CIS mysql benchmark in wazuh agent
204 views
Skip to first unread message
Azhar Hj.Mohd Ghazali
Jun 10, 2023, 2:53:09 AM6/10/23
to Wazuh mailing list
Hi team,
Need help on how to enable cis_mysql in my linux server that runs wazuh agents. Previously there were cis for centos 7 yml there.
My objective is to see the status of SCA for mysql settings.
Appreciate your help.
Ujunwa Okonkwo
Jun 11, 2023, 3:23:06 AM6/11/23
to Wazuh mailing list
Hello Azhar,
Thank you for using Wazuh.
cis_mysql5-6_community/enterprise are available policies pre-installed in Wazuh. https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/available-sca-policies.html?highlight=cis%20mysql
Install the necessary plugin for the CIS MySQL. Make sure the Wazuh server is connected to the agents and there is access to the server console.
Visit the Wazuh ruleset repository on GitHub: https://github.com/wazuh/wazuh-ruleset and download the cis_mysql file to your Wazuh server.
Move the plugin to /var/ossec/rules/.
Access the Wazuh agent's configuration file /var/ossec/etc/ossec.conf and add the below to the configuration:
<localfile>
<location>/var/ossec/rules/cis_mysql</location>
</localfile>
Restart the Wazuh agent and verify the status of the cis policy.
Regards,
Thank you for using Wazuh.
cis_mysql5-6_community/enterprise are available policies pre-installed in Wazuh. https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/available-sca-policies.html?highlight=cis%20mysql
If you need another variant, then:
Install the necessary plugin for the CIS MySQL. Make sure the Wazuh server is connected to the agents and there is access to the server console.
Visit the Wazuh ruleset repository on GitHub: https://github.com/wazuh/wazuh-ruleset and download the cis_mysql file to your Wazuh server.
Move the plugin to /var/ossec/rules/.
Access the Wazuh agent's configuration file /var/ossec/etc/ossec.conf and add the below to the configuration:
<localfile>
<location>/var/ossec/rules/cis_mysql</location>
</localfile>
Restart the Wazuh agent and verify the status of the cis policy.
Regards,
Reply all
Reply to author
Forward
0 new messages