Design validation in the Wazuh agent uninstallation process

[jotacarma90]

Parent issue:

• https://github.com/wazuh/wazuh/issues/23466

Description

We want to add a validation step during the uninstallation of the Wazuh-agent package. To do so, we want to analyze the available options to work on the package specs part.

In the parent issue, we will be offered the necessary certificates to make a request to the manager to verify if we have the validation. Only in that case we must continue with the uninstallation process.

To do this, we must decide where we will execute the requirements.

The validation process will be configured in the ossec.conf (or through centralized configuration), with a block of these characteristics:

  <anti_tampering>
    <package_uninstallation>yes</package_uninstallation>
  </anti_tampering>

[jotacarma90]

Analysis

After the initial analysis, the options contemplated are:

• Add the necessary code in the SPECS (rpm) or install prerm script (deb).

  • Using CURL to make the request to the manager API and get the validation. Evaluate if we should use the CURL of the system or rethink it as a dependency.
  • To do this we must first get the configuration block shown above, one option is to make another request to the API to get the config.
  • After that we must create a conditional according to the content of the validation.

• The other option tries to include all this flow in the own code of the agent, accessing to the configuration in a normal way, making the request and generating a variable or flag with the validation. At this point we must consider ways of communicating this variable to the uninstallation scripts of the packages.