Release/v11.2.5

.github/workflows/v11-deployment-pipeline.yml

@@ -310,18 +310,29 @@ jobs:
       - name: Check out code into the right branch
         uses: actions/checkout@v4
 
-      - name: Build UTMStack Collector
+      - name: Build UTMStack Collectors
         run: |
           echo "Building UTMStack Collector..."
           cd ${{ github.workspace }}/utmstack-collector
 
           GOOS=linux GOARCH=amd64 go build -o utmstack_collector -v -ldflags "-X 'github.com/utmstack/UTMStack/utmstack-collector/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
 
+          echo "Building UTMStack AS400 Collector..."
+
+          cd ${{ github.workspace }}/as400
+          GOOS=linux GOARCH=amd64 go build -o utmstack_as400_collector_service -v -ldflags "-X 'github.com/utmstack/UTMStack/as400/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
+
+          cd ${{ github.workspace }}/as400/updater
+          GOOS=linux GOARCH=amd64 go build -o utmstack_as400_updater_service -v .
+
       - name: Upload collector binary as artifact
         uses: actions/upload-artifact@v4
         with:
-          name: utmstack-collector
-          path: ${{ github.workspace }}/utmstack-collector/utmstack_collector
+          name: utmstack-collectors
+          path: |
+            ${{ github.workspace }}/utmstack-collector/utmstack_collector
+            ${{ github.workspace }}/as400/utmstack_as400_collector_service
+            ${{ github.workspace }}/as400/updater/utmstack_as400_updater_service
           retention-days: 1
 
   build_agent_manager:
@@ -339,10 +350,10 @@ jobs:
           name: signed-agents
           path: ${{ github.workspace }}/agent
 
-      - name: Download UTMStack Collector from artifacts
+      - name: Download UTMStack Collectors from artifacts
         uses: actions/download-artifact@v4
         with:
-          name: utmstack-collector
+          name: utmstack-collectors
           path: ${{ github.workspace }}/utmstack-collector
 
       - name: Download signed macOS agents from artifacts
@@ -357,12 +368,16 @@ jobs:
           GOOS=linux GOARCH=amd64  go build -o agent-manager -v .
 
           mkdir -p ./dependencies/collector
-          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/linux-as400-collector.zip" -o ./dependencies/collector/linux-as400-collector.zip
-          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/windows-as400-collector.zip" -o ./dependencies/collector/windows-as400-collector.zip
-
-          cp "${{ github.workspace }}/utmstack-collector/utmstack_collector" ./dependencies/collector/
+          cp "${{ github.workspace }}/utmstack-collector/utmstack-collector/utmstack_collector" ./dependencies/collector/
           cp "${{ github.workspace }}/utmstack-collector/version.json" ./dependencies/collector/
 
+          mkdir -p ./dependencies/collector/as400
+          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/as400-collector.jar" -o ./dependencies/collector/as400/as400-collector.jar
+
+          cp "${{ github.workspace }}/as400/version.json" ./dependencies/collector/as400/
+          cp "${{ github.workspace }}/utmstack-collector/as400/utmstack_as400_collector_service" ./dependencies/collector/as400/
+          cp "${{ github.workspace }}/utmstack-collector/as400/updater/utmstack_as400_updater_service" ./dependencies/collector/as400/
+
           mkdir -p ./dependencies/agent/
 
           # Linux agents
@@ -405,6 +420,7 @@ jobs:
         with:
           context: ./agent-manager
           push: true
+          provenance: false
           tags: ghcr.io/utmstack/utmstack/agent-manager:${{ needs.setup_deployment.outputs.tag }}
 
   build_event_processor:
@@ -460,6 +476,7 @@ jobs:
           context: .
           file: ./event_processor.Dockerfile
           push: true
+          provenance: false
           tags: ghcr.io/utmstack/utmstack/eventprocessor:${{ needs.setup_deployment.outputs.tag }}
           build-args: |
             BASE_IMAGE=ghcr.io/threatwinds/eventprocessor/base:${{ needs.setup_deployment.outputs.event_processor_tag }}

as400/README.md

@@ -0,0 +1,50 @@
+# UTMStack AS400 Collector
+
+Log collection service for IBM AS/400 (iSeries) systems that integrates with the UTMStack platform for security analysis and event correlation.
+
+## General Description
+
+UTMStack AS400 Collector is a service written in Go that acts as a bridge between IBM AS/400 systems and the UTMStack platform. The service is installed on an intermediate server, connects to multiple remotely configured AS/400 systems, collects security logs, and transmits them in real-time to the UTMStack server for analysis.
+
+### Key Features
+
+- **Multi-Server Collection**: Support for multiple AS/400 systems simultaneously
+- **Remote Configuration**: Management of AS/400 servers from the UTMStack panel via gRPC streaming
+- **Local Persistence**: Temporary log storage in SQLite to ensure delivery in case of network failures
+- **Auto-Updates**: Automatic update service included
+- **Automatic Reconnection**: Robust handling of disconnections with automatic retries
+- **Configurable Retention**: Control of local database size by retention in megabytes
+- **Security**: AES encryption for credentials and TLS communication with the server
+
+## Requirements
+
+- **Operating System**: Linux (recommended)
+- **Connectivity**: Network access to:
+    - UTMStack server (ports 9000, 9001, 50051)
+    - AS/400 systems to monitor
+- **Java**: Installed automatically during installation
+- **Privileges**: Administrator/root permissions to install the service
+
+### Installation Process
+
+1. Verify connectivity with the UTMStack server
+2. Download dependencies (collector Java JAR, updater)
+3. Install Java Runtime if necessary
+4. Register the collector with UTMStack's Agent Manager
+5. Create and enable the system service
+6. Install the auto-update service
+
+## Configuration of AS/400 Servers
+
+Configuration of AS/400 servers to monitor is performed **from the UTMStack panel**, not locally. The collector automatically receives configuration.
+
+### Parameters per Server
+
+- **Tenant**: Identifier name of the group/server
+- **Hostname**: IP address or hostname of the AS/400
+- **User ID**: Connection user to the AS/400
+- **Password**: Password (automatically encrypted)
+
+## License
+
+This project is part of UTMStack. Consult the main project license for more information.