wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Wazuh Agent for Arch Linux from Wazuh Dashboard - Deploy new agent feature

Open D3vil0p3r opened this issue 1 year ago • 11 comments

Currently Wazuh Dashboard offers the feature to deploy the agent for a specific OS (like Debian, Alpine) directly from its UI by "Deploy new agent" feature.

In Arch Linux currently the installation of the agent can occur only by building from source code. Is it possible to have a new feature to deploy a new agent directly on the UI for Arch Linux environments?

D3vil0p3r avatar Oct 01 '23 13:10 D3vil0p3r

Hello @D3vil0p3r

As you said, the UI offers a "deploy new agent" section, which is an interactive helper that provides a command to install and deploy a wazuh-agent with the requested parameters (operative system, architecture, agent name and group, etc). This section does not deploy the agent, only provides a one-line command for it. This method relies on the existence of packages for the agent, so, it only covers most common cases.

As there are no wazuh-agent packages for Arch Linux, this operative system cannot be added to this component, as the installation process is completely different (building from sources). For those cases, the full step-by-step method is provided in our documentation site.

AlexRuiz7 avatar Oct 02 '23 12:10 AlexRuiz7

@AlexRuiz7 thank you for the answer.

For Arch envs, could it be a good idea to create a .pkg.tar.zst file from a PKGBUILD containing the rules dictated in ./install.sh? In this manner, on the WebUI, it could be possible to implement a Deploy new agent for Arch Linux that downloads this .pkg.tar.zst file and the user needs only to run sudo pacman -U <filename-4.5.2-agent.pkg.tar.zst>?

D3vil0p3r avatar Oct 02 '23 13:10 D3vil0p3r

@D3vil0p3r are you referring to a local environment or to a new product feature?

If I understood correctly, a script containing all the commands required to clone, build and deploy an agent for Arch Linux could be feasible, but definitely not what we want in terms of usability. We would provide packages for Arch Linux instead, as for the rest of operative systems. To be honest, I don't know why there are no packages for this operative system, but there must be a good reason for it. I'll contact my mates at @wazuh/core to find some answers.

AlexRuiz7 avatar Oct 02 '23 14:10 AlexRuiz7

@AlexRuiz7 I would define it a new feature. By the way, what I meant is what you wish. The final step that I forgot to add is to have a Arch package maintained in AUR (Arch User Repository) or one of the official Arch repositories, and in Wazuh webUI, when a user clicks Deploy new agent and click on Arch Linux, a command to be run appears that is like sudo pacman -S wazuh-agent.

Deploying an Arch package to AUR is easy. The main constraint is to write a PKGBUILD that follows the compilation rules that are in install.sh. But if it is done by a person that knows well the install.sh content, also writing the PKGBUILD that will create the package could be easy.

D3vil0p3r avatar Oct 02 '23 17:10 D3vil0p3r

@D3vil0p3r

After chatting about the matter with other developers, it looks like we actually have the tools to generate packages for Arch Linux thanks to a community contribution, but as the support for this operative system was never on the roadmap it simply got forgotten / abandoned.

That being said, not supporting such an important OS as Arch Linux when we even have the tools and the capacity to do so lacks any sense. I'll try to personally push this matter.

AlexRuiz7 avatar Oct 04 '23 16:10 AlexRuiz7

Thank you very much @AlexRuiz7 . Note also that, if the package will be uploaded to AUR repository, it can be maintained by any person in the Arch community. For example, if for several months the package is not updated because of the current maintainer disappeared, anyone of us can ask to set the package as "orphan" and, if confirmed as "orphan", a new Arch user can own and keep updated the package. So it never will become forgotten ^^

If you need anything for this, let me know. Im available

D3vil0p3r avatar Oct 04 '23 16:10 D3vil0p3r

Hello @AlexRuiz7 do you have any news about the topic? I was seeing that you have already the PKGBUILD for the package of Wazuh agent ^^. Is it a working PKGBUILD?

D3vil0p3r avatar Nov 12 '23 20:11 D3vil0p3r

the current install method seems to be problematic, without a way to update automatically.

Arbel-arad avatar Nov 12 '23 21:11 Arbel-arad

the current install method seems to be problematic, without a way to update automatically.

Do you mean to update automatically the version of PKGBUILD?

D3vil0p3r avatar Nov 12 '23 21:11 D3vil0p3r

the current install method seems to be problematic, without a way to update automatically.

Do you mean to update automatically the version of PKGBUILD?

i mean that users would have to manually pull a new PKGBUILD and build it, instead of using their package manager. (or make a pacman hook for it?) either way it's not good to have out of date security software.

Arbel-arad avatar Nov 13 '23 06:11 Arbel-arad

Cannot be store and maintained by AUR? So the user can install it by yay, paru and similar without pulling the PKGBUILD?

D3vil0p3r avatar Nov 13 '23 08:11 D3vil0p3r