Integrations and Wodles may fail after upgrading to v4.4

[mingo-devsec]

A possible bug was reported in the Slack community.

It should be related to the persistent volumes. Since new scripts were added in the integrations and wodle path they will not be included with the new version and may break the service.

Found scripts:

/var/ossec/wodles/gcloud/exceptions.py
/var/ossec/wodles/azure/orm.py
/var/ossec/integrations/shuffle.py
/var/ossec/integrations/shuffle

Thanks!

[vcerenu]

Verified upgrade result from 4.3.9 to 4.4.0 with docker without recreating persistence volumes

In Waazuh manager 4.3.9 none of the files mentioned in the issue were found, they are new developments.

root@wazuh:/var/ossec/integrations# ls -ltr
total 28
-rwxr-x--- 1 root wazuh 6564 Mar 28 08:05 virustotal.py
-rwxr-x--- 1 root wazuh 1045 Mar 28 08:05 virustotal
-rwxr-x--- 1 root wazuh 3809 Mar 28 08:05 slack.py
-rwxr-x--- 1 root wazuh 1045 Mar 28 08:05 slack
-rwxr-x--- 1 root wazuh 4325 Mar 28 08:05 pagerduty
root@wazuh:/var/ossec/integrations#

root@wazuh:/var/ossec/wodles/gcloud# ls -ltr
total 32
drwxr-x--- 2 root wazuh 4096 Oct 13 12:50 pubsub
drwxr-x--- 2 root wazuh 4096 Oct 13 12:50 buckets
-rwxr-x--- 1 root wazuh 5524 Mar 28 08:05 tools.py
-rwxr-x--- 1 root wazuh 2887 Mar 28 08:05 integration.py
-rwxr-x--- 1 root wazuh 4661 Mar 28 08:05 gcloud.py
-rwxr-x--- 1 root wazuh 1045 Mar 28 08:05 gcloud
root@wazuh:/var/ossec/wodles/gcloud# 

root@wazuh:/var/ossec/wodles/azure# ls -ltr
total 44
-rwxr-x--- 1 root wazuh 37349 Mar 28 08:05 azure-logs.py
-rwxr-x--- 1 root wazuh  1045 Mar 28 08:05 azure-logs
root@wazuh:/var/ossec/wodles/azure#

It was tried to upgrade the images without deleting the volumes, this caused the directories to be taken as they were in 4.3.9, so these scripts were not installed.

Tried adding them to the permanent_data exceptions, but these new files were still not generated, because the volume mounted with the 4.3.9 files steps on the 4.4.0 directories

Analysis continues