-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exploratory debug symbols & core dump analysis (macOS) #23455
Comments
@jotacarma90 will check if the debug symbols are uploaded to s3 |
Package generation as per documentation:Testings are made made on a fresh install of macOS Catalina on VirtualBox. beto@betos-MacBook-Pro wazuh % git clone https://github.com/wazuh/wazuh
Cloning into 'wazuh'...
remote: Enumerating objects: 408546, done.
remote: Counting objects: 100% (5184/5184), done.
remote: Compressing objects: 100% (1837/1837), done.
remote: Total 408546 (delta 3514), reused 4744 (delta 3230), pack-reused 403362
Receiving objects: 100% (408546/408546), 368.59 MiB | 19.91 MiB/s, done.
Resolving deltas: 100% (305129/305129), done.
Updating files: 100% (5248/5248), done.
beto@betos-MacBook-Pro wazuh % cd wazuh
beto@betos-MacBook-Pro wazuh % git checkout enhancement/9913-generate-debug-symbols-epic
branch 'enhancement/9913-generate-debug-symbols-epic' set up to track 'origin/enhancement/9913-generate-debug-symbols-epic'.
Switched to a new branch 'enhancement/9913-generate-debug-symbols-epic'
beto@betos-MacBook-Pro wazuh % cd packages/macos
beto@betos-MacBook-Pro macos % sudo ./generate_wazuh_packages.sh -s /tmp -j 4
Password:
+ export PATH=/usr/local/bin:/Applications/CMake.app/Contents/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
+ PATH=/usr/local/bin:/Applications/CMake.app/Contents/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
+++ dirname ./generate_wazuh_packages.sh
++ cd .
++ pwd -P
+ CURRENT_PATH=/Users/beto/wazuh/wazuh/packages/macos
+ ARCH=intel64
+ WAZUH_SOURCE_REPOSITORY=https://github.com/wazuh/wazuh
+ INSTALLATION_PATH=/Library/Ossec
+ VERSION=
+ REVISION=1
+ BRANCH_TAG=
+ DESTINATION=/Users/beto/wazuh/wazuh/packages/macos/output
+ JOBS=2
+ VERBOSE=no
+ DEBUG=no
+ CHECKSUM=no
+ IS_STAGE=no
+ MAKE_COMPILATION=yes
+ CERT_APPLICATION_ID=
+ CERT_INSTALLER_ID=
+ KEYCHAIN=
+ KC_PASS=
+ NOTARIZE=no
+ DEVELOPER_ID=
+ ALTOOL_PASS=
+ TEAM_ID=
+ pkg_name=
+ notarization_path=
+ trap ctrl_c INT
+ main -s /tmp -j 4
+ BUILD=yes
+ '[' -n -s ']'
+ case "$1" in
+ '[' -n /tmp ']'
++ sed 's:/*$::'
++ echo /tmp
+ DESTINATION=/tmp
+ shift 2
+ '[' -n -j ']'
+ case "$1" in
+ '[' -n 4 ']'
+ JOBS=4
+ shift 2
+ '[' -n '' ']'
+ '[' no = yes ']'
+ testdep
+ command -v packagesbuild
/usr/local/bin/packagesbuild
+ return 0
+ '[' intel64 '!=' intel64 ']'
+ [[ yes != \n\o ]]
+ check_root
+ [[ 0 -ne 0 ]]
...
rm -f Config.OS
rm -rf external/cJSON external/curl external/libdb external/libffi external/libyaml external/openssl external/procps external/sqlite external/zlib external/audit-userspace external/msgpack external/bzip2 external/nlohmann external/googletest external/libpcre2 external/libplist external/pacman external/libarchive external/popt external/lua external/rpm external/rocksdb external/lzma external/cpp-httplib external/benchmark external/cpython external/jemalloc external/flatbuffers external/cpython/ external/cpython.tar.gz external/rocksdb/
+ /Users/beto/wazuh/wazuh/packages/macos/uninstall.sh
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.9.0 Stopped
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
+ exit 0
beto@betos-MacBook-Pro macos % cd /tmp
beto@betos-MacBook-Pro /tmp % ls
com.apple.launchd.hbPDsDU1HL wazuh-agent_4.9.0-1_intel64_2023bf8faa.pkg
powerlog wazuh-agent_4.9.0-1_intel64_2023bf8faa_debug_symbols.zip Both binary and debug symbols packages are generated |
Package install:beto@betos-MacBook-Pro``` /tmp % sudo bash
The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
bash-3.2# echo "WAZUH_MANAGER='192.168.1.68'" > /tmp/wazuh-_envs && installer -pkg wazuh-agent_4.9.0-1_intel64_2023bf8faa.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
bash-3.2# /Library/Ossec/bin/wazuh-control restart
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.9.0 Stopped
Starting Wazuh v4.9.0...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed. 4.9.0 Manager received enrollment requirement from macOS agent: 2024/05/30 11:18:24 rootcheck: INFO: Ending rootcheck scan.
2024/05/30 11:19:41 wazuh-authd: INFO: New connection from 192.168.1.49
2024/05/30 11:19:41 wazuh-authd: INFO: Received request for a new agent (betos-MacBook-Pro.local) from: 192.168.1.49
2024/05/30 11:19:41 wazuh-authd: INFO: Agent key generated for 'betos-MacBook-Pro.local' (requested by any)
2024/05/30 11:19:46 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/05/30 11:19:46 wazuh-remoted: INFO: (1410): Reading authentication keys file. |
Core dump generation:By following exactly the documentation, no core dump was generated, although this might be due to the test bash-3.2# ulimit -c unlimited
bash-3.2# sysctl -w kern.corefile=/cores/core.%P
kern.corefile: /cores/core.%P -> /cores/core.%P No core dumps are generated, although these steps are necessary anyway. To finally generate them, this procedure must be followed: bash-3.2#``` /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" tmp.entitlements
File Doesn't Exist, Will Create: tmp.entitlements
bash-3.2# codesign -s - -f --entitlements tmp.entitlements agent-auth
bash-3.2# codesign -s - -f --entitlements tmp.entitlements manage_agents
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-agentd
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-control
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-execd
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-logcollector
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-modulesd
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-syscheckd
After the binaries are signed with this entitlement, the core dumps are generated:
bash-3.2# ps -e | grep /Library/Ossec/
15950 ?? 0:00.00 /Library/Ossec/bin/wazuh-execd
15979 ?? 0:00.01 /Library/Ossec/bin/wazuh-syscheckd
15990 ?? 0:00.01 /Library/Ossec/bin/wazuh-logcollector
16007 ?? 0:00.21 /Library/Ossec/bin/wazuh-modulesd
16677 ttys001 0:00.00 grep /Library/Ossec/
ash-3.2# kill -11 15950
bash-3.2# ls /cores
core.15950
bash-3.2# kill -11 15979
bash-3.2# ls /cores
core.15950 core.15979
bash-3.2# kill -11 15990
bash-3.2# ls /cores/
core.15950 core.15979 core.15990
bash-3.2# kill -11 16007
bash-3.2# ls /cores/
core.15950 core.15979 core.15990 core.16007 |
Core dump analysis using debug symbolsDecompress the debug symbols: bash-3.2# cd /tmp
bash-3.2# unzip wazuh-agent_4.9.0-1_intel64_2023bf8faa_debug_symbols.zip
Archive: wazuh-agent_4.9.0-1_intel64_2023bf8faa_debug_symbols.zip
creating: tmp/symbols/
creating: tmp/symbols/librsync.dylib.dSYM/
creating: tmp/symbols/librsync.dylib.dSYM/Contents/
creating: tmp/symbols/librsync.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/librsync.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/librsync.dylib.dSYM/Contents/Resources/DWARF/librsync.dylib
inflating: tmp/symbols/librsync.dylib.dSYM/Contents/Info.plist
creating: tmp/symbols/kaspersky.dSYM/
creating: tmp/symbols/kaspersky.dSYM/Contents/
creating: tmp/symbols/kaspersky.dSYM/Contents/Resources/
creating: tmp/symbols/kaspersky.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/kaspersky.dSYM/Contents/Resources/DWARF/kaspersky
inflating: tmp/symbols/kaspersky.dSYM/Contents/Info.plist
creating: tmp/symbols/host-deny.dSYM/
creating: tmp/symbols/host-deny.dSYM/Contents/
creating: tmp/symbols/host-deny.dSYM/Contents/Resources/
creating: tmp/symbols/host-deny.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/host-deny.dSYM/Contents/Resources/DWARF/host-deny
inflating: tmp/symbols/host-deny.dSYM/Contents/Info.plist
creating: tmp/symbols/firewalld-drop.dSYM/
creating: tmp/symbols/firewalld-drop.dSYM/Contents/
creating: tmp/symbols/firewalld-drop.dSYM/Contents/Resources/
creating: tmp/symbols/firewalld-drop.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/firewalld-drop.dSYM/Contents/Resources/DWARF/firewalld-drop
inflating: tmp/symbols/firewalld-drop.dSYM/Contents/Info.plist
creating: tmp/symbols/libwazuhshared.dylib.dSYM/
creating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/
creating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Resources/DWARF/libwazuhshared.dylib
inflating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Info.plist
creating: tmp/symbols/libsysinfo.dylib.dSYM/
creating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/
creating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Resources/DWARF/libsysinfo.dylib
inflating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Info.plist
creating: tmp/symbols/agent-auth.dSYM/
creating: tmp/symbols/agent-auth.dSYM/Contents/
creating: tmp/symbols/agent-auth.dSYM/Contents/Resources/
creating: tmp/symbols/agent-auth.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/agent-auth.dSYM/Contents/Resources/DWARF/agent-auth
inflating: tmp/symbols/agent-auth.dSYM/Contents/Info.plist
creating: tmp/symbols/wazuh-logcollector.dSYM/
creating: tmp/symbols/wazuh-logcollector.dSYM/Contents/
creating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/
creating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/DWARF/wazuh-logcollector
inflating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Info.plist
creating: tmp/symbols/libwazuhext.dylib.dSYM/
creating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/
creating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Resources/DWARF/libwazuhext.dylib
inflating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Info.plist
creating: tmp/symbols/default-firewall-drop.dSYM/
creating: tmp/symbols/default-firewall-drop.dSYM/Contents/
creating: tmp/symbols/default-firewall-drop.dSYM/Contents/Resources/
creating: tmp/symbols/default-firewall-drop.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/default-firewall-drop.dSYM/Contents/Resources/DWARF/default-firewall-drop
inflating: tmp/symbols/default-firewall-drop.dSYM/Contents/Info.plist
creating: tmp/symbols/ipfw.dSYM/
creating: tmp/symbols/ipfw.dSYM/Contents/
creating: tmp/symbols/ipfw.dSYM/Contents/Resources/
creating: tmp/symbols/ipfw.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/ipfw.dSYM/Contents/Resources/DWARF/ipfw
inflating: tmp/symbols/ipfw.dSYM/Contents/Info.plist
creating: tmp/symbols/route-null.dSYM/
creating: tmp/symbols/route-null.dSYM/Contents/
creating: tmp/symbols/route-null.dSYM/Contents/Resources/
creating: tmp/symbols/route-null.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/route-null.dSYM/Contents/Resources/DWARF/route-null
inflating: tmp/symbols/route-null.dSYM/Contents/Info.plist
creating: tmp/symbols/libsyscollector.dylib.dSYM/
creating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/
creating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Resources/DWARF/libsyscollector.dylib
inflating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Info.plist
creating: tmp/symbols/restart-wazuh.dSYM/
creating: tmp/symbols/restart-wazuh.dSYM/Contents/
creating: tmp/symbols/restart-wazuh.dSYM/Contents/Resources/
creating: tmp/symbols/restart-wazuh.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/restart-wazuh.dSYM/Contents/Resources/DWARF/restart-wazuh
inflating: tmp/symbols/restart-wazuh.dSYM/Contents/Info.plist
creating: tmp/symbols/wazuh-slack.dSYM/
creating: tmp/symbols/wazuh-slack.dSYM/Contents/
creating: tmp/symbols/wazuh-slack.dSYM/Contents/Resources/
creating: tmp/symbols/wazuh-slack.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/wazuh-slack.dSYM/Contents/Resources/DWARF/wazuh-slack
inflating: tmp/symbols/wazuh-slack.dSYM/Contents/Info.plist
creating: tmp/symbols/pf.dSYM/
creating: tmp/symbols/pf.dSYM/Contents/
creating: tmp/symbols/pf.dSYM/Contents/Resources/
creating: tmp/symbols/pf.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/pf.dSYM/Contents/Resources/DWARF/pf
inflating: tmp/symbols/pf.dSYM/Contents/Info.plist
creating: tmp/symbols/libdbsync.dylib.dSYM/
creating: tmp/symbols/libdbsync.dylib.dSYM/Contents/
creating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Resources/DWARF/libdbsync.dylib
inflating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Info.plist
creating: tmp/symbols/manage_agents.dSYM/
creating: tmp/symbols/manage_agents.dSYM/Contents/
creating: tmp/symbols/manage_agents.dSYM/Contents/Resources/
creating: tmp/symbols/manage_agents.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/manage_agents.dSYM/Contents/Resources/DWARF/manage_agents
inflating: tmp/symbols/manage_agents.dSYM/Contents/Info.plist
creating: tmp/symbols/disable-account.dSYM/
creating: tmp/symbols/disable-account.dSYM/Contents/
creating: tmp/symbols/disable-account.dSYM/Contents/Resources/
creating: tmp/symbols/disable-account.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/disable-account.dSYM/Contents/Resources/DWARF/disable-account
inflating: tmp/symbols/disable-account.dSYM/Contents/Info.plist
creating: tmp/symbols/wazuh-execd.dSYM/
creating: tmp/symbols/wazuh-execd.dSYM/Contents/
creating: tmp/symbols/wazuh-execd.dSYM/Contents/Resources/
creating: tmp/symbols/wazuh-execd.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/wazuh-execd.dSYM/Contents/Resources/DWARF/wazuh-execd
inflating: tmp/symbols/wazuh-execd.dSYM/Contents/Info.plist
creating: tmp/symbols/wazuh-modulesd.dSYM/
creating: tmp/symbols/wazuh-modulesd.dSYM/Contents/
creating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Resources/
creating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Resources/DWARF/wazuh-modulesd
inflating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Info.plist
creating: tmp/symbols/wazuh-agentd.dSYM/
creating: tmp/symbols/wazuh-agentd.dSYM/Contents/
creating: tmp/symbols/wazuh-agentd.dSYM/Contents/Resources/
creating: tmp/symbols/wazuh-agentd.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/wazuh-agentd.dSYM/Contents/Resources/DWARF/wazuh-agentd
inflating: tmp/symbols/wazuh-agentd.dSYM/Contents/Info.plist
creating: tmp/symbols/ip-customblock.dSYM/
creating: tmp/symbols/ip-customblock.dSYM/Contents/
creating: tmp/symbols/ip-customblock.dSYM/Contents/Resources/
creating: tmp/symbols/ip-customblock.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/ip-customblock.dSYM/Contents/Resources/DWARF/ip-customblock
inflating: tmp/symbols/ip-customblock.dSYM/Contents/Info.plist
creating: tmp/symbols/npf.dSYM/
creating: tmp/symbols/npf.dSYM/Contents/
creating: tmp/symbols/npf.dSYM/Contents/Resources/
creating: tmp/symbols/npf.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/npf.dSYM/Contents/Resources/DWARF/npf
inflating: tmp/symbols/npf.dSYM/Contents/Info.plist
creating: tmp/symbols/libfimdb.dylib.dSYM/
creating: tmp/symbols/libfimdb.dylib.dSYM/Contents/
creating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Resources/
creating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Resources/DWARF/
inflating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Resources/DWARF/libfimdb.dylib
inflating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Info.plist Debug core dump: bash-3.2# lldb -c core.15990 /Library/Ossec/bin/wazuh-logcollector
(lldb) target create "/Library/Ossec/bin/wazuh-logcollector" --core "core.15990"
Core file '/cores/core.15990' (x86_64) was loaded.
(lldb) add-dsym /tmp/tmp/symbols/wazuh-logcollector.dSYM
symbol file '/tmp/tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/DWARF/wazuh-logcollector' has been added to '/Library/Ossec/bin/wazuh-logcollector'
(lldb) bt
* thread #1, stop reason = signal SIGSTOP
* frame #0: 0x00007fff72da2746 libsystem_kernel.dylib`__semwait_signal + 10
frame #1: 0x00007fff72d25eea libsystem_c.dylib`nanosleep + 196
frame #2: 0x00007fff72d25d52 libsystem_c.dylib`sleep + 41
frame #3: 0x0000000107559d08 wazuh-logcollector`LogCollectorStart at logcollector.c:964:9 [opt]
frame #4: 0x00000001075604d6 wazuh-logcollector`main(argc=123727928, argv=0x00007ffee86adc48) at main.c:195:5 [opt]
frame #5: 0x00007fff72c5ecc9 libdyld.dylib`start + 1
frame #6: 0x00007fff72c5ecc9 libdyld.dylib`start +
(lldb) list
50 {
51 int c;
52 int debug_level = 0;
53 int test_config = 0, run_foreground = 0;
54
55 /* Set the name */
56 OS_SetName(ARGV0);
57
58 // Define current working directory
59 char * home_path = w_homedir(argv[0]);
(lldb) q
|
LGTM. |
Description
This issue aims to make a exploratory session of current #9913 phase 1 development for the Agent instance of the macOS package.
Verifications should be performed on the following issues to check end to end the process from generation of symbols to core dump analysis with them.
These verifications must be performed by a different collaborator than the originally assigned to the issue, and a full detail of procedures, logs and results must be provided.
Evidence of success must be provided as well.
Goals
DoD
Approval
DRI Name: @ncvicchi
Objective: Generate debug symbols
The text was updated successfully, but these errors were encountered: