Rocky Linux Agent Support

[derekmpage]

PR is just Like #596

But against 4.4 branch and with Agent only support. No manager support.

[riton]

We've just tested it against a host with the following specs:

[root@ccosvms0682 ~]# puppet facts | jq .os
{
  "release": {
    "full": "8.8",
    "major": "8",
    "minor": "8"
  },
  "family": "RedHat",
  "name": "Rocky",
  "distro": {
    "description": "Rocky Linux release 8.8 (Green Obsidian)",
    "codename": "Green Obsidian",
    "release": {
      "full": "8.8",
      "major": "8",
      "minor": "8"
    },
    "id": "Rocky",
    "specification": ":core-4.1-amd64:core-4.1-noarch"
  },
  "hardware": "x86_64",
  "architecture": "x86_64",
  "selinux": {
    "enabled": false
  }
}

We're seing the following error on a wazuh::manager host:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, This ossec module has not been tested on your distribution (file: /etc/puppetlabs/code/environments/XXXXX/modules/wazuh/manifests/params_manager.pp, line: 551, column: 24) on node XXXXX

EDIT: My bad, I've just seen that you explicitly said that no manager support was provided... 🤦

[derekmpage]

@riton I am getting the same result in my test environment.

I am not sure why it want's to evaluate manager. We are just trying to use it as an agent.
I was just following @vcerenu ask here to remove it from manager.pp #596

[vcerenu]

LGTM!

[derekmpage]

I found the issue...

Agent.pp at line

In agent.pp at line 462 you call wazuh::activeresponse

Then in wazuh::activeresponse active response at line 21 you require require wazuh::params_manager

https://github.com/wazuh/wazuh-puppet/blob/master/manifests/activeresponse.pp#L21require

I am not sure why this is done.
But I think there are two options.

Also add rocky to param_manager.pp or fully decouple agent from manager. However I will leave that up to your team.

[vcerenu]

Hi @derekmpage

Thanks for your Contribution!!

About the dependency with params_manager.pp, now we will continue with this change and later we will see the decoupling of this dependency.

[derekmpage]

@vcerenu I see you merged this... But the needed changes to params_manager.pp were not added to the PR yet? Unless I am not following your versioning correctly?

[vcerenu]

@derekmpage I passed this change to the 4.5.2 branch because they recently gave me a change window for that version, we have a release schedule that we are carrying out.