Updated Wazuh agent installation
This commit is contained in:
parent
c3b6f6b084
commit
9bf7c0a21e
2 changed files with 32 additions and 13 deletions
|
@ -34,7 +34,17 @@ sudo apt-get install -y bash curl
|
||||||
|
|
||||||
## macOS
|
## macOS
|
||||||
|
|
||||||
macOS has no special requirements.
|
### macFUSE Kernel Extensions
|
||||||
|
|
||||||
|
macFUSE requires kernel extensions which are not allowed by default. Before provisioning, enable kernel extensions by booting into the recovery environment. You can enable kernel extensions by:
|
||||||
|
|
||||||
|
1. Shut down system
|
||||||
|
2. Press and hold the Touch ID or power button to launch the Startup Security Utility
|
||||||
|
3. In the Startup Security Utility, enable kernel extensions from the Security Policy button
|
||||||
|
4. Reboot into the main environment
|
||||||
|
5. Open the System Settings
|
||||||
|
6. Click on Privacy & Security
|
||||||
|
7. Enable relevant System Extensions by clicking on "Enable System Extensions..." (Note: If you enable kernel extensions before installing macFUSE, then the option to enable the extensions will not be available yet. You can either manually install macFUSE before running the provisioning process or revisit the settings page and enable them after the kickstart script installs macFUSE)
|
||||||
|
|
||||||
## Qubes
|
## Qubes
|
||||||
|
|
||||||
|
|
|
@ -4,15 +4,24 @@
|
||||||
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
### macOS
|
### macOS
|
||||||
if ! csrutil status | grep enabled > /dev/null; then
|
|
||||||
cd /tmp
|
cd /tmp
|
||||||
logg info 'Downloading the macOS Wazuh agent pkg'
|
logg info 'Downloading the macOS Wazuh agent pkg'
|
||||||
curl -sSL https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.4-1.pkg > wazuh-agent.pkg
|
if [[ $(uname -m) == 'arm64' ]]; then
|
||||||
sudo launchctl setenv WAZUH_MANAGER "$WAZUH_MANAGER"
|
PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.arm64.pkg"
|
||||||
|
else
|
||||||
|
PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg"
|
||||||
|
fi
|
||||||
|
curl -sSL "$PKG_URL" > wazuh-agent.pkg
|
||||||
|
log info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
|
||||||
|
# https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html
|
||||||
|
echo "WAZUH_MANAGER='$WAZUH_MANAGER'" > /tmp/wazuh_envs
|
||||||
logg info 'Installing the Wazuh agent pkg'
|
logg info 'Installing the Wazuh agent pkg'
|
||||||
sudo installer -pkg wazuh-agent.pkg -target /
|
sudo installer -pkg wazuh-agent.pkg -target /
|
||||||
sudo chmod 755 /Library/Ossec
|
sudo chmod 755 /Library/Ossec
|
||||||
sudo chmod 755 /Library/Ossec/bin
|
sudo chmod 755 /Library/Ossec/bin
|
||||||
|
find "/Library/Ossec/bin" -mindepth 1 -maxdepth 1 -type f | while read BIN_FILE; do
|
||||||
|
sudo chmod +x "$BIN_FILE"
|
||||||
|
done
|
||||||
rm /tmp/wazuh-agent.pkg
|
rm /tmp/wazuh-agent.pkg
|
||||||
logg info 'Running sudo wazuh-control start'
|
logg info 'Running sudo wazuh-control start'
|
||||||
sudo wazuh-control start
|
sudo wazuh-control start
|
||||||
|
|
Loading…
Reference in a new issue