The Arch Linux database database could not be fetched

260 views
Skip to first unread message

Ibrahim

unread,
May 18, 2023, 6:14:52 AM5/18/23
to Wazuh mailing list
Hi Team,

Can someone help me with this? Wazuh version 4.3.10

9cd8e5be-8ca3-46e1-a31d-ca769fd53c6a.jpeg

Gonzalo Membrillo Solbes

unread,
May 18, 2023, 7:22:45 AM5/18/23
to Wazuh mailing list
Hello Ibrahim,

It looks like your manager is unable to download the ArchLinux vulnerability database. There are no known issues with this particular DB so it, most likely, is due to your machine being unable to reach ArchLinux's servers. Could you try to manually download files from their DB using the machine you have your manager installed in? If you can't, then it's a network issue. If this is the case, you may want to try using the Offline Update feature Wazuh supports in order to obtain the updated vulnerability databases in this manner without requiring a direct connection to the ArchLinux servers.

Do let us know of the result of this endeavour. Feel free to inform us if you need anything else.

Regards,
Gonzalo

Ibrahim

unread,
May 18, 2023, 8:14:32 AM5/18/23
to Wazuh mailing list

Hello Gonzalo, 

How I manually download the files?
That link just takes me to a webpage. 

Then, the second method you mentioned, can you give me an example of the url part? Is local_repo in the url path to be written exactly like so?  I'll appreciate an example to know what exactly to configure so I do not mess it up. 

Thanks. 

Ibrahim

unread,
May 19, 2023, 7:46:44 AM5/19/23
to Wazuh mailing list

Someone help please

Gonzalo Membrillo Solbes

unread,
May 25, 2023, 6:53:15 AM5/25/23
to Wazuh mailing list
Hello again,

Sorry for the late response. To download a package off of the Arch Linux DB, you can use a curl command or, since the goal is to confirm connectivity, you could ping the domain I linked previously:


As for the Offline Update, you need to follow the instructions in the documentation. The URL you need to add is the URL to a local repository you make when downloading the all.json file from the website. Alternatively, you can simply save the file and move it to the manager, the PATH field in this case is the local path to the file within the machine.

To download the file, use your browser to access https://security.archlinux.org/issues/all.json and click Save on the top left. You will then need to move the downloaded file to the manager node.
Once moved to the manager, not the path you have selected for it and add it to the configuration. For example, like this:

<provider name="arch">
   <enabled>yes</enabled>
   <path>/home/user/all\.json$</path>
   <update_interval>1h</update_interval>
</provider>

You can then save and restart the manager. This should fix the problem fetching the Arch Linux database. For convinience's sake, I'm going to link our Offline update documentation again:

I hope you find this helpful. Do let us know if you require any additional assistance.

Best regards,
Gonzalo
Reply all
Reply to author
Forward
0 new messages