Scenario:
I am exploring
wazuh for vulnerability monitoring on my home network.
Wazuh includes a lightweight agent that gets installed on each device.
The wazuh-agent install command for Centos7 looks like this:
sudo WAZUH_MANAGER='[IP or DNS of wazuh server]' WAZUH_AGENT_GROUP='default' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.5-1.x86_64.rpm
Of course on SME I also needed to define and enable the service:
config set wazuh-agent service status enabled
The problemAfter installing as above I could start the service after each reboot using
systemctl start wazuh-agent, and I could enable the service using
systemctl enable wazuh-agent, but the service was always disabled after again after a reboot.
I could solve the problem by creating a crontab entry
@reboot sleep 10; /sbin/e-smith/systemctl start wazuh-agent - but that seemed... "
unusual"...
The
koozali wiki docs for service control say to run
expand-template /etc/systemd/system-preset/49-koozali.preset -- however wazuh-agent still showed "disabled" in
/etc/systemd/system-preset/49-koozali.preset.
Looking at the contents of
/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/20services, it looks like services with an init script in /etc/rc.d/init.d are to 'disabled' in
49-koozali.preset. I found that there was indeed a script for wazuh-agent at /etc/rc.d/init.d/wazuh-agent.
Renaming that script (
mv /etc/rc.d/init.d/wazuh-agent /etc/rc.d/init.d/wazuh-agent.huh) and re-expanding /etc/systemd/system-preset/49-koozali.preset solved the problem (temporarily?).
ConclusionI suspect that the folks at wazuh are including both systemd and init startup scripts for wazuh-agent as a convenience.
I also suspect that the conflicting init script will come back with the next wazuh-agent update.
I have no idea how many packages are likely to include both systemd and init startup scripts.
Is this a bug that should be addressed in
/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/20services, or an update step I should document on my network?