Package Details: wazuh-agent 4.11.2-1

Git Clone URL: https://aur.archlinux.org/wazuh-agent.git (read-only, click to copy)
Package Base: wazuh-agent
Description: Wazuh Agent actively protects Arch Linux systems with advanced threat prevention, detection, and response capabilities.
Upstream URL: https://wazuh.com/
Keywords: siem
Licenses: GPL2
Submitter: madara125
Maintainer: madara125 (MrHacker)
Last Packager: MrHacker
Votes: 7
Popularity: 2.28
First Submitted: 2023-11-18 04:14 (UTC)
Last Updated: 2025-04-08 15:11 (UTC)

Latest Comments

1 2 Next › Last »

MrHacker commented on 2025-04-08 14:53 (UTC)

Hi @z3nt,

Thank you for your valuable observations. I'm analyzing the points you mentioned and will definitely implement your suggested changes in the next update. You're right about the --system parameter in the useradd command. I'll add it to prevent the wazuh user from appearing as a regular user in the UI with UID 1001. Regarding the issue with backup=() for /var/ossec/etc/ossec.conf, I'll check why the .pacsave file isn't being created during uninstallation when you've modified the file. I'll also review the runtime dependencies. I agree that several like gcc and cmake could probably be removed, as they're more appropriate as build dependencies. Sorry for the delay in responding. I've been busy with other projects and just updated the package after receiving the notification that it was outdated. I appreciate your patience and assure you that I'll incorporate your corrections in the next update.

Regards.

z3ntu commented on 2025-04-08 14:19 (UTC)

@MrHacker: Would be nice if you could read the comments from the last months and improve the package.

tbroyer commented on 2025-03-20 11:01 (UTC)

Already reported before but why so many dependencies?

The RPM only depends on groupadd/useradd/groupdel/userdel for the preinst and postuninst sccripts: https://github.com/wazuh/wazuh-agent/blob/246c2d85b81cf84f232744330f5cff5ec272a7b2/packages/rpms/SPECS/wazuh_agent.spec#L25-L26

Similarly for the Debian package: https://github.com/wazuh/wazuh-agent/blob/246c2d85b81cf84f232744330f5cff5ec272a7b2/packages/debs/SPECS/wazuh-agent/debian/control#L11

z3ntu commented on 2025-02-26 10:20 (UTC)

One more request on top of my using --system with useradd in wazuh-agent.install: Why are so many packages listed as runtime dependency, like gcc and cmake? I'm pretty sure most of them can be removed?

awptechnologies commented on 2024-11-08 19:45 (UTC)

Running sudo chown -R wazuh:wazuh /var/ossec fixed it for me as well agent will start now.

z3ntu commented on 2024-11-08 11:26 (UTC)

Shouldn't the useradd command be using --system parameter so e.g. the wazuh user doesn't get UID 1001 and show up in various places in the UI as a regular user?

Also I'm currently checking but it seems the backup=() at least for /var/ossec/etc/ossec.conf doesn't seem to work, no .pacsave is created on package removal even though the file was modified by me.

awptechnologies commented on 2024-09-17 03:49 (UTC)

This fixed it for me as well. sudo chown -R wazuh:wazuh /var/ossec

publicarray commented on 2024-09-06 09:49 (UTC) (edited on 2024-09-06 09:51 (UTC) by publicarray)

Regarding the Error reading XML file 'etc/ossec.conf': (line 0). error

This is a permission issue. The files are owned by root rather than wazuh

sudo chown -R wazuh:wazuh /var/ossec Fixed the issue for me

MrHacker commented on 2024-07-09 14:29 (UTC)

@agrasso Fixed, thanks for your feedback

agrasso commented on 2024-07-09 13:39 (UTC)

MrHacker's GPG key seems to have been revoked a few days ago.

1 2 Next › Last »