-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.8.0 - RC 2 - E2E UX tests - Vulnerability Detection #23416
Comments
System information 🟢ManagerOS informationroot@wazuh-master-pre:/home/vagrant# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy CPU informationroot@wazuh-master-pre:/home/vagrant# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Vendor ID: GenuineIntel
Model name: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
CPU family: 6
Model: 165
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
Stepping: 2
BogoMIPS: 5184.00
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clf
lush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl x
topology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 cx16 pcid sse
4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm
3dnowprefetch invpcid_single pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed clf
lushopt md_clear flush_l1d arch_capabilities
Virtualization features:
Hypervisor vendor: KVM
Virtualization type: full
Caches (sum of all):
L1d: 64 KiB (2 instances)
L1i: 64 KiB (2 instances)
L2: 512 KiB (2 instances)
L3: 24 MiB (2 instances)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0,1
Vulnerabilities:
Gather data sampling: Unknown: Dependent on hypervisor status
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Meltdown: Mitigation; PTI
Mmio stale data: Mitigation; Clear CPU buffers; SMT Host state unknown
Retbleed: Vulnerable
Spec rstack overflow: Not affected
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affect
ed
Srbds: Unknown: Dependent on hypervisor status
Tsx async abort: Not affected Memory informationroot@wazuh-master-pre:/home/vagrant# free -h
total used free shared buff/cache available
Mem: 1.9Gi 510Mi 247Mi 0.0Ki 1.2Gi 1.2Gi
Swap: 2.0Gi 89Mi 1.9Gi Storage informationroot@wazuh-master-pre:/home/vagrant# df --total -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 197M 976K 196M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 62G 13G 47G 21% /
tmpfs 982M 80K 982M 1% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 129M 1.7G 8% /boot
tmpfs 197M 4.0K 197M 1% /run/user/1000
total 65G 13G 50G 20% - Ubuntu agentOS informationroot@ubuntu-agent-pre:/home/vagrant# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal CPU informationroot@ubuntu-agent-pre:/home/vagrant# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 165
Model name: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Stepping: 2
CPU MHz: 2592.004
BogoMIPS: 5184.00
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32 KiB
L1i cache: 32 KiB
L2 cache: 256 KiB
L3 cache: 12 MiB
NUMA node0 CPU(s): 0
Vulnerability Gather data sampling: Unknown: Dependent on hypervisor status
Vulnerability Itlb multihit: KVM: Vulnerable
Vulnerability L1tf: Mitigation; PTE Inversion
Vulnerability Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Vulnerability Meltdown: Mitigation; PTI
Vulnerability Mmio stale data: Mitigation; Clear CPU buffers; SMT Host state unknown
Vulnerability Retbleed: Vulnerable
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitizat
ion
Vulnerability Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS
Not affected
Vulnerability Srbds: Unknown: Dependent on hypervisor status
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat
pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant
_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni
pclmulqdq monitor ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe pop
cnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch inv
pcid_single pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed clflushopt
md_clear flush_l1d arch_capabilities Memory informationroot@ubuntu-agent-pre:/home/vagrant# free -h
total used free shared buff/cache available
Mem: 1.9Gi 113Mi 1.5Gi 0.0Ki 284Mi 1.7Gi
Swap: 1.9Gi 0B 1.9Gi Storage informationroot@ubuntu-agent-pre:/home/vagrant# df --total -h
Filesystem Size Used Avail Use% Mounted on
udev 941M 0 941M 0% /dev
tmpfs 198M 936K 197M 1% /run
/dev/sda3 124G 3.2G 114G 3% /
tmpfs 986M 0 986M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 986M 0 986M 0% /sys/fs/cgroup
/dev/sda1 456M 206M 216M 49% /boot
tmpfs 198M 0 198M 0% /run/user/1000
total 127G 3.4G 118G 3% - Amazon Linux agentOS information[root@amazon-agent-pre vagrant]# cat /etc/*release
Amazon Linux release 2023.3.20240304 (Amazon Linux)
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.3.20240304"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"
Amazon Linux release 2023.3.20240304 (Amazon Linux) CPU information[root@amazon-agent-pre vagrant]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Vendor ID: GenuineIntel
Model name: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
CPU family: 6
Model: 165
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
Stepping: 2
BogoMIPS: 5184.00
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflus
h mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopolo
gy nonstop_tsc cpuid tsc_known_freq pni pclmulqdq monitor ssse3 cx16 pcid sse4
_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dno
wprefetch invpcid_single pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed clflushopt
md_clear flush_l1d arch_capabilities
Virtualization features:
Hypervisor vendor: KVM
Virtualization type: full
Caches (sum of all):
L1d: 32 KiB (1 instance)
L1i: 32 KiB (1 instance)
L2: 256 KiB (1 instance)
L3: 12 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0
Vulnerabilities:
Gather data sampling: Unknown: Dependent on hypervisor status
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Meltdown: Mitigation; PTI
Mmio stale data: Mitigation; Clear CPU buffers; SMT Host state unknown
Retbleed: Vulnerable
Spec rstack overflow: Not affected
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Srbds: Unknown: Dependent on hypervisor status
Tsx async abort: Not affected Memory information[root@amazon-agent-pre vagrant]# free -h
total used free shared buff/cache available
Mem: 1.9Gi 191Mi 1.1Gi 5.0Mi 655Mi 1.6Gi
Swap: 0B 0B 0B Storage information[root@amazon-agent-pre vagrant]# df --total -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 980M 0 980M 0% /dev/shm
tmpfs 392M 5.4M 387M 2% /run
/dev/sda1 25G 2.2G 23G 9% /
tmpfs 980M 0 980M 0% /tmp
/dev/sda128 10M 1.3M 8.7M 13% /boot/efi
vagrant 234G 206G 28G 89% /vagrant
tmpfs 196M 0 196M 0% /run/user/1000
total 262G 208G 54G 80% - MacOS agentOS informationsh-3.2# uname -a
Darwin macos-1400 23.0.0 Darwin Kernel Version 23.0.0: Fri Sep 15 14:40:03 PDT 2023; root:xnu-10002.1.13~1/RELEASE_ARM64_VMAPPLE arm64
sh-3.2# sw_vers
ProductName: macOS
ProductVersion: 14.0
BuildVersion: 23A344 CPU informationsh-3.2# system_profiler SPHardwareDataType
Hardware:
Hardware Overview:
Model Name: Apple Virtual Machine 1
Model Identifier: VirtualMac2,1
Model Number: VM0001LL/A
Chip: Apple M1 Max (Virtual)
Total Number of Cores: 2
Memory: 4 GB
System Firmware Version: 10151.1.1
OS Loader Version: 10151.1.1
Serial Number (system): ZGHNPYVQG6
Hardware UUID: 2E6953F4-CFA4-50CB-96B9-7A70F47BFABE
Provisioning UDID: 0000FE00-9C55689FB529FB1A
Activation Lock Status: Disabled Memory informationsh-3.2# vm_stat
Mach Virtual Memory Statistics: (page size of 16384 bytes)
Pages free: 4114.
Pages active: 104231.
Pages inactive: 98937.
Pages speculative: 5320.
Pages throttled: 0.
Pages wired down: 34368.
Pages purgeable: 667.
"Translation faults": 7069291.
Pages copy-on-write: 690853.
Pages zero filled: 2135430.
Pages reactivated: 93960.
Pages purged: 9669.
File-backed pages: 133145.
Anonymous pages: 75343.
Pages stored in compressor: 50363.
Pages occupied by compressor: 14438.
Decompressions: 36982.
Compressions: 248546.
Pageins: 389734.
Pageouts: 1978.
Swapins: 0.
Swapouts: 0. Storage informationsh-3.2# df -h
Filesystem Size Used Avail Capacity iused ifree %iused Mounted on
/dev/disk5s1s1 59Gi 9,1Gi 37Gi 20% 387k 390M 0% /
devfs 201Ki 201Ki 0Bi 100% 694 0 100% /dev
/dev/disk5s6 59Gi 20Ki 37Gi 1% 0 390M 0% /System/Volumes/VM
/dev/disk5s2 59Gi 5,2Gi 37Gi 13% 735 390M 0% /System/Volumes/Preboot
/dev/disk5s4 59Gi 4,9Mi 37Gi 1% 44 390M 0% /System/Volumes/Update
/dev/disk3s2 500Mi 20Ki 495Mi 1% 0 5,1M 0% /System/Volumes/xarts
/dev/disk3s1 500Mi 104Ki 495Mi 1% 24 5,1M 0% /System/Volumes/iSCPreboot
/dev/disk3s3 500Mi 72Ki 495Mi 1% 18 5,1M 0% /System/Volumes/Hardware
/dev/disk5s5 59Gi 6,1Gi 37Gi 15% 150k 390M 0% /System/Volumes/Data
/dev/disk2 1,8Ti 931Gi 927Gi 51% 355k 4,3G 0% /Volumes/My Shared Files
/dev/disk0s2 20Mi 20Mi 0Bi 100% 88 4,3G 0% /Volumes/Parallels Tools
map auto_home 0Bi 0Bi 0Bi 100% 0 0 - /System/Volumes/Data/home Windows agent |
System installation 🟡Indexer 🟡Initial configurationroot@wazuh-indexer-pre:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh
root@wazuh-indexer-pre:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/config.yml
root@wazuh-indexer-pre:/home/vagrant# ls
config.yml wazuh-install.sh
root@wazuh-indexer-pre:/home/vagrant# nano config.yml
root@wazuh-indexer-pre:/home/vagrant# bash wazuh-install.sh --generate-config-files
15/05/2024 08:23:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
15/05/2024 08:23:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/05/2024 08:23:56 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/05/2024 08:24:11 INFO: --- Configuration files ---
15/05/2024 08:24:11 INFO: Generating configuration files.
