Command module Linux
137 views
Skip to first unread message
Thành An Phạm
May 27, 2024, 3:24:35 AM5/27/24
to Wazuh | Mailing List
Hi, I use wazuh version 4.7.4, I followed the instructions in this link,
but although the agent received the "disk-usage.sh" file, it seems the agent did not execute the command "/bin/bash /var/ossec/etc/shared/disk-usage.sh". I also added the decoder and rules sections to the local_decoder.xml and local_rules.xml files.
but although the agent received the "disk-usage.sh" file, it seems the agent did not execute the command "/bin/bash /var/ossec/etc/shared/disk-usage.sh". I also added the decoder and rules sections to the local_decoder.xml and local_rules.xml files.
Can you tell me what I did wrong?
My english is not good, so let me know if you dont understand I mean.
Thank you so much!!
My english is not good, so let me know if you dont understand I mean.
Thank you so much!!
Javier Sanchez Gil
May 27, 2024, 4:49:32 AM5/27/24
to Wazuh | Mailing List
Hi Thanh An Pham,
Don't worry about your English, it's perfectly understandable!
It looks like the steps were followed correctly. If the script is not executing, it might be due to permission issues.
Once you create the disk-usage.sh script in the /var/ossec/etc/shared/default/ directory, try running:
chmod 750 /var/ossec/wodles/disk-usage.sh
chown root:wazuh /var/ossec/wodles/disk-usage.sh
to grant the necessary permissions.
Don't worry about your English, it's perfectly understandable!
It looks like the steps were followed correctly. If the script is not executing, it might be due to permission issues.
Once you create the disk-usage.sh script in the /var/ossec/etc/shared/default/ directory, try running:
chmod 750 /var/ossec/wodles/disk-usage.sh
chown root:wazuh /var/ossec/wodles/disk-usage.sh
to grant the necessary permissions.
Thành An Phạm
May 27, 2024, 6:18:25 AM5/27/24
to Wazuh | Mailing List
Hello Javier Sanchez Gil,
Thank you for your prompt assistance.
I have granted permissions to the disk-usage.sh file, but there are still no results. There are no logs related to the execution of this shell file.
Please help me with the steps from the beginning so I can understand where I went wrong. I am new to using Wazuh.
Thank you.
Vào lúc 15:49:32 UTC+7 ngày Thứ Hai, 27 tháng 5, 2024, Javier Sanchez Gil đã viết:
Javier Sanchez Gil
May 28, 2024, 5:50:17 AM5/28/24
to Wazuh | Mailing List
Hi Thành An Phạm,
Upon close inspection of your agent.conf, I noticed that your agent_conf does not contain the <agent_config os="Linux"> as outlined in the documentation at https://documentation.wazuh.com/current/user-manual/capabilities/command-monitoring/use-cases/disk-space-utilization.html#id2
You may want to take a look at the Wazuh documentation on Centralized Configuration (agent.conf) at https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html#agent-conf for more information.
Upon close inspection of your agent.conf, I noticed that your agent_conf does not contain the <agent_config os="Linux"> as outlined in the documentation at https://documentation.wazuh.com/current/user-manual/capabilities/command-monitoring/use-cases/disk-space-utilization.html#id2
You may want to take a look at the Wazuh documentation on Centralized Configuration (agent.conf) at https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html#agent-conf for more information.
Thành An Phạm
May 29, 2024, 5:58:30 AM5/29/24
to Wazuh | Mailing List
Once again, thank you for your help.
The previous issue prevented my Linux agent from executing the command "/bin/bash /var/ossec/etc/shared/disk-usage.sh", and it was flagged with the warning "Trojaned version of file detected," thus preventing execution with "/bin/bash".
The solution was to make a small change in the "agent.conf" file and grant execute permissions to the "disk-usage.sh" file on the agent.
My English is not good, so let me know if you don't understand what I mean.
Thank you so much!
Vào lúc 16:50:17 UTC+7 ngày Thứ Ba, 28 tháng 5, 2024, Javier Sanchez Gil đã viết:
Javier Sanchez Gil
May 29, 2024, 11:36:24 AM5/29/24
to Wazuh | Mailing List
Hi Thành An Phạm,
It seems like the problem was solved, right?
Don't worry, everything is perfectly understood!
If you have any questions, don't hesitate to ask us.
It seems like the problem was solved, right?
Don't worry, everything is perfectly understood!
If you have any questions, don't hesitate to ask us.
Thành An Phạm
May 31, 2024, 5:42:42 AM5/31/24
to Wazuh | Mailing List
Hi Javier Sanchez Gil,
That's right, my problem was solved using the method I mentioned in the previous response.
Again, thank you.
Vào lúc 22:36:24 UTC+7 ngày Thứ Tư, 29 tháng 5, 2024, Javier Sanchez Gil đã viết:
Reply all
Reply to author
Forward
0 new messages