ops(reboot): include Wazuh detail in post-reboot summary [skip ci]

2026-06-26 08:54:00 +08:00
parent c45f274d5e
commit 75c9314528
6 changed files with 68 additions and 5 deletions
--- a/scripts/reboot-recovery/post-reboot-next-gate-dispatch.sh
+++ b/scripts/reboot-recovery/post-reboot-next-gate-dispatch.sh
@@ -81,6 +81,14 @@ next_required_gates="$(value_for NEXT_REQUIRED_GATES)"
 escrow_missing_count="$(value_for ESCROW_MISSING_COUNT)"
 host_188_hygiene_blocked="$(value_for HOST_188_HYGIENE_BLOCKED)"
 wazuh_registry_accepted="$(value_for WAZUH_MANAGER_REGISTRY_ACCEPTED)"
+wazuh_coverage_scope="$(value_for WAZUH_COVERAGE_SCOPE)"
+wazuh_direct_active="$(value_for WAZUH_DIRECT_ACTIVE)"
+wazuh_no_transport="$(value_for WAZUH_NO_TRANSPORT)"
+wazuh_ssh_blocked="$(value_for WAZUH_SSH_BLOCKED)"
+wazuh_route_code="$(value_for WAZUH_ROUTE_CODE)"
+wazuh_transport_count="$(value_for WAZUH_TRANSPORT_COUNT)"
+wazuh_dashboard_api_connection="$(value_for WAZUH_DASHBOARD_API_CONNECTION)"
+wazuh_dashboard_index_ok="$(value_for WAZUH_DASHBOARD_INDEX_OK)"
 runtime_action_authorized="$(value_for RUNTIME_ACTION_AUTHORIZED)"
 summary_artifact_dir="$(value_for ARTIFACT_DIR)"

@@ -153,7 +161,7 @@ if contains_gate "wazuh_manager_registry_export"; then
  print_gate_header "wazuh_manager_registry_export" "Wazuh manager registry redacted export"
  echo "GATE_PRIORITY=P0"
  echo "GATE_STATUS=readonly_registry_export_required"
-  echo "CURRENT_EVIDENCE=wazuh_manager_registry_accepted:${wazuh_registry_accepted:-unknown}"
+  echo "CURRENT_EVIDENCE=wazuh_manager_registry_accepted:${wazuh_registry_accepted:-unknown};coverage_scope:${wazuh_coverage_scope:-unknown};direct_active:${wazuh_direct_active:-unknown};no_transport:${wazuh_no_transport:-unknown};ssh_blocked:${wazuh_ssh_blocked:-unknown};route:${wazuh_route_code:-unknown};transport:${wazuh_transport_count:-unknown};dashboard_api:${wazuh_dashboard_api_connection:-unknown};index_ok:${wazuh_dashboard_index_ok:-unknown}"
  echo "OWNER_GROUP=iwooos_soc_owner,wazuh_owner,host_owner"
  echo "REQUIRED_EXPORT=redacted_manager_registry_counts,per_host_alias_status,dashboard_api_connection_status,dashboard_api_version_status,collection_time_window,reviewer"
  echo "FORBIDDEN_PAYLOADS=agent_real_name,internal_ip,client_keys,raw_wazuh_payload,token,password,authorization_header"
--- a/scripts/reboot-recovery/post-reboot-readiness-summary.sh
+++ b/scripts/reboot-recovery/post-reboot-readiness-summary.sh
@@ -138,9 +138,15 @@ if [[ "$RUN_188_HYGIENE" -eq 1 ]]; then
 fi

 wazuh_registry_accepted="unknown"
+wazuh_coverage_scope="unknown"
+wazuh_direct_active="unknown"
+wazuh_no_transport="unknown"
+wazuh_ssh_blocked="unknown"
 wazuh_route_code="unknown"
 wazuh_transport_count="unknown"
 wazuh_dashboard_degraded="unknown"
+wazuh_dashboard_api_connection="unknown"
+wazuh_dashboard_index_ok="unknown"
 wazuh_runtime_gate="0"
 if [[ "$RUN_WAZUH_GATES" -eq 1 ]]; then
  wazuh_coverage_log="$ARTIFACT_DIR/wazuh-managed-host-coverage.log"
@@ -150,9 +156,15 @@ if [[ "$RUN_WAZUH_GATES" -eq 1 ]]; then
  coverage_line="$(tail -n 1 "$wazuh_coverage_log" || true)"
  runtime_line="$(tail -n 1 "$wazuh_runtime_log" || true)"
  wazuh_registry_accepted="$(extract_named_token registry "$coverage_line")"
+  wazuh_coverage_scope="$(extract_named_token scope "$coverage_line")"
+  wazuh_direct_active="$(extract_named_token direct_active "$coverage_line")"
+  wazuh_no_transport="$(extract_named_token no_transport "$coverage_line")"
+  wazuh_ssh_blocked="$(extract_named_token ssh_blocked "$coverage_line")"
  wazuh_route_code="$(extract_named_token route "$runtime_line")"
  wazuh_transport_count="$(extract_named_token transport "$runtime_line")"
  wazuh_dashboard_degraded="$(extract_named_token dashboard_degraded "$runtime_line")"
+  wazuh_dashboard_api_connection="$(extract_named_token api_connection "$runtime_line")"
+  wazuh_dashboard_index_ok="$(extract_named_token index_ok "$runtime_line")"
  wazuh_runtime_gate="$(extract_named_token runtime_gate "$runtime_line")"
 fi

@@ -207,7 +219,13 @@ HOST_188_CHECK_RC=$host_188_rc
 HOST_188_RESULT=$host_188_result
 WAZUH_ROUTE_CODE=$wazuh_route_code
 WAZUH_TRANSPORT_COUNT=$wazuh_transport_count
+WAZUH_COVERAGE_SCOPE=$wazuh_coverage_scope
+WAZUH_DIRECT_ACTIVE=$wazuh_direct_active
+WAZUH_NO_TRANSPORT=$wazuh_no_transport
+WAZUH_SSH_BLOCKED=$wazuh_ssh_blocked
 WAZUH_DASHBOARD_DEGRADED=$wazuh_dashboard_degraded
+WAZUH_DASHBOARD_API_CONNECTION=$wazuh_dashboard_api_connection
+WAZUH_DASHBOARD_INDEX_OK=$wazuh_dashboard_index_ok
 WAZUH_MANAGER_REGISTRY_ACCEPTED=$wazuh_registry_accepted
 WAZUH_RUNTIME_GATE=$wazuh_runtime_gate
 RUNTIME_ACTION_AUTHORIZED=$runtime_action_authorized