Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows agent enrollment configuration block overindented #15324

Closed
Rebits opened this issue Nov 8, 2022 · 1 comment · Fixed by #16720
Closed

Windows agent enrollment configuration block overindented #15324

Rebits opened this issue Nov 8, 2022 · 1 comment · Fixed by #16720
Assignees
@davidcr01
Labels
level/task reporter/qa QA Team: Reporting possible bug type/enhancement New feature or request

Comments

@Rebits
Copy link
Member

Rebits commented Nov 8, 2022

Wazuh version Component Install type Install method Platform
4.4.0-0 Install Agent Packages Windows Server 2016

Description

Using deployment variables in Windows agent installation, the enrollment configuration block provisioned is over-indented.

Steps to reproduce

  • Download the Wazuh Windows agent package
  • Install Windows agent using enrollment deployment variables, for example: ./wazuh-agent-4.3.9-1.msi /q WAZUH_REGISTRATION_SERVER="10.0.0.2"
  • Check enrollment configuration
    <enrollment>
      	<enabled>yes</enabled>
        <manager_address>10.0.0.2</manager_address>
    </enrollment>

Expected

    <enrollment>
      <enabled>yes</enabled>
      <manager_address>10.0.0.2</manager_address>
    </enrollment>
@Rebits Rebits added the reporter/qa QA Team: Reporting possible bug label Nov 8, 2022
@Rebits Rebits mentioned this issue Nov 8, 2022
Closed
6 tasks
@jmv74211 jmv74211 added the type/enhancement New feature or request label Nov 9, 2022
@snaow snaow added this to the Release 4.5.0 milestone Nov 16, 2022
@snaow snaow removed this from the Release 4.5.0 milestone Dec 21, 2022
@davidcr01 davidcr01 self-assigned this Apr 14, 2023
@davidcr01
Copy link
Contributor

davidcr01 commented Apr 14, 2023
edited

Update Report

Analysis

It seems that the problem is in the src/win32/InstallerScripts.vbs file, in the following lines:

wazuh/src/win32/InstallerScripts.vbs

Lines 155 to 202 in 48e49b1

If WAZUH_REGISTRATION_SERVER <> "" or WAZUH_REGISTRATION_PORT <> "" or WAZUH_REGISTRATION_PASSWORD <> "" or WAZUH_REGISTRATION_CA <> "" or WAZUH_REGISTRATION_CERTIFICATE <> "" or WAZUH_REGISTRATION_KEY <> "" or WAZUH_AGENT_NAME <> "" or WAZUH_AGENT_GROUP <> "" or ENROLLMENT_DELAY <> "" Then
enrollment_list = " <enrollment>" & vbCrLf
enrollment_list = enrollment_list & " <enabled>yes</enabled>" & vbCrLf
enrollment_list = enrollment_list & " </enrollment>" & vbCrLf
enrollment_list = enrollment_list & " </client>" & vbCrLf
strText = Replace(strText, " </client>", enrollment_list)
If WAZUH_REGISTRATION_SERVER <> "" Then
strText = Replace(strText, " </enrollment>", " <manager_address>" & WAZUH_REGISTRATION_SERVER & "</manager_address>"& vbCrLf &" </enrollment>")
End If
If WAZUH_REGISTRATION_PORT <> "" Then
strText = Replace(strText, " </enrollment>", " <port>" & WAZUH_REGISTRATION_PORT & "</port>"& vbCrLf &" </enrollment>")
End If
If WAZUH_REGISTRATION_PASSWORD <> "" Then
Set objFile = objFSO.CreateTextFile(home_dir & "authd.pass", ForWriting)
objFile.WriteLine WAZUH_REGISTRATION_PASSWORD
objFile.Close
strText = Replace(strText, " </enrollment>", " <authorization_pass_path>authd.pass</authorization_pass_path>"& vbCrLf &" </enrollment>")
End If
If WAZUH_REGISTRATION_CA <> "" Then
strText = Replace(strText, " </enrollment>", " <server_ca_path>" & WAZUH_REGISTRATION_CA & "</server_ca_path>"& vbCrLf &" </enrollment>")
End If
If WAZUH_REGISTRATION_CERTIFICATE <> "" Then
strText = Replace(strText, " </enrollment>", " <agent_certificate_path>" & WAZUH_REGISTRATION_CERTIFICATE & "</agent_certificate_path>"& vbCrLf &" </enrollment>")
End If
If WAZUH_REGISTRATION_KEY <> "" Then
strText = Replace(strText, " </enrollment>", " <agent_key_path>" & WAZUH_REGISTRATION_KEY & "</agent_key_path>"& vbCrLf &" </enrollment>")
End If
If WAZUH_AGENT_NAME <> "" Then
strText = Replace(strText, " </enrollment>", " <agent_name>" & WAZUH_AGENT_NAME & "</agent_name>"& vbCrLf &" </enrollment>")
End If
If WAZUH_AGENT_GROUP <> "" Then
strText = Replace(strText, " </enrollment>", " <groups>" & WAZUH_AGENT_GROUP & "</groups>"& vbCrLf &" </enrollment>")
End If
If ENROLLMENT_DELAY <> "" Then
strText = Replace(strText, " </enrollment>", " <delay_after_enrollment>" & ENROLLMENT_DELAY & "</delay_after_enrollment>"& vbCrLf &" </enrollment>")
End If
End If

It can be observed that the enrollment tag contains 4 spaces of separator, whereas the contained subtags contain 8 spaces (should be 4+2 spaces)

"    <enrollment>" 
"....<>"
"        <enabled>yes</enabled>"
"        <manager_address>"
"........<>"

Development

To fix this, the solution is just to remove two spaces of the enrollment subtags (manager_address, port, authorization_pass_path, server_ca_path, agent_certificate_path, agent_key_path, agent_name, groups, delay_after_enrollment)

To check this, it's necessary to create a Windows package and check if the Windows agent enrollment configuration is not overidented.

To proceed, I followed the documentation steps: https://documentation.wazuh.com/current/development/packaging/generate-windows-package.html

After pushing the changes, I generated the compiled Windows agent with the following command:

sudo ./generate_compiled_windows_agent.sh -b 15324-windows-agent-enrollment-configuration-block-overindented -s /tmp -r myrevision

And copied it to the Windows system, in the same path where the generate_wazuh_msi.ps1 script is located (wazuh-packages/windows).

I generated the .msi file with the command ./generate_wazuh_msi.ps1 -OPTIONAL_REVISION my.revision -SIGN no -WIX_TOOLS_PATH C:\WiX_Toolset_v3.11\bin

⚠️ Note: make sure the binaries of the Wix Toolset are located in a path without spaces.

Finally, by running the Powershell with Administrator permissions, I executed the ./wazuh-agent-4.5.0-my.revision.msi /q WAZUH_REGISTRATION_SERVER="10.0.0.2" command.

✔️ With this, it is confirmed that the enrollment block configuration is not overindented anymore:

image

@davidcr01 davidcr01 mentioned this issue Apr 14, 2023
Merged
@davidcr01 davidcr01 linked a pull request Apr 17, 2023 that will close this issue
Fixed overindented enrollment configuration of the Windows agent #16720
Merged
@davidcr01 davidcr01 mentioned this issue Apr 17, 2023
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidcr01 davidcr01

Labels
level/task reporter/qa QA Team: Reporting possible bug type/enhancement New feature or request
Projects
No open projects
Release 4.6.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed overindented enrollment configuration of the Windows agent wazuh/wazuh
5 participants
@snaow @Rebits @jmv74211 @teddytpc1 @davidcr01