Improve WPKs

[TomasTurina]

Description

As part of this epic, it is mandatory to reduce WPK packages' logic, especially the backup/rollback process (which will now rely on the package itself).

The resulting WPK package should only contain the package to be installed (to update the agent according to the OS and architecture) and an update script that will execute the package update. After the upgrade is completed the script should validate whether the process finished successfully or not and notify the agent.

Functional requirements

• When receiving a WPK package from the manager, the agent will decompress it, validate it, and execute the upgrade script.
• The upgrade script will execute the package update and validate the result. All remaining tasks performed by the script will be removed.
• After the package installation, the script will write the upgrade_result file with 0 or 2 depending on the upgrade result.
• The agent will validate and report the upgrade result to the manager.

Non-functional requirements

• Remote updates through sources won't be allowed.
• The WPK should only contain the package (RPM/DEB/MSI/PKG) and the upgrade script.
• All backup/rollback mechanisms and verifications related to the installation will rely on the package. The update script will not perform any of these validations.
• All issues related to the installation of the package itself (including the backup/rollback mechanism) will be reported to be fixed as part of the Wazuh package improvements.

Implementation restrictions

• The result of this epic should be a simpler WPK upgrade process aimed at reducing points of failure.
• Since the package will include the logic removed from the WPK, from now on all WPK files should contain a package to install instead of the source code.
• WPK user experience will remain unchanged: documentation, binaries, and API endpoints remain the same. There's only one change users will notice: the endpoint package manager will correctly report the Wazuh agent version after the remote upgrade.

Plan

Plan for simplifying WPK upgrade process:

1. Analysis and planning:

• Review existing WPK packages to identify areas for simplification, with a focus on backup/rollback processes.
• Plan adjustments to ensure the WPK upgrade procedure is streamlined.

2. Simplify package structure (dependency task):

• Modify WPK package structure to include only the package (RPM/DEB/MSI/PKG) and the existing upgrade script.
• Shift responsibilities for backup/rollback procedures to the package itself.
• Confirm completion of this task before proceeding. (Note: Steps 3, 4, and 5 depend on the successful completion of this task.)

3. Adapt existing upgrade script and agent integration:

• Adapt the script to focus solely on package update and result validation, in line with the new WPK structure.
• Update the agent to handle the new WPK structure and execute the adapted upgrade script.
• Ensure the agent validates the upgrade result and reports it to the manager.

4. Documentation update:

• Revise documentation to reflect changes in the WPK upgrade process.
• Emphasize that the existing upgrade script is being adapted to meet new requirements.

5. Testing:

Test scenarios should include:

• Successful upgrade: Simulate a standard upgrade with a valid WPK package (via API / interface), ensuring the agent installs the package, runs the adapted script, and reports the result accurately.
• Invalid WPK handling: Test how the system handles an invalid or corrupt WPK package, ensuring it provides meaningful error messages and avoids attempting an update.
• Upgrade result validation: Verify that the agent correctly validates the reported result from the upgrade script, covering both successful and failed update scenarios.
• Concurrent upgrades: Test the system's ability to handle multiple simultaneous upgrade requests, ensuring each upgrade is isolated, and results are accurately reported.
• Error handling: Introduce intentional errors during the upgrade process (e.g., connectivity issues) and confirm the system handles errors gracefully with meaningful messages.
• Agent version reporting: Verify the manager receives accurate information about the Wazuh agent version after remote upgrades, aligning with communicated changes.
• Cross-platform compatibility: Test the adapted upgrade script and WPK structure changes on different operating systems to ensure compatibility.
• User notification: Test the system's ability to notify users about the upgrade status, especially in cases of unsuccessful upgrades.

Requirements traceability matrix (RTM)

Type	Responsible(s)	Description	Plan Part
Functional	Project Team	Identify simplification opportunities and plan for a streamlined upgrade of WPK packages.	1. Analysis and planning
Functional	Development Team	Modify WPK structure to include only the package and script. Shift backup/rollback responsibilities to the package. Confirm completion before proceeding.	2. Simplify package structure
Non-Functional	Development Team	Ensure remote updates through sources are not allowed. Enforce implementation restrictions, ensuring WPK files contain only the necessary package and script.	2. Simplify package structure
Functional	Development Team	Adapt script for package update and result validation. Update agent to handle the new WPK structure. Ensure the agent validates the upgrade result and reports it to the manager.	3. Adapt upgrade script and agent integration
Non-Functional	Development Team	Implement the WPK upgrade process in a way that reduces points of failure.	3. Adapt upgrade script and agent integration
Functional	Documentation Team	Revise documentation reflecting WPK upgrade changes. Emphasize script adaptation for new requirements.	4. Documentation update
Functional	Quality Assurance Team	Test scenarios: Successful upgrade, Invalid WPK handling, Result validation, Concurrent upgrades, Error handling, Agent version reporting, Cross-platform compatibility.	5. Testing
Non-Functional	Project Team	Maintain the WPK user experience unchanged throughout the upgrade process.	5. Testing

Tasks

• Investigate about different package managers #22520
• Allow downgrades using RPM and DEB packages and adapt WPK script #22522
• Adapt WPK script for Windows and MacOS #22669
• Identify and fix points of failure of RPM, DEB and APK packages #22670
• Identify and fix points of failure of Windows and MacOS packages #22671
• Update WPK generation scripts for all missing architectures #22400
• Define new WPK paths and modify the manager upgrade module to pull new WPK packages #22672
• Create GitHub workflows to generate WPK files with new structure #22673

Approved by

• @vikman90
• @havidarou

[havidarou]

@TomasTurina the plan should be expanded to better accommodate a development process.

[TomasTurina]

@havidarou I've just updated it. Please let me know what you think.

[davidjiglesias]

As reviewed with @havidarou, we approve the design but we shall divide the current testing proposal into a unit/smoke testing to be done by the WPK developers and deployability system tests to be performed by QA.

[jr0me]

Update

The current approach to remote upgrades involves installing Wazuh from sources, which overwrites an existing installation and leads to discrepancies if the original was installed using a package manager.

To achieve this, the WPK features a script that backs up the current version before upgrading. This script also ensures that the new version connects to the Wazuh manager; if the upgrade fails, it reverts to the previous version by restoring the backup.

The script, not utilizing package management, replicates certain package logic, particularly in creating or altering file ownership, reinstating the SELinux policy, and managing the agent service's stoppage and restart.

Automatic rollbacks

Although package systems such as RPM, DEB, and PKG allow for the inclusion of arbitrary shell scripts during the installation and uninstallation processes, adhering to standard package management practices and guidelines is strongly recommended. Consequently, it is advised not to attempt rolling back an installed or upgraded package to its previous version based solely on post-installation performance outcomes, such as the ability to connect to the Wazuh manager.

