diff options
| author | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2026-01-02 09:04:43 +0000 |
|---|---|---|
| committer | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2026-01-02 09:10:01 +0000 |
| commit | a4242bfeafc2dd423cf145060abb9b5562958c72 (patch) | |
| tree | d4abb9e6641d069eeef9fcd1b2bfdd90090d821a | |
| parent | d4d7e3dcecb1ec6fa05a4cdcc20eb59939a10f20 (diff) | |
security/wazuh-*: Improve ports
- agent and manager: Avoid change permissions to local.sqlite file.
Now it uses read-only mode.
- manager: dos2unix to api.yaml file
- server: logstash8 was updated to 8.19.9 and it needs openjdk21+
- Bump PORTREVISION
Reported by: dtxdf
8 files changed, 165 insertions, 99 deletions
diff --git a/security/wazuh-agent/Makefile b/security/wazuh-agent/Makefile index 40268cb0adb2..b3a01c28f3dc 100644 --- a/security/wazuh-agent/Makefile +++ b/security/wazuh-agent/Makefile @@ -1,7 +1,7 @@ PORTNAME= wazuh DISTVERSION= 4.14.1 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources PKGNAMESUFFIX= -agent diff --git a/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp index 7765db26eb93..58bb3ac01b91 100644 --- a/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp +++ b/security/wazuh-agent/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp @@ -1,5 +1,5 @@ ---- src/data_provider/src/sysInfoFreeBSD.cpp.orig 2025-12-29 18:29:38.128837000 -0400 -+++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-12-30 01:04:57.828191000 -0400 +--- src/data_provider/src/sysInfoFreeBSD.cpp 2025-11-07 00:46:03.000000000 -0800 ++++ src/data_provider/src/sysInfoFreeBSD.cpp 2026-01-01 13:18:42.411755000 -0800 @@ -11,20 +11,28 @@ #include "sysInfo.hpp" #include "cmdHelper.h" @@ -102,7 +102,7 @@ if (uname(&uts) >= 0) { ret["sysname"] = uts.sysname; -@@ -215,44 +240,257 @@ +@@ -215,43 +240,256 @@ nlohmann::json SysInfo::getPorts() const { @@ -119,23 +119,19 @@ -void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> /*callback*/) const -{ - // Currently not supported for this OS. --} + if (!query.empty()) + { + nlohmann::json portsjson; + portsjson = nlohmann::json::parse(query); + auto &portsResult = portsjson["sockstat"]["socket"]; - --void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const --{ -- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; ++ + for(auto &port : portsResult) { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - ++ + if (port["pid"] != nullptr) { + + localip = port["local"]["address"]; @@ -183,32 +179,16 @@ +#else + const auto query{Utils::exec(R"(sockstat -46qs)")}; + - if (!query.empty()) - { -- const auto lines{Utils::split(query, '\n')}; ++ if (!query.empty()) ++ { + const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')}; - ++ + std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)"); + - for (const auto& line : lines) - { -- const auto data{Utils::split(line, '|')}; -- nlohmann::json package; ++ for (const auto& line : lines) ++ { + std::smatch data; - -- package["name"] = data[0]; -- package["vendor"] = data[1]; -- package["version"] = data[2]; -- package["install_time"] = UNKNOWN_VALUE; -- package["location"] = UNKNOWN_VALUE; -- package["architecture"] = data[3]; -- package["groups"] = UNKNOWN_VALUE; -- package["description"] = data[4]; -- package["size"] = 0; -- package["priority"] = UNKNOWN_VALUE; -- package["source"] = UNKNOWN_VALUE; -- package["format"] = "pkg"; -- // The multiarch field won't have a default value ++ + if (std::regex_search(line, data, expression)) + { + std::string localip = ""; @@ -216,8 +196,7 @@ + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - -- callback(package); ++ + auto localdata{Utils::split(data[6], ':')}; + auto remotedata{Utils::split(data[7], ':')}; + @@ -270,18 +249,22 @@ + } +#endif + return ports; -+} -+ + } + +-void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const +void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> callback) const -+{ + { +- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; + const auto query{Utils::exec(R"(ps -ax -w -o pid,comm,state,ppid,usertime,systime,user,ruser,svuid,group,rgroup,svgid,pri,nice,ssiz,vsz,rss,pmem,etimes,sid,pgid,tpgid,tty,cpu,nlwp,args --libxo json)")}; -+ -+ if (!query.empty()) -+ { + + if (!query.empty()) + { +- const auto lines{Utils::split(query, '\n')}; + nlohmann::json psjson; + psjson = nlohmann::json::parse(query); + auto &processes = psjson["process-information"]["process"]; -+ + +- for (const auto& line : lines) + for(auto &process : processes) { + std::string user_time{""}; + std::string system_time{""}; @@ -329,15 +312,31 @@ + if (Utils::existsRegular(PKG_DB_PATHNAME)) + { + try -+ { -+ std::shared_ptr<SQLite::IConnection> sqliteConnection = std::make_shared<SQLite::Connection>(PKG_DB_PATHNAME); -+ + { +- const auto data{Utils::split(line, '|')}; +- nlohmann::json package; ++ std::shared_ptr<SQLite::IConnection> sqliteConnection = std::make_shared<SQLite::Connection>(PKG_DB_PATHNAME, SQLITE_OPEN_READONLY); + +- package["name"] = data[0]; +- package["vendor"] = data[1]; +- package["version"] = data[2]; +- package["install_time"] = UNKNOWN_VALUE; +- package["location"] = UNKNOWN_VALUE; +- package["architecture"] = data[3]; +- package["groups"] = UNKNOWN_VALUE; +- package["description"] = data[4]; +- package["size"] = 0; +- package["priority"] = UNKNOWN_VALUE; +- package["source"] = UNKNOWN_VALUE; +- package["format"] = "pkg"; +- // The multiarch field won't have a default value + SQLite::Statement stmt + { + sqliteConnection, + PKG_QUERY + }; -+ + +- callback(package); + while (SQLITE_ROW == stmt.step()) + { + try @@ -379,11 +378,10 @@ + std::cerr << e.what() << std::endl; + } + } - } ++ } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; -+ } + } } } - diff --git a/security/wazuh-agent/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h b/security/wazuh-agent/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h new file mode 100644 index 000000000000..a6eeb2973d97 --- /dev/null +++ b/security/wazuh-agent/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h @@ -0,0 +1,34 @@ +--- src/shared_modules/utils/sqliteWrapperTemp.h 2025-11-07 00:46:03.000000000 -0800 ++++ src/shared_modules/utils/sqliteWrapperTemp.h 2026-01-01 13:52:11.656050000 -0800 +@@ -235,8 +235,8 @@ + public: + ~Connection() = default; + +- explicit Connection(const std::string& path) +- : m_db{ openSQLiteDb(path), [](sqlite3 * p) ++ explicit Connection(const std::string& path, const int flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE) ++ : m_db{ openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + } } +@@ -245,7 +245,10 @@ + + if (path.compare(DB_MEMORY) != 0) + { +- const auto result { chmod(path.c_str(), DB_PERMISSIONS) }; ++ const auto result = ++ (flags == SQLITE_OPEN_READONLY) ++ ? 0 ++ : chmod(path.c_str(), DB_PERMISSIONS); + + if (result != 0) + { +@@ -255,7 +258,7 @@ + }; + } + +- m_db.reset(openSQLiteDb(path, SQLITE_OPEN_READWRITE), [](sqlite3 * p) ++ m_db.reset(openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + }); diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile index 372e09d50a67..3d9d2e467c60 100644 --- a/security/wazuh-manager/Makefile +++ b/security/wazuh-manager/Makefile @@ -1,7 +1,7 @@ PORTNAME= wazuh DISTVERSIONPREFIX= v DISTVERSION= 4.14.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources \ LOCAL/acm/${PORTNAME}/:wazuh_cache @@ -33,7 +33,7 @@ LIB_DEPENDS+= libarrow.so:databases/arrow \ libopenblas.so:math/openblas RUN_DEPENDS= bash>0:shells/bash -USES= cpe gmake perl5 python:3.11 readline shebangfix sqlite:3 uidfix +USES= cpe dos2unix gmake perl5 python:3.11 readline shebangfix sqlite:3 uidfix USE_GITHUB= yes GH_TUPLE= alonsobsd:wazuh-freebsd:${WAZUH_EXTRAFILE_TAGNAME}:wazuh @@ -42,6 +42,8 @@ USE_RC_SUBR= ${PORTNAME}${PKGNAMESUFFIX} MAKE_ARGS+= TARGET=server INSTALLDIR=${WAZUHPREFIX} INSTALL_SHARED="${INSTALL_LIB}" PYTHON_SOURCE=yes OPTIMIZE_CPYTHON=no +DOS2UNIX_FILES= ${WRKSRC}/api/api/configuration/api.yaml + # WITH_CCACHE_BUILD= yes # CCACHE_DIR= /zdata/ccache diff --git a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp index 7765db26eb93..58bb3ac01b91 100644 --- a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp +++ b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp @@ -1,5 +1,5 @@ ---- src/data_provider/src/sysInfoFreeBSD.cpp.orig 2025-12-29 18:29:38.128837000 -0400 -+++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-12-30 01:04:57.828191000 -0400 +--- src/data_provider/src/sysInfoFreeBSD.cpp 2025-11-07 00:46:03.000000000 -0800 ++++ src/data_provider/src/sysInfoFreeBSD.cpp 2026-01-01 13:18:42.411755000 -0800 @@ -11,20 +11,28 @@ #include "sysInfo.hpp" #include "cmdHelper.h" @@ -102,7 +102,7 @@ if (uname(&uts) >= 0) { ret["sysname"] = uts.sysname; -@@ -215,44 +240,257 @@ +@@ -215,43 +240,256 @@ nlohmann::json SysInfo::getPorts() const { @@ -119,23 +119,19 @@ -void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> /*callback*/) const -{ - // Currently not supported for this OS. --} + if (!query.empty()) + { + nlohmann::json portsjson; + portsjson = nlohmann::json::parse(query); + auto &portsResult = portsjson["sockstat"]["socket"]; - --void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const --{ -- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; ++ + for(auto &port : portsResult) { + std::string localip = ""; + std::string localport = ""; + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - ++ + if (port["pid"] != nullptr) { + + localip = port["local"]["address"]; @@ -183,32 +179,16 @@ +#else + const auto query{Utils::exec(R"(sockstat -46qs)")}; + - if (!query.empty()) - { -- const auto lines{Utils::split(query, '\n')}; ++ if (!query.empty()) ++ { + const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')}; - ++ + std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)"); + - for (const auto& line : lines) - { -- const auto data{Utils::split(line, '|')}; -- nlohmann::json package; ++ for (const auto& line : lines) ++ { + std::smatch data; - -- package["name"] = data[0]; -- package["vendor"] = data[1]; -- package["version"] = data[2]; -- package["install_time"] = UNKNOWN_VALUE; -- package["location"] = UNKNOWN_VALUE; -- package["architecture"] = data[3]; -- package["groups"] = UNKNOWN_VALUE; -- package["description"] = data[4]; -- package["size"] = 0; -- package["priority"] = UNKNOWN_VALUE; -- package["source"] = UNKNOWN_VALUE; -- package["format"] = "pkg"; -- // The multiarch field won't have a default value ++ + if (std::regex_search(line, data, expression)) + { + std::string localip = ""; @@ -216,8 +196,7 @@ + std::string remoteip = ""; + std::string remoteport = ""; + std::string statedata = ""; - -- callback(package); ++ + auto localdata{Utils::split(data[6], ':')}; + auto remotedata{Utils::split(data[7], ':')}; + @@ -270,18 +249,22 @@ + } +#endif + return ports; -+} -+ + } + +-void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const +void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> callback) const -+{ + { +- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; + const auto query{Utils::exec(R"(ps -ax -w -o pid,comm,state,ppid,usertime,systime,user,ruser,svuid,group,rgroup,svgid,pri,nice,ssiz,vsz,rss,pmem,etimes,sid,pgid,tpgid,tty,cpu,nlwp,args --libxo json)")}; -+ -+ if (!query.empty()) -+ { + + if (!query.empty()) + { +- const auto lines{Utils::split(query, '\n')}; + nlohmann::json psjson; + psjson = nlohmann::json::parse(query); + auto &processes = psjson["process-information"]["process"]; -+ + +- for (const auto& line : lines) + for(auto &process : processes) { + std::string user_time{""}; + std::string system_time{""}; @@ -329,15 +312,31 @@ + if (Utils::existsRegular(PKG_DB_PATHNAME)) + { + try -+ { -+ std::shared_ptr<SQLite::IConnection> sqliteConnection = std::make_shared<SQLite::Connection>(PKG_DB_PATHNAME); -+ + { +- const auto data{Utils::split(line, '|')}; +- nlohmann::json package; ++ std::shared_ptr<SQLite::IConnection> sqliteConnection = std::make_shared<SQLite::Connection>(PKG_DB_PATHNAME, SQLITE_OPEN_READONLY); + +- package["name"] = data[0]; +- package["vendor"] = data[1]; +- package["version"] = data[2]; +- package["install_time"] = UNKNOWN_VALUE; +- package["location"] = UNKNOWN_VALUE; +- package["architecture"] = data[3]; +- package["groups"] = UNKNOWN_VALUE; +- package["description"] = data[4]; +- package["size"] = 0; +- package["priority"] = UNKNOWN_VALUE; +- package["source"] = UNKNOWN_VALUE; +- package["format"] = "pkg"; +- // The multiarch field won't have a default value + SQLite::Statement stmt + { + sqliteConnection, + PKG_QUERY + }; -+ + +- callback(package); + while (SQLITE_ROW == stmt.step()) + { + try @@ -379,11 +378,10 @@ + std::cerr << e.what() << std::endl; + } + } - } ++ } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; -+ } + } } } - diff --git a/security/wazuh-manager/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h b/security/wazuh-manager/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h new file mode 100644 index 000000000000..a6eeb2973d97 --- /dev/null +++ b/security/wazuh-manager/files/patch-src-shared_modules-utils_sqliteWrapperTemp.h @@ -0,0 +1,34 @@ +--- src/shared_modules/utils/sqliteWrapperTemp.h 2025-11-07 00:46:03.000000000 -0800 ++++ src/shared_modules/utils/sqliteWrapperTemp.h 2026-01-01 13:52:11.656050000 -0800 +@@ -235,8 +235,8 @@ + public: + ~Connection() = default; + +- explicit Connection(const std::string& path) +- : m_db{ openSQLiteDb(path), [](sqlite3 * p) ++ explicit Connection(const std::string& path, const int flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE) ++ : m_db{ openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + } } +@@ -245,7 +245,10 @@ + + if (path.compare(DB_MEMORY) != 0) + { +- const auto result { chmod(path.c_str(), DB_PERMISSIONS) }; ++ const auto result = ++ (flags == SQLITE_OPEN_READONLY) ++ ? 0 ++ : chmod(path.c_str(), DB_PERMISSIONS); + + if (result != 0) + { +@@ -255,7 +258,7 @@ + }; + } + +- m_db.reset(openSQLiteDb(path, SQLITE_OPEN_READWRITE), [](sqlite3 * p) ++ m_db.reset(openSQLiteDb(path, flags), [](sqlite3 * p) + { + sqlite3_close_v2(p); + }); diff --git a/security/wazuh-server/Makefile b/security/wazuh-server/Makefile index 42b85ea3a53a..e0a09cf3873c 100644 --- a/security/wazuh-server/Makefile +++ b/security/wazuh-server/Makefile @@ -1,6 +1,6 @@ PORTNAME= wazuh PORTVERSION= 4.14.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= LOCAL/acm/${PORTNAME}/:config_samples \ https://packages.wazuh.com/4.x/filebeat/:wazuh_module \ diff --git a/security/wazuh-server/files/pkg-message.in b/security/wazuh-server/files/pkg-message.in index 258f0696829f..12e19d9cce62 100644 --- a/security/wazuh-server/files/pkg-message.in +++ b/security/wazuh-server/files/pkg-message.in @@ -34,7 +34,7 @@ Wazuh server components were installed 7) Install logstash-output-opensearch plugin. Fetch it from rubygems site or opensearch github # cd %%PREFIX%%/logstash/bin - # sh -c "JAVA_HOME=%%PREFIX%%/openjdk17 ./logstash-plugin install /tmp/logstash-output-opensearch" + # sh -c "JAVA_HOME=%%PREFIX%%/openjdk21 ./logstash-plugin install /tmp/logstash-output-opensearch" There are some issues installing this plugin on latest version of sysutils/logstash8. Try installing gem file directly |