You don't have SCA scans in this agent
2,084 views
Skip to first unread message
DarkMac
Jul 31, 2023, 5:33:10 AM7/31/23
to Wazuh mailing list
Hi,
Got this on an Alma linux installation. Any workaround?
Thanks!
Javier Sanchez Gil
Jul 31, 2023, 5:59:17 AM7/31/23
to Wazuh mailing list
Hi DarkMac,
You haven't shared any file regarding the installation of Alma Linux. Please share it whenever you can so that I can assist you!
You haven't shared any file regarding the installation of Alma Linux. Please share it whenever you can so that I can assist you!
DarkMac
Jul 31, 2023, 6:09:12 AM7/31/23
to Wazuh mailing list
Can you please let me know what files I need to share?
Thanks,
Javier Sanchez Gil
Jul 31, 2023, 7:26:48 AM7/31/23
to Wazuh mailing list
But the error you have with Alma Linux is the one you have titled "You don't have SCA scans in this agent," is that what it refers to?
DarkMac
Aug 4, 2023, 6:49:47 AM8/4/23
to Wazuh mailing list
Not sure I understand what you mean.
I'll try to explain the issue again. I deployed Wazuh and the server is running fine. The agent was deployed on several machines with different OSes. For the Alma Linux OS, I get this error in the SCA module, but for the other OSes (windows , opensuse) it works fine.
Let me know if now it's clear or I should add more details?
Javier Sanchez Gil
Aug 4, 2023, 7:51:33 AM8/4/23
to Wazuh mailing list
Usually SCA policies have some requirements and if they are not met, scans will be skipped.
In an agent's SCA directory /var/ossec/ruleset/sca/cis... you will need to access, if for example you want to include AlmaLinux 8, you can add the following line in the requirements section:
policy:
id: "cis_ubuntu20-04"
file: "cis_ubuntu20-04.yml"
name: "CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0"
description: "This document provides prescriptive guidance for establishing a secure configuration posture for Ubuntu Linux 20.04 LTS."
references:
- https://www.cisecurity.org/cis-benchmarks/
requirements:
title: "Check Ubuntu version."
description: "Requirements for running the SCA scan against Ubuntu Linux 20.04 LTS"
condition: all
rules:
- "f:/etc/os-release -> r:Ubuntu 20.04"
- "f:/proc/sys/kernel/ostype -> Linux"
- "f:/etc/redhat-release -> r:^AlmaLinux && r:release 8"
Once you have added the line - "f:/etc/redhat-release -> r:^AlmaLinux && r:release 8" , save the file and restart the agent.
Finally check the scan results.
I hope this solves the problem. Let us know if it worked or if you have any other questions.
In an agent's SCA directory /var/ossec/ruleset/sca/cis... you will need to access, if for example you want to include AlmaLinux 8, you can add the following line in the requirements section:
policy:
id: "cis_ubuntu20-04"
file: "cis_ubuntu20-04.yml"
name: "CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0"
description: "This document provides prescriptive guidance for establishing a secure configuration posture for Ubuntu Linux 20.04 LTS."
references:
- https://www.cisecurity.org/cis-benchmarks/
requirements:
title: "Check Ubuntu version."
description: "Requirements for running the SCA scan against Ubuntu Linux 20.04 LTS"
condition: all
rules:
- "f:/etc/os-release -> r:Ubuntu 20.04"
- "f:/proc/sys/kernel/ostype -> Linux"
- "f:/etc/redhat-release -> r:^AlmaLinux && r:release 8"
Once you have added the line - "f:/etc/redhat-release -> r:^AlmaLinux && r:release 8" , save the file and restart the agent.
Finally check the scan results.
I hope this solves the problem. Let us know if it worked or if you have any other questions.
Reply all
Reply to author
Forward
0 new messages