Merge branch '4.4-2.4-wzd' into fix/mapper_parsing_exception-1020

CHANGELOG.md

@@ -80,6 +80,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Fixed greyed and disabled menu section names [#5101](https:/wazuh/wazuh-kibana-app/pull/5101)
 - Fixed mispelling in the NIST module [#5107](https:/wazuh/wazuh-kibana-app/pull/5107)
 - Fixed Statistic cronjob bulk document insert [#5150](https:/wazuh/wazuh-kibana-app/pull/5150)
+- Fixed the style of the buttons showing more event information in the event view table. [#5137](https:/wazuh/wazuh-kibana-app/pull/5137)
 
 ### Removed
 

docker/imposter/agents/agents.json

@@ -10,6 +10,19 @@
  "uname": "Linux |wazuh-manager-master-0 |4.14.114-105.126.amzn2.x86_64 |#1 SMP Tue May 7 02:26:40 UTC 2019 |x86_64",
  "version": "2"
  },
+ "group": [
+ "default",
+ "test",
+ "test2",
+ "test3",
+ "test4",
+ "test5",
+ "test6",
+ "test7",
+ "test8",
+ "test9",
+ "test10"
+ ],
  "ip": "127.0.0.1",
  "id": "000",
  "registerIP": "127.0.0.1",
@@ -30,6 +43,14 @@
  "uname": "Linux |wazuh-manager-master-0 |4.14.114-105.126.amzn2.x86_64 |#1 SMP Tue May 7 02:26:40 UTC 2019 |x86_64",
  "version": "2"
  },
+ "group": [
+ "default",
+ "test",
+ "test2",
+ "test3",
+ "test4",
+ "test5"
+ ],
  "ip": "127.0.0.1",
  "id": "001",
  "registerIP": "127.0.0.1",
@@ -50,6 +71,7 @@
  "uname": "Linux |wazuh-manager-master-0 |4.14.114-105.126.amzn2.x86_64 |#1 SMP Tue May 7 02:26:40 UTC 2019 |x86_64",
  "version": "2"
  },
+ "group": ["default", "test", "test2"],
  "ip": "127.0.0.1",
  "id": "002",
  "registerIP": "127.0.0.1",

docker/imposter/cluster/cluster-logs.js

@@ -0,0 +1,13 @@
+var search = context.request.queryParams.search
+
+switch (search) {
+ case 'nologs':
+ respond().withStatusCode(200).withFile('cluster/cluster_no_logs.json');
+ break;
+ case undefined:
+ respond().withStatusCode(200).withFile('cluster/cluster_logs.json');
+ break;
+ default:
+ respond().withStatusCode(200).withFile('cluster/cluster_logs.json');
+ break;
+}

docker/imposter/cluster/cluster_logs.json

@@ -0,0 +1,29 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "timestamp": "2021-05-27T12:18:08Z",
+ "tag": "wazuh-remoted",
+ "level": "debug",
+ "description": " TCP socket 20 already in keystore. Updating..."
+ },
+ {
+ "timestamp": "2021-05-27T12:18:08Z",
+ "tag": "wazuh-remoted",
+ "level": "debug",
+ "description": " Agent '003' group is 'default'"
+ },
+ {
+ "timestamp": "2021-05-27T12:18:08Z",
+ "tag": "wazuh-remoted",
+ "level": "debug",
+ "description": " Agent '003' with group 'default' file 'merged.mg' MD5 '9a016508cea1e997ab8569f5cfab30f5'"
+ }
+ ],
+ "total_affected_items": 3,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "message": "Logs were successfully read in specified node",
+ "error": 0
+}

docker/imposter/cluster/cluster_no_logs.json

@@ -0,0 +1,10 @@
+{
+ "data": {
+ "affected_items": [],
+ "total_affected_items": 0,
+ "failed_items": [],
+ "total_failed_items": 0
+ },
+ "message": "Logs read successfully in specified node",
+ "error": 0
+}

docker/imposter/cluster/cluster_status.json

@@ -0,0 +1,7 @@
+{
+ "data": {
+ "enabled": "yes",
+ "running": "yes"
+ },
+ "error": 0
+}

docker/imposter/sca/policy-checks.js

@@ -0,0 +1,24 @@
+var status =
+ context.request.queryParams.status || context.request.queryParams.result;
+
+console.log(status);
+
+switch (status) {
+ case 'failed':
+ respond().withStatusCode(200).withFile('sca/policy_checks_failed.json');
+ break;
+ case 'not applicable':
+ respond()
+ .withStatusCode(200)
+ .withFile('sca/policy_checks_not_applicable.json');
+ break;
+ case 'passed':
+ respond().withStatusCode(200).withFile('sca/policy_checks_passed.json');
+ break;
+ case '':
+ respond().withStatusCode(200).withFile('sca/policy_checks.json');
+ break;
+ default:
+ respond().withStatusCode(200).withFile('sca/policy_checks.json');
+ break;
+}

docker/imposter/sca/policy_checks.json

@@ -0,0 +1,97 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "description": "The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.",
+ "id": 19000,
+ "reason": "Invalid path or wrong permissions to run command 'modprobe -n -v cramfs'",
+ "command": "modprobe -n -v cramfs,lsmod",
+ "rationale": "Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it.",
+ "condition": "all",
+ "title": "Ensure mounting of cramfs filesystems is disabled.",
+ "result": "not applicable",
+ "policy_id": "cis_ubuntu20-04",
+ "remediation": "1) Edit or create a file in the /etc/modprobe.d/ directory ending in .conf and add the following line: install cramfs /bin/true. 2) Run the following command to unload the cramfs module: # rmmod cramfs",
+ "compliance": [
+ {
+ "value": "1.1.1.1",
+ "key": "cis"
+ },
+ {
+ "value": "5.1",
+ "key": "cis_csc"
+ },
+ {
+ "value": "2.2.5",
+ "key": "pci_dss"
+ },
+ {
+ "value": "CC6.3",
+ "key": "tsc"
+ }
+ ],
+ "rules": [
+ {
+ "type": "command",
+ "rule": "c:modprobe -n -v cramfs -> r:^install /bin/true"
+ },
+ {
+ "type": "numeric",
+ "rule": "not c:lsmod -> r:cramfs"
+ }
+ ]
+ },
+ {
+ "remediation": "For new installations, during installation create a custom partition setup and specify a separate partition for /var. For systems that were previously installed, create a new partition and configure /etc/fstab as appropriate",
+ "rationale": "Since the /var directory may contain world-writable files and directories, there is a risk of resource exhaustion if it is not bound to a separate partition",
+ "title": "Ensure separate partition exists for /var",
+ "policy_id": "cis_debian",
+ "file": "/etc/fstab",
+ "description": "The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable",
+ "id": 5003,
+ "result": "failed",
+ "condition": "all",
+ "references": "https://tldp.org/HOWTO/LVM-HOWTO/",
+ "compliance": [
+ {
+ "key": "cis",
+ "value": "1.1.6"
+ },
+ {
+ "key": "cis_csc",
+ "value": "5"
+ }
+ ]
+ },
+ {
+ "remediation": "Run the following commands to remove exim: # apt-get remove exim4; # apt-get purge exim4",
+ "rationale": "Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended that the package be removed to reduce the potential attack surface",
+ "title": "Ensure IMAP and POP3 server is not enabled (POP3)",
+ "policy_id": "cis_debian",
+ "file": "/etc/inetd.conf",
+ "description": "Exim is an open source IMAP and POP3 server for Linux based systems",
+ "id": 5022,
+ "result": "passed",
+ "condition": "all",
+ "compliance": [
+ {
+ "key": "cis",
+ "value": "2.2.11"
+ },
+ {
+ "key": "cis_csc",
+ "value": "9"
+ },
+ {
+ "key": "pci_dss",
+ "value": "2.2.2"
+ }
+ ]
+ }
+ ],
+ "total_affected_items": 191,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "error": 0
+}

docker/imposter/sca/policy_checks_failed.json

@@ -0,0 +1,32 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "remediation": "For new installations, during installation create a custom partition setup and specify a separate partition for /var. For systems that were previously installed, create a new partition and configure /etc/fstab as appropriate",
+ "rationale": "Since the /var directory may contain world-writable files and directories, there is a risk of resource exhaustion if it is not bound to a separate partition",
+ "title": "Ensure separate partition exists for /var",
+ "policy_id": "cis_debian",
+ "file": "/etc/fstab",
+ "description": "The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable",
+ "id": 5003,
+ "result": "failed",
+ "condition": "all",
+ "references": "https://tldp.org/HOWTO/LVM-HOWTO/",
+ "compliance": [
+ {
+ "key": "cis",
+ "value": "1.1.6"
+ },
+ {
+ "key": "cis_csc",
+ "value": "5"
+ }
+ ]
+ }
+ ],
+ "total_affected_items": 191,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "error": 0
+}

docker/imposter/sca/policy_checks_not_applicable.json

@@ -0,0 +1,50 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "description": "The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.",
+ "id": 19000,
+ "reason": "Invalid path or wrong permissions to run command 'modprobe -n -v cramfs'",
+ "command": "modprobe -n -v cramfs,lsmod",
+ "rationale": "Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it.",
+ "condition": "all",
+ "title": "Ensure mounting of cramfs filesystems is disabled.",
+ "result": "not applicable",
+ "policy_id": "cis_ubuntu20-04",
+ "remediation": "1) Edit or create a file in the /etc/modprobe.d/ directory ending in .conf and add the following line: install cramfs /bin/true. 2) Run the following command to unload the cramfs module: # rmmod cramfs",
+ "compliance": [
+ {
+ "value": "1.1.1.1",
+ "key": "cis"
+ },
+ {
+ "value": "5.1",
+ "key": "cis_csc"
+ },
+ {
+ "value": "2.2.5",
+ "key": "pci_dss"
+ },
+ {
+ "value": "CC6.3",
+ "key": "tsc"
+ }
+ ],
+ "rules": [
+ {
+ "type": "command",
+ "rule": "c:modprobe -n -v cramfs -> r:^install /bin/true"
+ },
+ {
+ "type": "numeric",
+ "rule": "not c:lsmod -> r:cramfs"
+ }
+ ]
+ }
+ ],
+ "total_affected_items": 191,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "error": 0
+}

docker/imposter/sca/policy_checks_passed.json

@@ -0,0 +1,35 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "remediation": "Run the following commands to remove exim: # apt-get remove exim4; # apt-get purge exim4",
+ "rationale": "Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended that the package be removed to reduce the potential attack surface",
+ "title": "Ensure IMAP and POP3 server is not enabled (POP3)",
+ "policy_id": "cis_debian",
+ "file": "/etc/inetd.conf",
+ "description": "Exim is an open source IMAP and POP3 server for Linux based systems",
+ "id": 5022,
+ "result": "passed",
+ "condition": "all",
+ "compliance": [
+ {
+ "key": "cis",
+ "value": "2.2.11"
+ },
+ {
+ "key": "cis_csc",
+ "value": "9"
+ },
+ {
+ "key": "pci_dss",
+ "value": "2.2.2"
+ }
+ ]
+ }
+ ],
+ "total_affected_items": 191,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "error": 0
+}

docker/imposter/vulnerability/default_last_scan.json

@@ -0,0 +1,15 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "last_full_scan": "1970-01-01T00:00:00+00:00",
+ "last_partial_scan": "1970-01-01T00:00:00+00:00"
+ }
+ ],
+ "total_affected_items": 1,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "message": "Last vulnerability scans of the agent were returned",
+ "error": 0
+}

docker/imposter/vulnerability/last_scan.json

@@ -0,0 +1,15 @@
+{
+ "data": {
+ "affected_items": [
+ {
+ "last_full_scan": "2022-12-29T17:16:58+00:00",
+ "last_partial_scan": "2022-12-29T19:02:58+00:00"
+ }
+ ],
+ "total_affected_items": 1,
+ "total_failed_items": 0,
+ "failed_items": []
+ },
+ "message": "Last vulnerability scans of the agent were returned",
+ "error": 0
+}