Possible WPK improvements

RPM, DEB

By utilizing standard package management features, it's possible to simplify the WPK upgrade script significantly for RPM and DEB packages, retaining only the functionality to verify the agent's connection to the manager after an upgrade and the rollback in case of error. The streamlined process would involve:

1. Initiate the upgrade using package management (e.g., rpm -Uvh wazuh-agent-4.7.2-x86_64.rpm). If this step fails, proceeds to step 3.
2. Test the agent's connection. If successful, the process concludes.
3. If necessary, revert to the previous version using package management (e.g., rpm -Uvh --oldpackage wazuh-agent-4.0.4-x86_64.rpm).

Note: It is not possible to achieve this with PKG packages on OSX since they don't have run uninstall scripts when the package is being upgraded or downgraded.

MSI

Our MSI relies heavily on many CustomActions which require their own specific RollbackCustomActions to be able to perform automatic rollbacks. Since no such rollback actions are currently in place, we should first implement these, and then assess if WPK improvements can be made.

• Windows Installer Best Practices
• Using Custom Actions
• Rollback Custom Actions
• Installation Phases and In-Script Execution Options for Custom Actions in Windows Installer
  

PKG

As there are no [pre|post][uninstall|upgrade] scripts in PKG packages, we cannot downgrade installations by means of a package install. Moreover, a recommended best practice is to include an uninstall script, which we currently do not provide. A necessary first step would be to provide such uninstall script, and let the WPK levarage it if necessary.

• Managed Installs
• macOS Application Packaging Best Practices
• The Commandments of Packaging in OSX
• Packaging guidelines for MacOs

[TomasTurina]

Update

For this stage, we decided to do the following:

• Remove the rollback mechanism from all WPK upgrade scripts.
• Improve the packages installation phase. Identify possible points of failure and fix them.
• Ensure that all official packages have a WPK to offer (currently supported).

Second stage

• Repeat this for all OSs (RPM, DEB, APK, PKG and MSI) and all architectures (x86, amd64, arm32, aarch64 and powerpc) currently unsupported.

Third stage:

• Improve the efficiency of the process, following the good practices described here.

cc @jr0me @vikman90

[TomasTurina]

Subtasks for stage 1

• Investigate about different package managers #22520
• Allow downgrades using RPM and DEB packages and adapt WPK script #22522
• Adapt WPK script for Windows and MacOS #22669
• Identify and fix points of failure of RPM, DEB and APK packages #22670
• Identify and fix points of failure of Windows and MacOS packages #22671
• Update WPK generation scripts for all missing architectures #22400
• Define new WPK paths and modify the manager upgrade module to pull new WPK packages #22672
• Create GitHub workflows to generate WPK files with new structure #22673

Working branches

• https://github.com/wazuh/wazuh/tree/21152-improve-wpks
• https://github.com/wazuh/wazuh-packages/tree/21152-improve-wpks

[sdvendramini]

Test: upgrade wazuh-agent using WPK on ubuntu 🟢

Agent

• Deployed in docker with ubuntu:latest

os-release

cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

• Old version: 4.6.0

/var/ossec/bin/wazuh-control info 
WAZUH_VERSION="v4.6.0"
WAZUH_REVISION="40603"
WAZUH_TYPE="agent"

• New version: 4.9.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=all&
pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: 
Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=tru
e")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1981      0 --:--:-- --:--:-- --:--:--  1980
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   284  100   284    0     0   6108      0 --:--:-- --:--:-- --:--:--  6173
{
  "data": {
    "affected_items": [
      {
        "agent": "007",
        "task_id": 26
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=007" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2004      0 --:--:-- --:--:-- --:--:--  2010
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0  11134      0 --:--:-- --:--:-- --:--:-- 11235
{
  "data": {
    "affected_items": [
      {
        "command": "upgrade",
        "agent_id": "007",
        "status": "In progress",
        "module": "upgrade_module",
        "task_id": 26,
        "last_update_time": "2024-04-25T19:53:28Z",
        "create_time": "2024-04-25T19:53:28Z",
        "node": "node01"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=007" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1912      0 --:--:-- --:--:-- --:--:--  1922
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   375  100   375    0     0   5748      0 --:--:-- --:--:-- --:--:--  5769
{
  "data": {
    "affected_items": [
      {
        "command": "upgrade",
        "agent_id": "007",
        "status": "Done",
        "module": "upgrade_module",
        "task_id": 26,
        "last_update_time": "2024-04-25T19:54:25Z",
        "create_time": "2024-04-25T19:53:28Z",
        "node": "node01"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=007" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "http
s://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1902      0 --:--:-- --:--:-- --:--:--  1904
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0  10290      0 --:--:-- --:--:-- --:--:-- 10324
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "007",
        "task_id": 26,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updated",
        "create_time": "2024-04-25T16:53:28Z",
        "update_time": "2024-04-25T16:54:25Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

nticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1926      0 --:--:-- --:--:-- --:--:--  1932
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   786  100   786    0     0  18197      0 --:--:-- --:--:-- --:--:-- 18279
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-25T19:51:40+00:00"
        },
        "version": "4.6.0-1",
        "priority": "extra",
        "name": "wazuh-agent",
        "section": "admin",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "size": 30074,
        "install_time": " ",
        "source": " ",
        "format": "deb",
        "location": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "architecture": "amd64",
        "agent_id": "007"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/syscollector/007/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1891      0 --:--:-- --:--:-- --:--:--  1895
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   786  100   786    0     0  22768      0 --:--:-- --:--:-- --:--:-- 23117
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-25T20:04:44+00:00"
        },
        "version": "4.9.0-1",
        "priority": "extra",
        "name": "wazuh-agent",
        "section": "admin",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "size": 37133,
        "install_time": " ",
        "source": " ",
        "format": "deb",
        "location": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "architecture": "amd64",
        "agent_id": "007"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

After

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=007" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1904      0 --:--:-- --:--:-- --:--:--  1913
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   884  100   884    0     0  24217      0 --:--:-- --:--:-- --:--:-- 24555
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Jammy Jellyfish",
          "major": "22",
          "minor": "04",
          "name": "Ubuntu",
          "platform": "ubuntu",
          "uname": "Linux |57a4f2a2ccb9 |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "22.04.4 LTS"
        },
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "version": "Wazuh v4.9.0",
        "group": [
          "default"
        ],
        "name": "buildkitsandbox",
        "registerIP": "any",
        "status_code": 0,
        "dateAdd": "2024-04-25T19:49:34+00:00",
        "lastKeepAlive": "2024-04-25T20:39:09+00:00",
        "ip": "172.17.0.2",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status": "active",
        "manager": "jellyfish",
        "id": "007",
        "node_name": "node01",
        "group_config_status": "synced"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[jr0me]

Test: upgrade wazuh-agent using WPK on Windows 11 🟢

Agent

• Deployed in a Windows 11 vagrant box

msinfo32

OS Name = Microsoft Windows 11 Enterprise
Version = 10.0.22621 Build 22621
System Type = x64-based PC
System Model = VirtualBox

• Old version

WAZUH_VERSION="v4.7.3"
WAZUH_REVISION="40714"
WAZUH_TYPE="agent"

• New version

WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

root@manager:~# curl -k -X PUT "https://192.168.1.30:55000/agents/upgrade?agents_list=all&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2674      0 --:--:-- --:--:-- --:--:--  2689
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   284  100   284    0     0   9642      0 --:--:-- --:--:-- --:--:--  9793
{
  "data": {
    "affected_items": [
      {
        "agent": "008",
        "task_id": 58
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/tasks/status?agents_list=008" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2513      0 --:--:-- --:--:-- --:--:--  2503
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0  15345      0 --:--:-- --:--:-- --:--:-- 15916
{
  "data": {
    "affected_items": [
      {
        "node": "node01",
        "task_id": 58,
        "command": "upgrade",
        "module": "upgrade_module",
        "create_time": "2024-04-25T21:35:03Z",
        "last_update_time": "2024-04-25T21:35:03Z",
        "agent_id": "008",
        "status": "In progress"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/tasks/status?agents_list=008" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2382      0 --:--:-- --:--:-- --:--:--  2383
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   375  100   375    0     0  16867      0 --:--:-- --:--:-- --:--:-- 17045
{
  "data": {
    "affected_items": [
      {
        "node": "node01",
        "task_id": 58,
        "command": "upgrade",
        "module": "upgrade_module",
        "create_time": "2024-04-25T21:35:03Z",
        "last_update_time": "2024-04-25T21:36:25Z",
        "agent_id": "008",
        "status": "Done"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/agents/upgrade_result?agents_list=008" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2631      0 --:--:-- --:--:-- --:--:--  2635
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0  14412      0 --:--:-- --:--:-- --:--:-- 14692
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "008",
        "task_id": 58,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updated",
        "create_time": "2024-04-25T21:35:03Z",
        "update_time": "2024-04-25T21:36:25Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/syscollector/008/packages?name=Wazuh+Agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2584      0 --:--:-- --:--:-- --:--:--  2601
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   507  100   507    0     0  18725      0 --:--:-- --:--:-- --:--:-- 18777
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-25T21:28:53+00:00"
        },
        "architecture": "i686",
        "vendor": "Wazuh, Inc.",
        "install_time": "2024-04-25T21:27:20+00:00",
        "priority": " ",
        "format": "win",
        "size": 0,
        "name": "Wazuh Agent",
        "location": " ",
        "section": " ",
        "version": "4.7.3",
        "source": " ",
        "description": " ",
        "agent_id": "008"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/syscollector/008/packages?name=Wazuh+Agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2433      0 --:--:-- --:--:-- --:--:--  2426
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   507  100   507    0     0  18131      0 --:--:-- --:--:-- --:--:-- 18777
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-25T21:35:59+00:00"
        },
        "architecture": "i686",
        "vendor": "Wazuh, Inc.",
        "install_time": "2024-04-25T21:35:54+00:00",
        "priority": " ",
        "format": "win",
        "size": 0,
        "name": "Wazuh Agent",
        "location": " ",
        "section": " ",
        "version": "4.9.0",
        "source": " ",
        "description": " ",
        "agent_id": "008"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

After

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/agents?agents_list=008" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2543      0 --:--:-- --:--:-- --:--:--  2551
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   829  100   829    0     0  31997      0 --:--:-- --:--:-- --:--:-- 33160
{
  "data": {
    "affected_items": [
      {
        "os": {
          "build": "22621.2428",
          "major": "10",
          "minor": "0",
          "name": "Microsoft Windows 11 Enterprise Evaluation",
          "platform": "windows",
          "uname": "Microsoft Windows 11 Enterprise Evaluation",
          "version": "10.0.22621.2428"
        },
        "group_config_status": "synced",
        "lastKeepAlive": "2024-04-25T21:38:24+00:00",
        "name": "DESKTOP-I6GG9NG",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "manager": "manager",
        "group": [
          "default"
        ],
        "id": "008",
        "dateAdd": "2024-04-25T21:28:10+00:00",
        "version": "Wazuh v4.9.0",
        "status": "active",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status_code": 0,
        "node_name": "node01",
        "ip": "192.168.1.35",
        "registerIP": "any"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[sdvendramini]

Test: upgrade wazuh-agent using WPK on centos 🟢

Agent

• Deployed in docker with centos:latest

os-release

cat /etc/os-release 
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"

• Old version: 4.7.3

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.3"
WAZUH_REVISION="40714"
WAZUH_TYPE="agent"

• New version: 4.9.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=014&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/d
eps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1681      0 --:--:-- --:--:-- --:--:--  1686
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   284  100   284    0     0   5673      0 --:--:-- --:--:-- --:--:--  5795
{
  "data": {
    "affected_items": [
      {
        "agent": "014",
        "task_id": 28
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1824      0 --:--:-- --:--:-- --:--:--  1834
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0   8015      0 --:--:-- --:--:-- --:--:--  8127
{
  "data": {
    "affected_items": [
      {
        "command": "upgrade",
        "agent_id": "014",
        "status": "In progress",
        "module": "upgrade_module",
        "task_id": 28,
        "last_update_time": "2024-04-26T14:53:33Z",
        "create_time": "2024-04-26T14:53:33Z",
        "node": "node01"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1803      0 --:--:-- --:--:-- --:--:--  1809
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   375  100   375    0     0  10711      0 --:--:-- --:--:-- --:--:-- 11029
{
  "data": {
    "affected_items": [
      {
        "command": "upgrade",
        "agent_id": "014",
        "status": "Done",
        "module": "upgrade_module",
        "task_id": 28,
        "last_update_time": "2024-04-26T14:59:50Z",
        "create_time": "2024-04-26T14:53:33Z",
        "node": "node01"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "httPs://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1708      0 --:--:-- --:--:-- --:--:--  1715
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0   9920      0 --:--:-- --:--:-- --:--:-- 10052
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "014",
        "task_id": 28,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updated",
        "create_time": "2024-04-26T11:53:33Z",
        "update_time": "2024-04-26T11:59:50Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

curl -k -X GET "https://192.168.56.9:55000/syscollector/014/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1736      0 --:--:-- --:--:-- --:--:--  1730
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   816  100   816    0     0  19797      0 --:--:-- --:--:-- --:--:-- 19902
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-26T14:49:00+00:00"
        },
        "version": "4.7.3-1",
        "priority": " ",
        "name": "wazuh-agent",
        "section": "System Environment/Daemons",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "size": 27008957,
        "install_time": "1714142487",
        "source": " ",
        "format": "rpm",
        "location": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "architecture": "x86_64",
        "agent_id": "014"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/syscollector/014/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1783      0 --:--:-- --:--:-- --:--:--  1784
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   816  100   816    0     0  25763      0 --:--:-- --:--:-- --:--:-- 26322
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-26T14:59:23+00:00"
        },
        "version": "4.9.0-1",
        "priority": " ",
        "name": "wazuh-agent",
        "section": "System Environment/Daemons",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "size": 32643562,
        "install_time": "1714143555",
        "source": " ",
        "format": "rpm",
        "location": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "architecture": "x86_64",
        "agent_id": "014"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

Before

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.
9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1606      0 --:--:-- --:--:-- --:--:--  1604
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   849  100   849    0     0  20175      0 --:--:-- --:--:-- --:--:-- 20707
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "major": "8",
          "minor": "5",
          "name": "CentOS Linux",
          "platform": "centos",
          "uname": "Linux |6c7f56e8f606 |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "8.5"
        },
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "version": "Wazuh v4.7.3",
        "group": [
          "default"
        ],
        "name": "buildkitsandbox",
        "registerIP": "any",
        "status_code": 0,
        "dateAdd": "2024-04-26T14:41:29+00:00",
        "lastKeepAlive": "2024-04-26T14:44:31+00:00",
        "ip": "172.17.0.3",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status": "active",
        "manager": "jellyfish",
        "id": "014",
        "node_name": "node01",
        "group_config_status": "synced"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.
9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1808      0 --:--:-- --:--:-- --:--:--  1817
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   849  100   849    0     0  22096      0 --:--:-- --:--:-- --:--:-- 22342
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "major": "8",
          "minor": "5",
          "name": "CentOS Linux",
          "platform": "centos",
          "uname": "Linux |6c7f56e8f606 |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "8.5"
        },
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "version": "Wazuh v4.9.0",
        "group": [
          "default"
        ],
        "name": "buildkitsandbox",
        "registerIP": "any",
        "status_code": 0,
        "dateAdd": "2024-04-26T14:41:29+00:00",
        "lastKeepAlive": "2024-04-26T15:21:38+00:00",
        "ip": "172.17.0.3",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status": "active",
        "manager": "jellyfish",
        "id": "014",
        "node_name": "node01",
        "group_config_status": "synced"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[sdvendramini]

Test: upgrade wazuh-agent using WPK on alpine timed out 🟢

Agent

• Deployed in docker with alpine:latest

os-release

cat /etc/os-release 
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.19.1
PRETTY_NAME="Alpine Linux v3.19"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"

• Old version: 4.7.3

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.3"
WAZUH_REVISION="40714"
WAZUH_TYPE="agent"

• New version: 4.9.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=all&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1689      0 --:--:-- --:--:-- --:--:--  1693
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   284  100   284    0     0   6135      0 --:--:-- --:--:-- --:--:--  6173
{
  "data": {
    "affected_items": [
      {
        "agent": "013",
        "task_id": 29
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=013&tasks_list=29" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST 
"https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq         
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1853      0 --:--:-- --:--:-- --:--:--  1859
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   378  100   378    0     0   5667      0 --:--:-- --:--:-- --:--:--  5727
{
  "data": {
    "affected_items": [
      {
        "command": "upgrade",
        "agent_id": "013",
        "status": "Timeout",
        "module": "upgrade_module",
        "task_id": 29,
        "last_update_time": "2024-04-26T16:01:45Z",
        "create_time": "2024-04-26T15:46:45Z",
        "node": "node01"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}


curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=013" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1847      0 --:--:-- --:--:-- --:--:--  1851
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   497  100   497    0     0  11356      0 --:--:-- --:--:-- --:--:-- 11558
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "013",
        "task_id": 29,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Timeout reached while waiting for the response from the agent, check the result manually on the agent for more information",
        "create_time": "2024-04-26T12:46:45Z",
        "update_time": "2024-04-26T13:01:45Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

curl -k -X GET "https://192.168.56.9:55000/syscollector/013/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-26T13:26:48+00:00"
        },
        "version": "4.7.3-r1",
        "priority": " ",
        "name": "wazuh-agent",
        "section": " ",
        "vendor": "Alpine Linux",
        "size": 18337792,
        "install_time": " ",
        "source": " ",
        "format": "apk",
        "location": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure.",
        "architecture": "x86_64",
        "agent_id": "013"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/syscollector/013/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST 
"https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1741      0 --:--:-- --:--:-- --:--:--  1745
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   564  100   564    0     0  14969      0 --:--:-- --:--:-- --:--:-- 15243
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-26T13:26:48+00:00"
        },
        "version": "4.7.3-r1",
        "priority": " ",
        "name": "wazuh-agent",
        "section": " ",
        "vendor": "Alpine Linux",
        "size": 18337792,
        "install_time": " ",
        "source": " ",
        "format": "apk",
        "location": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure.",
        "architecture": "x86_64",
        "agent_id": "013"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

Before

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=013" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "major": "0",
          "minor": "0",
          "uname": "Linux |894866fbf9aa |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "0.0"
        },
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "version": "Wazuh v4.7.3",
        "group": [
          "default"
        ],
        "name": "894866fbf9aa",
        "registerIP": "any",
        "status_code": 0,
        "dateAdd": "2024-04-26T13:21:16+00:00",
        "lastKeepAlive": "2024-04-26T13:42:03+00:00",
        "ip": "172.17.0.2",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status": "active",
        "manager": "jellyfish",
        "id": "013",
        "node_name": "node01",
        "group_config_status": "synced"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=013" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1615      0 --:--:-- --:--:-- --:--:--  1617
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   800  100   800    0     0  17840      0 --:--:-- --:--:-- --:--:-- 18181
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "major": "0",
          "minor": "0",
          "uname": "Linux |894866fbf9aa |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "0.0"
        },
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "version": "Wazuh v4.7.3",
        "group": [
          "default"
        ],
        "name": "894866fbf9aa",
        "registerIP": "any",
        "status_code": 0,
        "dateAdd": "2024-04-26T13:21:16+00:00",
        "lastKeepAlive": "2024-04-26T16:12:24+00:00",
        "ip": "172.17.0.2",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status": "active",
        "manager": "jellyfish",
        "id": "013",
        "node_name": "node01",
        "group_config_status": "synced"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

NOTE: this scenario turns out as expected since the agent needs some libraries for rpm that are not present.

cat /var/ossec/logs/upgrade.log 
2024/04/26 15:47:05 - Upgrade started.
error: Failed dependencies:
	/bin/sh is needed by wazuh-agent-4.9.0-1.x86_64
	/usr/sbin/groupadd is needed by wazuh-agent-4.9.0-1.x86_64
	/usr/sbin/groupdel is needed by wazuh-agent-4.9.0-1.x86_64
	/usr/sbin/useradd is needed by wazuh-agent-4.9.0-1.x86_64
	/usr/sbin/userdel is needed by wazuh-agent-4.9.0-1.x86_64
	coreutils is needed by wazuh-agent-4.9.0-1.x86_64
2024/04/26 15:47:05 - Installation result = 1
2024/04/26 15:47:05 - Waiting connection... Remaining attempts: 30.
2024/04/26 15:47:06 - Status = connected. 
2024/04/26 15:47:06 - Upgrade failed...

[jr0me]

Test: upgrade wazuh-agent using WPK on MacOS 🟢

Agent

• Deployed in a MacOs vagrant box

system_profiler SPSoftwareDataType

Software:
  System Software Overview:

    System Version: macOS 10.12.6 (16G29)
    Kernel Version: Darwin 16.7.0
    Boot Volume: Macintosh HDD
    Boot Mode: Normal
    Computer Name: This MacBook Pro
    User Name: System Administrator (root)
    Secure Virtual Memory: Enabled
    System Integrity Protection: Enabled
    Time since boot: 11 minutes

• Old version

WAZUH_VERSION="v4.4.4"
WAZUH_REVISION="40411"
WAZUH_TYPE="agent"

• New version

WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

root@manager:~# curl -k -X PUT "https://192.168.1.30:55000/agents/upgrade_custom?agents_list=015&pretty=true&wait_for_complete=true&file_path=/var/ossec/wazuh_agent_v4.9.0_macos_intel64.wpk" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2871      0 --:--:-- --:--:-- --:--:--  2884
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   284  100   284    0     0  10730      0 --:--:-- --:--:-- --:--:-- 10923
{
  "data": {
    "affected_items": [
      {
        "agent": "015",
        "task_id": 80
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/tasks/status?agents_list=015&tasks_list=80" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2724      0 --:--:-- --:--:-- --:--:--  2726
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0  17105      0 --:--:-- --:--:-- --:--:-- 17363
{
  "data": {
    "affected_items": [
      {
        "status": "Done",
        "agent_id": "015",
        "node": "node01",
        "task_id": 80,
        "create_time": "2024-04-29T10:34:43Z",
        "command": "upgrade_custom",
        "module": "upgrade_module",
        "last_update_time": "2024-04-29T10:35:39Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/agents/upgrade_result?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2714      0 --:--:-- --:--:-- --:--:--  2726
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   389  100   389    0     0  16611      0 --:--:-- --:--:-- --:--:-- 16913
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "015",
        "task_id": 80,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade_custom",
        "status": "Updated",
        "create_time": "2024-04-29T10:34:43Z",
        "update_time": "2024-04-29T10:35:39Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Agent info from global.db

Before

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/agents?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2484      0 --:--:-- --:--:-- --:--:--  2472
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   907  100   907    0     0  27668      0 --:--:-- --:--:-- --:--:-- 28343
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Sierra",
          "major": "10",
          "minor": "12",
          "name": "macOS",
          "platform": "darwin",
          "uname": "Darwin |This-MacBook-Pro.local |16.7.0 |Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 |x86_64",
          "version": "10.12.6"
        },
        "status": "active",
        "group_config_status": "synced",
        "registerIP": "any",
        "manager": "manager",
        "node_name": "node01",
        "id": "015",
        "status_code": 0,
        "name": "This-MacBook-Pro.local",
        "ip": "10.0.2.15",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "lastKeepAlive": "2024-04-29T10:23:32+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "dateAdd": "2024-04-29T10:09:03+00:00",
        "group": [
          "default"
        ],
        "version": "Wazuh v4.4.4"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

After

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/agents?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2626      0 --:--:-- --:--:-- --:--:--  2635
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   907  100   907    0     0  39274      0 --:--:-- --:--:-- --:--:-- 39434
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Sierra",
          "major": "10",
          "minor": "12",
          "name": "macOS",
          "platform": "darwin",
          "uname": "Darwin |This-MacBook-Pro.local |16.7.0 |Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 |x86_64",
          "version": "10.12.6"
        },
        "status": "active",
        "group_config_status": "synced",
        "registerIP": "any",
        "manager": "manager",
        "node_name": "node01",
        "id": "015",
        "status_code": 0,
        "name": "This-MacBook-Pro.local",
        "ip": "10.0.2.15",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "lastKeepAlive": "2024-04-29T10:37:27+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "dateAdd": "2024-04-29T10:09:03+00:00",
        "group": [
          "default"
        ],
        "version": "Wazuh v4.9.0"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[sdvendramini]

Test: upgrade wazuh-agent using WPK on debian 🟢

Agent

• Deployed in docker with debian:buster

os-release

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

• Old version: 3.13.6

cat /etc/ossec-init.conf 
DIRECTORY="/var/ossec"
NAME="Wazuh"
VERSION="v3.13.6"
REVISION="31314"
DATE="Mon Apr 29 20:00:55 UTC 2024"
TYPE="agent"

• New version: 4.9.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=all&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "agent": "002",
        "task_id": 2
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=002" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST 
"https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq         
{
  "data": {
    "affected_items": [
      {
        "module": "upgrade_module",
        "last_update_time": "2024-04-29T20:16:25Z",
        "task_id": 2,
        "node": "node01",
        "command": "upgrade",
        "status": "In progress",
        "create_time": "2024-04-29T20:16:25Z",
        "agent_id": "002"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=002" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST 
"https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq         
{
  "data": {
    "affected_items": [
      {
        "module": "upgrade_module",
        "last_update_time": "2024-04-29T20:17:18Z",
        "task_id": 2,
        "node": "node01",
        "command": "upgrade",
        "status": "Done",
        "create_time": "2024-04-29T20:16:25Z",
        "agent_id": "002"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}


curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=002" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "002",
        "task_id": 2,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updated",
        "create_time": "2024-04-29T17:16:25Z",
        "update_time": "2024-04-29T17:17:18Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

curl -k -X GET "https://192.168.56.9:55000/syscollector/002/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 867342421,
          "time": "2024-04-29T20:09:26+00:00"
        },
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "version": "3.13.6-1",
        "size": 13115,
        "priority": "extra",
        "name": "wazuh-agent",
        "format": "deb",
        "architecture": "amd64",
        "section": "admin",
        "location": "",
        "agent_id": "002"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/syscollector/002/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST 
"https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-04-29T20:16:52+00:00"
        },
        "name": "wazuh-agent",
        "size": 37133,
        "install_time": " ",
        "format": "deb",
        "section": "admin",
        "source": " ",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "architecture": "amd64",
        "version": "4.9.0-1",
        "priority": "extra",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "location": " ",
        "agent_id": "002"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

Before

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=002" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "buster",
          "major": "10",
          "name": "Debian GNU/Linux",
          "platform": "debian",
          "uname": "Linux |7f2d36f0ac35 |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "10"
        },
        "lastKeepAlive": "2024-04-29T20:12:12+00:00",
        "dateAdd": "2024-04-29T20:08:15+00:00",
        "version": "Wazuh v3.13.6",
        "node_name": "node01",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "status": "active",
        "ip": "172.17.0.2",
        "registerIP": "any",
        "name": "7f2d36f0ac35",
        "manager": "jellyfish",
        "mergedSum": "4a8724b20dee0124ff9656783c490c4e",
        "group_config_status": "synced",
        "group": [
          "default"
        ],
        "id": "002",
        "status_code": 0
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=002" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "buster",
          "major": "10",
          "name": "Debian GNU/Linux",
          "platform": "debian",
          "uname": "Linux |7f2d36f0ac35 |6.5.0-26-generic |#26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 |x86_64",
          "version": "10"
        },
        "id": "002",
        "status": "active",
        "node_name": "node01",
        "version": "Wazuh v4.9.0",
        "manager": "jellyfish",
        "ip": "172.17.0.2",
        "name": "7f2d36f0ac35",
        "registerIP": "any",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "group": [
          "default"
        ],
        "status_code": 0,
        "group_config_status": "synced",
        "dateAdd": "2024-04-29T20:08:15+00:00",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "lastKeepAlive": "2024-04-29T20:19:55+00:00"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[sdvendramini]

Test: upgrade wazuh-agent using WPK on redhat 🟢

Agent

• Deployed in docker with redhat/ubi8:latest

os-release

cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.9 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.9"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.9 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.9"

• Old version: 4.7.3

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.3"
WAZUH_REVISION="40714"
WAZUH_TYPE="agent"

• New version: 4.9.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

Syscollector colected data

Before

After

Agent info from global.db

Before

After

[sdvendramini]

Test: upgrade wazuh-agent using WPK on ubuntu 🟢

Agent

• Deployed in docker with ubuntu:focal

os-release

cat /etc/os-release 
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

• Old version: 4.6.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.6.0"
WAZUH_REVISION="40603"
WAZUH_TYPE="agent"

• New version: 4.9.0

 /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

Syscollector colected data

Before

After

Agent info from global.db

Before

After

[sdvendramini]

Test: upgrade wazuh-agent using WPK on ubuntu fail due to wrong package_type 🟢

Agent

• Deployed in docker with ubuntu:latest

os-release

cat /etc/os-release 
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

• Old version: 4.6.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.6.0"
WAZUH_REVISION="40603"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

Syscollector colected data

Before

Agent info from global.db

Before

[sdvendramini]

Test: upgrade wazuh-agent using WPK on centos7 - ignoring package_type=deb 🟢

Agent

• Deployed in docker with centos:7

os-release

cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

• Old version: 3.13.6

cat /etc/ossec-init.conf 
DIRECTORY="/var/ossec"
NAME="Wazuh"
VERSION="v3.13.6"
REVISION="31314"

• New version: 4.9.0

 /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

Syscollector colected data

Before

After

Agent info from global.db

Before

After

[sdvendramini]

Test: upgrade wazuh-agent using WPK on centos forcing packages_type=deb 🟢

Agent

• Deployed in docker with centos:7

os-release

cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Upgrade evidence

Steps

NOTE: The upgrade fails because it does not have how to install a deb package, but downloads the correct package indicated by the request.

[sdvendramini]

Test: upgrade wazuh-agent using WPK on Centos5 unsupported platform 🟢

Agent

• Deployed in docker with centos:5

os-release

cat /etc/redhat-release 
CentOS release 5.11 (Final)

• Old version: 3.13.6

cat /etc/ossec-init.conf 
DIRECTORY="/var/ossec"
NAME="Wazuh"
VERSION="v3.13.6"
REVISION="31314"
DATE="Thu Sep 15 10:29:53 UTC 2022"
TYPE="agent"

Upgrade evidence

Steps

Syscollector colected data

Before

Agent info from global.db

Before

[jr0me]

Test: upgrade wazuh-agent using WPK on Linux fails with installation on non default path 🟢

Custom upgrade task created

root@manager:~# curl -k -X PUT "https://192.168.1.30:55000/agents/upgrade_custom?agents_list=025&pretty=true&wait_for_complete=true&file_path=/var/ossec/wazuh_agent_v4.9.0_linux_amd64.deb.wpk" -H "Authorization:
 Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq                                                                                                   
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                                                                                                                    
                                 Dload  Upload   Total   Spent    Left  Speed                                                                                                                                      
100   398  100   398    0     0   1734      0 --:--:-- --:--:-- --:--:--  1730                                                                                                                                     
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                                                                                                                    
                                 Dload  Upload   Total   Spent    Left  Speed                                                                                                                                      
100   285  100   285    0     0   5662      0 --:--:-- --:--:-- --:--:--  5700                                                                                                                                     
{                                                                                                                                                                                                                  
  "data": {                                                                                                                                                                                                        
    "affected_items": [                                                                                                                                                                                            
      {                                                                                                                                                                                                            
        "agent": "025",                                                                                                                                                                                            
        "task_id": 103                                                                                                                                                                                             
      }                                                                                                                                                                                                            
    ],                                                                                                                                                                                                             
    "total_affected_items": 1,                                                                                                                                                                                     
    "total_failed_items": 0,                                                                                                                                                                                       
    "failed_items": []                                                                                                                                                                                             
  },                                                                                                                                                                                                               
  "message": "All upgrade tasks were created",                                                                                                                                                                     
  "error": 0                                                                                                                                                                                                       
}  

Task in progress

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/tasks/status?agents_list=025&tasks_list=103" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq -X GET "https://192.168.1.30:55000/tasks/status?agents_list=025&tasks_list=103" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authen  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1390      0 --:--:-- --:--:-- --:--:--  1391
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   390  100   390    0     0   8478      0 --:--:-- --:--:-- --:--:--  8666
{
  "data": {
    "affected_items": [
      {
        "node": "node01",
        "command": "upgrade_custom",
        "create_time": "2024-05-02T18:51:29Z",
        "agent_id": "025",
        "status": "In progress",
        "last_update_time": "2024-05-02T18:51:29Z",
        "module": "upgrade_module",
        "task_id": 103
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

Task failed

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/tasks/status?agents_list=025&tasks_list=103" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1205      0 --:--:-- --:--:-- --:--:--  1209
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   446  100   446    0     0   8231      0 --:--:-- --:--:-- --:--:--  8259
{
  "data": {
    "affected_items": [
      {
        "node": "node01",
        "command": "upgrade_custom",
        "create_time": "2024-05-02T18:51:29Z",
        "error_message": "Upgrade procedure exited with error code",
        "agent_id": "025",
        "status": "Failed",
        "last_update_time": "2024-05-02T18:55:49Z",
        "module": "upgrade_module",
        "task_id": 103
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

Upgrade log from agent

root@dev:/var/wazuh# cat /var/wazuh/var/upgrade/upgrade_result 
2root@dev:/var/wazuh# 
root@dev:/var/wazuh# cat /var/wazuh/logs/upgrade.log 
2024/05/02 18:52:02 - Upgrade started.
2024/05/02 18:52:02 - Checking execution path.
2024/05/02 18:52:02 - Execution path is wrong (it should be /var/ossec), interrupting upgrade.

Report from manager

root@manager:~# curl -k -X GET "https://192.168.1.30:55000/agents?agents_list=025" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.1.30:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   1184      0 --:--:-- --:--:-- --:--:--  1188
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   844  100   844    0     0  14429      0 --:--:-- --:--:-- --:--:-- 14551
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Jammy Jellyfish",
          "major": "22",
          "minor": "04",
          "name": "Ubuntu",
          "platform": "ubuntu",
          "uname": "Linux |dev |5.15.0-91-generic |#101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 |x86_64",
          "version": "22.04.3 LTS"
        },
        "ip": "192.168.1.32",
        "name": "dev",
        "group_config_status": "synced",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "id": "025",
        "dateAdd": "2024-05-02T18:43:35+00:00",
        "status": "active",
        "lastKeepAlive": "2024-05-02T19:00:17+00:00",
        "group": [
          "default"
        ],
        "registerIP": "any",
        "manager": "manager",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "version": "Wazuh v4.7.3",
        "node_name": "node01",
        "status_code": 0
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[sdvendramini]

Test: upgrade wazuh-agent fail (installed on another path) using WPK on ubuntu 🟢

Agent

• Deployed in docker with ubuntu:latest

os-release

cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

• Old version: 4.7.4

/var/wazuh/bin/wazuh-control info
WAZUH_VERSION="v4.7.4"
WAZUH_REVISION="40717"
WAZUH_TYPE="agent"

Agent info from global.db

Agent 012

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=012" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Noble Numbat",
          "major": "24",
          "minor": "04",
          "name": "Ubuntu",
          "platform": "ubuntu",
          "uname": "Linux |20d92fd580e1 |6.5.0-28-generic |#29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr  4 14:39:20 UTC 2 |x86_64",
          "version": "24.04 LTS"
        },
        "group_config_status": "synced",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "node_name": "node01",
        "name": "20d92fd580e1",
        "id": "012",
        "ip": "172.17.0.2",
        "dateAdd": "2024-05-06T19:34:36+00:00",
        "status": "active",
        "version": "Wazuh v4.7.4",
        "manager": "jellyfish",
        "status_code": 0,
        "lastKeepAlive": "2024-05-06T19:37:12+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "registerIP": "any",
        "group": [
          "default"
        ]
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=all&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [
      {
        "agent": "011",
        "task_id": 15
      },
      {
        "agent": "012",
        "task_id": 16
      }
    ],
    "total_affected_items": 2,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=012" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "task_id": 16,
        "node": "node01",
        "module": "upgrade_module",
        "create_time": "2024-05-06T19:38:10Z",
        "last_update_time": "2024-05-06T19:38:10Z",
        "agent_id": "012",
        "command": "upgrade",
        "status": "In progress"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=012" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "012",
        "task_id": 16,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updating",
        "create_time": "2024-05-06T16:38:10Z",
        "update_time": "2024-05-06T16:38:10Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=012" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [
      {
        "task_id": 16,
        "node": "node01",
        "module": "upgrade_module",
        "create_time": "2024-05-06T19:38:10Z",
        "last_update_time": "2024-05-06T19:53:10Z",
        "agent_id": "012",
        "command": "upgrade",
        "status": "Timeout"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=012" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "012",
        "task_id": 16,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Timeout reached while waiting for the response from the agent, check the result manually on the agent for more information",
        "create_time": "2024-05-06T16:38:10Z",
        "update_time": "2024-05-06T16:53:10Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Upgrade log

cat /var/wazuh/logs/upgrade.log 
2024/05/06 16:38:28 - Upgrade started.
2024/05/06 16:38:28 - Checking execution path.
2024/05/06 16:38:28 - Execution path is wrong (it should be /var/ossec), interrupting upgrade.

[sdvendramini]

Test: upgrade wazuh-agent using WPK on fedora with another upgrade already running 🟢

Agent

• Deployed in docker with fedora:latest

os-release

cat /etc/os-release
NAME="Fedora Linux"
VERSION="40 (Container Image)"
ID=fedora
VERSION_ID=40
VERSION_CODENAME=""
PLATFORM_ID="platform:f40"
PRETTY_NAME="Fedora Linux 40 (Container Image)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:40"
DEFAULT_HOSTNAME="fedora"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f40/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=40
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=40
SUPPORT_END=2025-05-13
VARIANT="Container Image"
VARIANT_ID=container

• Old version: 4.7.3

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.3"
WAZUH_REVISION="40714"
WAZUH_TYPE="agent"

• New version: 4.9.0

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.9.0"
WAZUH_REVISION="40900"
WAZUH_TYPE="agent"

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=all&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "agent": "014",
        "task_id": 18
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "task_id": 18,
        "node": "node01",
        "module": "upgrade_module",
        "create_time": "2024-05-07T11:37:13Z",
        "last_update_time": "2024-05-07T11:37:13Z",
        "agent_id": "014",
        "command": "upgrade",
        "status": "In progress"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=014&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [],
    "total_affected_items": 0,
    "total_failed_items": 1,
    "failed_items": [
      {
        "error": {
          "code": 1820,
          "message": "Upgrade procedure could not start. Agent already upgrading"
        },
        "id": [
          "014"
        ]
      }
    ]
  },
  "message": "No upgrade task was created",
  "error": 1
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "task_id": 18,
        "node": "node01",
        "module": "upgrade_module",
        "create_time": "2024-05-07T11:37:13Z",
        "last_update_time": "2024-05-07T11:43:21Z",
        "agent_id": "014",
        "command": "upgrade",
        "status": "Done"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0   2005      0 --:--:-- --:--:-- --:--:--  2010
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   382  100   382    0     0   7030      0 --:--:-- --:--:-- --:--:--  7074
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "014",
        "task_id": 18,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updated",
        "create_time": "2024-05-07T08:37:13Z",
        "update_time": "2024-05-07T08:43:21Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

curl -k -X GET "https://192.168.56.9:55000/syscollector/014/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "ht
tps://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-05-07T11:33:24+00:00"
        },
        "version": "4.7.3-1",
        "section": "System Environment/Daemons",
        "install_time": "1715080155",
        "source": " ",
        "priority": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring\nhosts at an operating system and application level. It provides the following capabilities:\nlog analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "format": "rpm",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "name": "wazuh-agent",
        "location": " ",
        "size": 27008957,
        "architecture": "x86_64",
        "agent_id": "014"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/syscollector/014/packages?name=wazuh-agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-05-07T11:42:53+00:00"
        },
        "version": "4.9.0-1",
        "section": "System Environment/Daemons",
        "install_time": "1715082167",
        "source": " ",
        "priority": " ",
        "description": "Wazuh helps you to gain security visibility into your infrastructure by monitoring\nhosts at an operating system and application level. It provides the following capabilities:\nlog analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring",
        "format": "rpm",
        "vendor": "Wazuh, Inc <info@wazuh.com>",
        "name": "wazuh-agent",
        "location": " ",
        "size": 32643562,
        "architecture": "x86_64",
        "agent_id": "014"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

