Vulnerability Detector not working for Kali

Dhiraj Ambigapathi

unread,

Jul 14, 2023, 7:32:23 AM7/14/23

to Wazuh mailing list

So I've tested Vulnerability Detector for Ubuntu and Windows and it works great, but I wanted it to work for Kali which is debian based, I have turned on Debian updates on wazuh manager ossec.conf and agent is sending sysclollecter logs too, but can't get the Vulnerability module to run

Logs

2023/07/14 10:56:13 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'Debian Buster' database update.
2023/07/14 10:56:14 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'Debian Buster' feed finished successfully.
2023/07/14 10:56:14 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'Debian Bullseye' database update.
2023/07/14 10:56:15 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'Debian Bullseye' feed finished successfully.
2023/07/14 10:56:15 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'Amazon Linux 1' database update.
2023/07/14 10:56:15 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'Amazon Linux 1' feed finished successfully.
2023/07/14 10:56:15 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'Amazon Linux 2' database update.
2023/07/14 10:56:15 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'Amazon Linux 2' feed finished successfully.
2023/07/14 10:56:15 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'Arch Linux' database update.
2023/07/14 10:56:16 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'Arch Linux' feed finished successfully.
2023/07/14 10:56:16 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'National Vulnerability Database' database update.
2023/07/14 10:56:20 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'National Vulnerability Database' feed finished successfully.
2023/07/14 10:56:20 wazuh-modulesd:vulnerability-detector: INFO: (5400): Starting 'Microsoft Security Update' database update.
2023/07/14 10:56:20 wazuh-modulesd:vulnerability-detector: INFO: (5430): The update of the 'Microsoft Security Update' feed finished successfully.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5431): Starting vulnerability scan.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5450): Analyzing agent '000' vulnerabilities.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5471): Finished vulnerability assessment for agent '000'
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5450): Analyzing agent '001' vulnerabilities.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5471): Finished vulnerability assessment for agent '001'
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5450): Analyzing agent '003' vulnerabilities.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5471): Finished vulnerability assessment for agent '003'
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5450): Analyzing agent '004' vulnerabilities.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5471): Finished vulnerability assessment for agent '004'
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5450): Analyzing agent '005' vulnerabilities.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5471): Finished vulnerability assessment for agent '005'
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5450): Analyzing agent '008' vulnerabilities.
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5471): Finished vulnerability assessment for agent '008'
2023/07/14 10:56:21 wazuh-modulesd:vulnerability-detector: INFO: (5472): Vulnerability scan finished.

Mateo Cervilla

unread,

Jul 14, 2023, 11:21:46 AM7/14/23

to Wazuh mailing list

Hello Dhiraj,

We currently do not officially support Kali. Being a Debian based distribution, you can use the unsupported systems scans with its feed for Kali.

But keep in mind that since it is not the official feed, it may generate false positives.

If you need any more help, let me know.

Kind regards.

Dhiraj Ambigapathi

unread,

Jul 15, 2023, 1:54:00 AM7/15/23

to Wazuh mailing list

Hi Mateo,

I tested the config file as per the document but did not get it working.
Wazuh-Manager ossec.conf

Ossec.log

Dashboard

Syscollector is working on Kali

Mateo Cervilla

unread,

Jul 17, 2023, 8:16:46 AM7/17/23

to Wazuh mailing list

That's because you set kali as the provider name. You need to use one of the supported providers such as debian.

In your case it should be something like:

<provider name="debian">
<enabled>yes</enabled>
<os allow="Kali GNU/Linux-2023">bullseye</os>
<update_interval>1h</update_interval>
</provider>

Try this configuration and tell me how it goes.

Regards.

Dhiraj Ambigapathi

unread,

Jul 17, 2023, 8:29:28 AM7/17/23

to Wazuh mailing list

Noted, It works now.
Thanks

Reply all

Reply to author

Forward