Merge pull request #9104 from wazuh/enhancement/development-update

Enhancement/development update

Author: javimed

CHANGELOG.md

@@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - **Post-release**: Updated the *Navigating the Wazuh dashboard* section. ([#9105](https://github.com/wazuh/wazuh-documentation/pull/9105))
+- **Post-release**: Updated the *Development* section. ([#9104](https://github.com/wazuh/wazuh-documentation/pull/9104))
 
 ## [v4.14.0]
 

source/_static/js/redirects.js

@@ -77,6 +77,12 @@ newUrls['4.14'] = [
   '/release-notes/release-4-14-0.html',
 ]
 
+/* Pages no longer available in x.y (this is not required if there is a redirection for this url) */
+
+removedUrls['4.14'] = [
+  '/development/selinux-wazuh-context.html'
+];
+
 /* *** RELEASE 4.13 ****/
 
 /* Pages added in 4.13 */

source/development/client-keys.rst

@@ -8,94 +8,98 @@
 Client keys file
 ================
 
-The ``client.keys`` file stores the data used to authenticate secure agents.
-
-Location
---------
-
-UNIX systems
-    Folder ``etc`` inside the installation directory.
-
-Windows agents
-    Installation directory.
+The ``client.keys`` file stores the data used to authenticate and identify Wazuh agents. A record of the ``client.keys`` file is stored on the Wazuh server and the Wazuh agent endpoints.  The location depends on the operating system. The table below lists the default paths for each OS:
+
++---------------------+--------------------------------------------------------+
+| Operating systems   | Location of the ``client.keys`` file                   |
++=====================+========================================================+
+| Windows             | ``C:\Program Files (x86)\ossec-agent\client.keys``     |
++---------------------+--------------------------------------------------------+
+| Linux/Unix          | ``/var/ossec/etc/client.keys``                         |
++---------------------+--------------------------------------------------------+
+| macOS               | ``/Library/Ossec/etc/client.keys``                     |
++---------------------+--------------------------------------------------------+
 
 File format
 -----------
 
-This file contains one line per each agent entry. In the case of agents, only one line is allowed, and this line must match exactly one entry in the ``client.keys`` file at manager, otherwise the agent will be rejected.
+The Wazuh manager ``client.keys`` file contains one entry per agent. The Wazuh agent ``client.keys`` file has one line, which must match an entry on the Wazuh manager. If the lines don't match, the Wazuh manager rejects the Wazuh agent.
+
+The ``client.keys`` file is formatted as described in the table below:
 
 ::
 
     <ID> <Name> <Address> <Password>
 
-**ID**
-
-    Agent identification number.
-
-    +--------------------+---------------+
-    | Allowed characters | Digits only   |
-    +--------------------+---------------+
-    | Allowed size       | 3 to 8 digits |
-    +--------------------+---------------+
-    | Padding            | 0-padded      |
-    +--------------------+---------------+
-    | Unique value       | Yes           |
-    +--------------------+---------------+
-    | Reserved values    | ID "000"      |
-    +--------------------+---------------+
-
-**Name**
-
-    Name of the agent.
+Where:
+
+- **ID** - represents the Wazuh  agent identification number with the following considerations:
+
+   +--------------------+---------------+
+   | Allowed characters | Digits only   |
+   +--------------------+---------------+
+   | Allowed size       | 3 to 8 digits |
+   +--------------------+---------------+
+   | Padding            | 0-padded      |
+   +--------------------+---------------+
+   | Unique value       | Yes           |
+   +--------------------+---------------+
+   | Reserved values    | ID "000"      |
+   +--------------------+---------------+
+
+- **Name**  - represents the name of the agent with the following considerations:
+
+   +--------------------+--------------------------------------------------+
+   | Allowed characters | Alphanumeric characters, ``-``, ``_`` and ``.``  |
+   +--------------------+--------------------------------------------------+
+   | Allowed size       | Up to 128 bytes                                  |
+   +--------------------+--------------------------------------------------+
+   | Unique value       | Yes                                              |
+   +--------------------+--------------------------------------------------+
+
+- **Address** - represents the allowed source IP address range in CIDR format. If the IP address is explicitly provided, the Wazuh manager will only enroll the agent if the provided IP address matches the source IP address.
+
+   +--------------------+----------------------------+
+   | Format             | CIDR. Netmask is optional. |
+   +--------------------+----------------------------+
+   | Unique value       | Yes                        |
+   +--------------------+----------------------------+
+   | Reserved values    | None                       |
+   +--------------------+----------------------------+
+   | Aliases            | ``any`` = ``0.0.0.0/0``    |
+   +--------------------+----------------------------+
+
+- **Password** - represents a base64 encoded string that is used for external message encryption.
+
+   +--------------------+----------------------+
+   | Allowed characters | Printable characters |
+   +--------------------+----------------------+
+   | Allowed size       | Up to 128 bytes      |
+   +--------------------+----------------------+
+   | Unique value       | No                   |
+   +--------------------+----------------------+
 
-    +--------------------+--------------------------------------------------+
-    | Allowed characters | Alphanumeric characters, ``-``, ``_`` and ``.``  |
-    +--------------------+--------------------------------------------------+
-    | Allowed size       | Up to 128 bytes                                  |
-    +--------------------+--------------------------------------------------+
-    | Unique value       | Yes                                              |
-    +--------------------+--------------------------------------------------+
-
-**Address**
-
-    Allowed source address range in CIDR format. If specified, the manager will only accept the agent if its source IP address matches this address.
-
-    +--------------------+----------------------------+
-    | Format             | CIDR. Netmask is optional. |
-    +--------------------+----------------------------+
-    | Unique value       | Yes                        |
-    +--------------------+----------------------------+
-    | Reserved values    | None                       |
-    +--------------------+----------------------------+
-    | Aliases            | ``any`` = ``0.0.0.0/0``    |
-    +--------------------+----------------------------+
-
-**Password**
-
-    String that will take part in the external message encryption.
+Void entries
+------------
 
-    +--------------------+----------------------+
-    | Allowed characters | Printable characters |
-    +--------------------+----------------------+
-    | Allowed size       | Up to 128 bytes      |
-    +--------------------+----------------------+
-    | Unique value       | No                   |
-    +--------------------+----------------------+
+Key entries can be invalidated, causing the associated Wazuh agent to be considered as unenrolled. This can occur in the following cases:
 
-Void entries
-~~~~~~~~~~~~
+- The entire line is deleted.
+- The line begins with ``#`` or whitespace.
+- The agent name starts with ``#`` or ``!``.
 
-Key entries can be invalidated so the related agent is considered removed: the line is discarded.
+.. note::
 
-- Line starting with ``#`` or whitespace.
-- Agent name starting with ``#`` or ``!``.
+   The Wazuh manager needs to be stopped before invalidating a key to ensure proper un-enrolling.
 
 Examples
-~~~~~~~~
+--------
+
+Below is an example of the content of the ``client.keys`` file. The last agent ``004`` meets one of the conditions for a void entry because the agent name ``!data3`` starts with ``!``.
 
 ::
 
     001 server1 any bb8a28997c6c3964eacb3d32308072f6661f567a41105b2b0b09f1a82331b937
     002 dbserver 10.0.1.2 363a99a6e9c9a8b6bb766d676453538e0cb20162f84b36472d99cfbef4928440
     003 data2 10.1.2.0/24 3d263f5cc513072fe6b63ab221d1facf132918235c97f19efd9446257d16ea4a
-    004 !data3 any ed52060a133343dbc74474c19aaad8fb7dddd9a4b5965ebbe9edb2a73fd11a17
+    004 !data3 any ed52060a133343dbc74474c19aaad8fb7dddd9a4b5965ebbe9edb2a7

source/development/coredump.rst

@@ -6,82 +6,88 @@
 Configuring core dump generation
 ================================
 
-A *core dump* or *crash dump* is a snapshot of a process's memory taken when a serious or unhandled error occurs. The operating system on a monitored endpoint can automatically generate core dumps. These dumps are valuable for diagnosing hanging processes. Alongside environment information, such as the operating system version, they can offer insights into the cause of a crash.
+A core dump or crash dump is a snapshot of the memory of a process taken when a program terminates abnormally, such as due to a crash or unhandled error. The operating system on a monitored endpoint can automatically generate core dumps. These dumps are valuable for diagnosing frozen processes. Alongside environment information, such as the operating system version, they offer insights into the cause of a crash.
 
 Red Hat based OSs
 -----------------
 
-#. Edit the Systemd ``/etc/systemd/system.conf`` file. Add the following lines.
+Follow the steps below to enable core dump on RedHat based systems:
+
+#. Edit the ``/etc/systemd/system.conf`` file and add the following lines.
 
    .. code-block:: console
 
       DumpCore=yes
       DefaultLimitCORE=infinity
 
-#. Edit the Systemd ``/etc/sysctl.d/core.conf`` file. Add the following lines.
+#. Edit the ``/etc/sysctl.d/core.conf`` file and add the following lines:
 
    .. code-block:: console
 
       kernel.core_pattern = /var/lib/coredumps/core-%e-pid%p-time%t
       kernel.core_uses_pid = 1
       fs.suid_dumpable = 2
 
-#. Create directory ``/var/lib/coredumps`` and grant it permissions ``773``.
+#. Create the ``/var/lib/coredumps`` directory and grant it permissions ``773``:
+
+   .. code-block:: console
+
+      # mkdir /var/lib/coredumps
+      # chmod 700 /var/lib/coredumps
 
-#. Reboot the system
+#. Reboot the system.
 
-#. After system reboot set the core ``ulimit`` to ``unlimited`` in your terminal.
+#. After system reboot, set the core ``ulimit`` to ``unlimited`` in your terminal:
 
    .. code-block:: console
 
       # ulimit -c unlimited
       # sysctl -p
 
-#. Restart wazuh agent:
+#. Restart the Wazuh agent:
 
    .. code-block:: console
 
-      # ./var/ossec/bin/wazuh-control restart
+      # /var/ossec/bin/wazuh-control restart
       
 
 Debian based OSs
 ----------------
 
 In Linux version 2.41 and later, a template defines the location and name of the generated `core dump files <https://man7.org/linux/man-pages/man5/core.5.html>`__. Earlier versions generate the core dump files next to the location of the file that caused the error.
 
-Using `systemd`
-^^^^^^^^^^^^^^^
+Using systemd
+^^^^^^^^^^^^^
 
-Systemd allows centralized management and configuration of core dumps across your system. To set up core dump generation with systemd, use the built-in features as follows.
+Systemd allows centralized management and configuration of core dumps across your system. To set up core dump generation with systemd, use the built-in features as follows:
 
-#. Check that the Systemd core dump unit socket is active.
+#. Install the Systemd core dump package:
 
    .. code-block:: console
 
-      # systemctl status systemd-coredump*
+      # apt install systemd-coredump
 
-   .. code-block:: none
-      :class: output
-      :emphasize-lines: 3
+#. Check that the Systemd core dump unit socket is active:
 
-      ● systemd-coredump.socket - Process Core Dump Socket
-           Loaded: loaded (/lib/systemd/system/systemd-coredump.socket; static)
-           Active: active (listening) ...
+   .. code-block:: console
 
-#. Edit the Systemd ``/etc/systemd/coredump.conf`` file.
+      # systemctl status systemd-coredump.socket
 
-   .. code-block:: console
+   .. code-block:: none
+      :class: output
 
-      # systemctl edit systemd-coredump
+      systemd-coredump.socket - Process Core Dump Socket
+           Loaded: loaded (/lib/systemd/system/systemd-coredump.socket; static)
+          Active: active (listening)...
 
-#. Add the following lines in the editor that opens to enable core dump collection and set external core dump storage. To disable core dump generation you must set ``Storage=none``.
+#. Edit the ``/etc/systemd/coredump.conf`` file, and add the following lines to enable core dump collection and set external core dump storage. To disable core dump generation you must set ``Storage=none``.
 
    .. code-block:: console
 
       [Coredump]
       Storage=external
 
-#. **Recommended** – Set a size limit for core dump files. For example, 2 GB.
+#. **Recommended** – Add this configuration to the ``/etc/systemd/coredump.conf`` file to set a size limit for core dump files. For example, 2 GB.
 
    .. code-block:: console
 
@@ -91,13 +97,13 @@ Systemd allows centralized management and configuration of core dumps across you
 
    .. code-block:: console
 
-      # systemctl restart systemd-coredump
+      # systemctl restart systemd-coredump.socket
 
-#. Check the status of the systemd-coredump service to ensure it is running without errors.
+#. Check the status of the systemd-coredump service to ensure it is running without errors:
 
    .. code-block:: console
 
-      # systemctl status systemd-coredump
+      # systemctl status systemd-coredump.socket
 
 #. To check the generated core dump files, take a look at the default ``/var/lib/systemd/coredump/`` directory. To find out the filename pattern for these files, run the following command.
 
@@ -108,7 +114,7 @@ Systemd allows centralized management and configuration of core dumps across you
    .. code-block:: none
       :class: output
 
-      │|/lib/systemd/systemd-coredump %P %u %g %s %t
+      |/lib/systemd/systemd-coredump %P %u %g %s %t 9223372036854775808 %h %d
 
 Manual configuration
 ^^^^^^^^^^^^^^^^^^^^
@@ -121,7 +127,7 @@ Setting up core dump generation without using systemd involves configuring the o
 
       # ulimit -c unlimited
 
-#. Set the core dump file location and pattern. For example, to set the  the ``/var/core/`` directory and the filename pattern ``core.%e.%p``, where ``%e`` represents the executable name and ``%p`` represents the process ID, run the following command.
+#. Set the core dump file location and pattern. For example, to set the ``/var/core/`` directory and the filename pattern ``core.%e.%p``, where ``%e`` represents the executable name and ``%p`` represents the process ID, run the following command.
 
    .. code-block:: console
 
@@ -133,20 +139,20 @@ Setting up core dump generation without using systemd involves configuring the o
 
       Consider restarting relevant processes to ensure that the changes take effect.
 
-#. **Recommended** – To preserve these changes across reboots, add the ``ulimit`` and ``echo`` commands above to a startup or system initialization script such as ``/etc/rc.local``.
+#. We recommend preserving these changes across reboots. Add the ``ulimit`` and ``echo`` commands above to a startup or system initialization script such as ``/etc/rc.local``.
 
 macOS endpoints
 ---------------
 
-On macOS, most applications have core dump generation disabled by default. However, you can enable it using the ``ulimit`` command. To enable core dump generation on macOS follow these steps.
+On macOS, most applications have core dump generation disabled by default. However, you can enable it using the ``ulimit`` command. To enable core dump generation on macOS follow these steps:
 
 #. Set the core dump size limit to ``unlimited`` to enable core dump generation with complete debugging information. To disable it, set it to zero by running ``ulimit -c 0``. To check the current core dump size limit, run ``ulimit -c``.
 
    .. code-block:: console
 
       # ulimit -c unlimited
 
-#. Set the core dump generation path and filename pattern. For example, to set the ``/cores/`` directory and the filename pattern ``core.%P``, where ``%P`` is the process ID, run the following command.
+#. Set the core dump generation path and filename pattern. For example, to set the ``/cores/`` directory and the filename pattern ``core.%P``. Where ``%P`` is the process ID, run the following command.
 
    .. code-block:: console
 
@@ -162,7 +168,7 @@ To collect user-mode crash dumps on Windows, you can use the Windows Error Repor
 Accessing the Windows Registry
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-#. Press **Windows + R** keys on your keyboard to open the **Run** dialog box.
+#. Press **Windows** + **R** keys on your keyboard to open the Run dialog box.
 
 #. Type ``regedit`` in the search box and click **OK** to open the Registry editor.
 
@@ -177,15 +183,15 @@ Configuring Windows Error Reporting
 
       HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
 
-#. Right-click on the ``LocalDumps`` key and choose **New** > **Key**. Name the new key ``wazuh-agent.exe``.
+#. Right-click on the ``LocalDumps`` key and choose **New > Key**. Name the new key ``wazuh-agent.exe``.
 
-#. Right-click inside the ``wazuh-agent.exe`` key and choose **New** > **Expandable String Value**. Name the new value ``DumpFolder``.
+#. Right-click inside the ``wazuh-agent.exe`` key and choose **New > Expandable String Value**. Name the new value ``DumpFolder``.
 
 #. Right-click the ``DumpFolder`` value and select **Modify**. Change it to ``%LOCALAPPDATA%\WazuhCrashDumps``.
 
-#. Right-click inside the ``wazuh-agent.exe`` key again and choose **New** > **DWORD (32-bit) Value**. Name the new value ``DumpType``.
+#. Right-click inside the ``wazuh-agent.exe`` key again and choose **New > DWORD (32-bit) Value**. Name the new value as ``DumpType``.
 
-#. Right-click the ``DumpType`` value and select **Modify**. Change it to  ``2``.
+#. Right-click the ``DumpType`` value and select **Modify**. Change it to ``2``.
 
 #. Close the regedit tool and restart the Wazuh agent using PowerShell with administrator privileges.