New Ubuntu server, but wazuh runs Debian 10 SCA
168 views
Skip to first unread message
J J Sloan
Mar 16, 2021, 5:32:15 PM3/16/21
to Wazuh mailing list
I just installed an Ubuntu 21.04 server for testing, and set up a Wazuh agent on it.
Wazuh does see that it's Ubuntu 21.04, but it runs the Debian 10 CIS benchmark.
The Wazuh server doesn't have a cis file for Ubuntu - should there be one?
J J
Wazuh does see that it's Ubuntu 21.04, but it runs the Debian 10 CIS benchmark.
The Wazuh server doesn't have a cis file for Ubuntu - should there be one?
J J
Francisco Navarro
Mar 17, 2021, 4:14:52 AM3/17/21
to Wazuh mailing list
Hello JJ,
We're working on extending our threat intelligence models and SCA benchmarks right now.
Currently, as you've noticed, the Debian10 CIS benchmark is used on all Debian-based systems as they are somehow compatible, but yes, we will add soon some specific benchmark for concrete OS such as the different ubuntu versions.
The ubuntu SCA files are currently under development, you could keep an eye on the process right here: https://github.com/wazuh/wazuh/issues/7662, I could not confirm the version where they will be released but, as soon as they are merged into the master branch you could easily download them and test them out.
Here you have some instruction about manually adding SCA policies, please have in mind that you could always create your own policies based on CIS benchmark or whichever criteria you have. We strongly encourage you to try this and share with the community your work!
I hope this answer your question, please do not hesitate to ask again if you have further questions.
Best regards,
jjs - mainphrame
Mar 17, 2021, 11:33:42 AM3/17/21
to Francisco Navarro, Wazuh mailing list
Thanks Francisco, that makes sense.
The virtuozzo benchmark your team provided on this list is working fairly well, with the one modification as I noted in that thread, hopefully that will eventually make it into the repo too.
J J
The virtuozzo benchmark your team provided on this list is working fairly well, with the one modification as I noted in that thread, hopefully that will eventually make it into the repo too.
J J
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/7rbRJgcG_Ik/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/f3dc1a23-73e5-42f4-a6c8-3274b8d6a02fn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages