SCA- No scans available on LInux
516 views
Skip to first unread message
Wesley Khanh
Nov 6, 2023, 2:52:17 AM11/6/23
to Wazuh | Mailing List
DearTeam,
I got issue : No Scan available with SCA Enable on Linux( centos 9): all these server cannot get any data.
But I can with agent on windows.
. the config for Linux like this:
<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
<policies>
<policy enabled="yes">/var/ossec/ruleset/sca/cis_centos8_linux.yml</policy>
</policies>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
<policies>
<policy enabled="yes">/var/ossec/ruleset/sca/cis_centos8_linux.yml</policy>
</policies>
</sca>
Any suggestion for this case.
REgards,
Wesley Khanh
Nov 6, 2023, 6:18:53 AM11/6/23
to Wazuh | Mailing List
i also check the log mention this:
sca: INFO: Module started.
2023/11/06 05:44:53 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_centos8_linux.yml'
2023/11/06 05:44:53 wazuh-modulesd:control: INFO: Starting control thread.
2023/11/06 05:44:53 sca: INFO: Starting Security Configuration Assessment scan.
2023/11/06 05:44:53 wazuh-modulesd:syscollector: INFO: Module started.
2023/11/06 05:44:53 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2023/11/06 05:44:53 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_centos8_linux.yml': 'Check Centos 8 family platform'
2023/11/06 05:44:53 sca: INFO: Security Configuration Assessment scan finished. Duration: 0 seconds.
2023/11/06 05:44:53 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_centos8_linux.yml'
2023/11/06 05:44:53 wazuh-modulesd:control: INFO: Starting control thread.
2023/11/06 05:44:53 sca: INFO: Starting Security Configuration Assessment scan.
2023/11/06 05:44:53 wazuh-modulesd:syscollector: INFO: Module started.
2023/11/06 05:44:53 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2023/11/06 05:44:53 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_centos8_linux.yml': 'Check Centos 8 family platform'
2023/11/06 05:44:53 sca: INFO: Security Configuration Assessment scan finished. Duration: 0 seconds.
seem its skipping the policy
Ifeanyi Onyia Odike
Nov 8, 2023, 8:23:00 AM11/8/23
to Wazuh | Mailing List
Hi Wesly,
Regards,
Apologies for the late response.
Can you please send your Wazuh Manager ossec.conf file? Please ensure that you mask your sensitive credentials.
Regards,
Wesley Khanh
Nov 12, 2023, 11:24:49 PM11/12/23
to Wazuh | Mailing List
Hi Ifeanyi,
i was able to fix this by edit direct the template from CEntos-8 as below: change to 9 to fit my curretn so is CEntos 9 stream
cis_centos8_linux.yml
requirements:
title: "Check Centos 8 family platform"
description: "Requirements for running the policy against CentOS 8 family."
condition: any
rules:
- "f:/etc/redhat-release -> r:^CentOS && r:release 9"
title: "Check Centos 8 family platform"
description: "Requirements for running the policy against CentOS 8 family."
condition: any
rules:
- "f:/etc/redhat-release -> r:^CentOS && r:release 9"
seem i have leave some foram
Reply all
Reply to author
Forward
0 new messages