytes in 0.000433 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/wazuh-execd;66a0f291, system_u:object_r:var_t:s0) fdio: 25 writes, 816629 total bytes in 0.000477 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/wazuh-logcollector;66a0f291, system_u:object_r:var_t:s0) fdio: 23 writes, 744322 total bytes in 0.000366 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/wazuh-modulesd;66a0f291, system_u:object_r:var_t:s0) fdio: 29 writes, 948582 total bytes in 0.000531 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/bin/wazuh-syscheckd;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/client.keys, system_u:object_r:var_t:s0) fdio: 1 writes, 14480 total bytes in 0.000020 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/internal_options.conf;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/local_internal_options.conf, system_u:object_r:var_t:s0) fdio: 1 writes, 118 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/localtime;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 5185 total bytes in 0.000011 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/ossec.conf;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/shared, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_apache2224_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_debian_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_rhel_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_sles11_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_sles12_linux_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/rootkit_files.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/rootkit_trojans.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/system_audit_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/system_audit_ssh.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/win_applications_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/win_audit_rcl.txt, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/etc/shared/win_malware_rcl.txt, system_u:object_r:var_t:s0) fdio: 1 writes, 1367 total bytes in 0.000015 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/etc/wpk_root.pem;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/lib, system_u:object_r:var_t:s0) fdio: 16 writes, 500832 total bytes in 0.000333 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libdbsync.so;66a0f291, system_u:object_r:var_t:s0) fdio: 15 writes, 466696 total bytes in 0.000278 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libfimdb.so;66a0f291, system_u:object_r:var_t:s0) fdio: 4 writes, 103662 total bytes in 0.000057 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libgcc_s.so.1;66a0f291, system_u:object_r:var_t:s0) fdio: 12 writes, 381568 total bytes in 0.000250 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/librsync.so;66a0f291, system_u:object_r:var_t:s0) fdio: 75 writes, 2452662 total bytes in 0.001237 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libstdc++.so.6;66a0f291, system_u:object_r:var_t:s0) fdio: 17 writes, 554848 total bytes in 0.000311 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libsyscollector.so;66a0f291, system_u:object_r:var_t:s0) fdio: 27 writes, 866768 total bytes in 0.000614 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libsysinfo.so;66a0f291, system_u:object_r:var_t:s0) fdio: 482 writes, 15762599 total bytes in 0.009039 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libwazuhext.so;66a0f291, system_u:object_r:var_t:s0) fdio: 6 writes, 180714 total bytes in 0.000290 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/lib/libwazuhshared.so;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/logs, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/logs/wazuh, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/etc/templates, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/5, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/6, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/7, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/centos/8, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/localfile-logs, system_u:object_r:var_t:s0) fdio: 1 writes, 372 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-indexer.manager.template;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 174 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/generic/wodle-vulnerability-detection.manager.template;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/5, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/6, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/7, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/8, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/rhel/9, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/11, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/12, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/sles/15, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/11, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/12, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/etc/templates/config/suse/15, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/src, system_u:object_r:var_t:s0) D: /var/ossec/packages_files/agent_installation_scripts/src directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/packages_files/agent_installation_scripts/src/init, system_u:object_r:var_t:s0) fdio: 1 writes, 1361 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/packages_files/agent_installation_scripts/src/init/update-indexer.sh;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/queue, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/alerts, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/diff, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/fim, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/queue/fim/db, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/logcollector, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/rids, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/sockets, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/queue/syscollector, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/queue/syscollector/db, system_u:object_r:var_t:s0) fdio: 1 writes, 4206 total bytes in 0.000010 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/queue/syscollector/norm_config.json;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/ruleset, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/ruleset/sca, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/amazon, system_u:object_r:var_t:s0) fdio: 7 writes, 207513 total bytes in 0.000114 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/amazon/cis_amazon_linux_1.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 8 writes, 236403 total bytes in 0.000127 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/amazon/cis_amazon_linux_2.yml;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/1, system_u:object_r:var_t:s0) fdio: 1 writes, 30 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/1/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/2, system_u:object_r:var_t:s0) fdio: 1 writes, 30 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/amzn/2/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/5, system_u:object_r:var_t:s0) fdio: 1 writes, 31 total bytes in 0.000008 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/5/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/6, system_u:object_r:var_t:s0) fdio: 7 writes, 209419 total bytes in 0.000106 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/6/cis_centos6_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 31 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/6/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/7, system_u:object_r:var_t:s0) fdio: 9 writes, 262843 total bytes in 0.000142 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/7/cis_centos7_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 31 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/7/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8, system_u:object_r:var_t:s0) fdio: 8 writes, 232169 total bytes in 0.000115 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8/cis_centos8_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 31 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8/sca.files;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 31 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/centos/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/29, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/29/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/30, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/30/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/31, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/31/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/32, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/32/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/33, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/33/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/34, system_u:object_r:var_t:s0) fdio: 1 writes, 1 total bytes in 0.000011 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/34/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/fedora/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/generic, system_u:object_r:var_t:s0) fdio: 1 writes, 26 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/generic/sca.files;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 19044 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/generic/sca_unix_audit.yml;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/5, system_u:object_r:var_t:s0) fdio: 2 writes, 56850 total bytes in 0.000034 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/5/cis_rhel5_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 26 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/5/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/6, system_u:object_r:var_t:s0) fdio: 7 writes, 210236 total bytes in 0.000111 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/6/cis_rhel6_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 26 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/6/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/7, system_u:object_r:var_t:s0) fdio: 8 writes, 260180 total bytes in 0.000126 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/7/cis_rhel7_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 26 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/7/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/8, system_u:object_r:var_t:s0) fdio: 8 writes, 233313 total bytes in 0.000118 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/8/cis_rhel8_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 27 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/8/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/9, system_u:object_r:var_t:s0) fdio: 9 writes, 277254 total bytes in 0.000144 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/9/cis_rhel9_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 27 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/9/sca.files;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 27 