Closed Rolly-M closed 1 week ago
The error was related to the service provider configuration that we made for all Linux operating systems. The Amazon Linux family of operating systems did not have any assigned service provider, which is stored in the ossec_service_provider
variable.
A service provider compatible with all Amazon Linux operating systems was assigned, which is systemd
.
[root@ip-172-31-10-86 ~]# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from ip-172-31-13-33:8140 (172.31.13.33)
Notice: Catalog compiled by ip-172-31-13-33.ec2.internal
Info: Caching catalog for ip-172-31-10-86.ec2.internal
Info: Applying configuration version '1715263210'
Notice: /Stage[main]/Wazuh::Agent/Package[wazuh-agent]/ensure: created (corrective)
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content:
--- /var/ossec/etc/ossec.conf 2024-05-09 14:00:15.090885068 +0000
+++ /tmp/puppet-file20240509-10445-fgha4p 2024-05-09 14:00:42.061070237 +0000
@@ -1,23 +1,22 @@
-<!--
- Wazuh - Agent - Default configuration for amzn 1
- More info at: https://documentation.wazuh.com
- Mailing list: https://groups.google.com/forum/#!forum/wazuh
--->
-
<ossec_config>
<client>
- <server>
- <address>MANAGER_IP</address>
- <port>1514</port>
- <protocol>tcp</protocol>
- </server>
- <config-profile>amzn, amzn1</config-profile>
+ <server>
+ <address>172.31.13.33</address>
+ <protocol>tcp</protocol>
+ <port>1514</port>
+ <max_retries>5</max_retries>
+ <retry_interval>5</retry_interval>
+ </server>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
- <auto_restart>yes</auto_restart>
<crypto_method>aes</crypto_method>
+ <auto_restart>yes</auto_restart>
</client>
+ <logging>
+ <log_format>plain</log_format>
+ </logging>
+
<client_buffer>
<!-- Agent buffer options -->
<disabled>no</disabled>
@@ -25,8 +24,9 @@
<events_per_second>500</events_per_second>
</client_buffer>
- <!-- Policy monitoring -->
- <rootcheck>
+
+
+<rootcheck>
<disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
@@ -35,155 +35,142 @@
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
-
- <!-- Frequency that rootcheck is executed - every 12 hours -->
- <frequency>43200</frequency>
-
- <rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
- <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
-
+ <frequency>36000</frequency>
+ <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+ <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs>
- </rootcheck>
+</rootcheck>
- <wodle name="cis-cat">
+<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
+</wodle>
+<wodle name="cis-cat">
+ <disabled>yes</disabled>
+ <timeout>1800</timeout>
+ <interval>1d</interval>
+ <scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
- </wodle>
+</wodle>
- <!-- Osquery integration -->
- <wodle name="osquery">
+
+<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
+ <bin_path>/usr/bin/osqueryd</bin_path>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
- </wodle>
+</wodle>
- <!-- System inventory -->
- <wodle name="syscollector">
- <disabled>no</disabled>
- <interval>1h</interval>
- <scan_on_start>yes</scan_on_start>
- <hardware>yes</hardware>
- <os>yes</os>
- <network>yes</network>
- <packages>yes</packages>
- <ports all="no">yes</ports>
- <processes>yes</processes>
-
- <!-- Database synchronization settings -->
- <synchronization>
- <max_eps>10</max_eps>
- </synchronization>
- </wodle>
+
+<wodle name="syscollector">
+ <disabled>no</disabled>
+ <interval>1h</interval>
+ <scan_on_start>yes</scan_on_start>
+ <hardware>yes</hardware>
+ <os>yes</os>
+ <network>yes</network>
+ <packages>yes</packages>
+ <ports all="no">yes</ports>
+ <processes>yes</processes>
+</wodle>
- <sca>
+
+<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
+
</sca>
+
+
+<syscheck>
+ <disabled>no</disabled>
+ <frequency>43200</frequency>
+ <scan_on_start>yes</scan_on_start>
+ <process_priority>10</process_priority>
+ <synchronization>
+ <enabled>yes</enabled>
+ <interval>5m</interval>
+ <max_interval>1h</max_interval>
+ <max_eps>10</max_eps>
+ </synchronization>
+
+ <directories check_all="yes" >/etc,/usr/bin,/usr/sbin</directories>
+ <directories check_all="yes" >/bin,/sbin,/boot</directories>
+ <ignore>/etc/mtab</ignore>
+ <ignore>/etc/hosts.deny</ignore>
+ <ignore>/etc/mail/statistics</ignore>
+ <ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
+ <ignore>/etc/adjtime</ignore>
+ <ignore>/etc/httpd/logs</ignore>
+ <ignore>/etc/utmpx</ignore>
+ <ignore>/etc/wtmpx</ignore>
+ <ignore>/etc/cups/certs</ignore>
+ <ignore>/etc/dumpdates</ignore>
+ <ignore>/etc/svc/volatile</ignore>
+ <ignore>/sys/kernel/security</ignore>
+ <ignore>/sys/kernel/debug</ignore>
+ <ignore>/dev/core</ignore>
+ <ignore type="sregex">^/proc</ignore>
+ <ignore type="sregex">.log$|.swp$</ignore>
+ <nodiff>/etc/ssl/private.key</nodiff>
+ <skip_nfs>yes</skip_nfs>
+</syscheck>
- <!-- File integrity monitoring -->
- <syscheck>
- <disabled>no</disabled>
-
- <!-- Frequency that syscheck is executed default every 12 hours -->
- <frequency>43200</frequency>
-
- <scan_on_start>yes</scan_on_start>
- <!-- Directories to check (perform all possible verifications) -->
- <directories>/etc,/usr/bin,/usr/sbin</directories>
- <directories>/bin,/sbin,/boot</directories>
-
- <!-- Files/directories to ignore -->
- <ignore>/etc/mtab</ignore>
- <ignore>/etc/hosts.deny</ignore>
- <ignore>/etc/mail/statistics</ignore>
- <ignore>/etc/random-seed</ignore>
- <ignore>/etc/random.seed</ignore>
- <ignore>/etc/adjtime</ignore>
- <ignore>/etc/httpd/logs</ignore>
- <ignore>/etc/utmpx</ignore>
- <ignore>/etc/wtmpx</ignore>
- <ignore>/etc/cups/certs</ignore>
- <ignore>/etc/dumpdates</ignore>
- <ignore>/etc/svc/volatile</ignore>
- <!-- File types to ignore -->
- <ignore type="sregex">.log$|.swp$</ignore>
- <!-- Check the file, but never compute the diff -->
- <nodiff>/etc/ssl/private.key</nodiff>
- <skip_nfs>yes</skip_nfs>
- <skip_dev>yes</skip_dev>
- <skip_proc>yes</skip_proc>
- <skip_sys>yes</skip_sys>
-
- <!-- Nice value for Syscheck process -->
- <process_priority>10</process_priority>
-
- <!-- Maximum output throughput -->
- <max_eps>50</max_eps>
-
- <!-- Database synchronization settings -->
- <synchronization>
- <enabled>yes</enabled>
- <interval>5m</interval>
- <max_eps>10</max_eps>
- </synchronization>
- </syscheck>
+ <localfile>
+ <log_format>audit</log_format>
+ <location>/var/log/audit/audit.log</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/ossec/logs/active-responses.log</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/messages</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/secure</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/maillog</location>
+ </localfile>
- <!-- Log analysis -->
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
-
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
-
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
- <!-- Active response -->
+
<active-response>
<disabled>no</disabled>
- <ca_store>etc/wpk_root.pem</ca_store>
+ <ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
<ca_verification>yes</ca_verification>
</active-response>
-
- <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
- <logging>
- <log_format>plain</log_format>
- </logging>
-
-</ossec_config>
-
-<ossec_config>
- <localfile>
- <log_format>audit</log_format>
- <location>/var/log/audit/audit.log</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/ossec/logs/active-responses.log</location>
- </localfile>
-
-</ossec_config>
+</ossec_config>
\ No newline at end of file
Info: Computing checksum on file /var/ossec/etc/ossec.conf
Info: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]: Filebucketed /var/ossec/etc/ossec.conf to puppet with sum a9728eb489b7c14f075d1aca5dba3d8c918536e51203d3fbea50a5b491327ad9
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content:
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content: content changed '{sha256}a9728eb489b7c14f075d1aca5dba3d8c918536e51203d3fbea50a5b491327ad9' to '{sha256}6a0cffbae9632a2c9f4901d421829afe31a774b913084bafd4534925c14e55b2' (corrective)
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/mode: mode changed '0660' to '0640' (corrective)
Info: Concat[agent_ossec.conf]: Scheduling refresh of Service[wazuh-agent]
Notice: /Stage[main]/Wazuh::Agent/Exec[agent-auth-linux]/returns: executed successfully (corrective)
Info: /Stage[main]/Wazuh::Agent/Exec[agent-auth-linux]: Scheduling refresh of Service[wazuh-agent]
Notice: /Stage[main]/Wazuh::Agent/Service[wazuh-agent]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[main]/Wazuh::Agent/Service[wazuh-agent]: Unscheduling refresh on Service[wazuh-agent]
Notice: Applied catalog in 38.12 seconds
[root@ip-172-31-10-86 ~]#
[root@ip-172-31-6-176 ~]# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from ip-172-31-13-33:8140 (172.31.13.33)
Notice: Catalog compiled by ip-172-31-13-33.ec2.internal
Info: Caching catalog for ip-172-31-6-176.ec2.internal
Info: Applying configuration version '1715263218'
Notice: /Stage[main]/Wazuh::Agent/Package[wazuh-agent]/ensure: created (corrective)
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content:
--- /var/ossec/etc/ossec.conf 2024-05-09 14:00:24.383478808 +0000
+++ /tmp/puppet-file20240509-3105-1nb946g 2024-05-09 14:00:24.895492838 +0000
@@ -1,23 +1,22 @@
-<!--
- Wazuh - Agent - Default configuration for amzn 2
- More info at: https://documentation.wazuh.com
- Mailing list: https://groups.google.com/forum/#!forum/wazuh
--->
-
<ossec_config>
<client>
- <server>
- <address>MANAGER_IP</address>
- <port>1514</port>
- <protocol>tcp</protocol>
- </server>
- <config-profile>amzn, amzn2</config-profile>
+ <server>
+ <address>172.31.13.33</address>
+ <protocol>tcp</protocol>
+ <port>1514</port>
+ <max_retries>5</max_retries>
+ <retry_interval>5</retry_interval>
+ </server>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
- <auto_restart>yes</auto_restart>
<crypto_method>aes</crypto_method>
+ <auto_restart>yes</auto_restart>
</client>
+ <logging>
+ <log_format>plain</log_format>
+ </logging>
+
<client_buffer>
<!-- Agent buffer options -->
<disabled>no</disabled>
@@ -25,8 +24,9 @@
<events_per_second>500</events_per_second>
</client_buffer>
- <!-- Policy monitoring -->
- <rootcheck>
+
+
+<rootcheck>
<disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
@@ -35,170 +35,142 @@
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
-
- <!-- Frequency that rootcheck is executed - every 12 hours -->
- <frequency>43200</frequency>
-
- <rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
- <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
-
+ <frequency>36000</frequency>
+ <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+ <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs>
- </rootcheck>
+</rootcheck>
- <wodle name="cis-cat">
+<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
+</wodle>
+<wodle name="cis-cat">
+ <disabled>yes</disabled>
+ <timeout>1800</timeout>
+ <interval>1d</interval>
+ <scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
- </wodle>
+</wodle>
+
- <!-- Osquery integration -->
- <wodle name="osquery">
+<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
+ <bin_path>/usr/bin/osqueryd</bin_path>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
- </wodle>
+</wodle>
- <!-- System inventory -->
- <wodle name="syscollector">
- <disabled>no</disabled>
- <interval>1h</interval>
- <scan_on_start>yes</scan_on_start>
- <hardware>yes</hardware>
- <os>yes</os>
- <network>yes</network>
- <packages>yes</packages>
- <ports all="no">yes</ports>
- <processes>yes</processes>
-
- <!-- Database synchronization settings -->
- <synchronization>
- <max_eps>10</max_eps>
- </synchronization>
- </wodle>
+
+<wodle name="syscollector">
+ <disabled>no</disabled>
+ <interval>1h</interval>
+ <scan_on_start>yes</scan_on_start>
+ <hardware>yes</hardware>
+ <os>yes</os>
+ <network>yes</network>
+ <packages>yes</packages>
+ <ports all="no">yes</ports>
+ <processes>yes</processes>
+</wodle>
- <sca>
+
+<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
+
</sca>
+
+
+<syscheck>
+ <disabled>no</disabled>
+ <frequency>43200</frequency>
+ <scan_on_start>yes</scan_on_start>
+ <process_priority>10</process_priority>
+ <synchronization>
+ <enabled>yes</enabled>
+ <interval>5m</interval>
+ <max_interval>1h</max_interval>
+ <max_eps>10</max_eps>
+ </synchronization>
+
+ <directories check_all="yes" >/etc,/usr/bin,/usr/sbin</directories>
+ <directories check_all="yes" >/bin,/sbin,/boot</directories>
+ <ignore>/etc/mtab</ignore>
+ <ignore>/etc/hosts.deny</ignore>
+ <ignore>/etc/mail/statistics</ignore>
+ <ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
+ <ignore>/etc/adjtime</ignore>
+ <ignore>/etc/httpd/logs</ignore>
+ <ignore>/etc/utmpx</ignore>
+ <ignore>/etc/wtmpx</ignore>
+ <ignore>/etc/cups/certs</ignore>
+ <ignore>/etc/dumpdates</ignore>
+ <ignore>/etc/svc/volatile</ignore>
+ <ignore>/sys/kernel/security</ignore>
+ <ignore>/sys/kernel/debug</ignore>
+ <ignore>/dev/core</ignore>
+ <ignore type="sregex">^/proc</ignore>
+ <ignore type="sregex">.log$|.swp$</ignore>
