SCA for Amazon Linux AMI 2015.09

[James Wu]

Hello,

How to configure SCA for agent that running Amazon Linux AMI 2015.09? Dashboard shows "you don't have SCA scans in this agent".  

ossec.conf:

<config-profile>amzn, amzn1, amzn1.09</config-profile> 

..

<sca>

<enabled>yes</enabled> 

I am running Wazuh v4.3.5

--

Best Regards,

James Wu

[Carlos Dams]

Hi James,

Thanks for using Wazuh!

Seems the issue you are having is a bug as Wazuh team in currently working on it here:

- https://github.com/wazuh/wazuh/issues/14258

- https://github.com/wazuh/wazuh/pull/14483

Let's check two things:

1. Check under file /var/ossec/etc/ossec.conf that "Amazon Linux OS vulnerabilities" are enabled:

2. Could you check from your instance the output of the command cat /etc/system-release and paste it here?

I hope you find this information helpful

[Carlos Dams]

Hi James,

Based on the output of "cat /etc/system-release" which is "Amazon Linux AMI release 2015.09" it is same bug being worked on the links sent on the previous message.

I recommend you to wait and follow the issues on GitHub, 

Also, you can check the following link: https://documentation.wazuh.com/current/release-notes/ when the next minor version is release to see if it was fixed there.

Hi Carlos,

Thanks for the quick response.

1. Check under file /var/ossec/etc/ossec.conf that "Amazon Linux OS vulnerabilities" are enabled:

Yes, it was enabled under Wazhu manager server and Vulnerabilities check was working fine with all agents. 

2. Could you check from your instance the output of the command cat /etc/system-release and paste it here?

Agent: Amazon Linux AMI release 2015.09
Wazhu Manager: Amazon Linux release 2 (Karoo)

Best,
James