FreeBSD Mail Archives

Date:      Wed, 31 Dec 2025 08:24:56 +0000
From:      Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Cc:        =?utf-8?Q?Jes=C3=BAs?= Daniel Colmenares Oviedo <dtxdf@freebsd.org>
Subject:   git: c86d3fc116b3 - main - security/wazuh-manager: Improve port to run inside jail
Message-ID:  <6954ddd8.3d862.34cdb6a3@gitrepo.freebsd.org>

index | next in thread | raw e-mail


The branch main has been updated by acm:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c86d3fc116b3437ff3351e8e886926175aaec2b1

commit c86d3fc116b3437ff3351e8e886926175aaec2b1
Author:     Jesús Daniel Colmenares Oviedo <dtxdf@freebsd.org>
AuthorDate: 2025-12-31 08:21:55 +0000
Commit:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2025-12-31 08:24:38 +0000

    security/wazuh-manager: Improve port to run inside jail
    
    - Reimplement getPackages() using SQLite
      getPackages() is a function used to get a set of information about
      the packages installed on the system where the manager and agent
      are installed. To obtain this information, pkg-query(8) was used;
      however, prior to this commit, it was assumed that pkg(8) was
      installed on the system, which could be wrong, especially on systems
      such as jails, where pkg(8) is normally used from the host. With
      this change, we leverage SQLite to read the pkg(8) database and
      obtain information about the packages, which is also much more
      efficient than executing a command. This also fixes the segmentation
      fault inside jail in wazuh-modulesd when this condition occurs.
    - Fix wazuh-apid when security.bsd.see_other_{u,g}ids=0
      wazuh-apid checks the status of some daemons (or services) before
      starting completely, and if it cannot detect the status, it may
      mark the service as failed or stopped. When security.bsd.see_other_{u,g}ids
      is enabled, apid cannot correctly detect the status of some daemons
      running as root, such as wazuh-execd and wazuh-modulesd, so the API
      will always return that it is DOWN. To work around this issue,
      a small C program with the SUID bit set is used to check as root
      if a process exists in /proc. This C program is used in the
      wazuh.core.cluster.utils.get_manager_status() function for this
      task.
    - Fix package on 14-aarch64 and 16-aarch64
    - Bump PORTREVISION
---
 security/wazuh-manager/Makefile                    |   5 +
 security/wazuh-manager/distinfo                    |  16 +-
 security/wazuh-manager/files/check_pid.c           | 103 ++++++++++++
 .../patch-framework-wazuh-core-cluster_utils.py    |  33 ++++
 .../patch-src-data_provider-src_sysInfoFreeBSD.cpp | 174 ++++++++++++++-------
 security/wazuh-manager/pkg-plist                   |   2 +
 6 files changed, 265 insertions(+), 68 deletions(-)

diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile
index 4e9e8b7c2414..372e09d50a67 100644
--- a/security/wazuh-manager/Makefile
+++ b/security/wazuh-manager/Makefile
@@ -1,6 +1,7 @@
 PORTNAME=	wazuh
 DISTVERSIONPREFIX=	v
 DISTVERSION=	4.14.1
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources \
 		LOCAL/acm/${PORTNAME}/:wazuh_cache
@@ -234,12 +235,14 @@ post-patch:
 		${WRKSRC}/framework/wazuh/rbac/decorators.py
 
 do-build:
+	cd ${WRKSRC} && ${CC} ${CFLAGS} -o check_pid ${FILESDIR}/check_pid.c
 	cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \
 		${MAKE_CMD} ${MAKE_ARGS}
 
 do-install:
 	${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/bin
 	${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/lib
+	${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/libexec
 	${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/tmp
 	${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/templates
 	${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/.ssh
@@ -256,6 +259,8 @@ do-install:
 	${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}${DIRE}
 .endfor
 
+	${INSTALL_PROGRAM} ${WRKSRC}/check_pid ${STAGEDIR}${WAZUHPREFIX}/libexec/check_pid
+
 	${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log
 	${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json
 	${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log
diff --git a/security/wazuh-manager/distinfo b/security/wazuh-manager/distinfo
index 1e8d9dcef44d..3cf2923e896b 100644
--- a/security/wazuh-manager/distinfo
+++ b/security/wazuh-manager/distinfo
@@ -57,22 +57,22 @@ SHA256 (wazuh-4.14.1/zlib.tar.gz) = b59d38149f0c29ec54d2766611ebc5a51a032bf9717e
 SIZE (wazuh-4.14.1/zlib.tar.gz) = 1593304
 SHA256 (wazuh-4.14.1/wazuh-cache-any-4.14.1.tar.gz) = 79ef4769856c7c7af6b9f2c2ef67bf6e2cc3db874dc25ea4086519f48c8bc729
 SIZE (wazuh-4.14.1/wazuh-cache-any-4.14.1.tar.gz) = 21536265
-SHA256 (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = 676478c4aa564cd8ab001e7e8d5ec64a7bce0f9aa6d2de1e77d81749e53eec68
-SIZE (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = 480480
+SHA256 (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = d4079d17c2e6eea261c2a9a0c24363bde1ce1df0c50bec86e52be3d329b7cb09
+SIZE (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = 480541
 SHA256 (wazuh-4.14.1/wazuh-cache-fbsd13-amd64-4.14.1.tar.gz) = e894bdc1697a8c4976e1cc68961c602850ec24582d5cc17baed82d8086620005
 SIZE (wazuh-4.14.1/wazuh-cache-fbsd13-amd64-4.14.1.tar.gz) = 26641362
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = edee8a08b775aa5d85e1154a4bfc0bb680eb99e390f5e0d8fb4774200748f404
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = 24707799
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = 7984654011ed67fffcc2f1f4297df5a4708d8d1dd6a79ab5c1dd295250883feb
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = 24707892
 SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = f2b26a36b116348e3443e7133017713956e8ed2e26eed90e4f396eb55a241eda
 SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = 25055515
 SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = c63484af8fd157f61b6bf0297b4233c3e2a3eee481f35c7d15fcb5b90d711489
 SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = 24690859
 SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 8b70abd8e3b408cd69dc2a5434ddaaa7afa9e59c9173c8a3242cef5c657327db
 SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 26650226
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 1510ef710bcae78e22db88f443504d006e9e4b45d27c66bb84984211409f7e65
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 24863114
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 03e92ad3b8cc1d06f9e31d07aa13d1ba3dca85b302d869ec5ec3a2b517d3dbf0
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653557
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 29ca4f074475bc29a852850193da0da421133f62f38ccd0a990edd17743845bb
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 24862885
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = f706a10b1e31dc959e1751a015b3ec2e74ddbda0362ab192ba3918852731635c
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653845
 SHA256 (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
 SIZE (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = 19810038
 SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = a955c569217122779ab5b6b58bdfabbfa1cd452b4719cc35c791f7047b1f364f
diff --git a/security/wazuh-manager/files/check_pid.c b/security/wazuh-manager/files/check_pid.c
new file mode 100644
index 000000000000..a5697601c41b
--- /dev/null
+++ b/security/wazuh-manager/files/check_pid.c
@@ -0,0 +1,103 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <err.h>
+#include <errno.h>
+#include <sys/sysctl.h>
+#include <sys/stat.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#define PID_MAX_FALLBACK    99999
+#define PROC_PATH           "/proc"
+/*
+ * /proc = 5, / = 1, <pid> = 5, \0 = 1
+ */
+#define PID_PATH_LEN        12
+
+static void     usage(void);
+static void     raise_invalid_number(int);
+static void     raise_atoi_exception(const char *);
+static int      safe_atoi(const char *, int *);
+
+int
+main(int argc, char **argv)
+{
+    const char *pid_str;
+    if ((pid_str = argv[1]) == NULL)
+        usage();
+
+    int pid;
+    if (safe_atoi(pid_str, &pid) != 0)
+        raise_atoi_exception(pid_str);
+
+    pid_t pid_max;
+
+    size_t pid_max_len;
+
+    pid_max_len = sizeof(pid_max);
+    if (sysctlbyname("kern.pid_max", &pid_max, &pid_max_len, NULL, 0) == -1) {
+        warnx("error getting sysctl");
+        pid_max = PID_MAX_FALLBACK;
+    }
+    
+    if (pid <= 0 || pid > pid_max)
+        raise_invalid_number(pid);
+
+    char pid_path[PID_PATH_LEN];
+
+    snprintf(pid_path, sizeof(pid_path), "/proc/%d", pid);
+
+    struct stat sbuf;
+
+    if (lstat(pid_path, &sbuf) == -1) {
+        if (errno == ENOENT)
+            return EX_NOINPUT;
+        else
+            warnx("error getting file status");
+            return EX_SOFTWARE;
+    }
+
+    return EX_OK;
+}
+
+static void
+raise_invalid_number(int n)
+{
+    errx(EX_DATAERR, "%d: invalid number", n);
+}
+
+static void
+raise_atoi_exception(const char *s)
+{
+    if (errno != 0)
+        err(EX_SOFTWARE, "atol()");
+    else
+        errx(EX_SOFTWARE, "could not convert %s to an integer", s);
+}
+
+static int
+safe_atoi(const char *s, int *ret_i)
+{
+    char *x = NULL;
+    long l;
+
+    errno = 0;
+    l = strtol(s, &x, 0);
+
+    if (!x || x == s || *x || errno)
+        return errno > 0 ? -errno : -EINVAL;
+
+    if ((long)(int)l != l)
+        return -ERANGE;
+
+    *ret_i = (int)l;
+
+    return 0;
+}
+
+static void
+usage(void)
+{
+    errx(EX_USAGE, "%s",
+        "usage: check_pid <pid>");
+}
diff --git a/security/wazuh-manager/files/patch-framework-wazuh-core-cluster_utils.py b/security/wazuh-manager/files/patch-framework-wazuh-core-cluster_utils.py
new file mode 100644
index 000000000000..8dc0d329d5dc
--- /dev/null
+++ b/security/wazuh-manager/files/patch-framework-wazuh-core-cluster_utils.py
@@ -0,0 +1,33 @@
+--- framework/wazuh/core/cluster/utils.py	2025-12-30 23:32:30.875588000 -0800
++++ framework/wazuh/core/cluster/utils.py	2025-12-30 23:33:42.825809000 -0800
+@@ -11,6 +11,7 @@
+ import socket
+ import time
+ import typing
++import subprocess
+ from contextvars import ContextVar
+ from functools import lru_cache
+ from glob import glob
+@@ -282,7 +283,7 @@
+             # it means each process crashed and was not able to remove its own pidfile.
+             data[process] = 'failed'
+             for pid in pidfile:
+-                if os.path.exists(os.path.join(proc_path, pidfile_regex.match(pid).group(1))):
++                if _check_pid_as_superman(pidfile_regex.match(pid).group(1)):
+                     data[process] = 'running'
+                     break
+ 
+@@ -291,6 +292,13 @@
+ 
+     return data
+ 
++def _check_pid_as_superman(pid):
++    try:
++        subprocess.check_call(["/var/ossec/libexec/check_pid", pid])
++    except subprocess.CalledProcessError as e:
++        return False
++ 
++    return True
+ 
+ def get_cluster_status() -> typing.Dict:
+     """Get cluster status.
diff --git a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp
index 929fef4ec8c1..7765db26eb93 100644
--- a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp
+++ b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp
@@ -1,17 +1,22 @@
---- src/data_provider/src/sysInfoFreeBSD.cpp	2025-09-23 06:59:40.000000000 -0700
-+++ src/data_provider/src/sysInfoFreeBSD.cpp	2025-10-16 15:42:56.638994000 -0700
-@@ -11,20 +11,23 @@
+--- src/data_provider/src/sysInfoFreeBSD.cpp.orig	2025-12-29 18:29:38.128837000 -0400
++++ src/data_provider/src/sysInfoFreeBSD.cpp	2025-12-30 01:04:57.828191000 -0400
+@@ -11,20 +11,28 @@
  #include "sysInfo.hpp"
  #include "cmdHelper.h"
  #include "stringHelper.h"
 +#include "timeHelper.h"
  #include "osinfo/sysOsParsers.h"
++#include "sqliteWrapperTemp.h"
++#include "filesystemHelper.h"
  #include <sys/sysctl.h>
  #include <sys/vmmeter.h>
  #include <sys/utsname.h>
  #include "sharedDefs.h"
 +#include <regex>
  
++const std::string PKG_DB_PATHNAME {"/var/db/pkg/local.sqlite"};
++const std::string PKG_QUERY {"SELECT p.name, p.maintainer, p.version, p.arch, p.comment, p.flatsize, p.time, v.annotation AS repository,p.origin FROM packages p LEFT JOIN (SELECT pa.package_id, pa.value_id FROM pkg_annotation pa JOIN annotation t ON t.annotation_id = pa.tag_id AND t.annotation = 'repository') pr ON pr.package_id = p.id LEFT JOIN annotation v ON v.annotation_id = pr.value_id;"};
++
  static void getMemory(nlohmann::json& info)
  {
 +    constexpr auto vmFree{"vm.stats.vm.v_free_count"};
@@ -27,7 +32,7 @@
  
      if (ret)
      {
-@@ -52,11 +55,23 @@
+@@ -52,11 +60,23 @@
          };
      }
  
@@ -54,7 +59,7 @@
  
      if (ret)
      {
-@@ -64,11 +79,11 @@
+@@ -64,11 +84,11 @@
          {
              ret,
              std::system_category(),
@@ -68,7 +73,7 @@
      info["ram_free"] = ramFree;
      info["ram_usage"] = 100 - (100 * ramFree / ramTotal);
  }
-@@ -184,8 +199,12 @@
+@@ -184,8 +204,12 @@
  
  nlohmann::json SysInfo::getProcessesInfo() const
  {
@@ -83,7 +88,7 @@
  }
  
  nlohmann::json SysInfo::getOsInfo() const
-@@ -196,11 +215,12 @@
+@@ -196,11 +220,12 @@
  
      if (!spParser->parseUname(Utils::exec("uname -r"), ret))
      {
@@ -97,32 +102,40 @@
      if (uname(&uts) >= 0)
      {
          ret["sysname"] = uts.sysname;
-@@ -215,18 +235,200 @@
+@@ -215,44 +240,257 @@
  
  nlohmann::json SysInfo::getPorts() const
  {
 -    // Currently not supported for this OS.
 -    return nlohmann::json {};
+-}
 +    nlohmann::json ports {};
 +    
 +    /* USER COMMAND PID FD PROTO LOCAL_ADDRESS FOREIGN_ADDRESS PATH_STATE CONN_STATE */
 +    
 +#if __FreeBSD_version > 1500045
 +    const auto query{exec(R"(sockstat -46qs --libxo json)")};
-+
+ 
+-void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> /*callback*/) const
+-{
+-    // Currently not supported for this OS.
+-}
 +    if (!query.empty())
 +    {
 +        nlohmann::json portsjson;
 +        portsjson = nlohmann::json::parse(query);
 +        auto &portsResult = portsjson["sockstat"]["socket"];
-+
+ 
+-void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const
+-{
+-    const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")};
 +        for(auto &port : portsResult) {
 +            std::string localip = "";
 +            std::string localport = "";
 +            std::string remoteip = "";
 +            std::string remoteport = "";
 +            std::string statedata = "";
-+
+ 
 +            if (port["pid"] != nullptr) {
 +
 +                localip = port["local"]["address"];
@@ -170,16 +183,32 @@
 +#else
 +    const auto query{Utils::exec(R"(sockstat -46qs)")};
 +
-+    if (!query.empty())
-+    {
+     if (!query.empty())
+     {
+-        const auto lines{Utils::split(query, '\n')};
 +        const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')};
-+
+ 
 +        std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)");
 +
-+        for (const auto& line : lines)
-+        {
+         for (const auto& line : lines)
+         {
+-            const auto data{Utils::split(line, '|')};
+-            nlohmann::json package;
 +            std::smatch data;
-+
+ 
+-            package["name"] = data[0];
+-            package["vendor"] = data[1];
+-            package["version"] = data[2];
+-            package["install_time"] = UNKNOWN_VALUE;
+-            package["location"] = UNKNOWN_VALUE;
+-            package["architecture"] = data[3];
+-            package["groups"] = UNKNOWN_VALUE;
+-            package["description"] = data[4];
+-            package["size"] = 0;
+-            package["priority"] = UNKNOWN_VALUE;
+-            package["source"] = UNKNOWN_VALUE;
+-            package["format"] = "pkg";
+-            // The multiarch field won't have a default value
 +            if (std::regex_search(line, data, expression))
 +            {
 +                std::string localip = "";
@@ -187,7 +216,8 @@
 +                std::string remoteip = "";
 +                std::string remoteport = "";
 +                std::string statedata = "";
-+
+ 
+-            callback(package);
 +                auto localdata{Utils::split(data[6], ':')};
 +                auto remotedata{Utils::split(data[7], ':')};
 +
@@ -240,12 +270,10 @@
 +    }
 +#endif
 +    return ports;
- }
- 
--void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> /*callback*/) const
++}
++
 +void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> callback) const
- {
--    // Currently not supported for this OS.
++{
 +    const auto query{Utils::exec(R"(ps -ax -w -o pid,comm,state,ppid,usertime,systime,user,ruser,svuid,group,rgroup,svgid,pri,nice,ssiz,vsz,rss,pmem,etimes,sid,pgid,tpgid,tty,cpu,nlwp,args --libxo json)")};
 +
 +    if (!query.empty())
@@ -294,42 +322,68 @@
 +          callback(jsProcessInfo);
 +      }
 +    }
++}
++
++void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const
++{
++    if (Utils::existsRegular(PKG_DB_PATHNAME))
++    {
++        try
++        {
++            std::shared_ptr<SQLite::IConnection> sqliteConnection = std::make_shared<SQLite::Connection>(PKG_DB_PATHNAME);
++
++            SQLite::Statement stmt
++            {
++                sqliteConnection,
++                PKG_QUERY
++            };
++
++            while (SQLITE_ROW == stmt.step())
++            {
++                try
++                {
++                    auto pkg_name{ stmt.column(0) };
++                    auto pkg_maintainer{ stmt.column(1) };
++                    auto pkg_version{ stmt.column(2) };
++                    auto pkg_arch{ stmt.column(3) };
++                    auto pkg_comment{ stmt.column(4) };
++                    auto pkg_flatsize{ stmt.column(5) };
++                    auto pkg_time{ stmt.column(6) };
++                    auto pkg_repository{ stmt.column(7) };
++                    auto pkg_origin{ stmt.column(8) };
++
++                    const auto archdata{Utils::split(pkg_arch->value(std::string{}), ':')};
++                    const auto sectiondata{Utils::split(pkg_origin->value(std::string{}), '/')};
++
++                    nlohmann::json package;
++
++                    package["name"] = pkg_name->value(std::string{});
++                    package["vendor"] = pkg_maintainer->value(std::string{});
++                    package["version"] = pkg_version->value(std::string{});
++                    package["install_time"] = pkg_time->value(std::string{});
++                    package["location"] = UNKNOWN_VALUE;
++                    package["architecture"] = archdata[2];
++                    package["groups"] = UNKNOWN_VALUE;
++                    package["description"] = pkg_comment->value(std::string{});
++                    package["size"] = pkg_flatsize->value(uint64_t{});
++                    package["priority"] = UNKNOWN_VALUE;
++                    package["source"] = pkg_repository->value(std::string{});
++                    package["section"] = sectiondata[0];
++                    package["format"] = "pkg";
++                    // The multiarch field won't have a default value
++
++                    callback(package);
++                }
++                catch (const std::exception& e)
++                {
++                    std::cerr << e.what() << std::endl;
++                }
++            }
+         }
++        catch (const std::exception& e)
++        {
++            std::cerr << e.what() << std::endl;
++        }
+     }
  }
  
- void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const
- {
--    const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")};
-+    const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c|%sb|%t|%R|%o")")};
- 
-     if (!query.empty())
-     {
-@@ -235,6 +437,9 @@
-         for (const auto& line : lines)
-         {
-             const auto data{Utils::split(line, '|')};
-+            const auto archdata{Utils::split(data[3], ':')};
-+            const auto sectiondata{Utils::split(data[8], '/')};
-+
-             nlohmann::json package;
-             std::string vendor       { UNKNOWN_VALUE };
-             std::string email        { UNKNOWN_VALUE };
-@@ -244,14 +449,15 @@
-             package["name"] = data[0];
-             package["vendor"] = vendor;
-             package["version"] = data[2];
--            package["install_time"] = UNKNOWN_VALUE;
-+            package["install_time"] = data[6];
-             package["location"] = UNKNOWN_VALUE;
--            package["architecture"] = data[3];
-+            package["architecture"] = archdata[2];
-             package["groups"] = UNKNOWN_VALUE;
-             package["description"] = data[4];
--            package["size"] = 0;
-+            package["size"] = data[5];
-             package["priority"] = UNKNOWN_VALUE;
--            package["source"] = UNKNOWN_VALUE;
-+            package["source"] = data[7];
-+            package["section"] = sectiondata[0];
-             package["format"] = "pkg";
-             // The multiarch field won't have a default value
- 
diff --git a/security/wazuh-manager/pkg-plist b/security/wazuh-manager/pkg-plist
index cc555ee1a4da..221932188520 100644
--- a/security/wazuh-manager/pkg-plist
+++ b/security/wazuh-manager/pkg-plist
@@ -29886,6 +29886,7 @@
 /var/ossec/lib/libvulnerability_scanner.so
 /var/ossec/lib/libwazuhext.so
 /var/ossec/lib/libwazuhshared.so
+@(root,wheel,4755) /var/ossec/libexec/check_pid
 @mode 660
 @owner wazuh
 @group wazuh
@@ -33161,6 +33162,7 @@
 @dir /var/ossec/framework
 @dir /var/ossec/integrations
 @dir /var/ossec/lib
+@dir(root,wazuh,750) /var/ossec/libexec
 @dir /var/ossec/logs/alerts
 @dir /var/ossec/logs/api
 @dir /var/ossec/logs/archives

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6954ddd8.3d862.34cdb6a3>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation