wazuh-packages
wazuh-packages copied to clipboard
Published
20 hours ago •
wazuh
wazuh
Issue with ossec group in reinstall Wazuh agent 4.3.4 in Solaris 11 SPARC
I found a possible problem when trying to reinstall the agent on a Solaris 11 Sparc system, this occurs after having the agent installed, uninstalling it and reinstalling it without removing the wazuh group:
steps to replay it:
- install Wazuh agent (https://packages-dev.wazuh.com/pre-release/solaris/sparc/11/wazuh-agent_v4.3.4-sol11-sparc.p5p)
root@sossp109:~# pkg install -g wazuh-agent_v4.3.4-sol11-sparc.p5p wazuh-agent
Packages to install: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 92/92 5.6/5.6 32.2M/s
PHASE ITEMS
Installing new actions 144/144
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 2/2
- Validate users and groups:
root@sossp109:~# cat /etc/passwd | grep wazuh
wazuh:x:7:13:& User:/:
root@sossp109:~# cat /etc/passwd | grep ossec
root@sossp109:~# cat /etc/group | grep wazuh
wazuh::13:
root@sossp109:~# cat /etc/group | grep ossec
- Uninstall Wazuh agent:
root@sossp109:~# /var/ossec/bin/wazuh-control stop
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.3.4 Stopped
root@sossp109:~# pkg uninstall wazuh-agent
Packages to remove: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
PHASE ITEMS
Removing old actions 187/187
Updating package state database Done
Updating package cache 1/1
Updating image state Done
Creating fast lookup database Done
Updating package cache 2/2
The following unexpected or editable files and directories were
salvaged while executing the requested package operation; they
have been moved to the displayed location in the image:
ar/ossec/ruleset/sca -> /var/pkg/lost+found/var/ossec/ruleset/sca-20220607T120221Z
- Validate users and groups after uninstall:
root@sossp109:~# cat /etc/passwd | grep wazuh
root@sossp109:~# cat /etc/passwd | grep ossec
root@sossp109:~# cat /etc/group | grep ossec
root@sossp109:~# cat /etc/group | grep wazuh
wazuh::13:
- Reinstall without delete group wazuh:
root@sossp109:~# pkg install -g wazuh-agent_v4.3.4-sol11-sparc.p5p wazuh-agent
Packages to install: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 92/92 5.6/5.6 32.8M/s
PHASE ITEMS
Installing new actions 1/144Action install failed for 'wazuh' (pkg://wazuh/wazuh-agent):
KeyError: 'gid'
The Boot Environment solaris failed to be updated. A snapshot was taken before the failed attempt and is mounted here /tmp/tmp6sodbp. Use 'beadm unmount solaris-1' and then 'beadm activate solaris-1' if you wish to boot to this BE.
pkg: An unexpected error happened during install: 'gid'
Traceback (most recent call last):
File "/usr/bin/pkg", line 6254, in handle_errors
__ret = func(*args, **kwargs)
File "/usr/bin/pkg", line 6240, in main_func
pargs=pargs, **opts)
File "/usr/bin/pkg", line 1985, in install
update_index=update_index)
File "/usr/bin/pkg", line 1758, in __api_op
ret_code = __api_execute_plan(_op, _api_inst)
File "/usr/bin/pkg", line 1326, in __api_execute_plan
api_inst.execute_plan()
File "/usr/lib/python2.7/vendor-packages/pkg/client/api.py", line 2816, in execute_plan
self._img.imageplan.execute()
File "/usr/lib/python2.7/vendor-packages/pkg/client/imageplan.py", line 4593, in execute
p.execute_install(src, dest)
File "/usr/lib/python2.7/vendor-packages/pkg/client/pkgplan.py", line 563, in execute_install
dest.install(self, src)
File "/usr/lib/python2.7/vendor-packages/pkg/actions/group.py", line 80, in install
if (cur_attrs["gid"] != self.attrs["gid"]):
KeyError: 'gid'
pkg: This is an internal error in pkg(5) version a1fb8dcc1a5e. Please log a
Service Request about this issue including the information above and this
message.
- After delete group wazuh:
root@sossp109:~# groupdel wazuh
root@sossp109:~# pkg install -g wazuh-agent_v4.3.4-sol11-sparc.p5p wazuh-agent
Packages to install: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 92/92 5.6/5.6 0B/s
PHASE ITEMS
Installing new actions 1/144Action install failed for 'ossec' (pkg://wazuh/wazuh-agent):
KeyError: 'gid'
The Boot Environment solaris failed to be updated. A snapshot was taken before the failed attempt and is mounted here /tmp/tmpfd7VnD. Use 'beadm unmount solaris-2' and then 'beadm activate solaris-2' if you wish to boot to this BE.
pkg: An unexpected error happened during install: 'gid'
Traceback (most recent call last):
File "/usr/bin/pkg", line 6254, in handle_errors
__ret = func(*args, **kwargs)
File "/usr/bin/pkg", line 6240, in main_func
pargs=pargs, **opts)
File "/usr/bin/pkg", line 1985, in install
update_index=update_index)
File "/usr/bin/pkg", line 1758, in __api_op
ret_code = __api_execute_plan(_op, _api_inst)
File "/usr/bin/pkg", line 1326, in __api_execute_plan
api_inst.execute_plan()
File "/usr/lib/python2.7/vendor-packages/pkg/client/api.py", line 2816, in execute_plan
self._img.imageplan.execute()
File "/usr/lib/python2.7/vendor-packages/pkg/client/imageplan.py", line 4593, in execute
p.execute_install(src, dest)
File "/usr/lib/python2.7/vendor-packages/pkg/client/pkgplan.py", line 563, in execute_install
dest.install(self, src)
File "/usr/lib/python2.7/vendor-packages/pkg/actions/group.py", line 80, in install
if (cur_attrs["gid"] != self.attrs["gid"]):
KeyError: 'gid'
pkg: This is an internal error in pkg(5) version a1fb8dcc1a5e. Please log a
Service Request about this issue including the information above and this
message.
- We can see that group ossec is created:
root@sossp109:~# cat /etc/group | grep ossec
ossec::11:
- After delete wazuh group the reinstallation was succeded:
root@sossp109:~# groupdel ossec
root@sossp109:~# pkg install -g wazuh-agent_v4.3.4-sol11-sparc.p5p wazuh-agent
Packages to install: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 92/92 5.6/5.6 0B/s
PHASE ITEMS
Installing new actions 144/144
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 2/2
I repeated the tests again but this time eliminating the wazuh group before trying the reinstall and there the reinstallation worked correctly, that is, in the reinstall process if the wazuh group exists it generates the ossec group
