Exploratory debug symbols & core dump analysis (macOS)

[ncvicchi]

Related issue
#21736
#21739

Description

This issue aims to make a exploratory session of current #9913 phase 1 development for the Agent instance of the macOS package.

Verifications should be performed on the following issues to check end to end the process from generation of symbols to core dump analysis with them.

These verifications must be performed by a different collaborator than the originally assigned to the issue, and a full detail of procedures, logs and results must be provided.
Evidence of success must be provided as well.

Goals

• Verify that binary and debug symbols packages are correctly generated by following the current documentation
• Verify that binary & debug symbols packages are automatically uploaded to their designated locations.
• Verify that packages perform a successful installation by following the current documentation.
• Verify that the installed agent instance runs succesfully.
• Verify that a core dump is generated on simulated failure.
• Verify that debug symbols are suitable to debug/analyze the core dumps.
• Verify that the documentation used during all the exploratory is adequate, correct and complete.
• Verify that core/ dump generation can be enabled and disabled just by following the proper documentation.

DoD

• Packages for binaries and debug symbols are generated by following documentation. @ncvicchi
• Packages are confirmed to be uploaded to their designated location. @jotacarma90
• Installation is tested and validated. @ncvicchi
• Installed agent behaves as expected. @ncvicchi
• A simulation of failure is performed and as a result a core dump is generated. @ncvicchi
• Core dump is successfully analyzed by using the corresponding debug symbols. @ncvicchi
• No documentation errors are found of left uncorrected. @ncvicchi
• Core dump generation is validated to be enabled or disabled just by following the proper documentation. @ncvicchi
• Extensive evidence and documentation of the exploratory is provided @ncvicchi

Approval
DRI Name: @ncvicchi
Objective: Generate debug symbols

[Dwordcito]

@jotacarma90 will check if the debug symbols are uploaded to s3

[ncvicchi]

Package generation as per documentation:

Testings are made made on a fresh install of macOS Catalina on VirtualBox.

beto@betos-MacBook-Pro wazuh % git clone https://github.com/wazuh/wazuh
Cloning into 'wazuh'...
remote: Enumerating objects: 408546, done.
remote: Counting objects: 100% (5184/5184), done.
remote: Compressing objects: 100% (1837/1837), done.
remote: Total 408546 (delta 3514), reused 4744 (delta 3230), pack-reused 403362
Receiving objects: 100% (408546/408546), 368.59 MiB | 19.91 MiB/s, done.
Resolving deltas: 100% (305129/305129), done.
Updating files: 100% (5248/5248), done. 
beto@betos-MacBook-Pro wazuh % cd wazuh 
beto@betos-MacBook-Pro wazuh % git checkout enhancement/9913-generate-debug-symbols-epic
branch 'enhancement/9913-generate-debug-symbols-epic' set up to track 'origin/enhancement/9913-generate-debug-symbols-epic'.
Switched to a new branch 'enhancement/9913-generate-debug-symbols-epic'
beto@betos-MacBook-Pro wazuh % cd packages/macos
beto@betos-MacBook-Pro macos % sudo ./generate_wazuh_packages.sh -s /tmp -j 4
Password:
+ export PATH=/usr/local/bin:/Applications/CMake.app/Contents/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
+ PATH=/usr/local/bin:/Applications/CMake.app/Contents/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
+++ dirname ./generate_wazuh_packages.sh
++ cd .
++ pwd -P
+ CURRENT_PATH=/Users/beto/wazuh/wazuh/packages/macos
+ ARCH=intel64
+ WAZUH_SOURCE_REPOSITORY=https://github.com/wazuh/wazuh
+ INSTALLATION_PATH=/Library/Ossec
+ VERSION=
+ REVISION=1
+ BRANCH_TAG=
+ DESTINATION=/Users/beto/wazuh/wazuh/packages/macos/output
+ JOBS=2
+ VERBOSE=no
+ DEBUG=no
+ CHECKSUM=no
+ IS_STAGE=no
+ MAKE_COMPILATION=yes
+ CERT_APPLICATION_ID=
+ CERT_INSTALLER_ID=
+ KEYCHAIN=
+ KC_PASS=
+ NOTARIZE=no
+ DEVELOPER_ID=
+ ALTOOL_PASS=
+ TEAM_ID=
+ pkg_name=
+ notarization_path=
+ trap ctrl_c INT
+ main -s /tmp -j 4
+ BUILD=yes
+ '[' -n -s ']'
+ case "$1" in
+ '[' -n /tmp ']'
++ sed 's:/*$::'
++ echo /tmp
+ DESTINATION=/tmp
+ shift 2
+ '[' -n -j ']'
+ case "$1" in
+ '[' -n 4 ']'
+ JOBS=4
+ shift 2
+ '[' -n '' ']'
+ '[' no = yes ']'
+ testdep
+ command -v packagesbuild
/usr/local/bin/packagesbuild
+ return 0
+ '[' intel64 '!=' intel64 ']'
+ [[ yes != \n\o ]]
+ check_root
+ [[ 0 -ne 0 ]]
...
rm -f Config.OS
rm -rf external/cJSON external/curl external/libdb external/libffi external/libyaml external/openssl external/procps external/sqlite external/zlib external/audit-userspace external/msgpack external/bzip2 external/nlohmann external/googletest external/libpcre2 external/libplist external/pacman external/libarchive external/popt external/lua external/rpm external/rocksdb external/lzma external/cpp-httplib external/benchmark external/cpython external/jemalloc external/flatbuffers external/cpython/ external/cpython.tar.gz external/rocksdb/
+ /Users/beto/wazuh/wazuh/packages/macos/uninstall.sh
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.9.0 Stopped
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.

