Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global queries FIM - Investigate impact on installation/upgrade - Wazuh Puppet #1246

Open
2 of 6 tasks
c-bordon opened this issue Feb 12, 2025 · 1 comment
Open
2 of 6 tasks

Global queries FIM - Investigate impact on installation/upgrade - Wazuh Puppet #1246

c-bordon opened this issue Feb 12, 2025 · 1 comment
Assignees
@vcerenu
Labels
level/subtask Subtask issue type/change Change requested

Comments

@c-bordon
Copy link
Member

c-bordon commented Feb 12, 2025
edited by vcerenu
Loading

Description

The issue aims to investigate if the new files need special handling in the installation of the Wazuh central components with the Wazuh Puppet

With persistence

  • /var/ossec/queue/indexer/wazuh-states-[index_name]-[cluster_name]

Without persistence

  • /var/ossec/templates/[index_name]_states_template.json
  • /var/ossec/templates/[index_name]_states_template.json
  • /var/ossec/lib/libinventory_harvester.so

Tasks

  • Investigate if these files need special handling in AIO installation with the Wazuh Puppet
  • Investigate if these files need special handling in distributed installation with the Wazuh Puppet
  • Investigate if we need to make changes for these updates in the ossec.conf Inventory harvester configuration wazuh#28217
  • Make the necessary changes
  • Test the installation methods

DRI
@c-bordon c-bordon added level/subtask Subtask issue type/change Change requested labels Feb 12, 2025
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 4.13.0 Feb 12, 2025
@vcerenu
Copy link
Member

vcerenu commented Feb 18, 2025

Update

The persistence of these files depends exclusively on the upgrade process performed by the RPM or DEB package with which the update is performed.
Puppet does not generate changes on files that do not require modification for the configuration of Wazuh manager, so it does not have any type of action on these files and their persistence will depend exclusively on the update process.
Regarding the changes on the ossec.conf file, it is necessary to add this configuration to the templates that make up the ossec.conf file, so it is necessary to know where these nodes should be placed and if they require any type of variable to be completed.

@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 4.13.0 Feb 18, 2025
@wazuhci wazuhci moved this from In progress to Blocked in XDR+SIEM/Release 4.13.0 Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vcerenu vcerenu

Labels
level/subtask Subtask issue type/change Change requested
Projects
XDR+SIEM/Release 4.13.0
Status: Blocked
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vcerenu @c-bordon