Ubuntu 22.04 Vulnerability Detection

825 views
Skip to first unread message

Agra Dwi Saputra

unread,
Oct 19, 2022, 10:32:27 PM10/19/22
to Wazuh mailing list
Hi Team,

I have Wazuh 4.3.5 running on AWS EKS.
I want to add Ubuntu 22.04 for vulnerability detection.

I try to add the config like this, when save it's shown error "Could not update configuration in specified node (1908) - Error validating configuration: Invalid Ubuntu version 'jammy', (1202): Configuration error at 'etc/ossec.conf'."

  <vulnerability-detector>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <ignore_time>6h</ignore_time>
      <run_on_start>yes</run_on_start>

      <!-- Ubuntu OS vulnerabilities -->
      <provider name="canonical">
        <enabled>yes</enabled>
        <os>trusty</os>
        <os>xenial</os>
        <os>bionic</os>
        <os>focal</os>
        <os>jammy</os>
        <update_interval>1h</update_interval>
      </provider>

  </vulnerability-detector>



Has anyone here experienced it? And can someone help me with this?
Thank you

Best Regards,
Agra Ds
image.png
image.png

elw...@wazuh.com

unread,
Oct 20, 2022, 3:20:22 AM10/20/22
to Wazuh mailing list
Hello Agra,

The compatibility for Jammy was introduced in Wazuh version 4.3.6 https://github.com/wazuh/wazuh/blob/master/CHANGELOG.md#v436---2022-07-20.

I hope this helps.

Regards,
Wali

Agra Dwi Saputra

unread,
Oct 20, 2022, 8:57:19 AM10/20/22
to elw...@wazuh.com, Wazuh mailing list
Hi Wali,

Thanks.
To upgrade from version 4.3.5 to 4.3.6 or latest (4.3.9) on the kubernetes environment (AWS EKS) is it just changing the image version according to this documentation?
Thank you

Best Regards,
Agra Ds

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5cd944c9-4f97-4c4f-9fe4-19cbee11a1e2n%40googlegroups.com.

elw...@wazuh.com

unread,
Oct 24, 2022, 4:04:29 AM10/24/22
to Wazuh mailing list
Hello Agra,

Indeed, following that guide should help you to upgrade your Wazuh environment.

Regards,
Wali

Agra Dwi Saputra

unread,
Oct 25, 2022, 3:01:25 AM10/25/22
to Wazuh mailing list
Thank Wali for the confirmation.
I will try to upgrade.


Thank you

Best Regards,
Agra Ds

Fl Passelerg

unread,
Jan 12, 2023, 12:14:44 PM1/12/23
to Wazuh mailing list
Hello
I have the same problem with the vulnerability detection when I add an OS "Kali Linux"
I follow exactly the documentation allow os

but when I want to save my configuration , I have this message :
Could not update configuration (1908) - Error validating configuration: Invalid Ubuntu version 'debian', (1202): Configuration error at 'etc/ossec.conf'.

My configuration is :
 <!-- Ubuntu OS vulnerabilities -->
    <provider name="canonical">
      <enabled>yes</enabled>
      <os>trusty</os>
      <os>xenial</os>
      <os>bionic</os>
      <os>focal</os>
      <os>jammy</os>
      <os allow="Kali GNU/Linux">debian</os>   (I try  <os allow="Kali GNU/Linux-2022">debian</os> but It's the same pb)
      <update_interval>1h</update_interval>
    </provider>

My version is 4.3.10
I have several Kali linux machine with this OS 
Linux kaliLatitude 5.18.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07) x86_64 GNU/Linux

and the logs in DEBUG MODE show me that my agent has an unupported OS :
Jan 12, 2023 @ 19:05:40.000 wazuh-modulesd:vulnerability-detector INFO (5431): Starting vulnerability scan. 
Jan 12, 2023 @ 19:05:40.000 wazuh-modulesd:vulnerability-detector DEBUG (5485): Agent '003' has an unsupported OS: 'Kali GNU/Linux' 
Jan 12, 2023 @ 19:05:40.000 wazuh-modulesd:vulnerability-detector DEBUG (5485): Agent '006' has an unsupported OS: 'Kali GNU/Linux'

Thanks for your precious help
Florence
error message.JPG
documentation.JPG
Reply all
Reply to author
Forward
Message has been deleted
0 new messages