Description

Hi team,

This pull request aims to include several changes to make Wazuh's building process independent of any predefined installation path. As described in the related issue, some requirements related to both scripts and source code have been met:

Makefile and scripts

• Both scripts and Makefile have been modified to make the install path only mandatory during installation time. By default, it is still /var/ossec.

• Both Makefile and scripts have been modified to allow compatibility with the new embedded python interpreter.

Source code

In order to adapt Wazuh's binaries to work without any predefined installation path, several changes have been introduced in the source code:

• Binaries now guess their install location on runtime.
• Once this location is obtained, each binary moves its working directory with chdir() to the path found.
• With the installing path as their working directory, binaries now use relative paths to use Wazuh-related resources.

Makefile options

From now on, there will be two main approaches regarding Wazuh's Python dependencies:

• Running make deps will download a portable Python interpreter in a tar.gz file.
• Running make deps PYTHON_SOURCE=y|Y|yes|YES|1 will download the sources required to build and install the Python interpreter, inside the cpython directory. Using this interpreter will require Wazuh to be compiled along with the INSTALLDIR variable set to the installing directory.

Some configuration examples:

# make deps && make TARGET=server
# make deps PYTHON_SOURCE=y && make TARGET=server INSTALLDIR=/var/ossec
# make deps PYTHON_SOURCE=y && make TARGET=server INSTALLDIR=/opt/ossec

How binaries work

All binaries and daemons have been modified to get their installation path automatically, in runtime. This allows them to use relative paths when accessing Wazuh-related resources. If the attempt at obtaining the install path fails, the binaries will try to obtain it from the WAZUH_HOME environment variable, which should be previously set by the user, as shown in the next example.

# If the binary is unable to find the Wazuh install directory:

2021/02/25 13:08:07 wazuh-syscheckd: CRITICAL: (1108): Unable to find Wazuh install directory. Export it to WAZUH_HOME environment variable.

# Export the install location to the WAZUH_HOME variable and restart the service:

$ export WAZUH_HOME=/var/ossec && /var/ossec/bin/wazuh-control start
Starting  v4.2.0...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.    

Logs/Alerts example

A new debug message has been included to print the install location once it has been obtained:

# /var/ossec/bin/wazuh-execd -ddf

    ...

2021/02/25 16:52:55 wazuh-execd[54306] execd.c:168 at main(): DEBUG: Wazuh home directory: /var/ossec

Despite all modifications, the standard installation provides a successful log:

# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/etc/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-02-01 11:03:30 CET; 1h 1min ago
  Process: 21110 ExecStart=/usr/bin/env ${DIRECTORY}/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 194 (limit: 4915)
   CGroup: /system.slice/wazuh-manager.service
           ├─21205 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─21244 /var/ossec/bin/wazuh-authd
           ├─21261 /var/ossec/bin/wazuh-db
           ├─21285 /var/ossec/bin/wazuh-execd
           ├─21296 /var/ossec/bin/wazuh-analysisd
           ├─21431 /var/ossec/bin/wazuh-syscheckd
           ├─21448 /var/ossec/bin/wazuh-remoted
           ├─21481 /var/ossec/bin/wazuh-logcollector
           ├─21496 /var/ossec/bin/wazuh-monitord
           └─21509 /var/ossec/bin/wazuh-modulesd

Feb 01 11:03:23 casa env[21110]: Started wazuh-db...
Feb 01 11:03:23 casa env[21110]: Started wazuh-execd...
Feb 01 11:03:24 casa env[21110]: Started wazuh-analysisd...
Feb 01 11:03:25 casa env[21110]: Started wazuh-syscheckd...
Feb 01 11:03:26 casa env[21110]: Started wazuh-remoted...
Feb 01 11:03:26 casa env[21110]: Started wazuh-logcollector...
Feb 01 11:03:27 casa env[21110]: Started wazuh-monitord...
Feb 01 11:03:28 casa env[21110]: Started wazuh-modulesd...
Feb 01 11:03:30 casa env[21110]: Completed.
Feb 01 11:03:30 casa systemd[1]: Started Wazuh manager.

Tests

• Compilation without warnings in every supported platform

  • Linux
  • Windows
  • MAC OS X

• Source installation

  • Ubuntu 20: using portable Python and install path: /var/ossec
  • Ubuntu 20: using portable Python and install path: /opt/ossec
  • Ubuntu 20: compiling and installing Python and install path: /var/ossec
  • Ubuntu 20: compiling and installing Python and install path: /opt/ossec
  • centOS 7: using portable Python and install path: /var/ossec
  • centOS 7: using portable Python and install path: /opt/ossec
  • centOS 7: compiling and installing Python and install path: /var/ossec
  • centOS 7: compiling and installing Python and install path: /opt/ossec

• Memory tests for Linux

  • Scan-build report
  • Valgrind (memcheck and descriptor leaks check)
  • Unit tests