Update Vulnerability CVE with Proxy

483 views
Skip to first unread message

Sergey E.

unread,
Sep 21, 2022, 12:23:59 PM9/21/22
to Wazuh mailing list
Hello Team,

Now I use local updates for  Vulnerability detector CVE files cause of firewall restrictions.
But want to make it automated.

My IT says that I can use proxy link. Like this:

Is it possible to force Wazuh use proxy to download NVD, MSU and RedHat CVE's?

PS: Cron+Wget is possible, but don't want to increase number of components.


Facundo Dalmau

unread,
Sep 21, 2022, 1:20:06 PM9/21/22
to Wazuh mailing list
Hi Sergey, thanks for using Wazuh!

Please check the following link Vulnerability Detector - Offline Update. It has different sections that describe how to perform offline updates with different available scripts for Red Hat , NVD and MSU.
Hope this works for you!

Regards,

Facundo

Sergey E.

unread,
Sep 21, 2022, 1:34:52 PM9/21/22
to Wazuh mailing list
Hi Facundo,

I'm using this way to update right now.

The question was:  Is it possible to force Wazuh use proxy to download NVD, MSU and RedHat CVE's? I mean any settings on Wazuh manager nodes  for updating CVE automatically with proxy?

среда, 21 сентября 2022 г. в 20:20:06 UTC+3, facundo...@wazuh.com:

swapnils

unread,
Sep 22, 2022, 8:55:40 AM9/22/22
to Wazuh mailing list
Hi..
Even I was looking out for such option but somehow could not find it.
As a workaround, I have created a daily cronjob to download these feeds using nvd-generator.sh / rh-generator.sh. Download link is there in the documentation. Only change I have made is, added proxy switch in those bash scripts for curl to hit internet via proxy. Hope this helps.

Facundo Dalmau

unread,
Sep 22, 2022, 1:17:17 PM9/22/22
to Wazuh mailing list
There is no direct way for the Wazuh manager to set the automatic update. It needs to be done as described in the previous messages. 
Also, you can configure the proxy, as explained in the issue: 
So that /etc/systemd/system/wazuh-manager.service is modified and you do not need to use the offline update.
    
    [Service] 
    Type=forking 
    EnvironmentFile=/etc/ossec-init.conf 
    Environment="https_proxy=http://<proxy_IP:port>" 
    Environment="http_proxy="http://<proxy_IP:port>" 
    LimitNOFILE=65536

And reloading daemon and service (systemctl restart wazuh-manager.service).

Regards,
Facundo

Patrik Blomqvist

unread,
Jan 4, 2023, 10:40:42 AM1/4/23
to Wazuh mailing list
Hi!

In Wazuh v4.3.10 CentOS7 and about proxy, the EnvironmentFile=/etc/ossec-init.conf  does not exist
Seems to be impossible to make this work when behind a proxy

Patrik
Reply all
Reply to author
Forward
0 new messages