Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor for simplification and unique responsability for some classes Add OS support for macOS and Windows #22360

Merged
merged 18 commits into from
Mar 12, 2024
Merged

Refactor for simplification and unique responsability for some classes Add OS support for macOS and Windows #22360

merged 18 commits into from
Mar 12, 2024

Conversation

Dwordcito
Copy link
Member

@Dwordcito Dwordcito commented Mar 5, 2024
edited

Closes #21902

Description

This pr aims to add support for os scanning and code/classes simplification.

Basically based on the factory pattern and the chain of responsabilities pattern we can remove some conditions and establish a single responsability for each class.

@Dwordcito Dwordcito self-assigned this Mar 5, 2024
@Dwordcito Dwordcito linked an issue Mar 5, 2024 that may be closed by this pull request
Discrepancies in vulnerabilities reported for the same environment with 4.7.2 and 4.8.0 #21902
Closed
@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch 2 times, most recently from f2a6057 to 5ab58f1 Compare March 5, 2024 06:27
@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch 4 times, most recently from 3b78490 to 096bb82 Compare March 6, 2024 20:20
@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch from 096bb82 to 182401c Compare March 6, 2024 20:40
@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch from d364725 to bb2b485 Compare March 7, 2024 02:33
@sebasfalcone sebasfalcone mentioned this pull request Mar 7, 2024
Closed
@MiguelazoDS
Copy link
Member

MiguelazoDS commented Mar 7, 2024
edited

Testing

Environments

Only Linux

  • Manager: Ubuntu Jammy
  • Agent: Ubuntu Focal (v4.7.2)
  • Agent: Debian Bookworm (v4.7.2)

Windows agents

  • Agent: Windows 11 23H2 (v4.7.3)
  • Agent: Windows 10 22H2 (v4.7.3)
  • Agent: Windows 2019 server (v4.7.3)

image

Configuration

  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>no</hardware>
    <os>yes</os>
    <network>no</network>
    <packages>yes</packages>
    <ports all="no">no</ports>
    <processes>no</processes>

    <!-- Database synchronization settings -->
    <synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>

Manager (Ubuntu Jammy), agents (Ubuntu Focal, Debian Bookworm) testing.

Syscollector sync scan

  • Full log
    ossec.log

  • Packages scanned
    image
    image

  • Vulnerabilities detected
    2024-03-08_16-34
    image

  • Scan failed for some packages
    image

Expand 
2024/03/08 16:32:13 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'tcpdump', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (4.99.3-1 vs 3.5_alpha).'
2024/03/08 16:32:13 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'tcpdump', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (4.99.3-1 vs 3.5_alpha).'
2024/03/08 16:32:14 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'jq', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.6-2.1 vs 1.7-37-g88f01a7).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.8_p12).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.8_p1).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p7).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p7).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p7).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p7).'
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'sudo', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.9.13p3-1+deb12u1 vs 1.6.3_p7).'
2024/03/08 16:32:26 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'perl', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (5.36.0-7+deb12u1 vs 5.004_04).'
2024/03/08 16:32:26 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'perl', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (5.36.0-7+deb12u1 vs 5.002_01).'
2024/03/08 16:32:49 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'curl', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (7.88.1-10+deb12u5 vs (7.36.0)).'
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'snapd', CVE Numbering Authorities (CNA): 'canonical', Error: 'Unable to compare versions (2.61.2 vs 2.57.5+22.04ubuntu0.1).'
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'snapd', CVE Numbering Authorities (CNA): 'canonical', Error: 'Unable to compare versions (2.61.2 vs 2.58+22.04.1).'
2024/03/08 16:33:15 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'bzip2', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.0.8-5+b1 vs 0.9.5_a).'
2024/03/08 16:33:15 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'bzip2', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.0.8-5+b1 vs 0.9_a).'
2024/03/08 16:33:15 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'bzip2', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (1.0.8-5+b1 vs 0.9.5_a).'
2024/03/08 16:33:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'rsync', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (3.2.7-1 vs 2.5.0_1).'
2024/03/08 16:33:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'rsync', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (3.2.7-1 vs 2.3.2_1.3).'
2024/03/08 16:33:19 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'rsync', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (3.2.7-1 vs (2.6.9)).'
2024/03/08 16:33:21 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'graphviz', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (2.42.2-7+b3 vs 1.10_2003-09-15_0415_1).'
2024/03/08 16:33:21 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'graphviz', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (2.42.2-7+b3 vs 1.10_2003-09-15_0415_1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 3.1.2p1-2).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2-1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2-1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2.dfsg.1-5).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2.dfsg.1-5).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-3).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-6).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.3-7).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.4-1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.5-3.1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.5-3.1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.5-3.1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.1-2).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.1-2.3).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.3-2.1).'
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-common', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.3-2.1).'
2024/03/08 16:33:40 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'util-linux', CVE Numbering Authorities (CNA): 'nvd', Error: 'Unable to compare versions (2.38.1-5+b1 vs 2.13_pre1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 3.1.2p1-2).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2-1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2-1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2.dfsg.1-5).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.2.dfsg.1-5).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-3).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-2).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.2.4-6).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.3-7).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.4-1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.5-3.1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.5-3.1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.3.5-3.1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.1-2).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.1-2.3).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.3-2.1).'
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:302 at operator()(): DEBUG: Failed to scan package: 'isc-dhcp-client', CVE Numbering Authorities (CNA): 'debian', Error: 'Unable to compare versions (4.4.3-P1-2 vs 4.4.3-2.1).'
  • Error creating versionObject
    image
Expand 
2024/03/08 16:32:13 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 3.5_alpha
2024/03/08 16:32:13 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 3.5_alpha
2024/03/08 16:32:14 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.7-37-g88f01a7
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.8_p12
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.8_p1
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p7
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p7
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p7
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p7
2024/03/08 16:32:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.6.3_p7
2024/03/08 16:32:26 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 5.004_04
2024/03/08 16:32:26 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 5.002_01
2024/03/08 16:32:49 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: (7.36.0)
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:152 at createVersionObject(): DEBUG: Error creating VersionObject (CalVer). Version string doesn't match the specified type. Version string: 2.61.2
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:152 at createVersionObject(): DEBUG: Error creating VersionObject (CalVer). Version string doesn't match the specified type. Version string: 2.57.5+22.04ubuntu0.1
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:163 at createVersionObject(): DEBUG: Error creating VersionObject (PEP440). Version string doesn't match the specified type. Version string: 2.57.5+22.04ubuntu0.1
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:174 at createVersionObject(): DEBUG: Error creating VersionObject (MajorMinor). Version string doesn't match the specified type. Version string: 2.57.5+22.04ubuntu0.1
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:152 at createVersionObject(): DEBUG: Error creating VersionObject (CalVer). Version string doesn't match the specified type. Version string: 2.61.2
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:152 at createVersionObject(): DEBUG: Error creating VersionObject (CalVer). Version string doesn't match the specified type. Version string: 2.58+22.04.1
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:163 at createVersionObject(): DEBUG: Error creating VersionObject (PEP440). Version string doesn't match the specified type. Version string: 2.58+22.04.1
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:174 at createVersionObject(): DEBUG: Error creating VersionObject (MajorMinor). Version string doesn't match the specified type. Version string: 2.58+22.04.1
2024/03/08 16:32:53 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:185 at createVersionObject(): DEBUG: Error creating VersionObject (SemVer). Version string doesn't match the specified type. Version string: 2.58+22.04.1
2024/03/08 16:33:15 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 0.9.5_a
2024/03/08 16:33:15 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 0.9_a
2024/03/08 16:33:15 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 0.9.5_a
2024/03/08 16:33:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 2.5.0_1
2024/03/08 16:33:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 2.3.2_1.3
2024/03/08 16:33:19 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: (2.6.9)
2024/03/08 16:33:21 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.10_2003-09-15_0415_1
2024/03/08 16:33:21 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 1.10_2003-09-15_0415_1
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:37 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:40 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 2.13_pre1
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
2024/03/08 16:33:45 wazuh-modulesd:vulnerability-scanner[55886] versionMatcher.hpp:196 at createVersionObject(): DEBUG: Error creating VersionObject (DPKG). Version string doesn't match the specified type. Version string: 4.4.3-P1-2
  • Default status vulnerability does not have agent information
2024/03/08 16:31:52 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:280 at operator()(): DEBUG: Match found for Package: policykit-1 for vulnerability: CVE-2016-2568 due to default status.

indexed_vulnerabilities.json

Syscollector deltas scan

  • Full log
    ossec.log

  • Packages scanned
    image
    Manager

2024/03/08 22:06:27 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libc-ares2' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:27 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libjs-highlight.js' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:27 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libnode72' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:27 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libpcap0.8' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:27 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'nodejs' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:27 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'nodejs-doc' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:28 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'tcpdump' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:28 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'unzip' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').
2024/03/08 22:06:28 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'zip' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'jammy' (ID: '000', Version: 'v4.8.0').

Agent (Ubuntu Focal)

2024/03/08 22:06:32 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libc-ares2' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:32 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libnode64' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:32 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libpcap0.8' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:32 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'nodejs' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:33 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'nodejs-doc' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:33 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'tcpdump' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:33 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'unzip' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').
2024/03/08 22:06:33 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'zip' (deb) (Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>) with CVE Numbering Authorities (CNA) 'canonical' on Agent 'focal' (ID: '001', Version: 'v4.7.2').

Agent (Debian Bookworm)

2024/03/08 22:06:38 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libc-ares2' (deb) (Gregor Jasny <gjasny@googlemail.com>) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:38 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libnode108' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'libpcap0.8' (deb) (Romain Francoise <rfrancoise@debian.org>) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'node-acorn' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'node-busboy' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'node-cjs-module-lexer' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'node-undici' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'node-xtend' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'nodejs' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:39 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'nodejs-doc' (deb) (Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>) with CVE Numbering Authorities (CNA) 'debian' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:40 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'tcpdump' (deb) (Romain Francoise <rfrancoise@debian.org>) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:40 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'unzip' (deb) (Santiago Vila <sanvila@debian.org>) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').
2024/03/08 22:06:40 wazuh-modulesd:vulnerability-scanner[11283] packageScanner.hpp:327 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'zip' (deb) (Santiago Vila <sanvila@debian.org>) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'bookworm' (ID: '002', Version: 'v4.7.2').

Re-scan

Integrity clear

  • Disabling package scan for Focal and Bookworm agents
    image
{"timestamp":"2024-03-11T11:17:22.411-0300","rule":{"level":3,"description":"Vulnerabilities cleared","id":"23507","firedtimes":2,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"001","name":"focal","ip":"192.168.33.20"},"manager":{"name":"jammy"},"id":"1710166642.123482","decoder":{"name":"json"},"data":{"vulnerability":{"status":"Clear","title":"There is no information of installed packages. Vulnerabilities cleared.","type":"Packages"}},"location":"vulnerability-detector"}
{"timestamp":"2024-03-11T11:17:25.881-0300","rule":{"level":3,"description":"Vulnerabilities cleared","id":"23507","firedtimes":3,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"002","name":"bookworm","ip":"192.168.33.90"},"manager":{"name":"jammy"},"id":"1710166645.123997","decoder":{"name":"json"},"data":{"vulnerability":{"status":"Clear","title":"There is no information of installed packages. Vulnerabilities cleared.","type":"Packages"}},"location":"vulnerability-detector"}
2024/03/11 11:17:22 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166642}}
2024/03/11 11:17:25 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166645}}
2024/03/11 11:18:23 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166703}}
2024/03/11 11:18:27 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166707}}
2024/03/11 11:19:24 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166764}}
2024/03/11 11:19:28 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166768}}
2024/03/11 11:20:25 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166825}}
2024/03/11 11:20:29 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166829}}
2024/03/11 11:21:26 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166886}}
2024/03/11 11:21:30 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166890}}
2024/03/11 11:22:27 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166947}}
2024/03/11 11:22:32 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710166952}}
2024/03/11 11:23:28 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710167008}}
2024/03/11 11:23:34 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710167013}}
2024/03/11 11:24:29 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"001","agent_ip":"any","agent_name":"focal","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710167069}}
2024/03/11 11:24:35 wazuh-remoted: INFO: MSGFROMAGENT: {"agent_info":{"agent_id":"002","agent_ip":"any","agent_name":"bookworm","agent_version":"v4.7.2","node_name":"node01"},"data_type":"integrity_clear","data":{"attributes_type":"syscollector_packages","id":1710167075}}

  • Vulnerabilities indexed (all vulnerabilities for agents have been removed)
    image
    image

  • Disabling packages for all
    image

  • Disabling packages for manager only
    image

Windows testing.

  • Full log
    ossec.log

  • Packages scanned
    image

  • Vulnerabilities found
    Here we can see 76 vulnerabilities for packages and 2919 for OS.
    image

We interpret here that we have 73 vulnerable packages in the manager, 3 vulnerable packages in agent 002 (Windows 10), 73 vulnerabilities for OS in agent 002, and 2846 vulnerabilities for OS in agent 003 (Windows server 2019). No vulnerabilities found for agent 001 (Windows 11)
image

indexed_vulnerabilities.json

GabrielEValenzuela
GabrielEValenzuela reviewed Mar 8, 2024
View reviewed changes
Copy link
Member

@GabrielEValenzuela GabrielEValenzuela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job Octa!

Just a few comments and questions. I start with the testing phase!

src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/alertClearBuilder.hpp Outdated Show resolved Hide resolved
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/cleanAgentInventory.hpp Outdated Show resolved Hide resolved
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/cleanInventory.hpp Outdated Show resolved Hide resolved
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/eventDeleteInventory.hpp Outdated Show resolved Hide resolved
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/eventDeleteInventory.hpp Outdated Show resolved Hide resolved
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/osScanner.hpp Show resolved Hide resolved
@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch from 1bdcf42 to 9dd8d70 Compare March 8, 2024 16:16
@Dwordcito
Add Invalid key fix
3573048
@Dwordcito
- Fix database update.
957a10f 
- Reorder vulnerability scanner facade.
- Reorder common flows.
- Add more tests.
@Dwordcito
Fix CSF.
7393963
@Dwordcito
Fix doxygen warnings.
55c33a5
@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch from fafb79c to 55c33a5 Compare March 11, 2024 04:06
@Dwordcito Dwordcito marked this pull request as ready for review March 11, 2024 12:09
@sebasfalcone
Copy link
Member

sebasfalcone commented Mar 11, 2024
edited

Testing

Environment

  • Manager: Linux mint 21.1 (v4.8.0)
  • Agent: centOS 8 (v4.7.2)

Configuration

  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>no</hardware>
    <os>yes</os>
    <network>no</network>
    <packages>yes</packages>
    <ports all="no">no</ports>
    <processes>no</processes>

    <!-- Database synchronization settings -->
    <synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>

Manager

First scan:

  • Baseline

    • 49 vulnerabilities

  • Install firefox -> Expect an increase in vulnerabilities

    • 28 alerts generated 🟢
    • 28 alerts indexed (active) 🟢
    • 77 vulnerabilities 🟢

  • Remove firefox -> Expect a decrease in vulnerabilities

    • 28 alerts generated 🟢
    • 28 alerts indexed (solved) 🟢
    • 49 vulnerabilities 🟢

Trigger re-scan

  • Disable VD on manager -> Cleanup expected

    • 0 vulnerabilidades 🟢

  • Enable VD on manager -> Re-scan expected

    • 50 vulnerabilities 🟡
    • vulnerabilities are not the same amount as in the first scan

Agent

First scan

  • Baseline

    • 591 vulnerabilities

  • Install vim (common y enhanced) -> Expect an increase in vulnerabilities

    • 593 vulnerabilities 🟢
    • 2 alerts generated 🟢
    • 2 alerts indexed (active) 🟢

  • Remove vim -> Expect a decrease in vulnerabilities

    • 591 vulnerabilities 🟢
    • 2 alertas generadas 🟢
    • 2 alertas indexadas (solved) 🟢

Trigger re-scan

  • Disable VD -> Scan stopped expected 🟢
  • Emabñe VD -> Cleanup + Re-scan expected 🟡
    • 4 vulnerabilities
    • vulnerabilities are not the same amount as in the first scan

MiguelazoDS
MiguelazoDS reviewed Mar 11, 2024
View reviewed changes
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/packageScanner.hpp
data->m_alerts[callbackData.cveId()->str()]["vulnerability"]["package"]["condition"] =
"Package default status";

data->m_matchConditions[callbackData.cveId()->str()] = {"", MatchRuleCondition::DefaultStatus};
return true;
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not part of this implementation, but the Match by default status does not present any agent information as other match cases.

2024/03/08 16:31:52 wazuh-modulesd:vulnerability-scanner[55886] packageScanner.hpp:280 at operator()(): DEBUG: Match found for Package: policykit-1 for vulnerability: CVE-2016-2568 due to default status.

@MiguelazoDS MiguelazoDS mentioned this pull request Mar 11, 2024
Closed
2 tasks
@MiguelazoDS MiguelazoDS mentioned this pull request Mar 11, 2024
Closed
3 tasks
@MiguelazoDS MiguelazoDS force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch from 1593cfc to 9906b7c Compare March 12, 2024 00:02
@GabrielEValenzuela
Copy link
Member

GabrielEValenzuela commented Mar 12, 2024
edited

Testing phase

During the last Fryday and today, a deep testing was performed in this PR.

The manager used was a Ubuntu 22, and the following steps was performed:

For agent:
RockyLinux8

  • Init a fresh scan: 🟢
  • Remove agent: 🟢
  • Install a vulnerable package: 🟢
  • Remove a vulnerable package: 🟢
    Observations: Alerts related with that agent, are not erased.

Windows 10 - 22h2

  • Init a fresh scan: 🟡
  • Remove agent: 🟡
  • Install a vulnerable package: 🔴
  • Remove a vulnerable package: 🔴
    Observations: In the windows case, the vulnerabilities was few compared with the Friday test, the OS vulnerabilities and the package vulnerabilities. Also, each time a delta message was sent for the agent, the scan perform a re-scan of all. This could cause a overload if the syscollector time is small and the number of agents grow.

Windows Server 2022 - 21h2

  • Init a fresh scan: 🟢
  • Remove agent: 🟢
  • Install a vulnerable package: 🔴
  • Remove a vulnerable package: 🔴
    Observations: Same behavior that Windows 10 - 22h2

@Dwordcito Dwordcito force-pushed the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch from 1830c03 to dbea22e Compare March 12, 2024 04:54
GabrielEValenzuela
GabrielEValenzuela approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@GabrielEValenzuela GabrielEValenzuela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing job Octa! 🚀

@Dwordcito Dwordcito merged commit ccf3146 into 4.8.0 Mar 12, 2024
88 of 89 checks passed
@Dwordcito Dwordcito deleted the enhancement/21902-refactor-to-be-compliance-with-os-scanning branch March 12, 2024 06:41
@Dwordcito Dwordcito mentioned this pull request Mar 12, 2024
Merged
@GabrielEValenzuela GabrielEValenzuela mentioned this pull request Mar 14, 2024
Closed
3 tasks
@sebasfalcone sebasfalcone linked an issue Mar 14, 2024 that may be closed by this pull request
Abnormally vulnerability detector database size during re-downloading. #21663
Closed
3 tasks
@sebasfalcone sebasfalcone mentioned this pull request Mar 22, 2024
Closed
@MiguelazoDS MiguelazoDS mentioned this pull request Apr 5, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MiguelazoDS MiguelazoDS MiguelazoDS left review comments

@sebasfalcone sebasfalcone sebasfalcone left review comments

@GabrielEValenzuela GabrielEValenzuela GabrielEValenzuela approved these changes

Assignees

@Dwordcito Dwordcito

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@Dwordcito @MiguelazoDS @sebasfalcone @GabrielEValenzuela