Unable to Install Wazuh Agent on Pfsense+ ,Latest AMI - PKG manager breaks with installation of agent

ShahidAkhter

Hi there !
I am trying to install Wazuh agent on pfsense+ latest AMI for logs and and monitoring ,
but
whenever i allow through this method:
**vi /usr/local/etc/pkg/repos/FreeBSD.conf

FreeBSD: { enabled: yes }

FreeBSD: { enabled: yes }

vi /usr/local/etc/pkg/repos/pfSense.conf**

then i get this error and package manager breaks automatically, even upgrades doesnt work or anything related to package manager work, we have tried it for like 10 times and then had to recreate AMI again and setup everything again:

pkg install wazuh-agent
it tells you that you're required to upgrade PKG from 1.18 to 1.19 , otherwise , it'll not install
then with yes,
ld-elf.so.1: /usr/local/sbin/pkg: Undefined symbol "__libc_start1@FBSD_1.7"
And stuck
Can anyone give us any solution and help us out?

23.01-RELEASE (amd64)

built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT

TheWaterbug

@shahidakhter

I just followed these instructions:

https://benheater.com/integrating-pfsense-with-wazuh/

and I have the agent installed on pfSense 2.60 CE, with events registering in my Wazuh dashboard. So it works!

TheWaterbug

@shahidakhter

BTW, you may find using pfSense: Diagnostics: Edit File to be a lot easier than using vi to edit all the .conf files.

ShahidAkhter

@thewaterbug Hi, I tried it on pfsense+ but it didnt work, package manager completely breaks

ShahidAkhter

@thewaterbug Number of packages to be upgraded: 1

9 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching pkg-1.19.1_1.pkg: 100% 9 MiB 9.6MB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.18.4_4 to 1.19.1_1...
[1/1] Extracting pkg-1.19.1_1: 100%
pkg-1.18.4_4: missing file /usr/local/man/man8/pkg-backup.8.gz
You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed.
ld-elf.so.1: /usr/local/sbin/pkg: Undefined symbol "__libc_start1@FBSD_1.7"

TheWaterbug

@shahidakhter

Ah, that's too bad. pf+ probably enforces tighter control over packages.

Netgate, is there a way to allow 3rd-party package installation on pf+?

jbaenaxd

@ShahidAkhter
Solution:

Find in the cache the old version pkg that you want to reinstall:

[23.01-RELEASE][admin@pfSense]/root: ls -l /var/cache/pkg/pkg-1.1*
lrwxr-xr-x  1 root  wheel       27 Apr 20 11:22 /var/cache/pkg/pkg-1.18.4_4.pkg -> pkg-1.18.4_4~e5964fbef2.pkg
-rw-r--r--  1 root  wheel  9495297 Feb 17 17:16 /var/cache/pkg/pkg-1.18.4_4~e5964fbef2.pkg
lrwxr-xr-x  1 root  wheel       27 May  3 17:02 /var/cache/pkg/pkg-1.19.1_1.pkg -> pkg-1.19.1_1~d4f5ecb07c.pkg
-rw-r--r--  1 root  wheel  9560947 Apr 25 03:30 /var/cache/pkg/pkg-1.19.1_1~d4f5ecb07c.pkg

Reinstall one of those (the oldest one):

pkg-static install -f /var/cache/pkg/pkg-1.18.4_4.pkg

elamigosam2

@jbaenaxd
I am having a similar issue with pkg braking after attempting to install wazuh, I tried reinstalling the old version, but it also breaks the old version.
still stuck with wazuh installation, now with two broken versions of pkg.
trying to install on netgate 1100
thanks.

michmoor

What are we trying to monitor on pfsense? Because pfsense isn’t always going to run the latest version of a package and that doesn’t necessarily mean that your firewall has a vulnerability not sure how useful getting the agent installed would be.
Wazuh has agentless monitoring available per documentation.

elamigosam2

@michmoor I am trying to transfer suricata logs and syslogs from pfsense.

TheWaterbug

@michmoor

I'm interested in the agentless monitoring method. How does the latency compare with an agent?

walter.santos

I tried to install Wazuh agent too following this article https://marcius.pro/index.php/2022/03/11/wazuh-criando-regra-no-pfsense-para-bloquear-ip-de-atacante/, and I've success on FreeBSD12/pfSense 2.6 CE.
However, in FreeBSD14/ pfsense 2.7 CE or pfSense+ 23.1.1, I haven't succes. The error is

code_text
```Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
2404007936:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
2404007936:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
2404007936:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921: