-
Notifications
You must be signed in to change notification settings - Fork 180
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch '4.4-2.4-wzd' into fix/mapper_parsing_exception-1020
- Loading branch information
Showing
16 changed files
with
381 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
var search = context.request.queryParams.search | ||
|
||
switch (search) { | ||
case 'nologs': | ||
respond().withStatusCode(200).withFile('cluster/cluster_no_logs.json'); | ||
break; | ||
case undefined: | ||
respond().withStatusCode(200).withFile('cluster/cluster_logs.json'); | ||
break; | ||
default: | ||
respond().withStatusCode(200).withFile('cluster/cluster_logs.json'); | ||
break; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"timestamp": "2021-05-27T12:18:08Z", | ||
"tag": "wazuh-remoted", | ||
"level": "debug", | ||
"description": " TCP socket 20 already in keystore. Updating..." | ||
}, | ||
{ | ||
"timestamp": "2021-05-27T12:18:08Z", | ||
"tag": "wazuh-remoted", | ||
"level": "debug", | ||
"description": " Agent '003' group is 'default'" | ||
}, | ||
{ | ||
"timestamp": "2021-05-27T12:18:08Z", | ||
"tag": "wazuh-remoted", | ||
"level": "debug", | ||
"description": " Agent '003' with group 'default' file 'merged.mg' MD5 '9a016508cea1e997ab8569f5cfab30f5'" | ||
} | ||
], | ||
"total_affected_items": 3, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"message": "Logs were successfully read in specified node", | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{ | ||
"data": { | ||
"affected_items": [], | ||
"total_affected_items": 0, | ||
"failed_items": [], | ||
"total_failed_items": 0 | ||
}, | ||
"message": "Logs read successfully in specified node", | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"data": { | ||
"enabled": "yes", | ||
"running": "yes" | ||
}, | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
var status = | ||
context.request.queryParams.status || context.request.queryParams.result; | ||
|
||
console.log(status); | ||
|
||
switch (status) { | ||
case 'failed': | ||
respond().withStatusCode(200).withFile('sca/policy_checks_failed.json'); | ||
break; | ||
case 'not applicable': | ||
respond() | ||
.withStatusCode(200) | ||
.withFile('sca/policy_checks_not_applicable.json'); | ||
break; | ||
case 'passed': | ||
respond().withStatusCode(200).withFile('sca/policy_checks_passed.json'); | ||
break; | ||
case '': | ||
respond().withStatusCode(200).withFile('sca/policy_checks.json'); | ||
break; | ||
default: | ||
respond().withStatusCode(200).withFile('sca/policy_checks.json'); | ||
break; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"description": "The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.", | ||
"id": 19000, | ||
"reason": "Invalid path or wrong permissions to run command 'modprobe -n -v cramfs'", | ||
"command": "modprobe -n -v cramfs,lsmod", | ||
"rationale": "Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it.", | ||
"condition": "all", | ||
"title": "Ensure mounting of cramfs filesystems is disabled.", | ||
"result": "not applicable", | ||
"policy_id": "cis_ubuntu20-04", | ||
"remediation": "1) Edit or create a file in the /etc/modprobe.d/ directory ending in .conf and add the following line: install cramfs /bin/true. 2) Run the following command to unload the cramfs module: # rmmod cramfs", | ||
"compliance": [ | ||
{ | ||
"value": "1.1.1.1", | ||
"key": "cis" | ||
}, | ||
{ | ||
"value": "5.1", | ||
"key": "cis_csc" | ||
}, | ||
{ | ||
"value": "2.2.5", | ||
"key": "pci_dss" | ||
}, | ||
{ | ||
"value": "CC6.3", | ||
"key": "tsc" | ||
} | ||
], | ||
"rules": [ | ||
{ | ||
"type": "command", | ||
"rule": "c:modprobe -n -v cramfs -> r:^install /bin/true" | ||
}, | ||
{ | ||
"type": "numeric", | ||
"rule": "not c:lsmod -> r:cramfs" | ||
} | ||
] | ||
}, | ||
{ | ||
"remediation": "For new installations, during installation create a custom partition setup and specify a separate partition for /var. For systems that were previously installed, create a new partition and configure /etc/fstab as appropriate", | ||
"rationale": "Since the /var directory may contain world-writable files and directories, there is a risk of resource exhaustion if it is not bound to a separate partition", | ||
"title": "Ensure separate partition exists for /var", | ||
"policy_id": "cis_debian", | ||
"file": "/etc/fstab", | ||
"description": "The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable", | ||
"id": 5003, | ||
"result": "failed", | ||
"condition": "all", | ||
"references": "https://tldp.org/HOWTO/LVM-HOWTO/", | ||
"compliance": [ | ||
{ | ||
"key": "cis", | ||
"value": "1.1.6" | ||
}, | ||
{ | ||
"key": "cis_csc", | ||
"value": "5" | ||
} | ||
] | ||
}, | ||
{ | ||
"remediation": "Run the following commands to remove exim: # apt-get remove exim4; # apt-get purge exim4", | ||
"rationale": "Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended that the package be removed to reduce the potential attack surface", | ||
"title": "Ensure IMAP and POP3 server is not enabled (POP3)", | ||
"policy_id": "cis_debian", | ||
"file": "/etc/inetd.conf", | ||
"description": "Exim is an open source IMAP and POP3 server for Linux based systems", | ||
"id": 5022, | ||
"result": "passed", | ||
"condition": "all", | ||
"compliance": [ | ||
{ | ||
"key": "cis", | ||
"value": "2.2.11" | ||
}, | ||
{ | ||
"key": "cis_csc", | ||
"value": "9" | ||
}, | ||
{ | ||
"key": "pci_dss", | ||
"value": "2.2.2" | ||
} | ||
] | ||
} | ||
], | ||
"total_affected_items": 191, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"remediation": "For new installations, during installation create a custom partition setup and specify a separate partition for /var. For systems that were previously installed, create a new partition and configure /etc/fstab as appropriate", | ||
"rationale": "Since the /var directory may contain world-writable files and directories, there is a risk of resource exhaustion if it is not bound to a separate partition", | ||
"title": "Ensure separate partition exists for /var", | ||
"policy_id": "cis_debian", | ||
"file": "/etc/fstab", | ||
"description": "The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable", | ||
"id": 5003, | ||
"result": "failed", | ||
"condition": "all", | ||
"references": "https://tldp.org/HOWTO/LVM-HOWTO/", | ||
"compliance": [ | ||
{ | ||
"key": "cis", | ||
"value": "1.1.6" | ||
}, | ||
{ | ||
"key": "cis_csc", | ||
"value": "5" | ||
} | ||
] | ||
} | ||
], | ||
"total_affected_items": 191, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"description": "The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.", | ||
"id": 19000, | ||
"reason": "Invalid path or wrong permissions to run command 'modprobe -n -v cramfs'", | ||
"command": "modprobe -n -v cramfs,lsmod", | ||
"rationale": "Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it.", | ||
"condition": "all", | ||
"title": "Ensure mounting of cramfs filesystems is disabled.", | ||
"result": "not applicable", | ||
"policy_id": "cis_ubuntu20-04", | ||
"remediation": "1) Edit or create a file in the /etc/modprobe.d/ directory ending in .conf and add the following line: install cramfs /bin/true. 2) Run the following command to unload the cramfs module: # rmmod cramfs", | ||
"compliance": [ | ||
{ | ||
"value": "1.1.1.1", | ||
"key": "cis" | ||
}, | ||
{ | ||
"value": "5.1", | ||
"key": "cis_csc" | ||
}, | ||
{ | ||
"value": "2.2.5", | ||
"key": "pci_dss" | ||
}, | ||
{ | ||
"value": "CC6.3", | ||
"key": "tsc" | ||
} | ||
], | ||
"rules": [ | ||
{ | ||
"type": "command", | ||
"rule": "c:modprobe -n -v cramfs -> r:^install /bin/true" | ||
}, | ||
{ | ||
"type": "numeric", | ||
"rule": "not c:lsmod -> r:cramfs" | ||
} | ||
] | ||
} | ||
], | ||
"total_affected_items": 191, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"remediation": "Run the following commands to remove exim: # apt-get remove exim4; # apt-get purge exim4", | ||
"rationale": "Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended that the package be removed to reduce the potential attack surface", | ||
"title": "Ensure IMAP and POP3 server is not enabled (POP3)", | ||
"policy_id": "cis_debian", | ||
"file": "/etc/inetd.conf", | ||
"description": "Exim is an open source IMAP and POP3 server for Linux based systems", | ||
"id": 5022, | ||
"result": "passed", | ||
"condition": "all", | ||
"compliance": [ | ||
{ | ||
"key": "cis", | ||
"value": "2.2.11" | ||
}, | ||
{ | ||
"key": "cis_csc", | ||
"value": "9" | ||
}, | ||
{ | ||
"key": "pci_dss", | ||
"value": "2.2.2" | ||
} | ||
] | ||
} | ||
], | ||
"total_affected_items": 191, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"last_full_scan": "1970-01-01T00:00:00+00:00", | ||
"last_partial_scan": "1970-01-01T00:00:00+00:00" | ||
} | ||
], | ||
"total_affected_items": 1, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"message": "Last vulnerability scans of the agent were returned", | ||
"error": 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"data": { | ||
"affected_items": [ | ||
{ | ||
"last_full_scan": "2022-12-29T17:16:58+00:00", | ||
"last_partial_scan": "2022-12-29T19:02:58+00:00" | ||
} | ||
], | ||
"total_affected_items": 1, | ||
"total_failed_items": 0, | ||
"failed_items": [] | ||
}, | ||
"message": "Last vulnerability scans of the agent were returned", | ||
"error": 0 | ||
} |
Oops, something went wrong.