Support New OSs - Rocky Linux 10 - Test VD Works Properly With New OS

by ADMIN 70 views

Introduction

This article details the plan and tasks involved in ensuring Wazuh's compatibility with the new Rocky Linux 10 operating system, specifically focusing on the proper functioning of Vulnerability Detection (VD). This effort is crucial for maintaining Wazuh's broad support across various platforms, ensuring users can leverage Wazuh's capabilities regardless of their chosen OS. The successful integration of Rocky Linux 10 is essential for our commitment to providing comprehensive security monitoring and threat detection across diverse environments. This involves thorough testing and integration efforts to ensure seamless functionality and optimal performance. Our commitment to supporting the latest operating systems reflects our dedication to providing users with cutting-edge security solutions that adapt to the evolving technology landscape. Through rigorous testing and validation, we aim to deliver a reliable and robust experience for Wazuh users on Rocky Linux 10, ensuring they can leverage the full potential of our platform for their security needs.

Related Issues and Epic

Related issue Epic issue
https://github.com/wazuh/wazuh/issues/30436 https://github.com/wazuh/wazuh/issues/30441

OS Support Tier

Agent tier Central components support OS type Architectures
1 no Major amd64 & arm64

Rocky Linux 10 Support Plan

The plan outlines the steps required to validate the compatibility of Wazuh with Rocky Linux 10, emphasizing the agent's functionality. The primary focus is on ensuring that the Vulnerability Detection (VD) module operates correctly on this new platform. This involves a series of tests and checks to confirm that the agent can effectively scan for vulnerabilities and report them accurately. By meticulously following this plan, we aim to provide a seamless and reliable experience for Wazuh users on Rocky Linux 10. This comprehensive approach ensures that all critical components of the Wazuh agent function as expected, thereby maintaining the integrity and effectiveness of the security monitoring system. Our commitment to thorough testing reflects our dedication to delivering high-quality solutions that meet the evolving needs of our user base.

CppServer Tasks for Rocky Linux 10

The Tier 1 agent validation is crucial, requiring verification that the VD module functions correctly on Rocky Linux 10, aligning with the OS tier specifications. This involves conducting a series of tests to ensure that the agent can accurately detect vulnerabilities and report them as expected. The validation process includes scanning for common vulnerabilities, verifying the accuracy of the scan results, and ensuring that the agent's performance is consistent with its behavior on other supported platforms. This meticulous testing is essential for maintaining the reliability and effectiveness of Wazuh's security monitoring capabilities. By thoroughly validating the VD module, we can ensure that users on Rocky Linux 10 receive the same level of protection and functionality as those on other supported operating systems. This commitment to quality and consistency is a cornerstone of our approach to platform support.

  • [ ] Tier 1 agent: Make sure that VD works properly according to the OS tier.

Detailed Task Breakdown

To ensure the Tier 1 agent functions correctly on Rocky Linux 10, especially the Vulnerability Detection (VD) module, a series of specific tasks must be completed. These tasks are designed to rigorously test the agent's capabilities and ensure that it meets the required performance standards. The focus is on validating that the VD module can accurately identify vulnerabilities and report them effectively. This involves conducting a range of tests, including scanning for known vulnerabilities, verifying the accuracy of the scan results, and assessing the agent's performance under different conditions. By meticulously completing these tasks, we can ensure that the Wazuh agent provides reliable and comprehensive security monitoring on Rocky Linux 10.

  1. Environment Setup:

    • Set up a Rocky Linux 10 virtual machine (VM) with the supported architectures (amd64 & arm64) to mimic a real-world deployment environment. This involves installing the operating system, configuring the network settings, and ensuring that the necessary dependencies are in place. The VM should be configured to closely resemble a typical production environment to ensure that the tests accurately reflect real-world conditions. This step is crucial for identifying any potential compatibility issues or performance bottlenecks that may arise in a live deployment.

  2. Wazuh Agent Installation:

    • Install the Wazuh agent on the Rocky Linux 10 VM. This involves downloading the appropriate agent package, installing it using the package manager, and configuring it to connect to the Wazuh server. The installation process should be straightforward and well-documented to ensure that users can easily set up the agent on their systems. This step is essential for enabling the agent to communicate with the Wazuh server and begin monitoring the system for vulnerabilities.

  3. Vulnerability Database Synchronization:

    • Ensure the agent correctly synchronizes with the vulnerability database. This involves verifying that the agent can download the latest vulnerability definitions and that the database is up-to-date. The synchronization process should be automated and reliable to ensure that the agent always has access to the most current vulnerability information. This step is crucial for the agent's ability to accurately detect and report vulnerabilities on the system.

  4. Vulnerability Scanning:

    • Initiate vulnerability scans on the Rocky Linux 10 system. This involves configuring the agent to perform scans at regular intervals and verifying that the scans are completed successfully. The scans should cover a wide range of potential vulnerabilities, including those in the operating system, installed software, and network services. This step is essential for identifying any security weaknesses that may exist on the system.

  5. Report Verification:

    • Check and verify the vulnerability reports generated by the Wazuh agent. This involves reviewing the reports to ensure that they accurately reflect the vulnerabilities present on the system. The reports should provide detailed information about each vulnerability, including its severity, potential impact, and recommended remediation steps. This step is crucial for ensuring that the agent's reports are accurate and reliable, allowing users to take appropriate action to address any identified vulnerabilities.

  6. Performance Monitoring:

    • Monitor the performance of the VD module to ensure it operates efficiently without causing undue system load. This involves tracking the agent's CPU usage, memory consumption, and disk I/O during vulnerability scans. The agent should be designed to minimize its impact on system performance, ensuring that it does not interfere with other critical applications. This step is essential for ensuring that the agent can perform its monitoring tasks without negatively affecting the overall system performance.

  7. Log Analysis:

    • Analyze the Wazuh agent logs for any errors or warnings related to the VD module. This involves reviewing the logs to identify any issues that may have occurred during the vulnerability scanning process. The logs should provide detailed information about any errors or warnings, allowing administrators to troubleshoot and resolve any problems that may arise. This step is crucial for ensuring that the agent is functioning correctly and that any potential issues are identified and addressed promptly.

  8. Compatibility Testing:

    • Test the VD module with various software configurations and package versions on Rocky Linux 10. This involves installing different software packages and versions and verifying that the agent can still accurately detect vulnerabilities. The agent should be designed to work seamlessly with a wide range of software configurations, ensuring that it can provide comprehensive security monitoring in diverse environments. This step is essential for ensuring that the agent is compatible with the various software configurations that users may have on their systems.

Testing the Vulnerability Detection Module

Testing the Vulnerability Detection (VD) module involves several critical steps to ensure its proper functioning on Rocky Linux 10. This process includes verifying the initial setup, monitoring real-time scans, and analyzing generated reports. Each step is designed to validate the module's performance and accuracy in identifying vulnerabilities. Thorough testing is essential for maintaining the integrity and reliability of Wazuh's security monitoring capabilities. By conducting these tests, we can ensure that the VD module effectively protects systems running Rocky Linux 10, providing users with accurate and timely information about potential security threats. Our commitment to rigorous testing reflects our dedication to delivering high-quality solutions that meet the evolving needs of our user base.

Initial Setup Verification

Verifying the initial setup of the Vulnerability Detection (VD) module is a crucial step in ensuring its proper functionality on Rocky Linux 10. This involves several key checks to confirm that all components are correctly installed and configured. This includes verifying that the Wazuh agent is running, the VD module is enabled, and the necessary vulnerability databases are synchronized. Proper initial setup is essential for the VD module to accurately detect and report vulnerabilities. By thoroughly verifying the setup, we can ensure that the module is ready to perform its security monitoring tasks effectively. This step is critical for establishing a solid foundation for the VD module's operation on Rocky Linux 10.

  1. Agent Status Check:

    • Confirm that the Wazuh agent is running on the Rocky Linux 10 system. Use system commands (e.g., systemctl status wazuh-agent) to check the agent's status and ensure it is active and running without errors. This is the foundational step for any Wazuh functionality, as the agent is responsible for collecting and transmitting data to the Wazuh server. A running agent is essential for the VD module to operate correctly.

  2. VD Module Activation:

    • Verify that the Vulnerability Detection module is enabled in the Wazuh agent configuration. Review the agent's configuration file (/var/ossec/etc/ossec.conf) to ensure the VD module is properly configured and enabled. The configuration should specify the necessary settings for vulnerability scanning. This step is critical for ensuring that the VD module is active and ready to perform vulnerability scans.

  3. Database Synchronization:

    • Check if the vulnerability databases are synchronized. Ensure the agent has successfully downloaded and updated the vulnerability databases (e.g., NVD, OSVD). This can be verified by checking the agent's logs for successful database synchronization messages or by examining the database files themselves. Up-to-date databases are crucial for the VD module to accurately identify the latest vulnerabilities.

  4. Log Review:

    • Examine the Wazuh agent logs for any initial setup errors or warnings related to the VD module. This involves reviewing the log files for any messages that indicate issues with the VD module's configuration or startup. Addressing any errors or warnings early in the process is essential for ensuring the module's stability and performance.

Real-Time Scan Monitoring

Monitoring real-time scans is essential for ensuring the Vulnerability Detection (VD) module is actively and effectively scanning the Rocky Linux 10 system. This involves observing the scans as they occur, checking for any errors, and confirming that the scans are covering the intended areas. Real-time monitoring provides immediate feedback on the VD module's performance and helps identify any issues that may arise during the scanning process. This proactive approach ensures that vulnerabilities are detected promptly, allowing for timely remediation and enhanced security. By closely monitoring real-time scans, we can verify the VD module's effectiveness and ensure it is providing continuous protection.

  1. Scan Initiation:

    • Manually initiate a vulnerability scan to observe the real-time scanning process. This can be done through the Wazuh API or by configuring a scan schedule in the agent's configuration. Initiating a manual scan allows for immediate observation and verification of the scanning process.

  2. Progress Tracking:

    • Monitor the progress of the scan. Check the agent logs to see the status of the scan, including the number of files scanned, the number of vulnerabilities detected, and any errors encountered. This provides insight into the scan's progress and helps identify any potential bottlenecks or issues.

  3. Resource Usage:

    • Observe system resource usage during the scan. Monitor CPU, memory, and disk I/O usage to ensure the scan does not negatively impact system performance. The VD module should be designed to perform scans efficiently without causing undue system load. Monitoring resource usage helps ensure the scan is running optimally.

  4. Error Detection:

    • Check for any errors or warnings in the agent logs during the scan. This includes errors related to file access, database issues, or other scanning problems. Promptly addressing any errors is essential for ensuring the scan's accuracy and completeness.

Report Analysis

Analyzing the reports generated by the Vulnerability Detection (VD) module is a critical step in validating its effectiveness on Rocky Linux 10. This involves reviewing the reports for accuracy, completeness, and relevance. The reports should provide detailed information about identified vulnerabilities, including their severity, potential impact, and recommended remediation steps. Thorough report analysis ensures that the VD module is accurately detecting and reporting vulnerabilities, enabling users to take appropriate action to mitigate risks. This step is essential for maintaining the security of systems and data.

  1. Accuracy Verification:

    • Verify the accuracy of the vulnerabilities reported. Cross-reference the reported vulnerabilities with other vulnerability databases or tools to ensure the VD module is accurately identifying and reporting vulnerabilities. Accurate reporting is crucial for effective vulnerability management.

  2. Completeness Check:

    • Check for completeness of the report. Ensure the report includes all relevant information about the vulnerabilities, such as the affected software, the severity of the vulnerability, and recommended remediation steps. A complete report provides users with the necessary information to address vulnerabilities effectively.

  3. Relevance Assessment:

    • Assess the relevance of the reported vulnerabilities. Determine whether the reported vulnerabilities are applicable to the system and the environment in which it operates. Irrelevant vulnerabilities can clutter reports and waste resources. Assessing relevance helps prioritize vulnerabilities that pose the greatest risk.

  4. Remediation Guidance:

    • Evaluate the remediation guidance provided in the report. Ensure the report provides clear and actionable steps for addressing the identified vulnerabilities. Effective remediation guidance is essential for mitigating vulnerabilities and improving system security.

Conclusion

In conclusion, supporting new operating systems like Rocky Linux 10 is crucial for Wazuh's commitment to providing comprehensive security monitoring across diverse environments. The primary focus on ensuring the Vulnerability Detection (VD) module functions correctly is essential for maintaining the integrity and reliability of our security solutions. The plan outlined involves meticulous testing, validation, and monitoring to ensure seamless functionality and optimal performance on Rocky Linux 10. By following the detailed tasks for the CppServer and thoroughly testing the VD module, we can ensure that users on Rocky Linux 10 receive the same level of protection and functionality as those on other supported operating systems. This dedication to quality and consistency underscores our commitment to delivering high-quality solutions that meet the evolving needs of our user base. Ultimately, our goal is to provide a secure and robust experience for all Wazuh users, regardless of their chosen platform.