Wazuh agent 4.2.4 fails under FreeBSD 13
202 views
Skip to first unread message
Carlos Lopez
Oct 21, 2021, 5:54:44 AM10/21/21
to wa...@googlegroups.com
Hi all,
Compiling wazuh agent 4.2.4 under FreeBSD 13, agent fails at startup:
2021/10/21 09:52:28 wazuh-execd: INFO: Started (pid: 14009).
2021/10/21 09:52:29 wazuh-agentd: INFO: (1410): Reading authentication keys file.
2021/10/21 09:52:29 wazuh-agentd: INFO: Using notify time: 60 and max time to reconnect: 120
2021/10/21 09:52:29 wazuh-agentd: INFO: Version detected -> FreeBSD |client10 |13.0-RELEASE-p4 |FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC 2021 ro...@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC |amd64 [FreeBSD|freebsd: 13.0-RELEASE-p4] - Wazuh v4.2.4
2021/10/21 09:52:29 wazuh-agentd: INFO: Started (pid: 14019).
2021/10/21 09:52:29 wazuh-agentd: INFO: Server IP Address: 172.22.59.4
2021/10/21 09:52:29 wazuh-agentd: INFO: Server IP Address: 172.22.55.1
2021/10/21 09:52:29 wazuh-agentd: INFO: Using AES as encryption method.
2021/10/21 09:52:29 wazuh-agentd: INFO: Trying to connect to server (172.22.59.4:1575/tcp).
2021/10/21 09:52:29 wazuh-agentd: INFO: (4102): Connected to the server (172.22.59.4:1575/tcp).
2021/10/21 09:52:29 wazuh-agentd: ERROR: (1207): Syscheck remote configuration in 'etc/shared/agent.conf' is corrupted.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.cmd'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.cmd'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-wazuh.exe'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:30 wazuh-syscheckd: INFO: (6678): No directory provided for syscheck to monitor.
2021/10/21 09:52:30 wazuh-syscheckd: INFO: (6001): File integrity monitoring disabled.
2021/10/21 09:52:30 rootcheck: INFO: Rootcheck disabled.
2021/10/21 09:52:31 wazuh-logcollector: INFO: (1905): No file configured to monitor.
2021/10/21 09:52:31 wazuh-logcollector: INFO: Started (pid: 14039).
2021/10/21 09:52:32 wazuh-modulesd: INFO: Started (pid: 14049).
2021/10/21 09:52:32 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started.
Using shared configuration.
Best regards,
C. L. Martinez
Compiling wazuh agent 4.2.4 under FreeBSD 13, agent fails at startup:
2021/10/21 09:52:28 wazuh-execd: INFO: Started (pid: 14009).
2021/10/21 09:52:29 wazuh-agentd: INFO: (1410): Reading authentication keys file.
2021/10/21 09:52:29 wazuh-agentd: INFO: Using notify time: 60 and max time to reconnect: 120
2021/10/21 09:52:29 wazuh-agentd: INFO: Version detected -> FreeBSD |client10 |13.0-RELEASE-p4 |FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC 2021 ro...@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC |amd64 [FreeBSD|freebsd: 13.0-RELEASE-p4] - Wazuh v4.2.4
2021/10/21 09:52:29 wazuh-agentd: INFO: Started (pid: 14019).
2021/10/21 09:52:29 wazuh-agentd: INFO: Server IP Address: 172.22.59.4
2021/10/21 09:52:29 wazuh-agentd: INFO: Server IP Address: 172.22.55.1
2021/10/21 09:52:29 wazuh-agentd: INFO: Using AES as encryption method.
2021/10/21 09:52:29 wazuh-agentd: INFO: Trying to connect to server (172.22.59.4:1575/tcp).
2021/10/21 09:52:29 wazuh-agentd: INFO: (4102): Connected to the server (172.22.59.4:1575/tcp).
2021/10/21 09:52:29 wazuh-agentd: ERROR: (1207): Syscheck remote configuration in 'etc/shared/agent.conf' is corrupted.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.cmd'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-ossec.cmd'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/restart-wazuh.exe'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:29 wazuh-execd: INFO: Active response command not present: 'active-response/bin/pf.sh'. Not using it on this system.
2021/10/21 09:52:30 wazuh-syscheckd: INFO: (6678): No directory provided for syscheck to monitor.
2021/10/21 09:52:30 wazuh-syscheckd: INFO: (6001): File integrity monitoring disabled.
2021/10/21 09:52:30 rootcheck: INFO: Rootcheck disabled.
2021/10/21 09:52:31 wazuh-logcollector: INFO: (1905): No file configured to monitor.
2021/10/21 09:52:31 wazuh-logcollector: INFO: Started (pid: 14039).
2021/10/21 09:52:32 wazuh-modulesd: INFO: Started (pid: 14049).
2021/10/21 09:52:32 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started.
Using shared configuration.
Best regards,
C. L. Martinez
Jose Antonio Muñoz Herrera
Oct 21, 2021, 12:12:56 PM10/21/21
to Wazuh mailing list
Hello Carlos Lopez, it looks like there is some problem with your shared conf. Could you please post here your whole shared configuration (agent.conf)? Also, please share the output of the following command (the binary is located under /var/ossec/bin/):
./verify-agent-conf -f /var/ossec/etc/shared/agent.conf
I'll wait for your reply!
Carlos Lopez
Oct 22, 2021, 2:29:37 AM10/22/21
to Jose Antonio Muñoz Herrera, wa...@googlegroups.com
Good morning Jose Antonio,
Here it is the info:
root@wazuh-master:~# verify-agent-conf /var/ossec/etc/shared/fbsd/agent.conf
root@wazuh-master:~#
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
wazuh+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/wazuh/bad0660c-3615-4cf5-b0b2-b7d29d5e0693n%40googlegroups.com.
Jose Antonio Muñoz Herrera
Oct 22, 2021, 4:27:04 AM10/22/21
to Wazuh mailing list
Hello Carlos Lopez, in your agent.conf the two configuration lines regarding syscheck directories monitoring have a syntax error in the check_all attribute. You need to add the closing quotes like this check_all="yes". In your current configuration you have it like this: check_all="yes. Please apply that change and save the file, then execute again the same command I told you about before.
Remember that if the agent.conf is inside any folder under /var/ossec/etc/shared, you can execute the command without the -f option, like this verify-agent-conf /var/ossec/etc/shared/fbsd/agent.conf. On the other hand, if it's located directly under /var/ossec/etc/shared/ you must add -f parameter before the path, like this verify-agent-conf -f /var/ossec/etc/shared/fbsd/agent.conf.
If everything goes well, restart the manager and then check if the agent starts correctly now. I hope this helps!
Carlos Lopez
Oct 23, 2021, 7:58:19 AM10/23/21
to Jose Antonio Muñoz Herrera, Wazuh mailing list
Yep … You are rigth Jose Antonio … problem was with closing quotes … Now it is working …
Many thanks for your help.
To view this discussion on the web visit
https://groups.google.com/d/msgid/wazuh/bf2571da-44f5-46de-ae6a-23eed7a99106n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages