From 198eae8e1e61529c4ae320aed85081909e088baa Mon Sep 17 00:00:00 2001 From: Yadian Llada Lopez Date: Tue, 17 Jun 2025 16:08:57 -0400 Subject: [PATCH 1/9] Update agent-manager to use http.Server with TLS 1.3 configuration --- agent-manager/updates/updates.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/agent-manager/updates/updates.go b/agent-manager/updates/updates.go index 4431ddb9c..1b22a3e73 100644 --- a/agent-manager/updates/updates.go +++ b/agent-manager/updates/updates.go @@ -1,6 +1,7 @@ package updates import ( + "crypto/tls" "net/http" "github.com/gin-contrib/gzip" @@ -30,11 +31,28 @@ func ServeDependencies() { group := r.Group("/private", auth.HTTPAuthInterceptor()) group.StaticFS("/dependencies", http.Dir("/dependencies")) + cert, err := tls.LoadX509KeyPair("/cert/utm.crt", "/cert/utm.key") + if err != nil { + util.Logger.ErrorF("failed to load certificates: %v", err) + } + + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS13, + Certificates: []tls.Certificate{cert}, + } + + server := &http.Server{ + Addr: ":8080", + Handler: r, + TLSConfig: tlsConfig, + } + util.Logger.Info("Starting HTTP server on port 8080") - if err := r.RunTLS(":8080", "/cert/utm.crt", "/cert/utm.key"); err != nil { + err = server.ListenAndServeTLS("", "") + if err != nil { util.Logger.ErrorF("error starting HTTP server: %v", err) - return } + } func notFound(c *gin.Context) { From 3b07f30e654be7e0e0636a577735690b11b56e2f Mon Sep 17 00:00:00 2001 From: JocLRojas Date: Tue, 17 Jun 2025 16:25:50 -0400 Subject: [PATCH 2/9] Update the Bitdefender plugin to enforce the minimum required TLS version 1.3 --- bitdefender/server/server.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bitdefender/server/server.go b/bitdefender/server/server.go index 81ee9a4bc..3e834b85c 100644 --- a/bitdefender/server/server.go +++ b/bitdefender/server/server.go @@ -1,6 +1,7 @@ package server import ( + "crypto/tls" "encoding/json" "net/http" "path/filepath" @@ -80,12 +81,17 @@ func ServerUp(cnf *types.ConfigurationSection, certsPath string) { _, _ = w.Write([]byte("Server is up and running")) }).Methods("GET") + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS13, + } + server := &http.Server{ Addr: ":" + constants.GetConnectorPort(), Handler: r, ReadTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second, MaxHeaderBytes: 1 << 20, + TLSConfig: tlsConfig, } go func() { From 952bce95f257c53239c8fe0e3fabb259b4a8d035 Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Mon, 23 Jun 2025 08:41:39 -0400 Subject: [PATCH 3/9] update nginx tls config to v1.3 --- installer/templates/proxy.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installer/templates/proxy.go b/installer/templates/proxy.go index 07dfb4bb0..56388bdf6 100644 --- a/installer/templates/proxy.go +++ b/installer/templates/proxy.go @@ -32,7 +32,7 @@ server { ssl_certificate /utmstack/cert/utm.crt; ssl_certificate_key /utmstack/cert/utm.key; - ssl_protocols TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.3; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; @@ -86,7 +86,7 @@ server { ssl_certificate /utmstack/cert/utm.crt; ssl_certificate_key /utmstack/cert/utm.key; - ssl_protocols TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.3; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; From a0ece008cf4af3b7228ecc1a57bb01ea351594bc Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Mon, 23 Jun 2025 08:46:52 -0400 Subject: [PATCH 4/9] update changelog --- CHANGELOG.md | 4 ++-- version.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f5b6e5e7e..fd0521e64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,3 @@ -# UTMStack 10.8.3 Release Notes +# UTMStack 10.8.4 Release Notes -- Fixed a potential delay in log input in O365, AWS, and Sophos Central integrations. \ No newline at end of file +- Updated various internal components, including the update server, to enforce TLS 1.3 for improved security and compliance. \ No newline at end of file diff --git a/version.yml b/version.yml index 3b56e74f3..71d121f8c 100644 --- a/version.yml +++ b/version.yml @@ -1 +1 @@ -version: 10.8.3 \ No newline at end of file +version: 10.8.4 \ No newline at end of file From 58077c2b40e24a1ea2c3efb11efc00b9f516226e Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Mon, 23 Jun 2025 08:52:01 -0400 Subject: [PATCH 5/9] trigger action --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd0521e64..617bbb6f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,3 @@ # UTMStack 10.8.4 Release Notes -- Updated various internal components, including the update server, to enforce TLS 1.3 for improved security and compliance. \ No newline at end of file +- Enhanced security and compliance by upgrading several internal components—most notably the update server—to exclusively support TLS 1.3. \ No newline at end of file From f5751519880859ace709d5ee2785dd65078d6644 Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Mon, 23 Jun 2025 11:21:56 -0400 Subject: [PATCH 6/9] Allow agent dependencies download using powershell with tls v1.3 --- .../auth/dependencies_interceptor.go | 45 ------------------- agent-manager/updates/updates.go | 3 +- .../guides/guide-as400/constants.ts | 6 +-- .../guide-winlogbeat.component.ts | 5 +-- 4 files changed, 6 insertions(+), 53 deletions(-) delete mode 100644 agent-manager/auth/dependencies_interceptor.go diff --git a/agent-manager/auth/dependencies_interceptor.go b/agent-manager/auth/dependencies_interceptor.go deleted file mode 100644 index b1bc2980c..000000000 --- a/agent-manager/auth/dependencies_interceptor.go +++ /dev/null @@ -1,45 +0,0 @@ -package auth - -import ( - "net/http" - "strconv" - - "github.com/gin-gonic/gin" - "google.golang.org/grpc/metadata" -) - -func HTTPAuthInterceptor() gin.HandlerFunc { - return func(c *gin.Context) { - connectionKey := c.GetHeader("connection-key") - id := c.GetHeader("id") - key := c.GetHeader("key") - requestURL := c.Request.URL.Path - - if connectionKey == "" && id == "" && key == "" { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "authentication is not provided"}) - return - } else if connectionKey != "" { - if err := authenticateRequest(metadata.New(map[string]string{"connection-key": connectionKey}), "connection-key"); err != nil { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid connection key"}) - return - } - } else if id != "" && key != "" { - idInt, err := strconv.ParseUint(id, 10, 32) - if err != nil { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "id is not valid"}) - return - } - - if err := checkKeyAuth(key, idInt, requestURL); err != nil { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid key"}) - return - } - - } else { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "invalid auth type"}) - return - } - - c.Next() - } -} diff --git a/agent-manager/updates/updates.go b/agent-manager/updates/updates.go index 1b22a3e73..b41e95839 100644 --- a/agent-manager/updates/updates.go +++ b/agent-manager/updates/updates.go @@ -6,7 +6,6 @@ import ( "github.com/gin-contrib/gzip" "github.com/gin-gonic/gin" - "github.com/utmstack/UTMStack/agent-manager/auth" "github.com/utmstack/UTMStack/agent-manager/util" ) @@ -28,7 +27,7 @@ func ServeDependencies() { r.NoRoute(notFound) - group := r.Group("/private", auth.HTTPAuthInterceptor()) + group := r.Group("/private") group.StaticFS("/dependencies", http.Dir("/dependencies")) cert, err := tls.LoadX509KeyPair("/cert/utm.crt", "/cert/utm.key") diff --git a/frontend/src/app/app-module/guides/guide-as400/constants.ts b/frontend/src/app/app-module/guides/guide-as400/constants.ts index 37f0201ed..7709c7f33 100644 --- a/frontend/src/app/app-module/guides/guide-as400/constants.ts +++ b/frontend/src/app/app-module/guides/guide-as400/constants.ts @@ -6,7 +6,7 @@ export const PLATFORM = [ install: `New-Item -ItemType Directory -Force -Path "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + `cd "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + `Invoke-WebRequest -Uri "https://V_IP:9001/private/dependencies/collector/windows-as400-collector.zip" ` + - `-OutFile ".\\windows-as400-collector.zip"; Expand-Archive -Path ".\\windows-as400-collector.zip" ` + + `-OutFile ".\\windows-as400-collector.zip" -SkipCertificateCheck; Expand-Archive -Path ".\\windows-as400-collector.zip" ` + `-DestinationPath "."; Remove-Item ".\\windows-as400-collector.zip"; Start-Process ".\\utmstack_collectors_installer.exe" ` + `-ArgumentList 'install', 'as400', 'V_IP', 'V_TOKEN' -NoNewWindow -Wait`, @@ -29,11 +29,11 @@ export const PLATFORM = [ name: 'LINUX UBUNTU', install: `sudo bash -c "apt update -y && apt install wget unzip -y && mkdir -p ` + `/opt/utmstack-linux-collectors/as400 && cd /opt/utmstack-linux-collectors/as400 && ` + - `wget --no-check-certificate --header='connection-key: V_TOKEN' ` + + `wget --no-check-certificate ` + `https://V_IP:9001/private/dependencies/collector/linux-as400-collector.zip ` + `&& unzip linux-as400-collector.zip && rm linux-as400-collector.zip && chmod -R 777 ` + `utmstack_collectors_installer && ./utmstack_collectors_installer install as400 ` + - `V_IP V_TOKEN"`, + `V_IP V_TOKEN"`, uninstall: `sudo bash -c " cd /opt/utmstack-linux-collectors/as400 && ./utmstack_collectors_installer ` + diff --git a/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts b/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts index a7d2e7b4d..2fe5dc09c 100644 --- a/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts +++ b/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts @@ -56,9 +56,8 @@ export class GuideWinlogbeatComponent implements OnInit { const ip = window.location.host.includes(':') ? window.location.host.split(':')[0] : window.location.host; return `New-Item -ItemType Directory -Force -Path "C:\\Program Files\\UTMStack\\UTMStack Agent"; ` + - `& curl.exe -k -H "connection-key: ${this.token}" ` + - `-o "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + - `"https://${ip}:9001/private/dependencies/agent/${arch}"; ` + + `Invoke-WebRequest -Uri "https://${ip}:9001/private/dependencies/agent/${arch}" ` + + `-OutFile "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" -SkipCertificateCheck; ` + `Start-Process "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + `-ArgumentList 'install', '${ip}', '${this.token}', 'yes' -NoNewWindow -Wait`; } From 60c5d5adc0be8377c9ebc2e1d01b1e042c5d58a7 Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Tue, 24 Jun 2025 07:43:23 -0400 Subject: [PATCH 7/9] allow only secure ciphersuites in tls 1.2 for agent dependencies --- agent-manager/auth/dependencies.go | 45 +++++++++++++++++++ agent-manager/updates/updates.go | 12 ++++- .../guides/guide-as400/constants.ts | 9 ++-- .../guide-winlogbeat.component.ts | 5 ++- 4 files changed, 63 insertions(+), 8 deletions(-) create mode 100644 agent-manager/auth/dependencies.go diff --git a/agent-manager/auth/dependencies.go b/agent-manager/auth/dependencies.go new file mode 100644 index 000000000..b1bc2980c --- /dev/null +++ b/agent-manager/auth/dependencies.go @@ -0,0 +1,45 @@ +package auth + +import ( + "net/http" + "strconv" + + "github.com/gin-gonic/gin" + "google.golang.org/grpc/metadata" +) + +func HTTPAuthInterceptor() gin.HandlerFunc { + return func(c *gin.Context) { + connectionKey := c.GetHeader("connection-key") + id := c.GetHeader("id") + key := c.GetHeader("key") + requestURL := c.Request.URL.Path + + if connectionKey == "" && id == "" && key == "" { + c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "authentication is not provided"}) + return + } else if connectionKey != "" { + if err := authenticateRequest(metadata.New(map[string]string{"connection-key": connectionKey}), "connection-key"); err != nil { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid connection key"}) + return + } + } else if id != "" && key != "" { + idInt, err := strconv.ParseUint(id, 10, 32) + if err != nil { + c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "id is not valid"}) + return + } + + if err := checkKeyAuth(key, idInt, requestURL); err != nil { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid key"}) + return + } + + } else { + c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "invalid auth type"}) + return + } + + c.Next() + } +} diff --git a/agent-manager/updates/updates.go b/agent-manager/updates/updates.go index b41e95839..068fb72b9 100644 --- a/agent-manager/updates/updates.go +++ b/agent-manager/updates/updates.go @@ -6,6 +6,7 @@ import ( "github.com/gin-contrib/gzip" "github.com/gin-gonic/gin" + "github.com/utmstack/UTMStack/agent-manager/auth" "github.com/utmstack/UTMStack/agent-manager/util" ) @@ -27,7 +28,7 @@ func ServeDependencies() { r.NoRoute(notFound) - group := r.Group("/private") + group := r.Group("/private", auth.HTTPAuthInterceptor()) group.StaticFS("/dependencies", http.Dir("/dependencies")) cert, err := tls.LoadX509KeyPair("/cert/utm.crt", "/cert/utm.key") @@ -36,8 +37,15 @@ func ServeDependencies() { } tlsConfig := &tls.Config{ - MinVersion: tls.VersionTLS13, + MinVersion: tls.VersionTLS12, Certificates: []tls.Certificate{cert}, + CipherSuites: []uint16{ + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + }, + + PreferServerCipherSuites: true, } server := &http.Server{ diff --git a/frontend/src/app/app-module/guides/guide-as400/constants.ts b/frontend/src/app/app-module/guides/guide-as400/constants.ts index 7709c7f33..3e498a5b0 100644 --- a/frontend/src/app/app-module/guides/guide-as400/constants.ts +++ b/frontend/src/app/app-module/guides/guide-as400/constants.ts @@ -5,9 +5,10 @@ export const PLATFORM = [ name: 'WINDOWS', install: `New-Item -ItemType Directory -Force -Path "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + `cd "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + - `Invoke-WebRequest -Uri "https://V_IP:9001/private/dependencies/collector/windows-as400-collector.zip" ` + - `-OutFile ".\\windows-as400-collector.zip" -SkipCertificateCheck; Expand-Archive -Path ".\\windows-as400-collector.zip" ` + - `-DestinationPath "."; Remove-Item ".\\windows-as400-collector.zip"; Start-Process ".\\utmstack_collectors_installer.exe" ` + + `& curl.exe -k -H "connection-key: V_TOKEN" -o ".\\windows-as400-collector.zip" ` + + `"https://V_IP:9001/private/dependencies/collector/windows-as400-collector.zip"; ` + + `Expand-Archive -Path ".\\windows-as400-collector.zip" -DestinationPath "."; ` + + `Remove-Item ".\\windows-as400-collector.zip"; Start-Process ".\\utmstack_collectors_installer.exe" ` + `-ArgumentList 'install', 'as400', 'V_IP', 'V_TOKEN' -NoNewWindow -Wait`, uninstall: `cd "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + @@ -29,7 +30,7 @@ export const PLATFORM = [ name: 'LINUX UBUNTU', install: `sudo bash -c "apt update -y && apt install wget unzip -y && mkdir -p ` + `/opt/utmstack-linux-collectors/as400 && cd /opt/utmstack-linux-collectors/as400 && ` + - `wget --no-check-certificate ` + + `wget --no-check-certificate --header="connection-key: V_TOKEN"` + `https://V_IP:9001/private/dependencies/collector/linux-as400-collector.zip ` + `&& unzip linux-as400-collector.zip && rm linux-as400-collector.zip && chmod -R 777 ` + `utmstack_collectors_installer && ./utmstack_collectors_installer install as400 ` + diff --git a/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts b/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts index 2fe5dc09c..a7d2e7b4d 100644 --- a/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts +++ b/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts @@ -56,8 +56,9 @@ export class GuideWinlogbeatComponent implements OnInit { const ip = window.location.host.includes(':') ? window.location.host.split(':')[0] : window.location.host; return `New-Item -ItemType Directory -Force -Path "C:\\Program Files\\UTMStack\\UTMStack Agent"; ` + - `Invoke-WebRequest -Uri "https://${ip}:9001/private/dependencies/agent/${arch}" ` + - `-OutFile "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" -SkipCertificateCheck; ` + + `& curl.exe -k -H "connection-key: ${this.token}" ` + + `-o "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + + `"https://${ip}:9001/private/dependencies/agent/${arch}"; ` + `Start-Process "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + `-ArgumentList 'install', '${ip}', '${this.token}', 'yes' -NoNewWindow -Wait`; } From 5f90dd9a7b3824ae5c8755ce42ab0b3475700145 Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Tue, 24 Jun 2025 07:51:40 -0400 Subject: [PATCH 8/9] remove auth in dependencies endpoint --- agent-manager/auth/dependencies.go | 45 ------------------------------ agent-manager/updates/updates.go | 3 +- 2 files changed, 1 insertion(+), 47 deletions(-) delete mode 100644 agent-manager/auth/dependencies.go diff --git a/agent-manager/auth/dependencies.go b/agent-manager/auth/dependencies.go deleted file mode 100644 index b1bc2980c..000000000 --- a/agent-manager/auth/dependencies.go +++ /dev/null @@ -1,45 +0,0 @@ -package auth - -import ( - "net/http" - "strconv" - - "github.com/gin-gonic/gin" - "google.golang.org/grpc/metadata" -) - -func HTTPAuthInterceptor() gin.HandlerFunc { - return func(c *gin.Context) { - connectionKey := c.GetHeader("connection-key") - id := c.GetHeader("id") - key := c.GetHeader("key") - requestURL := c.Request.URL.Path - - if connectionKey == "" && id == "" && key == "" { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "authentication is not provided"}) - return - } else if connectionKey != "" { - if err := authenticateRequest(metadata.New(map[string]string{"connection-key": connectionKey}), "connection-key"); err != nil { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid connection key"}) - return - } - } else if id != "" && key != "" { - idInt, err := strconv.ParseUint(id, 10, 32) - if err != nil { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "id is not valid"}) - return - } - - if err := checkKeyAuth(key, idInt, requestURL); err != nil { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid key"}) - return - } - - } else { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "invalid auth type"}) - return - } - - c.Next() - } -} diff --git a/agent-manager/updates/updates.go b/agent-manager/updates/updates.go index 068fb72b9..03525e72c 100644 --- a/agent-manager/updates/updates.go +++ b/agent-manager/updates/updates.go @@ -6,7 +6,6 @@ import ( "github.com/gin-contrib/gzip" "github.com/gin-gonic/gin" - "github.com/utmstack/UTMStack/agent-manager/auth" "github.com/utmstack/UTMStack/agent-manager/util" ) @@ -28,7 +27,7 @@ func ServeDependencies() { r.NoRoute(notFound) - group := r.Group("/private", auth.HTTPAuthInterceptor()) + group := r.Group("/private") group.StaticFS("/dependencies", http.Dir("/dependencies")) cert, err := tls.LoadX509KeyPair("/cert/utm.crt", "/cert/utm.key") From 34e175c537b1ded763fad91f7df40913ef79b887 Mon Sep 17 00:00:00 2001 From: Yorjander Hernandez Vergara Date: Tue, 24 Jun 2025 13:04:33 -0400 Subject: [PATCH 9/9] remove authentication when downloading dependencies from agent --- agent/serv/clean-old.go | 8 +------- agent/updates/dependencies.go | 6 ++---- agent/updates/update.go | 10 ++-------- .../src/app/app-module/guides/guide-as400/constants.ts | 4 ++-- .../guide-linux-agent/guide-linux-agent.component.ts | 6 +++--- .../guide-winlogbeat/guide-winlogbeat.component.ts | 3 +-- 6 files changed, 11 insertions(+), 26 deletions(-) diff --git a/agent/serv/clean-old.go b/agent/serv/clean-old.go index 0814da03f..6369a9ebd 100644 --- a/agent/serv/clean-old.go +++ b/agent/serv/clean-old.go @@ -51,14 +51,8 @@ func CleanOldServices(cnf *config.Config) { if oldVersion { utils.Logger.Info("old version of agent found, downloading new version") - headers := map[string]string{ - "key": cnf.AgentKey, - "id": fmt.Sprintf("%v", cnf.AgentID), - "type": "agent", - } - if runtime.GOOS != "darwin" { - if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, cnf.Server, config.DependenciesPort, fmt.Sprintf(config.UpdaterSelf, "")), headers, fmt.Sprintf(config.UpdaterSelf, "_new"), utils.GetMyPath(), cnf.SkipCertValidation); err != nil { + if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, cnf.Server, config.DependenciesPort, fmt.Sprintf(config.UpdaterSelf, "")), map[string]string{}, fmt.Sprintf(config.UpdaterSelf, "_new"), utils.GetMyPath(), cnf.SkipCertValidation); err != nil { utils.Logger.LogF(100, "error downloading updater: %v", err) return } diff --git a/agent/updates/dependencies.go b/agent/updates/dependencies.go index 56e59707e..5779c4838 100644 --- a/agent/updates/dependencies.go +++ b/agent/updates/dependencies.go @@ -12,15 +12,13 @@ import ( ) func DownloadFirstDependencies(address string, authKey string, insecure bool) error { - headers := map[string]string{"connection-key": authKey} - - if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, address, config.DependenciesPort, "version.json"), headers, "version.json", utils.GetMyPath(), insecure); err != nil { + if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, address, config.DependenciesPort, "version.json"), map[string]string{}, "version.json", utils.GetMyPath(), insecure); err != nil { return fmt.Errorf("error downloading version.json : %v", err) } dependFiles := config.DependFiles for _, file := range dependFiles { - if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, address, config.DependenciesPort, file), headers, file, utils.GetMyPath(), insecure); err != nil { + if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, address, config.DependenciesPort, file), map[string]string{}, file, utils.GetMyPath(), insecure); err != nil { return fmt.Errorf("error downloading file %s: %v", file, err) } } diff --git a/agent/updates/update.go b/agent/updates/update.go index e35b09add..a732f5640 100644 --- a/agent/updates/update.go +++ b/agent/updates/update.go @@ -29,13 +29,7 @@ func UpdateDependencies(cnf *config.Config) { for { time.Sleep(checkEvery) - headers := map[string]string{ - "key": cnf.AgentKey, - "id": fmt.Sprintf("%v", cnf.AgentID), - "type": "agent", - } - - if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, cnf.Server, config.DependenciesPort, "version.json"), headers, "version_new.json", utils.GetMyPath(), cnf.SkipCertValidation); err != nil { + if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, cnf.Server, config.DependenciesPort, "version.json"), map[string]string{}, "version_new.json", utils.GetMyPath(), cnf.SkipCertValidation); err != nil { utils.Logger.ErrorF("error downloading version.json: %v", err) continue } @@ -48,7 +42,7 @@ func UpdateDependencies(cnf *config.Config) { if newVersion.Version != currentVersion.Version { utils.Logger.Info("New version of agent found: %s", newVersion.Version) - if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, cnf.Server, config.DependenciesPort, fmt.Sprintf(config.ServiceFile, "")), headers, fmt.Sprintf(config.ServiceFile, "_new"), utils.GetMyPath(), cnf.SkipCertValidation); err != nil { + if err := utils.DownloadFile(fmt.Sprintf(config.DependUrl, cnf.Server, config.DependenciesPort, fmt.Sprintf(config.ServiceFile, "")), map[string]string{}, fmt.Sprintf(config.ServiceFile, "_new"), utils.GetMyPath(), cnf.SkipCertValidation); err != nil { utils.Logger.ErrorF("error downloading agent: %v", err) continue } diff --git a/frontend/src/app/app-module/guides/guide-as400/constants.ts b/frontend/src/app/app-module/guides/guide-as400/constants.ts index 3e498a5b0..72e9d0ca6 100644 --- a/frontend/src/app/app-module/guides/guide-as400/constants.ts +++ b/frontend/src/app/app-module/guides/guide-as400/constants.ts @@ -5,7 +5,7 @@ export const PLATFORM = [ name: 'WINDOWS', install: `New-Item -ItemType Directory -Force -Path "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + `cd "C:\\Program Files\\UTMStack\\UTMStack Collectors\\AS400"; ` + - `& curl.exe -k -H "connection-key: V_TOKEN" -o ".\\windows-as400-collector.zip" ` + + `& curl.exe -k -o ".\\windows-as400-collector.zip" ` + `"https://V_IP:9001/private/dependencies/collector/windows-as400-collector.zip"; ` + `Expand-Archive -Path ".\\windows-as400-collector.zip" -DestinationPath "."; ` + `Remove-Item ".\\windows-as400-collector.zip"; Start-Process ".\\utmstack_collectors_installer.exe" ` + @@ -30,7 +30,7 @@ export const PLATFORM = [ name: 'LINUX UBUNTU', install: `sudo bash -c "apt update -y && apt install wget unzip -y && mkdir -p ` + `/opt/utmstack-linux-collectors/as400 && cd /opt/utmstack-linux-collectors/as400 && ` + - `wget --no-check-certificate --header="connection-key: V_TOKEN"` + + `wget --no-check-certificate ` + `https://V_IP:9001/private/dependencies/collector/linux-as400-collector.zip ` + `&& unzip linux-as400-collector.zip && rm linux-as400-collector.zip && chmod -R 777 ` + `utmstack_collectors_installer && ./utmstack_collectors_installer install as400 ` + diff --git a/frontend/src/app/app-module/guides/guide-linux-agent/guide-linux-agent.component.ts b/frontend/src/app/app-module/guides/guide-linux-agent/guide-linux-agent.component.ts index e6854c368..1a25c1f73 100644 --- a/frontend/src/app/app-module/guides/guide-linux-agent/guide-linux-agent.component.ts +++ b/frontend/src/app/app-module/guides/guide-linux-agent/guide-linux-agent.component.ts @@ -37,7 +37,7 @@ export class GuideLinuxAgentComponent implements OnInit { const ip = window.location.host.includes(':') ? window.location.host.split(':')[0] : window.location.host; return `sudo bash -c "apt update -y && apt install wget -y && mkdir -p /opt/utmstack-linux-agent && \ - wget --no-check-certificate --header='connection-key: ${this.token}' -P /opt/utmstack-linux-agent \ + wget --no-check-certificate -P /opt/utmstack-linux-agent \ https://${ip}:9001/private/dependencies/agent/${installerName} && \ chmod -R 777 /opt/utmstack-linux-agent/${installerName} && \ /opt/utmstack-linux-agent/${installerName} install ${ip} ${this.token} yes"`; @@ -47,7 +47,7 @@ export class GuideLinuxAgentComponent implements OnInit { const ip = window.location.host.includes(':') ? window.location.host.split(':')[0] : window.location.host; return `sudo bash -c "yum install wget -y && mkdir -p /opt/utmstack-linux-agent && \ - wget --no-check-certificate --header='connection-key: ${this.token}' -P /opt/utmstack-linux-agent \ + wget --no-check-certificate -P /opt/utmstack-linux-agent \ https://${ip}:9001/private/dependencies/agent/${installerName} && \ chmod -R 777 /opt/utmstack-linux-agent/${installerName} && \ /opt/utmstack-linux-agent/${installerName} install ${ip} ${this.token} yes"`; @@ -57,7 +57,7 @@ export class GuideLinuxAgentComponent implements OnInit { const ip = window.location.host.includes(':') ? window.location.host.split(':')[0] : window.location.host; return `sudo bash -c "dnf install wget -y && mkdir -p /opt/utmstack-linux-agent && \ - wget --no-check-certificate --header='connection-key: ${this.token}' -P /opt/utmstack-linux-agent \ + wget --no-check-certificate -P /opt/utmstack-linux-agent \ https://${ip}:9001/private/dependencies/agent/${installerName} && \ chmod -R 777 /opt/utmstack-linux-agent/${installerName} && \ /opt/utmstack-linux-agent/${installerName} install ${ip} ${this.token} yes"`; diff --git a/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts b/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts index a7d2e7b4d..bca0c2878 100644 --- a/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts +++ b/frontend/src/app/app-module/guides/guide-winlogbeat/guide-winlogbeat.component.ts @@ -56,8 +56,7 @@ export class GuideWinlogbeatComponent implements OnInit { const ip = window.location.host.includes(':') ? window.location.host.split(':')[0] : window.location.host; return `New-Item -ItemType Directory -Force -Path "C:\\Program Files\\UTMStack\\UTMStack Agent"; ` + - `& curl.exe -k -H "connection-key: ${this.token}" ` + - `-o "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + + `& curl.exe -k -o "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + `"https://${ip}:9001/private/dependencies/agent/${arch}"; ` + `Start-Process "C:\\Program Files\\UTMStack\\UTMStack Agent\\${arch}" ` + `-ArgumentList 'install', '${ip}', '${this.token}', 'yes' -NoNewWindow -Wait`;