+ <nodiff>/etc/ssl/private.key</nodiff>
+ <skip_nfs>yes</skip_nfs>
+</syscheck>
- <!-- File integrity monitoring -->
- <syscheck>
- <disabled>no</disabled>
-
- <!-- Frequency that syscheck is executed default every 12 hours -->
- <frequency>43200</frequency>
- <scan_on_start>yes</scan_on_start>
- <!-- Directories to check (perform all possible verifications) -->
- <directories>/etc,/usr/bin,/usr/sbin</directories>
- <directories>/bin,/sbin,/boot</directories>
-
- <!-- Files/directories to ignore -->
- <ignore>/etc/mtab</ignore>
- <ignore>/etc/hosts.deny</ignore>
- <ignore>/etc/mail/statistics</ignore>
- <ignore>/etc/random-seed</ignore>
- <ignore>/etc/random.seed</ignore>
- <ignore>/etc/adjtime</ignore>
- <ignore>/etc/httpd/logs</ignore>
- <ignore>/etc/utmpx</ignore>
- <ignore>/etc/wtmpx</ignore>
- <ignore>/etc/cups/certs</ignore>
- <ignore>/etc/dumpdates</ignore>
- <ignore>/etc/svc/volatile</ignore>
- <!-- File types to ignore -->
- <ignore type="sregex">.log$|.swp$</ignore>
- <!-- Check the file, but never compute the diff -->
- <nodiff>/etc/ssl/private.key</nodiff>
-
- <skip_nfs>yes</skip_nfs>
- <skip_dev>yes</skip_dev>
- <skip_proc>yes</skip_proc>
- <skip_sys>yes</skip_sys>
-
- <!-- Nice value for Syscheck process -->
- <process_priority>10</process_priority>
-
- <!-- Maximum output throughput -->
- <max_eps>50</max_eps>
-
- <!-- Database synchronization settings -->
- <synchronization>
- <enabled>yes</enabled>
- <interval>5m</interval>
- <max_eps>10</max_eps>
- </synchronization>
- </syscheck>
+ <localfile>
+ <log_format>audit</log_format>
+ <location>/var/log/audit/audit.log</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/ossec/logs/active-responses.log</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/messages</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/secure</location>
+ </localfile>
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/maillog</location>
+ </localfile>
- <!-- Log analysis -->
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
-
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
-
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
- <!-- Active response -->
+
<active-response>
<disabled>no</disabled>
- <ca_store>etc/wpk_root.pem</ca_store>
+ <ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
<ca_verification>yes</ca_verification>
</active-response>
-
- <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
- <logging>
- <log_format>plain</log_format>
- </logging>
-
-</ossec_config>
-
-<ossec_config>
- <localfile>
- <log_format>audit</log_format>
- <location>/var/log/audit/audit.log</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/ossec/logs/active-responses.log</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/messages</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/secure</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/maillog</location>
- </localfile>
-
-</ossec_config>
+</ossec_config>
\ No newline at end of file
Info: Computing checksum on file /var/ossec/etc/ossec.conf
Info: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]: Filebucketed /var/ossec/etc/ossec.conf to puppet with sum 472c229cd666a5036bc50c818c7428000176220fcde65ff75978a281cf52d29f
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content:
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content: content changed '{sha256}472c229cd666a5036bc50c818c7428000176220fcde65ff75978a281cf52d29f' to '{sha256}6a0cffbae9632a2c9f4901d421829afe31a774b913084bafd4534925c14e55b2' (corrective)
Notice: /Stage[main]/Wazuh::Agent/Concat[agent_ossec.conf]/File[/var/ossec/etc/ossec.conf]/mode: mode changed '0660' to '0640' (corrective)
Info: Concat[agent_ossec.conf]: Scheduling refresh of Service[wazuh-agent]
Notice: /Stage[main]/Wazuh::Agent/Exec[agent-auth-linux]/returns: executed successfully (corrective)
Info: /Stage[main]/Wazuh::Agent/Exec[agent-auth-linux]: Scheduling refresh of Service[wazuh-agent]
Notice: /Stage[main]/Wazuh::Agent/Service[wazuh-agent]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[main]/Wazuh::Agent/Service[wazuh-agent]: Unscheduling refresh on Service[wazuh-agent]
Notice: Applied catalog in 13.33 seconds
[root@ip-172-31-6-176 ~]#
I am working on the E2E UX tests - Deployment with Puppet for Release 4.8.0 - RC 1 and encountering an error. When running the puppet agent to install the wazuh agent, I get the error below.