wazuh-docker icon indicating copy to clipboard operation
wazuh-docker copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Wazuh Docker and multiple groups for Agents - Permission denied.

Open cb3inco opened this issue 2 years ago • 4 comments

Hi, I am running a single node setup via docker - version 4.3.9. I am trying to utilize multiple groups to manage agents. I can create the groups ok, and add the agents ok, however I was running into a problem of not being able to push any configurations through to agents via the agents.conf file. If the agent is in a single group and has a configuration in agent.conf it will synchronize correctly. Once I add it to another group, synchronization breaks and I see errors in /var/ossec/var/log/ossec.log with the following errors.

2022/11/16 02:48:03 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13) 2022/11/16 02:48:13 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13) 2022/11/16 02:48:23 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13) 2022/11/16 02:48:33 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13) 2022/11/16 02:48:43 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13) 2022/11/16 02:48:53 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13) 2022/11/16 02:49:03 wazuh-remoted: ERROR: Cannot create multigroup directory 'var/multigroups/37fa7edf': Permission denied (13)

I've tried to create these folders manually with the ownership of root:wazuh, but it doesn't seem to resolve the Permissions denied issue.

I've been discussing this issue on the Google Groups if you want more detail. https://groups.google.com/g/wazuh/c/XJsiocLWPcg/m/8Agxr4U3AAAJ

Is this a known issue - I tried to search for other issues here, but don't see anyone with a similar issue, so I'm wondering if it's specific to my install?

cb3inco avatar Nov 16 '22 03:11 cb3inco

I do see this issue was resolved in K8s? https://github.com/wazuh/wazuh-kubernetes/pull/275

cb3inco avatar Nov 16 '22 09:11 cb3inco

Hello @cb3inco, We have detected the problem and we will be working on its resolution as soon as possible. So you don't have to wait for the change, what you can do to solve your issue would be to rebuild the docker images on your local with the following addition to the wazuh-manager Dockerfile (build-docker-images/wazuh-manager/Dockerfile):

After this command:

RUN chmod 755 /permanent_data.sh && \
    sync && /permanent_data.sh && \
    sync && rm /permanent_data.sh

Add the following command:

RUN mkdir -p /var/ossec/var/multigroups && \
    chown root:wazuh /var/ossec/var/multigroups && \
    chmod 770 /var/ossec/var/multigroups

Por ultimo ejecuta el siguiente comando para regenerar las imagenes:

build-docker-images/build-images.sh

With this you will solve the permission problems that are generated erroneously persistently. Later we will use this same issue for the definitive fix of the bug.

fcaffieri avatar Nov 24 '22 20:11 fcaffieri

Hi @fcaffieri,

Thank you for providing a manual fix ! This issue is however still problematic almost a year later, as I spent the last 4+ hours trying to understand why my agent.conf was not updating ^^'

If you don't mind I could attempt a pull request to solve the issue in about a week, as I now understand the root cause.

Tlafay1 avatar Sep 07 '23 14:09 Tlafay1

Until this goes thru the easiest but "ugliest" way to fix is to do that manually directly in the container filesystem

docker exec -it {containername} bash

mkdir -p /var/ossec/var/multigroups && \
chown root:wazuh /var/ossec/var/multigroups && \
chmod 770 /var/ossec/var/multigroups

This only works until a docker-compose down/up is done.

Kind regards Falk

falkowich avatar Oct 22 '23 11:10 falkowich