Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for restart command in Windows Agent #627

Merged
merged 2 commits into from
Feb 26, 2025
Merged

Add support for restart command in Windows Agent #627

merged 2 commits into from
Feb 26, 2025

Conversation

aritosteles
Copy link
Contributor

@aritosteles aritosteles commented Feb 25, 2025
edited by TomasTurina
Loading

Description

This PR enables the Wazuh agent to support a command for self-restart in Windows.

Proposed Changes

  • Devise a strategy to restart the Agent when running as a service. Windows Service Control does not offer a restart command like launchd or systemd do. This is problematic since the service cannot restart itself using a simple sequence of stop/start because it is stopped before it has a chance to start another instance of itself. The desired functionality can be achieved by leveraging Powershell command Restart-Service, running through a call to Win32 function CreateProcess().
  • Devise a strategyto restart the Agent when running in the foreground. This presents a problem similar to the one described in the previous case because we are not running a separate process to do the restart. The problem can be solved by a call to 'cmd' before stopping the Agent. The instance of cmd will delay for some time to allow the running Agent to gracefully shutdown before starting a new instance.

Results and Evidence

  • Agent restarted while running as a service:

image

Full sequence of events:

event log.txt

  • Agent restarted while running in the foreground:

image

Artifacts Affected

  • Windows executable

Configuration Changes

None

Documentation Updates

None

Tests Introduced

Review Checklist

  • Code changes reviewed
  • Relevant evidence provided
  • Tests cover the new functionality
  • Configuration changes documented
  • Developer documentation reflects the changes
  • Meets requirements and/or definition of done
  • No unresolved dependencies with other issues
  • ...

@aritosteles aritosteles linked an issue Feb 25, 2025 that may be closed by this pull request
Add support for agent self-restarting for Windows #552
Closed
2 tasks
@aritosteles aritosteles force-pushed the enhancement/552-windows-restart branch 8 times, most recently from 7cef7f0 to e0c659e Compare February 26, 2025 01:20
@aritosteles
refactor: renames namespace WindowsService
544add0 
Renames namespace to windows_service for consistency
throughout the project.
@aritosteles aritosteles force-pushed the enhancement/552-windows-restart branch 3 times, most recently from ddfa955 to 2c3a86a Compare February 26, 2025 13:28
@aritosteles aritosteles marked this pull request as ready for review February 26, 2025 13:30
@aritosteles aritosteles force-pushed the enhancement/552-windows-restart branch 3 times, most recently from 4a2ff21 to 05a6253 Compare February 26, 2025 15:09
jr0me
jr0me reviewed Feb 26, 2025
View reviewed changes
Copy link
Member

@jr0me jr0me left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this only work if windows has powershell? I ask because I'm not sure that it is always available.

@aritosteles
Copy link
Contributor Author

Will this only work if windows has powershell? I ask because I'm not sure that it is always available.

Windows Powershell has been bundled since Windows XP SP3 and can be installed on earlier versions of XP. Should this be a concern?

@jr0me
Copy link
Member

jr0me commented Feb 26, 2025

Windows Powershell has been bundled since Windows XP SP3 and can be installed on earlier versions of XP. Should this be a concern?

Not necessarily, but if it's not bundled in any of the Windows versions we support, it should be added to the requirements list or to the documentation.

@aritosteles aritosteles force-pushed the enhancement/552-windows-restart branch 6 times, most recently from e715dde to cf942af Compare February 26, 2025 19:23
@aritosteles aritosteles force-pushed the enhancement/552-windows-restart branch 2 times, most recently from a1c9975 to a77c1c5 Compare February 26, 2025 19:37
jr0me
jr0me approved these changes Feb 26, 2025
View reviewed changes
Copy link
Member

@jr0me jr0me left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@aritosteles aritosteles force-pushed the enhancement/552-windows-restart branch from a77c1c5 to 57bd15b Compare February 26, 2025 20:37
@TomasTurina TomasTurina merged commit 307d82a into main Feb 26, 2025
5 checks passed
@TomasTurina TomasTurina deleted the enhancement/552-windows-restart branch February 26, 2025 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TomasTurina TomasTurina TomasTurina approved these changes

@jr0me jr0me jr0me approved these changes

@sdvendramini sdvendramini Awaiting requested review from sdvendramini

@Nicogp Nicogp Awaiting requested review from Nicogp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for agent self-restarting for Windows
3 participants
@aritosteles @jr0me @TomasTurina