indexer-security-init.sh - DNS/Domain Detection vs IP (isDNS vs isIP) #3068
Description
|Wazuh version|Install type|Action performed|Platform|
|4.8.1|Indexer|Install|Rocky 8|
During installation of Wazuh manually (didn't not verify helper or ansible) I ran into an issue where the indexer-security-init.sh script was not detecting our DNS name as an isDNS. We use a couple of levels of sub domains to separate out our sites and zones. I found that the regex used in the script (line 68 I believe) does not detect my hostnames. I rewrote a new regex to handle my hosts.
^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$
or
^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z0-9]{2,})+$
or the full line 68 in the indexer-security-init.sh script:
isDNS=$(echo "${HOST}" | grep -P "^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$") isDNS=$(echo "${HOST}" | grep -P "^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z0-9]{2,})+$")the old line is:
isDNS=$(echo "${2}" | grep -P "^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+$")I tested a bunch of different domain names and the only issue I can see is if the name is not in a FQDN format, it will not match the regex. i.e onwordname, node-01 or namewith-num01 will not match the expression. But it didn't seem like that worked with the other regex either.
I am not sure which regex is better. I modified the one in the current script and added a 0-9 but only after coming up with my own. I imagine it needs more testing to make sure it doesn't get tripped up on something.