Can't install Wazuh agents in OpenBSD platforms

[Carlos Lopez]

Hi all,

 When you try to install Wazuh's agent in an OpenBSD host (latest
release 6.4, with unveil support enabled), the following errors appears:

libwazuhext.so: warning: strcpy() is almost always misused, please use
strlcpy()
libwazuh.a(agent_op.o): In function `w_remove_multigroup':
agent_op.c:(.text+0x102f): warning: sprintf() is often misused, please
use snprintf()
libwazuhext.so: warning: strcat() is almost always misused, please use
strlcat()
    CC syscheckd/win_whodata.o
    CC syscheckd/run_realtime.o
    CC syscheckd/win-registry.o
    CC syscheckd/syscheck_audit.o
    CC syscheckd/run_check.o
    CC syscheckd/seechanges.o
    CC syscheckd/config.o
    CC syscheckd/syscheck.o
    CC syscheckd/syscom.o
    CC syscheckd/create_db.o
    CC rootcheck/check_rc_trojans.o
    CC rootcheck/check_rc_pids.o
    CC rootcheck/check_rc_policy.o
    CC rootcheck/run_rk_check.o
    CC rootcheck/check_rc_sys.o
    CC rootcheck/check_rc_dev.o
    CC rootcheck/check_rc_readproc.o
    CC rootcheck/win-common.o
    CC rootcheck/os_string.o
    CC rootcheck/check_open_ports.o
    CC rootcheck/check_rc_if.o
In file included from rootcheck/check_rc_if.c:27:
In file included from rootcheck/rootcheck.h:13:
./headers/list_op.h:32:5: error: unknown type name 'pthread_rwlock_t'
    pthread_rwlock_t wr_mutex;
    ^
./headers/list_op.h:33:5: error: unknown type name 'pthread_mutex_t'
    pthread_mutex_t mutex;
    ^
2 errors generated.
gmake[1]: *** [Makefile:1157: rootcheck/check_rc_if.o] Error 1
gmake[1]: Leaving directory '/tmp/gg/wazuh-3.7.0/src'
gmake: *** [Makefile:559: agent] Error 2

 Error 0x5.
 Building error. Unable to finish the installation.

 Installed packages in this system:

curl-7.61.1         get files from FTP, Gopher, HTTP or HTTPS servers
gettext-0.19.8.1p1  GNU gettext runtime libraries and programs
gmake-4.2.1         GNU make
intel-firmware-20180807p0v0 microcode update binaries for Intel CPUs
libiconv-1.14p3     character set conversion library
nghttp2-1.33.0      library for HTTP/2
quirks-3.16         exceptions to pkg_add rules
rsync-3.1.3         mirroring/synchronization over low bandwidth links

 During the compilation phase several source packages are downloaded
which could be installed from the official OpenBSD repositories such as
libyaml. On the other hand other packages that already exist in the
system as zlib are downloaded or others like curl already installed but
wazuh's installer forces to download. Maybe it could be a good idea to
install all dependencies via "pkg_add -av".

 On the other side, it could be a not good idea to use OpenSSL in BSD
systems (FreeBSD and OpenBSD mainly) and use LibreSSL instead. The error
I'm reporting is most likely caused by the use of OpenSSL libraries.

 I have several OpenBSD and FreeBSD hosts if you want me to do
installation tests.


--
Regards,
C.L. Martinez

[Victor Fernandez]

Hi Carlos,

Thanks for reporting this issue. I have tried to compile Wazuh 3.7.0 (latest version) on OpenBSD 6.4 and got these issues:

• The CURL library won't compile due to flag "-ldl". This library is not available on this platform.
• Pthreads' types like pthread_rwlock_t were unknown. I only had to add "#include <pthread.h>" in the shared headers.
• At this point, Wazuh got compiled, but it did not run. OpenBSD was ignoring the "$ORIGIN" expansion in the runpath.

I managed to fix these issues in the branch 3.7.0-fix-openbsd (0b62fcc). Please give a try with this branch:

wget https://github.com/wazuh/wazuh/archive/3.7.0-fix-openbsd.zip
unzip 3.7.0-fix-openbsd.zip
wazuh-3.7.0-fix-openbsd/install.sh

Please let me know if this works for you, then we will check that this change does not impact other platforms and will merge it in our development branch.

Thank you again.

Best regards,

Victor M Fernandez-Castro 
IT Engineer — Wazuh, Inc.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CWLP265MB15716CB63A6DC97E3A467A4EDBD60%40CWLP265MB1571.GBRP265.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

[R0me0 Must Die]

Hello,

Same error with wazuh-sources 3.8.2. I'm gonna to try this fix ( OpenBSD 6.4 )

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

[R0me0 Must Die]

I can confirm, the bellow fix compiled fine:

https://github.com/wazuh/wazuh/archive/3.7.0-fix-openbsd.zip

Will be nice has it on 3.8.2

Thanks in advance.

[Braulio Vargas]

Hi all,

Sorry for the inconvenience. We've created a pull request (#3105) to add the fix from 3.7.0-fix-openbsd (0b62fcc) to Wazuh 3.9.0 version. 

Thank you for your feedback.

Best regards,

Braulio.

[R0me0 ***]

I must thank you!

You guys r0x!

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CWLP265MB15716CB63A6DC97E3A467A4EDBD60%40CWLP265MB1571.GBRP265.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/946ed9c1-76e7-4260-98f6-52fb8c7ad754%40googlegroups.com.