-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Agent/server communication protocol #22677
Labels
Comments
This was referenced Apr 8, 2024
Closed
havidarou
changed the title
Agent/manager communication protocol
Agent/server communication protocol
May 2, 2024
This was referenced May 14, 2024
nice :D |
This was referenced Jun 13, 2024
This was referenced Jun 18, 2024
This was referenced Jun 24, 2024
4 tasks
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Wazuh's current communication setup is complex and lacks a standardized approach. This complexity causes compatibility issues. Simplifying and standardizing the protocol is crucial for better efficiency and security.
Currently, we have two models of communication:
These two models are very different, so we must address their design differences carefully. We want these two models to share some capabilities, including:
Concepts:
Agent comms API
.Registration, authorization, and authentication
All agents must be registered, authorized, and authenticated to connect to the server. This is mandatory for all agents.
The registration process will use the current
Server management API
. It therefore takes advantage of its RBAC (a specific policy related to agent registration should be created/reviewed).The authorization and authentication process will use the
Agent comms API
. We want to use a well-known protocol to implement authorization and authentication using standard libraries and tools. We might consider oAuth 2.0 with JWTs.Agent comms API
The
Agent comms API
design should allow us to use third-party infrastructure such as standard load balancers, application firewalls, cache servers, etc, transparently. This means a standard communication protocol is mandatory, including standard security protocols widely adopted by the industry, so we are compatible with current public key infrastructure deployments.This API must have a version, and all the endpoints and behaviors must be documented so anyone can build agents and develop tests with it.
Endpoint agent changes
It should restart as few times as possible during its normal operation. For instance, it should not restart when receiving a remote configuration or when connecting to a different server.
It should contain the minimum number of binaries and daemons. Existing binaries and daemons will be removed/reviewed.
The deployment process will change to adopt a standardized approach. No more environment variables are used for deployment (they are not consistent across OSs).
Functional requirements
Note: The following functional requirements are expressed from the communications protocol and endpoint agent standpoints.
Agent comms API
Communication
Security
Authorization and authentication
API design
Agent deployment
Server management API
.Server management API
.Endpoint agents
will introduce an Agent CLI used to initialize their configuration, including their registration. This CLI will be standardized for all compatible OS.Endpoint agent behavior
Non-functional requirements
Scalability:
Interoperability:
Security:
Reliability:
Performance:
Usability:
Maintainability:
Metrics and statistics:
Implementation restrictions
Agent comms API
endpoint per Agent module (FIM, Logcollector, SCA, etc). These endpoints can be eitherstateless
orstateful
type.Agent comms API
endpoints for bulk requests (stateless bulks and stateful bulks).Agent comms API
client will be developed in C++ as a replacement for the currentagentd
daemon.Agent comms API
server will be developed in Python as a replacement for the currentremoted
daemon.remoted
,agentd
, andauthd
daemons, along with their associated binaries.Plan
Spike. ETA 06/28/2024
Agent comms API
server design #23395Agent comms API
endpoint client wazuh-agent#1MVP implementation. (6 weeks)
remoted
with the server daemon.agentd
with the client daemon.Feature complete implementation. (6 weeks)
Integration (? weeks)
Acceptance testing. (2 weeks) @wazuh/devel-qa
The text was updated successfully, but these errors were encountered: