cve.db on Wazuh-Manager doesn't exist

85 views
Skip to first unread message

Guilherme Cardoso

unread,
Oct 16, 2024, 10:43:25 AM10/16/24
to Wazuh | Mailing List
Hi Team,

Due to some corrupted agents with the syscollector/vulnerabilities I ended up removing some .db files, on this process, I have removed the /var/ossec/queue/vulnerabilities/cve.db file. Restarting the service the system doesn't recreate the DB, rigth now I don't have any vulnerability on the agents dashboard.



Pablo Ariel Gonzalez

unread,
Oct 16, 2024, 11:08:40 AM10/16/24
to Wazuh | Mailing List
Hi Guilherme:

   I understand that you have restarted the Wazuh manager service but the cve.db file has not been created correctly or it has been created but not updated with the current vulnerabilities? Could you please confirm which version of Wazuh you are using?.

Thanks,

Guilherme Cardoso

unread,
Oct 16, 2024, 11:15:12 AM10/16/24
to Wazuh | Mailing List
Hi,

The file cve.db was not created at all, I am at version 4.9.0

Pablo Ariel Gonzalez

unread,
Oct 16, 2024, 11:30:02 AM10/16/24
to Wazuh | Mailing List
Hi Guilherme:

   Could you try to perform the following steps?. The database should be rebuilt again.

  1. Stop the manager
  2. Remove the vulnerabilities database, located at /var/ossec/queue/vulnerabilities/cve.db
  3. Set run_on_start to yes in the Vulnerability Detector configuration
  4. Restart the manager

Thanks,

Guilherme Cardoso

unread,
Oct 17, 2024, 3:21:06 AM10/17/24
to Wazuh | Mailing List
Hi,

That setting run_on_start doesn't work in 4.9.0

Pablo Ariel Gonzalez

unread,
Oct 21, 2024, 9:11:36 AM10/21/24
to Wazuh | Mailing List
Hi guilherme,

sorry for the delay. Let me check and I will get back to you today with an alternative.

Thanks,

Pablo Ariel Gonzalez

unread,
Oct 21, 2024, 3:56:03 PM10/21/24
to Wazuh | Mailing List
Hi Guilherme,

   Sorry for the mistake, although you indicated it before, I confused Wazuh's version. It is correct what you indicate, in Wazuh 4.9 that configuration is no longer supported.

I am performing an additional verification to give you a final answer as soon as possible. Could you tell me if you have updated this environment to 4.9 from a previous version? and if possible, it would be very useful if you could tell me the version of the operating system of some of the agents of which you do not see vulnerabilities now in Wazuh 4.9.


Thanks,


Pablo Ariel Gonzalez

unread,
Oct 22, 2024, 9:28:31 AM10/22/24
to Wazuh | Mailing List
Hi  Guilherme :

Just as an update on this case, I understand that you have upgraded your Wazuh implementation to 4.9, since that information is stored in Indexer in 4.9.

So I ask you, have you used the official upgrade guide for this? There is a specific step where you indicate the new configuration needed to be able to send that information to indexer.


Thanks,


Pablo Ariel Gonzalez

unread,
Oct 24, 2024, 7:18:28 AM10/24/24
to Wazuh | Mailing List
Hi Guilherme:

Have you had a chance to review my previous comment? If you have any doubts and/or questions do not hesitate to write us again.

Thanks,

Reply all
Reply to author
Forward
0 new messages