All notable changes to this project will be documented in this file.
- Correct YARA_PATH assignment and command substitution in yara.sh (
9c25020) - Update YARA binary path for yara server scripts (
eadf809)
- Update CHANGELOG.md and checksums [skip ci] (
6d271e2) - Update CHANGELOG.md and checksums [skip ci] (
33a1fa9) - Update CHANGELOG.md and checksums [skip ci] (
c0604f3) - Update CHANGELOG.md and checksums [skip ci] (
794aebd) - Update CHANGELOG.md and checksums [skip ci] (
274dcc5) - Update CHANGELOG.md and checksums [skip ci] (
ccbca33) - Update CHANGELOG.md and checksums [skip ci] (
b6e4564)
- Add desktop dependency checks and notify-send version enforcement for Ubuntu (
252579b)
- Chore(ci): rename workflow file and update CI triggers for yara integration (
1d529b5)
- Update variable declarations in install script (
5a66ab3) - Update WAZUH_YARA_REPO_REF to use version v0.4.1 in install scripts (
6bee7db)
- Correct log function format specifier in utils.sh (
a766bff) - Include rules directory in checksum generation (
894c257) - Correct environment variable quoting and temp directory usage (
31caa9b)
- Update CHANGELOG.md and checksums [skip ci] (
500ab30) - Update CHANGELOG.md and checksums [skip ci] (
43442a8) - Update CHANGELOG.md and checksums [skip ci] (
b5e1657) - Update CHANGELOG.md and checksums [skip ci] (
637581d)
- Add changelog and checksum update job to GitHub workflows (
d2fa1c0)
- Ci(workflow): remove Python setup step from yara-test workflow (
d446a1d) - Update YARA CI workflow and prerelease detection (
bdf383f)
- Unify cleanup function and add exit traps (
1d8d120)
- Exclude test directory from script checksum generation and overwrite existing file (
076d1b7)
- Include script checksums in release artifacts and update PR automation to version 8 (
ee396f5)
- Add pull-requests write permission to release workflow (
42c1d63)
- Remove unused WAZUH_CONTROL_BIN_PATH and replace write-all with specific permissions (
24c3718) - Update script paths in yara-test workflow (
f7e3b47) - Add OS check before yara installation on macOS (
fd168f9) - Update YARA script URLs to use refs/heads path (
a360aae) - Handle unsupported Linux distributions in install script (
859a3c6) - Corrected wazuh yara url for windows downloads (
39ec099) - Update installation scripts to support server-specific YARA script verification and add gitignore patterns (
b5a992b)
- Update installation command syntax in README (
a937456)
- Add checksums.sha256 file for script integrity verification (
d25048d)
- Pin GitHub Actions to specific hashes (
796e40d) - Update CI environment, ignore .claude files, and configure VS Code settings (
191b0c6) - Update macOS install script, add gitignore, and enforce sudo in CI workflows (
b1c4b65)
- Reorganize Linux YARA installation script and cleanup logic (
b645a0b) - Reorganize and separate yara-server scripts by OS (
1780bdd) - Replace [ ] with [[ ]] in shell scripts for compatibility (
61bebe6) - Make YARA_VERSION configurable in install scripts (
5c5ff53) - Unify and secure Linux and macOS install scripts (
3246e56) - Implement cross-platform sed helper, update download utilities, and fix script formatting (
659616f) - Improve shell script robustness with POSIX-compliant syntax, variable quoting, and explicit return status codes (
2a70524) - Standardize error handling in Linux scripts, introduce YARA_BIN_PATH variable for macOS, and add .gitignore file (
2b0e0a4)
- Remove leftover
yara-installdirectories from current or home paths during cleanup. (c2fae3b)
- Enhance
uninstall.shscript discovery and error reporting ininstall.sh. (c96d778) install.shnow downloadsuninstall.shfrom GitHub if it's not found locally. (fbccc06)
run_local_uninstallnow consistently downloads the uninstallation script from GitHub, and the Wazuh agent is no longer restarted during installation. (854ad9a)
- Update YARA binary paths for macOS and Linux (
4e5442e) - Update YARA script URL in install script (
d400ade) - Correct syntax and fix message formatting in install.sh (
ee9743e) - Remove extraneous empty lines from install script (
19d519d) - Correct success message syntax in install script (
444b3c3) - Distinguish modern and legacy YARA installations (
4e7a77e) - Handle and clean up legacy YARA installations (
e7915ad) - Improve legacy YARA directory removal logic (
24eb838) - Improve pre-installation checks and automate cleanup (
9d405e3) - Use sudo for downloading files to system directories (
1c6c6d1) - Set executable permissions and symlink for yara on macOS (
a193eb1) - Run uninstallation in silent mode without confirmation (
8dac0a7) - Run legacy YARA cleanup in silent mode by default (
b6e250a) - Suppress detection output and enhance YARA installation checks (
632efab) - Update legacy cleanup script URL and enhance detection messages (
b38fafb) - Update YARA installation paths in yara-server script (
428412e) - Improve install.sh script robustness and clarity (
fb5b170) - Disable shellcheck warning for os-release sourcing (
fa8bdb5) - Improve YARA install and validation on macOS (
33dcd2b) - Ensure common binary paths are in PATH for macOS (
2acdc88) - Add macOS debug info for yara detection failures (
ebebc39) - Improve YARA version detection and macOS fallback handling (
7c1b7af) - Correct YARA version check logic in install script (
775d50a) - Add libmagic installation alongside jq for YARA runtime (
582ed29) - Set correct ownership for YARA rules file during installation on macOS and Linux. (
7ea8c38) - Ensure YARA rules directory has correct group ownership. (
59f05f0) - Ensure correct group ownership for the YARA rules directory on macOS. (
ee67989)
- Update and clarify installation instructions (
9513e72)
- Add silent script to remove legacy YARA installations (
8f430c5) - Enhance YARA installation script with detection and cleanup (
c89a917) - Add user prompt for installation type selection (
b093537) - Add yara-server script for YARA active response (
1ccee53) - Add non-interactive installation type support (
51174b7) - Ensure wazuh group and set proper YARA directory permissions (
3ce83b3) - Enhance YARA uninstall script to detect and remove legacy, modern, and softlink installations, and switch install script to use local uninstall. (
8e75e6e) - Broaden YARA uninstallation script to detect and remove legacy installations, softlinks, and package-managed YARA. (
18d00ec) - Improve YARA detection robustness and debugging by capturing stderr, validating version output, and adding platform-specific diagnostics. (
a74cb4b) - Install libmagic and openssl dependencies on macOS in addition to jq. (
9c31aab) - Add pre-installation check for existing YARA 4.5.x to conditionally skip installation. (
783ed16)
- Remove deprecated yara-server active response script (
7850ab5) - Remove legacy YARA cleanup script (
a1d8f37) - Remove deprecated install-server.sh script (
09a3e6a) - Remove uninstall-server.sh script (
302a296) - Set INSTALLATION_TYPE env variable to server (
bb19893)
- Modernize YARA uninstallation script (
b6980d9) - Add dedicated YARA installation function for macOS (
11d29c6) - Improve YARA installation detection logic (
c930c89) - Improve legacy source directory cleanup process (
8999ff3) - Unify YARA script URL handling (
6a74d8d) - Improve YARA version detection in install script (
869e8a7) - Simplify YARA installation script for macOS and Linux (
41d1f5a) - Exit installation early if YARA is already installed and validated (
ce98a0c)
- Relax YARA version check and improve zenity test handling (
74e5c45) - Adapt group ownership checks for macOS compatibility (
3d426a3)
- Add checks for YARA binary existence and permissions after installation and during validation. (
08e1f82)
- Updated fetch depth for git-cliff (
8666609)
- Added automatic release notes and changelog generation (
bc3aecc)
- Remove deletion in yara-server.sh script (
3782f3c)
- Point YARA_SH_URL to wazuh-yara repo (
22bb5dd) - Consider arm architecture (
3b4ab0d) - Remove source built yara in install script (
473d1a6) - Add check to consider only supported distro's for linux (
c3beb91) - Remove source built yara always running eben if installation is done using prebuilt (
fd6a2e9) - Improve OS and distribution detection with unified approach (
762ab46) - Use prebuilt binary built on older GLIBC version (
882530a) - Yara prebuilt binary release tag (
6dfce92) - Use yum to install yara for centOS and RHEL (
048cca9) - Build yara from source for centOS/RHEL if yum fails (
a4901be) - Shellcheck issue line 896 (
4270fdb) - Add required dependencies for building yara from source (
01e25fd) - Libmagic devel does not exist (
f2cf4aa) - Include jansson dependency for source build (
490c3af) - Install jansson and libmagic for rhel (
bfd051a) - Enable codeready-builder repo for RHEL 8/9 jansson-devel installation (
7f678a1) - Quote to prevent splitting issues (
b87d3eb) - Update verification step to check for yara v4.5.x (
de6ccf8) - Make notify send optional for centOS and RHEL (
f11f37f) - Make notify send optional for centOS and RHEL and fix shellcheck issue (
39fd1d6) - Update uninstall.sh for centOS and RHEL (
594516f) - Remove rpm based distribution (
ddaba14) - Remove rpm based distro functionality from uninstall.sh (
c18e1e9) - IconPath updated to correct path for macOS (
430ea61) - Move loggin helpers before being called (
d2b7390) - Move logging helpers before being called (
f2409b3) - Spelling error on wazuh iconPath (
2b9c4f7) - Remove unused function (
12f9f17) - Enhance YARA uninstallation for Ubuntu by checking for prebuilt installations (
e1e2b4a) - Remove redundant cleanup logic for YARA prebuilt installation (
224811d) - Remove local to use only POSIX features (
b7188a5)
- Add YARA server-side active response script for auto-deletion on detection (
096af40) - Add support for uninstalling YARA on RedHat-based systems (
18a5c75) - Add YARA uninstallation script for server OS (
867952d) - Improve YARA binary detection and error handling (
3ac9a97) - Add check for prebuilt YARA installation during uninstallation for Ubuntu (
9c7456a)
- Add ShellCheck workflow for scripts/install.sh (
e1e0874) - Remove ShellCheck workflow (
5425aae) - Remove ShellCheck workflow and update install.sh (
79f0096) - Remove ShellCheck workflow (correctly) (
add27f6) - Refine Ubuntu prebuilt YARA install flow (
bb1a160) - Update url to yara-server.sh (
96d23c3)
- Refactor: restructure install.sh with separate main functions for prebuilt vs source (
7157a8b) - Streamline Wazuh agent restart and validation steps (
b61ae72)
- Update YARA path detection for macOS to support prebuilt binaries (
64e4090) - Improve YARA version detection to ensure prebuilt binary installation (
01e6fa7) - Correct YARA extraction path and Homebrew uninstall error handling (
a8ec647) - Enhance YARA uninstallation process for macOS and improve symlink removal (
fc206cd) - Extract YARA binaries directly to /opt/yara without nested directory (
63405a6) - Change ls to find (
1c46396) - Streamline YARA uninstallation process and remove macOS specific logic (
8d5922d) - Enhance YARA uninstallation for macOS with Homebrew support and improved logging (
2a8f8fd) - Improve YARA installation verification for macOS background services (
0fda3ef) - Update validate_installation() to check direct path fallback (
21dc79c) - Removed redundant yara installed validation step (
627b85e)
- Feat: replace Homebrew tap with prebuilt binary installation for macOS (
1d8a72a) - Ensure YARA runtime dependencies remain installed on macOS (
6fc7de7)
- Simplify YARA path detection to use direct installation path (
98f43f3)
- Improve log messages to reflect success and error states for file operations in yara.sh (
8aa961a) - Update uninstall and install functions for YARA to handle specific versioning in Homebrew (
fd92664) - Unpin YARA before uninstalling via Homebrew to ensure proper removal (
8a00a6b) - Improve install function on macos (
3ea6b71) - Unpin YARA before uninstalling via Homebrew to ensure proper removal (
bc844cb) - Remove duplicated unpin command (
1a9d460) - Add Bash 4+ compatibility check to auto-detect and use newer bash on macOS/Ubuntu when root uses Bash 3.2 (
96a4f8e)
- Add check_and_update_bash function to ensure Bash is up to date on macOS (
dc0d802)
- Install YARA via Homebrew tap on macOS (
01983f7) - Enhance install_yara_macos function for Homebrew tap installation (
998f838)
- Update log messages to use INFO level for file operations in yara.sh (
fe3fd31)
- Improve Homebrew detection and user handling (
9ceb134) - Add sudo flash to simulate initial login (
0c80988) - Remove -H flash parameter from sudo brew command (
d12f9b4) - Use absolute paths to download yara from source (
164bcc7) - Revert method of getting logged in user (
ef4213e)
- Get logged in user using brew --prefix (
c9aacac)
- Enhance README for clarity on Windows Defender integration and cross-platform features (
772d89d)
- Add Windows Defender integration script (
11ebd4b)
- Replace maybe_sudo with sudo for Homebrew commands in install.sh (
879f7ee) - Ensure LOGGED_IN_USER is initialized before assignment in install and uninstall scripts (
dc31479) - Update Wazuh agent installation script URL in yara-test workflow (
