Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add API protection option for new eps limit configuration #13572

Closed
davidjiglesias opened this issue May 24, 2022 · 3 comments · Fixed by #14119
Closed

Add API protection option for new eps limit configuration #13572

davidjiglesias opened this issue May 24, 2022 · 3 comments · Fixed by #14119
Assignees
@vicferpoy
Labels
module/api module/configuration

Comments

@davidjiglesias
Copy link
Member

davidjiglesias commented May 24, 2022
edited

As part of the development for Implement configuration limits requested by Wazuh Cloud #12512 we have finally decided to add a new configuration parameter inside ossec.conf.

We need to add a new block in API configuration to protect the edition of said parameter using Wazuh API endpoint to change ossec.conf.

The final design for the new parameters is as follows:

<global>
  <limits>
    <eps>
      <maximum>500</maximum>
      <timeframe>30</timeframe>
    </eps>
  </limits>
</global>

Also, we need to ensure the Warning message that appears when an user tries to change a protected parameter is appropriate, both for the new parameter and the old protected ones (remote commands).
@damarisg damarisg mentioned this issue Jun 1, 2022
Closed
5 tasks
@vicferpoy vicferpoy self-assigned this Jun 23, 2022
@vicferpoy
Copy link
Contributor

vicferpoy commented Jun 29, 2022
edited

Issue update

After discussing it with the team, we have decided to fully rework this section from the API configuration. The proposed new implementation, including changes to the current syntax is the following:

upload_wazuh_configuration:
  remote_commands:
    localfile:
      allow: True
      exceptions: []
    wodle_command:
      allow: True
      exceptions: []
  limits:
    eps:
      allow: True

Before implementing the new block, we must check if there are more command blocks in the Wazuh configuration and if so, study if we should add them. For now, the exceptions clause will keep its current behavior.

@vicferpoy
Copy link
Contributor

Issue update

As the API configuration has been modified, we need to update the Wazuh documentation. This also affects to our custom exceptions, as we have links to certain sections that have changed. We need to take a look at the framework exceptions once the documentation has been updated.

@vicferpoy vicferpoy mentioned this issue Jul 4, 2022
Merged
@vicferpoy vicferpoy linked a pull request Jul 4, 2022 that will close this issue
Add new API protection settings to block uploading global limits #14119
Merged
@CamiRomero CamiRomero mentioned this issue Jul 4, 2022
Closed
14 tasks
@davidjiglesias
Copy link
Member Author

The final configuration looks as follow:

upload_configuration:
  remote_commands:
    localfile:
      allow: True
      exceptions: []
    wodle_command:
      allow: True
      exceptions: []
  limits:
    eps:
      allow: True

This was referenced Jul 5, 2022
Closed
Closed
Closed
Closed
@vikman90 vikman90 added this to the Release 4.4.0 milestone Aug 29, 2022
@francobep francobep mentioned this issue Sep 27, 2022
Closed
8 tasks
@Selutario Selutario mentioned this issue Mar 28, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vicferpoy vicferpoy

Labels
module/api module/configuration
Projects
No open projects
Release 4.4.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add new API protection settings to block uploading global limits wazuh/wazuh
3 participants
@vikman90 @vicferpoy @davidjiglesias