Updated Wazuh agent installation

docs/getting-started/requirements.md

@@ -34,7 +34,17 @@ sudo apt-get install -y bash curl
 
 ## macOS
 
-macOS has no special requirements.
+### macFUSE Kernel Extensions
+
+macFUSE requires kernel extensions which are not allowed by default. Before provisioning, enable kernel extensions by booting into the recovery environment. You can enable kernel extensions by:
+
+1. Shut down system
+2. Press and hold the Touch ID or power button to launch the Startup Security Utility
+3. In the Startup Security Utility, enable kernel extensions from the Security Policy button
+4. Reboot into the main environment
+5. Open the System Settings
+6. Click on Privacy & Security
+7. Enable relevant System Extensions by clicking on "Enable System Extensions..." (Note: If you enable kernel extensions before installing macFUSE, then the option to enable the extensions will not be available yet. You can either manually install macFUSE before running the provisioning process or revisit the settings page and enable them after the kickstart script installs macFUSE)
 
 ## Qubes
 

home/dot_local/bin/post-installx/executable_post-wazuh.sh

@@ -4,18 +4,27 @@
 
 if [ -d /Applications ] && [ -d /System ]; then
     ### macOS
-    if ! csrutil status | grep enabled > /dev/null; then
-        cd /tmp
-        logg info 'Downloading the macOS Wazuh agent pkg'
-        curl -sSL https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.4-1.pkg > wazuh-agent.pkg
-        sudo launchctl setenv WAZUH_MANAGER "$WAZUH_MANAGER"
-        logg info 'Installing the Wazuh agent pkg'
-        sudo installer -pkg wazuh-agent.pkg -target /
-        sudo chmod 755 /Library/Ossec
-        sudo chmod 755 /Library/Ossec/bin
-        rm /tmp/wazuh-agent.pkg
-        logg info 'Running sudo wazuh-control start'
-        sudo wazuh-control start
+    cd /tmp
+    logg info 'Downloading the macOS Wazuh agent pkg'
+    if [[ $(uname -m) == 'arm64' ]]; then
+        PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.arm64.pkg"
+    else
+        PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg"
+    fi
+    curl -sSL "$PKG_URL" > wazuh-agent.pkg
+    log info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
+    # https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html
+    echo "WAZUH_MANAGER='$WAZUH_MANAGER'" > /tmp/wazuh_envs
+    logg info 'Installing the Wazuh agent pkg'
+    sudo installer -pkg wazuh-agent.pkg -target /
+    sudo chmod 755 /Library/Ossec
+    sudo chmod 755 /Library/Ossec/bin
+    find "/Library/Ossec/bin" -mindepth 1 -maxdepth 1 -type f | while read BIN_FILE; do
+        sudo chmod +x "$BIN_FILE"
+    done
+    rm /tmp/wazuh-agent.pkg
+    logg info 'Running sudo wazuh-control start'
+    sudo wazuh-control start
     else
         logg warn "Skipping Wazuh Agent installation because System Integrity Protection is enabled. Disabling it requires booting into recovery and running csrutil disable, installing Wazuh Agent normally, and then re-enabling it again in recovery mode."
     fi