Merge remote-tracking branch 'origin/bugfix/10.5.20/update-agent-hostname' into bugfix/10.5.20/update-agent-hostname

Author: mjabascal10

.github/workflows/principal-multi-env.yml

@@ -43,7 +43,6 @@ jobs:
             backend:
               - 'backend/**'
               - 'version.yml'
-            correlation: correlation/**
             frontend: frontend/**
             bitdefender: bitdefender/**
             mutate: mutate/**
@@ -74,7 +73,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix: 
-        service: ['agent-manager', 'aws', 'backend', 'correlation', 'frontend', 'bitdefender', 'mutate', 'office365', 'log-auth-proxy', 'sophos', 'user-auditor', 'web-pdf'] 
+        service: ['agent-manager', 'aws', 'backend', 'frontend', 'bitdefender', 'mutate', 'office365', 'log-auth-proxy', 'sophos', 'user-auditor', 'web-pdf'] 
     uses: ./.github/workflows/used-runner.yml
     with:
       microservice: ${{ matrix.service }}

.github/workflows/used-runner.yml

@@ -22,7 +22,7 @@ jobs:
         id: get_tech
         run: |
           folder_changed="${{inputs.microservice}}"
-          if [[ "$folder_changed" == "agent-manager" || "$folder_changed" == "aws" || "$folder_changed" == "correlation" || "$folder_changed" == "bitdefender" || "$folder_changed" == "office365" || "$folder_changed" == "sophos" || "$folder_changed" == "log-auth-proxy" ]]; then
+          if [[ "$folder_changed" == "agent-manager" || "$folder_changed" == "aws" || "$folder_changed" == "bitdefender" || "$folder_changed" == "office365" || "$folder_changed" == "sophos" || "$folder_changed" == "log-auth-proxy" ]]; then
             tech="golang"
           elif [[ "$folder_changed" == "backend" ]]; then
             tech="java-11"

CHANGELOG.md

@@ -1,8 +1,13 @@
 # UTMStack 10.5.20 Release Notes
 ## Bug Fixes
 - Fixed the IP location component to accurately determine whether an IP address is public or private.
+- Fixed communication from/to agents using secure connections.
+- Fixed negative operator evaluation matching on wrong input value due to insufficient checking in correlation engine.
+- Reorganized GeoIP database and threat intelligence loading into more modular functions for improved maintainability and code readability. Simplified caching, removed unused database function, and restructured rule-handling logic. Addressed minor variable renames and logging adjustments for consistency.
+- Removed unused docker volume configuration for GeoIp.
+- Fixed Kernel modules wheren't loaded because incorrect function call
 
 ## New Features
 - Introduced new standards, sections, dashboards, and visualizations to compliance reports.
-- Update ip address to agent
-- Alert generation for down data sources
+- Update ip address to agent.
+- Alert generation for down data sources.

backend/src/main/java/com/park/utmstack/service/agent_manager/AgentGrpcService.java

@@ -93,9 +93,29 @@ public AuthResponseDTO updateAgentAttributes(AgentRequestVM agentRequestVM) thro
         final String ctx = CLASSNAME + ".updateAgentAttributes";
         try {
             AgentRequest req = agentRequestVM.getAgentRequest();
-            Metadata customHeaders = new Metadata();
-            customHeaders.put(Metadata.Key.of("key", Metadata.ASCII_STRING_MARSHALLER), agentRequestVM.getAgentKey());
-            customHeaders.put(Metadata.Key.of("id", Metadata.ASCII_STRING_MARSHALLER), String.valueOf(agentRequestVM.getId()));
+
+            // Validating the existence of the agent.
+            String currentUser = SecurityUtils.getCurrentUserLogin().orElseThrow(() -> new RuntimeException("No current user login"));
+            Agent agent = null;
+            String hostname = agentRequestVM.getHostname();
+
+            try {
+                agent = blockingStub.getAgentByHostname(Hostname.newBuilder().setHostname(hostname).build());
+                if (agent == null) {
+                    String msg = String.format("%1$s: Agent %2$s could not be updated because no information was obtained from the agent", ctx, hostname);
+                    log.error(msg);
+                    throw new Exception(msg);
+                }
+            } catch (StatusRuntimeException e) {
+                if (e.getStatus().getCode() == Status.Code.NOT_FOUND) {
+                    String msg = String.format("%1$s: Agent %2$s could not be updated because was not found", ctx, hostname);
+                    log.error(msg);
+                    throw new Exception(msg);
+                }
+            }
+
+            assert agent != null;
+            Metadata customHeaders = getCustomHeaders(agent);
 
             Channel intercept = ClientInterceptors.intercept(grpcManagedChannel, MetadataUtils.newAttachHeadersInterceptor(customHeaders));
             AgentServiceGrpc.AgentServiceBlockingStub newStub = AgentServiceGrpc.newBlockingStub(intercept);
@@ -163,9 +183,8 @@ public void deleteAgent(String hostname) {
 
             AgentDelete request = AgentDelete.newBuilder().setDeletedBy(currentUser).build();
 
-            Metadata customHeaders = new Metadata();
-            customHeaders.put(Metadata.Key.of("key", Metadata.ASCII_STRING_MARSHALLER), agent.getAgentKey());
-            customHeaders.put(Metadata.Key.of("id", Metadata.ASCII_STRING_MARSHALLER), String.valueOf(agent.getId()));
+            assert agent != null;
+            Metadata customHeaders = getCustomHeaders(agent);
 
             Channel intercept = ClientInterceptors.intercept(grpcManagedChannel, MetadataUtils.newAttachHeadersInterceptor(customHeaders));
             AgentServiceGrpc.AgentServiceBlockingStub newStub = AgentServiceGrpc.newBlockingStub(intercept);
@@ -177,4 +196,11 @@ public void deleteAgent(String hostname) {
             throw new RuntimeException(msg);
         }
     }
+
+    private Metadata getCustomHeaders (Agent agent) {
+        Metadata customHeaders = new Metadata();
+        customHeaders.put(Metadata.Key.of("key", Metadata.ASCII_STRING_MARSHALLER), agent.getAgentKey());
+        customHeaders.put(Metadata.Key.of("id", Metadata.ASCII_STRING_MARSHALLER), String.valueOf(agent.getId()));
+        return customHeaders;
+    }
 }

backend/src/main/java/com/park/utmstack/web/rest/vm/AgentRequestVM.java

@@ -1,29 +1,17 @@
 package com.park.utmstack.web.rest.vm;
 
 import com.park.utmstack.service.grpc.AgentRequest;
-
-import javax.validation.constraints.Min;
 import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
 
+/*
+* Use this class when you need to update agent's attributes.
+* To add new attributes to update, add it to the class. Actually only ip is permitted.
+* */
 public class AgentRequestVM {
     @NotEmpty
     private String ip;
     @NotEmpty
     private String hostname;
-    private String os;
-    private String platform;
-    private String version;
-    @NotEmpty
-    private String mac;
-    private String osMajorVersion;
-    private String osMinorVersion;
-    private String aliases;
-    private String addresses;
-    @NotEmpty
-    private String agentKey;
-    @Min(1)
-    private int id;
 
 
     public AgentRequestVM() {}
@@ -32,14 +20,6 @@ public AgentRequest getAgentRequest() {
         return AgentRequest.newBuilder()
                 .setIp(this.ip)
                 .setHostname(this.hostname)
-                .setOs(this.os)
-                .setPlatform(this.platform)
-                .setVersion(this.version)
-                .setMac(this.mac)
-                .setOsMajorVersion(this.osMajorVersion)
-                .setOsMinorVersion(this.osMinorVersion)
-                .setAliases(this.aliases)
-                .setAddresses(this.addresses)
                 .build();
     }
 
@@ -58,84 +38,4 @@ public String getHostname() {
     public void setHostname(String hostname) {
         this.hostname = hostname;
     }
-
-    public String getOs() {
-        return os;
-    }
-
-    public void setOs(String os) {
-        this.os = os;
-    }
-
-    public String getPlatform() {
-        return platform;
-    }
-
-    public void setPlatform(String platform) {
-        this.platform = platform;
-    }
-
-    public String getVersion() {
-        return version;
-    }
-
-    public void setVersion(String version) {
-        this.version = version;
-    }
-
-    public String getMac() {
-        return mac;
-    }
-
-    public void setMac(String mac) {
-        this.mac = mac;
-    }
-
-    public String getOsMajorVersion() {
-        return osMajorVersion;
-    }
-
-    public void setOsMajorVersion(String osMajorVersion) {
-        this.osMajorVersion = osMajorVersion;
-    }
-
-    public String getOsMinorVersion() {
-        return osMinorVersion;
-    }
-
-    public void setOsMinorVersion(String osMinorVersion) {
-        this.osMinorVersion = osMinorVersion;
-    }
-
-    public String getAliases() {
-        return aliases;
-    }
-
-    public void setAliases(String aliases) {
-        this.aliases = aliases;
-    }
-
-    public String getAddresses() {
-        return addresses;
-    }
-
-    public void setAddresses(String addresses) {
-        this.addresses = addresses;
-    }
-
-    public String getAgentKey() {
-        return agentKey;
-    }
-
-    public void setAgentKey(String agentKey) {
-        this.agentKey = agentKey;
-    }
-
-    public int getId() {
-        return id;
-    }
-
-    public void setId(int id) {
-        this.id = id;
-    }
 }

