Open rauldpm opened 1 month ago
I was able to replicate the problem on a Solaris 11:
root@solaris11:/export/home/vagrant# pkg uninstall wazuh-agent
Packages to remove: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
PHASE ITEMS
Removing old actions 233/233
Updating package state database Done
Updating package cache 1/1
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
The following unexpected or editable files and directories were
salvaged while executing the requested package operation; they
have been moved to the displayed location in the image:
ar/ossec/etc/ossec.conf -> /var/pkg/lost+found/var/ossec/etc/ossec.conf-20240723T184935Z
ar/ossec/ruleset/sca -> /var/pkg/lost+found/var/ossec/ruleset/sca-20240723T184935Z
ar/ossec/queue/syscollector/db -> /var/pkg/lost+found/var/ossec/queue/syscollector/db-20240723T184935Z
ar/ossec/queue/sockets -> /var/pkg/lost+found/var/ossec/queue/sockets-20240723T184935Z
ar/ossec/queue/logcollector -> /var/pkg/lost+found/var/ossec/queue/logcollector-20240723T184935Z
ar/ossec/queue/fim/db -> /var/pkg/lost+found/var/ossec/queue/fim/db-20240723T184935Z
ar/ossec/queue/alerts -> /var/pkg/lost+found/var/ossec/queue/alerts-20240723T184935Z
root@solaris11:/export/home/vagrant# grep wazuh /etc/group
wazuh::13:
root@solaris11:/export/home/vagrant# grep wazuh /etc/passwd | wc -l
0
root@solaris11:/export/home/vagrant# groupdel wazuh
root@solaris11:/export/home/vagrant# groupdel wazuh
UX: groupdel: ERROR: wazuh does not exist.
The problem may be a privilege issue when deleting the wazuh
group, as I show in the following outputs, if you are not using an admin
user:
vagrant@solaris11:~$ sudo pkg uninstall wazuh-agent
Packages to remove: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
PHASE ITEMS
Removing old actions 233/233
Updating package state database Done
Updating package cache 1/1
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
The following unexpected or editable files and directories were
salvaged while executing the requested package operation; they
have been moved to the displayed location in the image:
ar/ossec/ruleset/sca -> /var/pkg/lost+found/var/ossec/ruleset/sca-20240723T190002Z
vagrant@solaris11:~$ grep wazuh /etc/group
wazuh::13:
vagrant@solaris11:~$ groupdel wazuh
UX: groupdel: ERROR: Permission denied.
vagrant@solaris11:~$ sudo groupdel wazuh
In this case, the bug seems to be found from 4.3
with the following PR:
However, this has nothing to do with the Solaris version 11.4
that they indicate. It is therefore not 100% certain that this is the problem.
On the other hand, looking for the reason they indicate a version 11.4
or higher, I have not found any reason for it, as the commit where it was introduced does not contain any relevant information:
11.4
or higher is indicated.Thanks, @MarcelKemp.
Let's add this issue to the backlog as a medium-impact bug, since it dates back to previous versions.
Description
The v4.9.0-alpha3 dev documentation states the following note when uninstalling the Solaris 11 package
But when I removed the package in a Solaris 11.3 system, the wazuh group still exists
We need to determine if the package is not removing the group or if we need to change the documentation
Related