WazuH Manager v 4.9.2 'SCA' not able to detect Ubuntu 24.04
Steve Tort
2024/12/09 22:37:18 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml': 'Check Ubuntu version.
PRETTY_NAME="Ubuntu 24.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.1 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
root@Ubuntu-Web01:/var/ossec/logs#
<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>30m</interval>
<skip_nfs>yes</skip_nfs>
</sca>
Md. Nazmur Sakib
Hi Steve,
Kindly note that the CIS script for 24.04 is not available in Wazuh right now. The Benchmark was released a few months back by CIS and the team is already working on it. It will be available in future releases.
https://github.com/wazuh/wazuh/issues/23194
Additionally, you can use the CIS script for 22.04 to use in 24.04 by making some small adjustments.
You need to change the condition to make it work in 24.04
Ex: 22.04
requirements:
title: "Check Ubuntu version."
description: "Requirements for running the SCA scan against Ubuntu Linux 22.04 LTS"
condition: all
rules:
- "f:/etc/os-release -> r:Ubuntu 22.04"
- "f:/proc/sys/kernel/ostype -> Linux"
24.04
rules:
- "f:/etc/os-release -> r:Ubuntu 24.04"
Please remember that as this is not developed for 24.04 there might be some false positives.
You need to make the necessary adjustments to the script for that.
Please check the link for configuring SCA scans and policy
I hope you find this information useful.
Steve Tort
Md. Nazmur Sakib
You can follow this issue for further update
https://github.com/wazuh/wazuh/issues/23194