Create agent enrollment assistant

[asteriscos]

Description

We need to create agent enrollment assistant for Wazuh 5.0.

Considerations:

• Use "enrollment" to refer to the agent registration process

Plan

• Port the agent registration assistant from wazuh plugin to another one of 5.0
• Apply the modifications to the guide for the enrollment process of 5.0

To fix

• Create agent enrollment assistant #514 (comment)

[Desvelao]

Plan

We go to port the current agent registration assistant (wazuh/wazuh-dashboard-plugins#4205) from wazuh plugin, that will be removed for 5.0, to another plugin for that version. Then we will adapt the guide for the new enrollment steps.

Some things are not defined, so we could declare some placeholders for now.

Modifications

Edit the guide to provide the enrollment command with this look:

sudo dpkg -i ./wazuh-agent_5.0.0.deb && sudo /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url http://172.31.47.5:55000 --name debian

sudo yum install ./wazuh-agent_5.0.0.rpm && sudo /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url http://172.31.47.5:55000 --name centos

sudo installer -pkg wazuh-agent_5.0.0-0_intel64.pkg -target /
/Library/Application\ Support/Wazuh\ agent.app/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url https://172.31.47.5:55000 --verification-mode none

Additional information about the help command of the wazuh-agent binary:

[root@709dbe158049 /]# /usr/share/wazuh-agent/bin/wazuh-agent --help
Allowed options:
  --help                  Display this help menu
  --run                   Run agent in foreground (this is the default 
                          behavior)
  --status                Check if the agent is running (running or stopped)
  --config-file arg       Path to the Wazuh configuration file (optional)
  --register-agent        Use this option to register as a new agent
  --url arg               URL of the server management API
  --user arg              User to authenticate with the server management API
  --password arg          Password to authenticate with the server management 
                          API
  --key arg               Key to register the agent (optional)
  --name arg              Name to register the agent (optional)
  --verification-mode arg Verification mode to be applied on HTTPS connection 
                          to the server (optional)

[Desvelao]

Port register-agent component

I ported the RegisterAgent component from wazuh plugin to wazuh-fleet and register an application to display the UI:

This will be the base to develop the new guide with some adjustments.

[Desvelao]

Adapt to 5.0

Added

• Added inputs to match with the wazuh-agent cli:
  • Input to manage the username
  • Input to manage the password
  • Input to manage the SSL verification mode
  • Input to manage the key (This key must have 32 alphanumeric characters validation)
• Added new step "Server credentials" to define the username and password

Changed

• Changed the generation of command to install and enroll the agent
• Changed the validation of "Assign a server address" input
• Changed the placeholder of "Assign a server address" input
• Changed the description of "Server address" step to indicate the usage of URL instead of raw IP or FQDN

Removed

• Groups management was removed because the current Wazuh agent enrollment does not support the definition of these.
  • Removed groups form input
  • Removed fetch information about available groups
• Removed fetch information about authentication password provided through the Wazuh server API
• Removed fetch information about protocol provided through the Wazuh server API
• Temporally:
  • The command to download the package were temporally removed because the packages are not publically hosted. A warning message was added to inform about this.

Notes

• I left some help popover that should be adapted in the future when we know the documentation links.

Screenshot

[Desvelao]

Update

• Adapting the unit tests
• Add new tests for additions (inputs, validations)
• Fix code linting problems

[Desvelao]

Update

• Fix prettier and eslint problems
• Research about the command to deploy on Windows

help:

service: Wazuh Agent

I asked to the agent team about information to install the msi package from pocwershell and I got the following response:

https://github.com/wazuh/wazuh-agent/blob/master/BUILD.md in section To install the agent as a windows service
Or check this issue, https://github.com/wazuh/wazuh-agent/issues/534#issuecomment-2616786873

[Desvelao]

Commands

Install command

OS	Command
Linux (.deb amd64)	sudo dpkg -i ./wazuh-agent_<version>.deb
Linux (.deb aarch64)	sudo dpkg -i ./wazuh-agent_<version>.deb
Linux (.rpm amd64)	sudo rpm -ihv wazuh-agent-<version>.rpm
Linux (.rpm aarch64)	sudo rpm -ihv wazuh-agent-<version>.rpm
macOs (Intell/Apple silicon)	sudo installer -pkg ./wazuh-agent.pkg -target /
Windows (32/64 bits)	msiexec.exe /i $env:tmp\\wazuh-agent /q

Register agent

OS	Command
Linux (.deb amd64)	sudo /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>']
Linux (.deb aarch64)	sudo /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>']
Linux (.rpm amd64)	sudo /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>']
Linux (.rpm aarch64)	sudo /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>']
macOs (Intell/Apple silicon)	/Library/Application\\ Support/Wazuh\\ agent.app/bin/wazuh-agent --register-agent --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>']
Windows (32/64 bits)	& 'C:\\Program Files\\wazuh-agent\\wazuh-agent.exe' --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>']

Start

OS	Command
Linux (.deb amd64)	sudo systemctl daemon-reload\nsudo systemctl enable wazuh-agent\nsudo systemctl start wazuh-agent
Linux (.deb aarch64)	sudo systemctl daemon-reload\nsudo systemctl enable wazuh-agent\nsudo systemctl start wazuh-agent
Linux (.rpm amd64)	sudo systemctl daemon-reload\nsudo systemctl enable wazuh-agent\nsudo systemctl start wazuh-agent
Linux (.rpm aarch64)	sudo systemctl daemon-reload\nsudo systemctl enable wazuh-agent\nsudo systemctl start wazuh-agent
macOs (Intell/Apple silicon)	sudo /Library/Ossec/bin/wazuh-control start
Windows (32/64 bits)	NET START 'Wazuh Agent'

[Desvelao]

Problem

I am getting a problem with the oneliner command for Windows. It seems the registration command is executed before the agent package is installed and the wazuh-agent.exe file is not found.

msiexec.exe /i $env:tmp\\wazuh-agent /q;& 'C:\\Program Files\\wazuh-agent\\wazuh-agent.exe' --register-agent --url '<server-url>' --user '<username>' --password '<password>' [--verification mode '<none/full>'] [--name '<agent-name>'] [--key '<enrollment-key>'] 

I used --help flag to simulate the execution of the wazuh-agent.exe binary instead.

We should review this.

[Desvelao]

Remember server address feature

The server address in the enrollment agent wizard of 4.x would allow to set the value of enrollment.dns setting in the configuration file to the "administrator" users (users with administrator role of Wazuh server API).

The setting management was moved to Advanced settings, so this is a configuration by tenant.

I was trying to port the remember server address feature of enrollment.dns, but I found some missing features of the configuration service that should be added:

• ability to set the setting value (use case: UI settings that are managed through a different view of Advanced settings)
• ability to get the setting validations and for extension, the setting definition (I need to get the same validation to be used in a custom input different to Advanced settings view). I created a custom validation in the plugin, but this validation is defined in other plugin too, so this forces us to duplicate the code. We should provide this information about the configuration service.
• ability to reset the setting value
• the UISettings provider with the getAll does not return the UI settings registered by Wazuh plugins because this method is filtering by wazuhCore category, and the Wazuh settings has not this category. I guess this could be the initial development and then the categories of settings changed.

I attach an incomplete patch related to this feature:
branch: enhancement/514-add-enrollment-agent-assistant
wd-issue-514-remember-server-address.txt

Note: the management of this setting through the advanced settings will not support the readonly users because they have not the permissions to write the tenant settings. If we want to allow the readonly users can remember the value, then we should consider saving the value into the browser (local storage).

Update

I added the feature using the core.uiSettings service instead of wazuhCore.configuration service because this has no implemented the mentioned requirements. If we implement this requirements in the wazuhCore.configuration we could replace the wrappers.

I had to remove the validation of enrollment.dns setting that is applied in Advanced settings because this does not match with the specified in the server address input. This is related to one of requirements mentioned here.

• ability to get the setting validations

[Desvelao]

Update

• Rename Deploy new agent to Enroll new agent in the assistant
• Remove enrollment.password setting by security reasons. Now the user should indicate the username and password to enroll the agent.
• Update development branch