Problems with Wazuh Agent on Solaris 11.4 SRU41 on SAPRC

279 views
Skip to first unread message

Weis, Andreas

unread,
Feb 4, 2022, 3:09:20 AM2/4/22
to wa...@googlegroups.com

Hello Wazuh Community

 

We have a Test Installation with Agent v4.2.4 running on Solaris SPARC 11.4 SRU38. After Updating Solaris to SRU41 and XSCF to 3110. There came up some KERNEL Panics, which were followed up by a Hardware reboot.

 

We decided then to remove the wazuh Agent, und then with every uninstallaion inside a Zone and the Global Zone, the KERNEL Panic came up again.

 

Is there anybody having the same issues?

 

The Panic Message was the following:

 

panic[cpu35]/thread=6400b2bf4ec0: BAD TRAP: type=31 rp=2a10710a860 addr=0 mmu_fsr=0 occurred in module "unix" due to a NULL pointer dereference

 

wazuh-logcollect: trap type = 0x31

pid=1175, pc=0x1002a824, sp=0x2a10710a101, tstate=0x80001601, context=0xa7d

g1-g7: 2, 208d9878, 208d9800, ca, 8, a7d, 6400b2bf4ec0

 

Support tells us, that the cause  of the panic is clear. It looks like the current directory of this process is null.

 

Solaris Support also asked on which SRU the Binarys (especially v4.2.4) at the Webpage are builded. Could some answer this question?

 

Many thanks in Advance

Andy

Damian Nicastro

unread,
Feb 4, 2022, 11:46:10 AM2/4/22
to Wazuh mailing list
Hi @Aweis:
I hope you are fine.
Since we used a 3rd party cloud environment to build the Solaris SPARC packages, we don't have control SRU that our 3rd party use in the provided environments. 
You may try to get this info using:
 # pkg info -g /my/archive.p5p pkg_name
 # pkg info -g /my/archive.p5p pkg_name entire

Is it also possible to build your own Wazuh agent package in the current Solaris OS that you have following these instructions:
This might overcome this issue.

Finally, another option is to try with package 4.2.5 that probably used a newer version SRU to be built. But as I mentioned before, we don't have this information from the Cloud provider.

I hope this helps.
Thanks
Damian

Luis Fregoso

unread,
Sep 14, 2022, 9:55:23 AM9/14/22
to Wazuh mailing list
is there a way to forcefully remove the agent from the OS? We cannot follow uninstall procedure since hat involves stopping the agent and leads to the kernel panic. Any attempt to upgrade/uninstall and even restarting the process crashes the OS> Same solaris release and agent release as noted above too.

Is there a documented way to remove this agent when traditional uninstall isn't viable option?

John Soliani

unread,
Oct 12, 2022, 11:09:56 AM10/12/22
to Wazuh mailing list

Hello Luis,

Firstly, I would ask Oracle for the patch that solves this problem, that would be the best approach.
Secondly, If no luck with Oracle support, try this: mkdir -p /backup/bin; mv -f /var/ossec/bin/* /backup/bin and then, restart the system, the service should fail to start, then proceed to remove the wazuh-agent package.

Let us know if this helped!
John.-

Reply all
Reply to author
Forward
0 new messages