correlation/cache/operators.go

@@ -12,16 +12,14 @@ import (
 
 func inCIDR(addr, network string) (bool, error) {
 	_, subnet, err := net.ParseCIDR(network)
-	if err == nil {
-		ip := net.ParseIP(addr)
-		if ip != nil {
-			if subnet.Contains(ip) {
-				return true, nil
-			}
-		}
+	if err != nil {
+		return false, fmt.Errorf("invalid CIDR")
+	}
+	ip := net.ParseIP(addr)
+	if ip == nil {
 		return false, fmt.Errorf("invalid IP address")
 	}
-	return false, err
+	return subnet.Contains(ip), nil
 }
 
 func equal(val1, val2 string) bool {
@@ -54,25 +52,25 @@ func endWith(str, suff string) bool {
 	return strings.HasSuffix(str, suff)
 }
 
-func expresion(exp, str string) (bool, error) {
+func expression(exp, str string) (bool, error) {
 	re, err := regexp.Compile(exp)
-	if err == nil {
-		if re.MatchString(str) {
-			return true, nil
-		}
+	if err != nil {
+		return false, err
 	}
-	return false, err
+	return re.MatchString(str), nil
 }
 
 func parseFloats(val1, val2 string) (float64, float64, error) {
-	f1, err1 := strconv.ParseFloat(val1, 64)
-	if err1 != nil {
-		return 0, 0, err1
+	f1, err := strconv.ParseFloat(val1, 64)
+	if err != nil {
+		return 0, 0, err
 	}
-	f2, err2 := strconv.ParseFloat(val2, 64)
-	if err2 != nil {
-		return 0, 0, err2
+
+	f2, err := strconv.ParseFloat(val2, 64)
+	if err != nil {
+		return 0, 0, err
 	}
+
 	return f1, f2, nil
 }
 
@@ -105,17 +103,17 @@ func compare(operator, val1, val2 string) bool {
 	case "not end with":
 		return !endWith(val1, val2)
 	case "regexp":
-		matched, err := expresion(val2, val1)
+		matched, err := expression(val2, val1)
 		if err != nil {
 			return false
 		}
 		return matched
 	case "not regexp":
-		matched, err := expresion(val2, val1)
+		matched, err := expression(val2, val1)
 		if err != nil {
 			return false
 		}
-		return matched
+		return !matched
 	case "<":
 		f1, f2, err := parseFloats(val1, val2)
 		if err != nil {
@@ -144,24 +142,24 @@ func compare(operator, val1, val2 string) bool {
 		return true
 	case "in cidr":
 		matched, err := inCIDR(val1, val2)
-		if err == nil {
-			return matched
+		if err != nil {
+			return false
 		}
-		return false
+		return matched
 	case "not in cidr":
 		matched, err := inCIDR(val1, val2)
-		if err == nil {
-			return !matched
+		if err != nil {
+			return false
 		}
-		return false
+		return !matched
 	default:
 		return false
 	}
 }
 
 func evalElement(elem, field, operator, value string) bool {
-	if gjson.Get(elem, field).Exists() {
-		return compare(operator, gjson.Get(elem, field).String(), value)
+	if elem := gjson.Get(elem, field); elem.Exists() {
+		return compare(operator, elem.String(), value)
 	} else if operator == "not exist" {
 		return true
 	}

correlation/config.yml.prod

@@ -1,5 +1,4 @@
 rulesFolder: /app/rulesets/
-geoipFolder: /app/geosets/
 elasticsearch: "http://ELASTICSEARCH_HOST:ELASTICSEARCH_PORT"
 postgresql:
   server: POSTGRESQL_HOST

correlation/go.mod

@@ -1,8 +1,6 @@
 module github.com/utmstack/UTMStack/correlation
 
-go 1.22.0
-
-toolchain go1.23.5
+go 1.23
 
 require (
 	github.com/fsnotify/fsnotify v1.8.0
@@ -20,7 +18,7 @@ require (
 
 require (
 	github.com/KyleBanks/depth v1.2.1 // indirect
-	github.com/bytedance/sonic v1.12.8 // indirect
+	github.com/bytedance/sonic v1.12.9 // indirect
 	github.com/bytedance/sonic/loader v0.2.3 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
@@ -32,7 +30,7 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.24.0 // indirect
+	github.com/go-playground/validator/v10 v10.25.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect