Check Wazuh-Agent compatibility with new version Red Hat Enterprise Linux 9.4

[mjcr99]

Description

Hello team, this issue is to check the full compatibility of Wazuh on the newfound version of Red Hat Enterprise Linux 9.4 operating system.

OSs checks issue: https://github.com/wazuh/wazuh/issues/23311

For this, it is necessary to perform the following tests to check that everything works as expected:

• [x] Agent and server (if possible) installations.
• [x] O.S. reporting in the interface.
• [x] WPK upgrade.
• [x] Enrollment and connectivity with the manager.
• [x] FIM: Real-time and who-data engines (if available).
• [x] SCA: Policy support.
• [x] Vulnerability Detector: Vulnerability support.
• [x] Syscollector: Complete inventory.
• [x] Active Response: port reset agent.
• [x] Log capture.

[mjcr99]

Testing

:green_circle: O.S. reporting in the interface.

O.S. correctly reported


:red_circle: FIM Whodata

Audit is already installed

``` [root@localhost vagrant]# yum install audit Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 0:07:53 ago on Thu 09 May 2024 10:46:00 AM EEST. Package audit-3.1.2-2.el9.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! ``` **It's required to install `audispd-plugins` but it has not been possible due to package not present in repositories and no valid solution has been found.**

Configuration on the agent

``` /home/vagrant ```

Alerts

``` ** Alert 1715240610.21503: - ossec,syscheck,syscheck_entry_added,syscheck_file,pci_dss_11.5,gpg13_4.11,gdpr_II_5.1.f,hipaa_164.312.c.1,hipaa_164.312.c.2,nist_800_53_SI.7,tsc_PI1.4,tsc_PI1.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3, 2024 May 09 10:43:30 localhost->syscheck Rule: 554 (level 5) -> 'File added to the system.' File '/home/vagrant/testfile' added Mode: realtime Attributes: - Size: 0 - Permissions: rw-r--r-- - Date: Thu May 9 10:43:30 2024 - Inode: 282717 - User: root (0) - Group: root (0) - MD5: d41d8cd98f00b204e9800998ecf8427e - SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ```

:green_circle: Upgrade using WPK

``` [root@localhost vagrant]# /var/ossec/bin/agent_control -l Wazuh agent_control. List of available agents: ID: 000, Name: localhost.localdomain (server), IP: 127.0.0.1, Active/Local ID: 001, Name: agent3-ubu22, IP: any, Disconnected ID: 003, Name: agent-rhel9.4, IP: any, Active List of agentless devices: [root@localhost vagrant]# /var/ossec/bin/agent_upgrade -a 003 Upgrading... Upgraded agents: Agent 003 upgraded: Wazuh v4.6.0 -> Wazuh v4.7.4 ```

:green_circle: Syscollector

Inventory from an agent RHEL 9.4


The rest of the checks are shared with manager, can be found here: https://github.com/wazuh/wazuh/issues/23312

[MarcelKemp]

LGTM.