Fix discrepancies in installed files configuration in manager installed via .deb/.rpm #27410
+7
−601
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was
linked to
issues
Dec 20, 2024
jftuduri
requested review from
sebasfalcone,
matias-braida and
Damian-Mangold
Damian-Mangold
approved these changes
Dec 20, 2024
There was a problem hiding this comment.
No errors were observed during installation and uninstallation.
CentOS 9 - Full log
damangold@damangold:~/Wazuh/dev/test/intelligence-platform-1$ ssh [email protected]
[email protected]'s password:
Last login: Wed Dec 18 13:49:40 2024
[wazuh@localhost ~]$ cd Downloads/
[wazuh@localhost Downloads]$ sha1sum wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
26a9d40609276f0f0762963572b901866528eb21 wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
[wazuh@localhost Downloads]$ ls -l /var/ossec/etc
ls: cannot access '/var/ossec/etc': No such file or directory
[wazuh@localhost Downloads]$ su
Password:
[root@localhost Downloads]# ls -l /var/ossec/etc
ls: cannot access '/var/ossec/etc': No such file or directory
[root@localhost Downloads]# rpm -i wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
[root@localhost Downloads]# ls -l /var/ossec/etc
total 48
-rw-r-----. 1 wazuh wazuh 0 Dec 16 12:31 client.keys
drwxrwx---. 2 root wazuh 31 Dec 18 14:00 decoders
-rw-r-----. 1 root wazuh 14480 Dec 16 12:31 internal_options.conf
drwxrwx---. 3 root wazuh 67 Dec 18 14:00 lists
-rw-r-----. 1 root wazuh 320 Dec 16 12:31 local_internal_options.conf
-rw-r-----. 1 root wazuh 2044 Oct 3 08:54 localtime
-rw-rw----. 1 root wazuh 9127 Dec 18 14:00 ossec.conf
drwxrwx---. 2 root wazuh 4096 Dec 18 14:00 rootcheck
drwxrwx---. 2 root wazuh 29 Dec 18 14:00 rules
drwxrwx---. 3 root wazuh 48 Dec 18 14:00 shared
-rw-r-----. 1 root root 1164 Dec 18 14:00 sslmanager.cert
-rw-r-----. 1 root root 1704 Dec 18 14:00 sslmanager.key
[root@localhost Downloads]# ls -l /var/ossec/queue
total 0
drwxr-x---. 2 wazuh wazuh 6 Dec 16 12:31 agentless
-rw-------. 1 root wazuh 0 Dec 16 12:32 agents-timestamp
drwxrwx---. 2 wazuh wazuh 6 Dec 16 12:31 alerts
drwxrwx---. 2 wazuh wazuh 6 Dec 16 12:32 cluster
drwxr-x---. 2 wazuh wazuh 6 Dec 16 12:31 db
drwxr-x---. 2 wazuh wazuh 6 Dec 16 12:31 diff
drwxr-x---. 3 wazuh wazuh 16 Dec 18 14:00 fim
drwxr-x---. 2 wazuh wazuh 6 Dec 16 12:31 fts
drw-rw----. 2 root wazuh 6 Dec 16 12:31 indexer
drwxr-x---. 2 wazuh wazuh 6 Dec 16 12:32 keystore
drwxr-x---. 2 wazuh wazuh 6 Dec 16 12:31 logcollector
drwxrwx---. 2 wazuh wazuh 6 Dec 16 12:32 rids
drwxrwx---. 2 wazuh wazuh 6 Dec 16 12:32 router
drwxrwx---. 2 wazuh wazuh 6 Dec 16 12:31 sockets
drwxr-x---. 3 wazuh wazuh 40 Dec 18 14:00 syscollector
drwxrwx---. 2 wazuh wazuh 6 Dec 16 12:31 tasks
drw-rw----. 2 root wazuh 6 Dec 16 12:31 vd
[root@localhost Downloads]# systemctl status wazuh-manager.service
○ wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; disabled; preset: disabled)
Active: inactive (dead)
[root@localhost Downloads]# systemctl start wazuh-manager.service
[root@localhost Downloads]# systemctl status wazuh-manager.service
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; disabled; preset: disabled)
Active: active (running) since Wed 2024-12-18 14:05:18 -03; 1s ago
Process: 5074 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 141 (limit: 23002)
Memory: 1.1G
CPU: 10.206s
CGroup: /system.slice/wazuh-manager.service
├─5136 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─5177 /var/ossec/bin/wazuh-authd
├─5194 /var/ossec/bin/wazuh-db
├─5219 /var/ossec/bin/wazuh-execd
├─5231 /var/ossec/bin/wazuh-analysisd
├─5241 /var/ossec/bin/wazuh-syscheckd
├─5256 /var/ossec/bin/wazuh-remoted
├─5257 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─5260 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─5264 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─5331 /var/ossec/bin/wazuh-logcollector
├─5351 /var/ossec/bin/wazuh-monitord
└─5366 /var/ossec/bin/wazuh-modulesd
Dec 18 14:05:13 localhost.localdomain env[5074]: Started wazuh-syscheckd...
Dec 18 14:05:14 localhost.localdomain env[5074]: Started wazuh-remoted...
Dec 18 14:05:15 localhost.localdomain env[5074]: Started wazuh-logcollector...
Dec 18 14:05:15 localhost.localdomain env[5074]: Started wazuh-monitord...
Dec 18 14:05:15 localhost.localdomain env[5074]: wazuh-modulesd: Process 5107 not used by Wazuh, removing...
Dec 18 14:05:15 localhost.localdomain env[5363]: 2024/12/18 14:05:15 wazuh-modulesd:router: INFO: Loaded router module.
Dec 18 14:05:15 localhost.localdomain env[5363]: 2024/12/18 14:05:15 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Dec 18 14:05:16 localhost.localdomain env[5074]: Started wazuh-modulesd...
Dec 18 14:05:18 localhost.localdomain env[5074]: Completed.
Dec 18 14:05:18 localhost.localdomain systemd[1]: Started Wazuh manager.
[root@localhost Downloads]# /var/ossec/bin/wazuh-control status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
[root@localhost Downloads]# rpm -e wazuh-manager -d
warning: /var/ossec/etc/ossec.conf saved as /var/ossec/etc/ossec.conf.rpmsave
[root@localhost Downloads]# systemctl status wazuh-manager.service
Unit wazuh-manager.service could not be found.
[root@localhost Downloads]#
Ubuntu 22.04 - Full log
ubuntu2204@ubuntu2204:~$ cd Downloads/
ubuntu2204@ubuntu2204:~/Downloads$ sha1sum wazuh-manager_4.10.2-0_amd64_2713ea9.deb
ce654906432253e63230ab558d4d01e3f88adf4d wazuh-manager_4.10.2-0_amd64_2713ea9.deb
ubuntu2204@ubuntu2204:~/Downloads$ dpkg -i wazuh-manager_4.10.2-0_amd64_2713ea9.deb
dpkg: error: requested operation requires superuser privilege
ubuntu2204@ubuntu2204:~/Downloads$ sudo dpkg -i wazuh-manager_4.10.2-0_amd64_2713ea9.deb
[sudo] password for ubuntu2204:
Selecting previously unselected package wazuh-manager.
(Reading database ... 235789 files and directories currently installed.)
Preparing to unpack wazuh-manager_4.10.2-0_amd64_2713ea9.deb ...
Unpacking wazuh-manager (4.10.2-0) ...
Setting up wazuh-manager (4.10.2-0) ...
ubuntu2204@ubuntu2204:~/Downloads$ admin:///media/sf_Downloads/wazuh-manager_4.10.2-0_amd64_2713ea9.deb^C
ubuntu2204@ubuntu2204:~/Downloads$ ls -l /var/ossec/etc
ls: cannot access '/var/ossec/etc': Permission denied
ubuntu2204@ubuntu2204:~/Downloads$ sudo ls -l /var/ossec/etc
total 64
-rw-r----- 1 wazuh wazuh 0 dic 18 12:18 client.keys
drwxrwx--- 2 root wazuh 4096 dic 18 12:18 decoders
-rw-r----- 1 root wazuh 14480 dic 16 12:58 internal_options.conf
drwxrwx--- 3 root wazuh 4096 dic 18 12:18 lists
-rw-r----- 1 root wazuh 320 dic 16 12:58 local_internal_options.conf
-rw-r----- 1 root wazuh 1076 feb 21 2024 localtime
-rw-rw---- 1 root wazuh 9080 dic 18 12:18 ossec.conf
drwxrwx--- 2 root wazuh 4096 dic 18 12:18 rootcheck
drwxrwx--- 2 root wazuh 4096 dic 18 12:18 rules
drwxrwx--- 3 root wazuh 4096 dic 18 12:18 shared
-rw-r----- 1 root root 1164 dic 18 12:18 sslmanager.cert
-rw-r----- 1 root root 1704 dic 18 12:18 sslmanager.key
ubuntu2204@ubuntu2204:~/Downloads$ sudo ls -l /var/ossec/queue
total 64
drwxr-x--- 2 wazuh wazuh 4096 dic 16 12:58 agentless
-rw------- 1 root wazuh 0 dic 16 12:58 agents-timestamp
drwxrwx--- 2 wazuh wazuh 4096 dic 16 12:58 alerts
drwxrwx--- 2 wazuh wazuh 4096 dic 16 12:58 cluster
drwxr-x--- 2 wazuh wazuh 4096 dic 16 12:58 db
drwxr-x--- 2 wazuh wazuh 4096 dic 16 12:58 diff
drwxr-x--- 3 wazuh wazuh 4096 dic 18 12:17 fim
drwxr-x--- 2 wazuh wazuh 4096 dic 16 12:58 fts
drw-rw---- 2 root wazuh 4096 dic 16 12:58 indexer
drwxr-x--- 2 wazuh wazuh 4096 dic 16 12:58 keystore
drwxr-x--- 2 wazuh wazuh 4096 dic 16 12:58 logcollector
drwxrwx--- 2 wazuh wazuh 4096 dic 16 12:58 rids
drwxrwx--- 2 wazuh wazuh 4096 dic 16 12:58 router
drwxrwx--- 2 wazuh wazuh 4096 dic 16 12:58 sockets
drwxr-x--- 3 wazuh wazuh 4096 dic 18 12:18 syscollector
drwxrwx--- 2 wazuh wazuh 4096 dic 16 12:58 tasks
drw-rw---- 2 root wazuh 4096 dic 16 12:58 vd
ubuntu2204@ubuntu2204:~/Downloads$ systemctl start wazuh-manager
ubuntu2204@ubuntu2204:~/Downloads$ sudo systemctl start wazuh-manager
ubuntu2204@ubuntu2204:~/Downloads$ sudo systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2024-12-18 12:21:13 -03; 11s ago
Process: 50570 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 142 (limit: 4598)
Memory: 1.8G
CPU: 15.475s
CGroup: /system.slice/wazuh-manager.service
├─50632 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50671 /var/ossec/bin/wazuh-authd
├─50687 /var/ossec/bin/wazuh-db
├─50698 /var/ossec/bin/wazuh-execd
├─50723 /var/ossec/bin/wazuh-analysisd
├─50733 /var/ossec/bin/wazuh-syscheckd
├─50738 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50741 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50744 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50788 /var/ossec/bin/wazuh-remoted
├─50797 /var/ossec/bin/wazuh-logcollector
├─50836 /var/ossec/bin/wazuh-monitord
└─50848 /var/ossec/bin/wazuh-modulesd
dic 18 12:21:10 ubuntu2204 env[50570]: Started wazuh-syscheckd...
ubuntu2204@ubuntu2204:~/Downloads$ /var/ossec/bin/wazuh-control status
bash: /var/ossec/bin/wazuh-control: Permission denied
ubuntu2204@ubuntu2204:~/Downloads$ sudo /var/ossec/bin/wazuh-control status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
ubuntu2204@ubuntu2204:~/Downloads$ ^C
ubuntu2204@ubuntu2204:~/Downloads$ sudo su
root@ubuntu2204:/home/ubuntu2204/Downloads# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2024-12-18 12:21:13 -03; 1h 46min ago
Tasks: 145 (limit: 4598)
Memory: 1.8G
CPU: 1min 9.655s
CGroup: /system.slice/wazuh-manager.service
├─50632 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50671 /var/ossec/bin/wazuh-authd
├─50687 /var/ossec/bin/wazuh-db
├─50698 /var/ossec/bin/wazuh-execd
├─50723 /var/ossec/bin/wazuh-analysisd
├─50733 /var/ossec/bin/wazuh-syscheckd
├─50738 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50741 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50744 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─50788 /var/ossec/bin/wazuh-remoted
├─50797 /var/ossec/bin/wazuh-logcollector
├─50836 /var/ossec/bin/wazuh-monitord
└─50848 /var/ossec/bin/wazuh-modulesd
dic 18 12:21:10 ubuntu2204 env[50570]: Started wazuh-syscheckd...
dic 18 12:21:10 ubuntu2204 env[50570]: Started wazuh-remoted...
dic 18 12:21:10 ubuntu2204 env[50570]: Started wazuh-logcollector...
dic 18 12:21:10 ubuntu2204 env[50570]: Started wazuh-monitord...
dic 18 12:21:10 ubuntu2204 env[50570]: wazuh-modulesd: Process 50603 not used by Wazuh, removing...
dic 18 12:21:10 ubuntu2204 env[50846]: 2024/12/18 12:21:10 wazuh-modulesd:router: INFO: Loaded router module.
dic 18 12:21:10 ubuntu2204 env[50846]: 2024/12/18 12:21:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
dic 18 12:21:11 ubuntu2204 env[50570]: Started wazuh-modulesd...
dic 18 12:21:13 ubuntu2204 env[50570]: Completed.
dic 18 12:21:13 ubuntu2204 systemd[1]: Started Wazuh manager.
root@ubuntu2204:/home/ubuntu2204/Downloads# dpkg -r wazuh-manager
(Reading database ... 249947 files and directories currently installed.)
Removing wazuh-manager (4.10.2-0) ...
root@ubuntu2204:/home/ubuntu2204/Downloads# systemctl status wazuh-manager
Unit wazuh-manager.service could not be found.
root@ubuntu2204:/home/ubuntu2204/Downloads#
matias-braida
approved these changes
Dec 23, 2024
There was a problem hiding this comment.
LGTM.
Tested locally. Worked OK.
It was tested on a VM with AlmaLinux 9 and a VM with Ubuntu 24.
The packages used were generated in the following Github action links:
https://github.com/wazuh/wazuh/actions/runs/12356331901
https://github.com/wazuh/wazuh/actions/runs/12355843555
Test RPM in AlmaLinux 9:
Installation process:
[vagrant@test-almalinux-9 ~]$ cat /etc/os-release
NAME="AlmaLinux"
VERSION="9.5 (Teal Serval)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.5"
PLATFORM_ID="platform:el9"
PRETTY_NAME="AlmaLinux 9.5 (Teal Serval)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:9::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-9"
ALMALINUX_MANTISBT_PROJECT_VERSION="9.5"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.5"
SUPPORT_END=2032-06-01
[vagrant@test-almalinux-9 ~]$ ls -l
total 327792
-rw-r--r--. 1 vagrant vagrant 335657376 Dec 18 18:30 wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
[vagrant@test-almalinux-9 ~]$ sha1sum wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
26a9d40609276f0f0762963572b901866528eb21 wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
[root@test-almalinux-9 vagrant]# rpm -i wazuh-manager_4.10.2-0_x86_64_2713ea9.rpm
[root@test-almalinux-9 vagrant]# ls -l /var/ossec/etc
total 48
-rw-r-----. 1 wazuh wazuh 0 Dec 16 15:31 client.keys
drwxrwx---. 2 root wazuh 31 Dec 19 12:35 decoders
-rw-r-----. 1 root wazuh 14480 Dec 16 15:31 internal_options.conf
drwxrwx---. 3 root wazuh 67 Dec 19 12:35 lists
-rw-r-----. 1 root wazuh 320 Dec 16 15:31 local_internal_options.conf
-rw-r-----. 1 root wazuh 114 Nov 5 03:27 localtime
-rw-rw----. 1 root wazuh 9126 Dec 19 12:35 ossec.conf
drwxrwx---. 2 root wazuh 4096 Dec 19 12:35 rootcheck
drwxrwx---. 2 root wazuh 29 Dec 19 12:35 rules
drwxrwx---. 3 root wazuh 48 Dec 19 12:35 shared
-rw-r-----. 1 root root 1164 Dec 19 12:35 sslmanager.cert
-rw-r-----. 1 root root 1704 Dec 19 12:35 sslmanager.key
[root@test-almalinux-9 vagrant]# ls -l /var/ossec/queue
total 0
drwxr-x---. 2 wazuh wazuh 6 Dec 16 15:31 agentless
-rw-------. 1 root wazuh 0 Dec 16 15:32 agents-timestamp
drwxrwx---. 2 wazuh wazuh 6 Dec 16 15:31 alerts
drwxrwx---. 2 wazuh wazuh 6 Dec 16 15:32 cluster
drwxr-x---. 2 wazuh wazuh 6 Dec 16 15:31 db
drwxr-x---. 2 wazuh wazuh 6 Dec 16 15:31 diff
drwxr-x---. 3 wazuh wazuh 16 Dec 19 12:35 fim
drwxr-x---. 2 wazuh wazuh 6 Dec 16 15:31 fts
drw-rw----. 2 root wazuh 6 Dec 16 15:31 indexer
drwxr-x---. 2 wazuh wazuh 6 Dec 16 15:32 keystore
drwxr-x---. 2 wazuh wazuh 6 Dec 16 15:31 logcollector
drwxrwx---. 2 wazuh wazuh 6 Dec 16 15:32 rids
drwxrwx---. 2 wazuh wazuh 6 Dec 16 15:32 router
drwxrwx---. 2 wazuh wazuh 6 Dec 16 15:31 sockets
drwxr-x---. 3 wazuh wazuh 40 Dec 19 12:35 syscollector
drwxrwx---. 2 wazuh wazuh 6 Dec 16 15:31 tasks
drw-rw----. 2 root wazuh 6 Dec 16 15:31 vd
[root@test-almalinux-9 vagrant]# systemctl start wazuh-manager
[root@test-almalinux-9 vagrant]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; disabled; preset: disabled)
Active: active (running) since Thu 2024-12-19 12:43:27 UTC; 9s ago
Process: 6397 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 145 (limit: 24494)
Memory: 3.1G
CPU: 22.700s
CGroup: /system.slice/wazuh-manager.service
├─6460 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6501 /var/ossec/bin/wazuh-authd
├─6507 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6510 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6513 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6527 /var/ossec/bin/wazuh-db
├─6553 /var/ossec/bin/wazuh-execd
├─6571 /var/ossec/bin/wazuh-analysisd
├─6582 /var/ossec/bin/wazuh-syscheckd
├─6629 /var/ossec/bin/wazuh-remoted
├─6662 /var/ossec/bin/wazuh-logcollector
├─6680 /var/ossec/bin/wazuh-monitord
└─6722 /var/ossec/bin/wazuh-modulesd
Dec 19 12:43:23 test-almalinux-9 env[6397]: Started wazuh-syscheckd...
Dec 19 12:43:23 test-almalinux-9 env[6397]: Started wazuh-remoted...
Dec 19 12:43:23 test-almalinux-9 env[6397]: Started wazuh-logcollector...
Dec 19 12:43:24 test-almalinux-9 env[6397]: Started wazuh-monitord...
Dec 19 12:43:24 test-almalinux-9 env[6397]: wazuh-modulesd: Process 6431 not used by Wazuh, removing...
Dec 19 12:43:24 test-almalinux-9 env[6719]: 2024/12/19 12:43:24 wazuh-modulesd:router: INFO: Loaded router module.
Dec 19 12:43:24 test-almalinux-9 env[6719]: 2024/12/19 12:43:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Dec 19 12:43:25 test-almalinux-9 env[6397]: Started wazuh-modulesd...
Dec 19 12:43:27 test-almalinux-9 env[6397]: Completed.
Dec 19 12:43:27 test-almalinux-9 systemd[1]: Started Wazuh manager.
[root@test-almalinux-9 vagrant]# /var/ossec/bin/wazuh-control status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
[root@test-almalinux-9 vagrant]# cat /var/ossec/logs/ossec.log | grep "vuln"
2024/12/19 12:43:24 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/12/19 12:43:24 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2024/12/19 12:43:49 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/12/19 13:42:48 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2024/12/19 13:43:04 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2024/12/19 13:45:31 wazuh-modulesd:vulnerability-scanner: INFO: Triggered a re-scan after content update.
2024/12/19 13:45:31 wazuh-modulesd:vulnerability-scanner: INFO: Feed update process completed.
Uninstallation process:
[root@test-almalinux-9 vagrant]# rpm -q wazuh*
wazuh-manager-4.10.2-0.x86_64
[root@test-almalinux-9 vagrant]# rpm -e wazuh-manager-4.10.2-0.x86_64
warning: /var/ossec/etc/ossec.conf saved as /var/ossec/etc/ossec.conf.rpmsave
Test DEB in Ubuntu 24:
Installation process:
vagrant@test-ubuntu-24:~$ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
vagrant@test-ubuntu-24:~$ ls -l
total 346128
-rw-rw-r-- 1 vagrant vagrant 354429618 Dec 19 12:28 wazuh-manager_4.10.2-0_amd64_2713ea9.deb
vagrant@test-ubuntu-24:~$ sha1sum wazuh-manager_4.10.2-0_amd64_2713ea9.deb
ce654906432253e63230ab558d4d01e3f88adf4d wazuh-manager_4.10.2-0_amd64_2713ea9.deb
root@test-ubuntu-24:/home/vagrant# dpkg -i wazuh-manager_4.10.2-0_amd64_2713ea9.deb
Selecting previously unselected package wazuh-manager.
(Reading database ... 46826 files and directories currently installed.)
Preparing to unpack wazuh-manager_4.10.2-0_amd64_2713ea9.deb ...
Unpacking wazuh-manager (4.10.2-0) ...
Setting up wazuh-manager (4.10.2-0) ...
root@test-ubuntu-24:/home/vagrant# ls -l /var/ossec/etc
total 64
-rw-r----- 1 wazuh wazuh 0 Dec 19 14:36 client.keys
drwxrwx--- 2 root wazuh 4096 Dec 19 14:36 decoders
-rw-r----- 1 root wazuh 14480 Dec 16 15:58 internal_options.conf
drwxrwx--- 3 root wazuh 4096 Dec 19 14:36 lists
-rw-r----- 1 root wazuh 320 Dec 16 15:58 local_internal_options.conf
-rw-r----- 1 root wazuh 114 Apr 5 2024 localtime
-rw-rw---- 1 root wazuh 9080 Dec 19 14:36 ossec.conf
drwxrwx--- 2 root wazuh 4096 Dec 19 14:36 rootcheck
drwxrwx--- 2 root wazuh 4096 Dec 19 14:36 rules
drwxrwx--- 3 root wazuh 4096 Dec 19 14:36 shared
-rw-r----- 1 root root 1164 Dec 19 14:36 sslmanager.cert
-rw-r----- 1 root root 1704 Dec 19 14:36 sslmanager.key
root@test-ubuntu-24:/home/vagrant# ls -l /var/ossec/queue
total 64
drwxr-x--- 2 wazuh wazuh 4096 Dec 16 15:58 agentless
-rw------- 1 root wazuh 0 Dec 16 15:58 agents-timestamp
drwxrwx--- 2 wazuh wazuh 4096 Dec 16 15:58 alerts
drwxrwx--- 2 wazuh wazuh 4096 Dec 16 15:58 cluster
drwxr-x--- 2 wazuh wazuh 4096 Dec 16 15:58 db
drwxr-x--- 2 wazuh wazuh 4096 Dec 16 15:58 diff
drwxr-x--- 3 wazuh wazuh 4096 Dec 19 14:36 fim
drwxr-x--- 2 wazuh wazuh 4096 Dec 16 15:58 fts
drw-rw---- 2 root wazuh 4096 Dec 16 15:58 indexer
drwxr-x--- 2 wazuh wazuh 4096 Dec 16 15:58 keystore
drwxr-x--- 2 wazuh wazuh 4096 Dec 16 15:58 logcollector
drwxrwx--- 2 wazuh wazuh 4096 Dec 16 15:58 rids
drwxrwx--- 2 wazuh wazuh 4096 Dec 16 15:58 router
drwxrwx--- 2 wazuh wazuh 4096 Dec 16 15:58 sockets
drwxr-x--- 3 wazuh wazuh 4096 Dec 19 14:36 syscollector
drwxrwx--- 2 wazuh wazuh 4096 Dec 16 15:58 tasks
drw-rw---- 2 root wazuh 4096 Dec 16 15:58 vd
root@test-ubuntu-24:/home/vagrant# systemctl start wazuh-manager
root@test-ubuntu-24:/home/vagrant# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; disabled; preset: enabled)
Active: active (running) since Thu 2024-12-19 14:47:24 UTC; 4s ago
Process: 52190 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 144 (limit: 4613)
Memory: 2.3G (peak: 2.4G)
CPU: 17.666s
CGroup: /system.slice/wazuh-manager.service
├─52252 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─52293 /var/ossec/bin/wazuh-authd
├─52298 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─52301 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─52304 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─52316 /var/ossec/bin/wazuh-db
├─52326 /var/ossec/bin/wazuh-execd
├─52352 /var/ossec/bin/wazuh-analysisd
├─52361 /var/ossec/bin/wazuh-syscheckd
├─52374 /var/ossec/bin/wazuh-remoted
├─52444 /var/ossec/bin/wazuh-logcollector
├─52460 /var/ossec/bin/wazuh-monitord
└─52472 /var/ossec/bin/wazuh-modulesd
Dec 19 14:47:20 test-ubuntu-24 env[52190]: Started wazuh-syscheckd...
Dec 19 14:47:21 test-ubuntu-24 env[52190]: Started wazuh-remoted...
Dec 19 14:47:21 test-ubuntu-24 env[52190]: Started wazuh-logcollector...
Dec 19 14:47:21 test-ubuntu-24 env[52190]: Started wazuh-monitord...
Dec 19 14:47:21 test-ubuntu-24 env[52190]: wazuh-modulesd: Process 52223 not used by Wazuh, removing...
Dec 19 14:47:21 test-ubuntu-24 env[52470]: 2024/12/19 14:47:21 wazuh-modulesd:router: INFO: Loaded router module.
Dec 19 14:47:21 test-ubuntu-24 env[52470]: 2024/12/19 14:47:21 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Dec 19 14:47:22 test-ubuntu-24 env[52190]: Started wazuh-modulesd...
Dec 19 14:47:24 test-ubuntu-24 env[52190]: Completed.
Dec 19 14:47:24 test-ubuntu-24 systemd[1]: Started wazuh-manager.service - Wazuh manager.
root@test-ubuntu-24:/home/vagrant# /var/ossec/bin/wazuh-control status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
root@test-ubuntu-24:/home/vagrant# cat /var/ossec/logs/ossec.log | grep "vuln"
2024/12/19 14:47:21 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/12/19 14:47:21 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2024/12/19 14:47:49 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/12/19 14:47:49 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2024/12/19 14:48:45 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2024/12/19 14:51:14 wazuh-modulesd:vulnerability-scanner: INFO: Triggered a re-scan after content update.
2024/12/19 14:51:14 wazuh-modulesd:vulnerability-scanner: INFO: Feed update process completed.
Uninstallation process:
root@test-ubuntu-24:/home/vagrant# dpkg -l wazuh-manager
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii wazuh-manager 4.10.2-0 amd64 Wazuh manager
root@test-ubuntu-24:/home/vagrant# dpkg --purge wazuh-manager
(Reading database ... 70793 files and directories currently installed.)
Removing wazuh-manager (4.10.2-0) ...
Purging configuration files for wazuh-manager (4.10.2-0) ...
sebasfalcone
approved these changes
Dec 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes discrepancies in the installed files between the manager installation via .deb and .rpm.
It modifies the check_files action to use a unified list of files for both package types, ensuring consistent file existence and permissions regardless of the installation method.
The discrepancies were:
etc/client.keyswazuh:wazuhroot:wazuhwazuh:wazuh(That is the user used during install by sources)vd_1.0.0_vd_4.10.0.tar.xz640 (-rw-r-----)750 (-rwxr-x---)640 (-rw-r-----)queue/agents-timestampNote
This PR also adds the SCA policy
cis_ubuntu24-04.ymlto the expected files. This file was added on #23194. Adding this file to the expected files was necessary for the test to pass and to access the generated packages.Note: these discrepancies were already present at least in version 4.9.2
Left: Manager 4.9.2 installed via .rpm in CentOS
Right: Manager 4.9.2 installed via .deb in Debian
Results
The packages used in these tests were generated by the following actions:
🟢 Using .rpm
🟢 Installation
Package install
🟢 etc/client.keys ownership wazuh:wazuh
ls -l /var/ossec/etc
🟢 agents-timestamp present in /var/ossec/queue
ls -l /var/ossec/queue
🟢 Service started correctly
systemctl start wazuh-manager
/var/ossec/bin/wazuh-control status
🟢 Vulnerability bundled database (vd_1.0.0_vd_4.10.0.tar.xz) processed and updated
ossec.log extract
Using .deb
🟢 Installation
Package install
🟢 etc/client.keys ownership wazuh:wazuh
ls -l /var/ossec/etc
🟢 agents-timestamp present in /var/ossec/queue
ls -l /var/ossec/queue
🟢 Service started correctly
systemctl start wazuh-manager
/var/ossec/bin/wazuh-control status
🟢 Vulnerability bundled database (vd_1.0.0_vd_4.10.0.tar.xz) processed and updated
ossec.log extract
🟢 Upgrade from 4.9.2
.rpm
.deb