Check in the wazuh-dashboard app the correct OS format for macOS agents

[jmv74211]

Target version	Release candidate	Main release testing issue
4.4.0	1	TBC

Description

Some macOS OS versions (from Sierra to Catalina) show themselves (in the default OS information tool) as MacOS X, while their proper name is macOS. This inaccurate OS name is affecting both OS inventory information and Manager's agent list information

During the testing performed for the fix introduced in 4.4.0 Modify OS name's source for macOS, it was left pending (because we had no official app to test) to check that the macOS OS version appears correctly in the wazuh-dashboard app.

It is requested to check that all macOS agents appear with the following OS format: macOS x.x.x.

Proposed checks

• Check that all macOS agents (from Sierra to Monterey or Ventura if possible) are listed in the following OS format: macOS x.x.x.
  • Check in agents overview view
  • Check in inventory data view

Expected results

All macOS agent OS should appear with the following OS format: macOS x.x.x.

[BelenValdivia]

17/03/2023

• Set up wazuh manager, indexer and dashboard
• Download macOS boxes (catalina and mojave)
• Research about the change

[BelenValdivia]

Review data

Tester	PR commit
@BelenValdivia	4.4

Testing environment

OS	Deployment	Image/AMI	Notes
CentOS 8	local	generic/centos_8
MacOS Sierra	local	jhcook/macos-sierra
MacOS Catalina	local	macos_catalina
MacOS Mojave	local	danimaetrix/macOS-mojave
MacOS Monterey	AWS account: wazuh-dev	provided by cicd team
MacOS Ventura	local	local machine

Tested packages

System	Manager	Agent
CentOS 8	rpm
MacOS		pkg

Status

• In progress
• QA team leader approved @jmv74211

[BelenValdivia]

Testing results

Before change

Incorrect OS name 🔴

1. Install the Wazuh agent and Wazuh manager prod version (4.3.10)

2. Check the agent's overview view in the Wazuh dashboard

   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/glob
   al.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 001"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   Mac OS X    10          14           x86_64
   

Upgrade

Check OS format macOS Sierra 🟢

1. Upgrade the Wazuh agent and Wazuh manager from 4.3.10 to 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/glob
   al.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 005"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   macOS       10          12          x86_64
   
   

Check OS format macOS Catalina 🟢

1. Upgrade the Wazuh agent and Wazuh manager from 4.3.10 to 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 003"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   macOS       10          15          x86_64
   

Check OS format macOS Mojave 🟢

1. Upgrade the Wazuh agent and Wazuh manager from 4.3.10 to 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard
   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 001"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   macOS       10          14          x86_64
   

Check OS format macOS Ventura 🟢

1. Upgrade the Wazuh agent and Wazuh manager from 4.3.10 to 4.4.0

2. Check the agent's overview view in the Wazuh dashboard

   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   root@dwordcito:/home/dwordcito# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 002"
   os_name  os_major  os_minor  os_arch
   -------  --------  --------  -------
   macOS    13        0         x86_64
   

Check OS format macOS Monterey 🟢

1. Upgrade the Wazuh agent and Wazuh manager from 4.3.10 to 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard
   

4. Check the OS name in the manager database

   root@ip-172-31-19-68:/home/ubuntu# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 002"
   os_name  os_major  os_minor  os_arch
   -------  --------  --------  -------
   macOS    12        6         x86_64
   

Fresh Install

Check OS format macOS Sierra 🟢

1. Install Wazuh agent and Wazuh manager 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/glob
   al.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 006"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   macOS       10          12          x86_64
   

Check OS format macOS Catalina 🟢

1. Install Wazuh agent and Wazuh manager 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 004"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   macOS       10          15          x86_64
   

Check OS format macOS Mojave 🟢

1. Install Wazuh agent and Wazuh manager 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   [root@centos-manager3 vagrant]# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 002"
   os_name     os_major    os_minor    os_arch
   ----------  ----------  ----------  ----------
   macOS       10          14          x86_64
   

Check OS format macOS Ventura 🟢

1. Install Wazuh agent and Wazuh manager 4.4.0

2. Check the agent's overview view in the Wazuh dashboard

   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   root@dwordcito:/home/dwordcito# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 001"
   os_name  os_major  os_minor  os_arch
   -------  --------  --------  -------
   macOS    13        0         x86_64
   

Check OS format macOS Monterey 🟢

1. Install Wazuh agent and Wazuh manager 4.4.0

2. Check the agent's overview view in the Wazuh dashboard
   

3. Check the inventory data view in the Wazuh dashboard

   

4. Check the OS name in the manager database

   root@ip-172-31-19-68:/home/ubuntu# sqlite3 -header -column /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR, OS_MINOR, OS_ARCH FROM AGENT WHERE ID = 001"
   os_name  os_major  os_minor  os_arch
   -------  --------  --------  -------
   macOS    12        6         x86_64
   

[BelenValdivia]

Conclusion 🟢

The behavior is as expected. The OS field has the correct format.

[jmv74211]

Closing conclusion 👍🏼

Everything seems to be working properly