git: c86d3fc116b3 - main - security/wazuh-manager: Improve port to run inside jail
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 31 Dec 2025 08:24:56 UTC
The branch main has been updated by acm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c86d3fc116b3437ff3351e8e886926175aaec2b1
commit c86d3fc116b3437ff3351e8e886926175aaec2b1
Author: Jesús Daniel Colmenares Oviedo <dtxdf@freebsd.org>
AuthorDate: 2025-12-31 08:21:55 +0000
Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2025-12-31 08:24:38 +0000
security/wazuh-manager: Improve port to run inside jail
- Reimplement getPackages() using SQLite
getPackages() is a function used to get a set of information about
the packages installed on the system where the manager and agent
are installed. To obtain this information, pkg-query(8) was used;
however, prior to this commit, it was assumed that pkg(8) was
installed on the system, which could be wrong, especially on systems
such as jails, where pkg(8) is normally used from the host. With
this change, we leverage SQLite to read the pkg(8) database and
obtain information about the packages, which is also much more
efficient than executing a command. This also fixes the segmentation
fault inside jail in wazuh-modulesd when this condition occurs.
- Fix wazuh-apid when security.bsd.see_other_{u,g}ids=0
wazuh-apid checks the status of some daemons (or services) before
starting completely, and if it cannot detect the status, it may
mark the service as failed or stopped. When security.bsd.see_other_{u,g}ids
is enabled, apid cannot correctly detect the status of some daemons
running as root, such as wazuh-execd and wazuh-modulesd, so the API
will always return that it is DOWN. To work around this issue,
a small C program with the SUID bit set is used to check as root
if a process exists in /proc. This C program is used in the
wazuh.core.cluster.utils.get_manager_status() function for this
task.
- Fix package on 14-aarch64 and 16-aarch64
- Bump PORTREVISION
---
security/wazuh-manager/Makefile | 5 +
security/wazuh-manager/distinfo | 16 +-
security/wazuh-manager/files/check_pid.c | 103 ++++++++++++
.../patch-framework-wazuh-core-cluster_utils.py | 33 ++++
.../patch-src-data_provider-src_sysInfoFreeBSD.cpp | 174 ++++++++++++++-------
security/wazuh-manager/pkg-plist | 2 +
6 files changed, 265 insertions(+), 68 deletions(-)
diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile
index 4e9e8b7c2414..372e09d50a67 100644
--- a/security/wazuh-manager/Makefile
+++ b/security/wazuh-manager/Makefile
@@ -1,6 +1,7 @@
PORTNAME= wazuh
DISTVERSIONPREFIX= v
DISTVERSION= 4.14.1
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources \
LOCAL/acm/${PORTNAME}/:wazuh_cache
@@ -234,12 +235,14 @@ post-patch:
${WRKSRC}/framework/wazuh/rbac/decorators.py
do-build:
+ cd ${WRKSRC} && ${CC} ${CFLAGS} -o check_pid ${FILESDIR}/check_pid.c
cd ${WRKSRC}/src/ && ${SETENV} ${MAKE_ENV} STAGEDIR=${STAGEDIR} \
${MAKE_CMD} ${MAKE_ARGS}
do-install:
${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/bin
${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/lib
+ ${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/libexec
${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/tmp
${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/templates
${MKDIR} ${STAGEDIR}${WAZUHPREFIX}/.ssh
@@ -256,6 +259,8 @@ do-install:
${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}${DIRE}
.endfor
+ ${INSTALL_PROGRAM} ${WRKSRC}/check_pid ${STAGEDIR}${WAZUHPREFIX}/libexec/check_pid
+
${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log
${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json
${INSTALL_DATA} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log
diff --git a/security/wazuh-manager/distinfo b/security/wazuh-manager/distinfo
index 1e8d9dcef44d..3cf2923e896b 100644
--- a/security/wazuh-manager/distinfo
+++ b/security/wazuh-manager/distinfo
@@ -57,22 +57,22 @@ SHA256 (wazuh-4.14.1/zlib.tar.gz) = b59d38149f0c29ec54d2766611ebc5a51a032bf9717e
SIZE (wazuh-4.14.1/zlib.tar.gz) = 1593304
SHA256 (wazuh-4.14.1/wazuh-cache-any-4.14.1.tar.gz) = 79ef4769856c7c7af6b9f2c2ef67bf6e2cc3db874dc25ea4086519f48c8bc729
SIZE (wazuh-4.14.1/wazuh-cache-any-4.14.1.tar.gz) = 21536265
-SHA256 (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = 676478c4aa564cd8ab001e7e8d5ec64a7bce0f9aa6d2de1e77d81749e53eec68
-SIZE (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = 480480
+SHA256 (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = d4079d17c2e6eea261c2a9a0c24363bde1ce1df0c50bec86e52be3d329b7cb09
+SIZE (wazuh-4.14.1/wazuh-python-4.14.1.tar.gz) = 480541
SHA256 (wazuh-4.14.1/wazuh-cache-fbsd13-amd64-4.14.1.tar.gz) = e894bdc1697a8c4976e1cc68961c602850ec24582d5cc17baed82d8086620005
SIZE (wazuh-4.14.1/wazuh-cache-fbsd13-amd64-4.14.1.tar.gz) = 26641362
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = edee8a08b775aa5d85e1154a4bfc0bb680eb99e390f5e0d8fb4774200748f404
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = 24707799
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = 7984654011ed67fffcc2f1f4297df5a4708d8d1dd6a79ab5c1dd295250883feb
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-aarch64-4.14.1.tar.gz) = 24707892
SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = f2b26a36b116348e3443e7133017713956e8ed2e26eed90e4f396eb55a241eda
SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = 25055515
SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = c63484af8fd157f61b6bf0297b4233c3e2a3eee481f35c7d15fcb5b90d711489
SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = 24690859
SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 8b70abd8e3b408cd69dc2a5434ddaaa7afa9e59c9173c8a3242cef5c657327db
SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 26650226
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 1510ef710bcae78e22db88f443504d006e9e4b45d27c66bb84984211409f7e65
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 24863114
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 03e92ad3b8cc1d06f9e31d07aa13d1ba3dca85b302d869ec5ec3a2b517d3dbf0
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653557
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 29ca4f074475bc29a852850193da0da421133f62f38ccd0a990edd17743845bb
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 24862885
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = f706a10b1e31dc959e1751a015b3ec2e74ddbda0362ab192ba3918852731635c
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653845
SHA256 (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
SIZE (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = 19810038
SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = a955c569217122779ab5b6b58bdfabbfa1cd452b4719cc35c791f7047b1f364f
diff --git a/security/wazuh-manager/files/check_pid.c b/security/wazuh-manager/files/check_pid.c
new file mode 100644
index 000000000000..a5697601c41b
--- /dev/null
+++ b/security/wazuh-manager/files/check_pid.c
@@ -0,0 +1,103 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <err.h>
+#include <errno.h>
+#include <sys/sysctl.h>
+#include <sys/stat.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#define PID_MAX_FALLBACK 99999
+#define PROC_PATH "/proc"
+/*
+ * /proc = 5, / = 1, <pid> = 5, \0 = 1
+ */
+#define PID_PATH_LEN 12
+
+static void usage(void);
+static void raise_invalid_number(int);
+static void raise_atoi_exception(const char *);
+static int safe_atoi(const char *, int *);
+
+int
+main(int argc, char **argv)
+{
+ const char *pid_str;
+ if ((pid_str = argv[1]) == NULL)
+ usage();
+
+ int pid;
+ if (safe_atoi(pid_str, &pid) != 0)
+ raise_atoi_exception(pid_str);
+
+ pid_t pid_max;
+
+ size_t pid_max_len;
+
+ pid_max_len = sizeof(pid_max);
+ if (sysctlbyname("kern.pid_max", &pid_max, &pid_max_len, NULL, 0) == -1) {
+ warnx("error getting sysctl");
+ pid_max = PID_MAX_FALLBACK;
+ }
+
+ if (pid <= 0 || pid > pid_max)
+ raise_invalid_number(pid);
+
+ char pid_path[PID_PATH_LEN];
+
+ snprintf(pid_path, sizeof(pid_path), "/proc/%d", pid);
+
+ struct stat sbuf;
+
+ if (lstat(pid_path, &sbuf) == -1) {
+ if (errno == ENOENT)
+ return EX_NOINPUT;
+ else
+ warnx("error getting file status");
+ return EX_SOFTWARE;
+ }
+
+ return EX_OK;
+}
+
+static void
+raise_invalid_number(int n)
+{
+ errx(EX_DATAERR, "%d: invalid number", n);
+}
+
+static void
+raise_atoi_exception(const char *s)
+{
+ if (errno != 0)
+ err(EX_SOFTWARE, "atol()");
+ else
+ errx(EX_SOFTWARE, "could not convert %s to an integer", s);
+}
+
+static int
+safe_atoi(const char *s, int *ret_i)
+{
+ char *x = NULL;
+ long l;
+
+ errno = 0;
+ l = strtol(s, &x, 0);
+
+ if (!x || x == s || *x || errno)
+ return errno > 0 ? -errno : -EINVAL;
+
+ if ((long)(int)l != l)
+ return -ERANGE;
+
+ *ret_i = (int)l;
+
+ return 0;
+}
+
+static void
+usage(void)
+{
+ errx(EX_USAGE, "%s",
+ "usage: check_pid <pid>");
+}
diff --git a/security/wazuh-manager/files/patch-framework-wazuh-core-cluster_utils.py b/security/wazuh-manager/files/patch-framework-wazuh-core-cluster_utils.py
new file mode 100644
index 000000000000..8dc0d329d5dc
--- /dev/null
+++ b/security/wazuh-manager/files/patch-framework-wazuh-core-cluster_utils.py
@@ -0,0 +1,33 @@
+--- framework/wazuh/core/cluster/utils.py 2025-12-30 23:32:30.875588000 -0800
++++ framework/wazuh/core/cluster/utils.py 2025-12-30 23:33:42.825809000 -0800
+@@ -11,6 +11,7 @@
+ import socket
+ import time
+ import typing
++import subprocess
+ from contextvars import ContextVar
+ from functools import lru_cache
+ from glob import glob
+@@ -282,7 +283,7 @@
+ # it means each process crashed and was not able to remove its own pidfile.
+ data[process] = 'failed'
+ for pid in pidfile:
+- if os.path.exists(os.path.join(proc_path, pidfile_regex.match(pid).group(1))):
++ if _check_pid_as_superman(pidfile_regex.match(pid).group(1)):
+ data[process] = 'running'
+ break
+
+@@ -291,6 +292,13 @@
+
+ return data
+
++def _check_pid_as_superman(pid):
++ try:
++ subprocess.check_call(["/var/ossec/libexec/check_pid", pid])
++ except subprocess.CalledProcessError as e:
++ return False
++
++ return True
+
+ def get_cluster_status() -> typing.Dict:
+ """Get cluster status.
diff --git a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp
index 929fef4ec8c1..7765db26eb93 100644
--- a/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp
+++ b/security/wazuh-manager/files/patch-src-data_provider-src_sysInfoFreeBSD.cpp
@@ -1,17 +1,22 @@
---- src/data_provider/src/sysInfoFreeBSD.cpp 2025-09-23 06:59:40.000000000 -0700
-+++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-10-16 15:42:56.638994000 -0700
-@@ -11,20 +11,23 @@
+--- src/data_provider/src/sysInfoFreeBSD.cpp.orig 2025-12-29 18:29:38.128837000 -0400
++++ src/data_provider/src/sysInfoFreeBSD.cpp 2025-12-30 01:04:57.828191000 -0400
+@@ -11,20 +11,28 @@
#include "sysInfo.hpp"
#include "cmdHelper.h"
#include "stringHelper.h"
+#include "timeHelper.h"
#include "osinfo/sysOsParsers.h"
++#include "sqliteWrapperTemp.h"
++#include "filesystemHelper.h"
#include <sys/sysctl.h>
#include <sys/vmmeter.h>
#include <sys/utsname.h>
#include "sharedDefs.h"
+#include <regex>
++const std::string PKG_DB_PATHNAME {"/var/db/pkg/local.sqlite"};
++const std::string PKG_QUERY {"SELECT p.name, p.maintainer, p.version, p.arch, p.comment, p.flatsize, p.time, v.annotation AS repository,p.origin FROM packages p LEFT JOIN (SELECT pa.package_id, pa.value_id FROM pkg_annotation pa JOIN annotation t ON t.annotation_id = pa.tag_id AND t.annotation = 'repository') pr ON pr.package_id = p.id LEFT JOIN annotation v ON v.annotation_id = pr.value_id;"};
++
static void getMemory(nlohmann::json& info)
{
+ constexpr auto vmFree{"vm.stats.vm.v_free_count"};
@@ -27,7 +32,7 @@
if (ret)
{
-@@ -52,11 +55,23 @@
+@@ -52,11 +60,23 @@
};
}
@@ -54,7 +59,7 @@
if (ret)
{
-@@ -64,11 +79,11 @@
+@@ -64,11 +84,11 @@
{
ret,
std::system_category(),
@@ -68,7 +73,7 @@
info["ram_free"] = ramFree;
info["ram_usage"] = 100 - (100 * ramFree / ramTotal);
}
-@@ -184,8 +199,12 @@
+@@ -184,8 +204,12 @@
nlohmann::json SysInfo::getProcessesInfo() const
{
@@ -83,7 +88,7 @@
}
nlohmann::json SysInfo::getOsInfo() const
-@@ -196,11 +215,12 @@
+@@ -196,11 +220,12 @@
if (!spParser->parseUname(Utils::exec("uname -r"), ret))
{
@@ -97,32 +102,40 @@
if (uname(&uts) >= 0)
{
ret["sysname"] = uts.sysname;
-@@ -215,18 +235,200 @@
+@@ -215,44 +240,257 @@
nlohmann::json SysInfo::getPorts() const
{
- // Currently not supported for this OS.
- return nlohmann::json {};
+-}
+ nlohmann::json ports {};
+
+ /* USER COMMAND PID FD PROTO LOCAL_ADDRESS FOREIGN_ADDRESS PATH_STATE CONN_STATE */
+
+#if __FreeBSD_version > 1500045
+ const auto query{exec(R"(sockstat -46qs --libxo json)")};
-+
+
+-void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> /*callback*/) const
+-{
+- // Currently not supported for this OS.
+-}
+ if (!query.empty())
+ {
+ nlohmann::json portsjson;
+ portsjson = nlohmann::json::parse(query);
+ auto &portsResult = portsjson["sockstat"]["socket"];
-+
+
+-void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const
+-{
+- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")};
+ for(auto &port : portsResult) {
+ std::string localip = "";
+ std::string localport = "";
+ std::string remoteip = "";
+ std::string remoteport = "";
+ std::string statedata = "";
-+
+
+ if (port["pid"] != nullptr) {
+
+ localip = port["local"]["address"];
@@ -170,16 +183,32 @@
+#else
+ const auto query{Utils::exec(R"(sockstat -46qs)")};
+
-+ if (!query.empty())
-+ {
+ if (!query.empty())
+ {
+- const auto lines{Utils::split(query, '\n')};
+ const auto lines{Utils::split(Utils::trimToOneSpace(query), '\n')};
-+
+
+ std::regex expression(R"(^(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s*$)");
+
-+ for (const auto& line : lines)
-+ {
+ for (const auto& line : lines)
+ {
+- const auto data{Utils::split(line, '|')};
+- nlohmann::json package;
+ std::smatch data;
-+
+
+- package["name"] = data[0];
+- package["vendor"] = data[1];
+- package["version"] = data[2];
+- package["install_time"] = UNKNOWN_VALUE;
+- package["location"] = UNKNOWN_VALUE;
+- package["architecture"] = data[3];
+- package["groups"] = UNKNOWN_VALUE;
+- package["description"] = data[4];
+- package["size"] = 0;
+- package["priority"] = UNKNOWN_VALUE;
+- package["source"] = UNKNOWN_VALUE;
+- package["format"] = "pkg";
+- // The multiarch field won't have a default value
+ if (std::regex_search(line, data, expression))
+ {
+ std::string localip = "";
@@ -187,7 +216,8 @@
+ std::string remoteip = "";
+ std::string remoteport = "";
+ std::string statedata = "";
-+
+
+- callback(package);
+ auto localdata{Utils::split(data[6], ':')};
+ auto remotedata{Utils::split(data[7], ':')};
+
@@ -240,12 +270,10 @@
+ }
+#endif
+ return ports;
- }
-
--void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> /*callback*/) const
++}
++
+void SysInfo::getProcessesInfo(std::function<void(nlohmann::json&)> callback) const
- {
-- // Currently not supported for this OS.
++{
+ const auto query{Utils::exec(R"(ps -ax -w -o pid,comm,state,ppid,usertime,systime,user,ruser,svuid,group,rgroup,svgid,pri,nice,ssiz,vsz,rss,pmem,etimes,sid,pgid,tpgid,tty,cpu,nlwp,args --libxo json)")};
+
+ if (!query.empty())
@@ -294,42 +322,68 @@
+ callback(jsProcessInfo);
+ }
+ }
++}
++
++void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const
++{
++ if (Utils::existsRegular(PKG_DB_PATHNAME))
++ {
++ try
++ {
++ std::shared_ptr<SQLite::IConnection> sqliteConnection = std::make_shared<SQLite::Connection>(PKG_DB_PATHNAME);
++
++ SQLite::Statement stmt
++ {
++ sqliteConnection,
++ PKG_QUERY
++ };
++
++ while (SQLITE_ROW == stmt.step())
++ {
++ try
++ {
++ auto pkg_name{ stmt.column(0) };
++ auto pkg_maintainer{ stmt.column(1) };
++ auto pkg_version{ stmt.column(2) };
++ auto pkg_arch{ stmt.column(3) };
++ auto pkg_comment{ stmt.column(4) };
++ auto pkg_flatsize{ stmt.column(5) };
++ auto pkg_time{ stmt.column(6) };
++ auto pkg_repository{ stmt.column(7) };
++ auto pkg_origin{ stmt.column(8) };
++
++ const auto archdata{Utils::split(pkg_arch->value(std::string{}), ':')};
++ const auto sectiondata{Utils::split(pkg_origin->value(std::string{}), '/')};
++
++ nlohmann::json package;
++
++ package["name"] = pkg_name->value(std::string{});
++ package["vendor"] = pkg_maintainer->value(std::string{});
++ package["version"] = pkg_version->value(std::string{});
++ package["install_time"] = pkg_time->value(std::string{});
++ package["location"] = UNKNOWN_VALUE;
++ package["architecture"] = archdata[2];
++ package["groups"] = UNKNOWN_VALUE;
++ package["description"] = pkg_comment->value(std::string{});
++ package["size"] = pkg_flatsize->value(uint64_t{});
++ package["priority"] = UNKNOWN_VALUE;
++ package["source"] = pkg_repository->value(std::string{});
++ package["section"] = sectiondata[0];
++ package["format"] = "pkg";
++ // The multiarch field won't have a default value
++
++ callback(package);
++ }
++ catch (const std::exception& e)
++ {
++ std::cerr << e.what() << std::endl;
++ }
++ }
+ }
++ catch (const std::exception& e)
++ {
++ std::cerr << e.what() << std::endl;
++ }
+ }
}
- void SysInfo::getPackages(std::function<void(nlohmann::json&)> callback) const
- {
-- const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")};
-+ const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c|%sb|%t|%R|%o")")};
-
- if (!query.empty())
- {
-@@ -235,6 +437,9 @@
- for (const auto& line : lines)
- {
- const auto data{Utils::split(line, '|')};
-+ const auto archdata{Utils::split(data[3], ':')};
-+ const auto sectiondata{Utils::split(data[8], '/')};
-+
- nlohmann::json package;
- std::string vendor { UNKNOWN_VALUE };
- std::string email { UNKNOWN_VALUE };
-@@ -244,14 +449,15 @@
- package["name"] = data[0];
- package["vendor"] = vendor;
- package["version"] = data[2];
-- package["install_time"] = UNKNOWN_VALUE;
-+ package["install_time"] = data[6];
- package["location"] = UNKNOWN_VALUE;
-- package["architecture"] = data[3];
-+ package["architecture"] = archdata[2];
- package["groups"] = UNKNOWN_VALUE;
- package["description"] = data[4];
-- package["size"] = 0;
-+ package["size"] = data[5];
- package["priority"] = UNKNOWN_VALUE;
-- package["source"] = UNKNOWN_VALUE;
-+ package["source"] = data[7];
-+ package["section"] = sectiondata[0];
- package["format"] = "pkg";
- // The multiarch field won't have a default value
-
diff --git a/security/wazuh-manager/pkg-plist b/security/wazuh-manager/pkg-plist
index cc555ee1a4da..221932188520 100644
--- a/security/wazuh-manager/pkg-plist
+++ b/security/wazuh-manager/pkg-plist
@@ -29886,6 +29886,7 @@
/var/ossec/lib/libvulnerability_scanner.so
/var/ossec/lib/libwazuhext.so
/var/ossec/lib/libwazuhshared.so
+@(root,wheel,4755) /var/ossec/libexec/check_pid
@mode 660
@owner wazuh
@group wazuh
@@ -33161,6 +33162,7 @@
@dir /var/ossec/framework
@dir /var/ossec/integrations
@dir /var/ossec/lib
+@dir(root,wazuh,750) /var/ossec/libexec
@dir /var/ossec/logs/alerts
@dir /var/ossec/logs/api
@dir /var/ossec/logs/archives