wazuh icon indicating copy to clipboard operation
wazuh copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Keystore refactor

Open zbalkan opened this issue 1 year ago • 1 comments

Related issue
N/A

Description

After upgrading to Wazuh 4.8.0, I had issues with keystore. Unfortunately all I got was wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: RSA decryption failed, and it is not helpful in troubleshooting.

In order to improve internal visibility, I only added some logDebug2 options. Also did some refactoring around keystore application.

Configuration options

Logs/Alerts example

Before:

wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: RSA decryption failed

After:

[DEBUG] keystore: Encryption successful for key: myKey
[DEBUG] keystore: Inserted encrypted value for key: myKey into column family: myFamily

[DEBUG] keystore: Decryption successful for key: myKey

[ERROR] keystore: Exception during encryption for key: myKey, Error: RSA encryption failed

[DEBUG] keystore: Encryption successful for key: myKey
[ERROR] keystore: Exception during database insertion for key: myKey, Error: Failed to put key-value pair into RocksDB

[DEBUG] keystore: Encryption successful for key: myKey
[DEBUG] keystore: Inserted encrypted value for key: myKey into column family: myFamily
[ERROR] keystore: Exception during decryption for key: myKey, Error: RSA decryption failed

[ERROR] keystore: Exception during database retrieval for key: myKey, Error: Failed to get value from RocksDB

Tests

  • Compilation without warnings in every supported platform
    • [x] Linux
    • [ ] Windows
    • [ ] MAC OS X
  • [ ] Source installation
  • [ ] Package installation
  • [ ] Source upgrade
  • [ ] Package upgrade
  • [ ] Review logs syntax and correct language
  • [ ] QA templates contemplate the added capabilities
  • Memory tests for Linux
    • [ ] Scan-build report
    • [ ] Coverity
    • [ ] Valgrind (memcheck and descriptor leaks check)
    • [ ] Dr. Memory
    • [ ] AddressSanitizer
  • Memory tests for Windows
    • [ ] Scan-build report
    • [ ] Coverity
    • [ ] Dr. Memory
  • Memory tests for macOS
    • [ ] Scan-build report
    • [ ] Leaks
    • [ ] AddressSanitizer
  • [ ] Retrocompatibility with older Wazuh versions
  • [ ] Working on cluster environments
  • [ ] Configuration on demand reports new parameters
  • [ ] The data flow works as expected (agent-manager-api-app)
  • [ ] Added unit tests (for new features)
  • [ ] Stress test for affected components
  • Decoder/Rule tests
    • [ ] Added unit testing files ".ini"
    • [ ] runtests.py executed without errors

zbalkan avatar Jun 29 '24 21:06 zbalkan