This is the documentation for Wazuh 3.8. Check out the docs for the latest version of Wazuh!

Creating custom WPK packages

1. Get a X509 certificate and CA

Create root CA

# openssl req -x509 -new -nodes -newkey rsa:2048 -keyout wpk_root.key -out wpk_root.pem -batch

Create a certificate and key

# openssl req -new -nodes -newkey rsa:2048 -keyout wpkcert.key -out wpkcert.csr -subj '/C=US/ST=CA/O=Wazuh'

Set the location as follows:

  • /C=US is the country.
  • /ST=CA is the state.
  • /O=Wazuh is the organization’s name.

Sign this certificate with the root CA

# openssl x509 -req -days 365 -in wpkcert.csr -CA wpk_root.pem -CAkey wpk_root.key -out wpkcert.pem -CAcreateserial

2. Compile a package

WPK packages will generally contain the complete agent code, however, this is not required.

A WPK package must contain an installation program in binary form or a script in any language supported by the agent (Bash, Python, etc). Canonical WPK packages must contain a Bash script named upgrade.sh for UNIX or upgrade.bat for Windows. This program must:

  • fork itself, as the parent will return 0 immediately,
  • restart the agent, and
  • the installer must write a file called upgrade_result containing a status number (0 means OK) before exiting.

Requirements

  • Python 2.7 or 3.5+
  • The Python cryptography package. This may be obtained using the following command:
pip install cryptography

Canonical WPK package example

  1. Install development tools and compilers. In Linux this can easily be done using your distribution’s package manager:
  1. For RPM-based distributions:
# yum install make gcc policycoreutils-python automake autoconf libtool unzip
  1. For Debian-based distributions:
# apt-get install make gcc libc6-dev curl policycoreutils automake autoconf libtool unzip
  1. Download and extract the latest version:
# curl -Ls https://github.com/wazuh/wazuh/archive/v3.8.2.tar.gz | tar zx
  1. Modify the wazuh-3.8.2/etc/preloaded-vars.conf file that was downloaded to deploy an unattended update in the agent by uncommenting the following lines:
USER_LANGUAGE="en"
USER_NO_STOP="y"
USER_UPDATE="y"
  1. Compile the project from the src folder:
# cd wazuh-3.8.2/src
# make deps
# make TARGET=agent
  1. Install the root CA if you want to overwrite the root CA with the file you created previously:
# cd ../
# cp path/to/wpk_root.pem etc/wpk_root.pem
  1. Compile the WPK package using your SSL certificate and key:
# contrib/agent-upgrade/wpkpack.py output/myagent.wpk path/to/wpkcert.pem path/to/wpkcert.key *
Definitions:
  • output/myagent.wpk is the name of the output WPK package.
  • path/to/wpkcert.pem is the path to your SSL certificate.
  • path/to/wpkcert.key is the path to your SSL certificate’s key.
  • * is the file (or the files) to be included into the WPK package. In this case, all the contents will be added.

In this example, the Wazuh project’s root directory contains the proper upgrade.sh file.

Note

This is only an example. If you want to distribute a WPK package using this method, it’s important to begin with an empty directory.