Manual testing - Enhance RPM packages retrieving support - Backport to 4.3

[jnasselle]

Related issue
Original development wazuh/wazuh#10324
Backport to 4.3 wazuh/wazuh#13716

Description

It's desirable to validate that wazuh/wazuh#10324 and its 4.3 backport wazuh/wazuh#13716 works as desired, meaning:

• Wazuh is still capable of retrieving packages from OSes that still use BarkleyDB for its RPM installation
• Wazuh is now capable of retrieving packages from OSes that use new RPM backends like ndb or SQLite

Test cases

Backward compatibility: distros that should still work

• Centos 5
• Centos 8 and older
• Amazon Linux 1/2
• Fedora 32 and older
• RHEL8 and older

The next distros should now support packages retrieving

• openSUSE Tumbleweed -> Related issue Unified unattended installer testing wazuh-packages#1036 (comment), SPIKE: OpenSuse rpm database parsing wazuh#10191
• Fedora 33 or newer -> Related issue [Syscollector][Fedora 34, 35 and, 36] Failed to open database '/var/lib/rpm/Packages': No such file or directory wazuh#13553
• Amazon Linux 2022 -> Related issue Error when collecting packages from an Amazon Linux 2022 OS wazuh#13114
• RHEL9

Configuration details

Wazuh Commit	Agent Package	Manager Package
wazuh/wazuh@c16e88e	https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.4-0.commitc16e88e.x86_64.rpm	https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-agent-4.3.4-0.commitc16e88e.x86_64.rpm

• Local Internal option on Agent:

wazuh_modules.debug=2

[Deblintrake09]

New Distros Compatibility

Check that Syscollector detects packages on Fedora 33 🟢

• Install agent in Fedora 33 VM
• Start Agent with Syscollector packages section enabled
• Check agent OS

uname -a
Linux fedora33.localdomain 5.14.18-100.fc33.x86_64 #1 SMP Fri Nov 12 17:38:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

• Check agent's ossec.log

2022/06/08 18:35:47 wazuh-modulesd:syscollector[3606] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/08 18:35:47 wazuh-modulesd:syscollector[3606] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
2022/06/08 18:37:12 wazuh-modulesd:syscollector[3794] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"3878c334ac24e1888c5ff392d490870adc348eef","description":"This module provides the ability to use references as hash keys if you first\n\"tie\" the hash variable to this module. Normally, only the keys of the tied\nhash itself are preserved as references; to use references as keys in\nhashes-of-hashes, use Tie::RefHash::Nestable, included as part of\nTie::RefHash.","format":"rpm","groups":"Unspecified","install_time":"1653590699","item_id":"37c4121367112fb673430b66f2e5c77c52e1aa19","name":"perl-Tie-RefHash","scan_time":"2022/06/08 18:37:12","size":9088,"vendor":"Fedora Project","version":"1.39-471.fc33"},"index":"37c4121367112fb673430b66f2e5c77c52e1aa19","timestamp":""},"type":"state"}
2022/06/08 18:37:12 wazuh-modulesd:syscollector[3794] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"92f531f7ebfcae8c87adabc33d4c3d91ce693e59","description":"libX11 common data","format":"rpm","groups":"Unspecified","install_time":"1653591137","item_id":"389e77a17415a8bc181dcb4cea7a9c0746bc9851","name":"libX11-common","scan_time":"2022/06/08 18:37:12","size":1336063,"vendor":"Fedora Project","version":"1.7.2-3.fc33"},"index":"389e77a17415a8bc181dcb4cea7a9c0746bc9851","timestamp":""},"type":"state"}

• Check packages in Agent's DB in manager

0|2022/06/08 18:37:21|rpm|ca-certificates||Unspecified|939845|Fedora Project|1653590511|2021.2.50-1.0.fc33|noarch|||This package contains the set of CA certificates chosen by the
Mozilla Foundation for use with the Internet PKI.||0|||1a2b447237f2ceddd1338da527ac9919541a8733|02d0710893267230ac6c160f5bf053e2b953bf32
0|2022/06/08 18:37:21|rpm|tzdata||Unspecified|1800709|Fedora Project|1653590479|2021e-1.fc33|noarch|||This package contains data files with rules for various timezones around
the world.||0|||eefa868efcfa00579f0646e89789d23007ed2468|02eeed3cbfd2b835efc4a0b0869ce77ea90500f1
0|2022/06/08 18:37:21|rpm|perl-List-MoreUtils-XS||Unspecified|165736|Fedora Project|1653590710|0.428-10.fc33|x86_64|||This module provides accelerated versions of functions in List::MoreUtils.||0|||05229a6f501b21ad2ec7a44cbe80d88eba082b1c|037104666e6f9f944b6e49907e3bd0565b7b8d91

