-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wazuh-api.service.ps1 Invalid JSON primitive: System.Net.WebException. #387
Comments
Hi @jakko10 , Can you tell me your Powershell version? That way I can help you better.
This error can occur in more parts of the script, in all of them the solution would be the same. I hope I helped you, any question you have do not hesitate to ask Best regards, |
@AdriiiPRodri thank you for your reply. Major 5, Minor 1, Build 17763, Revision 503 .. Good thing is, your suggestion worked, I replaced line 89 with the code you provided and now it works like a charm every time. PS! one thing that I see is every time I runs this script a line gets added to the end of ossec.conf if you make a typo for example in the IP then you'll end up with a typo on your conf file as well. Thank you! |
You're welcome @jakko10 , I'm glad I solved your problem. As for what you're saying about the typo, currently the script doesn't have the capacity to know if what you're putting into it contains a typo error. At the moment there is no intention to add that functionality since this is a script just for support. If this happens, you would have to modify the file ossec.conf stored in
Any question you have do not hesitate to ask Best regards, |
@AdriiiPRodri maybe one idea how to "fix" this could also be that every time you run the script it will replace the line added by the script? Currently every time you run the script, it adds new line to the end of the file. Looks like this one will do the trick.
|
We're going to try to solve that problem @jakko10, if you add this to the script by replacing lines 114 and 144 with:
This will replace the added line, in your specific case will replace the 10 so you will have to remove them manually, in the following executions whenever there is the line this will be replaced by the new line with the IP chosen. Tell me if this has worked for you, any doubt or problem do not hesitate to ask. Regards |
@AdriiiPRodri looks like your suggested changes are still adding new line at the end of ossec.conf every time you execute the script. |
Interesting, looks like your suggested fix didn't fix it after all. Today I came to work, my workstation got new IP. Yesterday it was x.x.x.15 and today it's x.x.x.31. When I re-ran the scrip to re-register the agent it was always re-registring the agent with the old IP of x.x.x.15. I couldn't figure out where is it taking that IP from. But looks like the server was providing it to the script rather than script taking the ip from my workstation. So, I removed the client from server with the help of: /var/ossec/bin/manage_agents Now when I ran the powershell script then I still got the good old:
and again when I ran the script second time it was all happy :) |
Hi @jakko10 , I couldn't try the changes because my platform is Linux, I just saw that I can download the Powershell of windows in Linux. |
Hi @jakko10 , Sorry for the late, I've been trying options and found one that I think will solve your problem, the script is as follows: ###
# Powershell script for registering agents automatically with the API
# Copyright (C) 2017 Wazuh, Inc. All rights reserved.
# Wazuh.com
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
###
function Ignore-SelfSignedCerts {
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class PolicyCert : ICertificatePolicy {
public PolicyCert() {}
public bool CheckValidationResult(
ServicePoint sPoint, X509Certificate cert,
WebRequest wRequest, int certProb) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = new-object PolicyCert
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
}
function req($method, $resource, $params){
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username, $password)))
$url = $base_url + $resource;
try{
return Invoke-WebRequest -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method $method -Uri $url -Body $params
}catch{
return $_.Exception
}
}
# Configuration
$base_url = "http://<Wazuh-Manager-IP>:55000"
$username = "foo"
$password = "bar"
$agent_name = $env:computername
$path = "C:\Program Files (x86)\ossec-agent\"
$config = "C:\Program Files (x86)\ossec-agent\ossec.conf"
$wazuh_manager = "<Wazuh-Manager-IP>"
Ignore-SelfSignedCerts
# Test API integration to make sure IE has run through initial startup dialogue - This can be a problem with new servers.
try{
$testresponse = req -method "GET" -resource "/manager/info?pretty" | ConvertFrom-Json | select -expand data -ErrorAction Stop -ErrorVariable geterr
Write-Output "The Wazuh manager is contactable via the API, the response is: `n $($testresponse)"
}catch{
Write-Host -ForegroundColor Red "IE has not had it's initial startup dialogue dismissed, please complete this step and try again. Script will exit. Error: $($geterr)`n .Please Run OSSEC_AgentConfig Separately once you correct the error."
Exit
}
# Test for agent already existing in manager
$agentexist = req -method "GET" -resource "/agents?pretty" -params @{search=$agent_name} # searches for the agent based on the env variable name
$agentinfo = $agentexist.Content | ConvertFrom-Json | select -expand data | select totalitems
$agentexistid = $agentexist.Content | ConvertFrom-Json | select -expand data | select -expand items | select id # expands the embedded JSON items to retrieve the agent ID
# If agent does not already exist proceed to create agent and register the agent key
if ($agentinfo.totalitems -lt 1){
# Adding agent and getting Id from manager
Write-Output "`r`nAdding agent:"
$response = req -method "POST" -resource "/agents" -params @{name=$agent_name} | ConvertFrom-Json
If ($response.error -ne '0') {
Write-Output "ERROR: $($response.message)"
Exit
}
$agent_id = $response.data
Write-Output "Agent '$($agent_name)' with ID '$($agent_id)' added."
# Getting agent key from manager
Write-Output "`r`nGetting agent key:"
$response = req -method "GET" -resource "/agents/$($agent_id)/key" | ConvertFrom-Json
If ($response.error -ne '0') {
Write-Output "ERROR: $($response.message)"
Exit
}
$agent_key = $response.data
Write-Output "Key for agent '$($agent_id)' received."
# Importing key
Write-Output "`r`nImporting authentication key:"
echo "y" | & "$($path)manage_agents.exe" "-i $($agent_key)" "y`r`n"
# Restarting agent
Write-Output "`r`nRestarting:"
$srvName = "OssecSvc"
Write-Output "Stopping service."
Stop-Service $srvName
$srvStat = Get-Service $srvName
Write-Output "$($srvName) is now $($srvStat.status)"
Start-Sleep -s 10
$regex = '^<ossec_config> <client> <server> <address>.*</address> </server> </client> </ossec_config>'
$matches = ([regex]$regex).Matches((Get-Content $config))
Get-Content $config | Where-Object {$_ -notmatch [regex]$regex} | Set-Content $config
Add-Content $config "<ossec_config> <client> <server> <address>$($wazuh_manager)</address> </server> </client> </ossec_config>"
Start-Sleep -s 10
Write-Output "Starting service."
Start-Service $srvName
$srvStat = Get-Service $srvName
Write-Output "$($srvName) is now $($srvStat.status)"
}
Else {
# If agent is found in manager by name it will retrieve the key and configure the agent
$response = req -method "GET" -resource "/agents/$($agentexistid.id)/key" | ConvertFrom-Json
# Key received from manager
$agent_key = $response.data
# Importing agent key from manager
Write-Output "`r`nImporting authentication key:"
echo "y" | & "$($path)manage_agents.exe" "-i $($agent_key)" "y`r`n"
Write-Output "`r`nRestarting:"
$srvName = "OssecSvc"
Write-Output "Stopping service."
Stop-Service $srvName
$srvStat = Get-Service $srvName
Write-Output "$($srvName) is now $($srvStat.status)"
Start-Sleep -s 10
$regex = '^<ossec_config> <client> <server> <address>.*</address> </server> </client> </ossec_config>'
$matches = ([regex]$regex).Matches((Get-Content $config))
Get-Content $config | Where-Object {$_ -notmatch [regex]$regex} | Set-Content $config
Add-Content $config "<ossec_config> <client> <server> <address>$($wazuh_manager)</address> </server> </client> </ossec_config>"
Start-Sleep -s 10
Write-Output "Starting service."
Start-Service $srvName
$srvStat = Get-Service $srvName
Write-Output "$($srvName) is now $($srvStat.status)"
} Tell me if this has solved the problem, any question do not hesitate to ask. Best regards, |
Hi, if I remove the agent and run the new script then I get this: `C:\scripts\api-register-agent_v2.ps1
The Wazuh manager is contactable via the API, the response is: Adding agent: Getting agent key:
Key for agent '@{id=003; key=MDAzIFdJTjAxNC1FU1QtVExOIDEwLjU3LjIuMzEgN2M3OTI1MTQxMDU5NGU0MWYwN2RiYjBmOWNiNmUxN2M4OTBjNDMxZjkwMGM2OTM2M445YWI3YmVlMDFjZDFlMQ==}' received. Importing authentication key: ** Invalid authentication key. Starting over again. Restarting:
Starting service. |
Also one more thing which is needed in my case.
as you see I added: |
Hi @jakko10 , Currently if not specifically indicated the IP is set by default 127.0.0.1, one of the values you can assign is "any" which allows the agent to have a dynamic IP. This does not happen with the manager, this one has to have a static address. Once we have removed agent we are going to do the following register agent documentation, we will use the registration service with password authorization, this is optional (if we don't want to activate the password we can skip directly to the agent part) but if we want to add a layer more protection against unauthorized records we can add a password to authd for it we go to our file ossec.conf <auth>
...
<use_password>yes</use_password>
...
</auth> After changing this we can choose our own password or let one be generated randomly, the latter will occur if we do not specify one in the file
We restart the manager for the changes to take effect:
Now let's go to our agent, to register we are going to use agent-auth.exe, for it we will open a powershell terminal as administrator user, and we are going to execute the following to add our password (in my case MyCustomPassword) in our authd.pass file and then we will register the agent (MANAGER_IP_ADDRESS has to be changed by the IP of our manager):
*The path may be changed to Finally, we will edit the configuration of our agent to indicate the IP address of our manager, the path of the file is the following <client>
<server>
<address>MANAGER_IP</address>
...
</server>
</client> We restarted our agent and the agent would already be registered and connected to our manager:
Best regards, |
Closing due to inactivity. Will reopen if necessary. |
when I run the script first time I get:
Getting agent key:
ConvertFrom-Json : Invalid JSON primitive: System.Net.WebException.
At C:\scripts\api-register-agent.ps1:89 char:70
when I run the script the second time then it's all good.
The text was updated successfully, but these errors were encountered: