Compare commits

...

31 Commits

Author SHA1 Message Date
Eli J. Rodriguez
b46c346ebe Adapt cloud code to v4.5 (#1087) 2023-10-27 11:35:01 +02:00
Franco Giovanolli
91675fecd1 Adapt cloud code to v4.4.5 2023-07-24 18:10:32 -03:00
Pablo
83370eda56 New Version: Update WAZUH_VERSION in Dockerfile 2023-07-13 11:22:12 -03:00
Diego Ariel Balbuena
8336d36509 Adapt cloud code to v4.4.4 (#870) 2023-07-04 11:16:58 +02:00
Pablo
2a2db1b8b3 Adapt cloud to Wazuh v4.4.3 (#863) 2023-06-15 16:22:34 +02:00
Mayte Ariza
68198a2138 Adapt cloud to Wazuh v4.3.10 (#746) 2022-11-18 08:06:43 +01:00
José Antonio Córdoba Gómez
7a2356f6ff Update Wazuh version to v4.3.8 (#724) 2022-09-20 10:48:26 +02:00
José Antonio Córdoba Gómez
c586c0cf88 Include gcloud pubsub and buckets files (#723) 2022-09-20 10:18:06 +02:00
Franco Giovanolli
f2ed432084 Adapt Cloud to Wazuh v4.3.6-debug and fix Dockerfile (#710) 2022-08-19 09:35:04 +02:00
José Antonio Córdoba Gómez
0bb118dce6 Fix /var/ossec/queue/rids permissions for 4.3.X when upgrading from 4.2.X (#703) 2022-08-04 09:35:18 +02:00
Mayte Ariza
d3ec5596a6 Update Wazuh version to v4.3.6 (#699) 2022-07-27 12:42:27 +02:00
Mayte Ariza
84c256d831 Update Wazuh version to v4.3.5 (#683) 2022-06-30 08:19:42 +02:00
José Antonio Córdoba Gómez
ea0e754e75 Update Wazuh version to v4.3.4 (#672) 2022-06-08 16:47:42 +02:00
Jesus Linares
e1f46f0fa1 Update Wazuh version to v4.3.3
Former-commit-id: 428ba362afc66c556945b86dcda895cb00618ed2
2022-06-01 01:13:59 +02:00
Mayte Ariza
85c16a7b27 Update Wazuh version to v4.3.2 (#661)
Former-commit-id: 279436b83a4f764544d4888c3d9b3dc0611fb0fe
2022-05-31 12:38:49 +02:00
AlfonsoRBJ
81e81b1caf Adapt cloud 4.3 (#583)
Former-commit-id: 36788667aa
2022-05-23 10:39:09 +02:00
AlfonsoRBJ
84de38624c update to v4.2.5
Former-commit-id: 02f024ef9a
2021-11-23 13:08:33 +01:00
AlfonsoRBJ
5b4e9dc38f Update Wazuh version to v4.2.4 (#542)
Former-commit-id: 6bdf2c55b7
2021-11-08 17:34:13 +01:00
AlfonsoRBJ
848f512a60 Add utils.py to files mounted that should not be permanent (#520)
Former-commit-id: 9e168906b0
2021-09-24 09:45:11 +02:00
AlfonsoRBJ
741b530585 Adapt cloud to v4.2.1 (#488)
Former-commit-id: dd797edf51
2021-09-16 20:20:22 +02:00
AlfonsoRBJ
68547952ec Merge branch 'cloud-0.81' into cloud-0.91
Former-commit-id: eb8f49aa30
2021-04-22 20:28:44 +02:00
AlfonsoRBJ
aeafdf83f9 update to wazuh 4.1.5 (#471)
Former-commit-id: cb1cdcca9f
2021-04-22 19:45:05 +02:00
AlfonsoRBJ
d29584ab18 Update Filebeat to 7.10.2 (#460)
Former-commit-id: eaf648a232
2021-04-14 09:53:03 +02:00
AlfonsoRBJ
10d87cc223 Update Wazuh to v4.1.4 (#458)
Former-commit-id: 327d7ed854
2021-03-31 10:13:54 +02:00
AlfonsoRBJ
a42a818d88 Adap to wazuh 4.1.2 (#454)
Former-commit-id: 19ed9666b9
2021-03-25 15:47:01 +01:00
AlfonsoRBJ
40d15ec6f8 Merge branch 'cloud-0.61' into cloud-0.70
Former-commit-id: 1746edb2e1
2021-02-27 10:11:08 +01:00
AlfonsoRBJ
c6225fa8f0 Update Filebeat version to 7.10.0 (#434)
Former-commit-id: 6fdb7c8dc6
2021-02-03 11:37:39 +01:00
Franco Giovanolli
87580a2edc Merge pull request #429 from wazuh/cloud-0.60
Update to Wazuh 4.0.4

Former-commit-id: c95f0153c9
2021-01-15 09:22:49 -03:00
Franco Giovanolli
f0590349d0 Merge branch 'cloud-0.70' into cloud-0.60
Former-commit-id: b890282ecd
2021-01-15 09:20:01 -03:00
AlfonsoRBJ
13ba5ee731 Update to wazuh 4.0.4 (#428)
Former-commit-id: e58c2b25d8
2021-01-14 17:22:43 +01:00
AlfonsoRBJ
d23cee6898 update wazuh version to 4.0.3 (#417)
Former-commit-id: b0187c24d4
2020-12-14 16:01:54 +01:00
6 changed files with 103 additions and 89 deletions

View File

@@ -2,8 +2,8 @@
FROM waystonesystems/baseimage-centos:0.2.0 FROM waystonesystems/baseimage-centos:0.2.0
# Arguments # Arguments
ARG FILEBEAT_VERSION=7.9.1 ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_VERSION=4.0.3-1 ARG WAZUH_VERSION=4.5.4-0.debug
# Environment variables # Environment variables
ENV API_USER="foo" \ ENV API_USER="foo" \
@@ -12,31 +12,19 @@ ENV API_USER="foo" \
ARG TEMPLATE_VERSION="4.0" ARG TEMPLATE_VERSION="4.0"
ENV FILEBEAT_DESTINATION="elasticsearch" ENV FILEBEAT_DESTINATION="elasticsearch"
RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
RUN echo $'[wazuh] \n\
gpgcheck=1\n\
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\
gpgcheck=0\n\
enabled=1\n\
name=Wazuh repository\n\
baseurl=https://packages.wazuh.com/4.x/yum/\n\
protect=1\n'\
>> /etc/yum.repos.d/wazuh.repo
# Copy Wazuh Manager custom package
COPY config/wazuh-manager-4.0.3-1.x86_64.rpm /tmp/wazuh-manager-4.0.3-1.x86_64.rpm
# Install packages # Install packages
RUN set -x && \ RUN set -x && \
curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \ groupadd -g 1000 wazuh && \
groupadd -g 1000 ossec && \ useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
useradd -u 1000 -g 1000 -d /var/ossec ossec && \ # Retrieve DEV package
#curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages-dev.wazuh.com/pre-release/yum/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
# Retrieve PROD package
curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.5.x/rpm/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
yum update -y && \ yum update -y && \
yum upgrade -y &&\ yum upgrade -y &&\
yum install -y openssl vim expect python-boto python-pip python-cryptography && \ yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \
yum install -y postfix bsd-mailx mailx ca-certificates && \ yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
yum install -y /tmp/wazuh-manager-4.0.3-1.x86_64.rpm && \ rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
yum clean all && \ yum clean all && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
rm -f /var/ossec/logs/alerts/*/*/* && \ rm -f /var/ossec/logs/alerts/*/*/* && \
@@ -44,10 +32,9 @@ RUN set -x && \
rm -f /var/ossec/logs/firewall/*/*/* && \ rm -f /var/ossec/logs/firewall/*/*/* && \
rm -f /var/ossec/logs/api/*/*/* && \ rm -f /var/ossec/logs/api/*/*/* && \
rm -f /var/ossec/logs/cluster/*/*/* && \ rm -f /var/ossec/logs/cluster/*/*/* && \
rm -f /var/ossec/logs/ossec/*/*/* && \ rm -f /var/ossec/logs/wazuh/*/*/* && \
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \ curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \ rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
# Services # Services
RUN mkdir /etc/service/wazuh && \ RUN mkdir /etc/service/wazuh && \
@@ -76,9 +63,6 @@ RUN chmod 755 /permanent_data.sh && \
sync && \ sync && \
rm /permanent_data.sh rm /permanent_data.sh
# Expose ports
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
# Setting volumes # Setting volumes
# Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made # Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
# to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume. # to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
@@ -100,7 +84,7 @@ VOLUME ["/var/lib/filebeat"]
RUN mkdir /entrypoint-scripts RUN mkdir /entrypoint-scripts
COPY config/entrypoint.sh /entrypoint.sh COPY config/entrypoint.sh /entrypoint.sh
COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh
COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh
@@ -120,8 +104,11 @@ RUN chmod 755 /entrypoint.sh && \
chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
# Load wazuh alerts template. # Load wazuh alerts template.
ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat #ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
RUN chmod go-w /etc/filebeat/wazuh-template.json #RUN chmod go-w /etc/filebeat/wazuh-template.json
# Expose ports
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
# Run all services # Run all services
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

View File

@@ -35,46 +35,68 @@ exec_cmd_stdout() {
############################################################################## ##############################################################################
# Check_update # Check_update
# This function considers the following cases: # This function considers the following cases:
# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh # - If /var/ossec/etc/VERSION does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5. # - If different Wazuh version -> Action: Update. The previous version is older than the current one.
# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one. # - If the same Wazuh version -> Acton: Nothing. Same Wazuh version.
# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version.
############################################################################## ##############################################################################
check_update() { check_update() {
if [ -e /var/ossec/etc/ossec-init.conf ]
then
if [ -e /var/ossec/etc/VERSION ] if [ -e /var/ossec/etc/VERSION ]
then then
previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2) previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
echo "Previous version: $previous_version" echo "CHECK UPDATE - Previous version: $previous_version"
current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2) current_version=$(/var/ossec/bin/wazuh-control -j info | jq .data[0].WAZUH_VERSION | cut -d'"' -f2)
echo "Current version: $current_version" echo "CHECK UPDATE - Current version: $current_version"
if [ $previous_version == $current_version ] if [ $previous_version == $current_version ]
then then
echo "Same Wazuh version in the EBS and image" echo "CHECK UPDATE - Same Wazuh version in the EBS and image"
return 0 return 0
else else
echo "Different Wazuh version: Update" echo "CHECK UPDATE - Different Wazuh version: Update"
mayor_previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2 | cut -d'.' -f1) wazuh_version_regex='v4.2.[0-9]'
if [[ ${mayor_previous_version} == "v3" ]]; then if [[ "$previous_version" =~ $wazuh_version_regex ]]
echo "Remove Wazuh API deprecated files" then
rm -rf "${WAZUH_INSTALL_PATH}/api/configuration/auth" echo "CHECK UPDATE - Change ossec user to wazuh user"
rm "${WAZUH_INSTALL_PATH}/api/configuration/config.js" ossec_group_files=$(find /var/ossec -group 1000)
rm "${WAZUH_INSTALL_PATH}/api/configuration/preloaded_vars.conf" ossec_user_files=$(find /var/ossec -user 1000)
echo "Load new API configuration"
exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration" while IFS= read -r group; do
echo "Remove Wazuh agent-info queue" chgrp wazuh $group
rm -rf "${WAZUH_INSTALL_PATH}/queue/agent-info" done <<< "$ossec_group_files"
while IFS= read -r user; do
chown wazuh $user
done <<< "$ossec_user_files"
echo "CHECK UPDATE - Change ossecr user to wazuh user"
ossecr_group_files=$(find /var/ossec -group 998)
ossecr_user_files=$(find /var/ossec -user 998)
while IFS= read -r group; do
chgrp wazuh $group
done <<< "$ossecr_group_files"
while IFS= read -r user; do
chown wazuh $user
done <<< "$ossecr_user_files"
echo "CHECK UPDATE - Change ossecm user to wazuh user"
ossecm_group_files=$(find /var/ossec -group 997)
ossecm_user_files=$(find /var/ossec -user 997)
while IFS= read -r group; do
chgrp wazuh $group
done <<< "$ossecm_group_files"
while IFS= read -r user; do
chown wazuh $user
done <<< "$ossecm_user_files"
fi fi
return 1 return 1
fi fi
else else
echo "Previous version prior to 3.11.5: Update" echo "CHECK UPDATE - First time mounting EBS"
return 1
fi
else
echo "First time mounting EBS"
return 0 return 0
fi fi
} }
@@ -150,7 +172,7 @@ remove_data_files() {
############################################################################## ##############################################################################
create_ossec_key_cert() { create_ossec_key_cert() {
print "Creating ossec-authd key and cert" print "Creating wazuh-authd key and cert"
exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096" exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
} }
@@ -180,7 +202,7 @@ mount_files() {
############################################################################## ##############################################################################
function ossec_shutdown(){ function ossec_shutdown(){
${WAZUH_INSTALL_PATH}/bin/ossec-control stop; ${WAZUH_INSTALL_PATH}/bin/wazuh-control stop;
} }
############################################################################## ##############################################################################
@@ -188,7 +210,7 @@ function ossec_shutdown(){
# paths or commands, and execute them. # paths or commands, and execute them.
# #
# This can be useful for actions that need to be run before the services are # This can be useful for actions that need to be run before the services are
# started, such as "/var/ossec/bin/ossec-control enable agentless". # started, such as "/var/ossec/bin/wazuh-control enable agentless".
############################################################################## ##############################################################################
docker_custom_args() { docker_custom_args() {
@@ -280,7 +302,7 @@ main() {
echo "Keeping databases" echo "Keeping databases"
fi fi
# Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
if [ $AUTO_ENROLLMENT_ENABLED == true ] if [ $AUTO_ENROLLMENT_ENABLED == true ]
then then
if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ] if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]

View File

@@ -3,4 +3,4 @@
# Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod. # Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
echo "Adding Wazuh version to /var/ossec/etc/VERSION" echo "Adding Wazuh version to /var/ossec/etc/VERSION"
cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION /var/ossec/bin/wazuh-control info > /var/ossec/etc/VERSION

View File

@@ -9,7 +9,9 @@ import re
sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework") sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json" WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json"
WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json" WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
try: try:
from wazuh.rbac.orm import create_rbac_db
from wazuh.security import ( from wazuh.security import (
create_user, create_user,
get_users, get_users,
@@ -42,6 +44,7 @@ if __name__ == "__main__":
wui_password = read_wui_user_file() wui_password = read_wui_user_file()
wazuh_password = read_wazuh_user_file() wazuh_password = read_wazuh_user_file()
create_rbac_db()
initial_users = db_users() initial_users = db_users()
# set a random password for all other users (not wazuh-wui) # set a random password for all other users (not wazuh-wui)

View File

@@ -16,31 +16,29 @@ export PERMANENT_DATA
# Files mounted in a volume that should not be permanent # Files mounted in a volume that should not be permanent
i=0 i=0
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/api/configuration/ssl/server.crt"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/api/configuration/ssl/server.key"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -57,14 +55,19 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
export PERMANENT_DATA_EXCP export PERMANENT_DATA_EXCP

View File

@@ -1 +0,0 @@
ad2d636c325fddb78af5dedc55db63428c09d671