Re: wazuh-keystore: "No such file or directory"

Sun, 11 May 2025 14:05:28 -0700 

 ---- On Sun, 11 May 2025 09:14:45 -0700  Andrea Venturoli <[email protected]> 
wrote --- 
 > Hello.
 > 

Hello Andrea

 > I've installed wazuh-agent.
 > Now I think I need to use wazuh-keystore in order to enable 
 > vulnerability detection.
 > Alas any time I call "/var/ossec/bin/wazuh-keystore", with whatever 
 > arguments, I get "No such file or directory" and nothing else happens.
 > 
 > I've tryied running it under truss and it ends in:
 > > getcontext(0x820220510)                 = 0 (0x0)
 > > sysarch(AMD64_GET_XFPUSTATE,0x8202204d8)     = 0 (0x0)
 > > mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 
 > > 35059245056 (0x829b1a000)
 > > mprotect(0x217000,4096,PROT_READ)         = 0 (0x0)
 > > readlink("/proc/self/exe",0x820221220,1025)     ERR#2 'No such file or 
 > > directory'
 > > fstatat(AT_FDCWD,"/usr/share/nls/C/libc.cat",0x820221060,0x0) ERR#2 'No 
 > > such file or directory'
 > > fstatat(AT_FDCWD,"/usr/share/nls/libc/C",0x820221060,0x0) ERR#2 'No such 
 > > file or directory'
 > > fstatat(AT_FDCWD,"/usr/local/share/nls/C/libc.cat",0x820221060,0x0) ERR#2 
 > > 'No such file or directory'
 > > fstatat(AT_FDCWD,"/usr/local/share/nls/libc/C",0x820221060,0x0) ERR#2 'No 
 > > such file or directory'
 > > No such file or directorywrite(2,"No such file or directory",25)         = 
 > > 25 (0x19)
 > 
 > Is it possible that the problem is "/proc/self/exe"? AFAIK this is only 
 > valid for Linux, not for FreeBSD (which uses "/proc/curproc"). Right?
 > Is this it or am I barking up the wrong tree?

Try to use the following:

export WAZUH_HOME=/var/ossec && /var/ossec/bin/wazuh-keystore -h

It could be an issue with wazuh home directory autodetection into 
wazuh-keystrore app. I'll try to look into it anyway. 

If you want enable wazuh vulnerabilities detection on FreeBSD it depends of 
another things like a database of vulnerabilities file generated from wazuh 
project and if I am not mistaken it doesn't exist right now

Look at 
https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/how-it-works.html#compatibility-matrix

 > 
 > Am I supposed to use a different tool, instead of 
 > /var/ossec/bin/wazuh-keystore?
 > 
 >   bye & Thanks
 >     av.
 > 

Greetings

Reply via email to