Ubuntu Agent can't installed - user ossece
246 views
Skip to first unread message
Taglar Nirvana (Taglar)
Jan 2, 2024, 7:22:41 AM1/2/24
to Wazuh | Mailing List
Hello everyone,
first of all sorry for my bad English, I use deepl.
first of all sorry for my bad English, I use deepl.
I am using Ubuntu and wanted to install the agent:
wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.7.1-1_amd64.deb && sudo WAZUH_MANAGER='anonymouse.net' WAZUH_AGENT_NAME='DediServer' dpkg -i ./wazuh-agent_4.7.1-1_amd64.deb
The installation did not work with the deb or rpm package.
The installation did not work with the deb or rpm package.
I then get messages like
:rpm: RPM should not be used to install RPM packages directly, use Alien instead!
rpm: Assuming you know what you are doing...
warning: wazuh-agent-4.7.1-1.x86_64.rpm: Header V3 RSA/SHA256 signature, key ID 29111145: NOKEY
Error: Failed dependencies:
/bin/sh is required by wazuh-agent-4.7.1-1.x86_64
/usr/sbin/groupadd is required by wazuh-agent-4.7.1-1.x86_64
/usr/sbin/groupdel is required for wazuh-agent-4.7.1-1.x86_64
/usr/sbin/useradd is required for wazuh-agent-4.7.1-1.x86_64
/usr/sbin/userdel is required for wazuh-agent-4.7.1-1.x86_64
coreutils is required for wazuh-agent-4.7.1-1.x86_64
The problem was in the post-installation script /var/lib/dpkg/info/wazuh-agent.postinst
if getent group ossec > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true
if getent passwd ossec > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true
deluser ossec > /dev/null 2>&1
fi
if getent passwd ossecm > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user ossecm -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true
deluser ossecm > /dev/null 2>&1
fi
if getent passwd ossecr > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user ossecr -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true
deluser ossecr > /dev/null 2>&1
fi
if getent group ossec > /dev/null 2>&1; then
delgroup ossec > /dev/null 2>&1
fi
fi
:rpm: RPM should not be used to install RPM packages directly, use Alien instead!
rpm: Assuming you know what you are doing...
warning: wazuh-agent-4.7.1-1.x86_64.rpm: Header V3 RSA/SHA256 signature, key ID 29111145: NOKEY
Error: Failed dependencies:
/bin/sh is required by wazuh-agent-4.7.1-1.x86_64
/usr/sbin/groupadd is required by wazuh-agent-4.7.1-1.x86_64
/usr/sbin/groupdel is required for wazuh-agent-4.7.1-1.x86_64
/usr/sbin/useradd is required for wazuh-agent-4.7.1-1.x86_64
/usr/sbin/userdel is required for wazuh-agent-4.7.1-1.x86_64
coreutils is required for wazuh-agent-4.7.1-1.x86_64
The problem was in the post-installation script /var/lib/dpkg/info/wazuh-agent.postinst
if getent group ossec > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true
if getent passwd ossec > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true
deluser ossec > /dev/null 2>&1
fi
if getent passwd ossecm > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user ossecm -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true
deluser ossecm > /dev/null 2>&1
fi
if getent passwd ossecr > /dev/null 2>&1; then
find ${DIR}/ -group ossec -user ossecr -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true
deluser ossecr > /dev/null 2>&1
fi
if getent group ossec > /dev/null 2>&1; then
delgroup ossec > /dev/null 2>&1
fi
fi
With the command grep ossec /etc/group i see, that there is a 'e' at the end (ossece)
ossec:x:994:ossece
ossec:x:994:ossece
After deluser ossece and delgroup ossec and add modify "ossece" in the post install script, all works fine.
Regards,
Jürgen
Lucio Donda
Jan 2, 2024, 9:51:27 AM1/2/24
to Wazuh | Mailing List
Hi Jürgen, sorry for the late response!
I've checked the script you posted and is working fine on an ubuntu 22.
Indeed that ossec with an E at the end looks weird. Can you use aptitude as the package manager? in that case you could follow this guide -> https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html#deploy-a-wazuh-agent
Another thing to try is the step by step (without the && in a single line command) and also setting manually the name and the manager's IP, with that we may check each command for a possible error.
Let me know!
I've checked the script you posted and is working fine on an ubuntu 22.
Indeed that ossec with an E at the end looks weird. Can you use aptitude as the package manager? in that case you could follow this guide -> https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html#deploy-a-wazuh-agent
Another thing to try is the step by step (without the && in a single line command) and also setting manually the name and the manager's IP, with that we may check each command for a possible error.
Let me know!
Taglar Nirvana (Taglar)
Jan 2, 2024, 11:31:42 AM1/2/24
to Wazuh | Mailing List
Hi Lucio,
on this machine i don't like install aptitude but i if i use a other machine with ubunti i will give it a try.
With the was i have discribed, it work for me.
Thx,
Jürgen
Lucio Donda
Jan 2, 2024, 1:02:30 PM1/2/24
to Wazuh | Mailing List
I understand,
Either way if you try to do it again do check step bys step fro error messages.
And if the behavior repeats do please share with us some more details of the OS.
Thank!
Either way if you try to do it again do check step bys step fro error messages.
And if the behavior repeats do please share with us some more details of the OS.
Thank!
Reply all
Reply to author
Forward
0 new messages