Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA testing - Validate macOS agent retrieve package vendor if it's available #3059

Closed
3 tasks done
jnasselle opened this issue Jul 1, 2022 · 6 comments
Closed
3 tasks done

QA testing - Validate macOS agent retrieve package vendor if it's available #3059

jnasselle opened this issue Jul 1, 2022 · 6 comments
Assignees
@CamiRomero
Labels
dev-testing manual-testing
Milestone
Core PRs approval...

Comments

@jnasselle
Copy link
Member

jnasselle commented Jul 1, 2022
edited by CamiRomero
Loading

Target version Related issue Related PR
v4.3.6 wazuh/wazuh#14074 wazuh/wazuh#14100

Description

It's desirable to validate that the macOS agent can retrieve the package vendor if such information is available.
Currently, brew/homebrew packages do not contain vendor information.

Proposed checks

  • Validate that package vendor information is not populated to the manager on 4.3.5
  • Validate that package vendor information is populated to the manager on 4.3.6
  • Validate that package vendor information is populated to the manager when Wazuh is upgrade

Steps to reproduce

  1. Install Wazuh macOS agent and connect to Wazuh Manager
  2. Wait until Wazuh macOS agent ends syscollector scan
  3. Check using /syscollector/packages API request

Current results

3- No package contains vendor information

Expected results

3- At least macOS factory packages include vendor information

Configuration and considerations

Wazuh Commit Agent Package Manager Package
wazuh/wazuh@3dc1b31 https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/macos/wazuh-agent-4.3.6-0.commit3dc1b31.pkg https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/deb/var/wazuh-manager_4.3.6-0.commit3dc1b31_amd64.deb https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm
@jnasselle jnasselle added this to the Core PRs approval - 4.3.6 milestone Jul 1, 2022
@jnasselle jnasselle mentioned this issue Jul 1, 2022
Closed
3 tasks
@CamiRomero
Copy link
Contributor

CamiRomero commented Jul 5, 2022
edited by jmv74211
Loading

Review data

Tester PR commit
@CamiRomero 9ea4d5a

Testing environment

OS OS version Deployment Image/AMI Notes
macOS macOS 10.15 LOCAL| Vagrant development/macos-catalina
macOS macOS 11.6 LOCAL| Vagrant qactl/macos_big_sur
macOS macOS 12 LOCAL| Vagrant development/macos-monterey

Tested packages

wazuh-manager wazuh-agent
4.3.6 4.3.6

Status

  • In progress
  • Pending Review
  • Team leader approved
  • Manager approved

@CamiRomero
Copy link
Contributor

CamiRomero commented Jul 5, 2022
edited
Loading

Validate that package vendor information is not populated to the manager on 4.3.5

Validate macOS agent not retrieve package vendor on Catalina 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Check version of macOS

    sw_vers

    Output:

    ProductName:	Mac OS X
ProductVersion:	10.15.1
BuildVersion:	19B88

  4. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/AGENT_ID/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

          ...
       {
           "scan": {
               "id": 0,
               "time": "2022-07-13T14:31:08Z"
           },
           "name": "PodcastsAuthAgent",
           "size": 0,
           "architecture": " ",
           "description": "com.apple.podcasts.PodcastsAuthAgent",
           "source": "utilities",
           "location": "/System/Library/CoreServices/PodcastsAuthAgent.app/Contents/Info.plist",
           "version": "1.0",
           "format": "pkg",
           "agent_id": "003"
       },
Validate macOS agent not retrieve package vendor on Big Sur 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Check version of macOS

    sw_vers

    Output:

    ProductName:	macOS
ProductVersion:	11.0
BuildVersion:	20A5343j

  4. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/AGENT_ID/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

          ...
       {
             "scan": {
                 "id": 0,
                 "time": "2021-11-24T01:22:33Z"
             },
             "architecture": " ",
             "size": 0,
             "name": "Mail",
             "location": "/System/Applications/Mail.app/Contents/Info.plist",
             "version": "14.0",
             "source": "utilities",
             "format": "pkg",
             "description": "com.apple.mail",
             "section": "public.app-category.productivity",
             "agent_id": "001"
         },
Validate macOS agent not retrieve package vendor on Monterey 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Check version of macOS

    sw_vers

    Output:

    ProductName:	macOS
ProductVersion:	12.0.1
BuildVersion:	21A559

  4. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/AGENT_ID/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

          ...
        {
           "scan": {
               "id": 0,
               "time": "2022-07-13T14:14:09Z"
           },
           "name": "PodcastsAuthAgent",
           "size": 0,
           "architecture": " ",
           "description": "com.apple.podcasts.PodcastsAuthAgent",
           "source": "utilities",
           "location": "/System/Library/CoreServices/PodcastsAuthAgent.app/Contents/Info.plist",
           "version": "1.0",
           "format": "pkg",
           "agent_id": "002"
       },

@CamiRomero
Copy link
Contributor

CamiRomero commented Jul 5, 2022
edited
Loading

Validate that package vendor information is populated to the manager on 4.3.6

Validate macOS agent retrieve package vendor on Catalina 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/001/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

       ...
      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:00Z"
            },
            "location": "/System/Applications/FindMy.app/Contents/Info.plist",
            "name": "FindMy",
            "version": "1.0",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.findmy",
            "format": "pkg",
            "agent_id": "006"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:14Z"
            },
            "location": "/System/Applications/Dictionary.app/Contents/Info.plist",
            "name": "Dictionary",
            "version": "2.3.0",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.Dictionary",
            "format": "pkg",
            "section": "public.app-category.reference",
            "agent_id": "006"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:04Z"
            },
            "location": "/System/Applications/Utilities/Keychain Access.app/Contents/Info.plist",
            "name": "Keychain Access",
            "version": "10.5",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.keychainaccess",
            "format": "pkg",
            "section": "public.app-category.utilities",
            "agent_id": "006"
        },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:04Z"
            },
            "location": "/System/Library/CoreServices/RegisterPluginIMApp.app/Contents/Info.plist",
            "name": "RegisterPluginIM",
            "version": "20",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.pluginIM.pluginIMRegistrator",
            "format": "pkg",
            "agent_id": "006"
        },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:06Z"
            },
            "location": "/System/Applications/Utilities/Boot Camp Assistant.app/Contents/Info.plist",
            "name": "Boot Camp Assistant",
            "version": "6.1.0",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.bootcampassistant",
            "format": "pkg",
            "section": "public.app-category.utilities",
            "agent_id": "006"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:07Z"
            },
            "location": "/Applications/Packages.app/Contents/Info.plist",
            "name": "Packages",
            "version": "1.2.7",
            "vendor": "whitebox",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "fr.whitebox.Packages",
            "format": "pkg",
            "section": "public.app-category.developer-tools",
            "agent_id": "006"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:21:07Z"
            },
            "location": "/usr/local/Cellar",
            "name": "jq",
            "version": "1.6",
            "vendor": " ",
            "size": 0,
            "source": "homebrew",
            "architecture": " ",
            "description": "Lightweight and flexible command-line JSON processor",
            "format": "pkg",
            "agent_id": "006"
        },
Validate macOS agent retrieve package vendor on Big Sur 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/001/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

       ...
       {
          "scan": {
              "id": 0,
              "time": "2021-11-24T01:41:17Z"
          },
          "architecture": " ",
          "vendor": "apple",
          "size": 0,
          "format": "pkg",
          "section": "public.app-category.productivity",
          "version": "14.0",
          "description": "com.apple.mail",
          "source": "utilities",
          "location": "/System/Applications/Mail.app/Contents/Info.plist",
          "name": "Mail",
          "agent_id": "001"
      },
      {
              "scan":{
                "id":0,
                "time":"2021-11-24T14:49:11Z"
              },
              "name":"Dictionary",
              "source":"utilities",
              "section":"public.app-category.reference",
              "version":"2.2.1",
              "architecture":" ",
              "vendor":"apple",
              "location":"/Applications/Dictionary.app/Contents/Info.plist",
              "format":"pkg",
              "description":"com.apple.Dictionary",
              "size":0,
              "agent_id":"001"
            },
     {
            "scan":{
              "id":0,
              "time":"2021-11-24T14:49:11Z"
            },
            "name":"Script Editor",
            "source":"utilities",
            "section":"public.app-category.utilities",
            "version":"2.9",
            "architecture":" ",
            "vendor":"apple",
            "location":"/Applications/Utilities/Script Editor.app/Contents/Info.plist",
            "format":"pkg",
            "description":"com.apple.ScriptEditor2",
            "size":0,
            "agent_id":"001"
          },
      {
              "scan":{
                "id":0,
                "time":"2021-11-24T14:49:12Z"
              },
              "name":"Stocks",
              "source":"utilities",
              "section":"public.app-category.finance",
              "version":"1.0",
              "architecture":" ",
              "vendor":"apple",
              "location":"/System/Library/CoreServices/Stocks.app/Contents/Info.plist",
              "format":"pkg",
              "description":"com.apple.stocks",
              "size":0,
              "agent_id":"001"
            },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-08T17:44:11Z"
            },
            "vendor": "apple",
            "source": "utilities",
            "name": "Grapher",
            "location": "/System/Applications/Utilities/Grapher.app/Contents/Info.plist",
            "size": 0,
            "architecture": " ",
            "description": "com.apple.grapher",
            "format": "pkg",
            "version": "2.7",
            "section": "public.app-category.education",
            "agent_id": "001"
        },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:35:23Z"
            },
            "vendor": "whitebox",
            "location": "/Applications/Packages.app/Contents/Info.plist",
            "description": "fr.whitebox.Packages",
            "section": "public.app-category.developer-tools",
            "version": "1.2.9",
            "architecture": " ",
            "name": "Packages",
            "format": "pkg",
            "size": 0,
            "source": "utilities",
            "agent_id": "007"
        },
      {
          "scan": {
              "id": 0,
              "time": "2021-11-24T01:41:25Z"
          },
          "architecture": " ",
          "vendor": " ",
          "size": 0,
          "format": "pkg",
          "version": "2.33.0",
          "description": "Distributed revision control system",
          "source": "homebrew",
          "location": "/usr/local/Cellar",
          "name": "git",
          "agent_id": "001"
      },
Validate macOS agent retrieve package vendor on Monterey 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/001/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

       ...
       {
            "scan": {
                "id": 0,
                "time": "2022-07-13T15:39:19Z"
            },
            "location": "/System/Applications/Home.app/Contents/Info.plist",
            "name": "Home",
            "version": "6.0",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.Home",
            "format": "pkg",
            "agent_id": "004"
        },
      {
              "scan":{
                "id":0,
                "time":"2021-11-24T14:49:11Z"
              },
              {
            "scan": {
                "id": 0,
                "time": "2022-07-13T15:39:25Z"
            },
            "location": "/Applications/Utilities/Feedback Assistant.app/Contents/Info.plist",
            "name": "Feedback Assistant",
            "version": "5.1",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.appleseed.FeedbackAssistant",
            "format": "pkg",
            "agent_id": "004"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T15:39:28Z"
            },
            "location": "/System/Applications/Utilities/Digital Color Meter.app/Contents/Info.plist",
            "name": "Digital Color Meter",
            "version": "5.22",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.DigitalColorMeter",
            "format": "pkg",
            "section": "public.app-category.productivity",
            "agent_id": "004"
        },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T15:39:28Z"
            },
            "location": "/System/Library/CoreServices/VoiceOver.app/Contents/Info.plist",
            "name": "VoiceOver",
            "version": "10",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.VoiceOver",
            "format": "pkg",
            "agent_id": "004"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T15:39:28Z"
            },
            "location": "/System/Applications/Utilities/Digital Color Meter.app/Contents/Info.plist",
            "name": "Digital Color Meter",
            "version": "5.22",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.DigitalColorMeter",
            "format": "pkg",
            "section": "public.app-category.productivity",
            "agent_id": "004"
        },
    {
            "scan": {
                "id": 0,
                "time": "2022-07-13T16:42:24Z"
            },
            "location": "/Applications/Packages.app/Contents/Info.plist",
            "description": "fr.whitebox.Packages",
            "section": "public.app-category.developer-tools",
            "version": "1.2.9",
	 "vendor": "whitebox",
            "architecture": " ",
            "name": "Packages",
            "format": "pkg",
            "size": 0,
            "source": "utilities",
            "agent_id": "008"
        },

      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T15:39:30Z"
            },
            "location": "/usr/local/Cellar",
            "name": "libtool",
            "version": "2.4.6",
            "vendor": " ",
            "size": 0,
            "source": "homebrew",
            "architecture": " ",
            "description": "Generic library support script",
            "format": "pkg",
            "agent_id": "004"
        },

@CamiRomero
Copy link
Contributor

CamiRomero commented Jul 5, 2022
edited
Loading

Validate that package vendor information is populated to the manager when Wazuh is upgrade

Validate macOS agent retrieve package vendor on Catalina 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Check version of Wazuh:

    Manager:

        /var/ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.5"
    WAZUH_REVISION="40317"
    WAZUH_TYPE="server"

    Agent:

        sh-3.2# /Library/Ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.5"
    WAZUH_REVISION="40317"
    WAZUH_TYPE="agent"

  4. Downloaded Wazuh manager 4.3.6

    Manager:

    curl -LO https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm

    Agent:

    curl -LO https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/macos/wazuh-agent-4.3.6-0.commit3dc1b31.pkg -k

  5. Upgrade Wazuh:

    Manager:

        yum upgrade wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm

    Agent:

        installer -pkg wazuh-agent-4.3.6-0.commit3dc1b31.pkg -target /

  6. Check version of Wazuh:

    Manager:

        /var/ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.6"
    WAZUH_REVISION="40318"
    WAZUH_TYPE="server"

    Agent:

        /Library/Ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.6"
    WAZUH_REVISION="40318"
    WAZUH_TYPE="agent"

  7. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/001/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

           ...
        {
            "scan": {
                "id": 0,
                "time": "2022-07-13T14:47:49Z"
            },
            "location": "/System/Applications/Home.app/Contents/Info.plist",
            "name": "Home",
            "version": "4.0",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.Home",
            "format": "pkg",
            "agent_id": "003"
        },
    {
            "scan": {
                "id": 0,
                "time": "2022-07-13T14:48:06Z"
            },
            "location": "/Applications/Safari.app/Contents/Info.plist",
            "name": "Safari",
            "version": "13.0.3",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.Safari",
            "format": "pkg",
            "section": "public.app-category.productivity",
            "agent_id": "003"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T14:48:07Z"
            },
            "location": "/System/Applications/Utilities/Screenshot.app/Contents/Info.plist",
            "name": "Screenshot",
            "version": "1.0",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.screenshot.launcher",
            "format": "pkg",
            "section": "public.app-category.utilities",
            "agent_id": "003"
        },
     {
            "scan": {
                "id": 0,
                "time": "2022-07-13T14:48:08Z"
            },
            "location": "/System/Library/CoreServices/AppleFileServer.app/Contents/Info.plist",
            "name": "AppleFileServer",
            "version": "2.1",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.AppleFileServer",
            "format": "pkg",
            "agent_id": "003"
        },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-13T14:47:56Z"
            },
            "location": "/System/Applications/Utilities/VoiceOver Utility.app/Contents/Info.plist",
            "name": "VoiceOver Utility",
            "version": "10",
            "vendor": "apple",
            "size": 0,
            "source": "utilities",
            "architecture": " ",
            "description": "com.apple.VoiceOverUtility",
            "format": "pkg",
            "section": "public.app-category.utilities",
            "agent_id": "003"
        },
        {
            "scan": {
                "id": 0,
                "time": "2022-07-13T14:47:56Z"
            },
            "location": "/usr/local/Cellar",
            "name": "oniguruma",
            "version": "6.9.4",
            "vendor": " ",
            "size": 0,
            "source": "homebrew",
            "architecture": " ",
            "description": "Regular expressions library",
            "format": "pkg",
            "agent_id": "003"
        },
Validate macOS agent retrieve package vendor on Big Sur 🟢

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Check version of Wazuh:

    Manager:

        /var/ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.5"
    WAZUH_REVISION="40317"
    WAZUH_TYPE="server"

    Agent:

        sh-3.2# /Library/Ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.5"
    WAZUH_REVISION="40317"
    WAZUH_TYPE="agent"

  4. Downloaded Wazuh manager 4.3.6

    Manager:

    curl -LO https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm

    Agent:

    curl -LO https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/macos/wazuh-agent-4.3.6-0.commit3dc1b31.pkg -k

  5. Upgrade Wazuh:

    Manager:

        yum upgrade wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm

    Agent:

        installer -pkg wazuh-agent-4.3.6-0.commit3dc1b31.pkg -target /

  6. Check version of Wazuh:

    Manager:

        /var/ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.6"
    WAZUH_REVISION="40318"
    WAZUH_TYPE="server"

    Agent:

        /Library/Ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.6"
    WAZUH_REVISION="40318"
    WAZUH_TYPE="agent"
    1. Get agent packages

  7. Get agent packages

    curl --location --request GET 'https://HOST_IP:55000/syscollector/001/packages' \
--header 'Authorization: Bearer TOKEN'

    Output:

           ...
        {
            "scan": {
                "id": 0,
                "time": "2021-11-24T01:36:09Z"
            },
            "format": "pkg",
            "version": "14.0",
            "name": "Mail",
            "size": 0,
            "architecture": " ",
            "location": "/System/Applications/Mail.app/Contents/Info.plist",
            "vendor": "apple",
            "section": "public.app-category.productivity",
            "description": "com.apple.mail",
            "source": "utilities",
            "agent_id": "001"
        },
    {
              "scan":{
                "id":0,
                "time":"2021-11-24T14:49:11Z"
              },
              "name":"Dictionary",
              "source":"utilities",
              "section":"public.app-category.reference",
              "version":"2.2.1",
              "architecture":" ",
              "vendor":"apple",
              "location":"/Applications/Dictionary.app/Contents/Info.plist",
              "format":"pkg",
              "description":"com.apple.Dictionary",
              "size":0,
              "agent_id":"001"
            },
     {
            "scan":{
              "id":0,
              "time":"2021-11-24T14:49:11Z"
            },
            "name":"Script Editor",
            "source":"utilities",
            "section":"public.app-category.utilities",
            "version":"2.9",
            "architecture":" ",
            "vendor":"apple",
            "location":"/Applications/Utilities/Script Editor.app/Contents/Info.plist",
            "format":"pkg",
            "description":"com.apple.ScriptEditor2",
            "size":0,
            "agent_id":"001"
          },
      {
              "scan":{
                "id":0,
                "time":"2021-11-24T14:49:12Z"
              },
              "name":"Stocks",
              "source":"utilities",
              "section":"public.app-category.finance",
              "version":"1.0",
              "architecture":" ",
              "vendor":"apple",
              "location":"/System/Library/CoreServices/Stocks.app/Contents/Info.plist",
              "format":"pkg",
              "description":"com.apple.stocks",
              "size":0,
              "agent_id":"001"
            },
      {
            "scan": {
                "id": 0,
                "time": "2022-07-08T17:44:11Z"
            },
            "vendor": "apple",
            "source": "utilities",
            "name": "Grapher",
            "location": "/System/Applications/Utilities/Grapher.app/Contents/Info.plist",
            "size": 0,
            "architecture": " ",
            "description": "com.apple.grapher",
            "format": "pkg",
            "version": "2.7",
            "section": "public.app-category.education",
            "agent_id": "001"
        },
        {
            "scan": {
                "id": 0,
                "time": "2021-11-24T01:36:15Z"
            },
            "format": "pkg",
            "version": "2.33.0",
            "name": "git",
            "size": 0,
            "architecture": " ",
            "location": "/usr/local/Cellar",
            "vendor": " ",
            "description": "Distributed revision control system",
            "source": "homebrew",
            "agent_id": "001"
        },
Validate macOS agent retrieve package vendor on Monterey ⚫ (Blocked)

  1. Setup manager and agent.

  2. Start agent and wait for syscollector to collect packages.

  3. Check version of Wazuh:

    Manager:

        /var/ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.5"
    WAZUH_REVISION="40317"
    WAZUH_TYPE="server"

    Agent:

        sh-3.2# /Library/Ossec/bin/wazuh-control info
    WAZUH_VERSION="v4.3.5"
    WAZUH_REVISION="40317"
    WAZUH_TYPE="agent"

  4. Downloaded Wazuh manager 4.3.6

    Manager:

    curl -LO https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm

    Agent:

    curl -LO https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/macos/wazuh-agent-4.3.6-0.commit3dc1b31.pkg -k

  5. Upgrade Wazuh:

    Manager:

        yum upgrade wazuh-manager-4.3.6-0.commit3dc1b31.x86_64.rpm

    Agent:

        installer -pkg wazuh-agent-4.3.6-0.commit3dc1b31.pkg -target /

    Output:

    installer: Package name is Wazuh Agent
installer: Upgrading at base path /

Note: The process never ends on macOS Monterey. The same behavior occurs when upgrading from 4.3.4 to 4.3.5.
The fault is related to the box. It will be investigated in another issue.

@jnasselle
Copy link
Member Author

Hi @CamiRomero ,

A few comments:

  • The last commit wazuh/wazuh@9ea4d5a includes UT and does not change functional aspects of this PRs. Your test execution results are still valid.
  • Current implementation for pkgs info retrieving is
    • The next directories are scanned
      • /Applications
      • /Applications/Utilities
      • /System/Applications
      • /System/Applications/Utilities
      • /System/Library/CoreServices
    • For example, the next cmdline retrieve the raw content where vendor information is retrieved: find /Applications/*/Contents/Info.plist -exec grep "CFBundleIdentifier" -A1 {} \;
  • Package fields count may vary according to OS and available information.

@jmv74211
Copy link
Contributor

🟢 Everything seems to be working properly

@jmv74211 jmv74211 mentioned this issue Jul 14, 2022
Merged
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CamiRomero CamiRomero

Labels
dev-testing manual-testing
Projects
None yet
Milestone
Core PRs approval - 4.3.6
Development

No branches or pull requests
4 participants
@jnasselle @damarisg @jmv74211 @CamiRomero