On the configuration of vulnerability scanning for Centos.
485 views
Skip to first unread message
Shan Yang
Oct 13, 2022, 3:00:38 AM10/13/22
to Wazuh mailing list
The scenario system I use is centos. See the official wazuh document centos is compatible with redhat. Is the following configuration correct?
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>yes</enabled>
<os path="/var/ossec/wazuh_tools/rh-repo/com.redhat.rhsa-RHEL5.xml.bz2">5</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-6-including-unpatched.oval.xml.bz2">6</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-7-including-unpatched.oval.xml.bz2">7</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-8-including-unpatched.oval.xml.bz2">8</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-9-including-unpatched.oval.xml.bz2">9</os>
<os allow="Centos Linux-8">8</os>
<os allow="Centos Linux-7">7</os>
<os allow="Centos Linux-6">6</os>
<os allow="Centos Linux-5">5</os>
<path>/var/ossec/wazuh_tools/rh-feed/redhat-feed[[:digit:]]+\.json$</path>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>yes</enabled>
<os path="/var/ossec/wazuh_tools/rh-repo/com.redhat.rhsa-RHEL5.xml.bz2">5</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-6-including-unpatched.oval.xml.bz2">6</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-7-including-unpatched.oval.xml.bz2">7</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-8-including-unpatched.oval.xml.bz2">8</os>
<os path="/var/ossec/wazuh_tools/rh-repo/rhel-9-including-unpatched.oval.xml.bz2">9</os>
<os allow="Centos Linux-8">8</os>
<os allow="Centos Linux-7">7</os>
<os allow="Centos Linux-6">6</os>
<os allow="Centos Linux-5">5</os>
<path>/var/ossec/wazuh_tools/rh-feed/redhat-feed[[:digit:]]+\.json$</path>
<update_interval>1h</update_interval>
</provider>
If it is correct, you will see the following information on the log.
Aditya Sharma
Oct 13, 2022, 11:22:02 PM10/13/22
to Wazuh mailing list
Hi Team, Hope you are doing good!
Below is the default for RHEL:
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>yes</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
But as I can see you are using Offline detection in this, you can check out this document once: https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/offline-update.html#red-hat
I hope this helps you. Don't hesitate to ask your questions/concerns.
Regards
Aditya Sharma
Below is the default for RHEL:
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>yes</enabled>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
But as I can see you are using Offline detection in this, you can check out this document once: https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/offline-update.html#red-hat
I hope this helps you. Don't hesitate to ask your questions/concerns.
Regards
Aditya Sharma
Reply all
Reply to author
Forward
0 new messages