Updated Wazuh agent installation

This commit is contained in:
Brian Zalewski 2024-05-05 04:49:41 +00:00
parent c3b6f6b084
commit 9bf7c0a21e
2 changed files with 32 additions and 13 deletions

View file

@ -34,7 +34,17 @@ sudo apt-get install -y bash curl
## macOS ## macOS
macOS has no special requirements. ### macFUSE Kernel Extensions
macFUSE requires kernel extensions which are not allowed by default. Before provisioning, enable kernel extensions by booting into the recovery environment. You can enable kernel extensions by:
1. Shut down system
2. Press and hold the Touch ID or power button to launch the Startup Security Utility
3. In the Startup Security Utility, enable kernel extensions from the Security Policy button
4. Reboot into the main environment
5. Open the System Settings
6. Click on Privacy & Security
7. Enable relevant System Extensions by clicking on "Enable System Extensions..." (Note: If you enable kernel extensions before installing macFUSE, then the option to enable the extensions will not be available yet. You can either manually install macFUSE before running the provisioning process or revisit the settings page and enable them after the kickstart script installs macFUSE)
## Qubes ## Qubes

View file

@ -4,18 +4,27 @@
if [ -d /Applications ] && [ -d /System ]; then if [ -d /Applications ] && [ -d /System ]; then
### macOS ### macOS
if ! csrutil status | grep enabled > /dev/null; then cd /tmp
cd /tmp logg info 'Downloading the macOS Wazuh agent pkg'
logg info 'Downloading the macOS Wazuh agent pkg' if [[ $(uname -m) == 'arm64' ]]; then
curl -sSL https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.4-1.pkg > wazuh-agent.pkg PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.arm64.pkg"
sudo launchctl setenv WAZUH_MANAGER "$WAZUH_MANAGER" else
logg info 'Installing the Wazuh agent pkg' PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg"
sudo installer -pkg wazuh-agent.pkg -target / fi
sudo chmod 755 /Library/Ossec curl -sSL "$PKG_URL" > wazuh-agent.pkg
sudo chmod 755 /Library/Ossec/bin log info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
rm /tmp/wazuh-agent.pkg # https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html
logg info 'Running sudo wazuh-control start' echo "WAZUH_MANAGER='$WAZUH_MANAGER'" > /tmp/wazuh_envs
sudo wazuh-control start logg info 'Installing the Wazuh agent pkg'
sudo installer -pkg wazuh-agent.pkg -target /
sudo chmod 755 /Library/Ossec
sudo chmod 755 /Library/Ossec/bin
find "/Library/Ossec/bin" -mindepth 1 -maxdepth 1 -type f | while read BIN_FILE; do
sudo chmod +x "$BIN_FILE"
done
rm /tmp/wazuh-agent.pkg
logg info 'Running sudo wazuh-control start'
sudo wazuh-control start
else else
logg warn "Skipping Wazuh Agent installation because System Integrity Protection is enabled. Disabling it requires booting into recovery and running csrutil disable, installing Wazuh Agent normally, and then re-enabling it again in recovery mode." logg warn "Skipping Wazuh Agent installation because System Integrity Protection is enabled. Disabling it requires booting into recovery and running csrutil disable, installing Wazuh Agent normally, and then re-enabling it again in recovery mode."
fi fi