Vulnerability Detector issues to download CVE database
481 views
Skip to first unread message
Diego Arranz
May 8, 2019, 3:23:58 AM5/8/19
to Wazuh mailing list
I have installed wazuh 3.9 manager on debian 9 server, and I am trying to run vulnerability detector.
When the ossec.conf is:
<wodle name="vulnerability-detector">
<disabled>no</disabled>
<interval>5m</interval>
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<feed name="ubuntu-18">
<disabled>yes</disabled>
<update_interval>1h</update_interval>
</feed>
<feed name="redhat">
<disabled>yes</disabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</feed>
<feed name="debian-9">
<disabled>no</disabled>
<update_interval>1h</update_interval>
</feed>
</wodle>
<disabled>no</disabled>
<interval>5m</interval>
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<feed name="ubuntu-18">
<disabled>yes</disabled>
<update_interval>1h</update_interval>
</feed>
<feed name="redhat">
<disabled>yes</disabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</feed>
<feed name="debian-9">
<disabled>no</disabled>
<update_interval>1h</update_interval>
</feed>
</wodle>
I have this error in ossec.log:
2019/05/08 08:17:10 wazuh-modulesd:vulnerability-detector: ERROR: (5404): The package name could not be obtained.
When the setup file is:
<wodle name="vulnerability-detector">
<disabled>no</disabled>
<interval>5m</interval>
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<feed name="ubuntu-18">
<disabled>yes</disabled>
<update_interval>1h</update_interval>
</feed>
<feed name="redhat">
<disabled>yes</disabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</feed>
<feed name="debian-9">
<disabled>no</disabled>
<update_interval>1h</update_interval>
<path>https://www.debian.org/security/oval/oval-definitions-stretch.xml</path>
</feed>
</wodle>
<disabled>no</disabled>
<interval>5m</interval>
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<feed name="ubuntu-18">
<disabled>yes</disabled>
<update_interval>1h</update_interval>
</feed>
<feed name="redhat">
<disabled>yes</disabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</feed>
<feed name="debian-9">
<disabled>no</disabled>
<update_interval>1h</update_interval>
<path>https://www.debian.org/security/oval/oval-definitions-stretch.xml</path>
</feed>
</wodle>
the error is:
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: INFO: (5461): Starting Debian Stretch database update...
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: ERROR: (5401): Could not open https://www.debian.org/security/oval/oval-definitions-stretch.xml.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: ERROR: (5426): CVE database could not be updated.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: INFO: (5452): Starting vulnerability scanning.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: INFO: (5453): Vulnerability scanning finished.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: ERROR: (5401): Could not open https://www.debian.org/security/oval/oval-definitions-stretch.xml.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: ERROR: (5426): CVE database could not be updated.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: INFO: (5452): Starting vulnerability scanning.
2019/05/08 09:13:37 wazuh-modulesd:vulnerability-detector: INFO: (5453): Vulnerability scanning finished.
can somebody help me to use this wodle?
Thanks in advance
Diego Arranz
May 8, 2019, 4:15:04 AM5/8/19
to Wazuh mailing list
I am sorry, I had to use <url> instead of <path>
Daniel Folch
May 8, 2019, 4:50:23 AM5/8/19
to Wazuh mailing list
Hello Diego,
I'm glad you found a solution to your problem. If you need further assistance please don't hesitate to contact us.
Best regards,
Daniel Folch
Reply all
Reply to author
Forward
0 new messages