valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge 3.9

Browse Source
This commit is contained in:
JuanCarlos 2019-01-25 13:02:53 +01:00
commit c89e3b2ee7
13 changed files with 198 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -2,7 +2,7 @@
All notable changes to the Wazuh app project will be documented in this file.
## Wazuh v3.9.0 - Kibana v6.6.0 - Revision 417
## Wazuh v3.9.0 - Kibana v6.6.0 - Revision 418
### Added
@ -21,6 +21,23 @@ All notable changes to the Wazuh app project will be documented in this file.
- Properly handling long messages on notifier service, until now, they were using out of the card space, also we replaced some API messages with more meaningful messages ([#1168](https://github.com/wazuh/wazuh-kibana-app/pull/1168))
## Wazuh v3.8.1 - Kibana v6.5.4 - Revision 417
### Added
- Support for Wazuh v3.8.1
### Changed
- Moved monitored/ignored Windows registry entries to "FIM > Monitored" and "FIM > Ignored" to avoid user confusion ([#1176](https://github.com/wazuh/wazuh-kibana-app/pull/1176)).
- Excluding managers from wazuh-monitoring indices ([#1177](https://github.com/wazuh/wazuh-kibana-app/pull/1177)).
- Escape `&` before sending group configuration ([d3aa56f](https://github.com/wazuh/wazuh-kibana-app/commit/d3aa56fa73478c60505e500db7d3a7df263081b5)).
- Improved `autoFormat` function before rendering group configuration ([f4f8144](https://github.com/wazuh/wazuh-kibana-app/commit/f4f8144eef8b93038fc897a9f16356e71029b844)).
- Now the group configuration editor doesn't exit after sending data to the Wazuh API ([5c1a3ef](https://github.com/wazuh/wazuh-kibana-app/commit/5c1a3ef9bd710a7befbed0709c4a7cf414f44f6b)).
### Fixed
- Fixed style for the error toaster for long URLs or long paths ([11b8084](https://github.com/wazuh/wazuh-kibana-app/commit/11b8084c75bbc5da36587ff31d1bc80a55fe4dfe)).
## Wazuh v3.8.0 - Kibana v6.5.4 - Revision 416

9
README.md
View File

@ -25,8 +25,8 @@ Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app
## Requisites
- Wazuh HIDS 3.8.0
- Wazuh RESTful API 3.8.0
- Wazuh HIDS 3.8.1
- Wazuh RESTful API 3.8.1
- Kibana 6.5.4
- Elasticsearch 6.5.4
@ -35,7 +35,7 @@ Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app
Install the app
```
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.0_6.5.4.zip
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.1_6.5.4.zip
```
Restart Kibana
@ -90,7 +90,7 @@ chown -R kibana:kibana /usr/share/kibana/plugins
Install the app
```
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.0_6.5.4.zip
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.1_6.5.4.zip
```
Restart Kibana
@ -157,6 +157,7 @@ service kibana restart
| 6.5.3 | 3.7.2 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.3.zip> |
| 6.5.4 | 3.7.2 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip> |
| 6.5.4 | 3.8.0 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.0_6.5.4.zip> |
| 6.5.4 | 3.8.1 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.8.1_6.5.4.zip> |
## Contribute

6
package.json
View File

@ -1,8 +1,8 @@
{
"name": "wazuh",
"version": "3.8.0",
"revision": "0417",
"code": "0417-0",
"version": "3.8.1",
"revision": "0418",
"code": "0418-0",
"kibana": {
"version": "6.5.4"
},

1
public/controllers/management/groups.js
View File

@ -292,7 +292,6 @@ export function GroupsController(
};
$scope.doSaveGroupAgentConfig = () => {
$scope.editingFile = false;
$scope.$broadcast('saveXmlFile', { group: $scope.currentGroup.name });
};

58
public/directives/wz-xml-file-editor/wz-xml-file-editor.js
View File

@ -25,37 +25,62 @@ app.directive('wzXmlFileEditor', function () {
data: '=data',
targetName: '=targetName'
},
<<<<<<< HEAD
controller($scope, $document, errorHandler, groupHandler, rulesetHandler) {
String.prototype.xmlReplace = function (str, newstr) {
=======
controller($scope, $document, errorHandler, groupHandler) {
/**
* Custom .replace method. Instead of using .replace which
* evaluates regular expressions.
* Alternative using split + join, same result.
*/
String.prototype.xmlReplace = function(str, newstr) {
>>>>>>> 663ec391b9bf823200e939a97397344326549348
return this.split(str).join(newstr);
};
let firstTime = true;
const parser = new DOMParser(); // eslint-disable-line
/**
* Escape "&" characters.
* @param {*} text
*/
const replaceIllegalXML = text => {
const oDOM = parser.parseFromString(text, 'text/html');
const lines = oDOM.documentElement.textContent.split('\n');
for (const line of lines) {
const sanitized = line
.trim()
.xmlReplace('&', '&amp;')
.xmlReplace('<', '&lt;')
.xmlReplace('>', '&gt;')
.xmlReplace('"', '&quot;')
.xmlReplace("'", '&apos;');
text = text.xmlReplace(line.trim(), sanitized);
const sanitized = line.trim().xmlReplace('&', '&amp;');
/**
* Do not remove this condition. We don't want to replace
* non-sanitized lines.
*/
if (!line.includes(sanitized)) {
text = text.xmlReplace(line.trim(), sanitized);
}
}
return text;
};
// Block function if there is another check in progress
let checkingXmlError = false;
const checkXmlParseError = () => {
if (checkingXmlError) return;
checkingXmlError = true;
try {
const text = $scope.xmlCodeBox.getValue();
const xml = replaceIllegalXML(text);
const xmlDoc = parser.parseFromString(
'<file>' + xml + '</file>',
'text/xml'
);
$scope.validFn({
valid:
!!xmlDoc.getElementsByTagName('parsererror').length ||
@ -65,6 +90,11 @@ app.directive('wzXmlFileEditor', function () {
} catch (error) {
errorHandler.handle(error, 'Error validating XML');
}
<<<<<<< HEAD
=======
checkingXmlError = false;
if (!$scope.$$phase) $scope.$digest();
>>>>>>> 663ec391b9bf823200e939a97397344326549348
return;
};
@ -124,6 +154,7 @@ app.directive('wzXmlFileEditor', function () {
const saveFile = async params => {
try {
<<<<<<< HEAD
const content = $scope.xmlCodeBox.getValue().trim();
if (params.group) {
await groupHandler.sendConfiguration(params.group, content);
@ -135,6 +166,12 @@ app.directive('wzXmlFileEditor', function () {
await rulesetHandler.sendDecoderConfiguration(params.decoder, content);
errorHandler.info('Success. Decoders has been updated', '');
}
=======
const text = $scope.xmlCodeBox.getValue();
const xml = replaceIllegalXML(text);
await groupHandler.sendConfiguration(params.group, xml);
errorHandler.info('Success. Group has been updated', '');
>>>>>>> 663ec391b9bf823200e939a97397344326549348
} catch (error) {
errorHandler.handle(error, 'Send file error');
}
@ -158,7 +195,12 @@ app.directive('wzXmlFileEditor', function () {
try {
$scope.xmlCodeBox.setValue(autoFormat(data || $scope.data));
firstTime = false;
<<<<<<< HEAD
setTimeout(() => { $scope.xmlCodeBox.refresh() }, 1);
=======
$scope.xmlCodeBox.refresh();
//autoFormat();
>>>>>>> 663ec391b9bf823200e939a97397344326549348
} catch (error) {
errorHandler.handle(error, 'Fetching original file');
}

22
public/less/common.less
View File

@ -734,22 +734,26 @@ md-sidenav {
margin-top: 20px !important;
}
.min-height-300 {
min-height: 300px;
}
/*
* https://css-tricks.com/snippets/css/prevent-long-urls-from-breaking-out-of-container/
* Handling long URLs on error toasts.
*/
.euiGlobalToastList > .euiToast > .euiToastHeader > .euiToastHeader__title {
overflow-wrap: break-word;
word-wrap: break-word;
-ms-word-break: break-all;
word-break: break-all;
word-break: break-word;
-ms-hyphens: auto;
-moz-hyphens: auto;
-webkit-hyphens: auto;
hyphens: auto;
overflow-wrap: break-word;
word-wrap: break-word;
-ms-word-break: break-all;
word-break: break-all;
word-break: break-word;
-ms-hyphens: auto;
-moz-hyphens: auto;
-webkit-hyphens: auto;
hyphens: auto;
}
.titleSectionIdentifier{
font-size: 12px;
color: #0079a5;

48
public/templates/management/configuration/integrity-monitoring/fim-ignored.html
View File

@ -2,11 +2,11 @@
<wz-no-config
flex
error="'not-present'"
ng-if="configurationSubTab === 'fim-ignored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && !currentConfig['syscheck-syscheck'].syscheck.ignore"></wz-no-config>
ng-if="((agent || {}).os || {}).platform !== 'windows' && configurationSubTab === 'fim-ignored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && !currentConfig['syscheck-syscheck'].syscheck.ignore"></wz-no-config>
<!-- End no configuration section -->
<!-- Ignored card -->
<md-card class="wz-md-card" ng-if="!JSONContent && !XMLContent && configurationSubTab === 'fim-ignored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && currentConfig['syscheck-syscheck'].syscheck.ignore">
<md-card class="wz-md-card" ng-if="((agent || {}).os || {}).platform !== 'windows' && !JSONContent && !XMLContent && configurationSubTab === 'fim-ignored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && currentConfig['syscheck-syscheck'].syscheck.ignore">
<md-card-content>
<div layout="row" layout-align="start center">
<div>
@ -41,3 +41,47 @@
</md-card-content>
</md-card>
<!-- End ignored card -->
<wz-no-config
flex
error="'not-present'"
ng-if="((agent || {}).os || {}).platform === 'windows' && configurationSubTab === 'fim-ignored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && !currentConfig['syscheck-syscheck'].syscheck.registry && !currentConfig['syscheck-syscheck'].syscheck.registry_ignore"></wz-no-config>
<!-- End no configuration section -->
<md-card class="wz-md-card" ng-if="((agent || {}).os || {}).platform === 'windows' && configurationSubTab === 'fim-ignored' && !JSONContent && !XMLContent && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && (currentConfig['syscheck-syscheck'].syscheck.registry || currentConfig['syscheck-syscheck'].syscheck.registry_ignore)">
<md-card-content>
<div layout="row" layout-align="start center">
<div>
<span class="font-size-16">Ignored</span>
<div class="wz-margin-top-10">
<span class="md-subheader small">A list of registry entries that will be ignored</span>
</div>
</div>
<span flex></span>
<span ng-class="JSONContent ? 'wz-text-active' : ''" class="wz-text-link small" ng-click="getJSON()">JSON</span>
<span class="small">&nbsp;&centerdot;&nbsp;</span>
<span ng-class="XMLContent ? 'wz-text-active' : ''" class="wz-text-link small" ng-click="getXML()">XML</span>
</div>
<md-divider class="wz-margin-top-10"></md-divider>
<!-- Configuration block -->
<div class="wz-padding-top-10">
<table class="table table-striped table-condensed" style="table-layout: fixed !important;">
<thead class="wz-text-bold">
<th class="wz-text-left">Entry</th>
<th class="wz-text-left">Arch</th>
</thead>
<tbody class="wz-word-wrap">
<tr ng-repeat="registry in currentConfig['syscheck-syscheck'].syscheck.registry_ignore">
<td>{{registry.entry}}</td>
<td>{{registry.arch}}</td>
</tr>
</tbody>
</table>
</div>
<!-- End configuration block -->
</md-card-content>
</md-card>

53
public/templates/management/configuration/integrity-monitoring/fim-monitored.html
View File

@ -6,8 +6,8 @@
<!-- End no configuration section -->
<!-- Monitored card -->
<md-card flex="auto" class="wz-md-card" ng-if="!JSONContent && !XMLContent && configurationSubTab === 'fim-monitored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && currentConfig['syscheck-syscheck'].syscheck.directories && currentConfig['syscheck-syscheck'].syscheck.directories.length">
<md-card-content flex layout="column">
<md-card class="wz-md-card" ng-if="!JSONContent && !XMLContent && configurationSubTab === 'fim-monitored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && currentConfig['syscheck-syscheck'].syscheck.directories && currentConfig['syscheck-syscheck'].syscheck.directories.length">
<md-card-content>
<div layout="row" layout-align="start center">
<div>
<span class="font-size-16">Monitored directories</span>
@ -23,7 +23,7 @@
<md-divider class="wz-margin-top-10"></md-divider>
<!-- The container for both list and detail -->
<div flex="auto" layout="row" class="wz-margin-top-10">
<div layout="row" class="wz-margin-top-10 min-height-300">
<!-- List container -->
<div flex="30" layout="column">
@ -120,3 +120,50 @@
</md-card-content>
</md-card>
<!-- End monitored card -->
<!-- No configuration section -->
<wz-no-config
flex
error="'not-present'"
ng-if="((agent || {}).os || {}).platform === 'windows' && configurationSubTab === 'fim-monitored' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && !currentConfig['syscheck-syscheck'].syscheck.registry && !currentConfig['syscheck-syscheck'].syscheck.registry_ignore"></wz-no-config>
<!-- End no configuration section -->
<!-- Windows card -->
<md-card class="wz-md-card" ng-if="((agent || {}).os || {}).platform === 'windows' && configurationSubTab === 'fim-monitored' && !JSONContent && !XMLContent && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && (currentConfig['syscheck-syscheck'].syscheck.registry || currentConfig['syscheck-syscheck'].syscheck.registry_ignore)">
<md-card-content>
<div layout="row" layout-align="start center">
<div>
<span class="font-size-16">Monitored</span>
<div class="wz-margin-top-10">
<span class="md-subheader small">A list of registry entries that will be monitored</span>
</div>
</div>
<span flex></span>
<span ng-class="JSONContent ? 'wz-text-active' : ''" class="wz-text-link small" ng-click="getJSON()">JSON</span>
<span class="small">&nbsp;&centerdot;&nbsp;</span>
<span ng-class="XMLContent ? 'wz-text-active' : ''" class="wz-text-link small" ng-click="getXML()">XML</span>
</div>
<md-divider class="wz-margin-top-10"></md-divider>
<!-- Configuration block -->
<div class="wz-padding-top-10">
<table class="table table-striped table-condensed" style="table-layout: fixed !important;">
<thead class="wz-text-bold">
<th class="wz-text-left">Entry</th>
<th class="wz-text-left">Arch</th>
</thead>
<tbody class="wz-word-wrap">
<tr ng-repeat="registry in currentConfig['syscheck-syscheck'].syscheck.registry">
<td>{{registry.entry}}</td>
<td>{{registry.arch}}</td>
</tr>
</tbody>
</table>
</div>
<!-- End configuration block -->
</md-card-content>
</md-card>
<!-- End Windows card -->

72
public/templates/management/configuration/integrity-monitoring/fim-windows.html
View File

@ -1,72 +0,0 @@
<!-- No configuration section -->
<wz-no-config
flex
error="'not-present'"
ng-if="configurationSubTab === 'fim-windows' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && !currentConfig['syscheck-syscheck'].syscheck.registry && !currentConfig['syscheck-syscheck'].syscheck.registry_ignore"></wz-no-config>
<!-- End no configuration section -->
<!-- Windows card -->
<md-card class="wz-md-card" ng-if="!JSONContent && !XMLContent && configurationSubTab === 'fim-windows' && currentConfig && currentConfig['syscheck-syscheck'] && currentConfig['syscheck-syscheck'].syscheck && (currentConfig['syscheck-syscheck'].syscheck.registry || currentConfig['syscheck-syscheck'].syscheck.registry_ignore)">
<md-card-content>
<div layout="row" layout-align="start center">
<div>
<span class="font-size-16">Monitored</span>
<div class="wz-margin-top-10">
<span class="md-subheader small">A list of registry entries that will be monitored</span>
</div>
</div>
<span flex></span>
<span ng-class="JSONContent ? 'wz-text-active' : ''" class="wz-text-link small" ng-click="getJSON()">JSON</span>
<span class="small">&nbsp;&centerdot;&nbsp;</span>
<span ng-class="XMLContent ? 'wz-text-active' : ''" class="wz-text-link small" ng-click="getXML()">XML</span>
</div>
<md-divider class="wz-margin-top-10"></md-divider>
<!-- Configuration block -->
<div class="wz-padding-top-10">
<table class="table table-striped table-condensed" style="table-layout: fixed !important;">
<thead class="wz-text-bold">
<th class="wz-text-left">Entry</th>
<th class="wz-text-left">Arch</th>
</thead>
<tbody class="wz-word-wrap">
<tr ng-repeat="registry in currentConfig['syscheck-syscheck'].syscheck.registry">
<td>{{registry.entry}}</td>
<td>{{registry.arch}}</td>
</tr>
</tbody>
</table>
</div>
<!-- End configuration block -->
<div class="wz-margin-top-10">
<span class="font-size-16">Ignored</span>
<div class="wz-margin-top-10">
<span class="md-subheader small">A list of registry entries that will be ignored</span>
</div>
</div>
<md-divider class="wz-margin-top-10"></md-divider>
<!-- Configuration block -->
<div class="wz-padding-top-10">
<table class="table table-striped table-condensed" style="table-layout: fixed !important;">
<thead class="wz-text-bold">
<th class="wz-text-left">Entry</th>
<th class="wz-text-left">Arch</th>
</thead>
<tbody class="wz-word-wrap">
<tr ng-repeat="registry in currentConfig['syscheck-syscheck'].syscheck.registry_ignore">
<td>{{registry.entry}}</td>
<td>{{registry.arch}}</td>
</tr>
</tbody>
</table>
</div>
<!-- End configuration block -->
</md-card-content>
</md-card>
<!-- End Windows card -->

1
public/templates/management/configuration/integrity-monitoring/integrity-monitoring.head
View File

@ -33,7 +33,6 @@
<md-nav-item class="wz-nav-item" md-nav-click="switchConfigurationSubTab('fim-ignored')" name="fim-ignored">Ignored</md-nav-item>
<md-nav-item class="wz-nav-item" md-nav-click="switchConfigurationSubTab('fim-nodiff')" name="fim-nodiff">No diff</md-nav-item>
<md-nav-item class="wz-nav-item" md-nav-click="switchConfigurationSubTab('fim-whodata')" ng-if="!agent || agent.isLinuxOS" name="fim-whodata">Who-data</md-nav-item>
<md-nav-item class="wz-nav-item" md-nav-click="switchConfigurationSubTab('fim-windows')" ng-if="((agent || {}).os || {}).platform === 'windows'" name="fim-windows">Windows</md-nav-item>
</md-nav-bar>
<!-- End Integrity monitoring navigation bar -->

1
public/templates/management/configuration/integrity-monitoring/integrity-monitoring.pug
View File

@ -3,7 +3,6 @@ include ./fim-general.html
include ./fim-ignored.html
include ./fim-monitored.html
include ./fim-nodiff.html
include ./fim-windows.html
include ./fim-whodata.html
include ./integrity-monitoring.foot
include ../../../footer.foot

8
server/controllers/wazuh-api.js
View File

@ -557,6 +557,14 @@ export class WazuhApiCtrl {
data = data.content.replace(new RegExp('\\n', 'g'), '');
}
if (
typeof (data || {}).content === 'string' &&
(data || {}).origin === 'json'
) {
options.content_type = 'application/json';
data = data.content.replace(new RegExp('\\n', 'g'), '');
}
const fullUrl = getPath(api) + path;
const response = await needle(method, fullUrl, data, options);

6
server/monitoring.js
View File

@ -150,7 +150,8 @@ export class Monitoring {
const payload = {
offset: 0,
limit: 500
limit: 500,
q: 'id!=000'
};
this.agentsArray = await ApiHelper.fetchAllAgents(
@ -182,7 +183,8 @@ export class Monitoring {
try {
const payload = {
offset: 0,
limit: 1
limit: 1,
q: 'id!=000'
};
const options = ApiHelper.buildOptionsObject(api);