Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change agent behavior at startup #359

Closed
Tracked by #241
TomasTurina opened this issue Nov 27, 2024 · 1 comment · Fixed by #378
Closed
Tracked by #241

Change agent behavior at startup #359

TomasTurina opened this issue Nov 27, 2024 · 1 comment · Fixed by #378
Assignees
Labels
level/task Task issue module/agent mvp Minimum Viable Product refinement type/bug Bug issue

Comments

@TomasTurina
Copy link
Member

TomasTurina commented Nov 27, 2024

Parent Issue: #241

Description

Currently, all agent coroutines are launched almost simultaneously during startup. This creates a high probability of executing queries to the server before having requested a token, leading to race conditions.

Example logs:

# ./wazuh-agent
[2024-11-27 17:58:19.559] [wazuh-agent] [info] [INFO] [process_options_unix.cpp:24] [StartAgent] Starting wazuh-agent
[2024-11-27 17:58:19.565] [wazuh-agent] [warning] [WARN] [configuration_parser.hpp:93] [GetConfig] Requested setting is invalid, default value used. Invalid time unit: klsfjdds
[2024-11-27 17:58:19.568] [wazuh-agent] [info] [INFO] [logcollector.cpp:23] [Start] Logcollector started
[2024-11-27 17:58:19.568] [wazuh-agent] [info] [INFO] [file_reader.cpp:57] [AddLocalfiles] Reading log file: /var/log/auth.log
[2024-11-27 17:58:19.568] [wazuh-agent] [info] [INFO] [inventory.cpp:17] [Start] Starting inventory.
[2024-11-27 17:58:19.570] [wazuh-agent] [info] [INFO] [inventoryImp.cpp:931] [SyncLoop] Module started.
[2024-11-27 17:58:19.570] [wazuh-agent] [info] [INFO] [inventoryImp.cpp:912] [Scan] Starting evaluation.
[2024-11-27 17:58:19.579] [wazuh-agent] [warning] [WARN] [http_client.cpp:100] [Co_PerformHttpRequest] Failed to send http request. /api/v1/commands. Retrying in 30 seconds.
[2024-11-27 17:58:19.579] [wazuh-agent] [warning] [WARN] [communicator.cpp:31] [SendAuthenticationRequest] Failed to authenticate with the manager. Retrying in 30 seconds.
[2024-11-27 17:58:19.581] [wazuh-agent] [warning] [WARN] [http_client.cpp:100] [Co_PerformHttpRequest] Failed to send http request. /api/v1/events/stateful. Retrying in 30 seconds.
[2024-11-27 17:58:19.581] [wazuh-agent] [warning] [WARN] [http_client.cpp:100] [Co_PerformHttpRequest] Failed to send http request. /api/v1/events/stateless. Retrying in 30 seconds.
[2024-11-27 17:58:19.717] [wazuh-agent] [info] [INFO] [inventoryImp.cpp:926] [Scan] Evaluation finished.

Additionally, an agent that has not been registered always attempts to authenticate during startup. This behavior is unnecessary and illogical, as the agent should not request a token if it has not been registered.

Expected Behavior

  1. Agent Registration Validation:
    • At startup, the agent must validate whether it is registered.
    • If the agent is not registered, it should log an appropriate error message and immediately terminate execution.
  2. Behavior on Authentication Errors:
    • If the authentication process fails because the agent is not registered, the agent must stop functioning and log the corresponding error.
  3. Synchronization During Startup:
    • The agent must ensure that no queries are sent to the server until it has successfully obtained a valid token.
@vikman90 vikman90 added the mvp Minimum Viable Product refinement label Nov 28, 2024
@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Nov 28, 2024
@TomasTurina TomasTurina self-assigned this Nov 28, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 5.0.0 Nov 29, 2024
@TomasTurina
Copy link
Member Author

Update

The proposed solution is to validate whether the key, name and uuid are configured when starting the agent. Otherwise, the agent throws an exception and exits execution.

It remains to be implemented what happens when the authentication request returns error 400, i.e. the agent is not recognized by the server.

@TomasTurina TomasTurina linked a pull request Dec 2, 2024 that will close this issue
3 tasks
@wazuhci wazuhci moved this from In progress to In review in Release 5.0.0 Dec 2, 2024
@wazuhci wazuhci moved this from In review to Done in Release 5.0.0 Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Task issue module/agent mvp Minimum Viable Product refinement type/bug Bug issue
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

2 participants