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/rhel/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/11, system_u:object_r:var_t:s0) fdio: 2 writes, 60607 total bytes in 0.000032 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/11/cis_sles11_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 28 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/11/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/12, system_u:object_r:var_t:s0) fdio: 2 writes, 62673 total bytes in 0.000033 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/12/cis_sles12_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 28 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/12/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/15, system_u:object_r:var_t:s0) fdio: 6 writes, 180651 total bytes in 0.000094 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/15/cis_sles15_linux.yml;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 29 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/15/sca.files;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 29 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/sles/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/suse, system_u:object_r:var_t:s0) D: /var/ossec/tmp/sca-4.8.0-1-tmp/suse directory created with perms 0755 D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/11, system_u:object_r:var_t:s0) fdio: 1 writes, 28 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/11/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/12, system_u:object_r:var_t:s0) fdio: 1 writes, 28 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/12/sca.files;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 29 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/tmp/sca-4.8.0-1-tmp/suse/sca.files;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/var, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/var/incoming, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/var/run, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/var/selinux, system_u:object_r:var_t:s0) fdio: 1 writes, 3199 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/var/selinux/wazuh.pp;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/var/upgrade, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/var/wodles, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/__init__.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/__init__.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 9801 total bytes in 0.000210 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/aws-s3;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 17232 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/aws_tools.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/buckets_s3, system_u:object_r:var_t:s0) fdio: 1 writes, 462 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/__init__.py;66a0f291, system_u:object_r:var_t:s0) fdio: 2 writes, 41705 total bytes in 0.000030 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/aws_bucket.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1889 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/cloudtrail.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 8844 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/config.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 4353 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/guardduty.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 5729 total bytes in 0.000018 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/load_balancers.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 9254 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/server_access.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 2718 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/umbrella.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 11310 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/vpcflow.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 2897 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/buckets_s3/waf.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/services, system_u:object_r:var_t:s0) fdio: 1 writes, 166 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/services/__init__.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 6109 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/services/aws_service.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 24429 total bytes in 0.000014 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/services/cloudwatchlogs.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 6909 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/services/inspector.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/subscribers, system_u:object_r:var_t:s0) fdio: 1 writes, 201 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/subscribers/__init__.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 10502 total bytes in 0.000012 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/subscribers/s3_log_handler.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 1825 total bytes in 0.000006 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/subscribers/sqs_message_processor.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 6214 total bytes in 0.000012 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/aws/subscribers/sqs_queue.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 22966 total bytes in 0.000015 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/aws/wazuh_integration.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/azure, system_u:object_r:var_t:s0) fdio: 2 writes, 38690 total bytes in 0.000028 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/azure/azure-logs;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 10097 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/azure/orm.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/docker, system_u:object_r:var_t:s0) fdio: 1 writes, 5111 total bytes in 0.000011 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/docker/DockerListener;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/gcloud, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/gcloud/buckets, system_u:object_r:var_t:s0) fdio: 1 writes, 1870 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/gcloud/buckets/access_logs.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 12735 total bytes in 0.000013 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/gcloud/buckets/bucket.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 4704 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/gcloud/exceptions.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 4513 total bytes in 0.000012 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/gcloud/gcloud;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 3119 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/gcloud/integration.py;66a0f291, system_u:object_r:var_t:s0) D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/gcloud/pubsub, system_u:object_r:var_t:s0) fdio: 1 writes, 6085 total bytes in 0.000009 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/gcloud/pubsub/subscriber.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 4420 total bytes in 0.000007 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (12 /var/ossec/wodles/gcloud/tools.py;66a0f291, system_u:object_r:var_t:s0) fdio: 1 writes, 3567 total bytes in 0.000005 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (11 /var/ossec/wodles/utils.py;66a0f291, system_u:object_r:var_t:s0) warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew fdio: 2627 reads, 30127984 total bytes in 0.131783 secs D: SAVEPOINT 'rwlock': 0 D: SAVEPOINT 'Packages': 0 D: RELEASE 'Packages': 0 D: SAVEPOINT 'Name': 0 D: adding "wazuh-agent" to Name index. D: RELEASE 'Name': 0 D: SAVEPOINT 'Basenames': 0 D: adding 356 entries to Basenames index. D: RELEASE 'Basenames': 0 D: SAVEPOINT 'Group': 0 D: adding "System Environment/Daemons" to Group index. D: RELEASE 'Group': 0 D: SAVEPOINT 'Requirename': 0 D: adding 14 entries to Requirename index. D: RELEASE 'Requirename': 0 D: SAVEPOINT 'Providename': 0 D: adding 2 entries to Providename index. D: RELEASE 'Providename': 0 D: SAVEPOINT 'Conflictname': 0 D: adding 4 entries to Conflictname index. D: RELEASE 'Conflictname': 0 D: SAVEPOINT 'Triggername': 0 D: adding 1 entries to Triggername index. D: RELEASE 'Triggername': 0 D: SAVEPOINT 'Dirnames': 0 D: adding 86 entries to Dirnames index. D: RELEASE 'Dirnames': 0 D: SAVEPOINT 'Installtid': 0 D: adding 1 entries to Installtid index. D: RELEASE 'Installtid': 0 D: SAVEPOINT 'Sigmd5': 0 D: adding 1 entries to Sigmd5 index. D: RELEASE 'Sigmd5': 0 D: SAVEPOINT 'Sha1header': 0 D: adding "ecc6af649399b85cf5a7a175f644ae8033342c5e" to Sha1header index. D: RELEASE 'Sha1header': 0 D: RELEASE 'rwlock': 0 D: %post(wazuh-agent-4.8.0-1.x86_64): scriptlet start fdio: 2 writes, 5681 total bytes in 0.000010 secs D: %post(wazuh-agent-4.8.0-1.x86_64): execv(/bin/sh) pid 363645 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) ++ /var/ossec/bin/wazuh-control info -v + echo 'VERSION="v4.8.0"' + '[' 2 = 2 ']' + '[' -d /var/ossec/logs/ossec ']' + '[' -d /var/ossec/queue/ossec ']' + '[' 2 = 1 ']' + [[ -d /run/systemd/system ]] + rm -f /etc/rc.d/init.d/wazuh-agent + rm -rf /var/ossec/packages_files + rm -f '/var/ossec/etc/shared/*.rpmnew' + '[' -r /etc/almalinux-release ']' + '[' -r /etc/centos-release ']' + grep -q AlmaLinux /etc/centos-release + DIST_NAME=centos ++ sed -rn 's/.* ([0-9]{1,2})\.*[0-9]{0,2}.*/\1/p' /etc/centos-release + DIST_VER=9 + SCA_DIR=centos/9 + SCA_BASE_DIR=/var/ossec/tmp/sca-4.8.0-1-tmp + mkdir -p /var/ossec/ruleset/sca + SCA_TMP_DIR=/var/ossec/tmp/sca-4.8.0-1-tmp/centos/9 + '[' -r /var/ossec/tmp/sca-4.8.0-1-tmp/centos/9//sca.files ']' + '[' -r /var/ossec/tmp/sca-4.8.0-1-tmp/centos/9/sca.files ']' + '[' -r /var/ossec/tmp/sca-4.8.0-1-tmp/centos/sca.files ']' + SCA_TMP_DIR=/var/ossec/tmp/sca-4.8.0-1-tmp/centos + SCA_TMP_FILE=/var/ossec/tmp/sca-4.8.0-1-tmp/centos/sca.files + '[' -r /var/ossec/tmp/sca-4.8.0-1-tmp/centos/sca.files ']' + rm -f /var/ossec/ruleset/sca/cis_centos8_linux.yml ++ cat /var/ossec/tmp/sca-4.8.0-1-tmp/centos/sca.files + for sca_file in $(cat ${SCA_TMP_FILE}) + '[' -f /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8/cis_centos8_linux.yml ']' + mv /var/ossec/tmp/sca-4.8.0-1-tmp/centos/8/cis_centos8_linux.yml /var/ossec/ruleset/sca + '[' Xcentos = Xrhel ']' + '[' Xcentos = Xcentos ']' + '[' 9 == 5 ']' + command -v getenforce + command -v semodule ++ getenforce + '[' Permissive '!=' Disabled ']' + semodule -i /var/ossec/var/selinux/wazuh.pp + semodule -e wazuh + chmod 0660 /var/ossec/etc/ossec.conf + getent group ossec D: %post(wazuh-agent-4.8.0-1.x86_64): waitpid(363645) rc 363645 status 0 D: %triggerin(wazuh-agent-4.8.0-1.x86_64): scriptlet start fdio: 2 writes, 149 total bytes in 0.000014 secs D: %triggerin(wazuh-agent-4.8.0-1.x86_64): execv(/bin/sh) pid 363677 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + '[' -r /etc/localtime ']' + cp -fpL /etc/localtime /var/ossec/etc + chown root:wazuh /var/ossec/etc/localtime + chmod 0640 /var/ossec/etc/localtime D: %triggerin(wazuh-agent-4.8.0-1.x86_64): waitpid(363677) rc 363677 status 0 ufdio: 6 reads, 77440 total bytes in 0.000010 secs D: ========== +++ wazuh-agent-4.4.0-1 x86_64-linux 0x0 D: read h# 822 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: erase: wazuh-agent-4.4.0-1.x86_64 has 329 files D: Plugin: calling hook psm_pre in selinux plugin D: libselinux: type 5: uavc: op=setenforce lsm=selinux enforcing=0 res=1D: libselinux: type 4: uavc: op=load_policy lsm=selinux seqno=53 res=1D: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) D: %preun(wazuh-agent-4.4.0-1.x86_64): scriptlet start fdio: 2 writes, 1180 total bytes in 0.000014 secs D: %preun(wazuh-agent-4.4.0-1.x86_64): execv(/bin/sh) pid 363681 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + '[' 1 = 0 ']' D: %preun(wazuh-agent-4.4.0-1.x86_64): waitpid(363681) rc 363681 status 0 wazuh-agent-4.4.0-1.x86_64 D: erase 100640 1 ( 0, 991) 29 /var/ossec/tmp/sca-4.4.0-1-tmp/suse/sca.files D: erase 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.4.0-1-tmp/suse/12/sca.files D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/suse/12 D: erase 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.4.0-1-tmp/suse/11/sca.files D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/suse/11 D: erase 100640 1 ( 0, 991) 29 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/sca.files D: erase 100640 1 ( 0, 991) 29 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/15/sca.files D: erase 100640 1 ( 0, 991)180645 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/15/cis_sles15_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/15 D: erase 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/12/sca.files D: erase 100640 1 ( 0, 991) 62666 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/12/cis_sles12_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/12 D: erase 100640 1 ( 0, 991) 28 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/11/sca.files D: erase 100640 1 ( 0, 991) 60600 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/11/cis_sles11_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/sles/11 D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/sles D: erase 100640 1 ( 0, 991) 27 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/sca.files D: erase 100640 1 ( 0, 991) 27 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/9/sca.files D: erase 100640 1 ( 0, 991)306660 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/9/cis_rhel9_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/9 D: erase 100640 1 ( 0, 991) 27 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/8/sca.files D: erase 100640 1 ( 0, 991)233310 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/8/cis_rhel8_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/8 D: erase 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/7/sca.files D: erase 100640 1 ( 0, 991)256697 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/7/cis_rhel7_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/7 D: erase 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/6/sca.files D: erase 100640 1 ( 0, 991)210233 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/6/cis_rhel6_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/6 D: erase 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/5/sca.files D: erase 100640 1 ( 0, 991) 56847 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/5/cis_rhel5_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel/5 D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/rhel D: erase 100640 1 ( 0, 991) 19044 /var/ossec/tmp/sca-4.4.0-1-tmp/generic/sca_unix_audit.yml D: erase 100640 1 ( 0, 991) 26 /var/ossec/tmp/sca-4.4.0-1-tmp/generic/sca.files D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/generic D: erase 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/sca.files D: erase 100640 1 ( 0, 991) 1 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/34/sca.files D: erase 040640 2 ( 0, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/34 D: erase 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/33/sca.files D: erase 040640 2 ( 0, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/33 D: erase 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/32/sca.files D: erase 040640 2 ( 0, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/32 D: erase 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/31/sca.files D: erase 040640 2 ( 0, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/31 D: erase 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/30/sca.files D: erase 040640 2 ( 0, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/30 D: erase 100640 1 ( 0, 991) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/29/sca.files D: erase 040640 2 ( 0, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora/29 D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/fedora D: erase 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/sca.files D: erase 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/8/sca.files D: erase 000000 0 ( 0, 0) 0 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/8/cis_centos8_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/8 D: erase 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/7/sca.files D: erase 100640 1 ( 0, 991)262834 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/7/cis_centos7_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/7 D: erase 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/6/sca.files D: erase 100640 1 ( 0, 991)209410 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/6/cis_centos6_linux.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/6 D: erase 100640 1 ( 0, 991) 31 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/5/sca.files D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/centos/5 D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/centos D: erase 100640 1 ( 0, 991) 30 /var/ossec/tmp/sca-4.4.0-1-tmp/amzn/2/sca.files D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/amzn/2 D: erase 100640 1 ( 0, 991) 30 /var/ossec/tmp/sca-4.4.0-1-tmp/amzn/1/sca.files D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/amzn/1 D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/amzn D: erase 100640 1 ( 0, 991)236482 /var/ossec/tmp/sca-4.4.0-1-tmp/amazon/cis_amazon_linux_2.yml D: erase 100640 1 ( 0, 991)207588 /var/ossec/tmp/sca-4.4.0-1-tmp/amazon/cis_amazon_linux_1.yml D: erase 040750 2 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp/amazon D: erase 040750 3 ( 995, 991) 4096 /var/ossec/tmp/sca-4.4.0-1-tmp D: %postun(wazuh-agent-4.4.0-1.x86_64): scriptlet start fdio: 2 writes, 763 total bytes in 0.000014 secs D: %postun(wazuh-agent-4.4.0-1.x86_64): execv(/bin/sh) pid 363682 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + '[' 1 = 0 ']' D: %postun(wazuh-agent-4.4.0-1.x86_64): waitpid(363682) rc 363682 status 0 D: --- h# 822 wazuh-agent-4.4.0-1.x86_64 D: SAVEPOINT 'rwlock': 0 D: SAVEPOINT 'Packages': 0 D: RELEASE 'Packages': 0 D: SAVEPOINT 'Name': 0 D: RELEASE 'Name': 0 D: SAVEPOINT 'Basenames': 0 D: RELEASE 'Basenames': 0 D: SAVEPOINT 'Group': 0 D: RELEASE 'Group': 0 D: SAVEPOINT 'Requirename': 0 D: RELEASE 'Requirename': 0 D: SAVEPOINT 'Providename': 0 D: RELEASE 'Providename': 0 D: SAVEPOINT 'Conflictname': 0 D: RELEASE 'Conflictname': 0 D: SAVEPOINT 'Obsoletename': 0 D: RELEASE 'Obsoletename': 0 D: SAVEPOINT 'Triggername': 0 D: RELEASE 'Triggername': 0 D: SAVEPOINT 'Dirnames': 0 D: RELEASE 'Dirnames': 0 D: SAVEPOINT 'Installtid': 0 D: RELEASE 'Installtid': 0 D: SAVEPOINT 'Sigmd5': 0 D: RELEASE 'Sigmd5': 0 D: SAVEPOINT 'Sha1header': 0 D: RELEASE 'Sha1header': 0 D: SAVEPOINT 'Filetriggername': 0 D: RELEASE 'Filetriggername': 0 D: SAVEPOINT 'Transfiletriggername': 0 D: RELEASE 'Transfiletriggername': 0 D: SAVEPOINT 'Recommendname': 0 D: RELEASE 'Recommendname': 0 D: SAVEPOINT 'Suggestname': 0 D: RELEASE 'Suggestname': 0 D: SAVEPOINT 'Supplementname': 0 D: RELEASE 'Supplementname': 0 D: SAVEPOINT 'Enhancename': 0 D: RELEASE 'Enhancename': 0 D: RELEASE 'rwlock': 0 D: running post-transaction scripts D: read h# 823 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: Plugin: calling hook psm_pre in selinux plugin D: %posttrans(wazuh-agent-4.8.0-1.x86_64): scriptlet start fdio: 2 writes, 854 total bytes in 0.000011 secs D: %posttrans(wazuh-agent-4.8.0-1.x86_64): execv(/bin/sh) pid 363683 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + '[' -f /etc/systemd/system/wazuh-agent.service ']' + '[' -f /var/ossec/tmp/wazuh.restart ']' + '[' -d /var/ossec/logs/ossec ']' + '[' -d /var/ossec/queue/ossec ']' + '[' -f /etc/ossec-init.conf ']' + rm -f /etc/ossec-init.conf + rm -f /var/ossec/etc/ossec-init.conf D: %posttrans(wazuh-agent-4.8.0-1.x86_64): waitpid(363683) rc 363683 status 0 D: %transfiletriggerin(glibc-common-2.34-103.el9.x86_64): scriptlet start fdio: 2 writes, 21 total bytes in 0.000017 secs D: %transfiletriggerin(glibc-common-2.34-103.el9.x86_64): execv(/bin/sh) pid 363686 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + /sbin/ldconfig D: %transfiletriggerin(glibc-common-2.34-103.el9.x86_64): waitpid(363686) rc 363686 status 0 D: %transfiletriggerin(systemd-252-32.el9.x86_64): scriptlet start fdio: 2 writes, 382 total bytes in 0.000008 secs D: %transfiletriggerin(systemd-252-32.el9.x86_64): execv(/bin/sh) pid 363688 D: Plugin: calling hook scriptlet_fork_post in selinux plugin D: setexecfilecon: (/bin/sh, rpm_script_t) + test -d /run/systemd/system + /usr/bin/systemctl daemon-reload + /usr/bin/systemctl reload-or-restart --marked D: %transfiletriggerin(systemd-252-32.el9.x86_64): waitpid(363688) rc 363688 status 0 D: read h# 823 Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK D: Plugin: calling hook psm_pre in selinux plugin D: Plugin: calling hook tsm_post in audit plugin D: Plugin: calling hook tsm_post in selinux plugin D: Plugin: calling hook tsm_post in systemd_inhibit plugin D: System shutdown unblocked D: syncing fs / D: PRAGMA synchronous = FULL: 0 D: PRAGMA optimize: 0 D: PRAGMA wal_checkpoint = TRUNCATE: 0 D: Exit status: 0 ```

In this output, we can see the warning: warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew

Now mentioning the problem of the double ca_store tag of the active-response block, I have not managed to find the exact reason. I have been investigating the gen_ossec.sh script, as SPECS have this line where the osseec.conf is created: %{_localstatedir}/packages_files/agent_installation_scripts/gen_ossec.sh conf agent ${DIST_NAME} ${DIST_VER}.${DIST_SUBVER} %{_localstatedir} > %{_localstatedir}/etc/ossec.conf

I'm trying to see what interaction there is between this point and the rpmnew generation, which is where the erroneous double tag occurs.

Since the problem is not new from 4.9.0, we should rethink the priority and release at which this bug should be fixed.

[MarcelKemp]

Thanks, @jotacarma90.

Let's add this issue to the backlog as a medium-impact bug, since it dates back to previous versions.

[lchico]

Update 2024/08/02

I began investigating this issue to gain a full understanding.