Release 4.3.6 - Release Candidate 1 - E2E UX tests - GitHub integration

[gdiazlo]

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Test information

Test name	GitHub Integration
Category	Cloud Security
Deployment option	See table below
Main release issue	#14260
Release candidate #	4.3.6-RC1

Test description

Deploy Wazuh with the following design:

Component	Guide	Cluster / Single	OS
indexer	step-by-step	Single	Centos8
server	sources	Single	Centos8
dashboard	step-by-step	Single	Centos8
agent	sources	Single	Centos8

Follow the documentation at:

https://documentation-dev.wazuh.com/current/github/index.html

Test different use cases of Github events and see that alerts are generated and make sense.

Test report procedure

All test results must have one of the following statuses:

🟢	All checks passed.
🔴	There is at least one failed result.
🟡	There is at least one expected failure or skipped test and no failures.

Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.

An extended report of the test results must be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.

Conclusions

All tests have been executed and the results can be found here.

Status	Test	Failure type	Notes
🟢	Environment preparation	-	We should consider warning the user about the common firewalls present in modern distributions
🟢	Indexer Installation	-	-
🟢	Indexer Configuration	-	-
🟢	Indexer Check	-	-
🟡	Server Install dependencies	-	Documentation issues, see comments below wazuh/wazuh-documentation#5481
🟡	Server install wazuh-manager	-	Documentation issues, see comments below wazuh/wazuh-documentation#5481
🟡	Server install additional components	-	Documentation issues, see comments below wazuh/wazuh-documentation#5481
🟡	Agent install from sources	-	Documentation issues, see comments below wazuh/wazuh-documentation#5482
🟡	Agent manual enrollment using API	-	Documentation issues, see comments below wazuh/wazuh-documentation#5482
🟢	Dashboard step-by-step installation	-	-
🟢	Dashboard configuration	-	-
🟡	Dashboard only for distributed deployments - wazuh.yml config file	-	Sample config file comes with options that might not work wazuh/wazuh-dashboard-plugins#4349
⚫	GitHub setup trial account	-	-
🟢	Agent's configuration for GitHub	-	We might consider changing the git value to all in api_parameter in the default configuration shown in the documentation
🟡	Agent´s restart	-	We do not show the user how to check if the GitHub module is active, or how to troubleshoot it in case of a problem wazuh/wazuh-documentation#5483
🟡	UI usage	-	Our documentation does not mention that we need to enable GitHub module on the UI wazuh/wazuh-documentation#5483

Auditors' validation

The definition of done for this one is the validation of the conclusions and the test results from all auditors.

All checks from below must be accepted in order to close this issue.

• @alberpilot
• @vikman90

[gdiazlo]

Environment preparation

Vagrant file containg the description of the 4 machines using centos

Vagrant.configure("2") do |config|

    config.vm.define "indexer" do |indexer|
        indexer.vm.box = "generic/centos8"
        indexer.vm.hostname = "indexer"
        indexer.vm.network "public_network", bridge: "Default Switch"

        indexer.vm.provider "hyperv" do |h|
            h.vmname = "indexer"
            h.enable_checkpoints = true
            h.enable_automatic_checkpoints = true
            h.enable_enhanced_session_mode = true
            h.memory = 8192
            h.maxmemory = 8192
            h.cpus = 8
        end
    end


    config.vm.define "server" do |server|
        server.vm.box = "generic/centos8"
        server.vm.hostname = "server"
        server.vm.network "public_network", bridge: "Default Switch"

        server.vm.provider "hyperv" do |h|
            h.vmname = "server"
            h.enable_checkpoints = true
            h.enable_automatic_checkpoints = true
            h.enable_enhanced_session_mode = true
            h.memory = 8192
            h.maxmemory = 8192
            h.cpus = 8
        end
    end

    config.vm.define "dashboard" do |dashboard|
        dashboard.vm.box = "generic/centos8"
        dashboard.vm.hostname = "dashboard"
        dashboard.vm.network "public_network", bridge: "Default Switch"

        dashboard.vm.provider "hyperv" do |h|
                h.vmname = "dashboard"
                h.enable_checkpoints = true
                h.enable_automatic_checkpoints = true
                h.enable_enhanced_session_mode = true
                h.memory = 8192
                h.maxmemory = 8192
                h.cpus = 8
            end
     end
    
     config.vm.define "agent" do |agent|
        agent.vm.box = "generic/centos8"
        agent.vm.hostname = "agent"
        agent.vm.network "public_network", bridge: "Default Switch"

        agent.vm.provider "hyperv" do |h|
            h.vmname = "agent"
            h.enable_checkpoints = true
            h.enable_automatic_checkpoints = true
            h.enable_enhanced_session_mode = true
            h.memory = 8192
            h.maxmemory = 8192
            h.cpus = 8
        end
    end

end

Network configuration

🟡 Because I know Centos 8 comes with firewalls enabled by default in the vagrant box I am using, I have opted for disabling it, instead of implementing the adequate firewall policy for Wazuh. We should consider adding a note to the documentation talking about firewalls and wazuh.

nodes:
  indexer:
    - name: indexer
      ip: 172.26.19.181

  server:
    - name: server
      ip: 172.26.31.140

  dashboard:
    - name: dashboard
      ip: 172.26.27.112

Indexer

Installation

Set up pre-release repository

# **rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH**
# **echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo**
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
# **yum install -y wazuh-indexer**
Last metadata expiration check: 0:00:26 ago on Mon 18 Jul 2022 08:15:35 PM UTC.
Dependencies resolved.
========================================================================================================================
 Package                          Architecture              Version                      Repository                Size
========================================================================================================================
Installing:
 wazuh-indexer                    x86_64                    4.3.6-1                      wazuh                    361 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 361 M
Installed size: 614 M
Downloading Packages:
wazuh-indexer-4.3.6-1.x86_64.rpm                                                         21 MB/s | 361 MB     00:17
------------------------------------------------------------------------------------------------------------------------
Total                                                                                    21 MB/s | 361 MB     00:17
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Running scriptlet: wazuh-indexer-4.3.6-1.x86_64                                                                   1/1
  Installing       : wazuh-indexer-4.3.6-1.x86_64                                                                   1/1
  Running scriptlet: wazuh-indexer-4.3.6-1.x86_64                                                                   1/1
  Verifying        : wazuh-indexer-4.3.6-1.x86_64                                                                   1/1

Installed:
  wazuh-indexer-4.3.6-1.x86_64

Complete!

Configuration

# vim /etc/wazuh-indexer/opensearch.yml
# cat /etc/wazuh-indexer/opensearch.yml
network.host: "172.26.19.181"
node.name: "indexer"
cluster.initial_master_nodes:
- "indexer"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
  - "172.26.19.181"
#  - "node-2-ip"
#  - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
# NODE_NAME="indexer"
# mkdir /etc/wazuh-indexer/certs
# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
# chmod 500 /etc/wazuh-indexer/certs
# chmod 400 /etc/wazuh-indexer/certs/* 
# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
# systemctl daemon-reload
# systemctl enable wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
# systemctl start wazuh-indexer
# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 172.26.19.181:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml
   SUCC: Configuration for 'audit' created or updated
Done with success

Checks

# curl -k -u admin:admin https://172.26.19.181:9200
{
  "name" : "indexer",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "awsDhhM6SBO8vhATQGcsWw",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "e505b10357c03ae8d26d675172402f2f2144ef0f",
    "build_date" : "2022-01-14T03:38:06.881862Z",
    "build_snapshot" : false,
    "lucene_version" : "8.10.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
# curl -k -u admin:admin https://172.26.19.181:9200/_cat/nodes?v
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.26.19.181           16          35   3    0.16    0.09     0.03 dimr      *      indexer

Server

Install dependencies

🟡 When installing dependencies, if you copy & paste the whole block of commands it won't work appropriately, as the first command does not have a -y option. This makes the command ask for user input, so it does not execute the other pasted commands.

# yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils
m-config-manager --enable powertools
 yum install libstdc++-static -yLast metadata expiration check: 2:08:47 ago on Mon 18 Jul 2022 06:27:49 PM UTC.
Package make-1:4.2.1-10.el8.x86_64 is already installed.
Package cmake-3.20.2-4.el8.x86_64 is already installed.
Package gcc-8.5.0-4.el8_5.x86_64 is already installed.
Package gcc-c++-8.5.0-4.el8_5.x86_64 is already installed.
Package python36-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64 is already installed.
Package automake-1.16.1-7.el8.noarch is already installed.
Package autoconf-2.69-29.el8.noarch is already installed.
Package libtool-2.4.6-25.el8.x86_64 is already installed.
Package yum-utils-4.0.21-3.el8.noarch is already installed.
Dependencies resolved.
========================================================================================================================
 Package                           Architecture     Version                                      Repository        Size
========================================================================================================================
Installing:
 openssl-devel                     x86_64           1:1.1.1k-5.el8_5                             baseos           2.3 M
 python3-policycoreutils           noarch           2.9-16.el8                                   baseos           2.2 M
Installing dependencies:
 checkpolicy                       x86_64           2.9-1.el8                                    baseos           348 k
 keyutils-libs-devel               x86_64           1.5.10-9.el8                                 baseos            48 k
 krb5-devel                        x86_64           1.18.2-14.el8                                baseos           560 k
 libcom_err-devel                  x86_64           1.45.6-2.el8                                 baseos            38 k
 libkadm5                          x86_64           1.18.2-14.el8                                baseos           187 k
 libselinux-devel                  x86_64           2.9-5.el8                                    baseos           200 k
 libsepol-devel                    x86_64           2.9-3.el8                                    baseos            87 k
 libverto-devel                    x86_64           0.3.0-5.el8                                  baseos            18 k
 pcre2-devel                       x86_64           10.32-2.el8                                  baseos           605 k
 pcre2-utf16                       x86_64           10.32-2.el8                                  baseos           229 k
 pcre2-utf32                       x86_64           10.32-2.el8                                  baseos           220 k
 python3-audit                     x86_64           3.0-0.17.20191104git1c2f876.el8              baseos            86 k
 python3-libsemanage               x86_64           2.9-6.el8                                    baseos           127 k
 python3-setools                   x86_64           4.3.0-2.el8                                  baseos           626 k
 zlib-devel                        x86_64           1.2.11-17.el8                                baseos            58 k

Transaction Summary
========================================================================================================================
Install  17 Packages

Total download size: 7.9 M
Installed size: 19 M
Is this ok [y/N]: Is this ok [y/N]: y
Is this ok [y/N]: y
Downloading Packages:
(1/17): keyutils-libs-devel-1.5.10-9.el8.x86_64.rpm                                     137 kB/s |  48 kB     00:00
(2/17): libcom_err-devel-1.45.6-2.el8.x86_64.rpm                                        1.0 MB/s |  38 kB     00:00
(3/17): checkpolicy-2.9-1.el8.x86_64.rpm                                                866 kB/s | 348 kB     00:00
(4/17): krb5-devel-1.18.2-14.el8.x86_64.rpm                                             1.3 MB/s | 560 kB     00:00
(5/17): libselinux-devel-2.9-5.el8.x86_64.rpm                                           4.7 MB/s | 200 kB     00:00
(6/17): libsepol-devel-2.9-3.el8.x86_64.rpm                                             2.4 MB/s |  87 kB     00:00
(7/17): libkadm5-1.18.2-14.el8.x86_64.rpm                                               2.8 MB/s | 187 kB     00:00
(8/17): libverto-devel-0.3.0-5.el8.x86_64.rpm                                           611 kB/s |  18 kB     00:00
(9/17): pcre2-utf16-10.32-2.el8.x86_64.rpm                                              6.3 MB/s | 229 kB     00:00
(10/17): pcre2-devel-10.32-2.el8.x86_64.rpm                                             9.2 MB/s | 605 kB     00:00
(11/17): pcre2-utf32-10.32-2.el8.x86_64.rpm                                             5.9 MB/s | 220 kB     00:00
(12/17): python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64.rpm                       1.8 MB/s |  86 kB     00:00
(13/17): python3-libsemanage-2.9-6.el8.x86_64.rpm                                       3.6 MB/s | 127 kB     00:00
(14/17): openssl-devel-1.1.1k-5.el8_5.x86_64.rpm                                         15 MB/s | 2.3 MB     00:00
(15/17): python3-setools-4.3.0-2.el8.x86_64.rpm                                          11 MB/s | 626 kB     00:00
(16/17): zlib-devel-1.2.11-17.el8.x86_64.rpm                                            1.1 MB/s |  58 kB     00:00
(17/17): python3-policycoreutils-2.9-16.el8.noarch.rpm                                   17 MB/s | 2.2 MB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                    11 MB/s | 7.9 MB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : zlib-devel-1.2.11-17.el8.x86_64                                                               1/17
  Installing       : python3-setools-4.3.0-2.el8.x86_64                                                            2/17
  Installing       : python3-libsemanage-2.9-6.el8.x86_64                                                          3/17
  Installing       : python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64                                          4/17
  Installing       : pcre2-utf32-10.32-2.el8.x86_64                                                                5/17
  Installing       : pcre2-utf16-10.32-2.el8.x86_64                                                                6/17
  Installing       : pcre2-devel-10.32-2.el8.x86_64                                                                7/17
  Installing       : libverto-devel-0.3.0-5.el8.x86_64                                                             8/17
  Installing       : libsepol-devel-2.9-3.el8.x86_64                                                               9/17
  Installing       : libselinux-devel-2.9-5.el8.x86_64                                                            10/17
  Installing       : libkadm5-1.18.2-14.el8.x86_64                                                                11/17
  Installing       : libcom_err-devel-1.45.6-2.el8.x86_64                                                         12/17
  Installing       : keyutils-libs-devel-1.5.10-9.el8.x86_64                                                      13/17
  Installing       : krb5-devel-1.18.2-14.el8.x86_64                                                              14/17
  Installing       : checkpolicy-2.9-1.el8.x86_64                                                                 15/17
  Installing       : python3-policycoreutils-2.9-16.el8.noarch                                                    16/17
  Installing       : openssl-devel-1:1.1.1k-5.el8_5.x86_64                                                        17/17
  Running scriptlet: openssl-devel-1:1.1.1k-5.el8_5.x86_64                                                        17/17
  Verifying        : checkpolicy-2.9-1.el8.x86_64                                                                  1/17
  Verifying        : keyutils-libs-devel-1.5.10-9.el8.x86_64                                                       2/17
  Verifying        : krb5-devel-1.18.2-14.el8.x86_64                                                               3/17
  Verifying        : libcom_err-devel-1.45.6-2.el8.x86_64                                                          4/17
  Verifying        : libkadm5-1.18.2-14.el8.x86_64                                                                 5/17
  Verifying        : libselinux-devel-2.9-5.el8.x86_64                                                             6/17
  Verifying        : libsepol-devel-2.9-3.el8.x86_64                                                               7/17
  Verifying        : libverto-devel-0.3.0-5.el8.x86_64                                                             8/17
  Verifying        : openssl-devel-1:1.1.1k-5.el8_5.x86_64                                                         9/17
  Verifying        : pcre2-devel-10.32-2.el8.x86_64                                                               10/17
  Verifying        : pcre2-utf16-10.32-2.el8.x86_64                                                               11/17
  Verifying        : pcre2-utf32-10.32-2.el8.x86_64                                                               12/17
  Verifying        : python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64                                         13/17
  Verifying        : python3-libsemanage-2.9-6.el8.x86_64                                                         14/17
  Verifying        : python3-policycoreutils-2.9-16.el8.noarch                                                    15/17
  Verifying        : python3-setools-4.3.0-2.el8.x86_64                                                           16/17
  Verifying        : zlib-devel-1.2.11-17.el8.x86_64                                                              17/17

Installed:
  checkpolicy-2.9-1.el8.x86_64                                      keyutils-libs-devel-1.5.10-9.el8.x86_64
  krb5-devel-1.18.2-14.el8.x86_64                                   libcom_err-devel-1.45.6-2.el8.x86_64
  libkadm5-1.18.2-14.el8.x86_64                                     libselinux-devel-2.9-5.el8.x86_64
  libsepol-devel-2.9-3.el8.x86_64                                   libverto-devel-0.3.0-5.el8.x86_64
  openssl-devel-1:1.1.1k-5.el8_5.x86_64                             pcre2-devel-10.32-2.el8.x86_64
  pcre2-utf16-10.32-2.el8.x86_64                                    pcre2-utf32-10.32-2.el8.x86_64
  python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64              python3-libsemanage-2.9-6.el8.x86_64
  python3-policycoreutils-2.9-16.el8.noarch                         python3-setools-4.3.0-2.el8.x86_64
  zlib-devel-1.2.11-17.el8.x86_64

Complete!

Execute the other commands manually:

[root@server wz]# yum-config-manager --enable powertools
[root@server wz]# yum install libstdc++-static -y
CentOS Linux 8 - PowerTools                                                             6.6 MB/s | 2.3 MB     00:00
Last metadata expiration check: 0:00:01 ago on Mon 18 Jul 2022 08:37:08 PM UTC.
Dependencies resolved.
========================================================================================================================
 Package                          Architecture           Version                       Repository                  Size
========================================================================================================================
Installing:
 libstdc++-static                 x86_64                 8.5.0-4.el8_5                 powertools                 599 k

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 599 k
Installed size: 5.1 M
Downloading Packages:
libstdc++-static-8.5.0-4.el8_5.x86_64.rpm                                               1.7 MB/s | 599 kB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   1.7 MB/s | 599 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : libstdc++-static-8.5.0-4.el8_5.x86_64                                                          1/1
  Running scriptlet: libstdc++-static-8.5.0-4.el8_5.x86_64                                                          1/1
  Verifying        : libstdc++-static-8.5.0-4.el8_5.x86_64                                                          1/1

Installed:
  libstdc++-static-8.5.0-4.el8_5.x86_64

Complete!
[root@server wz]#

🟡 Trying to compile Python from source, following the optional instructions does not work, as the package python34 does not exist in Centos 8 latest version. Following the documentation, I've changed to python3 as the package name. Does our code requires a specific version of python to work?

The documentation also say:
Nevertheless, you can download the CPython sources by adding the PYTHON_SOURCE flag when running make deps.

But I was unable to find when to execute that command to add the PYTHON_SOURCE flag.

yum-builddep python34 -y
enabling appstream-source repository
enabling baseos-source repository
enabling extras-source repository
enabling powertools-source repository
enabling epel-source repository
enabling epel-modular-source repository
CentOS Linux 8 - BaseOS - Source                                                        493 kB/s | 326 kB     00:00
CentOS Linux 8 - AppStream - Source                                                     1.4 MB/s | 835 kB     00:00
CentOS Linux 8 - PowerTools - Source                                                    216 kB/s | 196 kB     00:00
CentOS Linux 8 - Extras - Source                                                         13 kB/s | 7.6 kB     00:00
Extra Packages for Enterprise Linux 8 - x86_64 - Source                                 3.7 MB/s | 2.5 MB     00:00
Extra Packages for Enterprise Linux Modular 8 - x86_64 - Source                          33 kB/s |  18 kB     00:00
no package matched: python34
Error: Some packages could not be found.
# cat /etc/centos-release
CentOS Linux release 8.5.2111
# yum-builddep python3 -y
[ output elided as this command installs over 100 packages ]

Install Wazuh Manager

Downloading the package required an updated URL to use the pre-release

# curl -Ls https://github.com/wazuh/wazuh/archive/v4.3.6-rc1.tar.gz | tar zx

Building wazuh-manager using the provided script

./install.sh

  ** Para instalação em português, escolha [br].
  ** 要使用中文进行安装, 请选择 [cn].
  ** Für eine deutsche Installation, wählen Sie [de].
  ** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el].
  ** For installation in English, choose [en].
  ** Para instalar en español, elija [es].
  ** Pour une installation en français, choisissez [fr]
  ** A Magyar nyelvű telepítéshez válassza [hu].
  ** Per l'installazione in Italiano, scegli [it].
  ** 日本語でインストールします．選択して下さい．[jp].
  ** Voor installatie in het Nederlands, kies [nl].
  ** Aby instalować w języku Polskim, wybierz [pl].
  ** Для инструкций по установке на русском ,введите [ru].
  ** Za instalaciju na srpskom, izaberi [sr].
  ** Türkçe kurulum için seçin [tr].
  (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]:
 Wazuh v4.3.6 (Rev. 40318) Installation Script - http://www.wazuh.com

 You are about to start the installation process of Wazuh.
 You must have a C compiler pre-installed in your system.

  - System: Linux server 4.18.0-348.7.1.el8_5.x86_64 (centos 8.5)
  - User: root
  - Host: server


  -- Press ENTER to continue or Ctrl-C to abort. --


1- What kind of installation do you want (manager, agent, local, hybrid or help)? manager

  - Manager (server) installation chosen.

2- Choose where to install Wazuh [/var/ossec]:

    - Installation will be made at  /var/ossec .

3- Configuring Wazuh.

  3.1- Do you want e-mail notification? (y/n) [n]:

   --- Email notification disabled.

  3.2- Do you want to run the integrity check daemon? (y/n) [y]:

   - Running syscheck (integrity check daemon).

  3.3- Do you want to run the rootkit detection engine? (y/n) [y]:

   - Running rootcheck (rootkit detection).

  3.5- Active response allows you to execute a specific
       command based on the events received.
       By default, no active responses are defined.

   - Default white list for the active response:
      - 172.26.16.1

   - Do you want to add more IPs to the white list? (y/n)? [n]:

  3.6- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:

   - Remote syslog enabled.

  3.7 - Do you want to run the Auth daemon? (y/n) [y]:

   - Running Auth daemon.

  3.8- Do you want to start Wazuh after the installation? (y/n) [y]:

   - Wazuh will start at the end of installation.

  3.9- Setting the configuration to analyze the following logs:

    -- /var/log/audit/audit.log
    -- /var/ossec/logs/active-responses.log
    -- /var/log/messages
    -- /var/log/secure
    -- /var/log/maillog

 - If you want to monitor any other file, just change
   the ossec.conf and add a new localfile entry.
   Any questions about the configuration can be answered
   by visiting us online at https://documentation.wazuh.com/.


   --- Press ENTER to continue ---


4- Installing the system

DIR="/var/ossec"
 - Running the Makefile

curl -so external/cJSON.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/cJSON.tar.gz || true
cd external && test -e cJSON.tar.gz && gunzip cJSON.tar.gz || true
cd external && test -e cJSON.tar && tar -xf cJSON.tar || true
test -e external/cJSON.tar && rm external/cJSON.tar || true
test -d external/cJSON ||\
(curl -so external/cJSON.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/cJSON.tar.gz &&\
cd external && gunzip cJSON.tar.gz && tar -xf cJSON.tar && rm cJSON.tar)
curl -so external/curl.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/curl.tar.gz || true
cd external && test -e curl.tar.gz && gunzip curl.tar.gz || true
cd external && test -e curl.tar && tar -xf curl.tar || true
test -e external/curl.tar && rm external/curl.tar || true
test -d external/curl ||\
(curl -so external/curl.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/curl.tar.gz &&\
cd external && gunzip curl.tar.gz && tar -xf curl.tar && rm curl.tar)
curl -so external/libdb.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libdb.tar.gz || true
cd external && test -e libdb.tar.gz && gunzip libdb.tar.gz || true
cd external && test -e libdb.tar && tar -xf libdb.tar || true
test -e external/libdb.tar && rm external/libdb.tar || true
test -d external/libdb ||\
(curl -so external/libdb.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libdb.tar.gz &&\
cd external && gunzip libdb.tar.gz && tar -xf libdb.tar && rm libdb.tar)
curl -so external/libffi.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libffi.tar.gz || true
cd external && test -e libffi.tar.gz && gunzip libffi.tar.gz || true
cd external && test -e libffi.tar && tar -xf libffi.tar || true
test -e external/libffi.tar && rm external/libffi.tar || true
test -d external/libffi ||\
(curl -so external/libffi.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libffi.tar.gz &&\
cd external && gunzip libffi.tar.gz && tar -xf libffi.tar && rm libffi.tar)
curl -so external/libyaml.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libyaml.tar.gz || true
cd external && test -e libyaml.tar.gz && gunzip libyaml.tar.gz || true
cd external && test -e libyaml.tar && tar -xf libyaml.tar || true
test -e external/libyaml.tar && rm external/libyaml.tar || true
test -d external/libyaml ||\
(curl -so external/libyaml.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libyaml.tar.gz &&\
cd external && gunzip libyaml.tar.gz && tar -xf libyaml.tar && rm libyaml.tar)
curl -so external/openssl.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/openssl.tar.gz || true
cd external && test -e openssl.tar.gz && gunzip openssl.tar.gz || true
cd external && test -e openssl.tar && tar -xf openssl.tar || true
test -e external/openssl.tar && rm external/openssl.tar || true
test -d external/openssl ||\
(curl -so external/openssl.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/openssl.tar.gz &&\
cd external && gunzip openssl.tar.gz && tar -xf openssl.tar && rm openssl.tar)
curl -so external/procps.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/procps.tar.gz || true
cd external && test -e procps.tar.gz && gunzip procps.tar.gz || true
cd external && test -e procps.tar && tar -xf procps.tar || true
test -e external/procps.tar && rm external/procps.tar || true
test -d external/procps ||\
(curl -so external/procps.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/procps.tar.gz &&\
cd external && gunzip procps.tar.gz && tar -xf procps.tar && rm procps.tar)
curl -so external/sqlite.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/sqlite.tar.gz || true
cd external && test -e sqlite.tar.gz && gunzip sqlite.tar.gz || true
cd external && test -e sqlite.tar && tar -xf sqlite.tar || true
test -e external/sqlite.tar && rm external/sqlite.tar || true
test -d external/sqlite ||\
(curl -so external/sqlite.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/sqlite.tar.gz &&\
cd external && gunzip sqlite.tar.gz && tar -xf sqlite.tar && rm sqlite.tar)
curl -so external/zlib.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/zlib.tar.gz || true
cd external && test -e zlib.tar.gz && gunzip zlib.tar.gz || true
cd external && test -e zlib.tar && tar -xf zlib.tar || true
test -e external/zlib.tar && rm external/zlib.tar || true
test -d external/zlib ||\
(curl -so external/zlib.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/zlib.tar.gz &&\
cd external && gunzip zlib.tar.gz && tar -xf zlib.tar && rm zlib.tar)
curl -so external/audit-userspace.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/audit-userspace.tar.gz || true
cd external && test -e audit-userspace.tar.gz && gunzip audit-userspace.tar.gz || true
cd external && test -e audit-userspace.tar && tar -xf audit-userspace.tar || true
test -e external/audit-userspace.tar && rm external/audit-userspace.tar || true
test -d external/audit-userspace ||\
(curl -so external/audit-userspace.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/audit-userspace.tar.gz &&\
cd external && gunzip audit-userspace.tar.gz && tar -xf audit-userspace.tar && rm audit-userspace.tar)
curl -so external/msgpack.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/msgpack.tar.gz || true
cd external && test -e msgpack.tar.gz && gunzip msgpack.tar.gz || true
cd external && test -e msgpack.tar && tar -xf msgpack.tar || true
test -e external/msgpack.tar && rm external/msgpack.tar || true
test -d external/msgpack ||\
(curl -so external/msgpack.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/msgpack.tar.gz &&\
cd external && gunzip msgpack.tar.gz && tar -xf msgpack.tar && rm msgpack.tar)
curl -so external/bzip2.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/bzip2.tar.gz || true
cd external && test -e bzip2.tar.gz && gunzip bzip2.tar.gz || true
cd external && test -e bzip2.tar && tar -xf bzip2.tar || true
test -e external/bzip2.tar && rm external/bzip2.tar || true
test -d external/bzip2 ||\
(curl -so external/bzip2.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/bzip2.tar.gz &&\
cd external && gunzip bzip2.tar.gz && tar -xf bzip2.tar && rm bzip2.tar)
curl -so external/nlohmann.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/nlohmann.tar.gz || true
cd external && test -e nlohmann.tar.gz && gunzip nlohmann.tar.gz || true

gzip: nlohmann.tar.gz: not in gzip format
cd external && test -e nlohmann.tar && tar -xf nlohmann.tar || true
test -e external/nlohmann.tar && rm external/nlohmann.tar || true
test -d external/nlohmann ||\
(curl -so external/nlohmann.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/nlohmann.tar.gz &&\
cd external && gunzip nlohmann.tar.gz && tar -xf nlohmann.tar && rm nlohmann.tar)
curl -so external/googletest.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/googletest.tar.gz || true
cd external && test -e googletest.tar.gz && gunzip googletest.tar.gz || true

gzip: googletest.tar.gz: not in gzip format
cd external && test -e googletest.tar && tar -xf googletest.tar || true
test -e external/googletest.tar && rm external/googletest.tar || true
test -d external/googletest ||\
(curl -so external/googletest.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/googletest.tar.gz &&\
cd external && gunzip googletest.tar.gz && tar -xf googletest.tar && rm googletest.tar)
curl -so external/libpcre2.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libpcre2.tar.gz || true
cd external && test -e libpcre2.tar.gz && gunzip libpcre2.tar.gz || true
cd external && test -e libpcre2.tar && tar -xf libpcre2.tar || true
test -e external/libpcre2.tar && rm external/libpcre2.tar || true
test -d external/libpcre2 ||\
(curl -so external/libpcre2.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libpcre2.tar.gz &&\
cd external && gunzip libpcre2.tar.gz && tar -xf libpcre2.tar && rm libpcre2.tar)
curl -so external/libplist.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libplist.tar.gz || true
cd external && test -e libplist.tar.gz && gunzip libplist.tar.gz || true
cd external && test -e libplist.tar && tar -xf libplist.tar || true
test -e external/libplist.tar && rm external/libplist.tar || true
test -d external/libplist ||\
(curl -so external/libplist.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libplist.tar.gz &&\
cd external && gunzip libplist.tar.gz && tar -xf libplist.tar && rm libplist.tar)
curl -so external/pacman.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/pacman.tar.gz || true
cd external && test -e pacman.tar.gz && gunzip pacman.tar.gz || true
cd external && test -e pacman.tar && tar -xf pacman.tar || true
test -e external/pacman.tar && rm external/pacman.tar || true
test -d external/pacman ||\
(curl -so external/pacman.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/pacman.tar.gz &&\
cd external && gunzip pacman.tar.gz && tar -xf pacman.tar && rm pacman.tar)
curl -so external/libarchive.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/libarchive.tar.gz || true
cd external && test -e libarchive.tar.gz && gunzip libarchive.tar.gz || true
cd external && test -e libarchive.tar && tar -xf libarchive.tar || true
test -e external/libarchive.tar && rm external/libarchive.tar || true
test -d external/libarchive ||\
(curl -so external/libarchive.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/libarchive.tar.gz &&\
cd external && gunzip libarchive.tar.gz && tar -xf libarchive.tar && rm libarchive.tar)
curl -so external/popt.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/popt.tar.gz || true
cd external && test -e popt.tar.gz && gunzip popt.tar.gz || true
cd external && test -e popt.tar && tar -xf popt.tar || true
test -e external/popt.tar && rm external/popt.tar || true
test -d external/popt ||\
(curl -so external/popt.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/popt.tar.gz &&\
cd external && gunzip popt.tar.gz && tar -xf popt.tar && rm popt.tar)
curl -so external/rpm.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/rpm.tar.gz || true
cd external && test -e rpm.tar.gz && gunzip rpm.tar.gz || true
cd external && test -e rpm.tar && tar -xf rpm.tar || true
test -e external/rpm.tar && rm external/rpm.tar || true
test -d external/rpm ||\
(curl -so external/rpm.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/rpm.tar.gz &&\
cd external && gunzip rpm.tar.gz && tar -xf rpm.tar && rm rpm.tar)
curl -so external/cpython.tar.gz https://packages.wazuh.com/deps/16/libraries/linux/amd64/cpython.tar.gz || true
cd external && test -e cpython.tar.gz && gunzip cpython.tar.gz || true
test -e external/cpython.tar ||\
(curl -so external/cpython.tar.gz https://packages.wazuh.com/deps/16/libraries/sources/cpython.tar.gz &&\
cd external && gunzip cpython.tar.gz && tar -xf cpython.tar && rm cpython.tar)
test -d external/cpython || (cd external && gzip cpython.tar)
checkmodule -M -m -o selinux/wazuh.mod selinux/wazuh.te
semodule_package -o selinux/wazuh.pp -m selinux/wazuh.mod
make build_sysinfo build_shared_modules build_syscollector
make[1]: Entering directory '/wz/wazuh-4.3.6-rc1/src'
    CC libwazuhext.so
cd data_provider/ && mkdir -p build && cd build && cmake     .. && make
cd shared_modules/dbsync/ && mkdir -p build && cd build && cmake    .. && make
-- The C compiler identification is GNU 8.5.0
-- The C compiler identification is GNU 8.5.0
-- The CXX compiler identification is GNU 8.5.0
-- The CXX compiler identification is GNU 8.5.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/data_provider/build
-- Configuring done
make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
-- Generating done
-- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build
make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[ 23%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserExtra.cpp.o
[ 23%] Building CXX object CMakeFiles/sysinfo.dir/src/network/networkInterfaceLinux.cpp.o
[ 23%] Building CXX object CMakeFiles/sysinfo.dir/src/osinfo/sysOsParsers.cpp.o
[ 30%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserDeb.cpp.o
[ 38%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserRpm.cpp.o
[ 46%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/packageLinuxParserRpmLegacy.cpp.o
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[ 53%] Building CXX object CMakeFiles/sysinfo.dir/src/packages/rpmPackageManager.cpp.o
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[ 10%] Building CXX object CMakeFiles/dbsync.dir/src/dbsync.cpp.o
[ 61%] Building CXX object CMakeFiles/sysinfo.dir/src/sysInfoLinux.cpp.o
[ 69%] Building CXX object CMakeFiles/sysinfo.dir/src/utilsWrapperLinux.cpp.o
[ 76%] Building CXX object CMakeFiles/sysinfo.dir/src/sysInfo.cpp.o
[ 20%] Building CXX object CMakeFiles/dbsync.dir/src/dbsyncPipelineFactory.cpp.o
[ 30%] Building CXX object CMakeFiles/dbsync.dir/src/dbsync_implementation.cpp.o
[ 40%] Building CXX object CMakeFiles/dbsync.dir/src/sqlite/sqlite_dbengine.cpp.o
[ 50%] Building CXX object CMakeFiles/dbsync.dir/src/sqlite/sqlite_wrapper.cpp.o
[ 84%] Linking CXX shared library lib/libsysinfo.so
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
[ 84%] Built target sysinfo
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
[ 92%] Building CXX object testtool/CMakeFiles/sysinfo_test_tool.dir/main.cpp.o
[ 60%] Linking CXX shared library lib/libdbsync.so
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[ 60%] Built target dbsync
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[ 70%] Building CXX object testtool/CMakeFiles/dbsync_test_tool.dir/main.cpp.o
[ 80%] Building CXX object example/CMakeFiles/dbsync_example.dir/main.cpp.o
[ 90%] Linking CXX executable ../bin/dbsync_example
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[ 90%] Built target dbsync_example
[100%] Linking CXX executable ../bin/sysinfo_test_tool
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
[100%] Built target sysinfo_test_tool
make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/data_provider/build'
[100%] Linking CXX executable ../bin/dbsync_test_tool
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
[100%] Built target dbsync_test_tool
make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/dbsync/build'
cd shared_modules/rsync/ && mkdir -p build && cd build && cmake     .. && make
-- The C compiler identification is GNU 8.5.0
-- The CXX compiler identification is GNU 8.5.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build
make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
[ 25%] Building CXX object CMakeFiles/rsync.dir/src/rsync.cpp.o
[ 25%] Building CXX object CMakeFiles/rsync.dir/src/rsyncImplementation.cpp.o
[ 37%] Linking CXX shared library lib/librsync.so
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
[ 37%] Built target rsync
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
[ 62%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/main.cpp.o
[ 62%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/agentEmulator.cpp.o
[ 87%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/managerEmulator.cpp.o
[ 87%] Building CXX object testtool/CMakeFiles/rsync_test_tool.dir/oneTimeSync.cpp.o
[100%] Linking CXX executable ../bin/rsync_test_tool
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
[100%] Built target rsync_test_tool
make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/shared_modules/rsync/build'
cd wazuh_modules/syscollector/ && mkdir -p build && cd build && cmake     .. && make
-- The C compiler identification is GNU 8.5.0
-- The CXX compiler identification is GNU 8.5.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build
make[2]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[3]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
[ 50%] Building CXX object CMakeFiles/syscollector.dir/src/syscollectorImp.cpp.o
[ 50%] Building CXX object CMakeFiles/syscollector.dir/src/syscollectorNormalizer.cpp.o
[ 50%] Building CXX object CMakeFiles/syscollector.dir/src/syscollector.cpp.o
[ 66%] Linking CXX shared library lib/libsyscollector.so
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
[ 66%] Built target syscollector
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[4]: Entering directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
[ 83%] Building CXX object testtool/CMakeFiles/syscollector_test_tool.dir/main.cpp.o
[100%] Linking CXX executable ../bin/syscollector_test_tool
make[4]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
[100%] Built target syscollector_test_tool
make[3]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[2]: Leaving directory '/wz/wazuh-4.3.6-rc1/src/wazuh_modules/syscollector/build'
make[1]: Leaving directory '/wz/wazuh-4.3.6-rc1/src'
make wazuh-maild - wazuh-csyslogd - wazuh-agentlessd - wazuh-execd - wazuh-logcollector - wazuh-remoted wazuh-agentd manage_agents utils active-responses wazuh-syscheckd wazuh-monitord wazuh-reportd wazuh-authd wazuh-analysisd wazuh-logtest-legacy wazuh-dbd - wazuh-integratord wazuh-modulesd wazuh-db
make[1]: Entering directory '/wz/wazuh-4.3.6-rc1/src'
    CC os_maild/maild.o
    CC os_maild/sendmail.o
    CC os_maild/sendcustomemail.o
    CC os_maild/config.o
    CC os_maild/os_maild_client.o
    CC os_maild/mail_list.o
    CC os_maild/mailcom.o
    CC config/wmodules-aws.o
    CC config/localfile-config.o
os_maild/os_maild_client.c: In function ‘PrintTable’:
os_maild/os_maild_client.c:802:21: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=]
                     strncat(printed, endline, strlen(endline));
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:767:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=]
             strncat(printed, delimitator, strlen(delimitator));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:786:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=]
             strncat(printed, endline, strlen(endline));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:777:17: warning: ‘strncat’ specified bound 1 equals source length [-Wstringop-overflow=]
                 strncat(printed, space, strlen(space));
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:749:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=]
             strncat(printed, delimitator, strlen(delimitator));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:751:13: warning: ‘strncat’ specified bound 2 equals source length [-Wstringop-overflow=]
             strncat(printed, endline, strlen(endline));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c: In function ‘OS_RecvMailQ’:
os_maild/os_maild_client.c:334:9: warning: ‘strncpy’ output may be truncated copying 128 bytes from a string of length 65536 [-Wstringop-truncation]
         strncpy(msg_sms_tmp->body, logs, 128);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC config/rootcheck-config.o
    CC config/agentlessd-config.o
    CC config/active-response.o
    CC config/wmodules-osquery-monitor.o
    CC config/integrator-config.o
os_maild/os_maild_client.c: In function ‘PrintTable’:
os_maild/os_maild_client.c:800:21: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
                     strncat(printed, tab, strlen(tab));
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:801:21: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
                     strncat(printed, item->string, strlen(item->string));
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:765:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncat(printed, tab, strlen(tab));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:766:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncat(printed, item->string, strlen(item->string));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:747:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncat(printed, tab, strlen(tab));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c:744:34: note: length computed here
         log_size = strlen(key) + strlen(tab) + strlen(item->string) + strlen(delimitator) + strlen(endline);
                                  ^~~~~~~~~~~
os_maild/os_maild_client.c:748:13: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncat(printed, item->string, strlen(item->string));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
os_maild/os_maild_client.c: In function ‘OS_RecvMailQ_JSON’:
os_maild/os_maild_client.c:697:9: warning: ‘strncpy’ output may be truncated copying 128 bytes from a string of length 65536 [-Wstringop-truncation]
         strncpy(msg_sms_tmp->body, logs, 128);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC config/wmodules-agent-upgrade.o
    CC config/socket-config.o
    CC config/remote-config.o
    CC config/reports-config.o
    CC config/wmodules_syscollector.o
    CC config/wmodules-oscap.o
    CC config/config.o
    CC config/wmodules-github.o
    CC config/wmodules-docker.o
    CC config/email-alerts-config.o
    CC config/global-config.o
    CC config/client-config.o
    CC config/labels-config.o
    CC config/wmodules-sca.o
    CC config/authd-config.o
    CC config/buffer-config.o
    CC config/cluster-config.o
    CC config/wmodules-key-request.o
    CC config/rules-config.o
    CC config/wmodules-vuln-detector.o
    CC config/dbd-config.o
    CC config/wmodules-gcp.o
    CC config/wmodules-azure.o
    CC config/syscheck-config.o
    CC config/wmodules-office365.o
    CC config/alerts-config.o
    CC config/wmodules-command.o
    CC config/wmodules-task-manager.o
    CC config/csyslogd-config.o
    CC config/wmodules-ciscat.o
    CC config/wmodules-fluent.o
    CC config/logtest-config.o
config/syscheck-config.c: In function ‘read_data_unit’:
config/syscheck-config.c:1261:13: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
             strncpy(value_str, content, len_value_str - 2);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
config/syscheck-config.c:1251:28: note: length computed here
     size_t len_value_str = strlen(content);
                            ^~~~~~~~~~~~~~~
    CC config/wmodules-config.o
    CC wazuh_modules/wm_control.o
    CC wazuh_modules/wmcom.o
    CC wazuh_modules/wm_oscap.o
    CC wazuh_modules/wm_gcp.o
    CC wazuh_modules/wmodules.o
    CC wazuh_modules/wm_azure.o
    CC wazuh_modules/wm_office365.o
    CC wazuh_modules/wm_exec.o
    CC wazuh_modules/wm_osquery_monitor.o
    CC wazuh_modules/wm_task_general.o
    CC wazuh_modules/wm_aws.o
    CC wazuh_modules/wm_syscollector.o
    CC wazuh_modules/wm_keyrequest.o
    CC wazuh_modules/wm_github.o
wazuh_modules/wm_office365.c: In function ‘wm_office365_execute_scan’:
wazuh_modules/wm_office365.c:441:33: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
                                 strncpy(url, next_page, strlen(next_page));
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC wazuh_modules/wm_database.o
    CC wazuh_modules/wm_download.o
    CC wazuh_modules/wm_docker.o
    CC wazuh_modules/wm_sca.o
    CC wazuh_modules/wm_fluent.o
wazuh_modules/wm_github.c: In function ‘wm_github_execute_scan’:
wazuh_modules/wm_github.c:329:41: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
                                         strncpy(url, next_page, strlen(next_page));
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC wazuh_modules/wm_command.o
    CC wazuh_modules/wm_ciscat.o
    CC wazuh_modules/agent_upgrade/wm_agent_upgrade.o
    CC wazuh_modules/vulnerability_detector/wm_vuln_detector.o
    CC wazuh_modules/vulnerability_detector/wm_vuln_detector_evr.o
    CC wazuh_modules/vulnerability_detector/wm_vuln_detector_nvd.o
    CC wazuh_modules/task_manager/wm_task_manager.o
    CC wazuh_modules/task_manager/wm_task_manager_parsing.o
    CC wazuh_modules/task_manager/wm_task_manager_commands.o
    CC wazuh_modules/task_manager/wm_task_manager_tasks.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_tasks.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_manager.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_validate.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_upgrades.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_parsing.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_commands.o
    CC wazuh_modules/agent_upgrade/manager/wm_agent_upgrade_tasks_callbacks.o
    CC wazuh_db/wdb_metadata.o
    CC wazuh_db/wdb_agents.o
    CC wazuh_db/wdb_integrity.o
    CC wazuh_db/wdb.o
    CC wazuh_db/wdb_scan_info.o
    CC wazuh_db/wdb_syscollector.o
    CC wazuh_db/wdb_upgrade.o
    CC wazuh_db/wdb_task.o
    CC wazuh_db/wdb_sca.o
    CC wazuh_db/wdb_global.o
    CC wazuh_db/wdb_parser.o
    CC wazuh_db/wdb_fim.o
    CC wazuh_db/wdb_rootcheck.o
    CC wazuh_db/wdb_ciscat.o
    CC wazuh_db/helpers/wdb_global_helpers.o
    CC wazuh_db/helpers/wdb_agents_helpers.o
wazuh_db/wdb_parser.c: In function ‘wdb_parse_syscheck’:
wazuh_db/wdb_parser.c:1264:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(unsc_checksum + unsc_size, mark, mark_size);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wazuh_db/wdb_parser.c:1262:32: note: length computed here
             size_t mark_size = strlen(mark);
                                ^~~~~~~~~~~~
    CC wazuh_db/schema_upgrade_v2.o
In function ‘wm_vuldet_adapt_title’,
    inlined from ‘wm_vuldet_json_rh_parser.isra.14’ at wazuh_modules/vulnerability_detector/wm_vuln_detector.c:4809:9,
    inlined from ‘wm_vuldet_json_parser.isra.30’ at wazuh_modules/vulnerability_detector/wm_vuln_detector.c:5017:26:
wazuh_modules/vulnerability_detector/wm_vuln_detector.c:3557:5: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
     strncpy(title, title_ofs, strlen(title_ofs) + 1);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wazuh_modules/vulnerability_detector/wm_vuln_detector.c: In function ‘wm_vuldet_json_parser.isra.30’:
wazuh_modules/vulnerability_detector/wm_vuln_detector.c:3557:31: note: length computed here
     strncpy(title, title_ofs, strlen(title_ofs) + 1);
                               ^~~~~~~~~~~~~~~~~
    CC wazuh_db/schema_upgrade_v9.o
    CC wazuh_db/schema_upgrade_v3.o
    CC wazuh_db/schema_upgrade_v1.o
    CC wazuh_db/schema_upgrade_v6.o
    CC wazuh_db/schema_agents.o
    CC wazuh_db/schema_global_upgrade_v1.o
    CC wazuh_db/schema_task_manager.o
    CC wazuh_db/schema_upgrade_v8.o
    CC wazuh_db/schema_upgrade_v4.o
    CC wazuh_db/schema_global.o
    CC wazuh_db/schema_global_upgrade_v2.o
    CC wazuh_db/schema_upgrade_v5.o
    CC wazuh_db/schema_global_upgrade_v3.o
    CC wazuh_db/schema_vuln_detector.o
    CC wazuh_db/schema_upgrade_v7.o
    CC os_crypto/blowfish/bf_op.o
    CC os_crypto/md5/md5_op.o
    CC os_crypto/sha1/sha1_op.o
    CC os_crypto/shared/keys.o
    CC os_crypto/shared/msgs.o
    CC os_crypto/md5_sha1/md5_sha1_op.o
    CC os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.o
    CC os_crypto/sha256/sha256_op.o
    CC os_crypto/sha512/sha512_op.o
    CC os_crypto/aes/aes_op.o
    CC os_crypto/hmac/hmac.o
    CC os_crypto/signature/signature.o
os_crypto/shared/keys.c: In function ‘OS_ReadKeys’:
os_crypto/shared/keys.c:251:13: warning: ‘strncpy’ output may be truncated copying 127 bytes from a string of length 2048 [-Wstringop-truncation]
             strncpy(id, valid_str, KEYSIZE - 1);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC shared/file-queue.o
    CC shared/json-queue.o
    CC shared/read-alert.o
    CC shared/enrollment_op.o
    CC shared/fs_op.o
    CC shared/rootcheck_op.o
    CC shared/store_op.o
    CC shared/bzip2_op.o
shared/enrollment_op.c: In function ‘w_enrollment_concat_src_ip’:
shared/enrollment_op.c:554:13: warning: ‘strncat’ output may be truncated copying 254 bytes from a string of length 255 [-Wstringop-truncation]
             strncat(buff,opt_buf,254);
             ^~~~~~~~~~~~~~~~~~~~~~~~~
    CC shared/exec_op.o
    CC shared/request_op.o
    CC shared/log_builder.o
    CC shared/mem_op.o
    CC shared/file_op.o
    CC shared/pthreads_op.o
    CC shared/os_utils.o
    CC shared/rbtree_op.o
    CC shared/cluster_utils.o
shared/mem_op.c: In function ‘os_LoadString’:
shared/mem_op.c:112:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncat(at, str, strsize);
         ^~~~~~~~~~~~~~~~~~~~~~~~~
shared/mem_op.c:101:26: note: length computed here
         size_t strsize = strlen(str);
                          ^~~~~~~~~~~
    CC shared/integrity_op.o
    CC shared/time_op.o
    CC shared/syscheck_op.o
    CC shared/queue_linked_op.o
    CC shared/yaml2json.o
    CC shared/vector_op.o
    CC shared/report_op.o
    CC shared/audit_op.o
    CC shared/sym_load.o
    CC shared/wait_op.o
    CC shared/help.o
    CC shared/labels_op.o
    CC shared/auth_client.o
    CC shared/list_op.o
    CC shared/privsep_op.o
    CC shared/url.o
    CC shared/b64.o
    CC shared/custom_output_search_replace.o
    CC shared/debug_op.o
    CC shared/math_op.o
    CC shared/atomic.o
shared/custom_output_search_replace.c: In function ‘searchAndReplace’:
shared/custom_output_search_replace.c:51:9: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncpy(tmp + tmp_offset, value, value_len);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
shared/custom_output_search_replace.c:19:30: note: length computed here
     const size_t value_len = strlen(value);
                              ^~~~~~~~~~~~~
    CC shared/rules_op.o
    CC shared/regex_op.o
    CC shared/read-agents.o
    CC shared/version_op.o
    CC shared/remoted_op.o
    CC shared/mq_op.o
    CC shared/hash_op.o
    CC shared/notify_op.o
    CC shared/buffer_op.o
shared/read-agents.c: In function ‘_do_print_syscheck’:
shared/read-agents.c:431:17: warning: ‘strncpy’ output may be truncated copying 23 bytes from a string of length 24 [-Wstringop-truncation]
                 strncpy(saved_read_day, read_day, 23);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC shared/validate_op.o
    CC shared/sig_op.o
    CC shared/json_op.o
    CC shared/schedule_scan.o
    CC shared/string_op.o
shared/validate_op.c: In function ‘__gethour’:
shared/validate_op.c:541:38: warning: ‘%02d’ directive output may be truncated writing between 2 and 11 bytes into a region of size 6 [-Wformat-truncation=]
             snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin);
                                      ^~~~
shared/validate_op.c:541:37: note: directive argument in the range [-2147483636, 2147483647]
             snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin);
                                     ^~~~~~~~~~~
shared/validate_op.c:541:13: note: ‘snprintf’ output between 6 and 24 bytes into a destination of size 6
             snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC shared/expression.o
    CC shared/sysinfo_utils.o
    CC shared/bqueue_op.o
    CC shared/queue_op.o
    CC shared/utf8_op.o
    CC shared/randombytes.o
    CC shared/agent_op.o
    CC shared/wazuhdb_op.o
shared/string_op.c: In function ‘wstr_split’:
shared/string_op.c:504:17: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
                 strncpy(new_term_it, acc_strs[count], strlen(acc_strs[count]));
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
shared/string_op.c:501:21: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
                     strncpy(new_term_it, new_delim, new_delim_size);
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
shared/string_op.c:461:29: note: length computed here
     size_t new_delim_size = strlen(replace_delim ? replace_delim : delim);
                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC os_net/os_net.o
    CC os_regex/os_regex_match.o
    CC os_regex/os_regex.o
    CC os_regex/os_regex_str.o
    CC os_regex/os_match.o
    CC os_regex/os_regex_compile.o
    CC os_regex/os_regex_startswith.o
    CC os_regex/os_regex_free_pattern.o
    CC os_regex/os_match_compile.o
    CC os_regex/os_match_free_pattern.o
    CC os_regex/os_regex_maps.o
    CC os_regex/os_regex_strbreak.o
    CC os_regex/os_regex_execute.o
    CC os_regex/os_match_execute.o
    CC os_xml/os_xml_variables.o
    CC os_xml/os_xml.o
    CC os_xml/os_xml_access.o
    CC os_xml/os_xml_node_access.o
    CC os_xml/os_xml_writer.o
    CC os_zlib/os_zlib.o
    CC os_auth/ssl.o
    CC os_auth/check_cert.o
    CC addagent/validate.o
    CC analysisd/logmsg.o
    CC os_csyslogd/config.o
    CC os_csyslogd/csyscom.o
    CC os_csyslogd/main.o
    CC os_csyslogd/csyslogd.o
addagent/validate.c: In function ‘OS_AddNewAgent’:
addagent/validate.c:50:27: warning: ‘%03d’ directive output may be truncated writing between 3 and 11 bytes into a region of size 9 [-Wformat-truncation=]
         snprintf(_id, 9, "%03d", ++keys->id_counter);
                           ^~~~
addagent/validate.c:50:26: note: directive argument in the range [-2147483647, 2147483647]
         snprintf(_id, 9, "%03d", ++keys->id_counter);
                          ^~~~~~
addagent/validate.c:50:9: note: ‘snprintf’ output between 4 and 12 bytes into a destination of size 9
         snprintf(_id, 9, "%03d", ++keys->id_counter);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC os_csyslogd/alert.o
    CC agentlessd/lessdcom.o
    CC agentlessd/main.o
    CC agentlessd/agentlessd.o
    CC os_execd/exec.o
    CC os_execd/config.o
    CC os_execd/execd.o
    CC os_execd/win_execd.o
    CC os_execd/wcom.o
    CC active-response/active_responses.o
os_execd/exec.c: In function ‘ReadExecConfig’:
os_execd/exec.c:72:9: warning: ‘strncpy’ output may be truncated copying 256 bytes from a string of length 65536 [-Wstringop-truncation]
         strncpy(exec_names[exec_size], str_pt, OS_FLSIZE);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC logcollector/read_ossecalert.o
    CC logcollector/read_command.o
    CC logcollector/state.o
    CC logcollector/read_djb_multilog.o
    CC logcollector/read_postgresql_log.o
    CC logcollector/main.o
    CC logcollector/read_ucs2_le.o
    CC logcollector/config.o
    CC logcollector/read_win_el.o
    CC logcollector/lccom.o
logcollector/read_postgresql_log.c: In function ‘read_postgresql_log’:
logcollector/read_postgresql_log.c:114:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation]
                 strncpy(buffer, str, str_len + 2);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logcollector/read_postgresql_log.c:106:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation]
                 strncpy(buffer, str, str_len + 2);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC logcollector/read_macos.o
    CC logcollector/read_mssql_log.o
    CC logcollector/read_json.o
    CC logcollector/read_win_event_channel.o
    CC logcollector/read_syslog.o
    CC logcollector/macos_log.o
    CC logcollector/read_audit.o
    CC logcollector/read_multiline_regex.o
    CC logcollector/read_nmapg.o
    CC logcollector/logcollector.o
    CC logcollector/read_mysql_log.o
logcollector/read_mssql_log.c: In function ‘read_mssql_log’:
logcollector/read_mssql_log.c:117:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation]
                 strncpy(buffer, str, str_len + 2);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logcollector/read_mssql_log.c:108:17: warning: ‘strncpy’ output may be truncated copying between 2 and 65536 bytes from a string of length 65536 [-Wstringop-truncation]
                 strncpy(buffer, str, str_len + 2);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logcollector/read_audit.c: In function ‘audit_send_msg’:
logcollector/read_audit.c:31:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(message + n, cache[i], z);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logcollector/read_audit.c:25:13: note: length computed here
         z = strlen(cache[i]);
             ^~~~~~~~~~~~~~~~
    CC logcollector/read_ucs2_be.o
    CC logcollector/read_multiline.o
    CC logcollector/read_fullcommand.o
    CC logcollector/read_snortfull.o
    CC remoted/manager.o
logcollector/read_nmapg.c: In function ‘read_nmapg’:
logcollector/read_nmapg.c:246:13: warning: ‘strncat’ output may be truncated copying between 27 and 65533 bytes from a string of length 65536 [-Wstringop-truncation]
             strncat(final_msg, buffer, final_msg_s);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC remoted/sendmsg.o
    CC remoted/request.o
logcollector/read_snortfull.c: In function ‘read_snortfull’:
logcollector/read_snortfull.c:54:17: warning: ‘strncpy’ output may be truncated copying 65536 bytes from a string of length 65536 [-Wstringop-truncation]
                 strncpy(f_msg, str, OS_MAXSTR);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logcollector/read_multiline.c: In function ‘read_multiline’:
logcollector/read_multiline.c:96:9: warning: ‘strncpy’ output may be truncated copying between 0 and 65534 bytes from a string of length 65536 [-Wstringop-truncation]
         strncpy(buffer + buffer_size, str, OS_MAXSTR - buffer_size - 2);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC remoted/cfga-forward.o
    CC remoted/queue.o
    CC remoted/ar-forward.o
    CC remoted/netcounter.o
In function ‘find_group_from_file’,
    inlined from ‘lookfor_agent_group’ at remoted/manager.c:1371:41:
remoted/manager.c:1209:21: warning: ‘strncpy’ specified bound 65536 equals destination size [-Wstringop-truncation]
                     strncpy(group, groups[i]->name, OS_SIZE_65536);
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘find_multi_group_from_file’,
    inlined from ‘lookfor_agent_group’ at remoted/manager.c:1371:84:
remoted/manager.c:1228:21: warning: ‘strncpy’ specified bound 65536 equals destination size [-Wstringop-truncation]
                     strncpy(multigroup, multi_groups[i]->name, OS_SIZE_65536);
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC remoted/config.o
remoted/manager.c: In function ‘validate_shared_files’:
remoted/manager.c:1071:17: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation]
                 strncpy((*f_sum)[(*f_size)]->sum, md5sum, 32);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC remoted/secure.o
    CC remoted/remoted.o
remoted/manager.c: In function ‘c_group’:
remoted/manager.c:525:13: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation]
             strncpy((*_f_sum)[0]->sum, md5sum, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
remoted/manager.c:541:13: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation]
             strncpy((*_f_sum)[f_size]->sum, md5sum, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
remoted/manager.c:568:9: warning: ‘strncpy’ output may be truncated copying 32 bytes from a string of length 32 [-Wstringop-truncation]
         strncpy((*_f_sum)[0]->sum, md5sum, 32);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC remoted/state.o
    CC remoted/main.o
    CC remoted/syslog.o
In function ‘HandleSecureMessage’,
    inlined from ‘rem_handler_main’ at remoted/secure.c:349:13:
remoted/secure.c:476:17: warning: ‘strncpy’ specified bound 129 equals destination size [-Wstringop-truncation]
                 strncpy(agname, keys.keyentries[id]->name, sizeof(agname));
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
remoted/manager.c: In function ‘process_deleted_multi_groups’:
remoted/manager.c:950:17: warning: ‘strncpy’ output may be truncated copying 8 bytes from a string of length 64 [-Wstringop-truncation]
                 strncpy(_hash, multi_group_hash, 8);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC remoted/shared_download.o
    CC remoted/syslogtcp.o
    CC remoted/netbuffer.o
    CC client-agent/sendmsg.o
    CC client-agent/request.o
remoted/manager.c: In function ‘send_file_toagent.constprop’:
remoted/manager.c:1417:13: warning: ‘strncpy’ output may be truncated copying 8 bytes from a string of length 64 [-Wstringop-truncation]
             strncpy(_hash, multi_group_hash, 8);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC client-agent/config.o
    CC client-agent/agentd.o
    CC client-agent/event-forward.o
    CC client-agent/rotate_log.o
    CC client-agent/state.o
    CC client-agent/receiver-win.o
    CC client-agent/main.o
    CC client-agent/restart_agent.o
    CC client-agent/receiver.o
    CC client-agent/buffer.o
    CC client-agent/start_agent.o
    CC client-agent/agcom.o
    CC client-agent/notify.o
    CC monitord/rotate_log.o
    CC monitord/compress_log.o
    CC addagent/read_from_user.o
    CC addagent/main.o
    CC addagent/manage_keys.o
    CC addagent/manage_agents.o
    CC util/clear_stats.o
    CC util/agent_control.o
monitord/rotate_log.c: In function ‘w_rotate_log’:
monitord/rotate_log.c:211:42: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
             snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                          ^~
monitord/rotate_log.c:211:13: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
             snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
monitord/rotate_log.c:244:38: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
         snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                      ^~
monitord/rotate_log.c:244:9: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
         snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
monitord/rotate_log.c:244:38: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
         snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                      ^~
monitord/rotate_log.c:244:9: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
         snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
monitord/rotate_log.c:288:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                              ^~
monitord/rotate_log.c:288:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
monitord/rotate_log.c:298:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                              ^~
monitord/rotate_log.c:298:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
monitord/rotate_log.c:308:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                              ^~
monitord/rotate_log.c:308:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
monitord/rotate_log.c:318:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                                              ^~
monitord/rotate_log.c:318:17: note: ‘snprintf’ output between 2 and 4352 bytes into a destination of size 4096
                 snprintf(path, PATH_MAX, "%s/%s", base_dir, dirent->d_name);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC util/verify-agent-conf.o
    CC util/wazuh-regex.o
    CC util/parallel-regex.o
    CC active-response/firewalls/default-firewall-drop.o
    CC shared/file_op_proc.o
    CC shared/debug_op_proc.o
    CC active-response/firewalls/pf.o
    CC active-response/firewalls/npf.o
    CC active-response/firewalls/ipfw.o
    CC active-response/firewalld-drop.o
active-response/firewalls/default-firewall-drop.c: In function ‘main’:
active-response/firewalls/default-firewall-drop.c:102:13: warning: ‘strncpy’ output may be truncated copying 4095 bytes from a string of length 4095 [-Wstringop-truncation]
             strncpy(iptables, iptables_path, COMMANDSIZE_4096 - 1);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC active-response/disable-account.o
    CC active-response/host-deny.o
    CC active-response/ip-customblock.o
    CC active-response/restart-wazuh.o
    CC active-response/route-null.o
    CC active-response/kaspersky.o
    CC active-response/wazuh-slack.o
active-response/firewalld-drop.c: In function ‘main’:
active-response/firewalld-drop.c:110:13: warning: ‘strncpy’ output may be truncated copying 4095 bytes from a string of length 4095 [-Wstringop-truncation]
             strncpy(fw_cmd, fw_cmd_path, COMMANDSIZE_4096 - 1);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC syscheckd/db/schema_fim_db.o
    CC syscheckd/create_db.o
    CC syscheckd/syscom.o
    CC syscheckd/syscheck.o
    CC syscheckd/config.o
    CC syscheckd/fim_diff_changes.o
    CC syscheckd/fim_sync.o
    CC syscheckd/run_check.o
    CC syscheckd/main.o
    CC syscheckd/run_realtime.o
    CC syscheckd/db/fim_db.o
    CC syscheckd/db/fim_db_files.o
    CC syscheckd/db/fim_db_registries.o
    CC syscheckd/whodata/audit_healthcheck.o
    CC syscheckd/whodata/audit_rule_handling.o
    CC syscheckd/whodata/syscheck_audit.o
    CC syscheckd/whodata/audit_parse.o
    CC syscheckd/whodata/win_whodata.o
    CC syscheckd/registry/registry.o
    CC syscheckd/registry/events.o
    CC rootcheck/config.o
    CC rootcheck/check_rc_files.o
    CC rootcheck/win-process.o
    CC rootcheck/check_rc_ports.o
    CC rootcheck/common_rcl.o
    CC rootcheck/unix-process.o
    CC rootcheck/common.o
    CC rootcheck/rootcheck.o
    CC rootcheck/check_rc_if.o
    CC rootcheck/check_open_ports.o
    CC rootcheck/os_string.o
    CC rootcheck/win-common.o
rootcheck/unix-process.c: In function ‘os_get_process_list’:
rootcheck/unix-process.c:28:40: warning: ‘ -p ’ directive output may be truncated writing 4 bytes into a region of size between 0 and 1024 [-Wformat-truncation=]
     snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid);
                                        ^~~~
rootcheck/unix-process.c:28:37: note: directive argument in the range [1, 32769]
     snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid);
                                     ^~~~~~~~~~~~~~~~~~~~~~~
rootcheck/unix-process.c:28:5: note: ‘snprintf’ output between 19 and 1047 bytes into a destination of size 1024
     snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ./headers/shared.h:220,
                 from rootcheck/common.c:11:
In function ‘is_file.part.1’,
    inlined from ‘is_file’ at rootcheck/common.c:446:5:
./headers/debug_op.h:46:32: warning: argument 6 null where non-null expected [-Wnonnull]
 #define mterror(tag, msg, ...) _mterror(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__)
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rootcheck/common.c:454:9: note: in expansion of macro ‘mterror’
         mterror(ARGV0, "RK: Invalid file name: %s!", file_name);
         ^~~~~~~
In file included from ./headers/shared.h:220,
                 from rootcheck/common.c:11:
rootcheck/common.c: In function ‘is_file’:
./headers/debug_op.h:61:6: note: in a call to function ‘_mterror’ declared here
 void _mterror(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull));
      ^~~~~~~~
    CC rootcheck/check_rc_readproc.o
    CC rootcheck/check_rc_dev.o
rootcheck/check_rc_if.c: In function ‘check_rc_if’:
rootcheck/check_rc_if.c:87:9: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
         strncpy(_ifr.ifr_name, _ir->ifr_name, sizeof(_ifr.ifr_name));
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC rootcheck/check_rc_sys.o
    CC rootcheck/run_rk_check.o
    CC rootcheck/check_rc_policy.o
    CC rootcheck/check_rc_pids.o
    CC rootcheck/check_rc_trojans.o
rootcheck/check_rc_dev.c: In function ‘read_dev_dir’:
rootcheck/check_rc_dev.c:41:47: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 1018 [-Wformat-truncation=]
         snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev."
                                               ^~
rootcheck/check_rc_dev.c:140:23:
         read_dev_file(f_name);
                       ~~~~~~
rootcheck/check_rc_dev.c:41:9: note: ‘snprintf’ output between 47 and 4144 bytes into a destination of size 1024
         snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev."
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  " Possible hidden file.", file_name);
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC monitord/sign_log.o
    CC monitord/manage_files.o
rootcheck/check_rc_sys.c: In function ‘read_sys_dir’:
rootcheck/check_rc_sys.c:93:52: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 998 [-Wformat-truncation=]
                     snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file "
                                                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
rootcheck/check_rc_sys.c:284:23:
         read_sys_file(f_name, do_read);
                       ~~~~~~
rootcheck/check_rc_sys.c:94:32: note: format string is defined here
                              "'%s'. File size doesn't match what we found. "
                                ^~
rootcheck/check_rc_sys.c:93:21: note: ‘snprintf’ output between 99 and 4196 bytes into a destination of size 1024
                     snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file "
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                              "'%s'. File size doesn't match what we found. "
                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                              "Possible kernel level rootkit.",
                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                              file_name);
                              ~~~~~~~~~~
rootcheck/check_rc_sys.c:122:51: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 1018 [-Wformat-truncation=]
             snprintf(op_msg, OS_SIZE_1024, "File '%s' is owned by root "
                                                   ^~
rootcheck/check_rc_sys.c:284:23:
         read_sys_file(f_name, do_read);
                       ~~~~~~
rootcheck/check_rc_sys.c:122:13: note: ‘snprintf’ output between 64 and 4161 bytes into a destination of size 1024
             snprintf(op_msg, OS_SIZE_1024, "File '%s' is owned by root "
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                      "and has written permissions to anyone.", file_name);
                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rootcheck/check_rc_sys.c:40:67: warning: ‘%s’ directive output may be truncated writing up to 4097 bytes into a region of size 998 [-Wformat-truncation=]
         snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file '%s'. "
                                                                   ^~
rootcheck/check_rc_sys.c:284:23:
         read_sys_file(f_name, do_read);
                       ~~~~~~
rootcheck/check_rc_sys.c:40:9: note: ‘snprintf’ output between 106 and 4203 bytes into a destination of size 1024
         snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file '%s'. "
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  "Hidden from stats, but showing up on readdir. "
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  "Possible kernel level rootkit.",
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  file_name);
                  ~~~~~~~~~~
    CC monitord/moncom.o
    CC monitord/monitord.o
    CC monitord/main.o
    CC monitord/generate_reports.o
    CC monitord/monitor_actions.o
    CC reportd/report.o
    CC os_auth/main-server.o
    CC os_auth/local-server.o
    CC os_auth/config.o
    CC os_auth/authcom.o
    CC os_auth/auth.o
./analysisd/compiled_rules/register_rule.sh build
    CC analysisd/output/jsonout.o
    CC analysisd/output/prelude.o
    CC analysisd/output/zeromq.o
    CC analysisd/format/json_extended.o
    CC analysisd/format/to_json.o
    CC analysisd/alerts/exec.o
    CC analysisd/alerts/log.o
    CC analysisd/alerts/getloglocation.o
    CC analysisd/cdb/cdb_hash.o
    CC analysisd/cdb/uint32_pack.o
    CC analysisd/cdb/uint32_unpack.o
    CC analysisd/cdb/cdb_make.o
    CC analysisd/cdb/cdb.o
analysisd/alerts/getloglocation.c: In function ‘openlog’:
analysisd/alerts/getloglocation.c:134:13: warning: ‘strncpy’ output may be truncated copying 256 bytes from a string of length 256 [-Wstringop-truncation]
             strncpy(path, next, OS_FLSIZE);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC analysisd/decoders/decoder-live.o
    CC analysisd/decoders/hostinfo-live.o
    CC analysisd/decoders/decode-xml-live.o
    CC analysisd/decoders/winevtchannel-live.o
    CC analysisd/decoders/dbsync-live.o
    CC analysisd/decoders/syscheck-live.o
    CC analysisd/decoders/plugin_decoders-live.o
*Build completed.
analysisd/decoders/decode-xml.c: In function ‘_loadmemory’:
analysisd/decoders/decode-xml.c:901:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncat(at, str, strsize);
         ^~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/decoders/decode-xml.c:880:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(at, str, strsize);
             ^~~~~~~~~~~~~~~~~~~~~~~~~
    CC analysisd/decoders/syscollector-live.o
    CC analysisd/decoders/security_configuration_assessment-live.o
    CC analysisd/decoders/geoip-live.o
    CC analysisd/decoders/rootcheck-live.o
    CC analysisd/decoders/ciscat-live.o
    CC analysisd/decoders/decoders_list-live.o
    CC analysisd/decoders/plugins/pf_decoder-live.o
    CC analysisd/decoders/plugins/json_decoder-live.o
    CC analysisd/decoders/plugins/sonicwall_decoder-live.o
    CC analysisd/decoders/plugins/symantecws_decoder-live.o
    CC analysisd/decoders/plugins/ossecalert_decoder-live.o
    CC analysisd/compiled_rules/generic_samples-live.o
    CC analysisd/rules_list-test.o
    CC analysisd/state-test.o
    CC analysisd/stats-test.o
    CC analysisd/mitre-test.o
    CC analysisd/lists-test.o
    CC analysisd/active-response-test.o
    CC analysisd/fts-test.o
    CC analysisd/lists_list-test.o
    CC analysisd/config-test.o
    CC analysisd/labels-test.o
    CC analysisd/cleanevent-test.o
    CC analysisd/asyscom-test.o
    CC analysisd/eventinfo-test.o
    CC analysisd/eventinfo_list-test.o
    CC analysisd/ar_json-test.o
    CC analysisd/lists_make-test.o
    CC analysisd/config_json-test.o
    CC analysisd/logtest-test.o
    CC analysisd/accumulator-test.o
    CC analysisd/rules-test.o
    CC analysisd/dodiff-test.o
    CC analysisd/testrule-test.o
    CC analysisd/analysisd-test.o
analysisd/eventinfo.c: In function ‘ParseRuleComment’:
analysisd/eventinfo.c:909:9: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncpy(&final[n], str, z);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/eventinfo.c:906:22: note: length computed here
         if (n + (z = strlen(str)) >= OS_COMMENT_MAX)
                      ^~~~~~~~~~~
analysisd/eventinfo.c:975:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(&final[n], field, z);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/eventinfo.c:972:26: note: length computed here
             if (n + (z = strlen(field)) >= OS_COMMENT_MAX)
                          ^~~~~~~~~~~~~
analysisd/eventinfo.c:983:5: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
     strncpy(&final[n], str, z);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/eventinfo.c:980:18: note: length computed here
     if (n + (z = strlen(str)) >= OS_COMMENT_MAX)
                  ^~~~~~~~~~~
    CC analysisd/decoders/hostinfo-test.o
    CC analysisd/decoders/decoder-test.o
    CC analysisd/decoders/decode-xml-test.o
    CC analysisd/decoders/winevtchannel-test.o
analysisd/rules.c: In function ‘loadmemory’:
analysisd/rules.c:2033:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncat(at, str, strsize);
         ^~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/rules.c:2009:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(at, str, strsize);
             ^~~~~~~~~~~~~~~~~~~~~~~~~
    CC analysisd/decoders/dbsync-test.o
    CC analysisd/decoders/syscheck-test.o
    CC analysisd/decoders/plugin_decoders-test.o
    CC analysisd/decoders/syscollector-test.o
analysisd/decoders/decode-xml.c: In function ‘_loadmemory’:
analysisd/decoders/decode-xml.c:901:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncat(at, str, strsize);
         ^~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/decoders/decode-xml.c:880:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(at, str, strsize);
             ^~~~~~~~~~~~~~~~~~~~~~~~~
    CC analysisd/decoders/security_configuration_assessment-test.o
    CC analysisd/decoders/geoip-test.o
analysisd/analysisd.c: In function ‘w_log_rotate_thread’:
analysisd/analysisd.c:2207:17: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation]
                 strncpy(prev_month, mon, 3);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC analysisd/decoders/rootcheck-test.o
analysisd/analysisd.c: In function ‘OS_ReadMSG_analysisd’:
analysisd/analysisd.c:909:9: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation]
         strncpy(lf->mon, prev_month, 3);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC analysisd/decoders/ciscat-test.o
    CC analysisd/decoders/decoders_list-test.o
    CC analysisd/decoders/plugins/pf_decoder-test.o
    CC analysisd/decoders/plugins/json_decoder-test.o
    CC analysisd/decoders/plugins/sonicwall_decoder-test.o
    CC analysisd/decoders/plugins/symantecws_decoder-test.o
    CC analysisd/decoders/plugins/ossecalert_decoder-test.o
    CC analysisd/compiled_rules/generic_samples-test.o
    CC os_dbd/config.o
    CC os_dbd/db_op.o
    CC os_dbd/rules.o
    CC os_dbd/main.o
    CC os_dbd/server.o
    CC os_dbd/alert.o
    CC os_dbd/dbd.o
    CC os_integrator/integrator.o
    CC os_integrator/intgcom.o
    CC os_integrator/config.o
    CC os_integrator/main.o
    CC wazuh_modules/main.o
    CC wazuh_db/main.o
    LINK libwazuh.a
    CC libwazuhshared.so
    LINK rootcheck.a
    CC analysisd/rules_list-live.o
    CC analysisd/state-live.o
    RANLIB rootcheck.a
    CC analysisd/stats-live.o
    CC analysisd/mitre-live.o
    RANLIB libwazuh.a
    CC analysisd/lists-live.o
    CC analysisd/active-response-live.o
    CC analysisd/fts-live.o
    CC analysisd/lists_list-live.o
    CC analysisd/config-live.o
    CC analysisd/labels-live.o
    CC analysisd/cleanevent-live.o
    CC analysisd/asyscom-live.o
    CC analysisd/eventinfo-live.o
    CC analysisd/eventinfo_list-live.o
    CC analysisd/ar_json-live.o
    CC analysisd/lists_make-live.o
    CC analysisd/config_json-live.o
    CC analysisd/logtest-live.o
    CC analysisd/accumulator-live.o
    CC analysisd/rules-live.o
    CC analysisd/dodiff-live.o
    CC analysisd/analysisd-live.o
    LINK alerts.a
analysisd/eventinfo.c: In function ‘ParseRuleComment’:
analysisd/eventinfo.c:909:9: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncpy(&final[n], str, z);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/eventinfo.c:906:22: note: length computed here
         if (n + (z = strlen(str)) >= OS_COMMENT_MAX)
                      ^~~~~~~~~~~
analysisd/eventinfo.c:975:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(&final[n], field, z);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/eventinfo.c:972:26: note: length computed here
             if (n + (z = strlen(field)) >= OS_COMMENT_MAX)
                          ^~~~~~~~~~~~~
analysisd/eventinfo.c:983:5: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
     strncpy(&final[n], str, z);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/eventinfo.c:980:18: note: length computed here
     if (n + (z = strlen(str)) >= OS_COMMENT_MAX)
                  ^~~~~~~~~~~
    LINK cdb.a
    LINK decoders-live.a
    LINK decoders-test.a
    RANLIB cdb.a
    CC wazuh-dbd
    CC wazuh-integratord
    CC wazuh-modulesd
analysisd/rules.c: In function ‘loadmemory’:
analysisd/rules.c:2033:9: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
         strncat(at, str, strsize);
         ^~~~~~~~~~~~~~~~~~~~~~~~~
analysisd/rules.c:2009:13: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
             strncpy(at, str, strsize);
             ^~~~~~~~~~~~~~~~~~~~~~~~~
    CC wazuh-db
    CC wazuh-maild
    CC wazuh-csyslogd
    CC wazuh-agentlessd
    CC wazuh-execd
    CC wazuh-logcollector
    CC wazuh-remoted
    CC wazuh-agentd
    CC manage_agents
    CC clear_stats
    CC agent_control
    CC verify-agent-conf
analysisd/analysisd.c: In function ‘w_log_rotate_thread’:
analysisd/analysisd.c:2207:17: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation]
                 strncpy(prev_month, mon, 3);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC wazuh-regex
    CC parallel-regex
    CC default-firewall-drop
    CC pf
    CC npf
analysisd/analysisd.c: In function ‘OS_ReadMSG’:
analysisd/analysisd.c:909:9: warning: ‘strncpy’ output may be truncated copying 3 bytes from a string of length 3 [-Wstringop-truncation]
         strncpy(lf->mon, prev_month, 3);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC ipfw
    CC firewalld-drop
    CC disable-account
    CC host-deny
    CC ip-customblock
    CC restart-wazuh
    CC route-null
    CC kaspersky
    CC wazuh-slack
    CC wazuh-syscheckd
    CC wazuh-monitord
    CC wazuh-reportd
    CC wazuh-authd
    CC wazuh-logtest-legacy
    CC wazuh-analysisd
make[1]: Leaving directory '/wz/wazuh-4.3.6-rc1/src'
make settings
make[1]: Entering directory '/wz/wazuh-4.3.6-rc1/src'

General settings:
    TARGET:             server
    V:
    DEBUG:
    DEBUGAD
    INSTALLDIR:         /var/ossec
    DATABASE:
    ONEWAY:             no
    CLEANFULL:          no
    RESOURCES_URL:      https://packages.wazuh.com/deps/16
    EXTERNAL_SRC_ONLY:
User settings:
    WAZUH_GROUP:        wazuh
    WAZUH_USER:         wazuh
USE settings:
    USE_ZEROMQ:         no
    USE_GEOIP:          no
    USE_PRELUDE:        no
    USE_INOTIFY:        no
    USE_BIG_ENDIAN:     no
    USE_SELINUX:        yes
    USE_AUDIT:          yes
    DISABLE_SYSC:       no
    DISABLE_CISCAT:     no
Mysql settings:
    includes:
    libs:
Pgsql settings:
    includes:
    libs:
Defines:
    -DOSSECHIDS -DUSER="wazuh" -DGROUPGLOBAL="wazuh" -DLinux -DINOTIFY_ENABLED -D_XOPEN_SOURCE=600 -D_GNU_SOURCE -DENABLE_SYSC -DENABLE_CISCAT -DENABLE_AUDIT
Compiler:
    CFLAGS            -pthread -Iexternal/libdb/build_unix/ -Iexternal/pacman/lib/libalpm/ -Iexternal/libarchive/libarchive -Wl,--start-group -Iexternal/audit-userspace/lib -DNDEBUG -O2 -DOSSECHIDS -DUSER="wazuh" -DGROUPGLOBAL="wazuh" -DLinux -DINOTIFY_ENABLED -D_XOPEN_SOURCE=600 -D_GNU_SOURCE -DENABLE_SYSC -DENABLE_CISCAT -DENABLE_AUDIT -pipe -Wall -Wextra -std=gnu99 -I./ -I./headers/ -Iexternal/openssl/include -Iexternal/cJSON/ -Iexternal/libyaml/include -Iexternal/curl/include -Iexternal/msgpack/include -Iexternal/bzip2/ -Ishared_modules/common -Ishared_modules/dbsync/include -Ishared_modules/rsync/include -Iwazuh_modules/syscollector/include  -Idata_provider/include  -Iexternal/libpcre2/include -Iexternal/rpm//builddir/output/include
    LDFLAGS           '-Wl,-rpath,/../lib' -pthread -lrt -ldl -O2 -Lshared_modules/dbsync/build/lib -Lshared_modules/rsync/build/lib  -Lwazuh_modules/syscollector/build/lib -Ldata_provider/build/lib
    LIBS              -lrt -ldl -lm
    CC                cc
    MAKE              make
make[1]: Leaving directory '/wz/wazuh-4.3.6-rc1/src'

Done building server

Wait for success...
success
Removing old SCA policies...
Installing SCA policies...
Installing additional SCA policies...
mkdir -p /var/ossec/framework/python
cp external/cpython.tar.gz /var/ossec/framework/python/cpython.tar.gz && tar -xf /var/ossec/framework/python/cpython.tar.gz -C /var/ossec/framework/python && rm -rf /var/ossec/framework/python/cpython.tar.gz
find /var/ossec/framework/python -name "*libpython3.9.so.1.0" -exec ln -f {} /var/ossec/lib/libpython3.9.so.1.0 \;
cd ../framework && /var/ossec/framework/python/bin/python3 setup.py clean --all install --prefix=/var/ossec/framework/python --wazuh-version=v4.3.6 --install-type=server
running clean
'build/lib' does not exist -- can't clean it
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-3.9' does not exist -- can't clean it
running install
running bdist_egg
running egg_info
creating wazuh.egg-info
writing wazuh.egg-info/PKG-INFO
writing dependency_links to wazuh.egg-info/dependency_links.txt
writing top-level names to wazuh.egg-info/top_level.txt
writing manifest file 'wazuh.egg-info/SOURCES.txt'
reading manifest file 'wazuh.egg-info/SOURCES.txt'
writing manifest file 'wazuh.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib
creating build/lib/wazuh
copying wazuh/__init__.py -> build/lib/wazuh
copying wazuh/__main__.py -> build/lib/wazuh
copying wazuh/active_response.py -> build/lib/wazuh
copying wazuh/agent.py -> build/lib/wazuh
copying wazuh/cdb_list.py -> build/lib/wazuh
copying wazuh/ciscat.py -> build/lib/wazuh
copying wazuh/cluster.py -> build/lib/wazuh
copying wazuh/decoder.py -> build/lib/wazuh
copying wazuh/logtest.py -> build/lib/wazuh
copying wazuh/manager.py -> build/lib/wazuh
copying wazuh/mitre.py -> build/lib/wazuh
copying wazuh/rootcheck.py -> build/lib/wazuh
copying wazuh/rule.py -> build/lib/wazuh
copying wazuh/sca.py -> build/lib/wazuh
copying wazuh/security.py -> build/lib/wazuh
copying wazuh/stats.py -> build/lib/wazuh
copying wazuh/syscheck.py -> build/lib/wazuh
copying wazuh/syscollector.py -> build/lib/wazuh
copying wazuh/task.py -> build/lib/wazuh
copying wazuh/vulnerability.py -> build/lib/wazuh
creating build/lib/wazuh/core
copying wazuh/core/InputValidator.py -> build/lib/wazuh/core
copying wazuh/core/__init__.py -> build/lib/wazuh/core
copying wazuh/core/active_response.py -> build/lib/wazuh/core
copying wazuh/core/agent.py -> build/lib/wazuh/core
copying wazuh/core/cdb_list.py -> build/lib/wazuh/core
copying wazuh/core/common.py -> build/lib/wazuh/core
copying wazuh/core/configuration.py -> build/lib/wazuh/core
copying wazuh/core/database.py -> build/lib/wazuh/core
copying wazuh/core/decoder.py -> build/lib/wazuh/core
copying wazuh/core/exception.py -> build/lib/wazuh/core
copying wazuh/core/logtest.py -> build/lib/wazuh/core
copying wazuh/core/manager.py -> build/lib/wazuh/core
copying wazuh/core/mitre.py -> build/lib/wazuh/core
copying wazuh/core/pyDaemonModule.py -> build/lib/wazuh/core
copying wazuh/core/results.py -> build/lib/wazuh/core
copying wazuh/core/rootcheck.py -> build/lib/wazuh/core
copying wazuh/core/rule.py -> build/lib/wazuh/core
copying wazuh/core/sca.py -> build/lib/wazuh/core
copying wazuh/core/security.py -> build/lib/wazuh/core
copying wazuh/core/stats.py -> build/lib/wazuh/core
copying wazuh/core/syscheck.py -> build/lib/wazuh/core
copying wazuh/core/syscollector.py -> build/lib/wazuh/core
copying wazuh/core/task.py -> build/lib/wazuh/core
copying wazuh/core/utils.py -> build/lib/wazuh/core
copying wazuh/core/vulnerability.py -> build/lib/wazuh/core
copying wazuh/core/wazuh_queue.py -> build/lib/wazuh/core
copying wazuh/core/wazuh_socket.py -> build/lib/wazuh/core
copying wazuh/core/wdb.py -> build/lib/wazuh/core
copying wazuh/core/wlogging.py -> build/lib/wazuh/core
creating build/lib/wazuh/rbac
copying wazuh/rbac/__init__.py -> build/lib/wazuh/rbac
copying wazuh/rbac/auth_context.py -> build/lib/wazuh/rbac
copying wazuh/rbac/decorators.py -> build/lib/wazuh/rbac
copying wazuh/rbac/orm.py -> build/lib/wazuh/rbac
copying wazuh/rbac/preprocessor.py -> build/lib/wazuh/rbac
copying wazuh/rbac/utils.py -> build/lib/wazuh/rbac
creating build/lib/wazuh/core/cluster
copying wazuh/core/cluster/__init__.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/client.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/cluster.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/common.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/control.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/local_client.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/local_server.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/master.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/server.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/utils.py -> build/lib/wazuh/core/cluster
copying wazuh/core/cluster/worker.py -> build/lib/wazuh/core/cluster
creating build/lib/wazuh/core/cluster/dapi
copying wazuh/core/cluster/dapi/__init__.py -> build/lib/wazuh/core/cluster/dapi
copying wazuh/core/cluster/dapi/dapi.py -> build/lib/wazuh/core/cluster/dapi
copying wazuh/core/wazuh.json -> build/lib/wazuh/core
copying wazuh/core/cluster/cluster.json -> build/lib/wazuh/core/cluster
creating build/lib/wazuh/rbac/default
copying wazuh/rbac/default/policies.yaml -> build/lib/wazuh/rbac/default
copying wazuh/rbac/default/relationships.yaml -> build/lib/wazuh/rbac/default
copying wazuh/rbac/default/roles.yaml -> build/lib/wazuh/rbac/default
copying wazuh/rbac/default/rules.yaml -> build/lib/wazuh/rbac/default
copying wazuh/rbac/default/users.yaml -> build/lib/wazuh/rbac/default
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/__init__.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/__main__.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/active_response.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/agent.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/cdb_list.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/ciscat.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/cluster.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/decoder.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/logtest.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/manager.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/mitre.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/rootcheck.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/rule.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/sca.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/security.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/stats.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/syscheck.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/syscollector.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/task.py -> build/bdist.linux-x86_64/egg/wazuh
copying build/lib/wazuh/vulnerability.py -> build/bdist.linux-x86_64/egg/wazuh
creating build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/InputValidator.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/active_response.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/agent.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/cdb_list.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/common.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/configuration.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/database.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/decoder.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/exception.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/logtest.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/manager.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/mitre.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/pyDaemonModule.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/results.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/rootcheck.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/rule.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/sca.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/security.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/stats.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/syscheck.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/syscollector.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/task.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/utils.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/vulnerability.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/wazuh_queue.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/wazuh_socket.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/wdb.py -> build/bdist.linux-x86_64/egg/wazuh/core
copying build/lib/wazuh/core/wlogging.py -> build/bdist.linux-x86_64/egg/wazuh/core
creating build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/client.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/cluster.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/common.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/control.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/local_client.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/local_server.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/master.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/server.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/utils.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/cluster/worker.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
creating build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi
copying build/lib/wazuh/core/cluster/dapi/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi
copying build/lib/wazuh/core/cluster/dapi/dapi.py -> build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi
copying build/lib/wazuh/core/cluster/cluster.json -> build/bdist.linux-x86_64/egg/wazuh/core/cluster
copying build/lib/wazuh/core/wazuh.json -> build/bdist.linux-x86_64/egg/wazuh/core
creating build/bdist.linux-x86_64/egg/wazuh/rbac
copying build/lib/wazuh/rbac/__init__.py -> build/bdist.linux-x86_64/egg/wazuh/rbac
copying build/lib/wazuh/rbac/auth_context.py -> build/bdist.linux-x86_64/egg/wazuh/rbac
copying build/lib/wazuh/rbac/decorators.py -> build/bdist.linux-x86_64/egg/wazuh/rbac
copying build/lib/wazuh/rbac/orm.py -> build/bdist.linux-x86_64/egg/wazuh/rbac
copying build/lib/wazuh/rbac/preprocessor.py -> build/bdist.linux-x86_64/egg/wazuh/rbac
copying build/lib/wazuh/rbac/utils.py -> build/bdist.linux-x86_64/egg/wazuh/rbac
creating build/bdist.linux-x86_64/egg/wazuh/rbac/default
copying build/lib/wazuh/rbac/default/policies.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default
copying build/lib/wazuh/rbac/default/relationships.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default
copying build/lib/wazuh/rbac/default/roles.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default
copying build/lib/wazuh/rbac/default/rules.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default
copying build/lib/wazuh/rbac/default/users.yaml -> build/bdist.linux-x86_64/egg/wazuh/rbac/default
byte-compiling build/bdist.linux-x86_64/egg/wazuh/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/__main__.py to __main__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/active_response.py to active_response.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/agent.py to agent.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/cdb_list.py to cdb_list.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/ciscat.py to ciscat.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/cluster.py to cluster.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/decoder.py to decoder.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/logtest.py to logtest.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/manager.py to manager.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/mitre.py to mitre.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rootcheck.py to rootcheck.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rule.py to rule.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/sca.py to sca.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/security.py to security.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/stats.py to stats.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/syscheck.py to syscheck.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/syscollector.py to syscollector.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/task.py to task.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/vulnerability.py to vulnerability.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/InputValidator.py to InputValidator.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/active_response.py to active_response.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/agent.py to agent.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cdb_list.py to cdb_list.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/common.py to common.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/configuration.py to configuration.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/database.py to database.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/decoder.py to decoder.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/exception.py to exception.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/logtest.py to logtest.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/manager.py to manager.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/mitre.py to mitre.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/pyDaemonModule.py to pyDaemonModule.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/results.py to results.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/rootcheck.py to rootcheck.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/rule.py to rule.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/sca.py to sca.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/security.py to security.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/stats.py to stats.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/syscheck.py to syscheck.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/syscollector.py to syscollector.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/task.py to task.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/utils.py to utils.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/vulnerability.py to vulnerability.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wazuh_queue.py to wazuh_queue.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wazuh_socket.py to wazuh_socket.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wdb.py to wdb.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/wlogging.py to wlogging.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/client.py to client.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/cluster.py to cluster.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/common.py to common.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/control.py to control.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/local_client.py to local_client.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/local_server.py to local_server.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/master.py to master.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/server.py to server.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/utils.py to utils.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/worker.py to worker.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/core/cluster/dapi/dapi.py to dapi.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/auth_context.py to auth_context.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/decorators.py to decorators.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/orm.py to orm.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/preprocessor.py to preprocessor.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/wazuh/rbac/utils.py to utils.cpython-39.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying wazuh.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying wazuh.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying wazuh.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying wazuh.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying wazuh.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
creating dist
creating 'dist/wazuh-4.3.6-py3.9.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing wazuh-4.3.6-py3.9.egg
creating /var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.3.6-py3.9.egg
Extracting wazuh-4.3.6-py3.9.egg to /var/ossec/framework/python/lib/python3.9/site-packages
Adding wazuh 4.3.6 to easy-install.pth file

Installed /var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.3.6-py3.9.egg
Processing dependencies for wazuh==4.3.6
Finished processing dependencies for wazuh==4.3.6
chown -R root:wazuh /var/ossec/framework/python
chmod -R o=- /var/ossec/framework/python
cd ../api && /var/ossec/framework/python/bin/python3 setup.py clean --all install --prefix=/var/ossec/framework/python
running clean
'build/lib' does not exist -- can't clean it
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-3.9' does not exist -- can't clean it
running install
running bdist_egg
running egg_info
creating api.egg-info
writing api.egg-info/PKG-INFO
writing dependency_links to api.egg-info/dependency_links.txt
writing top-level names to api.egg-info/top_level.txt
writing manifest file 'api.egg-info/SOURCES.txt'
reading manifest file 'api.egg-info/SOURCES.txt'
writing manifest file 'api.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib
creating build/lib/api
copying api/__init__.py -> build/lib/api
copying api/alogging.py -> build/lib/api
copying api/api_exception.py -> build/lib/api
copying api/authentication.py -> build/lib/api
copying api/configuration.py -> build/lib/api
copying api/constants.py -> build/lib/api
copying api/encoder.py -> build/lib/api
copying api/middlewares.py -> build/lib/api
copying api/signals.py -> build/lib/api
copying api/uri_parser.py -> build/lib/api
copying api/util.py -> build/lib/api
copying api/validator.py -> build/lib/api
creating build/lib/api/controllers
copying api/controllers/__init__.py -> build/lib/api/controllers
copying api/controllers/active_response_controller.py -> build/lib/api/controllers
copying api/controllers/agent_controller.py -> build/lib/api/controllers
copying api/controllers/cdb_list_controller.py -> build/lib/api/controllers
copying api/controllers/ciscat_controller.py -> build/lib/api/controllers
copying api/controllers/cluster_controller.py -> build/lib/api/controllers
copying api/controllers/decoder_controller.py -> build/lib/api/controllers
copying api/controllers/default_controller.py -> build/lib/api/controllers
copying api/controllers/experimental_controller.py -> build/lib/api/controllers
copying api/controllers/logtest_controller.py -> build/lib/api/controllers
copying api/controllers/manager_controller.py -> build/lib/api/controllers
copying api/controllers/mitre_controller.py -> build/lib/api/controllers
copying api/controllers/overview_controller.py -> build/lib/api/controllers
copying api/controllers/rootcheck_controller.py -> build/lib/api/controllers
copying api/controllers/rule_controller.py -> build/lib/api/controllers
copying api/controllers/sca_controller.py -> build/lib/api/controllers
copying api/controllers/security_controller.py -> build/lib/api/controllers
copying api/controllers/syscheck_controller.py -> build/lib/api/controllers
copying api/controllers/syscollector_controller.py -> build/lib/api/controllers
copying api/controllers/task_controller.py -> build/lib/api/controllers
copying api/controllers/vulnerability_controller.py -> build/lib/api/controllers
creating build/lib/api/models
copying api/models/__init__.py -> build/lib/api/models
copying api/models/active_response_model.py -> build/lib/api/models
copying api/models/agent_added_model.py -> build/lib/api/models
copying api/models/agent_inserted_model.py -> build/lib/api/models
copying api/models/base_model_.py -> build/lib/api/models
copying api/models/basic_info_model.py -> build/lib/api/models
copying api/models/configuration_model.py -> build/lib/api/models
copying api/models/group_added_model.py -> build/lib/api/models
copying api/models/logtest_model.py -> build/lib/api/models
copying api/models/security_model.py -> build/lib/api/models
copying api/models/security_token_response_model.py -> build/lib/api/models
creating build/lib/api/spec
copying api/spec/spec.yaml -> build/lib/api/spec
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/api
copying build/lib/api/__init__.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/alogging.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/api_exception.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/authentication.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/configuration.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/constants.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/encoder.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/middlewares.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/signals.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/uri_parser.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/util.py -> build/bdist.linux-x86_64/egg/api
copying build/lib/api/validator.py -> build/bdist.linux-x86_64/egg/api
creating build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/__init__.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/active_response_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/agent_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/cdb_list_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/ciscat_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/cluster_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/decoder_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/default_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/experimental_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/logtest_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/manager_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/mitre_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/overview_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/rootcheck_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/rule_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/sca_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/security_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/syscheck_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/syscollector_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/task_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
copying build/lib/api/controllers/vulnerability_controller.py -> build/bdist.linux-x86_64/egg/api/controllers
creating build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/__init__.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/active_response_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/agent_added_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/agent_inserted_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/base_model_.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/basic_info_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/configuration_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/group_added_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/logtest_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/security_model.py -> build/bdist.linux-x86_64/egg/api/models
copying build/lib/api/models/security_token_response_model.py -> build/bdist.linux-x86_64/egg/api/models
creating build/bdist.linux-x86_64/egg/api/spec
copying build/lib/api/spec/spec.yaml -> build/bdist.linux-x86_64/egg/api/spec
byte-compiling build/bdist.linux-x86_64/egg/api/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/alogging.py to alogging.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/api_exception.py to api_exception.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/authentication.py to authentication.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/configuration.py to configuration.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/constants.py to constants.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/encoder.py to encoder.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/middlewares.py to middlewares.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/signals.py to signals.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/uri_parser.py to uri_parser.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/util.py to util.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/validator.py to validator.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/active_response_controller.py to active_response_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/agent_controller.py to agent_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/cdb_list_controller.py to cdb_list_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/ciscat_controller.py to ciscat_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/cluster_controller.py to cluster_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/decoder_controller.py to decoder_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/default_controller.py to default_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/experimental_controller.py to experimental_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/logtest_controller.py to logtest_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/manager_controller.py to manager_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/mitre_controller.py to mitre_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/overview_controller.py to overview_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/rootcheck_controller.py to rootcheck_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/rule_controller.py to rule_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/sca_controller.py to sca_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/security_controller.py to security_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/syscheck_controller.py to syscheck_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/syscollector_controller.py to syscollector_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/task_controller.py to task_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/controllers/vulnerability_controller.py to vulnerability_controller.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/__init__.py to __init__.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/active_response_model.py to active_response_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/agent_added_model.py to agent_added_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/agent_inserted_model.py to agent_inserted_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/base_model_.py to base_model_.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/basic_info_model.py to basic_info_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/configuration_model.py to configuration_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/group_added_model.py to group_added_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/logtest_model.py to logtest_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/security_model.py to security_model.cpython-39.pyc
byte-compiling build/bdist.linux-x86_64/egg/api/models/security_token_response_model.py to security_token_response_model.cpython-39.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying api.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying api.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying api.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying api.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying api.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
creating dist
creating 'dist/api-4.3.6-py3.9.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing api-4.3.6-py3.9.egg
creating /var/ossec/framework/python/lib/python3.9/site-packages/api-4.3.6-py3.9.egg
Extracting api-4.3.6-py3.9.egg to /var/ossec/framework/python/lib/python3.9/site-packages
Adding api 4.3.6 to easy-install.pth file

Installed /var/ossec/framework/python/lib/python3.9/site-packages/api-4.3.6-py3.9.egg
Processing dependencies for api==4.3.6
Finished processing dependencies for api==4.3.6
cd ../tools/mitre && /var/ossec/framework/python/bin/python3 mitredb.py -d /var/ossec/var/db/mitre.db
Generating self-signed certificate for wazuh-authd...


Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
Starting Wazuh...
server

 - Configuration finished properly.

 - To start Wazuh:
      /var/ossec/bin/wazuh-control start

 - To stop Wazuh:
      /var/ossec/bin/wazuh-control stop

 - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf


   Thanks for using Wazuh.
   Please don't hesitate to contact us if you need help or find
   any bugs.

   Use our public Mailing List at:
          https://groups.google.com/forum/#!forum/wazuh

   More information can be found at:
          - http://www.wazuh.com

    ---  Press ENTER to finish (maybe more information below). ---


 - In order to connect agent and server, you need to add each agent to the server.

   More information at:
   https://documentation.wazuh.com/

#

🟡 The script will start the wazuh-manager service by default, but we do not include instructions to check if the service is running. I have modified the command to check if it was running and it was.

[root@server wazuh-4.3.6-rc1]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-07-18 21:03:40 UTC; 1min 3s ago
  Process: 47441 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 174 (limit: 49487)
   Memory: 523.0M
   CGroup: /system.slice/wazuh-manager.service
           ├─47500 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─47542 /var/ossec/bin/wazuh-authd
           ├─47556 /var/ossec/bin/wazuh-db
           ├─47581 /var/ossec/bin/wazuh-execd
           ├─47593 /var/ossec/bin/wazuh-analysisd
           ├─47603 /var/ossec/bin/wazuh-syscheckd
           ├─47707 /var/ossec/bin/wazuh-remoted
           ├─47734 /var/ossec/bin/wazuh-logcollector
           ├─47745 /var/ossec/bin/wazuh-monitord
           ├─47755 /var/ossec/bin/wazuh-modulesd
           ├─48191 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           └─48194 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py

[root@server wazuh-4.3.6-rc1]#

Installing other components

🟡 The documentation refereces other guide, but it is not clear what steps the user should follow. For example to install filebeat we need to also set up the wazuh repositories.

Filebeat installation

# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
# yum -y install filebeat
EL-8 - Wazuh                                                                            2.8 MB/s | 9.4 MB     00:03
Last metadata expiration check: 0:00:03 ago on Mon 18 Jul 2022 09:15:41 PM UTC.
Dependencies resolved.
========================================================================================================================
 Package                      Architecture               Version                        Repository                 Size
========================================================================================================================
Installing:
 filebeat                     x86_64                     7.10.2-1                       wazuh                      21 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 21 M
Installed size: 70 M

# Wazuh - Filebeat configuration file
Downloading Packages:
filebeat-oss-7.10.2-x86_64.rpm                                                          7.8 MB/s |  21 MB     00:02
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   7.8 MB/s |  21 MB     00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : filebeat-7.10.2-1.x86_64                                                                       1/1
  Running scriptlet: filebeat-7.10.2-1.x86_64                                                                       1/1
  Verifying        : filebeat-7.10.2-1.x86_64                                                                       1/1

Installed:
  filebeat-7.10.2-1.x86_64

Complete!
# curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.3/tpl/wazuh/filebeat/filebeat.yml
# vim /etc/filebeat/filebeat.yml
# cat /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch:
  hosts: ["172.26.19.181:9200"]
  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem
  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false

filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644
# filebeat keystore create
Created filebeat keystore
# echo admin | filebeat keystore add username --stdin --force
ho admin | filebeat keystore add password --stdin --forceSuccessfully updated the keystore
#  echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
d go+r /etc/filebeat/wazuh-template.json#  chmod go+r /etc/filebeat/wazuh-template.json
# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
# NODE_NAME=server
# cd /wz
# ls
wazuh-4.3.5  wazuh-4.3.6-rc1  wazuh-certificates.tar
# mkdir /etc/filebeat/certs
r -xf ./wazuh-certificates.tar #  tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
 mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/f#  mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
 -n /etc/filebeat/certs/$N#  mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
tc/filebeat/certs
 chmod 400 /#  chmod 500 /etc/filebeat/certs
etc/filebeat/#  chmod 400 /etc/filebeat/certs/*
 -R root:root #  chown -R root:root /etc/filebeat/certs
# ls -l /etc/filebeat/certs/
total 12
-r--------. 1 root root 1704 Jul 18 18:42 filebeat-key.pem
-r--------. 1 root root 1233 Jul 18 18:42 filebeat.pem
-r--------. 1 root root 1204 Jul 18 18:42 root-ca.pem
# systemctl daemon-reload
 systemctl enable filebeat
 systemctl start filebeat#  systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
#  systemctl start filebeat
#
# systeemctl status filebeat
-bash: systeemctl: command not found
# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
   Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-07-18 21:19:06 UTC; 16s ago
     Docs: https://www.elastic.co/products/beats/filebeat
 Main PID: 50190 (filebeat)
    Tasks: 13 (limit: 49487)
   Memory: 18.0M
   CGroup: /system.slice/filebeat.service
           └─50190 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /us>

Jul 18 21:19:06 server systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
#

Agent

Following the documentation to install from sources.

🟡 When installing dependencies, if you copy & paste the whole block of commands won't work appropriately, as the first command does not have a -y option. This makes the command ask for user input, so it does not execute the other pasted commands.

In this case, the CMake installation is not optional.

Built from sources using the provided script. (output elided due to size)

Enrolling the agent manually, following the documentation.

🟡 Because the enrollment is separated into two stages, we might want to tell the user to save the key which was just obtained for the next step, right when the key is obtained, in addition to the general process.

# TOKEN=$(curl -u wazuh:wazuh -k -X GET "https://172.26.31.140:55000/security/user/authentic
ate?raw=true")
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1220      0 --:--:-- --:--:-- --:--:--  1217
# echo $TOKEN
eyJh...........OOSYwO
# curl -k -X POST -d '{"name":"agent"}' "https://172.26.31.140:55000/agents?pretty=true" -H
"Content-Type:application/json" -H "Authorization: Bearer $TOKEN"
{
   "data": {
      "id": "001",
      "key": "MD........mEx"
   },
   "error": 0
}# /var/ossec/bin/manage_agents -i MD.........mEx

Agent information:
   ID:001
   Name:agent
   IP Address:any

Confirm adding it?(y/n): y
Added.
# cat /var/ossec/etc/ossec.conf
<!--
  Wazuh - Agent - Default configuration for centos 8.5
  More info at: https://documentation.wazuh.com
  Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->

<ossec_config>
  <client>
    <server>
      <address>172.26.31.140</address>
      <port>1514</port>
      <protocol>tcp</protocol>
    </server>
    <config-profile>centos, centos8, centos8.5</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>60</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>
  </client>

  <client_buffer>
    <!-- Agent buffer options -->
    <disabled>no</disabled>
    <queue_size>5000</queue_size>
    <events_per_second>500</events_per_second>
  </client_buffer>

  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>

    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>

    <rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>

    <skip_nfs>yes</skip_nfs>
  </rootcheck>

  <wodle name="cis-cat">
    <disabled>yes</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>

    <java_path>wodles/java</java_path>
    <ciscat_path>wodles/ciscat</ciscat_path>
  </wodle>

  <!-- Osquery integration -->
  <wodle name="osquery">
    <disabled>yes</disabled>
    <run_daemon>yes</run_daemon>
    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
    <config_path>/etc/osquery/osquery.conf</config_path>
    <add_labels>yes</add_labels>
  </wodle>

  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="no">yes</ports>
    <processes>yes</processes>

    <!-- Database synchronization settings -->
    <synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>

  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <skip_nfs>yes</skip_nfs>
  </sca>

  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>

    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>

    <scan_on_start>yes</scan_on_start>

    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>

    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>

    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>

    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>

    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>

    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>

    <!-- Maximum output throughput -->
    <max_eps>100</max_eps>

    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_interval>1h</max_interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>

  <!-- Log analysis -->
  <localfile>
    <log_format>audit</log_format>
    <location>/var/log/audit/audit.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/secure</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/maillog</location>
  </localfile>

  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>

  <!-- Active response -->
  <active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>

</ossec_config>
# systemctl restart wazuh-agent
# systemctl status wazuh-agent
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-07-18 21:41:30 UTC; 10s ago
  Process: 42632 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 39 (limit: 49487)
   Memory: 341.1M
   CGroup: /system.slice/wazuh-agent.service
           ├─43287 /var/ossec/bin/wazuh-execd
           ├─43296 /var/ossec/bin/wazuh-agentd
           ├─43313 /var/ossec/bin/wazuh-syscheckd
           ├─43327 /var/ossec/bin/wazuh-logcollector
           ├─43342 /var/ossec/bin/wazuh-modulesd
           ├─43931 sh -c /bin/ps -p 669 > /dev/null 2>&1
           └─43932 /bin/ps -p 669

Jul 18 21:41:25 agent systemd[1]: Starting Wazuh agent...
Jul 18 21:41:25 agent env[42632]: Starting Wazuh v4.3.6...
Jul 18 21:41:25 agent env[42632]: Started wazuh-execd...
Jul 18 21:41:26 agent env[42632]: Started wazuh-agentd...

Dashboard

Installation using the step-by-step guide.

I have modified the install commands to use the pre-release packages.

# cp /home/vagrant/wazuh-certificates.tar .
# clear
# yum install libcap
Last metadata expiration check: 0:36:02 ago on Tue 19 Jul 2022 06:13:42 AM UTC.
Package libcap-2.26-5.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
# yum -y install wazuh-dashboard
EL-8 - Wazuh                                                                            2.6 MB/s | 9.4 MB     00:03
Last metadata expiration check: 0:00:04 ago on Tue 19 Jul 2022 06:50:49 AM UTC.
Dependencies resolved.
========================================================================================================================
 Package                            Architecture              Version                    Repository                Size
========================================================================================================================
Installing:
 wazuh-dashboard                    x86_64                    4.3.6-1                    wazuh                    150 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 150 M
Installed size: 588 M
Downloading Packages:
wazuh-dashboard-4.3.6-1.x86_64.rpm                                                       21 MB/s | 150 MB     00:07
------------------------------------------------------------------------------------------------------------------------
Total                                                                                    21 MB/s | 150 MB     00:07
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Running scriptlet: wazuh-dashboard-4.3.6-1.x86_64                                                                 1/1
  Installing       : wazuh-dashboard-4.3.6-1.x86_64                                                                 1/1
  Running scriptlet: wazuh-dashboard-4.3.6-1.x86_64                                                                 1/1
  Verifying        : wazuh-dashboard-4.3.6-1.x86_64                                                                 1/1

Installed:
  wazuh-dashboard-4.3.6-1.x86_64

Complete!
#

Configuring wazuh-dashboard

# vi /etc/wazuh-dashboard/opensearch_dashboards.yml
# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://172.26.19.181:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
# NODE_NAME=dashboard
# mkdir /etc/wazuh-dashboard/certs
 -xf ./wazuh-certificates.tar -#  tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
v -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
 mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
 chmod 500 /etc/wazuh-dashboard/certs
 chmod 400 /etc/wazuh-dashboard/certs/*
 chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs#  mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
#  mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
#  chmod 500 /etc/wazuh-dashboard/certs
#  chmod 400 /etc/wazuh-dashboard/certs/*
#  chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
# ls /etc/wazuh-dashboard/certs/
dashboard-key.pem  dashboard.pem  root-ca.pem
# systemctl daemon-reload
 systemctl enable wazuh-dashboard
 systemctl start wazuh-dashboard#  systemctl enable wazuh-dashboard
Synchronizing state of wazuh-dashboard.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
#  systemctl start wazuh-dashboard
# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-07-19 06:55:01 UTC; 10s ago
 Main PID: 74578 (node)
    Tasks: 11 (limit: 49487)
   Memory: 165.9M
   CGroup: /system.slice/wazuh-dashboard.service
           └─74578 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandl>

Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info>
Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info>
Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info>
Jul 19 06:55:04 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:04Z","tags":["info>
Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["info>
Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["info>
Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["list>
Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["info>
Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["erro>
Jul 19 06:55:05 dashboard opensearch-dashboards[74578]: {"type":"log","@timestamp":"2022-07-19T06:55:05Z","tags":["erro>
#

Only for distributed deployments

# vim /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
# tail -n 8 /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
      # run_as: <true|false>
hosts:
  - default:
     url: https://172.26.31.140
     port: 55000
     username: wazuh-wui
     password: wazuh-wui
     run_as: false

[gdiazlo]

GitHub Integration

Set up trial account

• Create an organization
• Enable enterprise trial
• Generate a PAT with most privileges

Configure Wazuh Agent

• Insert the configuration proposed in the documentation
• Modify the scope of the crawling from git, to all, ensuring it will capture any events (parameter api_parameters)

<github>
    <enabled>yes</enabled>
    <interval>1m</interval>
    <time_delay>1s</time_delay>
    <curl_max_size>1M</curl_max_size>
    <only_future_events>yes</only_future_events>
    <api_auth>
        <org_name>qswarm</org_name>
        <api_token>ghp_z.........PY</api_token>
    </api_auth>
    <api_parameters>
        <event_type>all</event_type>
    </api_parameters>
</github>

• Restart the agent
• Check if GitHub module was startes

🟡 Our documentation does not show the user how to check if the module is enabled, nor how to diagnose in case there is a problem.

# grep -i github /var/ossec/logs/ossec.log
2022/07/19 07:34:49 wazuh-modulesd:github: INFO: Module GitHub started.

Check results on UI

General event view

GitHub module after enabling it on the UI settings

🟡 Our documentation does not mention that we need to enable GitHub module on the UI

[gdiazlo]

Closing as all issues has been reported.