Merge branch '4.4-7.10' into 4.5-7.10

wazuh · May 18, 2023 · 8c36edf · 8c36edf
2 parents f6f51ef + 94f7624
commit 8c36edf
Show file tree

Hide file tree

Showing 6 changed files with 154 additions and 45 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -29,7 +29,17 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Fixed TypeError in FIM Inventory using new error handler [#5364](https://github.com/wazuh/wazuh-kibana-app/pull/5364)
 - Fixed error when using invalid group configuration [#5423](https://github.com/wazuh/wazuh-kibana-app/pull/5423)
 
-## Wazuh v4.4.1 - Kibana 7.10.2, 7.16.x, 7.17.x - Revision 01
+## Wazuh v4.4.2 - Kibana 7.10.2, 7.16.x, 7.17.x - Revision 01
+
+### Added
+
+- Support for Wazuh 4.4.2
+
+### Fixed
+
+- Fixed a problem in the backend service to get the plugin configuration [#5428](https://github.com/wazuh/wazuh-kibana-app/pull/5428)
+
+## Wazuh v4.4.1 - Kibana 7.10.2, 7.16.x, 7.17.x - Revision 00
 
 ### Fixed
 

diff --git a/README.md b/README.md
@@ -16,31 +16,31 @@ You can learn more about it here [wazuh.com](https://wazuh.com/)
 This plugin for Kibana allows you to visualize and analyze Wazuh alerts stored in Elasticsearch and provides the following capabilities:
 
 - Search alerts classified by modules and filter them using the different views. You will be able to explore the alerts both at Wazuh cluster level, and in a particular agent. The modules, divided into the following use cases, are:
-    - Security Information Management
-        - Security events: Browse through your security alerts, identifying issues and threats in your environment.
-        - Integrity monitoring: Alerts related to file changes, including permissions, content, ownership and attributes.
-        - Amazon AWS: Security events related to your Amazon AWS services, collected directly via AWS API.
-        - Office 365: Security events related to your Office 365 services.
-        - GitHub: Security events related to your GitHub organizations, collected via GitHub audit logs API.
-        - Google Cloud Platform: Security events related to your Google Cloud Platform services, collected directly via GCP API.
-    - Auditing and Policy Monitoring
-        - Policy monitoring: Verify that your systems are configured according to your security policies baseline.
-        - Security configuration assessment: Scan your assets as part of a configuration assessment audit.
-        - System auditing: Audit users behavior, monitoring command execution and alerting on access to critical files.
-        - OpenSCAP: Configuration assessment and automation of compliance monitoring using SCAP checks.
-        - CIS-CAT: Configuration assessment using Center of Internet Security scanner and SCAP checks.
-    - Threat Detection and Response
-        - Vulnerabilities: Discover what applications in your environment are affected by well-known vulnerabilities.
-        - MITRE ATT&CK: Security events from the knowledge base of adversary tactics and techniques based on real-world observations.
-        - VirusTotal: Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.
-        - Osquery: Osquery can be used to expose an operating system as a high-performance relational database.
-        - Docker listener: Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events.
-    - Regulatory Compliance
-        - PCI DSS: Global security standard for entities that process, store or transmit payment cardholder data.
-        - NIST 800-53: National Institute of Standards and Technology Special Publication 800-53 (NIST 800-53) sets guidelines for federal information systems.
-        - GDPR: General Data Protection Regulation (GDPR) sets guidelines for processing of personal data.
-        - HIPAA: Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides data privacy and security provisions for safeguarding medical information.
-        - TSC: Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
+  - Security Information Management
+    - Security events: Browse through your security alerts, identifying issues and threats in your environment.
+    - Integrity monitoring: Alerts related to file changes, including permissions, content, ownership and attributes.
+    - Amazon AWS: Security events related to your Amazon AWS services, collected directly via AWS API.
+    - Office 365: Security events related to your Office 365 services.
+    - GitHub: Security events related to your GitHub organizations, collected via GitHub audit logs API.
+    - Google Cloud Platform: Security events related to your Google Cloud Platform services, collected directly via GCP API.
+  - Auditing and Policy Monitoring
+    - Policy monitoring: Verify that your systems are configured according to your security policies baseline.
+    - Security configuration assessment: Scan your assets as part of a configuration assessment audit.
+    - System auditing: Audit users behavior, monitoring command execution and alerting on access to critical files.
+    - OpenSCAP: Configuration assessment and automation of compliance monitoring using SCAP checks.
+    - CIS-CAT: Configuration assessment using Center of Internet Security scanner and SCAP checks.
+  - Threat Detection and Response
+    - Vulnerabilities: Discover what applications in your environment are affected by well-known vulnerabilities.
+    - MITRE ATT&CK: Security events from the knowledge base of adversary tactics and techniques based on real-world observations.
+    - VirusTotal: Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.
+    - Osquery: Osquery can be used to expose an operating system as a high-performance relational database.
+    - Docker listener: Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events.
+  - Regulatory Compliance
+    - PCI DSS: Global security standard for entities that process, store or transmit payment cardholder data.
+    - NIST 800-53: National Institute of Standards and Technology Special Publication 800-53 (NIST 800-53) sets guidelines for federal information systems.
+    - GDPR: General Data Protection Regulation (GDPR) sets guidelines for processing of personal data.
+    - HIPAA: Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides data privacy and security provisions for safeguarding medical information.
+    - TSC: Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
 - View and edit the Wazuh manager configuration.
 - Manage your ruleset (rules, decoders and CDB lists).
 - Manage your groups of agents.
@@ -143,6 +143,7 @@ systemctl stop kibana
 ```
 service kibana stop
 ```
+
 Ensure that the directory `/usr/share/kibana/data` exists
 If not create it:
 
@@ -151,13 +152,16 @@ mkdir /usr/share/kibana/data
 ```
 
 ### From 3.11.x
+
 Copy the `wazuh.yml` to its new location.
 
 ```
 mkdir -p /usr/share/kibana/data/wazuh/config
 cp /usr/share/kibana/plugins/wazuh/wazuh.yml /usr/share/kibana/optimize/wazuh/config/wazuh.yml
 ```
+
 ### From 4.0.4 - 4016
+
 Copy the `wazuh.yml` to its new location.
 
 ```
@@ -211,14 +215,13 @@ Restart Kibana
 ```
 systemctl restart kibana
 ```
- 
-- SysV Init: 
- 
-``` 
-service kibana restart 
+
+- SysV Init:
+
+```
+service kibana restart
 ```
 
-
 ## Wazuh - Kibana - Open Distro version compatibility matrix
 
 The compatibility matrix is avaliable in the repository [wiki](https://github.com/wazuh/wazuh-kibana-app/wiki/Compatibility).

diff --git a/scripts/tag.py b/scripts/tag.py
@@ -15,13 +15,13 @@
 # ======================================================= #
 
 # Wazuh version: major.minor.patch
-version = '4.4.1'
+version = '4.4.2'
 # App's revision number (previous rev + 1)
 revision = '01'
 # One of 'pre-alpha', 'alpha', 'beta', 'release-candidate', 'stable'
 stage = 'stable'
 # Tag suffix. Usually set to stage + stage iteration.
-tag_suffix = ''
+tag_suffix = '-rc2'
 
 # ================================================ #
 # Constants and global variables                   #
@@ -109,10 +109,11 @@ def setup():
 def main(platform: str, versions: list):
     """Main function."""
     for v in versions:
-        if stage == 'stable':
-            tag = f'v{version}-{v}'
-        else:
-            tag = f'v{version}-{v}-{tag_suffix}'
+        # if stage == 'stable':
+        #     pass    # skipped as we have been asked to
+        #     tag = f'v{version}-{v}'
+        # else:
+        tag = f'v{version}-{v}{tag_suffix}'
         logging.info(f'Generating tag "{tag}"')
         update_package_json(v)
         os.system(f'git commit -am "Bump {tag}"')

diff --git a/server/lib/get-configuration.test.ts b/server/lib/get-configuration.test.ts
@@ -0,0 +1,87 @@
+import { WAZUH_DATA_ABSOLUTE_PATH, WAZUH_DATA_CONFIG_DIRECTORY_PATH, WAZUH_DATA_CONFIG_APP_PATH } from '../../common/constants';
+import { createDataDirectoryIfNotExists, createDirectoryIfNotExists } from './filesystem';
+import { getConfiguration } from './get-configuration';
+import { execSync } from 'child_process';
+import { unlinkSync, writeFileSync } from 'fs';
+
+beforeAll(() => {
+  // Create <PLUGIN_PLATFORM_PATH>/data/wazuh directory.
+  createDataDirectoryIfNotExists();
+  // Create <PLUGIN_PLATFORM_PATH>/data/wazuh/config directory.
+  createDirectoryIfNotExists(WAZUH_DATA_CONFIG_DIRECTORY_PATH);
+});
+
+afterAll(() => {
+  // Remove <PLUGIN_PLATFORM_PATH>/data/wazuh directory.
+  execSync(`rm -rf ${WAZUH_DATA_ABSOLUTE_PATH}`);
+});
+
+describe('[service] get-configuration', () => {
+
+  afterEach(() => {
+    // Remove <PLUGIN_PLATFORM_PATH>/data/wazuh/config/wazuh.yml file.
+    execSync(`rm ${WAZUH_DATA_ABSOLUTE_PATH}/config/wazuh.yml || echo ""`);
+  });
+
+  const pluginConfigurationText = [
+`hosts:
+  - default:
+    - url: http://wazuh.manager
+    - port: 55000
+    - username: user
+    - password: password
+    - run_as: false
+`,
+`hosts:
+  - default:
+    - url: http://wazuh.manager
+    - port: 55000
+    - username: user
+    - password: password
+    - run_as: false
+  - custom:
+    - url: http://custom.manager
+    - port: 55000
+    - username: custom
+    - password: custompassword
+    - run_as: false
+`,
+`pattern: wazuh-alerts-*
+hosts:
+  - default:
+    - url: http://wazuh.manager
+    - port: 55000
+    - username: user
+    - password: password
+    - run_as: false
+  - custom:
+    - url: http://custom.manager
+    - port: 55000
+    - username: custom
+    - password: custompassword
+    - run_as: false
+  - custom2:
+    - url: http://custom2.manager
+    - port: 55000
+    - username: custom2
+    - password: custompassword2
+    - run_as: false
+`
+  ];
+
+	it.each`
+	pluginConfiguration    
+	${pluginConfigurationText[0]}
+	${pluginConfigurationText[1]}
+  ${pluginConfigurationText[2]}
+	`('Obfuscate the hosts password', ({pluginConfiguration}) => {
+    // Create plugin configuration file
+    writeFileSync(WAZUH_DATA_CONFIG_APP_PATH, pluginConfiguration, { encoding: 'utf8' });
+		const configuration = getConfiguration();
+    configuration.hosts.forEach(host => {
+      const hostID = Object.keys(host)[0];
+      expect(Object.keys(host).length).toEqual(1);
+      expect(host[hostID].password).toEqual('*****');
+    });
+	});
+});
diff --git a/server/lib/get-configuration.ts b/server/lib/get-configuration.ts
@@ -57,16 +57,19 @@ export function getConfiguration(options: {force?: boolean} = {}) {
  */
 function obfuscateHostsConfiguration(configuration: any, obfuscateHostConfigurationKeys: string[]){
   if(configuration.hosts){
-    configuration.hosts = Object.entries(configuration.hosts)
-      .reduce((accum, [hostID, hostConfiguration]) => {
-        return {...accum, [hostID]: {
-          ...hostConfiguration,
-          ...(obfuscateHostConfigurationKeys
+    configuration.hosts = configuration.hosts
+      .map((host) => {
+        const hostID = Object.keys(host)[0];
+        return {
+          [hostID]: {
+            ...host[hostID],
+            ...(obfuscateHostConfigurationKeys
               .reduce((accumObfuscateHostConfigurationKeys, obfuscateHostConfigurationKey) => 
                 ({...accumObfuscateHostConfigurationKeys, [obfuscateHostConfigurationKey]: '*****'}), {})
             )
-        }}
-      }, {});
+          }
+        }
+      });
   };
   return configuration;
 };
diff --git a/server/routes/wazuh-utils/wazuh-utils.test.ts b/server/routes/wazuh-utils/wazuh-utils.test.ts
@@ -112,6 +112,11 @@ hosts:
     expect(response.body.data).toBeDefined();
     expect(response.body.data.pattern).toBeDefined();
     expect(response.body.data.hosts).toBeDefined();
+    response?.body?.data?.hosts?.map(host => {
+      const hostID = Object.keys(host)[0];
+      expect(Object.keys(host).length).toEqual(1);
+      expect(host[hostID].password).toEqual('*****');
+    });
   });
 });