From 530e70cebc2df5c0968fa681851ae421e237d265 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?sophie=20=5B=E2=9B=A7-440729=5D?= <github@999eagle.moe>
Date: Mon, 11 Nov 2024 18:03:00 +0100
Subject: [PATCH] security/wazuh-agent: implement options to change server
 ports (#4346)

---
 .../OPNsense/WazuhAgent/forms/settings.xml       | 15 ++++++++++++++-
 .../models/OPNsense/WazuhAgent/WazuhAgent.xml    | 16 +++++++++++++++-
 .../templates/OPNsense/WazuhAgent/ossec.conf     |  4 ++++
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/security/wazuh-agent/src/opnsense/mvc/app/controllers/OPNsense/WazuhAgent/forms/settings.xml b/security/wazuh-agent/src/opnsense/mvc/app/controllers/OPNsense/WazuhAgent/forms/settings.xml
index 342b03cb5..8c92582f1 100644
--- a/security/wazuh-agent/src/opnsense/mvc/app/controllers/OPNsense/WazuhAgent/forms/settings.xml
+++ b/security/wazuh-agent/src/opnsense/mvc/app/controllers/OPNsense/WazuhAgent/forms/settings.xml
@@ -22,6 +22,13 @@
         <advanced>true</advanced>
         <help>Specifies the transport protocol to use.</help>
     </field>
+    <field>
+        <id>agent.general.port</id>
+        <label>Manager port</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>Specifies the port to use for communicating with the Wazuh manager.</help>
+    </field>
     <field>
         <id>agent.logcollector.syslog_programs</id>
         <label>Applications</label>
@@ -84,7 +91,7 @@
     </field>
     <field>
         <type>header</type>
-        <label>Authentication</label>
+        <label>Enrollment</label>
         <collapse>true</collapse>
     </field>
     <field>
@@ -93,6 +100,12 @@
         <type>password</type>
         <help>Password to use in authd.pass file.</help>
     </field>
+    <field>
+        <id>agent.auth.port</id>
+        <label>Enrollment port</label>
+        <type>text</type>
+        <help>Specifies the port to use for communicating with the Wazuh manager during enrollment.</help>
+    </field>
     <field>
         <type>header</type>
         <label>Policy monitoring and anomaly detection</label>
diff --git a/security/wazuh-agent/src/opnsense/mvc/app/models/OPNsense/WazuhAgent/WazuhAgent.xml b/security/wazuh-agent/src/opnsense/mvc/app/models/OPNsense/WazuhAgent/WazuhAgent.xml
index 4c4a2b568..cba8e4b2f 100644
--- a/security/wazuh-agent/src/opnsense/mvc/app/models/OPNsense/WazuhAgent/WazuhAgent.xml
+++ b/security/wazuh-agent/src/opnsense/mvc/app/models/OPNsense/WazuhAgent/WazuhAgent.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/WazuhAgent</mount>
-    <version>1.0.1</version>
+    <version>1.0.2</version>
     <description>
         Wazuh Agent
     </description>
@@ -22,6 +22,13 @@
                     <udp>UDP</udp>
                 </OptionValues>
             </protocol>
+            <port type="IntegerField">
+                <default>1514</default>
+                <Required>Y</Required>
+                <MinimumValue>1</MinimumValue>
+                <MaximumValue>65536</MaximumValue>
+                <ValidationMessage>This must be a valid port number.</ValidationMessage>
+            </port>
             <debug_level type="OptionField">
                 <default>0</default>
                 <Required>Y</Required>
@@ -35,6 +42,13 @@
         <auth>
             <password type="TextField">
             </password>
+            <port type="IntegerField">
+                <default>1515</default>
+                <Required>Y</Required>
+                <MinimumValue>1</MinimumValue>
+                <MaximumValue>65536</MaximumValue>
+                <ValidationMessage>This must be a valid port number.</ValidationMessage>
+            </port>
         </auth>
         <logcollector>
             <remote_commands type="BooleanField">
diff --git a/security/wazuh-agent/src/opnsense/service/templates/OPNsense/WazuhAgent/ossec.conf b/security/wazuh-agent/src/opnsense/service/templates/OPNsense/WazuhAgent/ossec.conf
index 53aeb20e7..68eac29d1 100644
--- a/security/wazuh-agent/src/opnsense/service/templates/OPNsense/WazuhAgent/ossec.conf
+++ b/security/wazuh-agent/src/opnsense/service/templates/OPNsense/WazuhAgent/ossec.conf
@@ -3,8 +3,12 @@
     <server>
       <address>{{OPNsense.WazuhAgent.general.server_address}}</address>
       <protocol>{{OPNsense.WazuhAgent.general.protocol|default('tcp')}}</protocol>
+      <port>{{OPNsense.WazuhAgent.general.port|default('1514')}}</port>
     </server>
     <crypto_method>aes</crypto_method>
+    <enrollment>
+      <port>{{OPNsense.WazuhAgent.auth.port|default('1515')}}</port>
+    </enrollment>
   </client>
 
   <client_buffer>