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on Amazon Linux 2022 🟢

• Install agent in Amazon Linux 2022 VM
• Start Agent with Syscollector packages section enabled
• Verify agent OS version

uname -a
Linux ip-172-31-81-114.ec2.internal 5.15.29-16.111.amzn2022.x86_64 #1 SMP Fri Mar 25 21:42:39 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

• Check agent's ossec.log

2022/06/08 18:59:21 wazuh-modulesd:syscollector[4000] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/08 18:59:21 wazuh-modulesd:syscollector[4000] wm_syscollector.c:92 at wm_sys_log(): INFO: Starting evaluation.
2022/06/08 18:59:21 wazuh-modulesd:syscollector[4000] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
2022/06/08 19:00:09 wazuh-modulesd:syscollector[4197] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"bc4afd930e5077fbd51459affd5d183af97919fd","description":"This is an object interface for System V messages, semaphores, and\ninter-process calls.","format":"rpm","groups":"Unspecified","install_time":"1652117387","item_id":"0738a89a4d9418ab65f77d52037a9b2ef8e89ad8","name":"perl-IPC-SysV","scan_time":"2022/06/08 19:00:09","size":76548,"vendor":"Amazon Linux","version":"2.09-2.amzn2022"},"index":"0738a89a4d9418ab65f77d52037a9b2ef8e89ad8","timestamp":""},"type":"state"}
2022/06/08 19:00:10 wazuh-modulesd:syscollector[4197] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"998d2780b2919c82ff26461ab4c9ebf48bf88b53","description":"ec2-utils contains a set of utilities for running in ec2.","format":"rpm","groups":"System Tools","install_time":"1652117420","item_id":"076e932afbafb1d9ddb9b8f0b187a76ae1e0b10a","name":"ec2-utils","scan_time":"2022/06/08 19:00:09","size":19255,"vendor":"Amazon Linux","version":"2.0.1-1.amzn2022"},"index":"076e932afbafb1d9ddb9b8f0b187a76ae1e0b10a","timestamp":""},"type":"state"}
2022/06/08 19:00:10 wazuh-modulesd:syscollector[4197] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"88ef84de1570c939d9e0b28647ef29a698c639e6","description":"Libraries for the Gdbm GNU database indexing library","format":"rpm","groups":"Unspecified","install_time":"1652117385","item_id":"0785bc7c12fd3eb164abdf2473743ac0be64730d","name":"gdbm-libs","scan_time":"2022/06/08 19:00:10","size":116306,"vendor":"Amazon Linux","version":"1:1.19-2.amzn2022"},"index":"0785bc7c12fd3eb164abdf2473743ac0be64730d","timestamp":""},"type":"state"}

• Check the Agent's Database inside the manager

0|2022/06/08 19:00:09|rpm|perl-IPC-SysV||Unspecified|76548|Amazon Linux|1652117387|2.09-2.amzn2022|x86_64|||This is an object interface for System V messages, semaphores, and
inter-process calls.||0|||bc4afd930e5077fbd51459affd5d183af97919fd|0738a89a4d9418ab65f77d52037a9b2ef8e89ad8
0|2022/06/08 19:00:09|rpm|ec2-utils||System Tools|19255|Amazon Linux|1652117420|2.0.1-1.amzn2022|noarch|||ec2-utils contains a set of utilities for running in ec2.||0|||998d2780b2919c82ff26461ab4c9ebf48bf88b53|076e932afbafb1d9ddb9b8f0b187a76ae1e0b10a
0|2022/06/08 19:00:10|rpm|gdbm-libs||Unspecified|116306|Amazon Linux|1652117385|1:1.19-2.amzn2022|x86_64|||Libraries for the Gdbm GNU database indexing library||0|||88ef84de1570c939d9e0b28647ef29a698c639e6|0785bc7c12fd3eb164abdf2473743ac0be64730d

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on OpenSUSE Tumbleweed 🟢

• Install agent in OpenSUSE Tumbleweed VM
• Start Agent with Syscollector packages section enabled
• Verify Agent's OS version

uname -a
Linux opensuse 5.17.9-1-default #1 SMP PREEMPT Wed May 18 10:03:12 UTC 2022 (eab1a2c) x86_64 x86_64 x86_64 GNU/Linux

• Check agent's ossec.log

2022/06/08 18:11:51 wazuh-modulesd:syscollector[5314] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/08 18:11:51 wazuh-modulesd:syscollector[5314] wm_syscollector.c:92 at wm_sys_log(): INFO: Starting evaluation.
2022/06/08 18:11:51 wazuh-modulesd:syscollector[5314] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
2022/06/08 18:12:12 wazuh-modulesd:syscollector[5504] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"e8dec311fab3040bef9c305b7f41e5647a902439","description":"Tool to check and set file permissions.","format":"rpm","groups":"Productivity/Security","install_time":"1654195035","item_id":"b34de00c7b2921db0859019e45530129dd8e9963","name":"chkstat","scan_time":"2022/06/08 18:12:12","size":1261830,"vendor":"openSUSE","version":"1599_20220309-30.4"},"index":"b34de00c7b2921db0859019e45530129dd8e9963","timestamp":""},"type":"state"}
2022/06/08 18:12:12 wazuh-modulesd:syscollector[5504] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"4f9b09c194c63f7d7cf6df66dce98e839efa2d37","description":"Perl modules for configuring various boot loaders.\n\n\n\nAuthors:\n--------\n    Jiri Srain <[email protected]>\n    Joachim Plack <[email protected]>\n    Alexander Osthof <[email protected]>\n    Josef Reidinger <[email protected]>","format":"rpm","groups":"System/Boot","install_time":"1654195169","item_id":"5beddc32c10c98fe349e160545b96cbbf55f6a3a","name":"perl-Bootloader","scan_time":"2022/06/08 18:12:12","size":406941,"vendor":"openSUSE","version":"0.939-1.2"},"index":"5beddc32c10c98fe349e160545b96cbbf55f6a3a","timestamp":""},"type":"state"}
2022/06/08 18:12:12 wazuh-modulesd:syscollector[5504] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"c5b8c0febf42d6cb0d76c2dcb7979b1faaf985c8","description":"This package contains the YaST2 component for bootloader configuration.","format":"rpm","groups":"System/YaST","install_time":"1654195661","item_id":"b3d5e442a833ff6576aac10db38dec594954895c","name":"yast2-bootloader","scan_time":"2022/06/08 18:12:12","size":272789,"vendor":"openSUSE","version":"4.5.1-1.2"},"index":"b3d5e442a833ff6576aac10db38dec594954895c","timestamp":""},"type":"state"}
2022/06/08 18:12:12 wazuh-modulesd:syscollector[5504] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"e430602e404ba9d2105d6369cadc20739190a0e5","description":"JSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON formatted\nstrings and parse JSON formatted strings back into the C\nrepresentation of JSON objects.\n\nThis package includes the JSON library.","format":"rpm","groups":"System/Libraries","install_time":"1654194983","item_id":"5c0240eb852dedf3e59425f8720b7e32a3199f79","name":"libjson-c5","scan_time":"2022/06/08 18:12:12","size":91399,"vendor":"openSUSE","version":"0.16-1.2"},"index":"5c0240eb852dedf3e59425f8720b7e32a3199f79","timestamp":""},"type":"state"}

• Check packages are present in agents's db on Manager

0|2022/06/08 18:12:32|rpm|python38-ruamel.yaml||Unspecified|548344|obs://build.opensuse.org/home:alvistack|1654196711|100:0.17.21-2.6|noarch|||ruamel.yaml is a YAML 1.2 loader/dumper package for Python. It is a
derivative of Kirill Simonov’s PyYAML 3.11.||0|||d409c93aee799b39bed7784aa687a6ed398a9e64|07aa4062f244f5b2de3232d4e0fa962b42f4cda3

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on RHEL9 🟢

• Install agent in RHEL9 VM
• Start Agent with Syscollector packages section enabled
• Verify Agent's OS version

uname -a
Linux ip-172-31-81-0.ec2.internal 5.14.0-70.13.1.el9_0.x86_64 #1 SMP PREEMPT Thu Apr 14 12:42:38 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