bab4599) - Update Wazuh agent installation script URL to remove unnecessary refs (
e111244)
- Add function to get logged-in user for macOS and Linux (
13dc335) - Implement logged-in user retrieval for Homebrew commands in install and uninstall scripts (
832ddfa)
- Add wazuh logo to all notifications where applicable (
f02b35e) - Change log level from INFO to DEBUG for various messages (
b8667b7) - Remove type attribute from ignore tag in add_fim_ignore function (
6913f7e) - Update iconPath variable assignment for macOS and Linux environments (
3101b3f) - Change method to install yara on ubuntu machines from apt to source code installation & update yara.sh script correspondingly (
e9b86e7) - Change macos yara install to install from source (
74acc72) - Add remove_brew_yara function (
66a1898) - Improve install and uninstall scripts for macos and ubuntu (
a6aa62a) - Use maybe_sudo to cleanup temporary directory (
6dda6cb) - Improve install script to install specific version of yara with brew on macos; update uninstall script to run only if yara is installed (
5f22bf6) - Add all yara modules and required dependencies to install script (
af639d3) - Update GitHub Actions workflow for pytest and enhance install script with notify-send checks (
00fceda) - Simplify ignore rule check in add_fim_ignore function (
83eb9d6) - Install libnotify if necessary (
3a46d42) - Change ownership command to recursively update user and group for specified path (
b72d233) - Update group creation command for macOS to use sysadminctl (
5627573) - Update group creation command for macos (
5994838) - Improve error handling for user and group creation on macOS (
c591eec) - Update Wazuh agent installation method in yara-test.yml (
76c9d64) - Update Wazuh agent installation script reference in yara-test.yml (
1f3f8a4) - Remove unnecessary unit tests (
a5c5452) - Remove unnecessary unit tests (
4a758f5) - Remove version extraction step from release job because it's depreciated (
1316535) - Fix automated release pipeline (
ef3735f)
- Update README to enhance structure and clarity, add installation details, and improve usage guide (
3572ee8)
- Update yara.sh with actions to delete malware files or ignore those files from future scans (
d7a0ec1) - Add success and failure notifications for file deletion and ignoring in yara.sh for macos (
40ae3d9) - Add Zenity installation check and refactor YARA installation process (
bb6df3b)
- Set yara version to 4.5.4 (
8172740)
- Enhance GitHub Actions workflow for pull requests and improve YARA test suite documentation (
4a97da2)
- Add test for zenity installation on Linux (
5ce8e26)
- Improve how to extract rules and file path from yara results #33 (
2004e4e)
- Fix remove_file_limit not working on macos (
62472c1)
- Remove functions to update ossec.conf and add functions to revert to initial state (
03182d3)
- Remove test function for fim content in ossec.conf (
53c177b)
- Change log file path to relative log file path (
b0e0cbc)
- Update yara rules and yara.bat script url (
e2ad1f9)
- Added company copyrighht info in active-response scripts (
368adc2)
- Add notification on local host for yara results (
490a840) - Add Notification function is launched using scheduled task (
90920f0) - Add VBScript to run notification script without powershell popup (
ef9ba2d)
- Improve format of display in active response notification on linux/macos (
203242d)
- Revert yara rules path to normal path (
528e8d0)
- Update yar rules source to yara forge (
7641db5)
- Remove temporary files in temp directory (
4179ca9)
- Change logging method (
95473e0) - Change function to remove environment variables (
7f6d240) - Improve logging on Yara install script (
c9fa618) - Calling logging correctly for cleanup (
f917b5b) - Yara rules temp directory (
350734b)
- Improve how to set yara path in tha active response script (
f58d708) - Improve how to set yara path in tha active response script (
a725429) - Remove ineffectual variables (
f0fc89b) - Update folders to monitor (
7f67aeb) - Update tests (
fe0cdae)
- Check if Service exists & improving logging (
b8f77c0)
- Improve logging in yara.sh (
5ee9b51)
- Ci (
6f14f29) - Ci (
4f77ae7) - Add value of ossec conf path (
2baa3d7) - Handle
sedcommand compatibility for macOS and Linux (398c2e9) - Handle
sedcommand differently for macOS and Linux incheck_file_limitfunction (5141fde) - Fix: use warn_message instead of error_message for missing config file (
0c8832a) - Encoding error yara.bat file (
e3eabbb) - Update yara rules directory fixed to path into rules folder (
ce26b50) - Double square brackets in files/directory checks (
5f5a099) - Uninstall yara only if it exists (
a5d5115) - MacOS not recognising /n as next line when editing config file (
d4f3674) - Update new line sed command to use // instead of /n (
8864290) - Remove unneeded stop agent function and improved restart agent function in uninstall script (
d0a4677) - Improve sed command usage (
90cb965)
- Update Scripts to download rules/malware_rules.yar (
599e7c3)
- Update README file (
84f2fbb) - Improve active responses script to work on both linux and macos (
60bd299)
- Cd build (#2) (
d4bd278) - Add GitHub Actions workflow for running Pytest (
e76c597) - Add uninstall script (
d41f875) - Add uninstall script (
d9bda9e) - Add uninstall script (
92e2c67) - Add installation validation steps (
b89af7f)
- Removed lines that call deleted functions (
0c8defb) - ValhallaAPI try catch was not working because pip does not throw an error (
fc2993b) - Check pip module function fixed (
e8e271e) - Fixed download yara rules script to save yara_rules to temp directory (
e6b2b2f) - YaraUrl used instead of YaraBatUrl (
3b6fbe7) - Naming of yaraBatURL (
40f3f72) - Naming of filelimitnode variable (
16b4141) - Correct file_limit node selection in syscheck XML parsing (
4acf681) - Naming of rules file (
ec02409) - Yara rules directory path was set to file instead of location (
fa5f685)
- Initial commit (
212c36e) - Script; tested using docker (
9f111cd) - Typo (
0655cab) - Custom sed (
1fdb6d5) - File limit (
0f7226a) - Moved script tests into script folder (
823b282) - Testing using bats (
956fbaa) - More colors to the bash script (
012c717) - Remove obsolete script tests and workflows (
cb2283f) - Update wazuh-agent installation and add yara test script (
c2da7b7) - Update wazuh-agent installation and add yara test script (
cf48a9d) - Ensure yara_rules.yar file exists and has correct ownership (
e724dcf) - Fix yara_rules_file.exists() assertion in yara.py test (
b061b31) - Ensure yara rules file exists and has correct ownership (
d5d470b) - Update wazuh-agent installation and add yara test script (
0de8c18) - Update wazuh-agent installation and yara tests (
68e074c) - Update GitHub Actions workflow for running Pytest (
746e292) - Update YARA Tests documentation and GitHub Actions workflow (
5146af3) - Create user and group on macOS in install.sh (
88cb9e9) - Improve error handling and OS compatibility in install.sh (
38f4b17) - Improve error handling and OS compatibility in install.sh (
666caac) - Update OSSEC configuration handling in install.sh (
c68a63e) - Update OSSEC configuration handling in install.sh (
62c6457) - Restart Wazuh agent in install.sh (
1c9ad86) - Update OSSEC configuration handling in install.sh (
13acf09) - Update Rules github link (
095a814) - Save yara_rules.yar on correct directory on MacOS (
e99216c) - Update yara rules url (
aaaf065) - Add success message at end of script (
05b3648) - Remove the installation of additional packages (
6143c87) - Improve idempotency in bash uninstall script (
078ad80) - Improve idempotency in bash uninstall script (
3e6f568) - Improve idempotency in bash uninstall script (
ace63da) - Improve logging in uninstall script (
368149e) - Remove configs in uninstall script, only if ossec config file exist (
4546b05) - Install yara if not already installed (
7512fd8) - Add timestamp and colors to active response script (
6dbe152) - Remove timestamp and colors from active response script (
8a55728) - Update files to monitor on macos (
42f42f1) - Add release pipeline (
368d8c3)
- Improve YARA installation and configuration process #3 (
30fff69) - Improve YARA installation process for Windows #3 (
f3d444d) - Improve YARA installation process for Windows (
dde36e8), Closes #3 - Improve YARA installation process for Windows (
4dcddd7) - Improve YARA installation and configuration process (
d322344) - Improve log messages (
75cd165)
- Yara.bat script added in this script (
76e3ef7)
- Add maybe_sudo infront of file checks (
1b289be)
- Removed dependecy installation from install.ps1 and added yara.bat installation (
4a28d93) - Moved yara.bat script to seperate file (
df8b268)
- Change rules file name back to yara_rules.yar (
f2b0f77)