security/wazuh-agent: model style and wrap up next version

As a note the default value for "syslog_programs" was scrapped because it was not used. Consider flipping Required=Y and putting it back to whom it may concern.
2026-06-09 00:42:34 -04:00 · 2026-01-19 05:00:45 +01:00 · 2026-01-19 05:00:45 +01:00 · 87a27341ce
commit 87a27341ce
parent 33540053e7
4 changed files with 8 additions and 9 deletions
--- a/security/wazuh-agent/Makefile
+++ b/security/wazuh-agent/Makefile
@ -1,6 +1,5 @@
 PLUGIN_NAME=		wazuh-agent
-PLUGIN_VERSION=		1.2
-PLUGIN_REVISION=	3
+PLUGIN_VERSION=		1.3
 PLUGIN_COMMENT=		Agent for the open source security platform Wazuh
 PLUGIN_DEPENDS=		wazuh-agent
 PLUGIN_MAINTAINER=	ad@opnsense.org
--- a/security/wazuh-agent/pkg-descr
+++ b/security/wazuh-agent/pkg-descr
@ -8,6 +8,11 @@ solution.
 Plugin Changelog
 ================

+1.3
+
+* Fix active response duplicate key causing false aborts (contributed by Michael Bedworth)
+* Add repeated_offenders config and fix template issues (contributed by Michael Bedworth)
+
 1.2

 * Implement options to change server ports (contributed by 999eagle)
--- a/security/wazuh-agent/src/opnsense/mvc/app/models/OPNsense/WazuhAgent/WazuhAgent.xml
+++ b/security/wazuh-agent/src/opnsense/mvc/app/models/OPNsense/WazuhAgent/WazuhAgent.xml
@ -13,7 +13,6 @@
                <IpAllowed>Y</IpAllowed>
            </server_address>
            <agent_name type="HostnameField">
-                <Required>N</Required>
                <IpAllowed>N</IpAllowed>
            </agent_name>
            <protocol type="OptionField">
@ -58,9 +57,7 @@
                <Required>Y</Required>
            </remote_commands>
            <syslog_programs type="JsonKeyValueStoreField">
-                <Required>N</Required>
                <Multiple>Y</Multiple>
-                <Default>filterlog,openvpn,unbound,audit,sshd</Default>
                <ConfigdPopulateAct>syslog list applications</ConfigdPopulateAct>
                <SourceFile>/tmp/syslog_applications.json</SourceFile>
                <ConfigdPopulateTTL>20</ConfigdPopulateTTL>
@ -110,12 +107,10 @@
                        </filters>
                    </alias>
                </Model>
-                <Required>N</Required>
            </fw_alias_ignore>
            <repeated_offenders type="TextField">
-                <Required>N</Required>
                <Mask>/^([0-9]+)(,[0-9]+)*$/</Mask>
-                <ValidationMessage>Enter comma-separated timeout values in minutes (e.g., 30,60,120,240)</ValidationMessage>
+                <ValidationMessage>Enter comma-separated timeout values in minutes (e.g., 30,60,120,240).</ValidationMessage>
            </repeated_offenders>
        </active_response>
    </items>
--- a/security/wazuh-agent/src/opnsense/scripts/wazuh/opnsense-fw
+++ b/security/wazuh-agent/src/opnsense/scripts/wazuh/opnsense-fw
@ -122,7 +122,7 @@ def main(params):
                "command": "check_keys",
                "parameters":{
                   unique_key = "%s-%s" % (event['parameters']['alert']['rule']['id'], srcip)
-		   "keys": [unique_key] 
+		   "keys": [unique_key]
                }
            }))
            sys.stdout.flush()