Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid to incluide empty sregex array in rootcheck #3634

Merged
merged 1 commit into from Jul 17, 2019
Merged

Avoid to incluide empty sregex array in rootcheck #3634

merged 1 commit into from Jul 17, 2019

Conversation

crolopez
Copy link
Contributor

@crolopez crolopez commented Jul 8, 2019

When the remote configuration of Rootcheck is requested, and no sregex ignore has been configured, this array appears empty. The same case happens if not only sregex filters are included.

  <rootcheck>
        <disabled>no</disabled>
        <ignore >path1</ignore>
        <ignore >path2</ignore>
        <ignore >path3</ignore>
  </rootcheck>
curl -u foo:bar -k -X GET "http://127.0.0.1:55000/agents/000/config/syscheck/rootcheck?pretty"
{
   "error": 0,
   "data": {
      "rootcheck": {
         "disabled": "no",
         "scanall": "no",
         "skip_nfs": "no",
         "frequency": 43200,
         "check_dev": "yes",
         "check_files": "no",
         "check_if": "yes",
         "check_pids": "yes",
         "check_ports": "yes",
         "check_sys": "yes",
         "check_trojans": "no",
         "check_unixaudit": "no",
         "ignore": [
            "path1",
            "path2",
            "path3"
         ],
         "ignore_sregex": []
      }
   }
}

This PR solve this invalid behaviour, unifying it with the Syscheck has, and complements #3617.

  • Compilation without warnings in every supported platform
    • Linux
    • Windows
    • MAC OS X
  • Source installation
  • Package installation
  • Source upgrade
  • Package upgrade
  • Memory tests
    • Valgrind report for affected components
    • CPU impact
    • RAM usage impact
  • Retrocompatibility with older Wazuh versions

@crolopez crolopez requested a review from bah07 July 8, 2019 14:08
@bah07 bah07 added this to In progress in Wazuh 3.9.4 via automation Jul 8, 2019
@bah07 bah07 moved this from In progress to Review in progress in Wazuh 3.9.4 Jul 8, 2019
Wazuh 3.9.4 automation moved this from Review in progress to Reviewer approved Jul 16, 2019
@bah07 bah07 requested a review from snaow July 16, 2019 11:38
@bah07 bah07 merged commit 65eafb8 into 3.9 Jul 17, 2019
Wazuh 3.9.4 automation moved this from Reviewer approved to Done Jul 17, 2019
@bah07 bah07 deleted the rootcheck-config-demand branch July 17, 2019 08:50
Wazuh 3.9.4 automation moved this from Done to Reviewer approved Jul 31, 2019
Wazuh 3.9.4 automation moved this from Reviewer approved to Done Jul 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snaow snaow snaow approved these changes

@bah07 bah07 bah07 approved these changes

Assignees

@bah07 bah07

Labels
None yet
Projects
No open projects
Wazuh 3.9.4
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@crolopez @snaow @bah07