Before

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Container Image",
          "major": "40",
          "name": "Fedora Linux",
          "platform": "fedora",
          "uname": "Linux |ee2474a506cb |6.5.0-28-generic |#29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr  4 14:39:20 UTC 2 |x86_64",
          "version": "40"
        },
        "group_config_status": "synced",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "node_name": "node01",
        "name": "ee2474a506cb",
        "id": "014",
        "ip": "172.17.0.3",
        "dateAdd": "2024-05-07T11:12:51+00:00",
        "status": "active",
        "version": "Wazuh v4.7.3",
        "manager": "jellyfish",
        "status_code": 0,
        "lastKeepAlive": "2024-05-07T11:34:11+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "registerIP": "any",
        "group": [
          "default"
        ]
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=014" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Container Image",
          "major": "40",
          "name": "Fedora Linux",
          "platform": "fedora",
          "uname": "Linux |ee2474a506cb |6.5.0-28-generic |#29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr  4 14:39:20 UTC 2 |x86_64",
          "version": "40"
        },
        "group_config_status": "synced",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "node_name": "node01",
        "name": "ee2474a506cb",
        "id": "014",
        "ip": "172.17.0.3",
        "dateAdd": "2024-05-07T11:12:51+00:00",
        "status": "active",
        "version": "Wazuh v4.9.0",
        "manager": "jellyfish",
        "status_code": 0,
        "lastKeepAlive": "2024-05-07T11:45:50+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "registerIP": "any",
        "group": [
          "default"
        ]
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

[sdvendramini]

Test: upgrade wazuh-agent using WPK on Windows running 🟢

Agent

• Deployed in vagrant with gusztavvargadr/windows-server

os-info

Edition Windows Server 2022 Standard Evaluation
Version 21H2
Installed on  06/03/2024
OS build  20348.2322

• Old version: 4.7.4
  

• New version: 4.9.0
  

Upgrade evidence

Steps

curl -k -X PUT "https://192.168.56.9:55000/agents/upgrade?agents_list=all&pretty=true&wait_for_complete=true&wpk_repo=https://packages.wazuh.com/deps/test/" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "agent": "015",
        "task_id": 22
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were created",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "task_id": 22,
        "node": "node01",
        "module": "upgrade_module",
        "create_time": "2024-05-07T12:21:12Z",
        "last_update_time": "2024-05-07T12:21:12Z",
        "agent_id": "015",
        "command": "upgrade",
        "status": "In progress"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/tasks/status?agents_list=015&tasks_list=22" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "task_id": 22,
        "node": "node01",
        "module": "upgrade_module",
        "create_time": "2024-05-07T12:21:12Z",
        "last_update_time": "2024-05-07T12:22:08Z",
        "agent_id": "015",
        "command": "upgrade",
        "status": "Done"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified task's status were returned",
  "error": 0
}

curl -k -X GET "https://192.168.56.9:55000/agents/upgrade_result?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "message": "Success",
        "agent": "015",
        "task_id": 22,
        "node": "node01",
        "module": "upgrade_module",
        "command": "upgrade",
        "status": "Updated",
        "create_time": "2024-05-07T09:21:12Z",
        "update_time": "2024-05-07T09:22:08Z"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All upgrade tasks were returned",
  "error": 0
}

Syscollector colected data

Before

curl -k -X GET "https://192.168.56.9:55000/syscollector/015/packages?name=Wazuh+Agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-05-07T12:05:45+00:00"
        },
        "version": "4.7.4",
        "section": " ",
        "install_time": "2024-05-07T12:04:51+00:00",
        "source": " ",
        "priority": " ",
        "description": " ",
        "format": "win",
        "vendor": "Wazuh, Inc.",
        "name": "Wazuh Agent",
        "location": " ",
        "size": 0,
        "architecture": "i686",
        "agent_id": "015"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/syscollector/015/packages?name=Wazuh+Agent" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq

{
  "data": {
    "affected_items": [
      {
        "scan": {
          "id": 0,
          "time": "2024-05-07T12:28:40+00:00"
        },
        "version": "4.9.0",
        "section": " ",
        "install_time": "2024-05-07T12:21:39+00:00",
        "source": " ",
        "priority": " ",
        "description": " ",
        "format": "win",
        "vendor": "Wazuh, Inc.",
        "name": "Wazuh Agent",
        "location": " ",
        "size": 0,
        "architecture": "i686",
        "agent_id": "015"
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All specified syscollector information was returned",
  "error": 0
}

Agent info from global.db

Before

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "build": "20348.2322",
          "major": "10",
          "minor": "0",
          "name": "Microsoft Windows Server 2022 Standard Evaluation",
          "platform": "windows",
          "uname": "Microsoft Windows Server 2022 Standard Evaluation",
          "version": "10.0.20348.2322"
        },
        "group_config_status": "synced",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "node_name": "node01",
        "name": "WIN-FKH870I0A4B",
        "id": "015",
        "ip": "10.0.2.15",
        "dateAdd": "2024-05-07T12:05:09+00:00",
        "status": "active",
        "version": "Wazuh v4.7.4",
        "manager": "jellyfish",
        "status_code": 0,
        "lastKeepAlive": "2024-05-07T12:14:21+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "registerIP": "any",
        "group": [
          "default"
        ]
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}

After

curl -k -X GET "https://192.168.56.9:55000/agents?agents_list=015" -H "Authorization: Bearer $(curl -u wazuh:wazuh -k -X POST "https://192.168.56.9:55000/security/user/authenticate?raw=true")" | jq
{
  "data": {
    "affected_items": [
      {
        "os": {
          "build": "20348.2322",
          "major": "10",
          "minor": "0",
          "name": "Microsoft Windows Server 2022 Standard Evaluation",
          "platform": "windows",
          "uname": "Microsoft Windows Server 2022 Standard Evaluation",
          "version": "10.0.20348.2322"
        },
        "group_config_status": "synced",
        "mergedSum": "d0f51333bf62a0d4dbe082107c77e1a4",
        "node_name": "node01",
        "name": "WIN-FKH870I0A4B",
        "id": "015",
        "ip": "10.0.2.15",
        "dateAdd": "2024-05-07T12:05:09+00:00",
        "status": "active",
        "version": "Wazuh v4.9.0",
        "manager": "jellyfish",
        "status_code": 0,
        "lastKeepAlive": "2024-05-07T12:27:47+00:00",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00",
        "registerIP": "any",
        "group": [
          "default"
        ]
      }
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "All selected agents information was returned",
  "error": 0
}