Problem installing wazuh-agent

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
thomas789
Messages: 95
Registration: May 31, 2021 - 3:44 p.m.

July 22, 2021 - 4:36 PM

Hello, I'm having trouble installing the Wazuh agent correctly on Windows machines. Could you please confirm that the script is correct for installing it via PowerShell with the following properties:

Code: Select all

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

properties = {
    'WAZUH_MANAGER':'************',
    'WAZUH_REGISTRATION_SERVER':'**************',
    'WAZUH_AGENT_GROUP':'Windows'
    }

def install():
    #print('Installation de l\'agent Wazuh')
    install_msi_if_needed('wazuh-agent.msi',properties = properties)
    run(r'net stop wazuh')
    run(r'net start wazuh')
I deliberately hid my server properties information ;).

For your information, the command, required by the publisher, and which is functional, is as follows:

Code: Select all

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.5-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='************' WAZUH_REGISTRATION_SERVER='**************' WAZUH_AGENT_GROUP='Windows'
But I don't know how to translate it for a package.

(Windows workstation agents in version 2.0.0 / WAPT Enterprise version on Debian Buster server / admin console on Windows 10)

Thank you in advance, best regards.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 22, 2021 - 6:03 PM

Good evening,
If the publisher "requires" an Invoke-WebRequest without fingerprint or signature validation, I would say that we should question the product itself, especially since it seems to be a security product...

The best thing to do is put the MSI file in the package; at least that guarantees safe transport...

It is not mandatory to use install_msi_if_needed, you can launch a run() with the parameters, it will launch everything as in a cmd.exe.

Code: Select all

run("wazuh-agent.msi /q WAZUH_MANAGER='************' WAZUH_REGISTRATION_SERVER='**************' WAZUH_AGENT_GROUP='Windows' ")
Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
thomas789
Messages: 95
Registration: May 31, 2021 - 3:44 p.m.

July 26, 2021 - 10:20

Hello, thank you for your feedback. I was able to test the command. Both methods (using WAPT:install or running the command as administrator via PowerShell directly on the machine) successfully install the agent and its configuration. However, with the WAPT:install method, the machine shows a "never connected" status on the central console, while with PowerShell administrator privileges, it works correctly. Is there a difference between these two methods that could be causing the agent's status? Sincerely.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 27, 2021 - 09:29

Hello,

there's no fundamental difference between launching via WAPT:install in PyScripter and launching from the command line. The problem might be that the installer is launching the service as a child of itself (i.e., with `run` as the ParentID, and not as a service). At the end of the installation, WAPT cleans up programs launched through `def install()` to avoid leaving zombie processes behind. If the wazuh installer is poorly developed and behaves this way, then you should restart the wazuh service after installation.

However, there is a difference when you install it through the WAPT service, which runs in the LocalSystem account.

Sincerely,

Denis Cardon
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
thomas789
Messages: 95
Registration: May 31, 2021 - 3:44 p.m.

July 27, 2021 - 10:46

Hello, this isn't working. I'll try with a PowerShell script using:

`run('powershell.exe -NoProfile -NonInteractive -File script.ps1')`

where my script.ps1 file contains:

`wazuh-agent.msi /q WAZUH_MANAGER=******** WAZUH_REGISTRATION_SERVER=******** WAZUH_AGENT_GROUP=Windows`

and is located in the package root directory, but it's showing an error… Regards.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 27, 2021 - 6:24 PM

It's possible to install without registering, and register afterward. Could you try this method instead: https://documentation.wazuh.com/current ... ter-agents
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
thomas789
Messages: 95
Registration: May 31, 2021 - 3:44 p.m.

August 3, 2021 - 11:43

Hello, thank you for your feedback. I was able to find the solution by specifying the TCP protocol in the properties (because it was creating the configuration using the UDP protocol):

properties = {
'WAZUH_MANAGER':'************',
'WAZUH_REGISTRATION_SERVER':'***********',
'WAZUH_AGENT_GROUP':'Windows',
'WAZUH_PROTOCOL':'TCP'
}

However, it requests a restart of the WAZUH service. So I run:

`run(r'net stop wazuh')`
`run(r'net start wazuh')`.

But it reports an error during package installation because I'm requesting a stop of the WAZUH service on the machine, but on some machines, the service is already stopped. Is it possible to check the service before using the conditional statement (if) to stop the service?

Sincerely.
High
thomas789
Messages: 95
Registration: May 31, 2021 - 3:44 p.m.

August 4, 2021 - 2:31 PM

Up :D !
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT