mirror of
				https://github.com/wazuh/wazuh-docker.git
				synced 2025-10-25 00:53:37 +00:00 
			
		
		
		
	Compare commits
	
		
			31 Commits
		
	
	
		
			cloud-v0.6
			...
			cloud-v1.2
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | b46c346ebe | ||
|  | 91675fecd1 | ||
|  | 83370eda56 | ||
|  | 8336d36509 | ||
|  | 2a2db1b8b3 | ||
|  | 68198a2138 | ||
|  | 7a2356f6ff | ||
|  | c586c0cf88 | ||
|  | f2ed432084 | ||
|  | 0bb118dce6 | ||
|  | d3ec5596a6 | ||
|  | 84c256d831 | ||
|  | ea0e754e75 | ||
|  | e1f46f0fa1 | ||
|  | 85c16a7b27 | ||
|  | 81e81b1caf | ||
|  | 84de38624c | ||
|  | 5b4e9dc38f | ||
|  | 848f512a60 | ||
|  | 741b530585 | ||
|  | 68547952ec | ||
|  | aeafdf83f9 | ||
|  | d29584ab18 | ||
|  | 10d87cc223 | ||
|  | a42a818d88 | ||
|  | 40d15ec6f8 | ||
|  | c6225fa8f0 | ||
|  | 87580a2edc | ||
|  | f0590349d0 | ||
|  | 13ba5ee731 | ||
|  | d23cee6898 | 
| @@ -2,8 +2,8 @@ | |||||||
| FROM waystonesystems/baseimage-centos:0.2.0 | FROM waystonesystems/baseimage-centos:0.2.0 | ||||||
|  |  | ||||||
| # Arguments | # Arguments | ||||||
| ARG FILEBEAT_VERSION=7.9.1 | ARG FILEBEAT_VERSION=7.10.2 | ||||||
| ARG WAZUH_VERSION=4.0.3-1 | ARG WAZUH_VERSION=4.5.4-0.debug | ||||||
|  |  | ||||||
| # Environment variables | # Environment variables | ||||||
| ENV API_USER="foo" \ | ENV API_USER="foo" \ | ||||||
| @@ -12,31 +12,19 @@ ENV API_USER="foo" \ | |||||||
| ARG TEMPLATE_VERSION="4.0" | ARG TEMPLATE_VERSION="4.0" | ||||||
| ENV FILEBEAT_DESTINATION="elasticsearch" | ENV FILEBEAT_DESTINATION="elasticsearch" | ||||||
|  |  | ||||||
| RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH |  | ||||||
|  |  | ||||||
| RUN echo $'[wazuh] \n\ |  | ||||||
| gpgcheck=1\n\ |  | ||||||
| gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\ |  | ||||||
| gpgcheck=0\n\ |  | ||||||
| enabled=1\n\ |  | ||||||
| name=Wazuh repository\n\ |  | ||||||
| baseurl=https://packages.wazuh.com/4.x/yum/\n\ |  | ||||||
| protect=1\n'\ |  | ||||||
| >> /etc/yum.repos.d/wazuh.repo |  | ||||||
|  |  | ||||||
| # Copy Wazuh Manager custom package |  | ||||||
| COPY config/wazuh-manager-4.0.3-1.x86_64.rpm /tmp/wazuh-manager-4.0.3-1.x86_64.rpm |  | ||||||
|  |  | ||||||
| # Install packages | # Install packages | ||||||
| RUN set -x && \ | RUN set -x && \ | ||||||
|     curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \ |     groupadd -g 1000 wazuh && \ | ||||||
|     groupadd -g 1000 ossec && \ |     useradd -u 1000 -g 1000 -d /var/ossec wazuh && \ | ||||||
|     useradd -u 1000 -g 1000 -d /var/ossec ossec && \ |     # Retrieve DEV package | ||||||
|  |     #curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages-dev.wazuh.com/pre-release/yum/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \ | ||||||
|  |     # Retrieve PROD package | ||||||
|  |     curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.5.x/rpm/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \ | ||||||
|     yum update -y && \ |     yum update -y && \ | ||||||
|     yum upgrade -y &&\ |     yum upgrade -y &&\ | ||||||
|     yum install -y openssl vim expect python-boto python-pip python-cryptography && \ |     yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \ | ||||||
|     yum install -y postfix bsd-mailx mailx ca-certificates && \ |     yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \ | ||||||
|     yum install -y /tmp/wazuh-manager-4.0.3-1.x86_64.rpm && \ |     rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \ | ||||||
|     yum clean all && \ |     yum clean all && \ | ||||||
|     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ |     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ | ||||||
|     rm -f /var/ossec/logs/alerts/*/*/* && \ |     rm -f /var/ossec/logs/alerts/*/*/* && \ | ||||||
| @@ -44,10 +32,9 @@ RUN set -x && \ | |||||||
|     rm -f /var/ossec/logs/firewall/*/*/* && \ |     rm -f /var/ossec/logs/firewall/*/*/* && \ | ||||||
|     rm -f /var/ossec/logs/api/*/*/* && \ |     rm -f /var/ossec/logs/api/*/*/* && \ | ||||||
|     rm -f /var/ossec/logs/cluster/*/*/* && \ |     rm -f /var/ossec/logs/cluster/*/*/* && \ | ||||||
|     rm -f /var/ossec/logs/ossec/*/*/* && \ |     rm -f /var/ossec/logs/wazuh/*/*/* && \ | ||||||
|     curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \ |     curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \ | ||||||
|     rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \ |     rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm | ||||||
|     sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo |  | ||||||
|  |  | ||||||
| # Services | # Services | ||||||
| RUN mkdir /etc/service/wazuh && \ | RUN mkdir /etc/service/wazuh && \ | ||||||
| @@ -76,9 +63,6 @@ RUN chmod 755 /permanent_data.sh && \ | |||||||
|     sync && \ |     sync && \ | ||||||
|     rm /permanent_data.sh  |     rm /permanent_data.sh  | ||||||
|  |  | ||||||
| # Expose ports |  | ||||||
| EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp |  | ||||||
|  |  | ||||||
| # Setting volumes | # Setting volumes | ||||||
| # Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made | # Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made | ||||||
| # to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume. | # to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume. | ||||||
| @@ -100,7 +84,7 @@ VOLUME ["/var/lib/filebeat"] | |||||||
| RUN mkdir /entrypoint-scripts | RUN mkdir /entrypoint-scripts | ||||||
|  |  | ||||||
| COPY config/entrypoint.sh /entrypoint.sh | COPY config/entrypoint.sh /entrypoint.sh | ||||||
| COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py | COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py | ||||||
| COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh | COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh | ||||||
| COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh | COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh | ||||||
| COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh | COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh | ||||||
| @@ -120,8 +104,11 @@ RUN chmod 755 /entrypoint.sh && \ | |||||||
|     chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh |     chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh | ||||||
|  |  | ||||||
| # Load wazuh alerts template. | # Load wazuh alerts template. | ||||||
| ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat | #ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat | ||||||
| RUN chmod go-w /etc/filebeat/wazuh-template.json  | #RUN chmod go-w /etc/filebeat/wazuh-template.json  | ||||||
|  |  | ||||||
|  | # Expose ports | ||||||
|  | EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp | ||||||
|  |  | ||||||
| # Run all services | # Run all services | ||||||
| ENTRYPOINT ["/entrypoint.sh"] | ENTRYPOINT ["/entrypoint.sh"] | ||||||
| @@ -35,46 +35,68 @@ exec_cmd_stdout() { | |||||||
| ############################################################################## | ############################################################################## | ||||||
| # Check_update | # Check_update | ||||||
| # This function considers the following cases: | # This function considers the following cases: | ||||||
| # - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh | # - If /var/ossec/etc/VERSION does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh | ||||||
| # - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5. | # - If different Wazuh version -> Action: Update. The previous version is older than the current one. | ||||||
| # - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one. | # - If the same Wazuh version -> Acton: Nothing. Same Wazuh version. | ||||||
| # - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version. |  | ||||||
| ############################################################################## | ############################################################################## | ||||||
|  |  | ||||||
| check_update() { | check_update() { | ||||||
|   if [ -e /var/ossec/etc/ossec-init.conf ] |  | ||||||
|   then |  | ||||||
|   if [ -e /var/ossec/etc/VERSION ] |   if [ -e /var/ossec/etc/VERSION ] | ||||||
|   then |   then | ||||||
|     previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2) |     previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2) | ||||||
|       echo "Previous version: $previous_version" |     echo "CHECK UPDATE - Previous version: $previous_version" | ||||||
|       current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2) |     current_version=$(/var/ossec/bin/wazuh-control -j info | jq .data[0].WAZUH_VERSION | cut -d'"' -f2) | ||||||
|       echo "Current version: $current_version" |     echo "CHECK UPDATE - Current version: $current_version" | ||||||
|     if [ $previous_version == $current_version ] |     if [ $previous_version == $current_version ] | ||||||
|     then |     then | ||||||
|         echo "Same Wazuh version in the EBS and image" |       echo "CHECK UPDATE - Same Wazuh version in the EBS and image" | ||||||
|       return 0 |       return 0 | ||||||
|     else |     else | ||||||
|         echo "Different Wazuh version: Update" |       echo "CHECK UPDATE - Different Wazuh version: Update" | ||||||
|         mayor_previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2 | cut -d'.' -f1) |       wazuh_version_regex='v4.2.[0-9]' | ||||||
|         if [[ ${mayor_previous_version} == "v3" ]]; then |       if [[ "$previous_version" =~ $wazuh_version_regex ]] | ||||||
|           echo "Remove Wazuh API deprecated files" |       then | ||||||
|           rm -rf "${WAZUH_INSTALL_PATH}/api/configuration/auth" |         echo "CHECK UPDATE - Change ossec user to wazuh user" | ||||||
|           rm "${WAZUH_INSTALL_PATH}/api/configuration/config.js" |         ossec_group_files=$(find /var/ossec -group 1000) | ||||||
|           rm "${WAZUH_INSTALL_PATH}/api/configuration/preloaded_vars.conf" |         ossec_user_files=$(find /var/ossec -user 1000) | ||||||
|           echo "Load new API configuration" |  | ||||||
|           exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration" |         while IFS= read -r group; do | ||||||
|           echo "Remove Wazuh agent-info queue" |           chgrp wazuh $group | ||||||
|           rm -rf "${WAZUH_INSTALL_PATH}/queue/agent-info" |         done <<< "$ossec_group_files" | ||||||
|  |  | ||||||
|  |         while IFS= read -r user; do | ||||||
|  |           chown wazuh $user | ||||||
|  |         done <<< "$ossec_user_files" | ||||||
|  |  | ||||||
|  |         echo "CHECK UPDATE - Change ossecr user to wazuh user" | ||||||
|  |         ossecr_group_files=$(find /var/ossec -group 998) | ||||||
|  |         ossecr_user_files=$(find /var/ossec -user 998) | ||||||
|  |  | ||||||
|  |         while IFS= read -r group; do | ||||||
|  |           chgrp wazuh $group | ||||||
|  |         done <<< "$ossecr_group_files" | ||||||
|  |  | ||||||
|  |         while IFS= read -r user; do | ||||||
|  |           chown wazuh $user | ||||||
|  |         done <<< "$ossecr_user_files" | ||||||
|  |  | ||||||
|  |         echo "CHECK UPDATE - Change ossecm user to wazuh user" | ||||||
|  |         ossecm_group_files=$(find /var/ossec -group 997) | ||||||
|  |         ossecm_user_files=$(find /var/ossec -user 997) | ||||||
|  |  | ||||||
|  |         while IFS= read -r group; do | ||||||
|  |           chgrp wazuh $group | ||||||
|  |         done <<< "$ossecm_group_files" | ||||||
|  |  | ||||||
|  |         while IFS= read -r user; do | ||||||
|  |           chown wazuh $user | ||||||
|  |         done <<< "$ossecm_user_files" | ||||||
|  |  | ||||||
|       fi |       fi | ||||||
|       return 1 |       return 1 | ||||||
|     fi |     fi | ||||||
|   else |   else | ||||||
|       echo "Previous version prior to 3.11.5: Update" |     echo "CHECK UPDATE - First time mounting EBS" | ||||||
|       return 1 |  | ||||||
|     fi |  | ||||||
|   else |  | ||||||
|     echo "First time mounting EBS" |  | ||||||
|     return 0 |     return 0 | ||||||
|   fi |   fi | ||||||
| } | } | ||||||
| @@ -150,7 +172,7 @@ remove_data_files() { | |||||||
| ############################################################################## | ############################################################################## | ||||||
|  |  | ||||||
| create_ossec_key_cert() { | create_ossec_key_cert() { | ||||||
|   print "Creating ossec-authd key and cert" |   print "Creating wazuh-authd key and cert" | ||||||
|   exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096" |   exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096" | ||||||
|   exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" |   exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" | ||||||
| } | } | ||||||
| @@ -180,7 +202,7 @@ mount_files() { | |||||||
| ############################################################################## | ############################################################################## | ||||||
|  |  | ||||||
| function ossec_shutdown(){ | function ossec_shutdown(){ | ||||||
|   ${WAZUH_INSTALL_PATH}/bin/ossec-control stop; |   ${WAZUH_INSTALL_PATH}/bin/wazuh-control stop; | ||||||
| } | } | ||||||
|  |  | ||||||
| ############################################################################## | ############################################################################## | ||||||
| @@ -188,7 +210,7 @@ function ossec_shutdown(){ | |||||||
| # paths or commands, and execute them.  | # paths or commands, and execute them.  | ||||||
| # | # | ||||||
| # This can be useful for actions that need to be run before the services are | # This can be useful for actions that need to be run before the services are | ||||||
| # started, such as "/var/ossec/bin/ossec-control enable agentless". | # started, such as "/var/ossec/bin/wazuh-control enable agentless". | ||||||
| ############################################################################## | ############################################################################## | ||||||
|  |  | ||||||
| docker_custom_args() { | docker_custom_args() { | ||||||
| @@ -280,7 +302,7 @@ main() { | |||||||
|     echo "Keeping databases" |     echo "Keeping databases" | ||||||
|   fi |   fi | ||||||
|  |  | ||||||
|   # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist |   # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist | ||||||
|   if [ $AUTO_ENROLLMENT_ENABLED == true ] |   if [ $AUTO_ENROLLMENT_ENABLED == true ] | ||||||
|   then |   then | ||||||
|     if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ] |     if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ] | ||||||
|   | |||||||
| @@ -3,4 +3,4 @@ | |||||||
|  |  | ||||||
| # Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod. | # Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod. | ||||||
| echo "Adding Wazuh version to /var/ossec/etc/VERSION" | echo "Adding Wazuh version to /var/ossec/etc/VERSION" | ||||||
| cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION | /var/ossec/bin/wazuh-control info > /var/ossec/etc/VERSION | ||||||
| @@ -9,7 +9,9 @@ import re | |||||||
| sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework") | sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework") | ||||||
| WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json" | WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json" | ||||||
| WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json" | WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json" | ||||||
|  |  | ||||||
| try: | try: | ||||||
|  |     from wazuh.rbac.orm import create_rbac_db | ||||||
|     from wazuh.security import ( |     from wazuh.security import ( | ||||||
|         create_user, |         create_user, | ||||||
|         get_users, |         get_users, | ||||||
| @@ -42,6 +44,7 @@ if __name__ == "__main__": | |||||||
|  |  | ||||||
|     wui_password = read_wui_user_file() |     wui_password = read_wui_user_file() | ||||||
|     wazuh_password = read_wazuh_user_file() |     wazuh_password = read_wazuh_user_file() | ||||||
|  |     create_rbac_db() | ||||||
|     initial_users = db_users() |     initial_users = db_users() | ||||||
|  |  | ||||||
|     # set a random password for all other users (not wazuh-wui) |     # set a random password for all other users (not wazuh-wui) | ||||||
|   | |||||||
| @@ -16,31 +16,29 @@ export PERMANENT_DATA | |||||||
|  |  | ||||||
| # Files mounted in a volume that should not be permanent | # Files mounted in a volume that should not be permanent | ||||||
| i=0 | i=0 | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/api/configuration/ssl/server.crt" |  | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/api/configuration/ssl/server.key" |  | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh" |  | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff" | ||||||
| @@ -57,14 +55,19 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3" | |||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py" | ||||||
|  | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json" | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz" |  | ||||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db" | PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db" | ||||||
| export PERMANENT_DATA_EXCP | export PERMANENT_DATA_EXCP | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1 +0,0 @@ | |||||||
| ad2d636c325fddb78af5dedc55db63428c09d671 |  | ||||||
		Reference in New Issue
	
	Block a user