Wazuh agent correctly removed from the system.

+ exit 0
beto@betos-MacBook-Pro macos % cd /tmp
beto@betos-MacBook-Pro /tmp % ls
com.apple.launchd.hbPDsDU1HL					wazuh-agent_4.9.0-1_intel64_2023bf8faa.pkg
powerlog							wazuh-agent_4.9.0-1_intel64_2023bf8faa_debug_symbols.zip

Both binary and debug symbols packages are generated

[ncvicchi]

Package install:

beto@betos-MacBook-Pro``` /tmp % sudo bash

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
bash-3.2# echo "WAZUH_MANAGER='192.168.1.68'" > /tmp/wazuh-_envs && installer -pkg wazuh-agent_4.9.0-1_intel64_2023bf8faa.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.

bash-3.2# /Library/Ossec/bin/wazuh-control restart
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.9.0 Stopped
Starting Wazuh v4.9.0...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.

4.9.0 Manager received enrollment requirement from macOS agent:

2024/05/30 11:18:24 rootcheck: INFO: Ending rootcheck scan.
2024/05/30 11:19:41 wazuh-authd: INFO: New connection from 192.168.1.49
2024/05/30 11:19:41 wazuh-authd: INFO: Received request for a new agent (betos-MacBook-Pro.local) from: 192.168.1.49
2024/05/30 11:19:41 wazuh-authd: INFO: Agent key generated for 'betos-MacBook-Pro.local' (requested by any)
2024/05/30 11:19:46 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/05/30 11:19:46 wazuh-remoted: INFO: (1410): Reading authentication keys file.

[ncvicchi]

Core dump generation:

By following exactly the documentation, no core dump was generated, although this might be due to the test
To succesfully generate core dumps, and after following the documentation, a dummy entitlements had to be generated and then the binaries had to be signed with it:

bash-3.2# ulimit -c unlimited
bash-3.2# sysctl -w kern.corefile=/cores/core.%P
kern.corefile: /cores/core.%P -> /cores/core.%P

No core dumps are generated, although these steps are necessary anyway.

To finally generate them, this procedure must be followed:

bash-3.2#``` /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" tmp.entitlements
File Doesn't Exist, Will Create: tmp.entitlements
bash-3.2# codesign -s - -f --entitlements tmp.entitlements agent-auth
bash-3.2# codesign -s - -f --entitlements tmp.entitlements manage_agents
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-agentd
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-control
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-execd
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-logcollector
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-modulesd
bash-3.2# codesign -s - -f --entitlements tmp.entitlements wazuh-syscheckd

After the binaries are signed with this entitlement, the core dumps are generated:

bash-3.2# ps -e | grep /Library/Ossec/
15950 ??         0:00.00 /Library/Ossec/bin/wazuh-execd
15979 ??         0:00.01 /Library/Ossec/bin/wazuh-syscheckd
15990 ??         0:00.01 /Library/Ossec/bin/wazuh-logcollector
16007 ??         0:00.21 /Library/Ossec/bin/wazuh-modulesd
16677 ttys001    0:00.00 grep /Library/Ossec/

ash-3.2# kill -11 15950
bash-3.2# ls /cores
core.15950
bash-3.2# kill -11 15979
bash-3.2# ls /cores
core.15950	core.15979
bash-3.2# kill -11 15990
bash-3.2# ls /cores/
core.15950	core.15979	core.15990
bash-3.2# kill -11 16007
bash-3.2# ls /cores/
core.15950	core.15979	core.15990	core.16007

[ncvicchi]

Core dump analysis using debug symbols

Decompress the debug symbols:

bash-3.2# cd /tmp
bash-3.2# unzip wazuh-agent_4.9.0-1_intel64_2023bf8faa_debug_symbols.zip 
Archive:  wazuh-agent_4.9.0-1_intel64_2023bf8faa_debug_symbols.zip
   creating: tmp/symbols/
   creating: tmp/symbols/librsync.dylib.dSYM/
   creating: tmp/symbols/librsync.dylib.dSYM/Contents/
   creating: tmp/symbols/librsync.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/librsync.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/librsync.dylib.dSYM/Contents/Resources/DWARF/librsync.dylib  
  inflating: tmp/symbols/librsync.dylib.dSYM/Contents/Info.plist  
   creating: tmp/symbols/kaspersky.dSYM/
   creating: tmp/symbols/kaspersky.dSYM/Contents/
   creating: tmp/symbols/kaspersky.dSYM/Contents/Resources/
   creating: tmp/symbols/kaspersky.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/kaspersky.dSYM/Contents/Resources/DWARF/kaspersky  
  inflating: tmp/symbols/kaspersky.dSYM/Contents/Info.plist  
   creating: tmp/symbols/host-deny.dSYM/
   creating: tmp/symbols/host-deny.dSYM/Contents/
   creating: tmp/symbols/host-deny.dSYM/Contents/Resources/
   creating: tmp/symbols/host-deny.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/host-deny.dSYM/Contents/Resources/DWARF/host-deny  
  inflating: tmp/symbols/host-deny.dSYM/Contents/Info.plist  
   creating: tmp/symbols/firewalld-drop.dSYM/
   creating: tmp/symbols/firewalld-drop.dSYM/Contents/
   creating: tmp/symbols/firewalld-drop.dSYM/Contents/Resources/
   creating: tmp/symbols/firewalld-drop.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/firewalld-drop.dSYM/Contents/Resources/DWARF/firewalld-drop  
  inflating: tmp/symbols/firewalld-drop.dSYM/Contents/Info.plist  
   creating: tmp/symbols/libwazuhshared.dylib.dSYM/
   creating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/
   creating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Resources/DWARF/libwazuhshared.dylib  
  inflating: tmp/symbols/libwazuhshared.dylib.dSYM/Contents/Info.plist  
   creating: tmp/symbols/libsysinfo.dylib.dSYM/
   creating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/
   creating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Resources/DWARF/libsysinfo.dylib  
  inflating: tmp/symbols/libsysinfo.dylib.dSYM/Contents/Info.plist  
   creating: tmp/symbols/agent-auth.dSYM/
   creating: tmp/symbols/agent-auth.dSYM/Contents/
   creating: tmp/symbols/agent-auth.dSYM/Contents/Resources/
   creating: tmp/symbols/agent-auth.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/agent-auth.dSYM/Contents/Resources/DWARF/agent-auth  
  inflating: tmp/symbols/agent-auth.dSYM/Contents/Info.plist  
   creating: tmp/symbols/wazuh-logcollector.dSYM/
   creating: tmp/symbols/wazuh-logcollector.dSYM/Contents/
   creating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/
   creating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/DWARF/wazuh-logcollector  
  inflating: tmp/symbols/wazuh-logcollector.dSYM/Contents/Info.plist  
   creating: tmp/symbols/libwazuhext.dylib.dSYM/
   creating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/
   creating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Resources/DWARF/libwazuhext.dylib  
  inflating: tmp/symbols/libwazuhext.dylib.dSYM/Contents/Info.plist  
   creating: tmp/symbols/default-firewall-drop.dSYM/
   creating: tmp/symbols/default-firewall-drop.dSYM/Contents/
   creating: tmp/symbols/default-firewall-drop.dSYM/Contents/Resources/
   creating: tmp/symbols/default-firewall-drop.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/default-firewall-drop.dSYM/Contents/Resources/DWARF/default-firewall-drop  
  inflating: tmp/symbols/default-firewall-drop.dSYM/Contents/Info.plist  
   creating: tmp/symbols/ipfw.dSYM/
   creating: tmp/symbols/ipfw.dSYM/Contents/
   creating: tmp/symbols/ipfw.dSYM/Contents/Resources/
   creating: tmp/symbols/ipfw.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/ipfw.dSYM/Contents/Resources/DWARF/ipfw  
  inflating: tmp/symbols/ipfw.dSYM/Contents/Info.plist  
   creating: tmp/symbols/route-null.dSYM/
   creating: tmp/symbols/route-null.dSYM/Contents/
   creating: tmp/symbols/route-null.dSYM/Contents/Resources/
   creating: tmp/symbols/route-null.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/route-null.dSYM/Contents/Resources/DWARF/route-null  
  inflating: tmp/symbols/route-null.dSYM/Contents/Info.plist  
   creating: tmp/symbols/libsyscollector.dylib.dSYM/
   creating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/
   creating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Resources/DWARF/libsyscollector.dylib  
  inflating: tmp/symbols/libsyscollector.dylib.dSYM/Contents/Info.plist  
   creating: tmp/symbols/restart-wazuh.dSYM/
   creating: tmp/symbols/restart-wazuh.dSYM/Contents/
   creating: tmp/symbols/restart-wazuh.dSYM/Contents/Resources/
   creating: tmp/symbols/restart-wazuh.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/restart-wazuh.dSYM/Contents/Resources/DWARF/restart-wazuh  
  inflating: tmp/symbols/restart-wazuh.dSYM/Contents/Info.plist  
   creating: tmp/symbols/wazuh-slack.dSYM/
   creating: tmp/symbols/wazuh-slack.dSYM/Contents/
   creating: tmp/symbols/wazuh-slack.dSYM/Contents/Resources/
   creating: tmp/symbols/wazuh-slack.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/wazuh-slack.dSYM/Contents/Resources/DWARF/wazuh-slack  
  inflating: tmp/symbols/wazuh-slack.dSYM/Contents/Info.plist  
   creating: tmp/symbols/pf.dSYM/
   creating: tmp/symbols/pf.dSYM/Contents/
   creating: tmp/symbols/pf.dSYM/Contents/Resources/
   creating: tmp/symbols/pf.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/pf.dSYM/Contents/Resources/DWARF/pf  
  inflating: tmp/symbols/pf.dSYM/Contents/Info.plist  
   creating: tmp/symbols/libdbsync.dylib.dSYM/
   creating: tmp/symbols/libdbsync.dylib.dSYM/Contents/
   creating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Resources/DWARF/libdbsync.dylib  
  inflating: tmp/symbols/libdbsync.dylib.dSYM/Contents/Info.plist  
   creating: tmp/symbols/manage_agents.dSYM/
   creating: tmp/symbols/manage_agents.dSYM/Contents/
   creating: tmp/symbols/manage_agents.dSYM/Contents/Resources/
   creating: tmp/symbols/manage_agents.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/manage_agents.dSYM/Contents/Resources/DWARF/manage_agents  
  inflating: tmp/symbols/manage_agents.dSYM/Contents/Info.plist  
   creating: tmp/symbols/disable-account.dSYM/
   creating: tmp/symbols/disable-account.dSYM/Contents/
   creating: tmp/symbols/disable-account.dSYM/Contents/Resources/
   creating: tmp/symbols/disable-account.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/disable-account.dSYM/Contents/Resources/DWARF/disable-account  
  inflating: tmp/symbols/disable-account.dSYM/Contents/Info.plist  
   creating: tmp/symbols/wazuh-execd.dSYM/
   creating: tmp/symbols/wazuh-execd.dSYM/Contents/
   creating: tmp/symbols/wazuh-execd.dSYM/Contents/Resources/
   creating: tmp/symbols/wazuh-execd.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/wazuh-execd.dSYM/Contents/Resources/DWARF/wazuh-execd  
  inflating: tmp/symbols/wazuh-execd.dSYM/Contents/Info.plist  
   creating: tmp/symbols/wazuh-modulesd.dSYM/
   creating: tmp/symbols/wazuh-modulesd.dSYM/Contents/
   creating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Resources/
   creating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Resources/DWARF/wazuh-modulesd  
  inflating: tmp/symbols/wazuh-modulesd.dSYM/Contents/Info.plist  
   creating: tmp/symbols/wazuh-agentd.dSYM/
   creating: tmp/symbols/wazuh-agentd.dSYM/Contents/
   creating: tmp/symbols/wazuh-agentd.dSYM/Contents/Resources/
   creating: tmp/symbols/wazuh-agentd.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/wazuh-agentd.dSYM/Contents/Resources/DWARF/wazuh-agentd  
  inflating: tmp/symbols/wazuh-agentd.dSYM/Contents/Info.plist  
   creating: tmp/symbols/ip-customblock.dSYM/
   creating: tmp/symbols/ip-customblock.dSYM/Contents/
   creating: tmp/symbols/ip-customblock.dSYM/Contents/Resources/
   creating: tmp/symbols/ip-customblock.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/ip-customblock.dSYM/Contents/Resources/DWARF/ip-customblock  
  inflating: tmp/symbols/ip-customblock.dSYM/Contents/Info.plist  
   creating: tmp/symbols/npf.dSYM/
   creating: tmp/symbols/npf.dSYM/Contents/
   creating: tmp/symbols/npf.dSYM/Contents/Resources/
   creating: tmp/symbols/npf.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/npf.dSYM/Contents/Resources/DWARF/npf  
  inflating: tmp/symbols/npf.dSYM/Contents/Info.plist  
   creating: tmp/symbols/libfimdb.dylib.dSYM/
   creating: tmp/symbols/libfimdb.dylib.dSYM/Contents/
   creating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Resources/
   creating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Resources/DWARF/
  inflating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Resources/DWARF/libfimdb.dylib  
  inflating: tmp/symbols/libfimdb.dylib.dSYM/Contents/Info.plist  

Debug core dump:

bash-3.2# lldb -c core.15990 /Library/Ossec/bin/wazuh-logcollector 
(lldb) target create "/Library/Ossec/bin/wazuh-logcollector" --core "core.15990"
Core file '/cores/core.15990' (x86_64) was loaded.

(lldb) add-dsym /tmp/tmp/symbols/wazuh-logcollector.dSYM
symbol file '/tmp/tmp/symbols/wazuh-logcollector.dSYM/Contents/Resources/DWARF/wazuh-logcollector' has been added to '/Library/Ossec/bin/wazuh-logcollector'
(lldb) bt
* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x00007fff72da2746 libsystem_kernel.dylib`__semwait_signal + 10
    frame #1: 0x00007fff72d25eea libsystem_c.dylib`nanosleep + 196
    frame #2: 0x00007fff72d25d52 libsystem_c.dylib`sleep + 41
    frame #3: 0x0000000107559d08 wazuh-logcollector`LogCollectorStart at logcollector.c:964:9 [opt]
    frame #4: 0x00000001075604d6 wazuh-logcollector`main(argc=123727928, argv=0x00007ffee86adc48) at main.c:195:5 [opt]
    frame #5: 0x00007fff72c5ecc9 libdyld.dylib`start + 1
    frame #6: 0x00007fff72c5ecc9 libdyld.dylib`start + 
(lldb) list
   50  	{
   51  	    int c;
   52  	    int debug_level = 0;
   53  	    int test_config = 0, run_foreground = 0;
   54  	
   55  	    /* Set the name */
   56  	    OS_SetName(ARGV0);
   57  	
   58  	    // Define current working directory
   59  	    char * home_path = w_homedir(argv[0]);
(lldb) q

[Dwordcito]

LGTM.