From 440b21eee43db460f6c23a6ceac1aa21dc0cb0c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Sun, 20 Jan 2019 10:10:04 +0100 Subject: [PATCH 01/13] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 35496e29c..ea8115808 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the Wazuh app project will be documented in this file. -## Wazuh v3.8.0 - Kibana v6.5.3 - Revision 416 +## Wazuh v3.8.0 - Kibana v6.5.4 - Revision 416 ### Added From 4ac247651e8f3ac8e0bc6a5c5ddf3d6d2aaa372d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 10:41:47 +0100 Subject: [PATCH 02/13] Moved Windows registry entries to the right place --- public/less/common.less | 4 ++ .../integrity-monitoring/fim-ignored.html | 48 ++++++++++++- .../integrity-monitoring/fim-monitored.html | 53 +++++++++++++- .../integrity-monitoring/fim-windows.html | 72 ------------------- .../integrity-monitoring.head | 1 - .../integrity-monitoring.pug | 1 - 6 files changed, 100 insertions(+), 79 deletions(-) delete mode 100644 public/templates/management/configuration/integrity-monitoring/fim-windows.html diff --git a/public/less/common.less b/public/less/common.less index b053ea497..c13ea9059 100644 --- a/public/less/common.less +++ b/public/less/common.less @@ -695,4 +695,8 @@ md-sidenav { color: #000000 !important; background-color: #d9d9d9 !important; border-color: #d9d9d9 !important; +} + +.min-height-300 { + min-height: 300px; } \ No newline at end of file diff --git a/public/templates/management/configuration/integrity-monitoring/fim-ignored.html b/public/templates/management/configuration/integrity-monitoring/fim-ignored.html index bbeae84ef..173597634 100644 --- a/public/templates/management/configuration/integrity-monitoring/fim-ignored.html +++ b/public/templates/management/configuration/integrity-monitoring/fim-ignored.html @@ -2,11 +2,11 @@ + ng-if="((agent || {}).os || {}).platform !== 'windows' && configurationSubTab === 'fim-ignored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && !currentConfig['syscheck-syscheck'].syscheck.ignore"> - +
@@ -41,3 +41,47 @@ + + + + + + + +
+
+ Ignored +
+ A list of registry entries that will be ignored +
+
+ + JSON +  ·  + XML +
+ + + +
+ + + + + + + + + + + + +
EntryArch
{{registry.entry}}{{registry.arch}}
+ +
+ + + \ No newline at end of file diff --git a/public/templates/management/configuration/integrity-monitoring/fim-monitored.html b/public/templates/management/configuration/integrity-monitoring/fim-monitored.html index b764b5c52..f103e3066 100644 --- a/public/templates/management/configuration/integrity-monitoring/fim-monitored.html +++ b/public/templates/management/configuration/integrity-monitoring/fim-monitored.html @@ -6,8 +6,8 @@ - - + +
Monitored directories @@ -23,7 +23,7 @@ -
+
@@ -120,3 +120,50 @@ + + + + + + + + + +
+
+ Monitored +
+ A list of registry entries that will be monitored +
+
+ + JSON +  ·  + XML +
+ + + +
+ + + + + + + + + + + + +
EntryArch
{{registry.entry}}{{registry.arch}}
+ +
+ + + + diff --git a/public/templates/management/configuration/integrity-monitoring/fim-windows.html b/public/templates/management/configuration/integrity-monitoring/fim-windows.html deleted file mode 100644 index 1400847b9..000000000 --- a/public/templates/management/configuration/integrity-monitoring/fim-windows.html +++ /dev/null @@ -1,72 +0,0 @@ - - - - - - - -
-
- Monitored -
- A list of registry entries that will be monitored -
-
- - JSON -  ·  - XML -
- - - -
- - - - - - - - - - - - -
EntryArch
{{registry.entry}}{{registry.arch}}
- -
- - -
- Ignored -
- A list of registry entries that will be ignored -
-
- - - -
- - - - - - - - - - - - -
EntryArch
{{registry.entry}}{{registry.arch}}
- -
- - - - diff --git a/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.head b/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.head index 732cdc63f..dc0e39ab8 100644 --- a/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.head +++ b/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.head @@ -33,7 +33,6 @@ Ignored No diff Who-data - Windows diff --git a/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.pug b/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.pug index 2527cb4ee..be9d37660 100644 --- a/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.pug +++ b/public/templates/management/configuration/integrity-monitoring/integrity-monitoring.pug @@ -3,7 +3,6 @@ include ./fim-general.html include ./fim-ignored.html include ./fim-monitored.html include ./fim-nodiff.html -include ./fim-windows.html include ./fim-whodata.html include ./integrity-monitoring.foot include ../../../footer.foot From 3455c3ee44c03c9dfd712531ae0dea766b8f0cf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 10:42:21 +0100 Subject: [PATCH 03/13] Bump version (3.8.1) --- package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 51fbb5ffa..a2c0cb57a 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,8 @@ { "name": "wazuh", - "version": "3.8.0", - "revision": "0416", - "code": "0416-12", + "version": "3.8.1", + "revision": "0417", + "code": "0417-0", "kibana": { "version": "6.5.4" }, From 1f10fdc080fc8eb27bb700f051508ff9728847f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 10:47:50 +0100 Subject: [PATCH 04/13] Updated CHANGELOG --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea8115808..7108b6c3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to the Wazuh app project will be documented in this file. +## Wazuh v3.8.1 - Kibana v6.5.4 - Revision 417 + +### Added + +- Support for Wazuh v3.8.1 + +### Changed + +- Moved monitored/ignored Windows registry entries to "FIM > Monitored" and "FIM > Ignored" to avoid user confusion ([#1176](https://github.com/wazuh/wazuh-kibana-app/pull/1176)). + ## Wazuh v3.8.0 - Kibana v6.5.4 - Revision 416 ### Added From c88aa24bac22a2fea2c78d23a7cce9303b6606ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 11:58:53 +0100 Subject: [PATCH 05/13] Excluding managers from wazuh-monitoring indices --- server/monitoring.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/server/monitoring.js b/server/monitoring.js index 7faad83b8..4035f9330 100644 --- a/server/monitoring.js +++ b/server/monitoring.js @@ -150,7 +150,8 @@ export class Monitoring { const payload = { offset: 0, - limit: 500 + limit: 500, + q: 'id!=000' }; this.agentsArray = await ApiHelper.fetchAllAgents( @@ -159,7 +160,7 @@ export class Monitoring { payload, options ); - + await this.saveStatus(api.clusterName); return; @@ -182,7 +183,8 @@ export class Monitoring { try { const payload = { offset: 0, - limit: 1 + limit: 1, + q: 'id!=000' }; const options = ApiHelper.buildOptionsObject(api); From d6bd1c8ebeb4db04a45b442f24ea56f95e61b2d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 12:00:48 +0100 Subject: [PATCH 06/13] Updated CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7108b6c3b..7d623a96f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ All notable changes to the Wazuh app project will be documented in this file. ### Changed - Moved monitored/ignored Windows registry entries to "FIM > Monitored" and "FIM > Ignored" to avoid user confusion ([#1176](https://github.com/wazuh/wazuh-kibana-app/pull/1176)). +- Excluding managers from wazuh-monitoring indices ([#1177](https://github.com/wazuh/wazuh-kibana-app/pull/1177)). ## Wazuh v3.8.0 - Kibana v6.5.4 - Revision 416 From 5c1a3ef9bd710a7befbed0709c4a7cf414f44f6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 16:12:12 +0100 Subject: [PATCH 07/13] Don't hide editor --- public/controllers/management/groups.js | 1 - 1 file changed, 1 deletion(-) diff --git a/public/controllers/management/groups.js b/public/controllers/management/groups.js index 4fa8b70e9..93f87e813 100644 --- a/public/controllers/management/groups.js +++ b/public/controllers/management/groups.js @@ -292,7 +292,6 @@ export function GroupsController( }; $scope.doSaveGroupAgentConfig = () => { - $scope.editingFile = false; $scope.$broadcast('saveXmlFile', { group: $scope.currentGroup.name }); }; From d3aa56fa73478c60505e500db7d3a7df263081b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 16:15:24 +0100 Subject: [PATCH 08/13] Escape "&" character --- .../wz-xml-file-editor/wz-xml-file-editor.js | 51 +++++++++++++++++-- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/public/directives/wz-xml-file-editor/wz-xml-file-editor.js b/public/directives/wz-xml-file-editor/wz-xml-file-editor.js index b5014ba95..9ca052a79 100644 --- a/public/directives/wz-xml-file-editor/wz-xml-file-editor.js +++ b/public/directives/wz-xml-file-editor/wz-xml-file-editor.js @@ -26,15 +26,56 @@ app.directive('wzXmlFileEditor', function() { targetName: '=targetName' }, controller($scope, $document, errorHandler, groupHandler) { + + /** + * Custom .replace method. Instead of using .replace which + * evaluates regular expressions. + * Alternative using split + join, same result. + */ + String.prototype.xmlReplace = function(str, newstr) { + return this.split(str).join(newstr); + }; + let firstTime = true; + const parser = new DOMParser(); // eslint-disable-line + + /** + * Escape "&" characters. + * @param {*} text + */ + const replaceIllegalXML = text => { + const oDOM = parser.parseFromString(text, 'text/html'); + const lines = oDOM.documentElement.textContent.split('\n'); + + for (const line of lines) { + const sanitized = line.trim().xmlReplace('&', '&'); + + /** + * Do not remove this condition. We don't want to replace + * non-sanitized lines. + */ + if (!line.includes(sanitized)) { + text = text.xmlReplace(line.trim(), sanitized); + } + } + return text; + }; + + // Block function if there is another check in progress + let checkingXmlError = false; const checkXmlParseError = () => { + if (checkingXmlError) return; + checkingXmlError = true; try { - const parser = new DOMParser(); // eslint-disable-line - const xml = $scope.xmlCodeBox.getValue(); + const text = $scope.xmlCodeBox.getValue(); + + const xml = replaceIllegalXML(text); + const xmlDoc = parser.parseFromString( '' + xml + '', 'text/xml' ); + $scope.validFn({ valid: !!xmlDoc.getElementsByTagName('parsererror').length || @@ -44,6 +85,7 @@ app.directive('wzXmlFileEditor', function() { } catch (error) { errorHandler.handle(error, 'Error validating XML'); } + checkingXmlError = false; if (!$scope.$$phase) $scope.$digest(); return; }; @@ -59,8 +101,9 @@ app.directive('wzXmlFileEditor', function() { const saveFile = async params => { try { - const content = $scope.xmlCodeBox.getValue().trim(); - await groupHandler.sendConfiguration(params.group, content); + const text = $scope.xmlCodeBox.getValue(); + const xml = replaceIllegalXML(text); + await groupHandler.sendConfiguration(params.group, xml); errorHandler.info('Success. Group has been updated', ''); } catch (error) { errorHandler.handle(error, 'Send file error'); From 11b8084c75bbc5da36587ff31d1bc80a55fe4dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 16:15:50 +0100 Subject: [PATCH 09/13] Fix error toaster word breaking for URLs or paths --- public/less/common.less | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/public/less/common.less b/public/less/common.less index c13ea9059..1006a52a1 100644 --- a/public/less/common.less +++ b/public/less/common.less @@ -699,4 +699,20 @@ md-sidenav { .min-height-300 { min-height: 300px; +} + +/* + * https://css-tricks.com/snippets/css/prevent-long-urls-from-breaking-out-of-container/ + * Handling long URLs on error toasts. + */ +.euiGlobalToastList > .euiToast > .euiToastHeader > .euiToastHeader__title { + overflow-wrap: break-word; + word-wrap: break-word; + -ms-word-break: break-all; + word-break: break-all; + word-break: break-word; + -ms-hyphens: auto; + -moz-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; } \ No newline at end of file From 1248b8db73a5cf87c7fe71c62bed23a920ddc73c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 16:20:00 +0100 Subject: [PATCH 10/13] Bump code --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a2c0cb57a..fdd42a9d1 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "wazuh", "version": "3.8.1", "revision": "0417", - "code": "0417-0", + "code": "0417-1", "kibana": { "version": "6.5.4" }, From f4f8144eef8b93038fc897a9f16356e71029b844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 17:17:27 +0100 Subject: [PATCH 11/13] Fix autoformat performance --- .../wz-xml-file-editor/wz-xml-file-editor.js | 63 ++++++++++++++++--- 1 file changed, 54 insertions(+), 9 deletions(-) diff --git a/public/directives/wz-xml-file-editor/wz-xml-file-editor.js b/public/directives/wz-xml-file-editor/wz-xml-file-editor.js index 9ca052a79..5d7d26f4f 100644 --- a/public/directives/wz-xml-file-editor/wz-xml-file-editor.js +++ b/public/directives/wz-xml-file-editor/wz-xml-file-editor.js @@ -90,13 +90,58 @@ app.directive('wzXmlFileEditor', function() { return; }; - const autoFormat = () => { - const totalLines = $scope.xmlCodeBox.lineCount(); - $scope.xmlCodeBox.autoFormatRange( - { line: 0, ch: 0 }, - { line: totalLines - 1 } - ); - $scope.xmlCodeBox.setCursor(0); + const autoFormat = (xml) => { + var reg = /(>)\s*(<)(\/*)/g; + var wsexp = / *(.*) +\n/g; + var contexp = /(<.+>)(.+\n)/g; + xml = xml.replace(reg, '$1\n$2$3').replace(wsexp, '$1\n').replace(contexp, '$1\n$2'); + var formatted = ''; + var lines = xml.split('\n'); + var indent = 0; + var lastType = 'other'; + var transitions = { + 'single->single': 0, + 'single->closing': -1, + 'single->opening': 0, + 'single->other': 0, + 'closing->single': 0, + 'closing->closing': -1, + 'closing->opening': 0, + 'closing->other': 0, + 'opening->single': 1, + 'opening->closing': 0, + 'opening->opening': 1, + 'opening->other': 1, + 'other->single': 0, + 'other->closing': -1, + 'other->opening': 0, + 'other->other': 0 + }; + + for (var i = 0; i < lines.length; i++) { + var ln = lines[i]; + if (ln.match(/\s*<\?xml/)) { + formatted += ln + "\n"; + continue; + } + var single = Boolean(ln.match(/<.+\/>/)); // is this line a single tag? ex.
+ var closing = Boolean(ln.match(/<\/.+>/)); // is this a closing tag? ex. + var opening = Boolean(ln.match(/<[^!].*>/)); // is this even a tag (that's not ) + var type = single ? 'single' : closing ? 'closing' : opening ? 'opening' : 'other'; + var fromTo = lastType + '->' + type; + lastType = type; + var padding = ''; + + indent += transitions[fromTo]; + for (var j = 0; j < indent; j++) { + padding += '\t'; + } + if (fromTo == 'opening->closing') + formatted = formatted.substr(0, formatted.length - 1) + ln + '\n'; // substr removes line break (\n) from prev loop + else + formatted += padding + ln + '\n'; + } + return formatted.trim(); }; const saveFile = async params => { @@ -126,10 +171,10 @@ app.directive('wzXmlFileEditor', function() { const init = (data = false) => { try { - $scope.xmlCodeBox.setValue(data || $scope.data); + $scope.xmlCodeBox.setValue(autoFormat(data || $scope.data)); firstTime = false; $scope.xmlCodeBox.refresh(); - autoFormat(); + //autoFormat(); } catch (error) { errorHandler.handle(error, 'Fetching original file'); } From c8d12aefb0753114f6fbbb790e8a21707c3a75c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 18:01:03 +0100 Subject: [PATCH 12/13] Updated README --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2b3dcfba0..879b75804 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,8 @@ Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app ## Requisites -- Wazuh HIDS 3.8.0 -- Wazuh RESTful API 3.8.0 +- Wazuh HIDS 3.8.1 +- Wazuh RESTful API 3.8.1 - Kibana 6.5.4 - Elasticsearch 6.5.4 @@ -35,7 +35,7 @@ Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app Install the app ``` -sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.0_6.5.4.zip +sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.1_6.5.4.zip ``` Restart Kibana @@ -90,7 +90,7 @@ chown -R kibana:kibana /usr/share/kibana/plugins Install the app ``` -sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.0_6.5.4.zip +sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.1_6.5.4.zip ``` Restart Kibana @@ -157,6 +157,7 @@ service kibana restart | 6.5.3 | 3.7.2 | /usr/share/kibana/bin/kibana-plugin install | | 6.5.4 | 3.7.2 | /usr/share/kibana/bin/kibana-plugin install | | 6.5.4 | 3.8.0 | /usr/share/kibana/bin/kibana-plugin install | +| 6.5.4 | 3.8.1 | /usr/share/kibana/bin/kibana-plugin install | ## Contribute From ad5083376685f87ad3dca8ee50a31289fded5de0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Thu, 24 Jan 2019 18:17:23 +0100 Subject: [PATCH 13/13] Updated CHANGELOG --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d623a96f..ec08a1078 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,13 @@ All notable changes to the Wazuh app project will be documented in this file. - Moved monitored/ignored Windows registry entries to "FIM > Monitored" and "FIM > Ignored" to avoid user confusion ([#1176](https://github.com/wazuh/wazuh-kibana-app/pull/1176)). - Excluding managers from wazuh-monitoring indices ([#1177](https://github.com/wazuh/wazuh-kibana-app/pull/1177)). +- Escape `&` before sending group configuration ([d3aa56f](https://github.com/wazuh/wazuh-kibana-app/commit/d3aa56fa73478c60505e500db7d3a7df263081b5)). +- Improved `autoFormat` function before rendering group configuration ([f4f8144](https://github.com/wazuh/wazuh-kibana-app/commit/f4f8144eef8b93038fc897a9f16356e71029b844)). +- Now the group configuration editor doesn't exit after sending data to the Wazuh API ([5c1a3ef](https://github.com/wazuh/wazuh-kibana-app/commit/5c1a3ef9bd710a7befbed0709c4a7cf414f44f6b)). + +### Fixed + +- Fixed style for the error toaster for long URLs or long paths ([11b8084](https://github.com/wazuh/wazuh-kibana-app/commit/11b8084c75bbc5da36587ff31d1bc80a55fe4dfe)). ## Wazuh v3.8.0 - Kibana v6.5.4 - Revision 416