CIS Benchmark for Ubuntu
57 views
Skip to first unread message
Allan Marin
Jul 20, 2023, 10:03:20 AM7/20/23
to Wazuh mailing list
Hello,
I discovered the GitHub "guide" for Wazuh looking for the CIS Benchmark.
I've tried to implement this one: https://github.com/wazuh/wazuh/blob/master/ruleset/rootcheck/db/system_audit_ssh.txt
But from the 10 fail alerts, only 1 got pass.
Any idea how can I solve it?
Cedrick Foko
Jul 20, 2023, 11:04:15 AM7/20/23
to Wazuh mailing list
Hello Allan,
Thank you for your interest to Wazuh.
Those tests designed to check if the hardening recommendations are followed. In order to pass all the tests, you need to apply the recommendation needed.
Those tests designed to check if the hardening recommendations are followed. In order to pass all the tests, you need to apply the recommendation needed.
For every test, you have a comment describing the condition needed to pass the test.
For instance, the first test will check if SSH is listening on a port other than the default port (22 TCP). To pass that first test, you need to change the default port used by SSH service.
The same applies for other tests.
I hope you find this helpful. Please don't hesitate to ask if you have any other question or doubt.
Allan Marin
Jul 20, 2023, 12:13:38 PM7/20/23
to Wazuh mailing list
Hello,
So, if I configure the rule like the documentation in Wazuh:
rules: - 'f:$sshd_file -> !r:^# && r:Port && !r:\s*\t*22$'
This wont make any changes in the SCA alert?
rules: - 'f:$sshd_file -> !r:^# && r:Port && !r:\s*\t*22$'
This wont make any changes in the SCA alert?
Cedrick Foko
Jul 21, 2023, 4:28:02 AM7/21/23
to Wazuh mailing list
Hello Allan,
No, this won't make any change in the SCA result unless the default port for SSH has been changed.
I hope this clarifies. Please let me know if you have any other question.
Reply all
Reply to author
Forward
0 new messages