Bugfix/10.6.2/update dependencies (#1098)

* feature: correlation offline mode to avoid rules update

* integrate dependencies from agent manager

* Add connection checker utility for AWS modules

* Add connection checker utility for Bitdefender modules

* Change fatal logging to error for connection failures in AWS and Bitdefender modules

* add timeout

* Add connection checker utility for office 365 modules.

* Add connection checker utility for sophos module.

* Include arm64 agents

* update dependencies

* update CI/CD pipelines

* remove arm builds

* fix message when there is no command output

* update version and changelog

* Update dependencies

* add connection mode

* include agent debugger, remove mTLS and fix module names

* add arm64 icons

* Update changelog

---------

Co-authored-by: Jose Angel Sanchez Velazquez <sanchezvelazquezjoseangel@gmail.com>
Co-authored-by: Yadian Llada Lopez <yadian.llada@gmail.com>
Co-authored-by: JocLRojas <joc.l.rojas02@gmail.com>

Author: 4 people

.github/workflows/principal-multi-env.yml

@@ -54,9 +54,9 @@ jobs:
           $env:GOARCH = "amd64"
           go build -o utmstack_agent_service.exe -v .
           signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service.exe"
-          # $env:GOARCH = "arm64"
-          # go build -o utmstack_agent_service_arm64.exe -v .
-          # signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service_arm64.exe"
+          $env:GOARCH = "arm64"
+          go build -o utmstack_agent_service_arm64.exe -v .
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service_arm64.exe"
 
           echo "Agent build completed"
         
@@ -74,7 +74,7 @@ jobs:
           Copy-Item -Path "${{ github.workspace }}/agent/utmstack_agent_service" -Destination "./dependencies/agent/"
           # Copy-Item -Path "${{ github.workspace }}/agent/utmstack_agent_service_arm64" -Destination "./dependencies/agent/"
           Copy-Item -Path "${{ github.workspace }}/agent/utmstack_agent_service.exe" -Destination "./dependencies/agent/"
-          # Copy-Item -Path "${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe" -Destination "./dependencies/agent/"
+          Copy-Item -Path "${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe" -Destination "./dependencies/agent/"
           Copy-Item -Path "${{ github.workspace }}/agent/version.json" -Destination "./dependencies/agent/"
 
           docker build -t ghcr.io/utmstack/utmstack/agent-manager:${{ needs.setup_deployment.outputs.env_version }} .

CHANGELOG.md

@@ -1,4 +1,4 @@
-# UTMStack 10.6.3 Release Notes
+# UTMStack 10.7.0 Release Notes
 ## New Features and Improvements
 - **Agent & Collector Dependencies**: agents and collectors now fetch their dependencies from the **agent-manager**, improving consistency and centralizing dependency management.
 
@@ -7,3 +7,9 @@
 - **Agent Service Cleanup**: removed unnecessary services to streamline the system and reduce overhead.
 
 - **Error Recovery**: enhanced the agent's ability to recover from certain data streaming errors when interacting with the agent-manager, improving stability and fault tolerance.
+
+- **Debug Mode for Agents**: Added a debug mode for agents, allowing better troubleshooting and logging for debugging purposes.
+
+- **Certificate Verification Improvements**: Improved certificate verification in agents to enhance security and prevent connection issues.
+
+- **Windows ARM64 Agent Support**: Added support for a Windows ARM64 agent, expanding compatibility to more architectures.

agent/agent/incident_response.go

@@ -35,6 +35,8 @@ func IncidentResponseStream(cnf *config.Config, ctx context.Context) {
 			if !connErrMsgWritten {
 				utils.Logger.ErrorF("failed to start AgentStream: %v", err)
 				connErrMsgWritten = true
+			} else {
+				utils.Logger.LogF(100, "failed to start AgentStream: %v", err)
 			}
 			time.Sleep(timeToSleep)
 			continue
@@ -46,6 +48,7 @@ func IncidentResponseStream(cnf *config.Config, ctx context.Context) {
 			in, err := stream.Recv()
 			if err != nil {
 				if strings.Contains(err.Error(), "EOF") {
+					utils.Logger.LogF(100, "error receiving command from server: %v", err)
 					time.Sleep(timeToSleep)
 					break
 				}
@@ -54,13 +57,17 @@ func IncidentResponseStream(cnf *config.Config, ctx context.Context) {
 					if !errorLogged {
 						utils.Logger.ErrorF("error receiving command from server: %v", err)
 						errorLogged = true
+					} else {
+						utils.Logger.LogF(100, "error receiving command from server: %v", err)
 					}
 					time.Sleep(timeToSleep)
 					break
 				} else {
 					if !errorLogged {
 						utils.Logger.ErrorF("error receiving command from server: %v", err)
 						errorLogged = true
+					} else {
+						utils.Logger.LogF(100, "error receiving command from server: %v", err)
 					}
 					time.Sleep(timeToSleep)
 					continue
@@ -72,6 +79,7 @@ func IncidentResponseStream(cnf *config.Config, ctx context.Context) {
 				err = commandProcessor(path, stream, cnf, []string{msg.Command.Command, in.GetCommand().CmdId})
 				if err != nil {
 					if strings.Contains(err.Error(), "EOF") {
+						utils.Logger.LogF(100, "error sending result to server: %v", err)
 						time.Sleep(timeToSleep)
 						break
 					}
@@ -80,13 +88,17 @@ func IncidentResponseStream(cnf *config.Config, ctx context.Context) {
 						if !errorLogged {
 							utils.Logger.ErrorF("error sending result to server: %v", err)
 							errorLogged = true
+						} else {
+							utils.Logger.LogF(100, "error sending result to server: %v", err)
 						}
 						time.Sleep(timeToSleep)
 						break
 					} else {
 						if !errorLogged {
 							utils.Logger.ErrorF("error sending result to server: %v", err)
 							errorLogged = true
+						} else {
+							utils.Logger.LogF(100, "error sending result to server: %v", err)
 						}
 						time.Sleep(timeToSleep)
 						continue
@@ -102,7 +114,7 @@ func commandProcessor(path string, stream AgentService_AgentStreamClient, cnf *c
 	var result string
 	var errB bool
 
-	utils.Logger.Info("Received command: %s", commandPair[0])
+	utils.Logger.LogF(100, "Received command: %s", commandPair[0])
 
 	switch runtime.GOOS {
 	case "windows":
@@ -116,7 +128,7 @@ func commandProcessor(path string, stream AgentService_AgentStreamClient, cnf *c
 	if errB {
 		utils.Logger.ErrorF("error executing command %s: %s", commandPair[0], result)
 	} else {
-		utils.Logger.Info("Result when executing the command %s: %s", commandPair[0], result)
+		utils.Logger.LogF(100, "Result when executing the command %s: %s", commandPair[0], result)
 	}
 
 	if err := stream.Send(&BidirectionalStream{
@@ -126,7 +138,7 @@ func commandProcessor(path string, stream AgentService_AgentStreamClient, cnf *c
 	}); err != nil {
 		return err
 	} else {
-		utils.Logger.Info("Result sent to server successfully!!!")
+		utils.Logger.LogF(100, "Result sent to server successfully!!!")
 	}
 	return nil
 }

agent/agent/ping_imp.go

@@ -26,6 +26,8 @@ func StartPing(cnf *config.Config, ctx context.Context) {
 			if !connErrMsgWritten {
 				utils.Logger.ErrorF("error connecting to Agent Manager: %v", err)
 				connErrMsgWritten = true
+			} else {
+				utils.Logger.LogF(100, "error connecting to Agent Manager: %v", err)
 			}
 			time.Sleep(timeToSleep)
 			continue
@@ -37,11 +39,14 @@ func StartPing(cnf *config.Config, ctx context.Context) {
 			if !connErrMsgWritten {
 				utils.Logger.ErrorF("failed to start Ping Stream: %v", err)
 				connErrMsgWritten = true
+			} else {
+				utils.Logger.LogF(100, "failed to start Ping Stream: %v", err)
 			}
 			time.Sleep(timeToSleep)
 			continue
 		}
 
+		utils.Logger.LogF(100, "Ping Stream started")
 		connErrMsgWritten = false
 
 		ticker := time.NewTicker(pingInterval)
@@ -50,6 +55,7 @@ func StartPing(cnf *config.Config, ctx context.Context) {
 			err := stream.Send(&PingRequest{Type: ConnectorType_AGENT})
 			if err != nil {
 				if strings.Contains(err.Error(), "EOF") {
+					utils.Logger.LogF(100, "error sending Ping request: %v", err)
 					time.Sleep(timeToSleep)
 					break
 				}
@@ -58,20 +64,25 @@ func StartPing(cnf *config.Config, ctx context.Context) {
 					if !errorLogged {
 						utils.Logger.ErrorF("error sending Ping request: %v", err)
 						errorLogged = true
+					} else {
+						utils.Logger.LogF(100, "error sending Ping request: %v", err)
 					}
 					time.Sleep(timeToSleep)
 					break
 				} else {
 					if !errorLogged {
 						utils.Logger.ErrorF("error sending Ping request: %v", err)
 						errorLogged = true
+					} else {
+						utils.Logger.LogF(100, "error sending Ping request: %v", err)
 					}
 					time.Sleep(timeToSleep)
 					continue
 				}
 			}
 
 			errorLogged = false
+			utils.Logger.LogF(100, "Ping request sent")
 		}
 
 		ticker.Stop()

agent/agent/register.go

@@ -60,5 +60,7 @@ func RegisterAgent(cnf *config.Config, UTMKey string) error {
 	cnf.AgentID = uint(response.Id)
 	cnf.AgentKey = response.Key
 
+	utils.Logger.LogF(100, "Agent registered with ID: %v", cnf.AgentID)
+
 	return nil
 }

agent/agent/update.go

@@ -24,9 +24,13 @@ func UpdateAgent(cnf *config.Config, ctx context.Context) error {
 	}
 
 	version := models.Version{}
-	err = utils.ReadJson(config.VersionPath, &version)
-	if err != nil {
-		utils.Logger.Fatal("error reading version file: %v", err)
+	if utils.CheckIfPathExist(config.VersionPath) {
+		err = utils.ReadJson(config.VersionPath, &version)
+		if err != nil {
+			utils.Logger.Fatal("error reading version file: %v", err)
+		}
+	} else {
+		version.Version = "10.6.0"
 	}
 
 	request := &AgentRequest{

agent/collectors/collectors.go

@@ -2,7 +2,6 @@ package collectors
 
 import (
 	"fmt"
-	"runtime"
 
 	"github.com/utmstack/UTMStack/agent/utils"
 )
@@ -18,21 +17,6 @@ type Collector interface {
 	Uninstall() error
 }
 
-func getCollectorsInstances() []Collector {
-	var collectors []Collector
-	switch runtime.GOOS {
-	case "windows":
-		collectors = append(collectors, Windows{})
-		if runtime.GOARCH == "amd64" {
-			collectors = append(collectors, Filebeat{})
-		}
-	case "linux":
-		collectors = append(collectors, Filebeat{})
-	}
-
-	return collectors
-}
-
 func InstallCollectors() error {
 	collectors := getCollectorsInstances()
 
@@ -43,7 +27,7 @@ func InstallCollectors() error {
 		}
 	}
 
-	utils.Logger.Info("collector installed correctly")
+	utils.Logger.LogF(100, "collectors installed correctly")
 
 	return nil
 }
@@ -65,6 +49,6 @@ func UninstallCollectors() error {
 		}
 	}
 
-	utils.Logger.Info("collectors uninstalled correctly")
+	utils.Logger.LogF(100, "collectors uninstalled correctly")
 	return nil
 }

agent/collectors/filebeat.go agent/collectors/filebeat_amd64.goagent/collectors/filebeat.go renamed to agent/collectors/filebeat_amd64.go

@@ -0,0 +1,11 @@
+//go:build linux && amd64
+// +build linux,amd64
+
+package collectors
+
+func getCollectorsInstances() []Collector {
+	var collectors []Collector
+	collectors = append(collectors, Filebeat{})
+
+	return collectors
+}

agent/collectors/linux_amd64.go

@@ -15,6 +15,14 @@ import (
 
 type Windows struct{}
 
+func getCollectorsInstances() []Collector {
+	var collectors []Collector
+	collectors = append(collectors, Windows{})
+	collectors = append(collectors, Filebeat{})
+
+	return collectors
+}
+
 func (w Windows) Install() error {
 	path := utils.GetMyPath()