Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Debian and Ubuntu 18 support in vulnerability-detector #470

Merged
merged 27 commits into from
May 9, 2018
Merged

Add Debian and Ubuntu 18 support in vulnerability-detector #470

merged 27 commits into from
May 9, 2018

Conversation

crolopez
Copy link
Contributor

@crolopez crolopez commented Mar 22, 2018
edited
Loading

This feature adds vulnerability scanner support for:

  • Debian 9 Stretch
  • Debian 8 Jessie
  • Debian 7 Wheezy
  • Ubuntu 18 Bionic

Example

    <feed name="debian-9">
        <disabled>no</disabled>
        <update_interval>1h</update_interval>
    </feed>

    <feed name="ubuntu-18">
        <disabled>no</disabled>
        <update_interval>1h</update_interval>
    </feed>

Status

@crolopez crolopez requested a review from vikman90 March 22, 2018 11:42
@vikman90 vikman90 force-pushed the master branch 3 times, most recently from f6871c4 to 5fb02b1 Compare March 22, 2018 19:19
@vikman90 vikman90 added the hold label Mar 23, 2018
@vikman90 vikman90 mentioned this pull request Mar 23, 2018
Merged
@crolopez
Add support for more Windows versions in vulnerability-detector
98d98a3 
- Windows XP
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
@vikman90 vikman90 requested a review from albertomn86 May 3, 2018 00:04
@vikman90 vikman90 removed their request for review May 3, 2018 00:04
@crolopez crolopez mentioned this pull request May 3, 2018
Merged
crolopez and others added 2 commits May 2, 2018 17:08
@albertomn86 albertomn86 removed the stall label May 3, 2018
albertomn86
albertomn86 suggested changes May 7, 2018
View reviewed changes
Copy link
Contributor

@albertomn86 albertomn86 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the following configuration:

<wodle name="vulnerability-detector">
    <disabled>no</disabled>
    <interval>1m</interval>
    <run_on_start>yes</run_on_start>
    <feed name="ubuntu-16">
        <disabled>no</disabled>
        <allow>ubuntu 17, ubuntu 18</allow>
        <update_interval>1h</update_interval>
    </feed>
    <feed name="redhat-7">
        <disabled>no</disabled>
        <allow>centos 7</allow>
        <update_interval>1h</update_interval>
    </feed>
    <feed name="debian-9">
        <disabled>no</disabled>
        <update_interval>1h</update_interval>
    </feed>
</wodle>

I've received these messages:

2018/05/07 17:37:57 wazuh-modulesd:vulnerability-detector: DEBUG: (5464): Ubuntu version not supported (agent ubuntu1710).
2018/05/07 17:37:57 wazuh-modulesd:vulnerability-detector: DEBUG: (5463): Agent redhat7 has an unsupported Wazuh version.

I've also received this segfault:

{"timestamp":"2018-05-07T17:09:22.248-0700","rule":{"level":5,"description":"Process segfaulted.","id":"1010","firedtimes":2,"mail":false,"groups":["syslog","errors","service_availability"]},"agent":{"id":"000","name":"ubuntu1710"},"manager":{"name":"ubuntu1710"},"id":"1525738162.482872","full_log":"May  7 17:09:21 ubuntu1710 kernel: [19343.370702] wazuh-modulesd[34534]: segfault at 0 ip 00007fb048612af4 sp 00007fb047266c60 error 4 in libc-2.26.so[7fb04857d000+1d6000]","predecoder":{"program_name":"kernel","timestamp":"May  7 17:09:21","hostname":"ubuntu1710"},"decoder":{"name":"kernel"},"location":"/var/log/kern.log"}

albertomn86
albertomn86 suggested changes May 7, 2018
View reviewed changes
Copy link
Contributor

@albertomn86 albertomn86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Compilation warning

src/wazuh_modules/wm_vuln_detector.c
os_strdup(name, agents->agent_name);
os_strdup(agent_os, agents->OS);
agents->dist = agent_dist;
agents->info = 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

wazuh_modules/wm_vuln_detector.c:2587:22: warning: ‘agent_dist’ may be used uninitialized in this function [-Wmaybe-uninitialized]
         agents->dist = agent_dist;

@crolopez crolopez changed the title Add Debian support in vulnerability-detector Add Debian and Ubuntu 18 support in vulnerability-detector May 8, 2018
@albertomn86 albertomn86 merged commit 13da74c into dev-cve-rh May 9, 2018
@albertomn86 albertomn86 deleted the dev-ext-os-vuln branch May 9, 2018 18:34
@albertomn86 albertomn86 restored the dev-ext-os-vuln branch May 9, 2018 19:36
@albertomn86 albertomn86 deleted the dev-ext-os-vuln branch May 10, 2018 18:55
This was referenced Jun 4, 2018
Closed
Closed
@soynof soynof mentioned this pull request Aug 7, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@albertomn86 albertomn86 albertomn86 approved these changes

Assignees

@albertomn86 albertomn86

Labels
module/vulnerability detector
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@crolopez @albertomn86 @vikman90