• Check agent's ossec.log

2022/06/08 19:21:03 wazuh-modulesd:syscollector[18624] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/08 19:21:03 wazuh-modulesd:syscollector[18624] wm_syscollector.c:92 at wm_sys_log(): INFO: Starting evaluation.
2022/06/08 19:21:03 wazuh-modulesd:syscollector[18624] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
2022/06/08 19:21:37 wazuh-modulesd:syscollector[18812] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"0aa3788e14a517ab560816daa4a8723d17ed4372","description":"A small library for communicating with the REST interface of a Red Hat Unified\nEntitlement Platform. This interface is used for the management of system\nentitlements, certificates, and access to content.","format":"rpm","groups":"Development/Libraries","install_time":"1652337449","item_id":"0b569d93dae4442b76a870dc2533ab0350a914f9","name":"python3-subscription-manager-rhsm","scan_time":"2022/06/08 19:21:37","size":401051,"vendor":"Red Hat, Inc.","version":"1.29.26-3.el9_0"},"index":"0b569d93dae4442b76a870dc2533ab0350a914f9","timestamp":""},"type":"state"}
2022/06/08 19:21:37 wazuh-modulesd:syscollector[18812] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"f32da25edfd4cc7bda009bec6b496eb3c6710e17","description":"The cyrus-sasl-lib package contains shared libraries which are needed by\napplications which use the Cyrus SASL library.","format":"rpm","groups":"Unspecified","install_time":"1652337441","item_id":"0b6b126ee32866d3d650ba5887e0501e6b52cd41","name":"cyrus-sasl-lib","scan_time":"2022/06/08 19:21:37","size":2385560,"vendor":"Red Hat, Inc.","version":"2.1.27-20.el9"},"index":"0b6b126ee32866d3d650ba5887e0501e6b52cd41","timestamp":""},"type":"state"}

• Check packages are present in agents's db on Manager

0|2022/06/08 19:21:37|rpm|python3-subscription-manager-rhsm||Development/Libraries|401051|Red Hat, Inc.|1652337449|1.29.26-3.el9_0|x86_64|||A small library for communicating with the REST interface of a Red Hat Unified
Entitlement Platform. This interface is used for the management of system
entitlements, certificates, and access to content.||0|||0aa3788e14a517ab560816daa4a8723d17ed4372|0b569d93dae4442b76a870dc2533ab0350a914f9
0|2022/06/08 19:21:37|rpm|cyrus-sasl-lib||Unspecified|2385560|Red Hat, Inc.|1652337441|2.1.27-20.el9|x86_64|||The cyrus-sasl-lib package contains shared libraries which are needed by
applications which use the Cyrus SASL library.||0|||f32da25edfd4cc7bda009bec6b496eb3c6710e17|0b6b126ee32866d3d650ba5887e0501e6b52cd41

[Deblintrake09]

Backward Compatibility checks

Check that Syscollector detects packages on Centos 5 🟢

• Install agent in Centos 5 VM
• Start Agent with Syscollector packages section enabled
• Check agent's OS version

![imagen](https://user-images.githubusercontent.com/14501079/172931204-240531aa-74d7-4311-85c6-1363b2eac5b3.png)

• Check agent's ossec.log

2022/06/09 19:41:33 wazuh-modulesd:syscollector[854] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/09 19:41:33 wazuh-modulesd:syscollector[854] wm_syscollector.c:92 at wm_sys_log(): INFO: Starting evaluation.
2022/06/09 19:41:33 wazuh-modulesd:syscollector[854] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
 Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"13c7d985ea2c230118e86c1e2cc8be65b7f015fd","description":"The terminal feature database used by certain applications.","format":"rpm","groups":"System Environment/Base","install_time":"1393146729","item_id":"fda03db85f6dc9e96edff85d45b2e77416b376b6","name":"termcap","scan_time":"2022/06/09 19:41:49","size":807103,"vendor":"CentOS","version":"1:5.5-1.20060701.1"},"index":"fda03db85f6dc9e96edff85d45b2e77416b376b6","timestamp":""},"type":"state"}
2022/06/09 19:41:49 wazuh-modulesd:syscollector[1095] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"i386","checksum":"99dd2a1bc659eef6aa1e6aa01b2121c48208f1a2","description":"The zlib compression and decompression library.","format":"rpm","groups":"System Environment/Libraries","install_time":"1654795724","item_id":"fe7f1e8bfc3778bf2fffb64efa6cb35e463c762d","name":"zlib","scan_time":"2022/06/09 19:41:49","size":79336,"vendor":"CentOS","version":"1.2.3-7.el5"},"index":"fe7f1e8bfc3778bf2fffb64efa6cb35e463c762d","timestamp":""},"type":"state"}
2022/06/09 19:41:49 wazuh-modulesd:syscollector[1095] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"529c041d6a4f903b8e77515c45d6cd7bcb877457","description":"Python bindings for sqlite.","format":"rpm","groups":"Development/Libraries","install_time":"1393146742","item_id":"fee55d4218c735df0b152d456ff03fa6d9706afc","name":"python-sqlite","scan_time":"2022/06/09 19:41:49","size":120728,"vendor":"CentOS","version":"1.1.7-1.2.1"},"index":"fee55d4218c735df0b152d456ff03fa6d9706afc","timestamp":""},"type":"state"}

• Check packages are present in agents's db on Manager

0|2022/06/09 19:41:49|rpm|termcap||System Environment/Base|807103|CentOS|1393146729|1:5.5-1.20060701.1|noarch|||The terminal feature database used by certain applications.||0|||13c7d985ea2c230118e86c1e2cc8be65b7f015fd|fda03db85f6dc9e96edff85d45b2e77416b376b6
0|2022/06/09 19:41:49|rpm|zlib||System Environment/Libraries|79336|CentOS|1654795724|1.2.3-7.el5|i386|||The zlib compression and decompression library.||0|||99dd2a1bc659eef6aa1e6aa01b2121c48208f1a2|fe7f1e8bfc3778bf2fffb64efa6cb35e463c762d
0|2022/06/09 19:41:49|rpm|python-sqlite||Development/Libraries|120728|CentOS|1393146742|1.1.7-1.2.1|x86_64|||Python bindings for sqlite.||0|||529c041d6a4f903b8e77515c45d6cd7bcb877457|fee55d4218c735df0b152d456ff03fa6d9706afc

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on Centos 8 🟢

• Install agent in Centos 8 VM
• Start Agent with Syscollector packages section enabled
• Check agent's ossec.log

022/06/07 19:04:30 wazuh-modulesd:syscollector[3958] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/07 19:06:00 wazuh-modulesd:syscollector[4150] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"7fb70ffeb3198fd06e6302318f5b4b5c85d57698","description":"A firewall daemon with D-Bus interface providing a dynamic firewall","format":"rpm","groups":"Unspecified","install_time":"1628853812","item_id":"039ee97881ddda6a9eb7b689be24d05d0794c48e","name":"firewalld","scan_time":"2022/06/07 19:06:00","size":2018292,"vendor":"CentOS","version":"0.8.2-7.el8_4"},"index":"039ee97881ddda6a9eb7b689be24d05d0794c48e","timestamp":""},"type":"state"}
2022/06/07 19:06:00 wazuh-modulesd:syscollector[4150] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"22024d3c0251854a8dd42a374a14d4e0c35e5e59","description":"X Composite Extension library","format":"rpm","groups":"System Environment/Libraries","install_time":"1628855158","item_id":"04a90b51d64feba0b5f87b1c5466b25cbf2a3ce0","name":"libXcomposite","scan_time":"2022/06/07 19:06:00","size":35952,"vendor":"CentOS","version":"0.4.4-14.el8"},"index":"04a90b51d64feba0b5f87b1c5466b25cbf2a3ce0","timestamp":""},"type":"state"}

• Check packages are present in agents's db on Manager

0|2022/06/07 19:06:00|rpm|firewalld||Unspecified|2018292|CentOS|1628853812|0.8.2-7.el8_4|noarch|||A firewall daemon with D-Bus interface providing a dynamic firewall||0|||7fb70ffeb3198fd06e6302318f5b4b5c85d57698|039ee97881ddda6a9eb7b689be24d05d0794c48e
0|2022/06/07 19:06:00|rpm|libXcomposite||System Environment/Libraries|35952|CentOS|1628855158|0.4.4-14.el8|x86_64|||X Composite Extension library||0|||22024d3c0251854a8dd42a374a14d4e0c35e5e59|04a90b51d64feba0b5f87b1c5466b25cbf2a3ce0

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on RHEL 8 🟢

• Install agent in RHEL 8 VM

• Start Agent with Syscollector packages section enabled

• Verify agent OS version

uname -a
Linux ip-172-31-85-64.ec2.internal 4.18.0-348.12.2.el8_5.x86_64 #1 SMP Mon Jan 17 07:06:06 EST 2022 x86_64 x86_64 x86_64 GNU/Linux

• Check agent's ossec.log

2022/06/07 19:53:15 wazuh-modulesd:syscollector[7075] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/07 19:53:15 wazuh-modulesd:syscollector[7075] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
2022/06/07 19:53:59 wazuh-modulesd:syscollector[7680] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"begin":"07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b","checksum":"9c592dc4eab31e6ce16b70c3876e1ad2c3ad657d","end":"07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b","id":1654631604},"type":"integrity_check_right"}
2022/06/07 19:53:59 wazuh-modulesd:syscollector[7680] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Message pushed: syscollector_packages dbsync no_data {"begin":"07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b","end":"07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b","id":1654631604}
2022/06/07 19:53:59 wazuh-modulesd:syscollector[7680] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"3afe594436b923c75192b02c53d296f7a8d0fe0f","description":"Fence agent for SBD (storage-based death)","format":"rpm","groups":"System Environment/Base","install_time":"1643298863","item_id":"07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b","name":"fence-agents-sbd","scan_time":"2022/06/07 19:53:59","size":13056,"vendor":"Red Hat, Inc.","version":"4.2.1-75.el8"},"index":"07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b","timestamp":""},"type":"state"}

• Check packages are present in agents's db on Manager

0|2022/06/07 19:53:59|rpm|slang||Unspecified|1336226|Red Hat, Inc.|1643298833|2.3.2-3.el8|x86_64|||The shared library for the S-Lang extension language||0|||2995969e56c0223f1b3c1b8f321b27b260d7b14b|1b09167b13a8d99db23b902dd004c4a291a79add
0|2022/06/07 19:53:59|rpm|libassuan||Unspecified|200835|Red Hat, Inc.|1643298830|2.5.1-3.el8|x86_64|||GnuPG IPC library||0|||599489995683d5c69a121d5b3c3fa70ab0924cc7|1b142e02fa9aeb7379c747d020d10b11fb406fd5
0|2022/06/07 19:53:59|rpm|fence-agents-sbd||System Environment/Base|13056|Red Hat, Inc.|1643298863|4.2.1-75.el8|noarch|||Fence agent for SBD (storage-based death)||0|||3afe594436b923c75192b02c53d296f7a8d0fe0f|07c62a4ba09f80cda19d1e9ed4c1832e1bb2b44b

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on Amazon Linux 2 🟢

• Install agent in Amazon Linux 2 VM

• Start Agent with Syscollector packages section enabled

• Verify agent OS version

uname -a
Linux ip-172-31-5-28.ec2.internal 5.10.109-104.500.amzn2.x86_64 #1 SMP Wed Apr 13 20:31:43 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

• Check agent's ossec.log

2022/06/07 20:16:08 wazuh-modulesd:syscollector[3776] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/07 20:16:08 wazuh-modulesd:syscollector[3776] wm_syscollector.c:110 at wm_sys_log_config(): DEBUG: {"syscollector":{"disabled":"no","scan-on-start":"yes","interval":3600,"network":"yes","os":"yes","hardware":"yes","packages":"yes","ports":"yes","ports_all":"no","processes":"yes","sync_max_eps":10}}
2022/06/07 20:16:45 wazuh-modulesd:syscollector[4120] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"266092729bc42fbd70fc26072a7085634f8fce06","description":"A text file browser similar to more, but better","format":"rpm","groups":"Applications/Text","install_time":"1651175647","item_id":"12ed0550e4ec66171b4e9622d6d3c30a6f720552","name":"less","scan_time":"2022/06/07 20:16:45","size":219232,"vendor":"Amazon Linux","version":"458-9.amzn2.0.2"},"index":"12ed0550e4ec66171b4e9622d6d3c30a6f720552","timestamp":""},"type":"state"}
2022/06/07 20:16:45 wazuh-modulesd:syscollector[4120] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"noarch","checksum":"c6b7b1820353a814b4781f54ba787904854811cb","description":"SELinux policy configuration","format":"rpm","groups":"System Environment/Base","install_time":"1651175670","item_id":"138dca9637edbc85aaa75fe173398aff459ddd8b","name":"selinux-policy","scan_time":"2022/06/07 20:16:45","size":6652,"vendor":"Amazon Linux","version":"3.13.1-192.amzn2.6.8"},"index":"138dca9637edbc85aaa75fe173398aff459ddd8b","timestamp":""},"type":"state"}

• Check packages are present in agents's db on Manager

0|2022/06/07 20:16:45|rpm|less||Applications/Text|219232|Amazon Linux|1651175647|458-9.amzn2.0.2|x86_64|||A text file browser similar to more, but better||0|||266092729bc42fbd70fc26072a7085634f8fce06|12ed0550e4ec66171b4e9622d6d3c30a6f720552
0|2022/06/07 20:16:45|rpm|selinux-policy||System Environment/Base|6652|Amazon Linux|1651175670|3.13.1-192.amzn2.6.8|noarch|||SELinux policy configuration||0|||c6b7b1820353a814b4781f54ba787904854811cb|138dca9637edbc85aaa75fe173398aff459ddd8b

• Check Packages show in Dashboard
  

Check that Syscollector detects packages on Fedora 32 🟢

• Install agent in Fedora 32 VM
• Start Agent with Syscollector packages section enabled
• Check agent's ossec.log

2022/06/08 18:25:32 wazuh-modulesd:syscollector[3676] wm_syscollector.c:151 at wm_sys_main(): DEBUG: Starting Syscollector.
2022/06/08 18:25:40 wazuh-modulesd:syscollector[3875] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Starting packages scan
2022/06/08 18:25:40 wazuh-modulesd:syscollector[3875] wm_syscollector.c:95 at wm_sys_log(): DEBUG: Starting syscollector sync
2022/06/08 18:26:21 wazuh-modulesd:syscollector[3875] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"a05eaf0bcaf6d1be9b9ff6e3ee037933d64b1cdd","description":"Thai language support routines","format":"rpm","groups":"Unspecified","install_time":"1653589998","item_id":"efe3cec6032f8c3fd15a207f87e1996cd9c217e8","name":"libthai","scan_time":"2022/06/08 18:26:21","size":783404,"vendor":"Fedora Project","version":"0.1.28-4.fc32"},"index":"efe3cec6032f8c3fd15a207f87e1996cd9c217e8","timestamp":""},"type":"state"}
2022/06/08 18:26:21 wazuh-modulesd:syscollector[3875] wm_syscollector.c:98 at wm_sys_log(): DEBUG: Sync sent: {"component":"syscollector_packages","data":{"attributes":{"architecture":"x86_64","checksum":"2b600fbedda99a48c9d3607d2f1d7ba82bf8db7a","description":"Library for accessing USB devices","format":"rpm","groups":"Unspecified","install_time":"1653589866","item_id":"f0f2893dc49d85a4af332e8f4da58bb379abe46d","name":"libusbx","scan_time":"2022/06/08 18:26:21","size":167966,"vendor":"Fedora Project","version":"1.0.24-2.fc32"},"index":"f0f2893dc49d85a4af332e8f4da58bb379abe46d","timestamp":""},"type":"state"}

• Verify OS version

Linux fedora32.localdomain 5.11.22-100.fc32.x86_64 #1 SMP Wed May 19 18:58:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

0|2022/06/08 18:26:57|rpm|libcurl||Unspecified|613480|Fedora Project|1653589793|7.69.1-8.fc32|x86_64|||A library for getting files from web servers||0|||abc20470142c8699bbc627d718f8afee767a183d|087a0154ed9856e7594df6733d2715c3fa9405a2
0|2022/06/08 18:26:57|rpm|fpc-srpm-macros||Unspecified|144|Fedora Project|1653590000|1.3-1.fc32|noarch|||RPM macros needed by packages built with Free Pascal Compiler||0|||e71f909272a5462dceeceb227679cbbab7e16571|07a9aa46c66189f3d9d209b2604dd611e012d5f4

• Check Packages show in Dashboard