Check OS release
```
sh-3.2# uname -a
Darwin ip-172-31-47-7.ec2.internal 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64 x86_64
```
:green_circle: Install without ENV variables
- Download package
```
# curl -OL https://packages-dev.wazuh.com/pre-release/macos/wazuh-agent-4.7.2-1.intel64.pkg
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5604k 100 5604k 0 0 5868k 0 --:--:-- --:--:-- --:--:-- 5912k
```
```
# installer -pkg wazuh-agent-4.7.2-1.intel64.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
# nano /Library/Ossec/etc/ossec.conf
sh-3.2# /Library/Ossec/bin/wazuh-control start
Starting Wazuh v4.7.2...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
sh-3.2# /Library/Ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.2"
WAZUH_REVISION="40710"
WAZUH_TYPE="agent"
```
- Check on manager
```
# /var/ossec/bin/agent_control -i 008
Wazuh agent_control. Agent information:
Agent ID: 008
Agent Name: ip-172-31-47-7.ec2.internal
IP address: any
Status: Active
Operating system: Darwin |ip-172-31-47-7.ec2.internal |23.1.0 |Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64 |x86_64
Client version: Wazuh v4.7.2
Configuration hash: ab73af41699f13fdd81903b5f23d8d00
Shared file hash: 4a8724b20dee0124ff9656783c490c4e
Last keep alive: 1703606441
Syscheck last started at: Tue Dec 26 15:59:32 2023
Syscheck last ended at: Tue Dec 26 15:59:46 2023
```
:green_circle: Installation with env variables
```
sh-3.2# echo "WAZUH_MANAGER='x.xx.xx.xxx'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.7.2-1.intel4.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
sh-3.2# /Library/Ossec/bin/wazuh-control start
Starting Wazuh v4.7.2...
wazuh-execd already running...
wazuh-agentd already running...
wazuh-syscheckd already running...
wazuh-logcollector already running...
wazuh-modulesd already running...
Completed.
sh-3.2# /Library/Ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.2"
WAZUH_REVISION="40710"
WAZUH_TYPE="agent"
```
- Check on manager
```
# /var/ossec/bin/agent_control -i 009
Wazuh agent_control. Agent information:
Agent ID: 009
Agent Name: ip-172-31-47-7.ec2.internal
IP address: any
Status: Active
Operating system: Darwin |ip-172-31-47-7.ec2.internal |23.1.0 |Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64 |x86_64
Client version: Wazuh v4.7.2
Configuration hash: ab73af41699f13fdd81903b5f23d8d00
Shared file hash: 4a8724b20dee0124ff9656783c490c4e
Last keep alive: 1703606615
Syscheck last started at: Tue Dec 26 16:03:25 2023
Syscheck last ended at: Tue Dec 26 16:03:28 2023
```
:green_circle: TCP
```
# cat /Library/Ossec/logs/ossec.log | grep tcp
2023/12/26 16:03:25 wazuh-agentd: INFO: Trying to connect to server ([172.31.39.143]:1514/tcp).
2023/12/26 16:03:25 wazuh-agentd: INFO: (4102): Connected to the server ([172.31.39.143]:1514/tcp).
```
:green_circle: UDP
```
sh-3.2# cat /Library/Ossec/logs/ossec.log | grep udp
2023/12/26 14:06:30 wazuh-agentd: INFO: Trying to connect to server ([172.31.39.143]:1514/udp).
2023/12/26 14:06::30 wazuh-agentd: INFO: (4102): Connected to the server ([172.31.39.143]:1514/udp).
```
:green_circle: Alerts
```
{"timestamp":"2023-12-26T16:03:43.487+0000","rule":{"level":7,"description":"CIS_Apple_macOS_14.0_Sonoma_Benchmark_v1.0.0: Ensure XProtect Is Running and Updated.","id":"19007","firedtimes":34,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"],"cis":["5.10"],"cis_csc_v8":["10.1","10.2","10.5"],"cis_csc_v7":["8.2","8.4"],"hipaa":["164.308(a)(5)(ii)(B)"],"iso_27001-2013":["A.12.2.1"],"nist_sp_800-53":["SI-16"],"soc_2":["CC6.8"]},"agent":{"id":"009","name":"ip-172-31-47-7.ec2.internal","ip":"172.31.47.7"},"manager":{"name":"ip-172-31-39-143.ec2.internal"},"id":"1703606623.3200766","decoder":{"name":"sca"},"data":{"sca":{"type":"check","scan_id":"333055033","policy":"CIS_Apple_macOS_14.0_Sonoma_Benchmark_v1.0.0","check":{"id":"34060","title":"Ensure XProtect Is Running and Updated.","description":"XProtect is Apple's native signature-based antivirus technology. XProtect both finds and blocks the execution of known malware. There are many AV and Endpoint Threat Detection and Response (ETDR) tools available for Mac OS. The native Apple provisioned tool looks for specific known malware is completely integrated into the OS. No matter what other tools are being used XProtect should have the latest signatures available.","rationale":"Apple creates signatures for known malware that actually effects Macs and that knowledge should be leveraged.","remediation":"Terminal Method: Run the following command to enable and update XProtect: $ sudo /bin/launchctl load -w /Library/Apple/System/Library/LaunchDaemons/com.apple.XProtect.daemon.scan.pl ist $ sudo /bin/launchctl load -w /Library/Apple/System/Library/LaunchDaemons/com.apple.XprotectFramework.Plugi nService.plist $ sudo /usr/sbin/softwareupdate -l --background-critical softwareupdate[97180]: Triggering a background check with forced scan (critical and config-data updates only) ... Note: Xprotect can only be enabled/disabled if SIP (System Integrity Protection) is disabled. If Xprotect is disabled, the system might be compromised and needs to be investigated.","compliance":{"cis":"5.10","cis_csc_v8":"10.1,10.2,10.5","cis_csc_v7":"8.2,8.4","cmmc_v2":{"0":"SI.L1-3.14.2,SI.L1-3.14.4"},"hipaa":"164.308(a)(5)(ii)(B)","iso_27001-2013":"A.12.2.1","nist_sp_800-53":"SI-16","pci_dss_v3":{"2":{"1":"1.4,11.4,5.1,5.1.1,5.2"}},"pci_dss_v4":{"0":"5.1.1,5.2.1,5.2.2,5.3.1,5.3.2"},"soc_2":"CC6.8"},"references":"https://eclecticlight.co/2021/10/27/silently-updated-security-data-files-in-monterey/,https://eclecticlight.co/2020/12/14/silently-updated-security-data-files-in-big-sur/,https://eclecticlight.co/2019/10/17/security-data-files-how-theyve-changed-in-catalina/,https://eclecticlight.co/2022/05/12/apple-has-pushed-an-update-to-xprotect-21/,https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web,https://eclecticlight.co/2023/06/12/malware-detection-and-remediation-by-xprotect-remediator/","command":["sh -c \"launchctl list | grep -c com.apple.XProtect.daemon.scan\""],"result":"failed"}}},"location":"sca"}
{"timestamp":"2023-12-26T16:03:50.518+0000","rule":{"level":7,"description":"SCA summary: CIS_Apple_macOS_14.0_Sonoma_Benchmark_v1.0.0: Score less than 50% (42)","id":"19004","firedtimes":1,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"009","name":"ip-172-31-47-7.ec2.internal","ip":"172.31.47.7"},"manager":{"name":"ip-172-31-39-143.ec2.internal"},"id":"1703606630.3206177","decoder":{"name":"sca"},"data":{"sca":{"type":"summary","scan_id":"333055033","policy":"CIS_Apple_macOS_14.0_Sonoma_Benchmark_v1.0.0","description":"This document provides prescriptive guidance for establishing a secure configuration posture for MacOS 14 Sonoma systems.","policy_id":"cis_macOS_14.0_Sonoma.yml","passed":"25","failed":"34","invalid":"2","total_checks":"61","score":"42","file":"cis_macOS_14.0_Sonoma.yml"}},"location":"sca"}
```
:green_circle: Logs
```
# cat /Library/Ossec/logs/ossec.log | grep -iE "Error|\Warning\|Critical"
# cat /Library/Ossec/logs/ossec.log | grep -iE "Error|\Warning\|Critical" | wc -l
0
```
:green_circle: User and group
```
# ls -lh /Library/Ossec/
total 0
drwxrwx--- 2 root wazuh 64B Dec 22 13:24 .ssh
drwxr-x--- 3 root wazuh 96B Dec 22 13:24 active-response
drwxr-x--- 14 root wazuh 448B Dec 22 13:24 agentless
drwxr-x--- 10 root wheel 320B Dec 22 13:24 bin
drwxrwx--- 9 wazuh wazuh 288B Dec 26 16:02 etc
drwxr-x--- 9 root wheel 288B Dec 22 13:24 lib
drwxr-x--- 6 wazuh wazuh 192B Dec 22 13:24 logs
drwxr-x--- 9 root wazuh 288B Dec 22 13:24 queue
drwxr-x--- 3 root wazuh 96B Dec 22 13:24 ruleset
drwxr-x--T 2 root wazuh 64B Dec 26 16:02 tmp
drwxrwx--- 7 root wazuh 224B Dec 26 16:03 var
drwxr-x--- 8 root wazuh 256B Dec 22 13:24 wodles
```
:green_circle: Removal
```
sh-3.2# /Library/Ossec/bin/wazuh-control stop
Killing wazuh-modulesd...
Killing wazuh-logcollector...
Killing wazuh-syscheckd...
Killing wazuh-agentd...
Killing wazuh-execd...
Wazuh v4.7.2 Stopped
sh-3.2# /bin/rm -r /Library/Ossec
sh-3.2# /bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -rf /Library/StartupItems/WAZUH
sh-3.2# /usr/bin/dscl . -delete "/Users/wazuh"
sh-3.2# /usr/bin/dscl . -delete "/Groups/wazuh"
sh-3.2# /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent
Forgot package 'com.wazuh.pkg.wazuh-agent' on '/'.
```
:green_circle: Installing arm64 Package fails
```
sh-3.2# curl -OL https://packages-dev.wazuh.com/pre-release/macos/wazuh-agent-4.7.2-1.arm64.pkg
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6009k 100 6009k 0 0 13.6M 0 --:--:-- --:--:-- --:--:-- 14.0M
sh-3.2# installer -pkg wazuh-agent-4.7.2-1.arm64.pkg -target /
installer: Error - Wazuh Agent can’t be installed on this computer.
```
Check system information
```shellsession
sh-3.2# uname -a
Darwin macos-1201 21.6.0 Darwin Kernel Version 21.6.0: Wed Oct 4 23:55:28 PDT 2023; root:xnu-8020.240.18.704.15~1/RELEASE_X86_64 x86_64
```
Install without ENV variables :green_circle:
- Download & Install agent
```shellsession
sh-3.2# curl -sO https://packages-dev.wazuh.com/pre-release/macos/wazuh-agent-4.7.2-1.intel64.pkg
```
```shellsession
sh-3.2# installer -pkg wazuh-agent-4.7.2-1.intel64.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
```
```shellsession
sh-3.2# sudo nano /Library/Ossec/etc/ossec.conf
```
```shellsession
sh-3.2# grep address /Library/Ossec/etc/ossec.conf
xx.xxx.xx.xxx
```
```shellsession
sh-3.2# /Library/Ossec/bin/wazuh-control start
Starting Wazuh v4.7.2...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
```
- Check on manager
```shellsession
[root@wazuh-server wazuh-user]# /var/ossec/bin/agent_control -i 011
Wazuh agent_control. Agent information:
Agent ID: 011
Agent Name: macos-1201
IP address: any
Status: Active
Operating system: Darwin |macos-1201|21.6.0 |Darwin Kernel Version 21.6.0: Wed Oct 4 23:55:28 PDT 2023; root:xnu-8020.240.18.704.15~1/RELEASE_X86_64 |x86_64
Client version: Wazuh v4.7.2
Configuration hash: ab73af41699f13fdd81903b5f23d8d00
Shared file hash: 4a8724b20dee0124ff9656783c490c4e
Last keep alive: 1703756853
Syscheck last started at: Thu Dec 28 09:46:44 2023
Syscheck last ended at: Thu Dec 28 09:46:51 2023
```
Removal :green_circle:
- **Uninstall the Wazuh agent**
```console
sh-3.2# /Library/Ossec/bin/wazuh-control stop
Killing wazuh-modulesd...
Killing wazuh-logcollector...
Killing wazuh-syscheckd...
Killing wazuh-agentd...
Killing wazuh-execd...
Wazuh v4.7.2 Stopped
sh-3.2# /bin/rm -r /Library/Ossec
sh-3.2# /bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -rf /Library/StartupItems/WAZUH
sh-3.2# /usr/bin/dscl . -delete "/Users/wazuh"
sh-3.2# /usr/bin/dscl . -delete "/Groups/wazuh"
sh-3.2# /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent
Forgot package 'com.wazuh.pkg.wazuh-agent' on '/'.
```
- **Remove the agent from the manager**
```shellsession
[root@wazuh-server wazuh-user]# /var/ossec/bin/manage_agents -r 011
****************************************
* Wazuh v4.7.2 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q:
Available agents:
ID: 011, Name: macos-1201, IP: any
Provide the ID of the agent to be removed (or '\q' to quit): 011
Confirm deleting it?(y/n): y
Agent '011' removed.
manage_agents: Exiting.
```
Installation with environment variables :green_circle:
- **Install the agent using environment variables**
```shellsession
sh-3.2# echo "WAZUH_MANAGER='xx.xxx.xx.xxx'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.7.2-1.intel64.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
```
```shellsession
sh-3.2# grep address /Library/Ossec/etc/ossec.conf
x.xx.xx.xxx
```
```shellsession
sh-3.2# /Library/Ossec/bin/wazuh-control start
Starting Wazuh v4.7.2...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
```
- **Check connection on the manager**
```shellsession
[root@wazuh-server wazuh-user]# /var/ossec/bin/agent_control -i 013
Wazuh agent_control. Agent information:
Agent ID: 013
Agent Name: macos-1201
IP address: any
Status: Active
Operating system: Darwin |macos-1201 |21.6.0 |Darwin Kernel Version 21.6.0: Wed Oct 4 23:55:28 PDT 2023; root:xnu-8020.240.18.704.15~1/RELEASE_X86_64 |x86_64
Client version: Wazuh v4.7.2
Configuration hash: ab73af41699f13fdd81903b5f23d8d00
Shared file hash: 4a8724b20dee0124ff9656783c490c4e
Last keep alive: 1703757556
Syscheck last started at: Thu Dec 28 09:58:45 2023
Syscheck last ended at: Thu Dec 28 09:58:47 2023
```
TCP :green_circle:
- **Check that the agent is connected through TCP**
```shellsession
sh-3.2# grep protocol /Library/Ossec/etc/ossec.conf
tcp
```
```shellsession
sh-3.2# grep tcp /Library/Ossec/logs/ossec.log
2023/12/28 09:58:44 wazuh-agentd: INFO: Trying to connect to server ([xx.xxx.xxx.xx]:1514/tcp).
2023/12/28 09:58:45 wazuh-agentd: INFO: (4102): Connected to the server ([xx.xxx.xxx.xx]:1514/tcp).
2023/12/28 09:58:46 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u
```
UDP :green_circle:
- **Change the protocol to UDP on the agent**
```shellsession
sh-3.2# sed -i '' 's/tcp/udp/g' /Library/Ossec/etc/ossec.conf
```
```shellsession
sh-3.2# grep protocol /Library/Ossec/etc/ossec.conf
udp
```
```shellsession
sh-3.2# /Library/Ossec/bin/wazuh-control restart
Killing wazuh-modulesd...
Killing wazuh-logcollector...
Killing wazuh-syscheckd...
Killing wazuh-agentd...
Killing wazuh-execd...
Wazuh v4.7.2 Stopped
Starting Wazuh v4.7.2...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
```
```shellsession
sh-3.2# grep udp /Library/Ossec/logs/ossec.log
2023/12/28 10:03:37 wazuh-agentd: INFO: Trying to connect to server ([xx.xxx.xxx.xx]:1514/udp).
2023/12/28 10:03:37 wazuh-agentd: INFO: (4102): Connected to the server ([xx.xxx.xxx.xx]:1514/udp).
2023/12/28 10:03:39 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -an | awk '{if ((/^(udp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u
```
Alerts :green_circle:
```json
{"timestamp":"2023-12-28T09:58:41.115+0000","rule":{"level":7,"description":"CIS Apple macOS 12.0 Monterey Benchmark v1.1.0: Ensure Login Window Displays as Name and Password Is Enabled.","id":"19007","firedtimes":109,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"],"cis":["6.1.1"],"cis_level":["1"]},"agent":{"id":"013","name":"ip-xxx-xx-xx-xx.ec2.internal"},"manager":{"name":"wazuh-server"},"id":"1703757521.521633","decoder":{"name":"sca"},"data":{"sca":{"type":"check","scan_id":"909501976","policy":"CIS Apple macOS 12.0 Monterey Benchmark v1.1.0","check":{"id":"29058","title":"Ensure Login Window Displays as Name and Password Is Enabled.","description":"The login window prompts a user for his/her credentials, verifies their authorization level and then allows or denies the user access to the system.","rationale":"Prompting the user to enter both their username and password makes it twice as hard for unauthorized users to gain access to the system since they must discover two attributes.","remediation":"Run the following command to enable the login window to display name and password: sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true","compliance":{"cis":"6.1.1","cis_level":"1"},"command":["defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME","sh -c \"profiles -P -o stdout | grep SHOWFULLNAME\""],"result":"failed"}}},"location":"sca"}
{"timestamp":"2023-12-28T09:58:41.127+0000","rule":{"level":3,"description":"CIS Apple macOS 12.0 Monterey Benchmark v1.1.0: Ensure Show Password Hints Is Disabled.","id":"19008","firedtimes":67,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"],"cis":["6.1.2"],"cis_level":["1"]},"agent":{"id":"013","name":"ip-xxx-xx-xx-xx.ec2.internal"},"manager":{"name":"wazuh-server"},"id":"1703757521.524082","decoder":{"name":"sca"},"data":{"sca":{"type":"check","scan_id":"909501976","policy":"CIS Apple macOS 12.0 Monterey Benchmark v1.1.0","check":{"id":"29059","title":"Ensure Show Password Hints Is Disabled.","description":"Password hints are user-created text displayed when an incorrect password is used for an account.","rationale":"Password hints make it easier for unauthorized persons to gain access to systems by providing information to anyone that the user provided to assist in remembering the password. This info could include the password itself or other information that might be readily discerned with basic knowledge of the end user.","remediation":"Run the following command to disable password hints: sudo defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int 0","compliance":{"cis":"6.1.2","cis_level":"1"},"command":["defaults read /Library/Preferences/com.apple.loginwindow RetriesUntilHint"],"result":"passed"}}},"location":"sca"}
{"timestamp":"2023-12-28T09:58:41.139+0000","rule":{"level":3,"description":"CIS Apple macOS 12.0 Monterey Benchmark v1.1.0: Ensure Guest Account Is Disabled.","id":"19008","firedtimes":68,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"],"cis":["6.1.3"],"cis_level":["1"]},"agent":{"id":"013","name":"ip-xxx-xx-xx-xx.ec2.internal"},"manager":{"name":"wazuh-server"},"id":"1703757521.526503","decoder":{"name":"sca"},"data":{"sca":{"type":"check","scan_id":"909501976","policy":"CIS Apple macOS 12.0 Monterey Benchmark v1.1.0","check":{"id":"29060","title":"Ensure Guest Account Is Disabled.","description":"The guest account allows users access to the system without having to create an account or password. Guest users are unable to make setting changes cannot remotely login to the system. All files, caches, and passwords created by the guest user are deleted upon logging out.","rationale":"Disabling the guest account mitigates the risk of an untrusted user doing basic reconnaissance and possibly using privilege escalation attacks to take control of the system.","remediation":"Run the following command to disable the guest account: sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool false","compliance":{"cis":"6.1.3","cis_level":"1"},"command":["defaults read /Library/Preferences/com.apple.loginwindow.plist GuestEnabled"],"result":"passed"}}},"location":"sca"}
```
Logs :green_circle:
```shellsession
sh-3.2# grep -iE "Error|\Warning\|Critical" /Library/Ossec/logs/ossec.log
```
User and group :green_circle:
```shellsession
sh-3.2# ls -lh /Library/Ossec/
total 0
drwxrwx--- 2 root wazuh 64B 22 dic 13:24 .ssh
drwxr-x--- 3 root wazuh 96B 22 dic 13:24 active-response
drwxr-x--- 14 root wazuh 448B 22 dic 13:24 agentless
drwxr-x--- 10 root wheel 320B 22 dic 13:24 bin
drwxrwx--- 9 wazuh wazuh 288B 28 dic 10:02 etc
drwxr-x--- 9 root wheel 288B 22 dic 13:24 lib
drwxr-x--- 6 wazuh wazuh 192B 22 dic 13:24 logs
drwxr-x--- 9 root wazuh 288B 22 dic 13:24 queue
drwxr-x--- 3 root wazuh 96B 22 dic 13:24 ruleset
drwxr-x--T 2 root wazuh 64B 28 dic 09:57 tmp
drwxrwx--- 7 root wazuh 224B 28 dic 10:03 var
drwxr-x--- 8 root wazuh 256B 22 dic 13:24 wodles
```
```shellsession
sh-3.2# dscl . list /Groups | grep "wazuh"
wazuh
```
Installation of an ARM64 package fails :green_circle:
```shellsession
sh-3.2# curl -sO https://packages-dev.wazuh.com/pre-release/macos/wazuh-agent-4.7.2-1.arm64.pkg
sh-3.2# installer -pkg wazuh-agent-4.7.2-1.arm64.pkg -target /
installer: Error - Wazuh Agent can’t be installed on this computer.
```
Packages tests metrics information
Packages used
packages-dev.wazuh.com
pre-release
1
Mac OS Instances request https://github.com/wazuh/internal-devel-requests/issues/623
macOS specific test
Status legend: :black_circle: - Pending/In progress :white_circle: - Skipped :red_circle: - Rejected :yellow_circle: - Ready to review :green_circle: - Approved
Auditor's validation
In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.
Conclusion :green_circle:
No abnormalities were found.