Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

Problem installing wazuh-agent

https://forum.tranquil.it/viewtopic.php?t=2799

Page 1 of 1

Problem installing wazuh-agent

Published: July 22, 2021 - 4:36 PM
by thomas789
Hello, I'm having trouble installing the Wazuh agent correctly on Windows machines. Could you please confirm that the script is correct for installing it via PowerShell with the following properties:

Code: Select all

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

properties = {
    'WAZUH_MANAGER':'************',
    'WAZUH_REGISTRATION_SERVER':'**************',
    'WAZUH_AGENT_GROUP':'Windows'
    }

def install():
    #print('Installation de l\'agent Wazuh')
    install_msi_if_needed('wazuh-agent.msi',properties = properties)
    run(r'net stop wazuh')
    run(r'net start wazuh')
I deliberately hid my server properties information ;).

For your information, the command, required by the publisher, and which is functional, is as follows:

Code: Select all

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.5-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='************' WAZUH_REGISTRATION_SERVER='**************' WAZUH_AGENT_GROUP='Windows'
But I don't know how to translate it for a package.

(Windows workstation agents in version 2.0.0 / WAPT Enterprise version on Debian Buster server / admin console on Windows 10)

Thank you in advance, best regards.

Re: Problem installing wazuh-agent

Published: July 22, 2021 - 6:03 PM
by dcardon
Good evening,
If the publisher "requires" an Invoke-WebRequest without fingerprint or signature validation, I would say that we should question the product itself, especially since it seems to be a security product...

The best thing to do is put the MSI file in the package; at least that guarantees safe transport...

It is not mandatory to use install_msi_if_needed, you can launch a run() with the parameters, it will launch everything as in a cmd.exe.

Code: Select all

run("wazuh-agent.msi /q WAZUH_MANAGER='************' WAZUH_REGISTRATION_SERVER='**************' WAZUH_AGENT_GROUP='Windows' ")
Sincerely,

Denis

Re: Problem installing wazuh-agent

Published: July 26, 2021 - 10:20 AM
by thomas789
Hello, thank you for your feedback. I was able to test the command. Both methods (using WAPT:install or running the command as administrator via PowerShell directly on the machine) successfully install the agent and its configuration. However, with the WAPT:install method, the machine shows a "never connected" status on the central console, while with PowerShell administrator privileges, it works correctly. Is there a difference between these two methods that could be causing the agent's status? Sincerely.

Re: Problem installing wazuh-agent

Published: July 27, 2021 - 09:29
by dcardon
Hello,

there's no fundamental difference between launching via WAPT:install in PyScripter and launching from the command line. The problem might be that the installer is launching the service as a child of itself (i.e., with `run` as the ParentID, and not as a service). At the end of the installation, WAPT cleans up programs launched through `def install()` to avoid leaving zombie processes behind. If the wazuh installer is poorly developed and behaves this way, then you should restart the wazuh service after installation.

However, there is a difference when you install it through the WAPT service, which runs in the LocalSystem account.

Sincerely,

Denis Cardon

Re: Problem installing wazuh-agent

Published: July 27, 2021 - 10:46 AM
by thomas789
Hello, this isn't working. I'll try with a PowerShell script using:

`run('powershell.exe -NoProfile -NonInteractive -File script.ps1')`

where my script.ps1 file contains:

`wazuh-agent.msi /q WAZUH_MANAGER=******** WAZUH_REGISTRATION_SERVER=******** WAZUH_AGENT_GROUP=Windows`

and is located in the package root directory, but it's showing an error… Regards.

Re: Problem installing wazuh-agent

Published: July 27, 2021 - 6:24 PM
by dcardon
It's possible to install without registering, and register afterward. Could you try this method instead: https://documentation.wazuh.com/current ... ter-agents

Re: Problem installing wazuh-agent

Published: August 3, 2021 - 11:43
by thomas789
Hello, thank you for your feedback. I was able to find the solution by specifying the TCP protocol in the properties (because it was creating the configuration using the UDP protocol):

properties = {
'WAZUH_MANAGER':'************',
'WAZUH_REGISTRATION_SERVER':'***********',
'WAZUH_AGENT_GROUP':'Windows',
'WAZUH_PROTOCOL':'TCP'
}

However, it requests a restart of the WAZUH service. So I run:

`run(r'net stop wazuh')`
`run(r'net start wazuh')`.

But it reports an error during package installation because I'm requesting a stop of the WAZUH service on the machine, but on some machines, the service is already stopped. Is it possible to check the service before using the conditional statement (if) to stop the service?

Sincerely.

Re: Problem installing wazuh-agent

Published: August 4, 2021 - 2:31 PM
by thomas789
Up :D !
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru