diff --git a/BUILD.md b/BUILD.md deleted file mode 100644 index d04c2bfb3e..0000000000 --- a/BUILD.md +++ /dev/null @@ -1,333 +0,0 @@ -# Build Instructions - -The following dependencies are required for building this project: - -- **Git** -- **CMake** at least 3.22 -- **C++ compiler** (GCC 10 or Clang 13, coroutines support needed) -- **Vcpkg** - - **Zip** (for [vcpkg](https://vcpkg.io)) - - **Unzip** (for [vcpkg](https://vcpkg.io)) - - **Curl** (for [vcpkg](https://vcpkg.io)) - - **Tar** (for [vcpkg](https://vcpkg.io)) - - **Ninja-build** (for [vcpkg](https://vcpkg.io)) -- **Pkg-config** -- Plus some additional packages listed below... - -## Compilation steps for Linux - -1. **Installing Dependencies on Debian** - - To install the necessary dependencies on a Debian-based system, run the following commands: - - ```bash - sudo apt-get update - sudo apt-get install cmake make g++ gcc git zip unzip curl tar ninja-build pkg-config wget \ - lsb-release libsystemd-dev autopoint autoconf libtool gettext - ``` - -2. **Clone the Repository** - - First, clone the repository using the following command: - - ```bash - git clone https://github.com/wazuh/wazuh-agent.git - ``` - -3. **Vcpkg** - - The project uses Vcpkg for dependency management. If you already have Vcpkg's repository checked out, - you can speed up the configuration process slightly by making sure that `VCPKG_ROOT` is set to its path. - Otherwise, it will be checked out during CMake's configuration phase. - -4. **Configure and Build the Project** - - ```bash - cd wazuh-agent - cmake src -B build - cmake --build build - cmake --install src/build --prefix / - ``` - - If you want to include tests, configure the project with the following command: - - ```bash - cmake src -B build -DBUILD_TESTS=1 - cmake --build build - ``` - -5. **Run the Agent** - - **To run the agent in the foreground from the CLI** - - You can start and get status with: - - ```bash - ./wazuh-agent - ./wazuh-agent --status - ``` - - **To run the agent as a systemd service** - - Copy the file `src/agent/service/wazuh-agent.service` to `/usr/lib/systemd/system/`. - Replace the placeholder WAZUH_HOME to your wazuh-agent executable directory. - Reload unit files. - - ```bash - systemctl daemon-reload - ``` - - Enable service. - - ```bash - systemctl enable wazuh-agent - ``` - - You can start and stop the agent, and get status from systemctl: - - ```bash - systemctl start wazuh-agent - systemctl stop wazuh-agent - systemctl is-active wazuh-agent - systemctl status wazuh-agent - ``` - -6. **Run tests** - - If built with CMake and `-DBUILD_TESTS=1`, you can run tests with: - - ```bash - ctest --test-dir build --output-log build - ``` - -## Compilation steps for macOS - -1. **Install brew, a package manager for macOS** - ```bash - /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - ``` - -2. **Install dependencies** - ```bash - brew install automake autoconf libtool cmake pkg-config openssl - ``` - -3. **Clone the Repository** - - Clone the repository: - - ```bash - git clone https://github.com/wazuh/wazuh-agent.git - ``` - -4. **Vcpkg** - - The project uses Vcpkg for dependency management. If you already have Vcpkg's repository checked out, - you can speed up the configuration process slightly by making sure that `VCPKG_ROOT` is set to its path. - Otherwise, it will be checked out during CMake's configuration phase. - -5. **Configure and Build the Project** - - ```bash - cd wazuh-agent - cmake src -B build - cmake --build build - cmake --install src/build --prefix / - ``` - - If you want to include tests, configure the project with the following command: - - ```bash - cmake src -B build -DBUILD_TESTS=1 - cmake --build build - ``` - -6. **Run the Agent** - - **To run the agent in the foreground from the CLI** - - You can start and get status with: - - ```bash - ./wazuh-agent - ./wazuh-agent --status - ``` - - **To run the agent as a launchd service** - - Copy the property list file `src/agent/service/com.wazuh.agent.plist` to `/Library/LaunchDaemons/`. - Edit the file and replace the placeholder path with your wazuh-agent executable directory as well - as the working directory. - - ```bash - sudo chown root:wheel /Library/LaunchDaemons/com.wazuh.agent.plist - sudo chmod 644 /Library/LaunchDaemons/com.wazuh.agent.plist - ``` - - ***Load the service*** - - ```bash - sudo launchctl bootstrap system /Library/LaunchDaemons/com.wazuh.agent.plist - ``` - - This command has superseeded `load` in the legacy syntax. The daemon will run after load as indicated - in the property list file. - - - ***Unload the service*** - - ```bash - sudo launchctl bootout system /Library/LaunchDaemons/com.wazuh.agent.plist - ``` - - This command has superseeded `unload` in the legacy syntax. - - - ***Verify the service is running*** - - ```bash - sudo launchctl print system/com.wazuh.agent - ``` - -7. **Run tests** - - If built with CMake and `-DBUILD_TESTS=1`, you can run tests with: - - ```bash - ctest --test-dir build --output-log build - ``` - -8. **Package Installation** - - If you wish to install a package use the following command. - - ```bash - sudo installer -pkg /path/to/package/package_filename.pkg -target / - ``` - - Then load and manage the service as indicated in point 6 above. Skip the property list file copying and - editing as well as the permissions part - the installer takes care of that. - -## Compilation steps for Windows - -1. **Installing Dependencies** - -- Visual Studio Community 2022 (with MSVC 14) -- Chocolatey - ```bash - Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) - ``` -- Make - ```bash - choco install make - ``` -- Cmake 3.30.x - ```bash - choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' - ``` -- OpenSSL - ```bash - choco install openssl - ``` -- Git - -2. **Clone the Repository** - - First, clone the repository using the following command: - - ```bash - git clone https://github.com/wazuh/wazuh-agent.git - ``` - -3. **Vcpkg** - - The project uses Vcpkg for dependency management. If you already have Vcpkg's repository checked out, - you can speed up the configuration process slightly by making sure that `VCPKG_ROOT` is set to its path. - Otherwise, it will be checked out during CMake's configuration phase. - -4. **Configure and Build the Project** - - ```bash - cd wazuh-agent - cmake src -B build -G "Visual Studio 17 2022" -A x64 - cmake --build build - ``` - - If you want to include tests, configure the project with the following command: - - ```bash - cmake src -B build -DBUILD_TESTS=1 -G "Visual Studio 17 2022" -A x64 - cmake --build build --config RelWithDebInfo - ``` - -5. **Run the Agent** - - **To run the agent in the foreground from the CLI** - - You can start and get status with the following commands: - - ```bash - .\wazuh-agent - .\wazuh-agent --status - ``` - - **To install the agent as a windows service** - - ```bash - .\RelWithDebInfo\wazuh-agent --install-service - ``` - You can start, stop or restart the service from Windows SCM. - - Or from the CLI - - ```bash - net start "Wazuh Agent" - net stop "Wazuh Agent" - ``` - - **To remove the service** - ```bash - .\RelWithDebInfo\wazuh-agent --remove-service - ``` - -6. **Run tests** - - If built with CMake and `-DBUILD_TESTS=1`, you can run tests with: - - ```bash - ctest -C RelWithDebInfo --test-dir build --output-log build - ``` - -### Options - -|Option|Description|Default| -|---|---|---| -|`BUILD_TESTS`|Enable tests compilation|`OFF`| -|`COVERAGE`|Enable coverage report|`OFF`| -|`ENABLE_CLANG_TIDY`|Check code with _clang-tidy_ (requires `clang-tidy-18`) |`ON`| -|`ENABLE_INVENTORY`|Enable Inventory module |`ON`| -|`ENABLE_LOGCOLLECTOR`|Enable Logcollector module|`ON`| - -## Notes for developers - -In addition to the requirements listed above, our development process mandates the use of -clang-format and clang-tidy, with checks integrated into our CI pipelines. - -On Linux, these tools can be installed with the following commands: - -```bash -wget https://apt.llvm.org/llvm.sh -chmod +x llvm.sh -sudo ./llvm.sh 18 -sudo apt-get update -sudo apt-get install -y clang-tidy-18 clang-format-18 -``` - -Additionally, you may choose to checkout `Vcpkg` to a separate path and use that instance for builds: - -```bash -git clone https://github.com/microsoft/vcpkg.git -cd vcpkg -./bootstrap-vcpkg.sh -export VCPKG_ROOT=$(pwd) -``` diff --git a/README.md b/README.md index 248f38920a..6aee69cf17 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,11 @@ To install the Wazuh Agent, follow the steps below: git clone https://github.com/wazuh/wazuh-agent.git cd wazuh-agent ``` -2. Build and install the agent: see [BUILD.md](BUILD.md). +2. Use one of the following options: + + - [Build from sources](docs/dev/build-sources.md) + - [Build packages](docs/dev/build-packages.md) + - [Build a Docker container image](docs/dev/build-image.md) For more detailed installation instructions, please refer to the Wazuh documentation. @@ -40,30 +44,31 @@ For more detailed installation instructions, please refer to the Wazuh documenta This project uses the following third-party software: -| Software | Description | License | Version | -| ----------------------------------------------------------------------------- | ---------------------------------------------------------------- | ------------------------------ | ------- | -| [Boost Asio](https://www.boost.org/doc/libs/release/doc/html/boost_asio.html) | Cross-platform C++ library for network programming | Boost Software License 1.0 | 1.85.0 | -| [Boost Beast](https://www.boost.org/doc/libs/release/libs/beast/) | Library built on Boost Asio for HTTP and WebSocket communication | Boost Software License 1.0 | 1.85.0 | -| [Boost Uuid](https://www.boost.org/doc/libs/release/libs/uuid/) | Provides support for universally unique identifiers (UUIDs) | Boost Software License 1.0 | 1.85.0 | -| [cjson](https://github.com/DaveGamble/cJSON) | Ultralightweight JSON parser in ANSI Clone | MIT licensed | 1.7.17 | -| [curl](https://curl.se/) | A library for transferring data with URLs | curl AND ISC AND BSD-3-Clause | 8.5.0 | -| [fmt](https://fmt.dev/) | A formatting library for C++ | MIT License | 10.2.1 | -| [gtest](https://github.com/google/googletest) | Google's C++ testing framework | BSD-3-Clause | 1.15.2 | -| [jwt-cpp](https://github.com/Thalhammer/jwt-cpp) | C++ library for handling JSON Web Tokens (JWT) | MIT License | 0.7.0 | -| [libarchive](https://www.libarchive.org) | Library for reading and writing streaming archives | 3-Clause New BSD License | 3.7.5 | -| [libdb](https://github.com/yasuhirokimura/db18) | Database management library | AGPL-3.0 | 18.1.40 | -| [libplist](https://libimobiledevice.org/) | A library to handle Apple Property List format in binary or XML | LGPL-2.1-or-later | 2.2.0 | -| [libpopt](https://github.com/rpm-software-management/popt) | Library for parsing command line parameters | MIT licensed | 1.16 | -| [librpm](https://github.com/rpm-software-management/rpm) | RPM package manager | GPL-2.0 | 4.18.2 | -| [lua](https://www.lua.org) | A powerful, fast, lightweight, embeddable scripting language | MIT licensed | 5.4.1 | -| [nlohmann-json](https://github.com/nlohmann/json) | JSON parsing and serialization library for C++ | MIT License | 3.11.3 | -| [OpenSSL](https://www.openssl.org/) | Toolkit for SSL/TLS protocols | Apache 2.0 and OpenSSL License | 3.3.2 | -| [procps](https://github.com/warmchang/procps) | Utilities for monitoring system processes and resources | GPL-2.0 | 3.3.0 | -| [spdlog](https://github.com/gabime/spdlog) | Fast C++ logging library | MIT License | 1.14.1 | -| [sqlite3](https://sqlite.org/) | SQLite is a software library that implements a self-contained serverless, zero-configuration, transactional SQL database engine | Public Domain (no restrictions) | 3.45.0 | -| [SQLiteCpp](https://github.com/SRombauts/SQLiteCpp) | C++ wrapper around the SQLite database library | MIT License | 3.3.2 | -| [toml11](https://github.com/ToruNiina/toml11) | C++11 TOML parser library | MIT License | 4.0.0 | -| [zlib](https://www.zlib.net/) | A compression library | Zlib | 1.3.1 | +| Software | Description | License | Version | +| ------------------------------------------------------------------------------------ | ---------------------------------------------------------------- | ------------------------------ | ------- | +| [Boost Asio](https://www.boost.org/doc/libs/release/doc/html/boost_asio.html) | Cross-platform C++ library for network programming | Boost Software License 1.0 | 1.85.0 | +| [Boost Beast](https://www.boost.org/doc/libs/release/libs/beast/) | Library built on Boost Asio for HTTP and WebSocket communication | Boost Software License 1.0 | 1.85.0 | +| [Boost Program Options](https://www.boost.org/doc/libs/release/libs/program_options/) | Command-line options library for C++ | Boost Software License 1.0 | 1.85.0 | +| [Boost Uuid](https://www.boost.org/doc/libs/release/libs/uuid/) | Provides support for universally unique identifiers (UUIDs) | Boost Software License 1.0 | 1.85.0 | +| [Boost Url](https://www.boost.org/doc/libs/release/libs/url/) | Provides containers and algorithms which model a URL | Boost Software License 1.0 | 1.85.0 | +| [cjson](https://github.com/DaveGamble/cJSON) | Ultralightweight JSON parser in ANSI C | MIT License | 1.7.17 | +| [curl](https://curl.se/) | A library for transferring data with URLs | curl AND ISC AND BSD-3-Clause | 8.5.0 | +| [fmt](https://fmt.dev/) | A formatting library for C++ | MIT License | 10.2.1 | +| [gtest](https://github.com/google/googletest) | Google's C++ testing framework | BSD-3-Clause | 1.15.2 | +| [jwt-cpp](https://github.com/Thalhammer/jwt-cpp) | C++ library for handling JSON Web Tokens (JWT) | MIT License | 0.7.0 | +| [libarchive](https://www.libarchive.org) | Library for reading and writing streaming archives | 3-Clause New BSD License | 3.7.5 | +| [libdb](https://github.com/yasuhirokimura/db18) | Database management library (Linux only) | AGPL-3.0 | 18.1.40 | +| [libplist](https://libimobiledevice.org/) | A library to handle Apple Property List format (macOS only) | LGPL-2.1-or-later | 2023-06-15#1 | +| [libpopt](https://github.com/rpm-software-management/popt) | Library for parsing command line parameters | MIT License | 1.16#17 | +| [librpm](https://github.com/rpm-software-management/rpm) | RPM package manager (Linux only) | GPL-2.0 | 4.18.2 | +| [nlohmann-json](https://github.com/nlohmann/json) | JSON parsing and serialization library for C++ | MIT License | 3.11.3 | +| [OpenSSL](https://www.openssl.org/) | Toolkit for SSL/TLS protocols | Apache 2.0 and OpenSSL License | 3.3.2 | +| [procps](https://github.com/warmchang/procps) | Utilities for monitoring system processes and resources (Linux only) | GPL-2.0 | 3.3.0 | +| [spdlog](https://github.com/gabime/spdlog) | Fast C++ logging library | MIT License | 1.14.0 | +| [sqlite3](https://sqlite.org/) | Self-contained SQL database engine | Public Domain (no restrictions) | 3.45.0#0 | +| [SQLiteCpp](https://github.com/SRombauts/SQLiteCpp) | C++ wrapper around the SQLite database library | MIT License | 3.3.2 | +| [yaml-cpp](https://github.com/jbeder/yaml-cpp) | YAML parser and emitter for C++ | MIT License | 0.8.0 | +| [zlib](https://www.zlib.net/) | A compression library | Zlib | 1.3.1 | ## License diff --git a/docs/README.md b/docs/README.md index a3596913c1..6b18fd55e1 100644 --- a/docs/README.md +++ b/docs/README.md @@ -8,7 +8,7 @@ This folder contains the technical documentation for the Wazuh Agent. The docume ## Requirements -To work with this documentation, you need **mdBook** installed. For installation instructions, refer to the [mdBook documentation](https://rust-lang.github.io/mdBook/). +Working with this documentation requires **mdBook** to be installed. For installation instructions, refer to the [mdBook documentation](https://rust-lang.github.io/mdBook/). ## Usage diff --git a/docs/dev/README.md b/docs/dev/README.md index e69de29bb2..77d8195331 100644 --- a/docs/dev/README.md +++ b/docs/dev/README.md @@ -0,0 +1,14 @@ +# Wazuh Agent Development Guide + +This guide provides comprehensive, step-by-step instructions for building, testing, and packaging the Wazuh Agent. It covers compiling the source code, generating platform-specific packages, and creating Docker container images, offering all the necessary information to streamline the development process. + +The guide is organized into the following sections: + +- **Setup Environment**: Guide for configuring the development environment ([setup.md](setup.md)) +- **Build Packages**: Step-by-step guide for generating installation packages for various platforms ([build-packages.md](build-packages.md)) +- **Build Image**: Guidelines for building a Docker container image for the agent ([build-image.md](build-image.md)) +- **Build from Sources**: Detailed instructions for compiling the agent directly from its source code ([build-sources.md](build-sources.md)) +- **Run from Sources**: Instructions for running the agent directly from the source code ([run-agent.md](run-agent.md)) +- **Run Tests**: Procedures to execute tests ([run-tests.md](run-tests.md)) + +Follow the instructions in each section to set up your development environment and efficiently build the Wazuh Agent. diff --git a/docs/dev/build-image.md b/docs/dev/build-image.md index 2708f9a459..378723eefc 100644 --- a/docs/dev/build-image.md +++ b/docs/dev/build-image.md @@ -1 +1,83 @@ # Build a Container Image + +This guide describes how to build Docker containers that install the Wazuh Agent from package files. Two container +setups are provided: one for RPM-based systems (RHEL) and another for DEB-based systems (Ubuntu). + +## Prerequisites + +- **Docker:** Ensure Docker is installed and running on your system. +- **Data Directory:** Create a directory named `data` in your working folder and place the corresponding Wazuh Agent package: + - **RPM Container:** Place `wazuh-agent*.rpm` in the `data` folder. + - **DEB Container:** Place `wazuh-agent*.deb` in the `data` folder. + +## RPM-Based Container (RHEL) + +### Dockerfile + +```dockerfile +FROM generic/rhel9 + +# Copy the data directory containing the RPM package +COPY data /tmp/data + +# Install the Wazuh Agent RPM, download and extract mitmproxy, +# and attempt to stop/disable firewalld +RUN rpm -i /tmp/data/wazuh-agent*.rpm && \ + curl -L https://downloads.mitmproxy.org/11.0.0/mitmproxy-11.0.0-linux-x86_64.tar.gz -o /tmp/mitmproxy.tar.gz && \ + tar -zxf /tmp/mitmproxy.tar.gz -C /usr/local/bin && \ + (systemctl stop firewalld || true) && \ + (systemctl disable firewalld || true) + +CMD ["/bin/bash"] +``` + +### Build and Run (RPM Container) + +1. **Build the Image:** + + ```bash + docker build -t rpm-agent . + ``` + +2. **Run the Container with a Custom Hostname:** + + ```bash + docker run --hostname rpm-agent -it rpm-agent + ``` + +## DEB-Based Container (Ubuntu) + +### Dockerfile + +```dockerfile +FROM ubuntu:24.04 + +# Update repositories and install required dependencies +RUN apt-get update && apt-get install -y lsb-release adduser curl + +# Copy the data directory containing the DEB package +COPY data /tmp/data + +# Install the Wazuh Agent DEB package +RUN dpkg -i /tmp/data/wazuh-agent*.deb + +# Download and extract mitmproxy +RUN curl -L https://downloads.mitmproxy.org/11.0.0/mitmproxy-11.0.0-linux-x86_64.tar.gz -o /tmp/mitmproxy.tar.gz && \ + tar -zxf /tmp/mitmproxy.tar.gz -C /usr/local/bin + +CMD ["/bin/bash"] +``` + +### Build and Run (DEB Container) + +1. **Build the Image:** + + ```bash + docker build -t deb-agent . + ``` + +2. **Run the Container with a Custom Hostname:** + + ```bash + docker run --hostname deb-agent -it deb-agent + ``` diff --git a/docs/dev/build-packages.md b/docs/dev/build-packages.md index 308797fed6..63a7840af9 100644 --- a/docs/dev/build-packages.md +++ b/docs/dev/build-packages.md @@ -1 +1,127 @@ # Build Packages + +The script `generate_package.sh` automates the process of building Wazuh Agent packages for various architectures within a Docker container. + +**Features:** + +- Selectable architectures (amd64, x86_64, arm64, aarch64). +- Optional debug builds. +- Generates checksums for built packages. +- Uses local source code or downloads from GitHub. + +**Requirements:** + +- Docker installed and running. + +**Usage:** +``` +wazuh# cd packages +./generate_package.sh [OPTIONS] +``` + +**Options:** + +| Option | Description | Default | +|----------------------------|------------------------------------------------------------------------------------------------------------|-----------------| +| -b, --branch | Select Git branch (optional) | main | +| -a, --architecture | Target architecture of the package [amd64, x86_64, arm64, aarch64] (optional) | | +| -j, --jobs | Change number of parallel jobs when compiling the manager or agent (optional) | 2 | +| -r, --revision | Package revision (optional) | 0 | +| -s, --store | Set the destination path of package (optional). By default, an output folder will be created. | Output folder | +| -p, --path | Installation path for the package (optional) | / | +| -d, --debug | Build the binaries with debug symbols (optional) | no | +| -c, --checksum | Generate checksum on the same directory as the package (optional) | no | +| -e, --entrypoint | Script to execute as entrypoint (optional) | | +| --dont-build-docker | Use locally built docker image instead of generating a new one (optional) | | +| --vcpkg-binary-caching-key | VCPK remote binary caching repository key (optional) | | +| --tag | Tag to use with the docker image (optional) | | +|*--sources | Absolute path containing wazuh source code. Uses local source instead of downloading from GitHub (optional)| Script path | +|**--is_stage | Use release name in package (optional) | | +| --system | Select Package OS [rpm, deb] (optional) | deb | +| --src | Generate the source package in the destination directory (optional) | | +| --future | Build test future package x.30.0 for development purposes (optional) | | +| --verbose | Print commands and their arguments as they are executed (optional) | | +| -h, --help | Show this help | | + +***Note 1:** If we don't use this flag, the script will use the current directory where `generate_package.sh` is located. + +****Note 2:** If the package is not a release package, a short hash commit based on the git command `git rev-parse --short HEAD` will be appended to the end of the name. The default length of the short hash is determined by the Git command [`git rev-parse --short[=length]`](https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength:~:text=interpreted%20as%20usual.-,%2D%2Dshort%5B%3Dlength%5D,-Same%20as%20%2D%2Dverify). + +**Example Usage:** + +1. Build a manager package for amd64 architecture: +``` +./generate_package.sh -a amd64 -s /tmp --system rpm +``` + +2. Build a debug agent package for arm64 architecture with checksum generation: +``` +./generate_package.sh -t agent -a arm64 -s /tmp -d -c --system rpm +``` + +3. Build a package using local Wazuh source code: +``` +./generate_package.sh -a amd64 --sources /path/to/wazuh/source --system rpm +``` + +**Notes:** +- For `--dont-build-docker` to work effectively, ensure a Docker image with the necessary build environment is already available. +- For RPM packages, we use the following architecture equivalences: + * amd64 -> x86_64 + * arm64 -> aarch64 + +# Workflow + +## Generate and push builder images to GH + +```bash +curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_WORKFLOW_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" --data-binary "@$(pwd)/wazuh-agent-test-amd64-rpm.json" "https://api.github.com/repos/wazuh/wazuh-agent/actions/workflows/packages-upload-images.yml/dispatches" +``` + +Where the JSON looks like this: + +```json +{ + "ref":"5.0.0", + "inputs": + { + "tag":"auto", + "architecture":"amd64", + "system":"rpm", + "revision":"test", + "is_stage":"false", + "legacy":"false" + } +} +``` + +## Generate packages + +```bash +curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_WORKFLOW_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" --data-binary "@$(pwd)/wazuh-agent-test-amd64-rpm.json" "https://api.github.com/repos/wazuh/wazuh-agent/actions/workflows/packages-build-linux-agent.yml/dispatches" +``` + +Where the JSON looks like this: +```json +{ + "ref":"5.0.0", + "inputs": + { + "docker_image_tag":"auto", + "architecture":"amd64", + "system":"deb", + "revision":"test", + "is_stage":"false", + "legacy":"false", + "checksum":"false", + } +} +``` + +## Run workflows using GitHub CLI + +Workflows can be executed directly from the command line using the `gh` command instead of `curl`. For example, while in the repository directory, the workflow can be triggered with: + +```bash +gh workflow run packages-build-linux-agent-amd.yml -r enhancement/484-linux-rpmdeb-arm-package-creation -f architecture=arm64 -f source_reference=enhancement/484-linux-rpmdeb-arm-package-creation -f revision=3 -f is_stage=false -f system=rpm -f id=test_arm64_deps -f upload_to=artifact +``` diff --git a/docs/dev/build-sources.md b/docs/dev/build-sources.md index 3a7ed5f7aa..7c093a6dbc 100644 --- a/docs/dev/build-sources.md +++ b/docs/dev/build-sources.md @@ -1,3 +1,56 @@ # Build from Sources -## Build Scripts / Makefiles +## Compilation steps for Linux and macOS + +1. **Clone the Repository** + + First, clone the repository using the following command: + + ```bash + git clone https://github.com/wazuh/wazuh-agent.git + ``` + +2. **Vcpkg** + + The project uses Vcpkg for dependency management. If Vcpkg's repository is already checked out, the configuration process can be slightly accelerated by ensuring that `VCPKG_ROOT` is set to its path. Otherwise, it will be checked out during CMake's configuration phase. + +3. **Configure and Build the Project** + + ```bash + cd wazuh-agent + cmake src -B build + cmake --build build + ``` + +## Compilation steps for Windows + +1. **Clone the Repository** + + First, clone the repository using the following command: + + ```bash + git clone https://github.com/wazuh/wazuh-agent.git + ``` + +2. **Vcpkg** + + The project uses Vcpkg for dependency management. If Vcpkg's repository is already checked out, the configuration process can be slightly accelerated by ensuring that `VCPKG_ROOT` is set to its path. Otherwise, it will be checked out during CMake's configuration phase. + +3. **Configure and Build the Project** + + ```bash + cd wazuh-agent + cmake src -B build -G "Visual Studio 17 2022" -A x64 + cmake --build build + ``` + +## Options + +|Option|Description|Default| +|---|---|---| +|`BUILD_TESTS`|Enable tests compilation|`OFF`| +|`COVERAGE`|Enable coverage report|`OFF`| +|`ENABLE_CLANG_TIDY`|Check code with _clang-tidy_ (requires `clang-tidy-18`) |`ON`| +|`ENABLE_INVENTORY`|Enable Inventory module |`ON`| +|`ENABLE_LOGCOLLECTOR`|Enable Logcollector module|`ON`| + diff --git a/docs/dev/run-agent.md b/docs/dev/run-agent.md index 3e6ea4ba06..037f7283a4 100644 --- a/docs/dev/run-agent.md +++ b/docs/dev/run-agent.md @@ -1 +1,111 @@ # Run from Sources + +## Run the Agent on Linux + +- **To run the agent in the foreground from the CLI** + + The agent can be started and its status checked with: + + ```bash + cd build/ + ./wazuh-agent + ./wazuh-agent --status + ``` + +- **To run the agent as a systemd service** + + Install the agent: + + ```bash + cmake --install build --prefix / + ``` + + Enable the service: + + ```bash + systemctl enable wazuh-agent + ``` + + The agent can be started, stopped, and its status checked using systemctl: + + ```bash + systemctl start wazuh-agent + systemctl stop wazuh-agent + systemctl is-active wazuh-agent + systemctl status wazuh-agent + ``` + +## Run the Agent on macOS + +- **To run the agent in the foreground from the CLI** + + The agent can be started and its status checked with: + + ```bash + cd build/ + ./wazuh-agent + ./wazuh-agent --status + ``` + +- **To run the agent as a launchd service** + + Install the agent: + + ```bash + sudo cmake --install build --prefix / + ``` + + Load the service: + + ```bash + sudo launchctl bootstrap system /Library/LaunchDaemons/com.wazuh.agent.plist + ``` + + > This command has superseeded `load` in the legacy syntax. The daemon will run after load as indicated + in the property list file. + + Unload the service: + + ```bash + sudo launchctl bootout system /Library/LaunchDaemons/com.wazuh.agent.plist + ``` + + > This command has superseeded `unload` in the legacy syntax. + + Verify the service is running: + + ```bash + sudo launchctl print system/com.wazuh.agent + ``` + +## Run the Agent on Windows + +- **To run the agent in the foreground from the CLI** + + The agent can be started and its status checked with: + + ```bash + .\wazuh-agent + .\wazuh-agent --status + ``` + +- **To run the agent as a Windows service** + + ```bash + .\wazuh-agent --install-service + ``` + + The agent service can be started, stopped, or restarted from the CLI: + + ```bash + net start "Wazuh Agent" + net stop "Wazuh Agent" + ``` + + > This can also be done using Windows SCM. + + To remove the service: + + ```bash + .\wazuh-agent --remove-service + ``` diff --git a/docs/dev/run-tests.md b/docs/dev/run-tests.md index 657987466d..19bf400442 100644 --- a/docs/dev/run-tests.md +++ b/docs/dev/run-tests.md @@ -1 +1,33 @@ # Run Tests + +## Compilation steps for Linux and macOS + +1. **Configure and Build the Project** + + ```bash + cd wazuh-agent + cmake src -B build -DBUILD_TESTS=1 + cmake --build build + ``` + +2. **Run tests** + + ```bash + ctest --test-dir build --output-log build + ``` + +## Compilation steps for Windows + +1. **Configure and Build the Project** + + ```bash + cd wazuh-agent + cmake src -B build -DBUILD_TESTS=1 -G "Visual Studio 17 2022" -A x64 + cmake --build build --config RelWithDebInfo + ``` + +2. **Run tests** + + ```bash + ctest -C RelWithDebInfo --test-dir build --output-log build + ``` diff --git a/docs/dev/setup.md b/docs/dev/setup.md index 34725e5b6a..c47309955b 100644 --- a/docs/dev/setup.md +++ b/docs/dev/setup.md @@ -1,4 +1,85 @@ # Set up the Development Environment +## Dependencies + +The following dependencies are required for building this project: + +- **Git** +- **CMake** at least 3.22 +- **C++ compiler** (GCC 10 or Clang 13, coroutines support needed) +- **Vcpkg** + - **Zip** (for [vcpkg](https://vcpkg.io)) + - **Unzip** (for [vcpkg](https://vcpkg.io)) + - **Curl** (for [vcpkg](https://vcpkg.io)) + - **Tar** (for [vcpkg](https://vcpkg.io)) + - **Ninja-build** (for [vcpkg](https://vcpkg.io)) +- Plus some additional packages listed below. + +## **Installing Dependencies on Debian** + +To install the necessary dependencies on a Debian-based system, run the following commands: + +```bash +sudo apt-get update +sudo apt-get install cmake make g++ gcc git zip unzip curl tar ninja-build pkg-config wget lsb-release libsystemd-dev autopoint autoconf libtool gettext +``` + +## **Installing Dependencies on macOS** + +To install the necessary dependencies on macOS, run the following commands: + +1. **Install brew** + ```bash + /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + ``` + +2. **Install dependencies** + ```bash + brew install automake autoconf libtool cmake pkg-config openssl + ``` + +## **Installing Dependencies on Windows** + +To install the necessary dependencies on Windows, run the following commands: + +1. **Visual Studio Community 2022 (with MSVC 14)** + +2. **Install chocolatey** + ```bash + Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) + ``` + +3. **Install dependencies** + ```bash + choco install make + choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' + choco install openssl + ``` + ## Set up the Toolchain + +In addition to the requirements listed above, our development process mandates the use of +`clang-format` and `clang-tidy`, with checks integrated into our CI pipelines. + +On Linux, these tools can be installed with the following commands: + +```bash +wget https://apt.llvm.org/llvm.sh +chmod +x llvm.sh +sudo ./llvm.sh 18 +sudo apt-get update +sudo apt-get install -y clang-tidy-18 clang-format-18 +``` + +Additionally, it is possible to check out Vcpkg to a separate path and use that instance for builds: + +```bash +git clone https://github.com/microsoft/vcpkg.git +cd vcpkg +./bootstrap-vcpkg.sh +export VCPKG_ROOT=$(pwd) +``` + ## Set up Editor / Debugger + +Any editor and debugger can be used, except on Windows, where it is listed as a dependency because it is required to build the solution correctly. diff --git a/docs/diag/diagnostic.md b/docs/diag/diagnostic.md index 975a4b3dd9..79b71a0d19 100644 --- a/docs/diag/diagnostic.md +++ b/docs/diag/diagnostic.md @@ -39,7 +39,7 @@ To gather the configuration file, locate the following file: - /etc/wazuh-agent/wazuh-agent.yml -Copy this filee for analysis. +Copy this file for analysis. #### macOS @@ -47,7 +47,7 @@ To gather the configuration file, locate the following file: - /Library/Application Support/wazuh-agent/etc/wazuh-agent.yml -Copy this filee for analysis. +Copy this file for analysis. #### Windows @@ -55,7 +55,7 @@ To gather the configuration file, locate the following file: - C:\\ProgramData\\wazuh-agent\\etc\\wazuh.yml -Copy this filee for analysis. +Copy this file for analysis. ### Logs diff --git a/docs/ref/configuration.md b/docs/ref/configuration.md index c9c48574bb..4775821cce 100644 --- a/docs/ref/configuration.md +++ b/docs/ref/configuration.md @@ -1,6 +1,85 @@ # Configuration -## Logcollector Module +## Environment variables + +The only available environment variable is `SPDLOG_LEVEL`. This variable controls the logging level of the application. + +### Possible values +The `SPDLOG_LEVEL` variable can be set to any of the following values, corresponding to the log levels in `spdlog`: + +- `trace` +- `debug` +- `info` +- `warn` +- `err` +- `critical` + +### Example usage + +To run `wazuh-agent` with a specific log level, use the following command: + + ```bash + sudo SPDLOG_LEVEL=debug ./wazuh-agent + ``` + +This will start the `wazuh-agent` process with `debug` level logging, allowing for detailed debugging output. + +## Command line options + +| Option | Description | Default | +| --------------------- | ------------------------------------------------------------------------------------------------------ | -------- | +| `--help` | Display help menu | N/A | +| `--run` | Run agent in foreground (this is the default behavior) | N/A | +| `--status` | Check if the agent is running (running or stopped) | N/A | +| `--config-file` | Path to the Wazuh configuration file (optional) | N/A | +| `--register-agent` | Use this option to register as a new agent | N/A | +| `--url` | URL of the server management API | N/A | +| `--user` | User to authenticate with the server management API | N/A | +| `--password` | Password to authenticate with the server management API | N/A | +| `--key` | Key to register the agent (optional) | N/A | +| `--name` | Name to register the agent (optional) | N/A | +| `--verification-mode` | Verification mode to be applied on HTTPS connection to the server (full, certificate, none) (optional) | N/A | + +## Configuration file + +The `wazuh-agent.yml` configuration file contains the following sections that can be configured: + +### Agent + +```yaml +agent: + thread_count: 4 + server_url: https://localhost:27000 + retry_interval: 30s + verification_mode: none + path.data: "/var/lib/wazuh-agent" + path.run: "/var/run" + queue_size: 10000 +``` + +| Mandatory | Option | Description | Default | +| :-------: | ------------------- | ----------------------------------------------------------------- | ------------------------- | +| | `thread_count` | Number of worker threads | 4 | +| | `server_url` | URL of the server | `https://localhost:27000` | +| | `retry_interval` | Interval to retry connection | 30s | +| | `verification_mode` | Verification mode for HTTPS connections (full, certificate, none) | none | +| | `path.data` | Path to store agent data | `/var/lib/wazuh-agent` | +| | `path.run` | Path to store runtime files | `/var/run` | +| | `queue_size` | Size of the event queue (min: 1000, max: 3600000) | 10000 | + +### Events + +```yaml +events: + batch_interval: 10s + batch_size: 1MB +``` +| Mandatory | Option | Description | Default | +| :-------: | ---------------- | ---------------------------------------------- | ------- | +| | `batch_interval` | Agent batch interval (min: 1000, max: 3600000) | 10s | +| | `batch_size` | Agent batch size (min: 1000B, max: 100000000B) | 1MB | + +### Logcollector Module ```yaml logcollector: @@ -23,8 +102,75 @@ logcollector: type: trace,activity,log ``` -### Reference +#### Global Configuration + +| Mandatory | Option | Description | Default | +| :-------: | ----------------- | -------------------------------------------------- | ------- | +| | `enabled` | Sets the module as enabled | true | +| | `reload_interval` | Interval to reload configuration | 1m | +| | `read_interval` | Interval to read logs | 500ms | +| | `localfiles` | Configuration related to local file log readers | N/A | +| | `journald` | Configuration related to journald log readers | N/A | +| | `windows` | Configuration related to Windows event log readers | N/A | +| | `macos` | Configuration related to macOS log readers | N/A | + +#### Localfiles Configuration + +| Mandatory | Option | Description | Default | +| :-------: | --------- | ------------------------ | ------- | +| ✅ | `location` | Path to local log files | N/A | + +#### Journald Configuration + +| Mandatory | Option | Description | Default | +| :-------: | ------------------- | -------------------------------- | --------------- | +| ✅ | `field` | Journald field to filter | N/A | +| ✅ | `value` | Expected value for the field | N/A | +| | `exact_match` | Whether the match must be exact | true | +| | `ignore_if_missing` | Ignore entry if field is missing | false | + +#### Windows Configuration + +| Mandatory | Option | Description | Default | +| :-------: | --------- | ------------------------- | ------- | +| ✅ | `channel` | Windows event log channel | N/A | +| ✅ | `query` | Windows event log query | N/A | + +#### macOS Configuration + +| Mandatory | Option | Description | Default | +| :-------: | ------- | --------------------------------------------------- | ------- | +| ✅ | `query` | macOS log query | N/A | +| ✅ | `level` | macOS log level (Debug, Info, Notice, Error, Fault) | N/A | +| ✅ | `type` | macOS log types (trace, activity, log) | N/A | + +### Inventory Module + +```yaml +inventory: + enabled: true + interval: 1h + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: false + processes: false + hotfixes: true +``` -| Mandatory | Option | Description | Default | -| :-------: | --------- | -------------------------- | ------- | -| | `enabled` | Sets the module as enabled | yes | +| Mandatory | Option | Description | Default | +| :-------: | --------------- | --------------------------------------------------------------------------------------- | ------- | +| | `enabled` | Sets the module as enabled | true | +| | `interval` | Specifies the time between system scans | 1h | +| | `scan_on_start` | Initiates a system scan immediately after start the wazuh-agent service on the endpoint | true | +| | `hardware` | Enables the hardware scan | true | +| | `system` | Enables the system scan | true | +| | `networks` | Enables the network scan | true | +| | `packages` | Enables the package scan | true | +| | `ports` | Enables the port scan | true | +| | `ports_all` | Enables the all ports scan or only listening ports | false | +| | `processes` | Enables the process scan | false | +| | `hotfixes` | Enables the hotfix scan | true | diff --git a/docs/ref/getting-started/installation.md b/docs/ref/getting-started/installation.md index 25267fe2b7..5d1e8a0be4 100644 --- a/docs/ref/getting-started/installation.md +++ b/docs/ref/getting-started/installation.md @@ -1 +1,31 @@ # Installation + +## Install the Agent on Linux + +- DEB + + ```bash + sudo dpkg -i wazuh-agent_5.0.0.deb + ``` + +- RPM + + ```bash + sudo rpm -i wazuh-agent_5.0.0.rpm + ``` + +## Install the Agent on macOS + +- PKG + + ```bash + sudo installer -pkg wazuh-agent_5.0.0.pkg -target / + ``` + +## Install the Agent on Windows + +- MSI + + ```bash + .\wazuh-agent_5.0.0.msi /q + ``` diff --git a/docs/ref/modules/inventory/README.md b/docs/ref/modules/inventory/README.md index 9f17426d57..88e59a7c8e 100644 --- a/docs/ref/modules/inventory/README.md +++ b/docs/ref/modules/inventory/README.md @@ -4,22 +4,7 @@ The **Inventory** module is responsible for collecting and storing detailed information about the system's configuration, hardware, installed software packages, running processes, active network ports, and network interfaces. The data is structured into multiple tables, making it easy to query and analyze. ---- -## Reference -| Mandatory | Option | Description | Default | -| :-------: | ----------------| -------------------------------------------------- | ------- | -| | `enabled` | Sets the module as enabled | yes | -| | `interval` | Specifies the time between system scans | 1h | -| | `scan_on_start` | Initiates a system scan immediately after restart the wazuh-agent service on the endpoint | true | -| | `hardware` | Enables the hardware scan | true | -| | `system` | Enables the system scan | true | -| | `networks` | Enables the network scan | true | -| | `packages` | Enables the package scan | true | -| | `ports` | Enables the port scan | true | -| | `ports_all` | Enables the all ports scan or only listening ports | false | -| | `processes` | Enables the process scan | false | -| | `hotfixes` | Enables the hotfix scan | true | - +## Configuration ```yaml inventory: @@ -35,237 +20,17 @@ inventory: processes: false hotfixes: true ``` ---- -## Tables - -### System Table - -```sql -CREATE TABLE system ( - hostname TEXT, - architecture TEXT, - os_name TEXT, - os_version TEXT, - os_codename TEXT, - os_build TEXT, - os_platform TEXT, - sysname TEXT, - PRIMARY KEY (os_name) -) WITHOUT ROWID; -``` - -This table stores information about the operating system and system architecture. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | ------------- | ------ | ---------------------------- | -------------------- | --------- | -| ✔️ | `os_name` | TEXT | Name of the operating system.| `host.os.name` | keyword | -| | `hostname` | TEXT | Hostname of the machine. | `host.hostname` | keyword | -| | `architecture`| TEXT | System architecture. | `host.architecture` | keyword | -| | `os_version` | TEXT | Version of the operating system. | `host.os.version` | keyword | -| | `os_codename` | TEXT | Codename of the operating system. | `host.os.full` | keyword | -| | `os_build` | TEXT | OS build identifier. | `host.os.kernel` | keyword | -| | `os_platform` | TEXT | Platform type. | `host.os.platform` | keyword | -| | `sysname` | TEXT | System name. | `host.os.type` | keyword | - -### Hardware Table - -```sql -CREATE TABLE hardware ( - board_serial TEXT, - cpu_name TEXT, - cpu_cores INTEGER, - cpu_mhz INTEGER, - ram_total INTEGER, - ram_free INTEGER, - ram_usage INTEGER, - PRIMARY KEY (board_serial) -) WITHOUT ROWID; -``` - -This table stores information about the system hardware. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | -------------- | ------- | ------------------------------- | -------------------------------- | --------- | -| ✔️ | `board_serial` | TEXT | Serial number of the motherboard. | `observer.serial_number` | keyword | -| | `cpu_name` | TEXT | Name of the CPU. | `host.cpu.name` | keyword | -| | `cpu_cores` | INTEGER | Number of CPU cores. | `host.cpu.cores` | long | -| | `cpu_mhz` | INTEGER | CPU speed in MHz. | `host.cpu.speed` | long | -| | `ram_total` | INTEGER | Total RAM in bytes. | `host.memory.total` | long | -| | `ram_free` | INTEGER | Free RAM in bytes. | `host.memory.free` | long | -| | `ram_usage` | INTEGER | RAM usage as a percentage. | `host.memory.used.percentage` | long | - -### Hotfixes Table - -```sql -CREATE TABLE hotfixes ( - hotfix TEXT, - PRIMARY KEY (hotfix) -) WITHOUT ROWID; -``` - -This table stores information about system hotfixes. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | -------- | ---- | ------------------- | ------- | ------- | -| ✔️ | `hotfix` | TEXT | Hotfix identifier. | `package.hotfix.name` | keyword | - -### Packages Table - -```sql -CREATE TABLE packages ( - name TEXT, - version TEXT, - install_time TEXT, - location TEXT, - architecture TEXT, - description TEXT, - size BIGINT, - format TEXT, - PRIMARY KEY (name, version, architecture, format, location) -) WITHOUT ROWID; -``` - -This table stores information about installed software packages. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | -------------- | --------- | ---------------------------------------- | -------------------- | --------- | -| ✔️ | `name` | TEXT | Name of the package. | `package.name` | keyword | -| ✔️ | `version` | TEXT | Version of the package. | `package.version` | keyword | -| ✔️ | `architecture` | TEXT | Architecture of the package. | `package.architecture` | keyword | -| ✔️ | `format` | TEXT | Format of the package. | `package.type` | keyword | -| ✔️ | `location` | TEXT | Installation location. | `package.path` | keyword | -| | `install_time` | TEXT | Installation timestamp. | `package.installed` | date | -| | `description` | TEXT | Description of the package. | `package.description` | keyword | -| | `size` | INTEGER | Size of the package in bytes. | `package.size` | long | - -### Processes Table - -```sql -CREATE TABLE processes ( - pid TEXT, - name TEXT, - ppid BIGINT, - cmd TEXT, - argvs TEXT, - euser TEXT, - ruser TEXT, - suser TEXT, - egroup TEXT, - rgroup TEXT, - sgroup TEXT, - start_time BIGINT, - tgid BIGINT, - tty BIGINT, - PRIMARY KEY (pid) -) WITHOUT ROWID; -``` - -This table stores information about running processes. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | ------------ | ------ | ---------------------------------- | -------------------- | ------- | -| ✔️ | `pid` | TEXT | Process ID. | `process.pid` | long | -| | `name` | TEXT | Name of the process. | `process.name` | keyword | -| | `ppid` | BIGINT | Parent process ID. | `process.parent.pid` | long | -| | `cmd` | TEXT | Command used to start the process.| `process.command_line` | wildcard | -| | `argvs` | TEXT | Command-line arguments. | `process.args` | keyword | -| | `euser` | TEXT | Effective user of the process. | `process.user.id` | keyword | -| | `ruser` | TEXT | Real user of the process. | `process.real_user.id` | keyword | -| | `suser` | TEXT | Saved user of the process. | `process.saved_user.id` | keyword | -| | `egroup` | TEXT | Effective group of the process. | `process.group.id` | keyword | -| | `rgroup` | TEXT | Real group of the process. | `process.real_group.id` | keyword | -| | `sgroup` | TEXT | Saved group of the process. | `process.saved_group.id` | keyword | -| | `start_time` | BIGINT | Start time in epoch format. | `process.start` | date | -| | `tgid` | BIGINT | Thread group ID. | `process.thread.id` | long | -| | `tty` | BIGINT | Terminal ID. | `process.tty.char_device.major` | long | - -### Ports Table - -```sql -CREATE TABLE ports ( - protocol TEXT, - local_ip TEXT, - local_port BIGINT, - remote_ip TEXT, - remote_port BIGINT, - tx_queue BIGINT, - rx_queue BIGINT, - inode BIGINT, - state TEXT, - pid BIGINT, - process TEXT, - PRIMARY KEY (inode, protocol, local_ip, local_port) -) WITHOUT ROWID; -``` - -This table stores information about active network ports. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | ------------ | ------ | ----------------------------------- | ------- | ------- | -| ✔️ | `inode` | BIGINT | Inode of the socket. | `file.inode` | long | -| ✔️ | `protocol` | TEXT | Protocol. | `network.protocol` | keyword | -| ✔️ | `local_ip` | TEXT | Local IP address. | `source.ip` | ip | -| ✔️ | `local_port` | BIGINT | Local port number. | `source.port` |long | -| | `remote_ip` | TEXT | Remote IP address. | `destination.ip` | ip | -| | `remote_port`| BIGINT | Remote port number. | `destination.port` | long | -| | `tx_queue` | BIGINT | Transmit queue size. | `host.network.egress.queue` | long | -| | `rx_queue` | BIGINT | Receive queue size. | `host.network.ingress.queue` | long | -| | `state` | TEXT | State of the connection. | `interface.state` | keyword | -| | `pid` | BIGINT | Process ID associated with the port.| `process.pid` | long | -| | `process` | TEXT | Name of the associated process. | `process.name` | keyword | - -### Networks Table - -```sql -CREATE TABLE networks ( - iface TEXT, - adapter TEXT, - iface_type TEXT, - state TEXT, - mtu BIGINT, - mac TEXT, - tx_packets INTEGER, - rx_packets INTEGER, - tx_bytes BIGINT, - rx_bytes BIGINT, - tx_errors INTEGER, - rx_errors INTEGER, - tx_dropped INTEGER, - rx_dropped INTEGER, - proto_type TEXT, - gateway TEXT, - dhcp TEXT, - metric TEXT, - address TEXT, - netmask TEXT, - broadcast TEXT, - PRIMARY KEY (iface, adapter, iface_type, proto_type, address) -) WITHOUT ROWID; -``` - -This table stores information about network interfaces. - -| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | -| :-------: | ------------ | ------- | ------------------------------- | ------- | ------- | -| ✔️ | `iface` | TEXT | Interface name. | `observer.ingress.interface.name` | keyword | -| ✔️ | `adapter` | TEXT | Adapter name. | `observer.ingress.interface.alias` | keyword | -| ✔️ | `iface_type` | TEXT | Interface type. | `interface.type`| keyword | -| ✔️ | `proto_type` | TEXT | Protocol type. | `network.type` | keyword | -| ✔️ | `address` | TEXT | IP address. | `host.ip` | ip | -| | `mac` | TEXT | MAC address. | `host.mac` | keyword | -| | `tx_packets` | INTEGER | Transmitted packets. | `host.network.egress.packets` | long | -| | `rx_packets` | INTEGER | Received packets. | `host.network.ingress.packets` | long | -| | `tx_bytes` | BIGINT | Transmitted bytes. | `host.network.egress.bytes` | long | -| | `rx_bytes` | BIGINT | Received bytes. | `host.network.ingress.bytes` | long | -| | `tx_errors` | INTEGER | Transmission errors. | `host.network.egress.errors` | long | -| | `rx_errors` | INTEGER | Reception errors. | `host.network.ingress.errors` | long | -| | `tx_dropped` | INTEGER | Transmission errors. | `host.network.egress.drops` | long | -| | `rx_dropped` | INTEGER | Reception errors. | `host.network.ingress.drops` | long | -| | `mtu` | BIGINT | Maximum transmission unit. | `interface.mtu` | long | -| | `state` | TEXT | State of the interface. | `interface.state` | keyword | -| | `broadcast` | TEXT | Broadcast address. | `network.broadcast` | ip | -| | `dhcp` | TEXT | DHCP status. | `network.dhcp` | keyword | -| | `gateway` | TEXT | Gateway address. | `network.gateway` | ip | -| | `metric` | TEXT | Metric of the network protocol.| `network.metric` | keyword | -| | `netmask` | TEXT | Subnet mask. | `network.netmask` | ip | +| Mandatory | Option | Description | Default | +| :-------: | --------------- | --------------------------------------------------------------------------------------- | ------- | +| | `enabled` | Sets the module as enabled | yes | +| | `interval` | Specifies the time between system scans | 1h | +| | `scan_on_start` | Initiates a system scan immediately after start the wazuh-agent service on the endpoint | true | +| | `hardware` | Enables the hardware scan | true | +| | `system` | Enables the system scan | true | +| | `networks` | Enables the network scan | true | +| | `packages` | Enables the package scan | true | +| | `ports` | Enables the port scan | true | +| | `ports_all` | Enables the all ports scan or only listening ports | false | +| | `processes` | Enables the process scan | false | +| | `hotfixes` | Enables the hotfix scan | true | diff --git a/docs/ref/modules/inventory/architecture.md b/docs/ref/modules/inventory/architecture.md index c79bec1ac6..96aa4e22c1 100644 --- a/docs/ref/modules/inventory/architecture.md +++ b/docs/ref/modules/inventory/architecture.md @@ -1 +1,234 @@ # Architecture + +## Tables + +### System Table + +```sql +CREATE TABLE system ( + hostname TEXT, + architecture TEXT, + os_name TEXT, + os_version TEXT, + os_codename TEXT, + os_build TEXT, + os_platform TEXT, + sysname TEXT, + PRIMARY KEY (os_name) +) WITHOUT ROWID; +``` + +This table stores information about the operating system and system architecture. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | ------------- | ------ | ---------------------------- | -------------------- | --------- | +| ✔️ | `os_name` | TEXT | Name of the operating system.| `host.os.name` | keyword | +| | `hostname` | TEXT | Hostname of the machine. | `host.hostname` | keyword | +| | `architecture`| TEXT | System architecture. | `host.architecture` | keyword | +| | `os_version` | TEXT | Version of the operating system. | `host.os.version` | keyword | +| | `os_codename` | TEXT | Codename of the operating system. | `host.os.full` | keyword | +| | `os_build` | TEXT | OS build identifier. | `host.os.kernel` | keyword | +| | `os_platform` | TEXT | Platform type. | `host.os.platform` | keyword | +| | `sysname` | TEXT | System name. | `host.os.type` | keyword | + +### Hardware Table + +```sql +CREATE TABLE hardware ( + board_serial TEXT, + cpu_name TEXT, + cpu_cores INTEGER, + cpu_mhz INTEGER, + ram_total INTEGER, + ram_free INTEGER, + ram_usage INTEGER, + PRIMARY KEY (board_serial) +) WITHOUT ROWID; +``` + +This table stores information about the system hardware. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | -------------- | ------- | ------------------------------- | -------------------------------- | --------- | +| ✔️ | `board_serial` | TEXT | Serial number of the motherboard. | `observer.serial_number` | keyword | +| | `cpu_name` | TEXT | Name of the CPU. | `host.cpu.name` | keyword | +| | `cpu_cores` | INTEGER | Number of CPU cores. | `host.cpu.cores` | long | +| | `cpu_mhz` | INTEGER | CPU speed in MHz. | `host.cpu.speed` | long | +| | `ram_total` | INTEGER | Total RAM in bytes. | `host.memory.total` | long | +| | `ram_free` | INTEGER | Free RAM in bytes. | `host.memory.free` | long | +| | `ram_usage` | INTEGER | RAM usage as a percentage. | `host.memory.used.percentage` | long | + +### Hotfixes Table + +```sql +CREATE TABLE hotfixes ( + hotfix TEXT, + PRIMARY KEY (hotfix) +) WITHOUT ROWID; +``` + +This table stores information about system hotfixes. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | -------- | ---- | ------------------- | ------- | ------- | +| ✔️ | `hotfix` | TEXT | Hotfix identifier. | `package.hotfix.name` | keyword | + +### Packages Table + +```sql +CREATE TABLE packages ( + name TEXT, + version TEXT, + install_time TEXT, + location TEXT, + architecture TEXT, + description TEXT, + size BIGINT, + format TEXT, + PRIMARY KEY (name, version, architecture, format, location) +) WITHOUT ROWID; +``` + +This table stores information about installed software packages. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | -------------- | --------- | ---------------------------------------- | -------------------- | --------- | +| ✔️ | `name` | TEXT | Name of the package. | `package.name` | keyword | +| ✔️ | `version` | TEXT | Version of the package. | `package.version` | keyword | +| ✔️ | `architecture` | TEXT | Architecture of the package. | `package.architecture` | keyword | +| ✔️ | `format` | TEXT | Format of the package. | `package.type` | keyword | +| ✔️ | `location` | TEXT | Installation location. | `package.path` | keyword | +| | `install_time` | TEXT | Installation timestamp. | `package.installed` | date | +| | `description` | TEXT | Description of the package. | `package.description` | keyword | +| | `size` | INTEGER | Size of the package in bytes. | `package.size` | long | + +### Processes Table + +```sql +CREATE TABLE processes ( + pid TEXT, + name TEXT, + ppid BIGINT, + cmd TEXT, + argvs TEXT, + euser TEXT, + ruser TEXT, + suser TEXT, + egroup TEXT, + rgroup TEXT, + sgroup TEXT, + start_time BIGINT, + tgid BIGINT, + tty BIGINT, + PRIMARY KEY (pid) +) WITHOUT ROWID; +``` + +This table stores information about running processes. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | ------------ | ------ | ---------------------------------- | -------------------- | ------- | +| ✔️ | `pid` | TEXT | Process ID. | `process.pid` | long | +| | `name` | TEXT | Name of the process. | `process.name` | keyword | +| | `ppid` | BIGINT | Parent process ID. | `process.parent.pid` | long | +| | `cmd` | TEXT | Command used to start the process.| `process.command_line` | wildcard | +| | `argvs` | TEXT | Command-line arguments. | `process.args` | keyword | +| | `euser` | TEXT | Effective user of the process. | `process.user.id` | keyword | +| | `ruser` | TEXT | Real user of the process. | `process.real_user.id` | keyword | +| | `suser` | TEXT | Saved user of the process. | `process.saved_user.id` | keyword | +| | `egroup` | TEXT | Effective group of the process. | `process.group.id` | keyword | +| | `rgroup` | TEXT | Real group of the process. | `process.real_group.id` | keyword | +| | `sgroup` | TEXT | Saved group of the process. | `process.saved_group.id` | keyword | +| | `start_time` | BIGINT | Start time in epoch format. | `process.start` | date | +| | `tgid` | BIGINT | Thread group ID. | `process.thread.id` | long | +| | `tty` | BIGINT | Terminal ID. | `process.tty.char_device.major` | long | + +### Ports Table + +```sql +CREATE TABLE ports ( + protocol TEXT, + local_ip TEXT, + local_port BIGINT, + remote_ip TEXT, + remote_port BIGINT, + tx_queue BIGINT, + rx_queue BIGINT, + inode BIGINT, + state TEXT, + pid BIGINT, + process TEXT, + PRIMARY KEY (inode, protocol, local_ip, local_port) +) WITHOUT ROWID; +``` + +This table stores information about active network ports. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | ------------ | ------ | ----------------------------------- | ------- | ------- | +| ✔️ | `inode` | BIGINT | Inode of the socket. | `file.inode` | long | +| ✔️ | `protocol` | TEXT | Protocol. | `network.protocol` | keyword | +| ✔️ | `local_ip` | TEXT | Local IP address. | `source.ip` | ip | +| ✔️ | `local_port` | BIGINT | Local port number. | `source.port` |long | +| | `remote_ip` | TEXT | Remote IP address. | `destination.ip` | ip | +| | `remote_port`| BIGINT | Remote port number. | `destination.port` | long | +| | `tx_queue` | BIGINT | Transmit queue size. | `host.network.egress.queue` | long | +| | `rx_queue` | BIGINT | Receive queue size. | `host.network.ingress.queue` | long | +| | `state` | TEXT | State of the connection. | `interface.state` | keyword | +| | `pid` | BIGINT | Process ID associated with the port.| `process.pid` | long | +| | `process` | TEXT | Name of the associated process. | `process.name` | keyword | + +### Networks Table + +```sql +CREATE TABLE networks ( + iface TEXT, + adapter TEXT, + iface_type TEXT, + state TEXT, + mtu BIGINT, + mac TEXT, + tx_packets INTEGER, + rx_packets INTEGER, + tx_bytes BIGINT, + rx_bytes BIGINT, + tx_errors INTEGER, + rx_errors INTEGER, + tx_dropped INTEGER, + rx_dropped INTEGER, + proto_type TEXT, + gateway TEXT, + dhcp TEXT, + metric TEXT, + address TEXT, + netmask TEXT, + broadcast TEXT, + PRIMARY KEY (iface, adapter, iface_type, proto_type, address) +) WITHOUT ROWID; +``` + +This table stores information about network interfaces. + +| Mandatory | Column | Data Type | Description | ECS | ECS Data Type | +| :-------: | ------------ | ------- | ------------------------------- | ------- | ------- | +| ✔️ | `iface` | TEXT | Interface name. | `observer.ingress.interface.name` | keyword | +| ✔️ | `adapter` | TEXT | Adapter name. | `observer.ingress.interface.alias` | keyword | +| ✔️ | `iface_type` | TEXT | Interface type. | `interface.type`| keyword | +| ✔️ | `proto_type` | TEXT | Protocol type. | `network.type` | keyword | +| ✔️ | `address` | TEXT | IP address. | `host.ip` | ip | +| | `mac` | TEXT | MAC address. | `host.mac` | keyword | +| | `tx_packets` | INTEGER | Transmitted packets. | `host.network.egress.packets` | long | +| | `rx_packets` | INTEGER | Received packets. | `host.network.ingress.packets` | long | +| | `tx_bytes` | BIGINT | Transmitted bytes. | `host.network.egress.bytes` | long | +| | `rx_bytes` | BIGINT | Received bytes. | `host.network.ingress.bytes` | long | +| | `tx_errors` | INTEGER | Transmission errors. | `host.network.egress.errors` | long | +| | `rx_errors` | INTEGER | Reception errors. | `host.network.ingress.errors` | long | +| | `tx_dropped` | INTEGER | Transmission errors. | `host.network.egress.drops` | long | +| | `rx_dropped` | INTEGER | Reception errors. | `host.network.ingress.drops` | long | +| | `mtu` | BIGINT | Maximum transmission unit. | `interface.mtu` | long | +| | `state` | TEXT | State of the interface. | `interface.state` | keyword | +| | `broadcast` | TEXT | Broadcast address. | `network.broadcast` | ip | +| | `dhcp` | TEXT | DHCP status. | `network.dhcp` | keyword | +| | `gateway` | TEXT | Gateway address. | `network.gateway` | ip | +| | `metric` | TEXT | Metric of the network protocol.| `network.metric` | keyword | +| | `netmask` | TEXT | Subnet mask. | `network.netmask` | ip | \ No newline at end of file diff --git a/docs/ref/modules/logcollector/README.md b/docs/ref/modules/logcollector/README.md index 9aaf2868f4..edf5d61b41 100644 --- a/docs/ref/modules/logcollector/README.md +++ b/docs/ref/modules/logcollector/README.md @@ -2,17 +2,17 @@ ## Introduction -Logcollector is the agent module that adds the ability to collect system logs, +**Logcollector** is the agent module that adds the ability to collect system logs, both by reading plain text files and by collecting messages from the operating system API. -### Reference +## Configuration | Mandatory | Option | Description | Default | | :-------: | --------- | -------------------------- | ------- | | | `enabled` | Sets the module as enabled | yes | -#### File Collector +### File Collector ```yaml logcollector: @@ -31,13 +31,12 @@ The File collector handles plain-text log files. It needs a file path to work. | | read_interval | Time in milliseconds to recheck for available logs | 500 | | ✔️ | localfiles | Vector of file paths to monitor | | - ```json {"collector":"file","module":"logcollector"} {"event":{"created":"2025-01-22T21:45:01.916Z","original":"2025-01-22T18:45:01.555243-03:00 box CRON[23505]: pam_unix(cron:session): session closed for user root"},"log":{"file":{"path":"/var/log/auth.log"}}} ``` -#### Journald Collector +### Journald Collector ```yaml logcollector: @@ -84,7 +83,7 @@ This collector gets logs from Journald on Linux. It needs a field and a value to | | journald.ignore_if_missing | Boolean to ignore the filtering condition for logs without the specified field | false | | | journald.conditions | Vector of journald fields to filter to be applied simultaneously | | -#### Windows Collector +### Windows Collector ```yaml logcollector: @@ -110,7 +109,7 @@ This collector gets logs from the Windows Event Viewer. It needs a channel and a | ✔️ | windows.channel | Channel name to be used for subscription | | | ✔️ | windows.query | Query to apply to the channel | | -#### macOS (ULS) Collector +### macOS (ULS) Collector ```yaml logcollector: @@ -144,72 +143,3 @@ This collector gets logs from macOS through the Unified Logging System. It needs | ✔️ | macos.level | Log verbosity level: debug, info, notice, error or fault | | | ✔️ | macos.type | Limits the log type; possible values (combinable): activity, log, trace | | -## Class Diagram - -```mermaid -classDiagram - class ModuleWrapper - class Logcollector { - - context : io_context - - m_readers : MultiTypeQueue - + Start() - + Setup(ConfigurationParser) - + Stop() - + ExecuteCommand(CommandResult(string)) - + SetPushMessageFunction(std::function) - + SendMessage() - + EnqueueTask() - + AddReader() - + Wait() - } - class IReader { - - logcollector - + Run() - + Stop() - } - class FileReader { - - pattern : string - - fileWait : int - - reloadInterval : int - + FileReader(pattern, fileWait, reloadInterval) - + Run() - + Stop() - - Reload() - } - class LocalFile { - - filename : string - + LocalFile(filename) - } - class JournaldReader { - - filters : list - - ignoreIfMissing : bool - - fileWait : int - + JournaldReader(filters, ignoreIfMissing, fileWait) - + Run() - + Stop() - } - class WindowsEventTracerReader { - - channel : string - - query : string - - refreshInterval : int - + WindowsEventTracerReader(channel, query, refreshInterval) - + Run() - + Stop() - } - class MacosReader { - - query : string - - logLevel : string - - logTypes : list - - fileWait : int - + MacosReader(query, logLevel, logTypes, fileWait) - + Run() - + Stop() - } - ModuleWrapper <-- Logcollector - Logcollector o-- IReader - IReader <|-- FileReader - IReader <|-- JournaldReader - IReader <|-- WindowsEventTracerReader - IReader <|-- MacosReader - FileReader o-- LocalFile -``` diff --git a/docs/ref/modules/logcollector/architecture.md b/docs/ref/modules/logcollector/architecture.md index c79bec1ac6..45edeb672f 100644 --- a/docs/ref/modules/logcollector/architecture.md +++ b/docs/ref/modules/logcollector/architecture.md @@ -1 +1,71 @@ # Architecture + +## Class Diagram + +```mermaid +classDiagram + class ModuleWrapper + class Logcollector { + - context : io_context + - m_readers : MultiTypeQueue + + Start() + + Setup(ConfigurationParser) + + Stop() + + ExecuteCommand(CommandResult(string)) + + SetPushMessageFunction(std::function) + + SendMessage() + + EnqueueTask() + + AddReader() + + Wait() + } + class IReader { + - logcollector + + Run() + + Stop() + } + class FileReader { + - pattern : string + - fileWait : int + - reloadInterval : int + + FileReader(pattern, fileWait, reloadInterval) + + Run() + + Stop() + - Reload() + } + class LocalFile { + - filename : string + + LocalFile(filename) + } + class JournaldReader { + - filters : list + - ignoreIfMissing : bool + - fileWait : int + + JournaldReader(filters, ignoreIfMissing, fileWait) + + Run() + + Stop() + } + class WindowsEventTracerReader { + - channel : string + - query : string + - refreshInterval : int + + WindowsEventTracerReader(channel, query, refreshInterval) + + Run() + + Stop() + } + class MacosReader { + - query : string + - logLevel : string + - logTypes : list + - fileWait : int + + MacosReader(query, logLevel, logTypes, fileWait) + + Run() + + Stop() + } + ModuleWrapper <-- Logcollector + Logcollector o-- IReader + IReader <|-- FileReader + IReader <|-- JournaldReader + IReader <|-- WindowsEventTracerReader + IReader <|-- MacosReader + FileReader o-- LocalFile +``` diff --git a/docs/ref/uninstall.md b/docs/ref/uninstall.md index 316df2650a..be5d417122 100644 --- a/docs/ref/uninstall.md +++ b/docs/ref/uninstall.md @@ -1 +1,28 @@ # Uninstall + +## Uninstall the Agent on Linux + +- DEB + + ```bash + sudo dpkg -r wazuh-agent + ``` + +- RPM + + ```bash + sudo rpm -e wazuh-agent + ``` + +## Uninstall the Agent on macOS + +- PKG + + +## Uninstall the Agent on Windows + +- MSI + ```powershell + msiexec /x '.\wazuh-agent_5.0.0.msi' /l*v uninstall.log + ``` +**Note:** The package can also be uninstalled on Windows through the OS's "Add or Remove Programs" section. diff --git a/docs/ref/upgrade.md b/docs/ref/upgrade.md index dab017fb82..8ea81ecd27 100644 --- a/docs/ref/upgrade.md +++ b/docs/ref/upgrade.md @@ -1 +1,31 @@ # Upgrade + +## Upgrade the Agent on Linux + +- DEB + + ```bash + sudo dpkg -i wazuh-agent_5.0.0.deb + ``` + +- RPM + + ```bash + sudo rpm -i wazuh-agent_5.0.0.rpm + ``` + +## Upgrade the Agent on macOS + +- PKG + + ```bash + sudo installer -pkg wazuh-agent_5.0.0.pkg -target / + ``` + +## Upgrade the Agent on Windows + +- MSI + + ```bash + .\wazuh-agent_5.0.0.msi /q + ``` diff --git a/etc/config/wazuh-agent.yml b/etc/config/wazuh-agent.yml index 038933336f..68fa050091 100644 --- a/etc/config/wazuh-agent.yml +++ b/etc/config/wazuh-agent.yml @@ -3,6 +3,7 @@ agent: server_url: https://localhost:27000 retry_interval: 30s verification_mode: none + queue_size: 10000 events: batch_interval: 10s batch_size: 1MB diff --git a/packages/README.md b/packages/README.md deleted file mode 100644 index 75d16e0e00..0000000000 --- a/packages/README.md +++ /dev/null @@ -1,123 +0,0 @@ -## Wazuh Package Builder Script - -This script automates the process of building Wazuh packages (manager or agent) for various architectures within a Docker container. - -**Features:** - -- Supports building packages for different targets (manager/agent). -- Selectable architectures (amd64, i386, **ppc64le, arm64, armhf*). -- Optional debug builds. -- Generates checksums for built packages. -- Builds legacy packages for CentOS 5 (RPM only). -- Uses local source code or downloads from GitHub. -- Builds future test packages (x.30.0). - -***Note:** Support for *ppc64le, arm64, and armhf* architectures **is not** currently **available** in the **workflow**. - -**Requirements:** - -- Docker installed and running. - -**Usage:** -``` -wazuh# cd packages -./generate_package.sh [OPTIONS] -``` - -**Options:** -| Option | Description | Default | -|------------|----------------------------------------------------------|-----------------------| -| -b, --branch | Git branch to use (optional) | main | -| -t, --target | Target package to build (required): manager or agent | - | -| -a, --architecture | Target architecture (optional): amd64, i386, etc. | - | -| -j, --jobs | Number of parallel jobs (optional) | 2 | -| -r, --revision | Package revision (optional) | 0 | -| -s, --store | Destination path for the package (optional) | (output folder created) | -| -p, --path | Installation path for the package (optional) | /var/ossec | -| -d, --debug | Build binaries with debug symbols (optional) | no | -| -c, --checksum | Generate checksum on the same directory (optional) | no | -| -l, --legacy | Build package for CentOS 5 (RPM only) (optional) | no | -| --dont-build-docker | Use a locally built Docker image (optional) | no | -| --tag | Tag to use with the Docker image (optional) | - | -| *--sources | Path containing local Wazuh source code (optional) | script path | -| **--is_stage | Use release name in package (optional) | no | -| --src | Generate the source package (optional) | no | -| --system | Package format to build (optional): rpm, deb (default)| deb | -| -h, --help | Show this help message | - | - -***Note1:** If we don't use this flag, will the script use the current directory where *generate_package.sh* is located. - -****Note 2:** If the package is not a release package, a short hash commit based on the git command `git rev-parse --short HEAD` will be appended to the end of the name. The default length of the short hash is determined by the Git command [git rev-parse --short[=length]](https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength:~:text=interpreted%20as%20usual.-,%2D%2Dshort%5B%3Dlength%5D,-Same%20as%20%2D%2Dverify). - - -**Example Usage:** - -1. Build a manager package for amd64 architecture: -./wazuh_package_builder.sh -t manager -a amd64 -s /tmp --system rpm - -2. Build a debug agent package for i386 architecture with checksum generation: -./wazuh_package_builder.sh -t agent -a i386 -s /tmp -d -c --system rpm - -3. Build a legacy RPM package for CentOS 5 (agent): -./wazuh_package_builder.sh -t agent -l -s /tmp --system rpm - -4. Build a package using local Wazuh source code: -./wazuh_package_builder.sh -t manager -a amd64 --sources /path/to/wazuh/source --system rpm - - -**Notes:** -- For `--dont-build-docker` to work effectively, ensure a Docker image with the necessary build environment is already available. -- For RPM packages, we use the following architecture equivalences: - * amd64 -> x86_64 - * arm64 -> aarch64 - * armhf -> armv7hl - -# Workflow - -## Generate and push builder images to GH - -```bash -curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_WORKFLOW_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" --data-binary "@$(pwd)/wazuh-agent-test-amd64-rpm.json" "https://api.github.com/repos/wazuh/wazuh/actions/workflows/packages-upload-agent-images-amd.yml/dispatches" -``` - -Where the JSON looks like this: - -```json -# cat wazuh-agent-test-amd64-rpm.json -{ - "ref":"4.9.0", - "inputs": - { - "tag":"auto", - "architecture":"amd64", - "system":"rpm", - "revision":"test", - "is_stage":"false", - "legacy":"false" - } -} -``` - -## Generate packages - -```json -curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_WORKFLOW_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" --data-binary "@$(pwd)/wazuh-agent-test-amd64-rpm.json" "https://api.github.com/repos/wazuh/wazuh/actions/workflows/packages-build-linux-agent-amd.yml/dispatches" -``` - -Where the JSON looks like this: -```json -# cat wazuh-agent-test-amd64-rpm.json -{ - "ref":"4.9.0", - "inputs": - { - "docker_image_tag":"auto", - "architecture":"amd64", - "system":"deb", - "revision":"test", - "is_stage":"false", - "legacy":"false", - "checksum":"false", - } -} -``` diff --git a/src/cmake/config.cmake b/src/cmake/config.cmake index 05ccfae92f..1cf765c953 100644 --- a/src/cmake/config.cmake +++ b/src/cmake/config.cmake @@ -34,8 +34,6 @@ set(DEFAULT_FILE_WAIT "\"500ms\"" CACHE STRING "Default Logcollector file readin set(DEFAULT_RELOAD_INTERVAL "\"60000ms\"" CACHE STRING "Default Logcollector reload interval (1m)") -set(DEFAULT_CHANNEL_REFRESH_INTERVAL "\"5000ms\"" CACHE STRING "Default Logcollector Windows eventchannel reconnect time (5000ms)") - set(DEFAULT_INVENTORY_ENABLED true CACHE BOOL "Default inventory enabled") set(DEFAULT_INTERVAL "\"3600000ms\"" CACHE STRING "Default inventory interval (1h)") diff --git a/src/common/config/include/config.h.in b/src/common/config/include/config.h.in index 1f718b9d78..21b917f542 100644 --- a/src/common/config/include/config.h.in +++ b/src/common/config/include/config.h.in @@ -33,7 +33,6 @@ namespace config constexpr auto DEFAULT_FILE_WAIT = @DEFAULT_FILE_WAIT@; constexpr auto DEFAULT_RELOAD_INTERVAL = @DEFAULT_RELOAD_INTERVAL@; constexpr auto DEFAULT_LOCALFILES = "/var/log/auth.log"; - constexpr auto DEFAULT_CHANNEL_REFRESH_INTERVAL = @DEFAULT_CHANNEL_REFRESH_INTERVAL@; } namespace inventory diff --git a/src/modules/logcollector/src/logcollector_win.cpp b/src/modules/logcollector/src/logcollector_win.cpp index 556f24deae..859ab7924f 100644 --- a/src/modules/logcollector/src/logcollector_win.cpp +++ b/src/modules/logcollector/src/logcollector_win.cpp @@ -15,7 +15,7 @@ namespace logcollector std::shared_ptr configurationParser) { const auto refreshInterval = configurationParser->GetTimeConfigOrDefault( - config::logcollector::DEFAULT_CHANNEL_REFRESH_INTERVAL, "logcollector", "reload_interval"); + config::logcollector::DEFAULT_RELOAD_INTERVAL, "logcollector", "reload_interval"); const std::vector> defaultWinOsConfig {};