Generate WPK packages manually¶

Requirements¶

• Python 2.7 or 3.5+

• The Python cryptography package. This may be obtained using the following command:

$ pip install cryptography

Linux WPK¶

Install development tools and compilers. In Linux this can easily be done using your distribution’s package manager:

1. For RPM-based distributions:

# yum install make gcc policycoreutils-python automake autoconf libtool unzip

2. For Debian-based distributions:

# apt-get install make gcc libc6-dev curl policycoreutils automake autoconf libtool unzip

Download and extract the latest version:

# curl -Ls https://github.com/wazuh/wazuh/archive/v4.1.1.tar.gz | tar zx

Modify the wazuh-4.1.1/etc/preloaded-vars.conf file that was downloaded to deploy an unattended update in the agent by uncommenting the following lines:

USER_LANGUAGE="en"
USER_NO_STOP="y"
USER_UPDATE="y"

Compile the project from the src folder:

# cd wazuh-4.1.1/src
# make deps TARGET=agent
# make TARGET=agent

Delete the files that are no longer needed, this step can be skipped but the size of the WPK will be considerably larger:

$ rm -rf doc wodles/oscap/content/* gen_ossec.sh add_localfiles.sh Jenkinsfile*
$ rm -rf src/{addagent,analysisd,client-agent,config,error_messages,external/*,headers,logcollector,monitord,os_auth,os_crypto,os_csyslogd,os_dbdos_execd}
$ rm -rf src/{os_integrator,os_maild,os_netos_regex,os_xml,os_zlib,remoted,reportd,shared,syscheckd,tests,update,wazuh_db,wazuh_modules}
$ rm -rf src/win32
$ rm -rf src/*.a
$ rm -rf etc/{decoders,lists,rules}
$ find etc/templates/* -maxdepth 0 -not -name "en" | xargs rm -rf

Install the root CA if you want to overwrite the root CA with the file you created previously:

# cd ../
# cp path/to/wpk_root.pem etc/wpk_root.pem

Compile the WPK package using your SSL certificate and key:

# contrib/agent-upgrade/wpkpack.py output/myagent.wpk path/to/wpkcert.pem path/to/wpkcert.key *

In this example, the Wazuh project’s root directory contains the proper upgrade.sh file.

Windows WPK¶

Install development tools and compilers. In Linux this can easily be done using your distribution’s package manager:

For RPM-based distributions:

# yum install make gcc policycoreutils-python automake autoconf libtool unzip

For Debian-based distributions:

# apt-get install make gcc libc6-dev curl policycoreutils automake autoconf libtool unzip

Download and extract the latest version of wazuh sources:

# curl -Ls https://github.com/wazuh/wazuh/archive/v4.1.1.tar.gz | tar zx

Download the latest version of the wazuh MSI package:

# curl -Ls https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.1-1.msi --output wazuh-agent-4.1.1-1.msi

Install the root CA if you want to overwrite the root CA with the file you created previously:

# cd ../
# cp path/to/wpk_root.pem etc/wpk_root.pem

Compile the WPK package using the MSI package and, your SSL certificate and key:

# contrib/agent-upgrade/wpkpack.py output/myagent.wpk path/to/wpkcert.pem path/to/wpkcert.key path/to/wazuhagent.msi path/to/upgrade.bat path/to/do_upgrade.ps1

Definitions:

• output/myagent.wpk is the name of the output WPK package.

• path/to/wpkcert.pem is the path to your SSL certificate.

• path/to/wpkcert.key is the path to your SSL certificate’s key.

• path/to/upgrade.bat is the path to the upgrade.bat file you can find an example at src/win32 within the wazuh repository or write your own.

• path/to/do_upgrade.ps1 is the path to the do_upgrade.ps1 file you can find an example at src/win32 within the wazuh repository or write your own.

• path/to/wazuhagent.msi is the path to the MSI you have downloaded in step 3.

• \* is the file (or the files) to be included into the WPK package. In this case, all the contents will be added.