15/05/2024 08:24:11 INFO: Generating the root certificate.
15/05/2024 08:24:11 INFO: Generating Admin certificates.
15/05/2024 08:24:12 INFO: Generating Wazuh indexer certificates.
15/05/2024 08:24:12 INFO: Generating Filebeat certificates.
15/05/2024 08:24:12 INFO: Generating Wazuh dashboard certificates.
15/05/2024 08:24:12 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. Wazuh indexer nodes installationroot@wazuh-indexer-pre:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh
root@wazuh-indexer-pre:/home/vagrant# bash wazuh-install.sh --wazuh-indexer wazuh-indexer-pre
15/05/2024 08:34:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
15/05/2024 08:34:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/05/2024 08:34:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/05/2024 08:34:18 INFO: --- Dependencies ----
15/05/2024 08:34:18 INFO: Installing apt-transport-https.
15/05/2024 08:34:23 INFO: Wazuh development repository added.
15/05/2024 08:34:23 INFO: --- Wazuh indexer ---
15/05/2024 08:34:23 INFO: Starting Wazuh indexer installation.
15/05/2024 08:35:35 INFO: Wazuh indexer installation finished.
15/05/2024 08:35:35 INFO: Wazuh indexer post-install configuration finished.
15/05/2024 08:35:35 INFO: Starting service wazuh-indexer.
15/05/2024 08:35:48 INFO: wazuh-indexer service started.
15/05/2024 08:35:48 INFO: Initializing Wazuh indexer cluster security settings.
15/05/2024 08:35:50 INFO: Wazuh indexer cluster initialized.
15/05/2024 08:35:50 INFO: Installation finished. Cluster initializationroot@wazuh-indexer-pre:/home/vagrant# bash wazuh-install.sh --start-cluster
15/05/2024 08:37:57 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
15/05/2024 08:37:57 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/05/2024 08:37:59 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/05/2024 08:38:10 INFO: Wazuh indexer cluster security configuration initialized.
15/05/2024 08:38:36 INFO: Updating the internal users.
15/05/2024 08:38:38 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
15/05/2024 08:38:44 INFO: Wazuh indexer cluster started. Testing the cluster installationroot@wazuh-indexer-pre:/home/vagrant# curl -k -u admin:PASSWORD https://172.16.1.31:9200
{
"name" : "wazuh-indexer-pre",
"cluster_name" : "wazuh-indexer-cluster",
"cluster_uuid" : "oIzMBIErRIqOQunRhyqs8A",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
"build_date" : "2023-09-20T23:54:29.889267151Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@wazuh-indexer-pre:/home/vagrant# curl -k -u admin:PASSWORD https://172.16.1.31:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
172.16.1.31 32 90 4 0.01 0.11 0.08 dimr data,ingest,master,remote_cluster_client * wazuh-indexer-pre Indexer statusroot@wazuh-indexer-pre:/home/vagrant# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-05-15 08:35:48 UTC; 4h 9min ago
Docs: https://documentation.wazuh.com
Main PID: 5490 (java)
Tasks: 73 (limit: 2220)
Memory: 1.2G
CPU: 4min 1.728s
CGroup: /system.slice/wazuh-indexer.service
└─5490 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.c>
May 15 08:35:36 wazuh-indexer-pre systemd[1]: Starting Wazuh-indexer...
May 15 08:35:38 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: A terminally deprecated method >
May 15 08:35:38 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: System::setSecurityManager has >
May 15 08:35:38 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: Please consider reporting this >
May 15 08:35:38 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: System::setSecurityManager will>
May 15 08:35:39 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: A terminally deprecated method >
May 15 08:35:39 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: System::setSecurityManager has >
May 15 08:35:39 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: Please consider reporting this >
May 15 08:35:39 wazuh-indexer-pre systemd-entrypoint[5490]: WARNING: System::setSecurityManager will>
May 15 08:35:48 wazuh-indexer-pre systemd[1]: Started Wazuh-indexer.
Server 🟢Wazuh server cluster installationroot@wazuh-master-pre:/home/vagrant# bash wazuh-install.sh --wazuh-server wazuh-master-pre
15/05/2024 08:52:16 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
15/05/2024 08:52:16 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/05/2024 08:52:17 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/05/2024 08:52:34 INFO: --- Dependencies ----
15/05/2024 08:52:34 INFO: Installing apt-transport-https.
15/05/2024 08:52:38 INFO: Wazuh development repository added.
15/05/2024 08:52:39 INFO: --- Wazuh server ---
15/05/2024 08:52:39 INFO: Starting the Wazuh manager installation.
15/05/2024 08:53:31 INFO: Wazuh manager installation finished.
15/05/2024 08:53:31 INFO: Wazuh manager vulnerability detection configuration finished.
15/05/2024 08:53:31 INFO: Starting service wazuh-manager.
15/05/2024 08:53:47 INFO: wazuh-manager service started.
15/05/2024 08:53:47 INFO: Starting Filebeat installation.
15/05/2024 08:54:08 INFO: Filebeat installation finished.
15/05/2024 08:54:10 INFO: Filebeat post-install configuration finished.
15/05/2024 08:54:36 INFO: Starting service filebeat.
15/05/2024 08:54:37 INFO: filebeat service started.
15/05/2024 08:54:37 INFO: Installation finished. Manager statusroot@wazuh-master-pre:/home/vagrant# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-05-15 08:54:33 UTC; 39s ago
Tasks: 146 (limit: 2220)
Memory: 1.3G
CPU: 40.013s
CGroup: /system.slice/wazuh-manager.service
├─50787 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─50788 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─50791 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─50794 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─50835 /var/ossec/bin/wazuh-authd
├─50852 /var/ossec/bin/wazuh-db
├─50877 /var/ossec/bin/wazuh-execd
├─50894 /var/ossec/bin/wazuh-analysisd
├─50937 /var/ossec/bin/wazuh-syscheckd
├─50955 /var/ossec/bin/wazuh-remoted
├─50992 /var/ossec/bin/wazuh-logcollector
├─51030 /var/ossec/bin/wazuh-monitord
└─51084 /var/ossec/bin/wazuh-modulesd
May 15 08:54:26 wazuh-master-pre env[50731]: Started wazuh-analysisd...
May 15 08:54:27 wazuh-master-pre env[50731]: Started wazuh-syscheckd...
May 15 08:54:28 wazuh-master-pre env[50731]: Started wazuh-remoted...
May 15 08:54:29 wazuh-master-pre env[50731]: Started wazuh-logcollector...
May 15 08:54:30 wazuh-master-pre env[50731]: Started wazuh-monitord...
May 15 08:54:30 wazuh-master-pre env[51082]: 2024/05/15 08:54:30 wazuh-modulesd:router: INFO: Loade>
May 15 08:54:30 wazuh-master-pre env[51082]: 2024/05/15 08:54:30 wazuh-modulesd:content_manager: IN>
May 15 08:54:31 wazuh-master-pre env[50731]: Started wazuh-modulesd...
May 15 08:54:33 wazuh-master-pre env[50731]: Completed.
May 15 08:54:33 wazuh-master-pre systemd[1]: Started Wazuh manager.
Manager versionroot@wazuh-master-pre:/home/vagrant# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="server" Dashboard 🟢Wazuh dashboard installationroot@wazuh-dashboard-pre:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh
root@wazuh-dashboard-pre:/home/vagrant# bash wazuh-install.sh --wazuh-dashboard wazuh-dashboard-pre -o
15/05/2024 09:26:44 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
15/05/2024 09:26:44 INFO: Verbose logging redirected to /var/log/wazuh-install.log
15/05/2024 09:26:44 INFO: --- Removing existing Wazuh installation ---
15/05/2024 09:26:44 INFO: Removing Wazuh dashboard.
15/05/2024 09:26:49 INFO: Wazuh dashboard removed.
15/05/2024 09:26:49 INFO: Installation cleaned.
15/05/2024 09:26:49 INFO: Verifying that your system meets the recommended minimum hardware requirements.
15/05/2024 09:26:53 INFO: Wazuh web interface port will be 443.
15/05/2024 09:26:58 INFO: Wazuh development repository added.
15/05/2024 09:26:58 INFO: --- Wazuh dashboard ----
15/05/2024 09:26:58 INFO: Starting Wazuh dashboard installation.
15/05/2024 09:27:31 INFO: Wazuh dashboard installation finished.
15/05/2024 09:27:31 INFO: Wazuh dashboard post-install configuration finished.
15/05/2024 09:27:31 INFO: Starting service wazuh-dashboard.
15/05/2024 09:27:32 INFO: wazuh-dashboard service started.
15/05/2024 09:27:45 INFO: Initializing Wazuh dashboard web application.
15/05/2024 09:27:46 INFO: Wazuh dashboard web application initialized.
15/05/2024 09:27:46 INFO: --- Summary ---
15/05/2024 09:27:46 INFO: You can access the web interface https://172.16.1.32:443
User: admin
Password: PASSWORD
15/05/2024 09:27:46 INFO: Installation finished. Dashboard statusroot@wazuh-dashboard-pre:/home/vagrant# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-05-15 12:49:58 UTC; 4min 25s ago
Main PID: 639 (node)
Tasks: 11 (limit: 4558)
Memory: 282.2M
CPU: 6.180s
CGroup: /system.slice/wazuh-dashboard.service
└─639 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=655>
May 15 12:49:58 wazuh-dashboard-pre systemd[1]: Started wazuh-dashboard.
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:04 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:05 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05->
May 15 12:50:05 wazuh-dashboard-pre opensearch-dashboards[639]: {"type":"log","@timestamp":"2024-05-> |
Initial checks 🟢No error in manager 🟢This warning appears when the manager starts:
But then the initialization is done correctly:
All indices green 🟢root@wazuh-master-pre:/home/vagrant# curl -k -u admin:PASSWORD https://172.16.1.31:9200/_cat/indices
green open wazuh-states-vulnerabilities-wazuh-master-pre 0QxdKOf3RZaliXx8S5VTNQ 1 0 0 0 208b 208b
green open .opensearch-observability 8PGOhqzHSXuhCRyJlet4OQ 1 0 0 0 208b 208b
green open .plugins-ml-config IZXJTwnMTMexsZbfvkyeRA 1 0 1 0 3.9kb 3.9kb
green open wazuh-statistics-2024.20w 5Bv7S4SbTAub0V_n2mMHpQ 1 0 18 0 179.6kb 179.6kb
green open wazuh-alerts-4.x-2024.05.15 Yp3Yt5PRRjmCTUZGHwT0dQ 3 0 194 0 571.9kb 571.9kb
green open wazuh-monitoring-2024.20w Pq5EgjhYSZycEpQPtV8_mA 1 0 0 0 208b 208b
green open .opendistro_security P5EIXB7zTTGvc94FiUrH3A 1 0 10 1 44.1kb 44.1kb
green open .kibana_1 oXgdYsJnSAWOhg6fSwbLOA 1 0 6 1 69.8kb 69.8kb |
macOS Sonoma Agent 🔴System package 🟡sh-3.2# curl -o node-v20.2.0.pkg https://nodejs.org/dist/v20.2.0/node-v20.2.0.pkg
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 69.9M 100 69.9M 0 0 43.5M 0 0:00:01 0:00:01 --:--:-- 43.7M
sh-3.2# sudo installer -pkg node-v20.2.0.pkg -target /
installer: Package name is Node.js
installer: Installing at base path /
installer: The install was successful.
sh-3.2# node -v
v20.2.0
Python package 🔴sh-3.2# python3 -m venv my_django_env
sh-3.2# source my_django_env/bin/activate
(my_django_env) sh-3.2#
(my_django_env) sh-3.2# pip install Django==3.2.13
Collecting Django==3.2.13
Downloading Django-3.2.13-py3-none-any.whl (7.9 MB)
|████████████████████████████████| 7.9 MB 7.8 MB/s
Collecting pytz
Downloading pytz-2024.1-py2.py3-none-any.whl (505 kB)
|████████████████████████████████| 505 kB 81.8 MB/s
Collecting asgiref<4,>=3.3.2
Downloading asgiref-3.8.1-py3-none-any.whl (23 kB)
Collecting sqlparse>=0.2.2
Downloading sqlparse-0.5.0-py3-none-any.whl (43 kB)
|████████████████████████████████| 43 kB 11.3 MB/s
Collecting typing-extensions>=4
Downloading typing_extensions-4.11.0-py3-none-any.whl (34 kB)
Installing collected packages: typing-extensions, sqlparse, pytz, asgiref, Django
Successfully installed Django-3.2.13 asgiref-3.8.1 pytz-2024.1 sqlparse-0.5.0 typing-extensions-4.11.0
WARNING: You are using pip version 21.2.4; however, version 24.0 is available.
You should consider upgrading via the '/Users/vagrant/my_django_env/bin/python3 -m pip install --upgrade pip' command.
(my_django_env) sh-3.2# django-admin --version
3.2.13
NPM package 🟢
sh-3.2# npm install -g axios@0.6.0
npm WARN deprecated axios@0.6.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
added 1 package in 362ms
npm notice
npm notice New major version of npm available! 9.6.6 -> 10.7.0
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.7.0
npm notice Run npm install -g npm@10.7.0 to update!
npm notice
sh-3.2#
sh-3.2# npm list -g
/usr/local/lib
├── axios@0.6.0
├── corepack@0.17.2
└── npm@9.6.6
{"timestamp":"2024-05-15T12:10:40.803+0000","rule":{"level":7,"description":"CVE-2019-10742 affects axios","id":"23504","firedtimes":1,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"003","name":"agent1","ip":"192.168.64.10"},"manager":{"name":"ip-172-31-5-207"},"id":"1715775040.1699688","cluster":{"name":"wazuh","node":"master"},"decoder":{"name":"json"},"data":{"vulnerability":{"assigner":"snyk","cve":"CVE-2019-10742","cvss":{"cvss2":{"base_score":"5","vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"CWE-755","enumeration":"CVE","package":{"architecture":" ","condition":"Package less than 0.18.1","name":"axios","source":"https://github.com/mzabriskie/axios","version":"0.6.0"},"published":"2019-05-07T19:29:00Z","rationale":"Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.","reference":"https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505, https://github.com/axios/axios/issues/1098, https://github.com/axios/axios/pull/1485","severity":"Medium","status":"Active","title":"CVE-2019-10742 affects axios","type":"Packages","updated":"2021-07-21T11:39:23Z"}},"location":"vulnerability-detector"}
{"timestamp":"2024-05-15T12:10:40.813+0000","rule":{"level":7,"description":"CVE-2020-28168 affects axios","id":"23504","firedtimes":2,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"003","name":"agent1","ip":"192.168.64.10"},"manager":{"name":"ip-172-31-5-207"},"id":"1715775040.1702115","cluster":{"name":"wazuh","node":"master"},"decoder":{"name":"json"},"data":{"vulnerability":{"assigner":"mitre","cve":"CVE-2020-28168","cvss":{"cvss2":{"base_score":"4.300000","vector":{"access_complexity":"MEDIUM","authentication":"NONE","availability":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE"}}},"cwe_reference":"CWE-918","enumeration":"CVE","package":{"architecture":" ","condition":"Package less than 0.21.1","name":"axios","source":"https://github.com/mzabriskie/axios","version":"0.6.0"},"published":"2020-11-06T20:15:13Z","rationale":"Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.","reference":"https://github.com/axios/axios/issues/3369, https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf, https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E","severity":"Medium","status":"Active","title":"CVE-2020-28168 affects axios","type":"Packages","updated":"2023-11-07T03:21:07Z"}},"location":"vulnerability-detector"}
{"timestamp":"2024-05-15T12:10:40.823+0000","rule":{"level":10,"description":"CVE-2021-3749 affects axios","id":"23505","firedtimes":1,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"003","name":"agent1","ip":"192.168.64.10"},"manager":{"name":"ip-172-31-5-207"},"id":"1715775040.1705369","cluster":{"name":"wazuh","node":"master"},"decoder":{"name":"json"},"data":{"vulnerability":{"assigner":"@huntrdev","cve":"CVE-2021-3749","cvss":{"cvss2":{"base_score":"7.800000","vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"CWE-1333","enumeration":"CVE","package":{"architecture":" ","condition":"Package less than 0.21.2","name":"axios","source":"https://github.com/mzabriskie/axios","version":"0.6.0"},"published":"2021-08-31T11:15:07Z","rationale":"axios is vulnerable to Inefficient Regular Expression Complexity","reference":"https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31, https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929, https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf, https://www.oracle.com/security-alerts/cpujul2022.html, https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E, https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E","severity":"High","status":"Active","title":"CVE-2021-3749 affects axios","type":"Packages","updated":"2023-11-07T03:38:14Z"}},"location":"vulnerability-detector"}
sh-3.2# npm uninstall -g axios
removed 1 package in 95ms
sh-3.2# npm list -g
/usr/local/lib
├── corepack@0.17.2
└── npm@9.6.6
{"timestamp":"2024-05-15T12:15:02.114+0000","rule":{"level":3,"description":"The CVE-2019-10742 that affected axios was solved due to a package removal/update or a system upgrade","id":"23502","firedtimes":1,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"003","name":"agent1","ip":"192.168.64.10"},"manager":{"name":"ip-172-31-5-207"},"id":"1715775302.1710435","cluster":{"name":"wazuh","node":"master"},"decoder":{"name":"json"},"data":{"vulnerability":{"cve":"CVE-2019-10742","cvss":{"cvss2":{"base_score":"5"}},"enumeration":"CVE","package":{"architecture":" ","name":"axios","version":"0.6.0"},"published":"2019-05-07T19:29:00Z","reference":"https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505, https://github.com/axios/axios/issues/1098, https://github.com/axios/axios/pull/1485","severity":"Medium","status":"Solved","title":"CVE-2019-10742 affecting axios was solved","type":"Packages","updated":"2021-07-21T11:39:23Z"}},"location":"vulnerability-detector"}
{"timestamp":"2024-05-15T12:15:02.124+0000","rule":{"level":3,"description":"The CVE-2021-3749 that affected axios was solved due to a package removal/update or a system upgrade","id":"23502","firedtimes":2,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"003","name":"agent1","ip":"192.168.64.10"},"manager":{"name":"ip-172-31-5-207"},"id":"1715775302.1711840","cluster":{"name":"wazuh","node":"master"},"decoder":{"name":"json"},"data":{"vulnerability":{"cve":"CVE-2021-3749","cvss":{"cvss2":{"base_score":"7.800000"}},"enumeration":"CVE","package":{"architecture":" ","name":"axios","version":"0.6.0"},"published":"2021-08-31T11:15:07Z","reference":"https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31, https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929, https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf, https://www.oracle.com/security-alerts/cpujul2022.html, https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E, https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E","severity":"High","status":"Solved","title":"CVE-2021-3749 affecting axios was solved","type":"Packages","updated":"2023-11-07T03:38:14Z"}},"location":"vulnerability-detector"}
{"timestamp":"2024-05-15T12:15:02.135+0000","rule":{"level":3,"description":"The CVE-2020-28168 that affected axios was solved due to a package removal/update or a system upgrade","id":"23502","firedtimes":3,"mail":false,"groups":["vulnerability-detector"],"gdpr":["IV_35.7.d"],"pci_dss":["11.2.1","11.2.3"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"003","name":"agent1","ip":"192.168.64.10"},"manager":{"name":"ip-172-31-5-207"},"id":"1715775302.1716079","cluster":{"name":"wazuh","node":"master"},"decoder":{"name":"json"},"data":{"vulnerability":{"cve":"CVE-2020-28168","cvss":{"cvss2":{"base_score":"4.300000"}},"enumeration":"CVE","package":{"architecture":" ","name":"axios","version":"0.6.0"},"published":"2020-11-06T20:15:13Z","reference":"https://github.com/axios/axios/issues/3369, https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf, https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E, https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E","severity":"Medium","status":"Solved","title":"CVE-2020-28168 affecting axios was solved","type":"Packages","updated":"2023-11-07T03:21:07Z"}},"location":"vulnerability-detector"} |
Amazon Linux 2023 Agent 🟢Installation 🟢[root@amazon-agent-pre vagrant]# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
[root@amazon-agent-pre vagrant]# cat > /etc/yum.repos.d/wazuh.repo << EOF
> [wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-\$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
EOF
[root@amazon-agent-pre vagrant]# WAZUH_MANAGER="172.16.1.30" yum install wazuh-agent-4.8.0-1
EL-2023.3.20240304 - Wazuh 5.8 MB/s | 25 MB 00:04
Last metadata expiration check: 0:00:06 ago on Wed May 15 15:19:00 2024.
Dependencies resolved.
===========================================================================================================
Package Architecture Version Repository Size
===========================================================================================================
Installing:
wazuh-agent x86_64 4.8.0-1 wazuh 10 M
Transaction Summary
===========================================================================================================
Install 1 Package
Total download size: 10 M
Installed size: 29 M
Is this ok [y/N]: y
Downloading Packages:
wazuh-agent-4.8.0-1.x86_64.rpm 4.4 MB/s | 10 MB 00:02
-----------------------------------------------------------------------------------------------------------
Total 4.4 MB/s | 10 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-agent-4.8.0-1.x86_64 1/1
Installing : wazuh-agent-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-agent-4.8.0-1.x86_64 1/1
Verifying : wazuh-agent-4.8.0-1.x86_64 1/1
Installed:
wazuh-agent-4.8.0-1.x86_64
Complete!
[root@amazon-agent-pre vagrant]# systemctl daemon-reload
[root@amazon-agent-pre vagrant]# systemctl enable wazuh-agent
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-agent.service → /usr/lib/systemd/system/wazuh-agent.service.
[root@amazon-agent-pre vagrant]# systemctl start wazuh-agent
[root@amazon-agent-pre vagrant]# systemctl status wazuh-agent
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-05-15 15:20:43 UTC; 46s ago
Process: 5977 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 32 (limit: 2307)
Memory: 322.9M
CPU: 11.226s
CGroup: /system.slice/wazuh-agent.service
├─6235 /var/ossec/bin/wazuh-execd
├─6247 /var/ossec/bin/wazuh-agentd
├─6261 /var/ossec/bin/wazuh-syscheckd
├─6276 /var/ossec/bin/wazuh-logcollector
└─6294 /var/ossec/bin/wazuh-modulesd
May 15 15:20:35 amazon-agent-pre systemd[1]: Starting wazuh-agent.service - Wazuh agent...
May 15 15:20:35 amazon-agent-pre env[5977]: Starting Wazuh v4.8.0...
May 15 15:20:36 amazon-agent-pre env[5977]: Started wazuh-execd...
May 15 15:20:37 amazon-agent-pre env[5977]: Started wazuh-agentd...
May 15 15:20:38 amazon-agent-pre env[5977]: Started wazuh-syscheckd...
May 15 15:20:39 amazon-agent-pre env[5977]: Started wazuh-logcollector...
May 15 15:20:41 amazon-agent-pre env[5977]: Started wazuh-modulesd...
May 15 15:20:43 amazon-agent-pre env[5977]: Completed.
May 15 15:20:43 amazon-agent-pre systemd[1]: Started wazuh-agent.service - Wazuh agent.
[root@amazon-agent-pre vagrant]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" System package 🟢
[root@amazon-agent-pre vagrant]# sudo yum install -y httpd-2.4.55-1.amzn2023
Last metadata expiration check: 16:21:57 ago on Wed May 15 15:19:00 2024.
Dependencies resolved.
=========================================================================================================
Package Architecture Version Repository Size
=========================================================================================================
Installing:
httpd x86_64 2.4.55-1.amzn2023 amazonlinux 48 k
Installing dependencies:
apr x86_64 1.7.2-2.amzn2023.0.2 amazonlinux 129 k
apr-util x86_64 1.6.3-1.amzn2023.0.1 amazonlinux 98 k
generic-logos-httpd noarch 18.0.0-12.amzn2023.0.3 amazonlinux 19 k
httpd-core x86_64 2.4.55-1.amzn2023 amazonlinux 1.4 M
httpd-filesystem noarch 2.4.55-1.amzn2023 amazonlinux 15 k
httpd-tools x86_64 2.4.55-1.amzn2023 amazonlinux 82 k
libbrotli x86_64 1.0.9-4.amzn2023.0.2 amazonlinux 315 k
mailcap noarch 2.1.49-3.amzn2023.0.3 amazonlinux 33 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.3-1.amzn2023.0.1 amazonlinux 17 k
mod_http2 x86_64 2.0.11-2.amzn2023 amazonlinux 150 k
mod_lua x86_64 2.4.55-1.amzn2023 amazonlinux 62 k
Transaction Summary
=========================================================================================================
Install 12 Packages
Total download size: 2.3 M
Installed size: 6.8 M
Downloading Packages:
(1/12): apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64.rpm 98 kB/s | 17 kB 00:00
(2/12): mod_http2-2.0.11-2.amzn2023.x86_64.rpm 344 kB/s | 150 kB 00:00
(3/12): apr-1.7.2-2.amzn2023.0.2.x86_64.rpm 322 kB/s | 129 kB 00:00
(4/12): apr-util-1.6.3-1.amzn2023.0.1.x86_64.rpm 570 kB/s | 98 kB 00:00
(5/12): httpd-2.4.55-1.amzn2023.x86_64.rpm 58 kB/s | 48 kB 00:00
(6/12): mod_lua-2.4.55-1.amzn2023.x86_64.rpm 68 kB/s | 62 kB 00:00
(7/12): httpd-tools-2.4.55-1.amzn2023.x86_64.rpm 81 kB/s | 82 kB 00:01
(8/12): libbrotli-1.0.9-4.amzn2023.0.2.x86_64.rpm 255 kB/s | 315 kB 00:01
(9/12): generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch.rpm 413 kB/s | 19 kB 00:00
(10/12): mailcap-2.1.49-3.amzn2023.0.3.noarch.rpm 502 kB/s | 33 kB 00:00
(11/12): httpd-filesystem-2.4.55-1.amzn2023.noarch.rpm 24 kB/s | 15 kB 00:00
(12/12): httpd-core-2.4.55-1.amzn2023.x86_64.rpm 689 kB/s | 1.4 MB 00:02
---------------------------------------------------------------------------------------------------------
Total 506 kB/s | 2.3 MB 00:04
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.7.2-2.amzn2023.0.2.x86_64 1/12
Installing : apr-util-1.6.3-1.amzn2023.0.1.x86_64 2/12
Installing : apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 3/12
Installing : mailcap-2.1.49-3.amzn2023.0.3.noarch 4/12
Installing : httpd-tools-2.4.55-1.amzn2023.x86_64 5/12
Installing : generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch 6/12
Running scriptlet: httpd-filesystem-2.4.55-1.amzn2023.noarch 7/12
Installing : httpd-filesystem-2.4.55-1.amzn2023.noarch 7/12
Installing : httpd-core-2.4.55-1.amzn2023.x86_64 8/12
Installing : mod_http2-2.0.11-2.amzn2023.x86_64 9/12
Installing : mod_lua-2.4.55-1.amzn2023.x86_64 10/12
Installing : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 11/12
Installing : httpd-2.4.55-1.amzn2023.x86_64 12/12
Running scriptlet: httpd-2.4.55-1.amzn2023.x86_64 12/12
Verifying : httpd-2.4.55-1.amzn2023.x86_64 1/12
Verifying : mod_http2-2.0.11-2.amzn2023.x86_64 2/12
Verifying : apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 3/12
Verifying : apr-1.7.2-2.amzn2023.0.2.x86_64 4/12
Verifying : mod_lua-2.4.55-1.amzn2023.x86_64 5/12
Verifying : apr-util-1.6.3-1.amzn2023.0.1.x86_64 6/12
Verifying : httpd-tools-2.4.55-1.amzn2023.x86_64 7/12
Verifying : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 8/12
Verifying : httpd-core-2.4.55-1.amzn2023.x86_64 9/12
Verifying : httpd-filesystem-2.4.55-1.amzn2023.noarch 10/12
Verifying : generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch 11/12
Verifying : mailcap-2.1.49-3.amzn2023.0.3.noarch 12/12
=========================================================================================================
WARNING:
A newer release of "Amazon Linux" is available.
Available Versions:
Version 2023.3.20240312:
Run the following command to upgrade to 2023.3.20240312:
dnf upgrade --releasever=2023.3.20240312
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.3.20240312.html
Version 2023.4.20240319:
Run the following command to upgrade to 2023.4.20240319:
dnf upgrade --releasever=2023.4.20240319
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240319.html
Version 2023.4.20240401:
Run the following command to upgrade to 2023.4.20240401:
dnf upgrade --releasever=2023.4.20240401
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240401.html
Version 2023.4.20240416:
Run the following command to upgrade to 2023.4.20240416:
dnf upgrade --releasever=2023.4.20240416
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240416.html
Version 2023.4.20240429:
Run the following command to upgrade to 2023.4.20240429:
dnf upgrade --releasever=2023.4.20240429
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240429.html
Version 2023.4.20240513:
Run the following command to upgrade to 2023.4.20240513:
dnf upgrade --releasever=2023.4.20240513
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240513.html
=========================================================================================================
Installed:
apr-1.7.2-2.amzn2023.0.2.x86_64 apr-util-1.6.3-1.amzn2023.0.1.x86_64
apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch
httpd-2.4.55-1.amzn2023.x86_64 httpd-core-2.4.55-1.amzn2023.x86_64
httpd-filesystem-2.4.55-1.amzn2023.noarch httpd-tools-2.4.55-1.amzn2023.x86_64
libbrotli-1.0.9-4.amzn2023.0.2.x86_64 mailcap-2.1.49-3.amzn2023.0.3.noarch
mod_http2-2.0.11-2.amzn2023.x86_64 mod_lua-2.4.55-1.amzn2023.x86_64
Complete!
[root@amazon-agent-pre vagrant]# httpd -v
Server version: Apache/2.4.55 (Amazon Linux)
Server built: Feb 10 2023 00:00:00
[root@amazon-agent-pre vagrant]# sudo systemctl stop httpd
[root@amazon-agent-pre vagrant]# sudo systemctl disable httpd
[root@amazon-agent-pre vagrant]# sudo yum remove -y httpd
Dependencies resolved.
=========================================================================================================
Package Architecture Version Repository Size
=========================================================================================================
Removing:
httpd x86_64 2.4.55-1.amzn2023 @amazonlinux 60 k
Removing unused dependencies:
apr x86_64 1.7.2-2.amzn2023.0.2 @amazonlinux 297 k
apr-util x86_64 1.6.3-1.amzn2023.0.1 @amazonlinux 217 k
apr-util-openssl x86_64 1.6.3-1.amzn2023.0.1 @amazonlinux 24 k
generic-logos-httpd noarch 18.0.0-12.amzn2023.0.3 @amazonlinux 21 k
httpd-core x86_64 2.4.55-1.amzn2023 @amazonlinux 4.7 M
httpd-filesystem noarch 2.4.55-1.amzn2023 @amazonlinux 464
httpd-tools x86_64 2.4.55-1.amzn2023 @amazonlinux 201 k
libbrotli x86_64 1.0.9-4.amzn2023.0.2 @amazonlinux 771 k
mailcap noarch 2.1.49-3.amzn2023.0.3 @amazonlinux 78 k
mod_http2 x86_64 2.0.11-2.amzn2023 @amazonlinux 395 k
mod_lua x86_64 2.4.55-1.amzn2023 @amazonlinux 143 k
Transaction Summary
=========================================================================================================
Remove 12 Packages
Freed space: 6.8 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: httpd-2.4.55-1.amzn2023.x86_64 1/12
Erasing : httpd-2.4.55-1.amzn2023.x86_64 1/12
Running scriptlet: httpd-2.4.55-1.amzn2023.x86_64 1/12
Erasing : mod_lua-2.4.55-1.amzn2023.x86_64 2/12
Erasing : mod_http2-2.0.11-2.amzn2023.x86_64 3/12
Erasing : generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch 4/12
Erasing : httpd-core-2.4.55-1.amzn2023.x86_64 5/12
Erasing : httpd-tools-2.4.55-1.amzn2023.x86_64 6/12
Erasing : mailcap-2.1.49-3.amzn2023.0.3.noarch 7/12
Erasing : httpd-filesystem-2.4.55-1.amzn2023.noarch 8/12
Erasing : apr-util-1.6.3-1.amzn2023.0.1.x86_64 9/12
Erasing : apr-1.7.2-2.amzn2023.0.2.x86_64 10/12
Erasing : apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 11/12
Erasing : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 12/12
Running scriptlet: libbrotli-1.0.9-4.amzn2023.0.2.x86_64 12/12
Verifying : apr-1.7.2-2.amzn2023.0.2.x86_64 1/12
Verifying : apr-util-1.6.3-1.amzn2023.0.1.x86_64 2/12
Verifying : apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 3/12
Verifying : generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch 4/12
Verifying : httpd-2.4.55-1.amzn2023.x86_64 5/12
Verifying : httpd-core-2.4.55-1.amzn2023.x86_64 6/12
Verifying : httpd-filesystem-2.4.55-1.amzn2023.noarch 7/12
Verifying : httpd-tools-2.4.55-1.amzn2023.x86_64 8/12
Verifying : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 9/12
Verifying : mailcap-2.1.49-3.amzn2023.0.3.noarch 10/12
Verifying : mod_http2-2.0.11-2.amzn2023.x86_64 11/12
Verifying : mod_lua-2.4.55-1.amzn2023.x86_64 12/12
=========================================================================================================
WARNING:
A newer release of "Amazon Linux" is available.
Available Versions:
Version 2023.3.20240312:
Run the following command to upgrade to 2023.3.20240312:
dnf upgrade --releasever=2023.3.20240312
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.3.20240312.html
Version 2023.4.20240319:
Run the following command to upgrade to 2023.4.20240319:
dnf upgrade --releasever=2023.4.20240319
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240319.html
Version 2023.4.20240401:
Run the following command to upgrade to 2023.4.20240401:
dnf upgrade --releasever=2023.4.20240401
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240401.html
Version 2023.4.20240416:
Run the following command to upgrade to 2023.4.20240416:
dnf upgrade --releasever=2023.4.20240416
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240416.html
Version 2023.4.20240429:
Run the following command to upgrade to 2023.4.20240429:
dnf upgrade --releasever=2023.4.20240429
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240429.html
Version 2023.4.20240513:
Run the following command to upgrade to 2023.4.20240513:
dnf upgrade --releasever=2023.4.20240513
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240513.html
=========================================================================================================
Removed:
apr-1.7.2-2.amzn2023.0.2.x86_64 apr-util-1.6.3-1.amzn2023.0.1.x86_64
apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch
httpd-2.4.55-1.amzn2023.x86_64 httpd-core-2.4.55-1.amzn2023.x86_64
httpd-filesystem-2.4.55-1.amzn2023.noarch httpd-tools-2.4.55-1.amzn2023.x86_64
libbrotli-1.0.9-4.amzn2023.0.2.x86_64 mailcap-2.1.49-3.amzn2023.0.3.noarch
mod_http2-2.0.11-2.amzn2023.x86_64 mod_lua-2.4.55-1.amzn2023.x86_64
Complete! Python package 🟢
[root@amazon-agent-pre vagrant]# sudo yum install -y python3-pip
Last metadata expiration check: 16:39:53 ago on Wed May 15 15:19:00 2024.
Dependencies resolved.
=========================================================================================================
Package Architecture Version Repository Size
=========================================================================================================
Installing:
python3-pip noarch 21.3.1-2.amzn2023.0.7 amazonlinux 1.8 M
Installing weak dependencies:
libxcrypt-compat x86_64 4.4.33-7.amzn2023 amazonlinux 92 k
Transaction Summary
=========================================================================================================
Install 2 Packages
Total download size: 1.9 M
Installed size: 11 M
Downloading Packages:
(1/2): libxcrypt-compat-4.4.33-7.amzn2023.x86_64.rpm 277 kB/s | 92 kB 00:00
(2/2): python3-pip-21.3.1-2.amzn2023.0.7.noarch.rpm 799 kB/s | 1.8 MB 00:02
---------------------------------------------------------------------------------------------------------
Total 547 kB/s | 1.9 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libxcrypt-compat-4.4.33-7.amzn2023.x86_64 1/2
Installing : python3-pip-21.3.1-2.amzn2023.0.7.noarch 2/2
Running scriptlet: python3-pip-21.3.1-2.amzn2023.0.7.noarch 2/2
Verifying : libxcrypt-compat-4.4.33-7.amzn2023.x86_64 1/2
Verifying : python3-pip-21.3.1-2.amzn2023.0.7.noarch 2/2
=========================================================================================================
WARNING:
A newer release of "Amazon Linux" is available.
Available Versions:
Version 2023.3.20240312:
Run the following command to upgrade to 2023.3.20240312:
dnf upgrade --releasever=2023.3.20240312
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.3.20240312.html
Version 2023.4.20240319:
Run the following command to upgrade to 2023.4.20240319:
dnf upgrade --releasever=2023.4.20240319
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240319.html
Version 2023.4.20240401:
Run the following command to upgrade to 2023.4.20240401:
dnf upgrade --releasever=2023.4.20240401
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240401.html
Version 2023.4.20240416:
Run the following command to upgrade to 2023.4.20240416:
dnf upgrade --releasever=2023.4.20240416
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240416.html
Version 2023.4.20240429:
Run the following command to upgrade to 2023.4.20240429:
dnf upgrade --releasever=2023.4.20240429
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240429.html
Version 2023.4.20240513:
Run the following command to upgrade to 2023.4.20240513:
dnf upgrade --releasever=2023.4.20240513
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240513.html
=========================================================================================================
Installed:
libxcrypt-compat-4.4.33-7.amzn2023.x86_64 python3-pip-21.3.1-2.amzn2023.0.7.noarch
Complete!
[root@amazon-agent-pre vagrant]# pip3 --version
pip 21.3.1 from /usr/lib/python3.9/site-packages/pip (python 3.9)
[root@amazon-agent-pre vagrant]#
[root@amazon-agent-pre vagrant]# python3 -m pip install Django==3.2.13
Collecting Django==3.2.13
Downloading Django-3.2.13-py3-none-any.whl (7.9 MB)
|████████████████████████████████| 7.9 MB 829 kB/s
Collecting asgiref<4,>=3.3.2
Downloading asgiref-3.8.1-py3-none-any.whl (23 kB)
Requirement already satisfied: pytz in /usr/lib/python3.9/site-packages (from Django==3.2.13) (2022.7.1)
Collecting sqlparse>=0.2.2
Downloading sqlparse-0.5.0-py3-none-any.whl (43 kB)
|████████████████████████████████| 43 kB 649 kB/s
Collecting typing-extensions>=4
Downloading typing_extensions-4.11.0-py3-none-any.whl (34 kB)
Installing collected packages: typing-extensions, sqlparse, asgiref, Django
Successfully installed Django-3.2.13 asgiref-3.8.1 sqlparse-0.5.0 typing-extensions-4.11.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[root@amazon-agent-pre vagrant]# django-admin --version
3.2.13
[root@amazon-agent-pre vagrant]# python3 -m pip uninstall Django
Found existing installation: Django 3.2.13
Uninstalling Django-3.2.13:
Would remove:
/usr/local/bin/django-admin
/usr/local/bin/django-admin.py
/usr/local/lib/python3.9/site-packages/Django-3.2.13.dist-info/*
/usr/local/lib/python3.9/site-packages/django/*
Proceed (Y/n)? Y
Successfully uninstalled Django-3.2.13
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv NPM package 🟢
[root@amazon-agent-pre vagrant]# npm install -g axios@0.6.0
npm warn deprecated axios@0.6.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
added 1 package in 2s
npm notice
npm notice New minor version of npm available! 10.7.0 -> 10.8.0
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.8.0
npm notice To update run: npm install -g npm@10.8.0
npm notice
[root@amazon-agent-pre vagrant]# npm uninstall -g axios
removed 1 package in 216ms
|
Windows Server 2019 Agent 🟢Installation 🟢PS C:\Users\vagrant> Invoke-WebRequest -Uri https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-4.8.0-1.msi -OutFile ${env.tmp}\wazuh-agent; msiexec.exe /i ${env.tmp}\wazuh-agent /q
WAZUH_MANAGER='172.16.1.30'
PS C:\Users\vagrant> NET START Wazuh
The Wazuh service is starting.
The Wazuh service was started successfully.
PS C:\Users\vagrant> Get-Service -DisplayName *Wazuh*
Status Name DisplayName
------ ---- -----------
Running WazuhSvc Wazuh |
Ubuntu 20.04 Agent 🟢Installation 🟢root@ubuntu-agent-pre:/home/vagrant# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@ubuntu-agent-pre:/home/vagrant# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main" | tee -a /etc/apt/sources.list.d/wazuh.list
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
root@ubuntu-agent-pre:/home/vagrant# apt-get update
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
Get:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [979 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [37.8 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3,328 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [524 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [17.2 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2,946 kB]
Get:11 https://packages-dev.wazuh.com/pre-release/apt unstable/main i386 Packages [11.1 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted i386 Packages [37.7 kB]
Get:13 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [412 kB]
Get:14 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted amd64 c-n-f Metadata [552 B]
Get:15 http://us.archive.ubuntu.com/ubuntu focal-updates/universe i386 Packages [784 kB]
Get:16 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,187 kB]
Get:17 http://us.archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [284 kB]
Get:18 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [25.7 kB]
Get:19 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse i386 Packages [8,444 B]
Get:20 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [26.2 kB]
Get:21 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [7,880 B]
Get:22 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 c-n-f Metadata [620 B]
Get:23 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:24 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2,951 kB]
Get:25 http://security.ubuntu.com/ubuntu focal-security/main i386 Packages [754 kB]
Get:26 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [442 kB]
Get:27 http://security.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [13.2 kB]
Get:28 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [2,830 kB]
Get:29 http://security.ubuntu.com/ubuntu focal-security/restricted i386 Packages [36.4 kB]
Get:30 http://security.ubuntu.com/ubuntu focal-security/restricted Translation-en [396 kB]
Get:31 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 c-n-f Metadata [552 B]
Get:32 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [961 kB]
Get:33 http://security.ubuntu.com/ubuntu focal-security/universe i386 Packages [657 kB]
Get:34 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [202 kB]
Get:35 http://security.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [19.2 kB]
Get:36 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [24.0 kB]
Get:37 http://security.ubuntu.com/ubuntu focal-security/multiverse i386 Packages [7,200 B]
Get:38 http://security.ubuntu.com/ubuntu focal-security/multiverse Translation-en [5,904 B]
Get:39 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 c-n-f Metadata [548 B]
Fetched 20.3 MB in 8s (2,502 kB/s)
Reading package lists... Done
root@ubuntu-agent-pre:/home/vagrant# WAZUH_MANAGER="172.16.1.30" apt-get install wazuh-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
wazuh-agent
0 upgraded, 1 newly installed, 0 to remove and 120 not upgraded.
Need to get 10.3 MB of archives.
After this operation, 34.0 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-agent amd64 4.8.0-1 [10.3 MB]
Fetched 10.3 MB in 8s (1,315 kB/s)
Preconfiguring packages ...
Selecting previously unselected package wazuh-agent.
(Reading database ... 111955 files and directories currently installed.)
Preparing to unpack .../wazuh-agent_4.8.0-1_amd64.deb ...
Unpacking wazuh-agent (4.8.0-1) ...
Setting up wazuh-agent (4.8.0-1) ...
Processing triggers for systemd (245.4-4ubuntu3.22) ...
root@ubuntu-agent-pre:/home/vagrant# systemctl daemon-reload
root@ubuntu-agent-pre:/home/vagrant# systemctl enable wazuh-agent
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-agent.service → /lib/systemd/system/wazuh-agent.service.
root@ubuntu-agent-pre:/home/vagrant# systemctl start wazuh-agent
root@ubuntu-agent-pre:/home/vagrant# systemctl status wazuh-agent
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-05-16 11:39:02 UTC; 11s ago
Process: 3096 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/S>
Tasks: 28 (limit: 2257)
Memory: 17.6M
CGroup: /system.slice/wazuh-agent.service
├─3134 /var/ossec/bin/wazuh-execd
├─3145 /var/ossec/bin/wazuh-agentd
├─3158 /var/ossec/bin/wazuh-syscheckd
├─3171 /var/ossec/bin/wazuh-logcollector
└─3188 /var/ossec/bin/wazuh-modulesd
May 16 11:38:55 ubuntu-agent-pre systemd[1]: Starting Wazuh agent...
May 16 11:38:55 ubuntu-agent-pre env[3096]: Starting Wazuh v4.8.0...
May 16 11:38:56 ubuntu-agent-pre env[3096]: Started wazuh-execd...
May 16 11:38:57 ubuntu-agent-pre env[3096]: Started wazuh-agentd...
May 16 11:38:58 ubuntu-agent-pre env[3096]: Started wazuh-syscheckd...
May 16 11:38:59 ubuntu-agent-pre env[3096]: Started wazuh-logcollector...
May 16 11:39:00 ubuntu-agent-pre env[3096]: Started wazuh-modulesd...
May 16 11:39:02 ubuntu-agent-pre env[3096]: Completed.
May 16 11:39:02 ubuntu-agent-pre systemd[1]: Started Wazuh agent.
root@ubuntu-agent-pre:/home/vagrant# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" System package 🟢
root@ubuntu-agent-pre:/home/vagrant# sudo apt install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
apparmor-profiles-extra apparmor-utils
The following NEW packages will be installed:
apparmor
0 upgraded, 1 newly installed, 0 to remove and 118 not upgraded.
Need to get 502 kB of archives.
After this operation, 2,020 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 apparmor amd64 2.13.3-7ubuntu5.3 [502 kB]
Fetched 502 kB in 1s (581 kB/s)
Preconfiguring packages ...
Selecting previously unselected package apparmor.
(Reading database ... 146284 files and directories currently installed.)
Preparing to unpack .../apparmor_2.13.3-7ubuntu5.3_amd64.deb ...
Unpacking apparmor (2.13.3-7ubuntu5.3) ...
Setting up apparmor (2.13.3-7ubuntu5.3) ...
Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.22) ...
root@ubuntu-agent-pre:/home/vagrant# sudo apt remove apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
apparmor
0 upgraded, 0 newly installed, 1 to remove and 118 not upgraded.
After this operation, 2,020 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 146312 files and directories currently installed.)
Removing apparmor (2.13.3-7ubuntu5.3) ...
Processing triggers for man-db (2.9.1-1) ... Python package 🟢
root@ubuntu-agent-pre:/home/vagrant# python3 -m pip install Django==3.2.13
Collecting Django==3.2.13
Downloading Django-3.2.13-py3-none-any.whl (7.9 MB)
|████████████████████████████████| 7.9 MB 3.2 MB/s
Collecting sqlparse>=0.2.2
Downloading sqlparse-0.5.0-py3-none-any.whl (43 kB)
|████████████████████████████████| 43 kB 5.4 MB/s
Collecting asgiref<4,>=3.3.2
Downloading asgiref-3.8.1-py3-none-any.whl (23 kB)
Collecting pytz
Downloading pytz-2024.1-py2.py3-none-any.whl (505 kB)
|████████████████████████████████| 505 kB 30.6 MB/s
Collecting typing-extensions>=4; python_version < "3.11"
Downloading typing_extensions-4.11.0-py3-none-any.whl (34 kB)
Installing collected packages: sqlparse, typing-extensions, asgiref, pytz, Django
Successfully installed Django-3.2.13 asgiref-3.8.1 pytz-2024.1 sqlparse-0.5.0 typing-extensions-4.11.0
root@ubuntu-agent-pre:/home/vagrant# python3 -m pip uninstall Django
Found existing installation: Django 3.2.13
Uninstalling Django-3.2.13:
Would remove:
/usr/local/bin/django-admin
/usr/local/bin/django-admin.py
/usr/local/lib/python3.8/dist-packages/Django-3.2.13.dist-info/*
/usr/local/lib/python3.8/dist-packages/django/*
Proceed (y/n)? y
Successfully uninstalled Django-3.2.13 NPM package 🟢
root@ubuntu-agent-pre:/home/vagrant# curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash -
2024-05-16 14:23:55 - Installing pre-requisites
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Hit:3 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:4 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,186 kB]
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Hit:6 http://security.ubuntu.com/ubuntu focal-security InRelease
Fetched 1,300 kB in 6s (231 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20230311ubuntu0.20.04.1).
gnupg is already the newest version (2.2.19-3ubuntu2.2).
The following additional packages will be installed:
libcurl4
The following NEW packages will be installed:
apt-transport-https
The following packages will be upgraded:
curl libcurl4
2 upgraded, 1 newly installed, 0 to remove and 110 not upgraded.
Need to get 398 kB of archives.
After this operation, 162 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 apt-transport-https all 2.0.10 [1,704 B]
Get:2 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 curl amd64 7.68.0-1ubuntu2.22 [161 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 libcurl4 amd64 7.68.0-1ubuntu2.22 [235 kB]
Fetched 398 kB in 1s (434 kB/s)
Selecting previously unselected package apt-transport-https.
(Reading database ... 152732 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_2.0.10_all.deb ...
Unpacking apt-transport-https (2.0.10) ...
Preparing to unpack .../curl_7.68.0-1ubuntu2.22_amd64.deb ...
Unpacking curl (7.68.0-1ubuntu2.22) over (7.68.0-1ubuntu2.20) ...
Preparing to unpack .../libcurl4_7.68.0-1ubuntu2.22_amd64.deb ...
Unpacking libcurl4:amd64 (7.68.0-1ubuntu2.22) over (7.68.0-1ubuntu2.20) ...
Setting up apt-transport-https (2.0.10) ...
Setting up libcurl4:amd64 (7.68.0-1ubuntu2.22) ...
Setting up curl (7.68.0-1ubuntu2.22) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.12) ...
Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://us.archive.ubuntu.com/ubuntu focal InRelease
Get:3 https://deb.nodesource.com/node_18.x nodistro InRelease [12.1 kB]
Hit:4 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:5 https://deb.nodesource.com/node_18.x nodistro/main amd64 Packages [8,669 B]
Hit:6 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:7 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Fetched 20.8 kB in 1s (18.5 kB/s)
Reading package lists... Done
2024-05-16 14:24:08 - Repository configured successfully. To install Node.js, run: apt-get install nodejs -y
root@ubuntu-agent-pre:/home/vagrant#
root@ubuntu-agent-pre:/home/vagrant# sudo apt install -y nodejs
Reading package lists... Done
Building dependency tree... 50%
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
nodejs
0 upgraded, 1 newly installed, 0 to remove and 110 not upgraded.
Need to get 29.6 MB of archives.
After this operation, 187 MB of additional disk space will be used.
Get:1 https://deb.nodesource.com/node_18.x nodistro/main amd64 nodejs amd64 18.20.2-1nodesource1 [29.6 MB]
Fetched 29.6 MB in 1s (32.6 MB/s)
Selecting previously unselected package nodejs.
(Reading database ... 152736 files and directories currently installed.)
Preparing to unpack .../nodejs_18.20.2-1nodesource1_amd64.deb ...
Unpacking nodejs (18.20.2-1nodesource1) ...
Setting up nodejs (18.20.2-1nodesource1) ...
Processing triggers for man-db (2.9.1-1) ...
root@ubuntu-agent-pre:/home/vagrant# npm -v
10.5.0
root@ubuntu-agent-pre:/home/vagrant# npm install -g axios@0.6.0
npm WARN deprecated axios@0.6.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
added 1 package in 1s
npm notice
npm notice New minor version of npm available! 10.5.0 -> 10.8.0
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.8.0
npm notice Run npm install -g npm@10.8.0 to update!
npm notice
root@ubuntu-agent-pre:/home/vagrant# npm list -g
/usr/lib
├── axios@0.6.0
├── corepack@0.25.2
└── npm@10.5.0
root@ubuntu-agent-pre:/home/vagrant# npm uninstall -g axios
removed 1 package in 193ms
root@ubuntu-agent-pre:/home/vagrant# npm list -g
/usr/lib
├── corepack@0.25.2
└── npm@10.5.0
|
Proof of concept 🟢Agent Information 🟢root@debian-agent-pre:/home/vagrant# cat /etc/*release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@debian-agent-pre:/home/vagrant# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Vendor ID: GenuineIntel
Model name: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
BIOS Model name: CPU @ 0.0GHz
BIOS CPU family: 0
CPU family: 6
Model: 165
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
Stepping: 2
BogoMIPS: 5184.00
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clfl
ush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xto
pology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq monitor ssse3 cx16 pci
d sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm
abm 3dnowprefetch invpcid_single pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed
clflushopt md_clear flush_l1d arch_capabilities
Virtualization features:
Hypervisor vendor: KVM
Virtualization type: full
Caches (sum of all):
L1d: 32 KiB (1 instance)
L1i: 32 KiB (1 instance)
L2: 256 KiB (1 instance)
L3: 12 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0
Vulnerabilities:
Gather data sampling: Unknown: Dependent on hypervisor status
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Meltdown: Mitigation; PTI
Mmio stale data: Mitigation; Clear CPU buffers; SMT Host state unknown
Retbleed: Vulnerable
Spec rstack overflow: Not affected
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affecte
d
Srbds: Unknown: Dependent on hypervisor status
Tsx async abort: Not affected
root@debian-agent-pre:/home/vagrant# free -h
total used free shared buff/cache available
Mem: 1.9Gi 309Mi 1.0Gi 476Ki 760Mi 1.6Gi
Swap: 1.9Gi 0B 1.9Gi
root@debian-agent-pre:/home/vagrant# df --total -h
Filesystem Size Used Avail Use% Mounted on
udev 962M 0 962M 0% /dev
tmpfs 197M 476K 197M 1% /run
/dev/sda3 124G 2.3G 115G 2% /
tmpfs 984M 0 984M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda1 447M 172M 246M 42% /boot
tmpfs 197M 0 197M 0% /run/user/1000
total 126G 2.5G 118G 3% - Agent installation 🟢root@debian-agent-pre:/home/vagrant# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@debian-agent-pre:/home/vagrant# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main" | tee -a /etc/apt/sources.list.d/wazuh.list
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
root@debian-agent-pre:/home/vagrant#
root@debian-agent-pre:/home/vagrant# apt-get update
Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:4 http://security.debian.org/debian-security bookworm-security/main Sources [96.0 kB]
Get:5 http://deb.debian.org/debian bookworm/main Sources [9,489 kB]
Get:6 http://security.debian.org/debian-security bookworm-security/main amd64 Packages [156 kB]
Get:7 http://security.debian.org/debian-security bookworm-security/main Translation-en [92.9 kB]
Get:8 http://deb.debian.org/debian bookworm-updates/main Sources.diff/Index [10.6 kB]
Get:9 http://deb.debian.org/debian bookworm-updates/main amd64 Packages.diff/Index [10.6 kB]
Get:10 http://deb.debian.org/debian bookworm-updates/main Translation-en.diff/Index [10.6 kB]
Get:11 http://deb.debian.org/debian bookworm-updates/main Sources T-2024-04-23-2036.10-F-2024-04-23-2036.10.pdiff [831 B]
Get:12 http://deb.debian.org/debian bookworm-updates/main amd64 Packages T-2024-04-23-2036.10-F-2024-04-23-2036.10.pdiff [1,595 B]
Get:13 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:11 http://deb.debian.org/debian bookworm-updates/main Sources T-2024-04-23-2036.10-F-2024-04-23-2036.10.pdiff [831 B]
Get:12 http://deb.debian.org/debian bookworm-updates/main amd64 Packages T-2024-04-23-2036.10-F-2024-04-23-2036.10.pdiff [1,595 B]
Get:14 http://deb.debian.org/debian bookworm-updates/main Translation-en T-2024-04-23-2036.10-F-2024-04-23-2036.10.pdiff [2,563 B]
Get:14 http://deb.debian.org/debian bookworm-updates/main Translation-en T-2024-04-23-2036.10-F-2024-04-23-2036.10.pdiff [2,563 B]
Get:15 http://deb.debian.org/debian bookworm/main amd64 Packages [8,786 kB]
Get:16 http://deb.debian.org/debian bookworm/main Translation-en [6,109 kB]
Get:17 http://deb.debian.org/debian bookworm-updates/non-free-firmware Sources [2,076 B]
Get:18 http://deb.debian.org/debian bookworm-updates/non-free-firmware amd64 Packages [616 B]
Get:19 http://deb.debian.org/debian bookworm-updates/non-free-firmware Translation-en [384 B]
Get:20 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [37.8 kB]
Fetched 25.1 MB in 3s (8,732 kB/s)
Reading package lists... Done
N: Repository 'http://deb.debian.org/debian bookworm InRelease' changed its 'Version' value from '12.4' to '12.5'
root@debian-agent-pre:/home/vagrant# WAZUH_MANAGER="172.16.1.30" apt-get install wazuh-agent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
wazuh-agent
0 upgraded, 1 newly installed, 0 to remove and 50 not upgraded.
Need to get 10.3 MB of archives.
After this operation, 34.0 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-agent amd64 4.8.0-1 [10.3 MB]
Fetched 10.3 MB in 2s (4,158 kB/s)
Preconfiguring packages ...
Selecting previously unselected package wazuh-agent.
(Reading database ... 60505 files and directories currently installed.)
Preparing to unpack .../wazuh-agent_4.8.0-1_amd64.deb ...
Unpacking wazuh-agent (4.8.0-1) ...
Setting up wazuh-agent (4.8.0-1) ...
root@debian-agent-pre:/home/vagrant# systemctl daemon-reload
root@debian-agent-pre:/home/vagrant# systemctl enable wazuh-agent
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-agent.service → /lib/systemd/system/wazuh-agent.service.
root@debian-agent-pre:/home/vagrant#
root@debian-agent-pre:/home/vagrant# systemctl start wazuh-agent
root@debian-agent-pre:/home/vagrant#
root@debian-agent-pre:/home/vagrant# systemctl status wazuh-agent
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-05-16 14:46:03 UTC; 6s ago
Process: 3862 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/S>
Tasks: 28 (limit: 2307)
Memory: 31.1M
CPU: 1.668s
CGroup: /system.slice/wazuh-agent.service
├─3885 /var/ossec/bin/wazuh-execd
├─3896 /var/ossec/bin/wazuh-agentd
├─3909 /var/ossec/bin/wazuh-syscheckd
├─3922 /var/ossec/bin/wazuh-logcollector
└─3939 /var/ossec/bin/wazuh-modulesd
May 16 14:45:56 debian-agent-pre systemd[1]: Starting wazuh-agent.service - Wazuh agent...
May 16 14:45:56 debian-agent-pre env[3862]: Starting Wazuh v4.8.0...
May 16 14:45:57 debian-agent-pre env[3862]: Started wazuh-execd...
May 16 14:45:58 debian-agent-pre env[3862]: Started wazuh-agentd...
May 16 14:45:59 debian-agent-pre env[3862]: Started wazuh-syscheckd...
May 16 14:46:00 debian-agent-pre env[3862]: Started wazuh-logcollector...
May 16 14:46:01 debian-agent-pre env[3862]: Started wazuh-modulesd...
May 16 14:46:03 debian-agent-pre env[3862]: Completed.
May 16 14:46:03 debian-agent-pre systemd[1]: Started wazuh-agent.service - Wazuh agent.
root@debian-agent-pre:/home/vagrant# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" Configuration 🟢
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1m</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle> Package uninstallation 🟢
root@debian-agent-pre:/home/vagrant# sudo apt remove vim
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
libsodium23 vim-runtime
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
vim
0 upgraded, 0 newly installed, 1 to remove and 50 not upgraded.
After this operation, 3,738 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 60909 files and directories currently installed.)
Removing vim (2:9.0.1378-2) ...
update-alternatives: using /usr/bin/vim.tiny to provide /usr/bin/view (view) in auto mode
update-alternatives: using /usr/bin/vim.tiny to provide /usr/bin/vi (vi) in auto mode
update-alternatives: using /usr/bin/vim.tiny to provide /usr/bin/rview (rview) in auto mode
update-alternatives: using /usr/bin/vim.tiny to provide /usr/bin/ex (ex) in auto mode
Package installation 🟢root@debian-agent-pre:/home/vagrant# sudo apt install vim=2:9.0.1378-2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
ctags vim-doc vim-scripts
The following NEW packages will be installed:
vim
0 upgraded, 1 newly installed, 0 to remove and 50 not upgraded.
Need to get 0 B/1,567 kB of archives.
After this operation, 3,738 kB of additional disk space will be used.
Selecting previously unselected package vim.
(Reading database ... 60900 files and directories currently installed.)
Preparing to unpack .../vim_2%3a9.0.1378-2_amd64.deb ...
Unpacking vim (2:9.0.1378-2) ...
Setting up vim (2:9.0.1378-2) ...
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/ex (ex) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/rview (rview) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/rvim (rvim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vi (vi) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/view (view) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vim (vim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vimdiff (vimdiff) in auto mode
|
Feedback
|
Hi @sebasfalcone, about macOS Sonoma:
Thanks you! |
This comment was marked as outdated.
This comment was marked as outdated.
Feedback@GabrielEValenzuela pointed out that the Python package was installed on a virtual environment We need to repeat the test without the use of the virtual environment to validate the issue |
@sebasfalcone Hi, it has been tested with and without virtual environment and with different packages. In no case are they detected. I have added the comment in the issue. |
FeedbackThanks @santipadilla! Testing LGTM |
LGTM |
End-to-End (E2E) Testing Guideline
Release testing
objective andVery high
priority. Communicate these to the team and QA via the c-release Slack channel.For the conclusions and the issue testing and updates, use the following legend:
Status legend
Issue delivery and completion
review_assignee
field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by May 16, 2024 date (issue must be inPending final review
status) and notify the QA team via Slack using the c-release channel.Deployment requirements
Test description
Important
Check Known issues to ensure that every test is possible to perform.
Note
Remember to check vulnerabilities in corresponding system feeds. Check the list in the CVE lists for endpoint section
CVE lists for endpoint
Vulnerable Packages Suggestions
Note
These packages are only suggestions and the package availability along with the vulnerability status can change.
Consider using different vulnerable packages.
Known issues
Conclusions 🔴
Feedback
We value your feedback. Please provide insights on your testing experience.
Reviewers validation
The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.
All the checkboxes below must be marked in order to close this issue.
The text was updated successfully, but these errors were encountered: