Closed DProvinciani closed 2 years ago
This bug was fixed in this PR
I did an installation of puppet server on a centos 7 and then trying to configure a windows agent for puppet, I found the following errors (wazuh's documentation on puppet was used):
Error: Could not request certificate: The CSR retrieved from the master does not match the agent's public key
Certificate Verify Failed [unable to get local issuer certificate for CN=puppetmaster.example.com]
Error 500 on SERVER: … Could not find node statement with name 'default'
After many tests I managed to solve these problems, performing the following steps:
Note: for the tests 2 vms were created
Clone wazuh/puppet repository
git clone https://github.com/wazuh/wazuh-puppet.git
git checkout 4.3
Install necessary tools:
sudo rpm -Uvh https://yum.puppet.com/puppet-tools-release-el-7.noarch.rpm
sudo yum install pdk
Install puppet server:
rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
yum -y install puppetserver
Generate symbolic link for puppet:
ln -s /opt/puppetlabs/bin/puppet /bin
Set Memory Allocation if necessary:
nano /etc/sysconfig/puppetserver
Set the memory that is considered in the following parameter: JAVA_ARGS="-Xms1g -Xmx1g"
DNS configuration: Add the DNS in the puppet server configuration:
nano /etc/puppetlabs/puppet/puppet.conf
[main]
dns_alt_names = puppet,vm-puppet-1,vm-puppet-1.example.com
Then configure the DNS in /etc/hosts
nano /etc/hosts
127.0.0.1 puppet vm-puppet-1 vm-puppet-1.example.com
Start puppet server:
systemctl start puppetserver
systemctl enable puppetserver
Then we proceed to generate the package with pdk:
cd <directory where the puppet repository was cloned>
/usr/local/bin/pdk build
[root@vm-puppet-1 wazuh-puppet]# /usr/local/bin/pdk build
pdk (INFO): PDK collects anonymous usage information to help us understand how
it is being used and make decisions on how to improve it. you can
find out more about what data we collect and how it is used in the
PDK documentation at
https://puppet.com/docs/pdk/latest/pdk_install.html.
[Q 1/1] Do you consent to the collection of anonymous PDK usage information?
--> yes
pdk (INFO): You can opt in or out of the usage data collection at any time by
editing the analytics configuration file at
/root/.config/puppet/analytics.yml and changing the 'disabled'
value.
pdk (INFO): Building wazuh-wazuh version 4.3.0
pdk (INFO): Build of wazuh-wazuh has completed successfully. Built package can be found here: /home/vagrant/wazuh-puppet/pkg/wazuh-wazuh-4.3.0.tar.gz
Install puppet modules:
puppet module install <tar path of previous command>
[root@vm-puppet-1 wazuh-puppet]# puppet module install /home/vagrant/wazuh-puppet/pkg/wazuh-wazuh-4.3.0.tar.gz
2022-04-22 13:13:40.519883 WARN puppetlabs.facter - locale environment variables were bad; continuing with LANG=C LC_ALL=C
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└─┬ wazuh-wazuh (v4.3.0)
├── puppet-nodejs (v7.0.1)
├── puppet-selinux (v3.4.1)
├── puppetlabs-apt (v7.7.1)
├─┬ puppetlabs-concat (v6.4.0)
│ └── puppetlabs-translate (v2.2.0)
├── puppetlabs-firewall (v2.8.1)
├─┬ puppetlabs-powershell (v4.1.0)
│ └── puppetlabs-pwshlib (v0.10.1)
└── puppetlabs-stdlib (v6.6.0)
Download agent for windows. Note: wazuh supports puppet agent version 5.1.0, however you can use the latest available version but correct operation is not guaranteed. In this case the latest version was used. see puppet versions
I used the GUI to perform the installation:
Execute the GUI with elevated privileges.
During installation, Puppet asks you for the hostname of your Puppet master server. set: vm-puppet-1.example.com
Once the installer finishes, Puppet will be installed and running.
In case you want to use the command line run with administrator:
msiexec /qn /norestart /i puppet-agent-<VERSION>-x64.msi PUPPET_MASTER_SERVER=vm-puppet-1.example.com /l*v install.txt
Edit the file C:\Windows\System32\drivers\etc\hosts to add the ip of the puppet manager
172.16.1.80 vm-puppet-1.example.com
Restart the Puppet service:
puppet resource service puppet ensure=running enable=true
In the agent execute this command to generate an empty certificate.
puppet agent -t
Then on the puppet server: List the certificates to be able to sign them:
puppet cert list
[root@vm-puppet-1 wazuh-puppet]# puppet cert list
2022-04-22 14:09:47.333961 WARN puppetlabs.facter - locale environment variables were bad; continuing with LANG=C LC_ALL=C
Warning: `puppet cert` is deprecated and will be removed in a future release.
(location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
"vm-puppet-win" (SHA256) 4E:CF:00:CD:3C:A7:DF:9D:46:6F:E7:58:1F:8A:D9:F9:71:6B:F0:0E: 94:67:AB:8E:03:68:DD:4A:D2:A1:9A:47
Sign certificate:
puppet cert sign vm-puppet-win.example.com
[root@vm-puppet-1 wazuh-puppet]# puppet cert sign vm-puppet-win
2022-04-22 14:10:53.598411 WARN puppetlabs.facter - locale environment variables were bad; continuing with LANG=C LC_ALL=C
Warning: `puppet cert` is deprecated and will be removed in a future release.
(location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
Signing Certificate Request for:
"vm-puppet-win" (SHA256) 4E:CF:00:CD:3C:A7:DF:9D:46:6F:E7:58:1F:8A:D9:F9:71:6B:F0:0E: 94:67:AB:8E:03:68:DD:4A:D2:A1:9A:47
Notice: Signed certificate request for vm-puppet-win
Notice: Removing file Puppet::SSL::CertificateRequest vm-puppet-win at '/etc/puppetlabs/puppet/ssl/ca/requests/vm-puppet-win.pem'
Finally again in the windows agent run:
puppet agent -t
C:\Users\Administrator>puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for vm-puppet-win
Info: Applying configuration version '1650637007'
Notice: /Stage[main]/Wazuh::Agent/File[C:\Temp]/ensure: created
Error: /Stage[main]/Wazuh::Agent/File[wazuh-agent]: Could not evaluate: Could not retrieve information from environment production source(s) http://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi
Notice: /Stage[main]/Wazuh::Agent/Package[Wazuh Agent]: Dependency File[wazuh-agent] has failures: true
Warning: /Stage[main]/Wazuh::Agent/Package[Wazuh Agent]: Skipping because of failed dependencies
Warning: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/Concat_file[agent_ossec.conf]: Skipping because of failed dependencies
Warning: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]: Skipping because of failed dependencies
Warning: /Stage[main]/Wazuh::Agent/Exec[agent-auth-windows]: Skipping because of failed dependencies
Warning: /Stage[main]/Wazuh::Agent/Service[WazuhSvc]: Skipping because of failed dependencies
Info: Class[Wazuh::Agent]: Unscheduling all events on Class[Wazuh::Agent]
Notice: Applied catalog in 0.89 seconds
For testing the installation of the agent in windows, the following configuration was generated into server side:
[root@vm-puppet-1 vagrant]# cat /etc/puppetlabs/code/environments/production/manifests/test.pp
node "vm-puppet-win" {
class { "wazuh::agent":
wazuh_register_endpoint => "172.16.1.88",
wazuh_reporting_endpoint => "172.16.1.80"
}
}
Then to download the packages from packages-dev, the following files were edited: Note: to install the agent on windows, it is only necessary to modify the file in point 4.
1- nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp
set: $wazuh_extensions_version = 'v4.3.0',
2- nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/certificates.pp
set: $wazuh_repository = 'packages-dev.wazuh.com'
3- nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/repo.pp
replace: packages.wazuh.com to packages-dev.wazuh.com and 4.x to pre-release
4- for windows agent
nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/params_agent.pp
set: $agent_msi_download_location = 'http://packages-dev.wazuh.com/pre-release/windows'
Then, on the windows agent side, execute the following command to perform the previously configured installation:
puppet agent -t
C:\Users\Administrator>puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: local retrieving
Info: Loading facts
Info: Caching catalog for vm-puppet-win
Info: Applying configuration version '1650638602'
Notice: /Stage[main]/Wazuh::Agent/Package[Wazuh Agent]/ensure: ensure changed '4.3.0' to '4.3.0-1' (corrective)
Notice: Applied catalog in 2.47 seconds
C:\Users\Administrator>
Note: wazuh-manager was previously installed on the same vm as the puppet server for successful registration of de wazuh-agent.
Then listing the agents from the wazuh-manager we have:
[root@vm-puppet-1 vagrant]# /var/ossec/bin/agent_control -l
Wazuh agent_control. List of available agents:
ID: 000, Name: vm-puppet-1 (server), IP: 127.0.0.1, Active/Local
ID: 001, Name: vm-puppet-win, IP: any, Active
List of agentless devices:
[root@vm-puppet-1 vagrant]#
Problem solved thanks to all involved.
Description
After doing some testing of the Wazuh cluster deployment by using Puppet, we identified some issues in the deployment of the Wazuh agent for Windows. Basically, when trying to deploy the agent, we got errors caused by variables defined in the
params_agent.pp
file. These variables were not defined nor used at all in the manifest file for the deployment.The error generated was like this one: