Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot install macOS package on macOS Ventura 13.4 #2205

Closed
2 tasks done
DFolchA opened this issue May 19, 2023 · 8 comments · Fixed by wazuh/wazuh#17195, #2218 or wazuh/wazuh-documentation#6125
Closed
2 tasks done

Cannot install macOS package on macOS Ventura 13.4 #2205

DFolchA opened this issue May 19, 2023 · 8 comments · Fixed by wazuh/wazuh#17195, #2218 or wazuh/wazuh-documentation#6125
Assignees
@jnasselle @DFolchA
Labels
component: agent/macos level/task Subtask issue type/bug Bug issue

Comments

@DFolchA
Copy link
Contributor

DFolchA commented May 19, 2023
edited by jnasselle
Loading

Wazuh version Install type Action performed Platform
4.4.2 Agent Install macOS Ventura
Related issues/PR
Documentation wazuh/wazuh-documentation#6123
Packages #2218
Kibana app wazuh/wazuh-dashboard-plugins#5466
Core wazuh/wazuh#17195

We were notified that the macOS package cannot be installed on macOS Ventura 13.4 if integrity protection is enabled, resulting in the following error:

Could not set environment: 150: Operation not permitted while System Integrity Protection is engaged

Probably this is caused by a notarization error in the package binaries

Tasks

  • Investigate the cause of the error and affected systems

Validation

  • The package can be installed with integrity protection enabled

Solution summary

  • A temporary file called /tmp/wazuh_envs will be created before the proper installation command call. This file will contain Deployment variables defined by the user and will be ingested and erased during the installation process. The file owns to root user in order to avoid security issues.
  • A string that will contain the concatenation of user Deployment Variables will be created and inserted using the echo command into /tmp/wazuh_envs. The string specs
    • &&-separated concatenation of list of KEY='VALUE', being KEY the available development variables and VALUE the one specified by the user
    • will be between double quotes, while each of the deployment variables values will be between single quotes
    • Deployment variable values need to be escaped if double quotes exist
@wazuhci wazuhci moved this to Backlog in Release 4.4.3 May 19, 2023
@DFolchA DFolchA self-assigned this May 19, 2023
@snaow snaow changed the title Cannot install macOS package on macOS Ventura Cannot install macOS package on macOS Ventura 13.4 May 19, 2023
@havidarou havidarou assigned jnasselle and unassigned DFolchA May 19, 2023
@havidarou havidarou moved this from Backlog to In progress in Release 4.4.3 May 19, 2023
@jnasselle
Copy link
Member

jnasselle commented May 19, 2023
edited
Loading

Update

Package background

b87e895e5e95de04018e9788c6d5717a7a3ff58f4b93c880a20bf52a7a0903bf054cdaa70baf82117d493e106edbfdc4f006758218b56fd23d1e27968290d846  wazuh-agent-4.4.2-1.pkg

Attempt 1 to reproduce the issue

Trying on faster env to test this

ec2-user@ip-172-31-46-65 ~ % sw_vers 
ProductName:		macOS
ProductVersion:		13.2.1
BuildVersion:		22D68
ec2-user@ip-172-31-46-65 ~ % csrutil status
System Integrity Protection status: unknown (Custom Configuration).

Configuration:
	Apple Internal: disabled
	Kext Signing: enabled
	Filesystem Protections: disabled
	Debugging Restrictions: enabled
	DTrace Restrictions: enabled
	NVRAM Protections: enabled
	BaseSystem Verification: enabled

This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
ec2-user@ip-172-31-46-65 ~ % system_profiler SPSoftwareDataType
Software:

    System Software Overview:

      System Version: macOS 13.2.1 (22D68)
      Kernel Version: Darwin 22.3.0
      Boot Volume: Macintosh HD
      Boot Mode: Normal
      User Name: ec2-user (ec2-user)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Disabled
      Time since boot: 5 hours, 27 minutes

ec2-user@ip-172-31-46-65 ~ % curl -LO  https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.2-1.pkg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 5549k  100 5549k    0     0   149M      0 --:--:-- --:--:-- --:--:--  180M
ec2-user@ip-172-31-46-65 ~ % shasum -a 512 wazuh-agent-4.4.2-1.pkg 
b87e895e5e95de04018e9788c6d5717a7a3ff58f4b93c880a20bf52a7a0903bf054cdaa70baf82117d493e106edbfdc4f006758218b56fd23d1e27968290d846  wazuh-agent-4.4.2-1.pkg
ec2-user@ip-172-31-46-65 ~ % pkgutil --check-signature wazuh-agent-4.4.2-1.pkg 
Package "wazuh-agent-4.4.2-1.pkg":
   Status: signed by a developer certificate issued by Apple for distribution
   Notarization: trusted by the Apple notary service
   Signed with a trusted timestamp on: 2023-05-12 15:57:24 +0000
   Certificate Chain:
    1. Developer ID Installer: Wazuh Inc (KLZK8P68R5)
       Expires: 2027-02-01 22:12:15 +0000
       SHA256 Fingerprint:
           A8 8F B5 40 D9 1F 9A 4C AF DC 57 3F E7 7D 63 30 38 A1 78 7D 1C 05 
           54 80 27 EA D4 B9 C6 47 7E 1E
       ------------------------------------------------------------------------
    2. Developer ID Certification Authority
       Expires: 2027-02-01 22:12:15 +0000
       SHA256 Fingerprint:
           7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03 
           F2 9C 88 CF B0 B1 BA 63 58 7F
       ------------------------------------------------------------------------
    3. Apple Root CA
       Expires: 2035-02-09 21:40:36 +0000
       SHA256 Fingerprint:
           B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 
           68 C5 BE 91 B5 A1 10 01 F0 24

CONCLUSION: AWS provides only macOS Ventura 13.2.1 x86_64 with SIP disabled and could not be changed, so a native hardware/vm should be used

Attempt 2 to reproduce the issue

ec2-user@ip-172-31-44-53 ~ % sw_vers 
ProductName:		macOS
ProductVersion:		13.2.1
BuildVersion:		22D68

ec2-user@ip-172-31-44-53 ~ % system_profiler SPSoftwareDataType

Software:

    System Software Overview:

      System Version: macOS 13.2.1 (22D68)
      Kernel Version: Darwin 22.3.0
      Boot Volume: Macintosh HD
      Boot Mode: Normal
      User Name: ec2-user (ec2-user)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 5 minutes, 39 seconds

ec2-user@ip-172-31-44-53 ~ % 
ec2-user@ip-172-31-44-53 ~ % csrutil status
System Integrity Protection status: enabled.

ec2-user@ip-172-31-44-53 ~ % uname -a
Darwin ip-172-31-44-53.ec2.internal 22.3.0 Darwin Kernel Version 22.3.0: Mon Jan 30 20:39:35 PST 2023; root:xnu-8792.81.3~2/RELEASE_ARM64_T8103 arm64

ec2-user@ip-172-31-44-53 ~ % curl -LO https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.2-1.pkg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 5549k  100 5549k    0     0  71.4M      0 --:--:-- --:--:-- --:--:-- 75.2M
ec2-user@ip-172-31-44-53 ~ % launchctl setenv WAZUH_MANAGER "10.0.0.2"
Not privileged to set domain environment.
ec2-user@ip-172-31-44-53 ~ % installer -pkg wazuh-agent-4.4.2-1.pkg -target /
installer: This package requires Rosetta 2 to be installed.
                Please install Rosetta 2 and then try again.
                    `sudo softwareupdate --install-rosetta`

installer: Error - Wazuh Agent can’t be installed on this computer.
ec2-user@ip-172-31-44-53 ~ % sudo softwareupdate --install-rosetta
I have read and agree to the terms of the software license agreement. A list of Apple SLAs may be found here: http://www.apple.com/legal/sla/
Type A and press return to agree: A
2023-05-19 19:20:21.019 softwareupdate[774:7970] Package Authoring Error: 032-48321: Package reference com.apple.pkg.RosettaUpdateAuto is missing installKBytes attribute
Install of Rosetta 2 finished successfully
ec2-user@ip-172-31-44-53 ~ % installer -pkg wazuh-agent-4.4.2-1.pkg -target /





installer: Must be run as root to install this package.
ec2-user@ip-172-31-44-53 ~ % 
ec2-user@ip-172-31-44-53 ~ % 
ec2-user@ip-172-31-44-53 ~ % 
ec2-user@ip-172-31-44-53 ~ % 
ec2-user@ip-172-31-44-53 ~ % 
ec2-user@ip-172-31-44-53 ~ % sudo launchctl setenv WAZUH_MANAGER "10.0.0.2" && installer -pkg wazuh-agent-4.4.2-1.pkg -target /
ec2-user@ip-172-31-44-53 ~ % launchctl setenv WAZUH_MANAGER "10.0.0.2" && installer -pkg wazuh-agent-4.4.2-1.pkg -target /
Not privileged to set domain environment.
ec2-user@ip-172-31-44-53 ~ % sudo launchctl setenv WAZUH_MANAGER "10.0.0.2" && installer -pkg wazuh-agent-4.4.2-1.pkg -target /
installer: Must be run as root to install this package.
ec2-user@ip-172-31-44-53 ~ % sudo -s
root@ip-172-31-44-53 ~ # launchctl setenv WAZUH_MANAGER "10.0.0.2" && installer -pkg wazuh-agent-4.4.2-1.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.

Attempt 3: use macOS Ventura 13.4

It was found that there's an issue on launchctl getenv or lanchctl setenv with sudo. This affect not only the population of deployment options during installation commandline, but also inside installer internal scripts

Proposal

  • Research about launchctl getenv or lanchctl setenv usage motivation
  • Check if regular environment variables are capable of substituting current launchctl getenv or lanchctl setenv usage

@jnasselle jnasselle mentioned this issue May 19, 2023
Closed
@jnasselle
Copy link
Member

Update

Since launchctl getenv /launchctl setenv is used for setting installing deployment variables and also for communicating upgrade status, this issue will be splitted

  • Fix deployment variables mechanism @jnasselle
  • Improve restart procedure on upgrade scenarios @DFolchA

@DFolchA
Copy link
Contributor Author

DFolchA commented May 22, 2023
edited
Loading

Update

Investigate how to remove the lauchctl commands from pre and postinstall scripts while maintaining the functionality.

Tested adding the following key:

<key>com.apple.rootless.install</key>

In the SPEC file.

Also, investigate the usage of pre and post upgrade scripts.

@jnasselle
Copy link
Member

jnasselle commented May 22, 2023
edited
Loading

Update

Since launchctl getenv / launchctl setenv is not currently available to root user when SIP is enabled, we need to fix how Deployment variables are populated into installation scripts.
On the other hand, install command does not populate regular environment variables into those installation scripts, so solutions should also discard this too.

Possible solutions

Solution 1: Custom environment file with an aux script

Create and distribute an aux script that takes well-defined environment variables available here and create a file that inner installer scripts will use as environment variable files

Usage example

curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.2-1.pkg && curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/wazuh_macos_envs.sh && chmod +x ./wazuh_macos_envs.sh  && WAZUH_MANAGER="192.168.1.10" WAZUH_AGENT_GROUP 'default'  ./wazuh_macos_envs.sh && sudo installer -pkg ./wazuh-agent.pkg -target /

Steps:

  1. Download the Wazuh agent: curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.2-1.pkg
  2. Download the Wazuh macOS aux environment script curl -so wazuh_macos_envs.sh https://packages.wazuh.com/4.x/wazuh_macos_envs.sh
  3. Give execution privileges: chmod +x ./wazuh_macos_envs.sh
  4. Set environment variables and execute wazuh_macos_envs.sh, that will dump them to a env file:WAZUH_MANAGER="192.168.1.10" WAZUH_AGENT_GROUP 'default' ./wazuh_macos_envs.sh
  5. Install the Wazuh agent: sudo installer -pkg ./wazuh-agent.pkg -target /

At the end of step 4, a new file with a well-known path (this is absolutely necessary since step 5 will need to read it to populate the environments into ossec.conf) like /tmp/wazuh-env with the following content

WAZUH_MANAGER='192.168.1.10'
WAZUH_AGENT_GROUP 'default'

Step 5 will read and source /tmp/wazuh-env file and use those environments, cleaning up it after usage

NOTE: this file could also be created as root to avoid unprivileged access

Solution 2: Custom environment file with manually-created command line

This option is quite similar that the last one, creating a more unintuitive command line but without the needing of downloading a script

curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.2-1.pkg  && echo -e "WAZUH_MANAGER='192.168.1.10'\nWAZUH_AGENT_GROUP='default' > `/tmp/wazuh-env` && sudo installer -pkg ./wazuh-agent.pkg -target /

Steps:

  1. Download the Wazuh agent: curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.2-1.pkg
  2. Create a file that will contain environment variables: echo -e "WAZUH_MANAGER='192.168.1.10'\nWAZUH_AGENT_GROUP='default' > /tmp/wazuh-env`
  3. Install the Wazuh agent: sudo installer -pkg ./wazuh-agent.pkg -target /

At the end of step 2, a new file with a well-known path (this is absolutely necessary since step 3 will need to read it to populate the environments into ossec.conf) like /tmp/wazuh-env with the following content

WAZUH_MANAGER='192.168.1.10'
WAZUH_AGENT_GROUP 'default'

Step 3 will read and source /tmp/wazuh-env file and use those environments, cleaning up it after usage

NOTE: this file could also be created as root to avoid unprivileged access

@jnasselle
Copy link
Member

jnasselle commented May 22, 2023
edited
Loading

Update

After discussing this with the team, we agreed that use Solution 2

PR: wazuh/wazuh#17195
PR: #2213

Package: https://packages-dev.wazuh.com/trash/macos/wazuh-agent-4.4.3-0.deployvariables.pkg

Documentation issue: wazuh/wazuh-documentation#6123
Wazuh-app issue: wazuh/wazuh-dashboard-plugins#5466

TODO:

  • Figure out about macOS echo: default command does not allow escape characters (newline is needed) compared to BSD and GNU versions. builtin command allows to use of the needed version but not is capable of being run under sudo. This could affect the privacy of the temporary file used to populate the deployment options

@jnasselle jnasselle mentioned this issue May 23, 2023
Merged
28 tasks
@jnasselle jnasselle linked a pull request May 23, 2023 that will close this issue
Remove launchctl as deployment variables tool wazuh/wazuh#17195
Merged
28 tasks
@jnasselle jnasselle mentioned this issue May 23, 2023
Closed
30 tasks
@jnasselle jnasselle linked a pull request May 23, 2023 that will close this issue
Remove launchctl as deployment variables tool #17195 #2213
Closed
30 tasks
This was referenced May 23, 2023
Closed
Closed
@DFolchA
Copy link
Contributor Author

DFolchA commented May 23, 2023

Update

After talking with the team we decided to use temporal files remove the launchctl commands in the pre and post install scripts the fix has been implemented in this branch:
https://github.com/wazuh/wazuh-packages/tree/2205-remove-launchctl

Tests

Installation on macOS Ventura:

sh-3.2# installer -pkg wazuh-agent-4.4.3-2205.ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.

Upgrade in macOS Ventura:

sh-3.2# installer -pkg wazuh-agent-4.4.3-2205.ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.

@jnasselle
Copy link
Member

Update

A new approach/format was adopted for the development variables population using the temporary file.

&&-separated deployment variables look better and are still functional, while single quotes and double quotes usage was improved

Due to some optimizations in terms of usability and macOS availability of certain commands, the final specs about CLI installation command are

  • Creation of a temp file by echo command stdout redirection
    • Command: sudo echo
    • Flags: none
    • Args: &&-separated concatenation of list of KEY='VALUE', being KEY the available development variables and VALUE the one specified by the user
    • Output file: /tmp/wazuh_envs
    • Considerations:
      • Command won't be used if no deployment variable was set.
      • Command Args will be between double quotes, while each of the deployment variables values will be between single quotes
      • Deployment variable values need to be escaped if double quotes exist

Related Github actions were fixed in order to test the new deployment variables approach

@wazuh/frontend was updated and aware of this in the next comment wazuh/wazuh-dashboard-plugins#5466 (comment)
@wazuh/content was updated and aware of this the next issue description wazuh/wazuh-documentation#6123 (comment)

@wazuhci wazuhci moved this from In progress to Pending review in Release 4.4.3 May 23, 2023
@DFolchA
Copy link
Contributor Author

DFolchA commented May 24, 2023
edited
Loading

Update

Testing package with all the changes from these branches:

Package link: https://s3.us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/test/4.4/macos/wazuh-agent-4.4.3-2205.Ventura.pkg

macOS 10.15

Install without variables

sh-3.2# sudo installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.

Install with variables

sh-3.2# sudo echo "WAZUH_MANAGER='1.1.1.1' && WAZUH_MANAGER_PORT='7777' && WAZUH_PROTOCOL='udp' && WAZUH_REGISTRATION_SERVER='2.2.2.2' && WAZUH_REGISTRATION_PORT='8888' && WAZUH_REGISTRATION_PASSWORD='password' && WAZUH_KEEP_ALIVE_INTERVAL='10' && WAZUH_TIME_RECONNECT='10' && WAZUH_REGISTRATION_CA='/Library/Ossec/etc/testsslmanager.cert' && WAZUH_REGISTRATION_CERTIFICATE='/Library/Ossec/etc/testsslmanager.cert' && WAZUH_REGISTRATION_KEY='/Library/Ossec/etc/testsslmanager.key' && WAZUH_AGENT_NAME='test-agent' && WAZUH_AGENT_GROUP='test-group' && ENROLLMENT_DELAY='10'" > /tmp/wazuh_vars && sudo installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
sh-3.2# cat /Library/Ossec/etc/ossec.conf
<!--
  Wazuh - Agent - Default configuration for darwin 19
  More info at: https://documentation.wazuh.com
  Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->

<ossec_config>
  <client>
    <server>
      <address>1.1.1.1</address>
      <port>7777</port>
      <protocol>udp</protocol>
    </server>
    <config-profile>darwin, darwin19</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>10</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>
    <enrollment>
      <enabled>yes</enabled>
      <manager_address>2.2.2.2</manager_address>
      <port>8888</port>
      <agent_name>test-agent</agent_name>
      <groups>test-group</groups>
      <server_ca_path>/Library/Ossec/etc/testsslmanager.cert</server_ca_path>
      <agent_certificate_path>/Library/Ossec/etc/testsslmanager.cert</agent_certificate_path>
      <agent_key_path>/Library/Ossec/etc/testsslmanager.key</agent_key_path>
      <authorization_pass_path>etc/authd.pass</authorization_pass_path>
      <delay_after_enrollment>10</delay_after_enrollment>
    </enrollment>
  </client>

Upgrade with variables

sh-3.2# launchctl setenv WAZUH_MANAGER "192.168.56.184" && installer -pkg wazuh-agent-4.4.2-1.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
sh-3.2# /Library/Ossec/bin/wazuh-control start
Starting Wazuh v4.4.2...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
sh-3.2# /Library/Ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...
sh-3.2# shasum -a 256 /Library/Ossec/etc/ossec.conf
a43f3642defe1e2fbd8025cb30f72284f81a446918f9b83bb087666c48596808  /Library/Ossec/etc/ossec.conf
sh-3.2# echo "WAZUH_MANAGER='1.1.1.1'" > /tmp/wazuh_vars && installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.
sh-3.2# shasum -a 256 /Library/Ossec/etc/ossec.conf
a43f3642defe1e2fbd8025cb30f72284f81a446918f9b83bb087666c48596808  /Library/Ossec/etc/ossec.conf
sh-3.2# /Library/Ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...
sh-3.2# /Library/Ossec/bin/wazuh-control info
WAZUH_VERSION="v4.4.3"
WAZUH_REVISION="40409"
WAZUH_TYPE="agent"
sh-3.2#

Upgrade without variables

sh-3.2# installer -pkg wazuh-agent-4.4.2-1.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
sh-3.2# installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.

Uninstall

sh-3.2# /Library/Ossec/bin/wazuh-control stop
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.4.3 Stopped
sh-3.2# /bin/rm -r /Library/Ossec
sh-3.2# /bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -rf /Library/StartupItems/WAZUH
sh-3.2# /usr/bin/dscl . -delete "/Users/wazuh"
sh-3.2# /usr/bin/dscl . -delete "/Groups/wazuh"
sh-3.2# /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent
Forgot package 'com.wazuh.pkg.wazuh-agent' on '/'.

macOS 13.4

Install without variables

sh-3.2# sudo installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.

Install with variables

sh-3.2# sudo echo "WAZUH_MANAGER='1.1.1.1' && WAZUH_MANAGER_PORT='7777' && WAZUH_PROTOCOL='udp' && WAZUH_REGISTRATION_SERVER='2.2.2.2' && WAZUH_REGISTRATION_PORT='8888' && WAZUH_REGISTRATION_PASSWORD='password' && WAZUH_KEEP_ALIVE_INTERVAL='10' && WAZUH_TIME_RECONNECT='10' && WAZUH_REGISTRATION_CA='/Library/Ossec/etc/testsslmanager.cert' && WAZUH_REGISTRATION_CERTIFICATE='/Library/Ossec/etc/testsslmanager.cert' && WAZUH_REGISTRATION_KEY='/Library/Ossec/etc/testsslmanager.key' && WAZUH_AGENT_NAME='test-agent' && WAZUH_AGENT_GROUP='test-group' && ENROLLMENT_DELAY='10'" > /tmp/wazuh_vars && sudo installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
sh-3.2# cat /Library/Ossec/etc/ossec.conf
<!--
  Wazuh - Agent - Default configuration for darwin 22.5
  More info at: https://documentation.wazuh.com
  Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->

<ossec_config>
  <client>
    <server>
      <address>1.1.1.1</address>
      <port>7777</port>
      <protocol>udp</protocol>
    </server>
    <config-profile>darwin, darwin22, darwin22.5</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>10</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>
    <enrollment>
      <enabled>yes</enabled>
      <manager_address>2.2.2.2</manager_address>
      <port>8888</port>
      <agent_name>test-agent</agent_name>
      <groups>test-group</groups>
      <server_ca_path>/Library/Ossec/etc/testsslmanager.cert</server_ca_path>
      <agent_certificate_path>/Library/Ossec/etc/testsslmanager.cert</agent_certificate_path>
      <agent_key_path>/Library/Ossec/etc/testsslmanager.key</agent_key_path>
      <authorization_pass_path>etc/authd.pass</authorization_pass_path>
      <delay_after_enrollment>10</delay_after_enrollment>
    </enrollment>
  </client>

Upgrade with variables

sh-3.2# shasum -a 256 /Library/Ossec/etc/ossec.conf
24c613dd1ac63f6aaffca6dbdc4555b5be3133330758aaca300530fb3cb36441  /Library/Ossec/etc/ossec.conf
sh-3.2# echo "WAZUH_MANAGER='1.1.1.1'" > /tmp/wazuh_vars && installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.
sh-3.2# shasum -a 256 /Library/Ossec/etc/ossec.conf
24c613dd1ac63f6aaffca6dbdc4555b5be3133330758aaca300530fb3cb36441  /Library/Ossec/etc/ossec.conf

Upgrade without variables

sh-3.2# echo "WAZUH_MANAGER='1.1.1.1'" > /tmp/wazuh_vars && installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
sh-3.2# rm /tmp/wazuh_vars
sh-3.2# installer -pkg wazuh-agent-4.4.3-2205.Ventura.pkg -target /
installer: Package name is Wazuh Agent
installer: Upgrading at base path /
installer: The upgrade was successful.
sh-3.2#

Uninstall

sh-3.2# bash uninstall.sh 
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.4.3 Stopped
<main> delete status: eDSPermissionError
<dscl_cmd> DS Error: -14120 (eDSPermissionError)
Forgot package 'com.wazuh.pkg.wazuh-agent' on '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.

Wazuh agent correctly removed from the system.

@DFolchA DFolchA mentioned this issue May 24, 2023
Merged
This was linked to pull requests May 24, 2023
Replace launchctl variables from macOS installation scripts #2218
Merged
Update macOS deployment steps wazuh/wazuh-documentation#6125
Merged
@github-project-automation github-project-automation bot moved this from Pending review to Done in Release 4.4.3 May 24, 2023
@jnasselle jnasselle mentioned this issue May 24, 2023
Merged
6 tasks
@teddytpc1 teddytpc1 reopened this May 24, 2023
@wazuhci wazuhci moved this from Done to Backlog in Release 4.4.3 May 24, 2023
@wazuhci wazuhci moved this from Backlog to In final review in Release 4.4.3 May 24, 2023
@DFolchA DFolchA mentioned this issue May 24, 2023
Closed
@github-project-automation github-project-automation bot moved this from In final review to Done in Release 4.4.3 May 24, 2023
This was referenced Sep 12, 2023
Closed
Closed
@jnasselle jnasselle mentioned this issue Sep 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jnasselle jnasselle

@DFolchA DFolchA

Labels
component: agent/macos level/task Subtask issue type/bug Bug issue
Projects
No open projects
Release 4.4.3
Status: Done
Milestone
No milestone
3 participants
@jnasselle @DFolchA @teddytpc1