Get hardware information

[Võ Chung Nguyễn Lê]

Hi,

Wazuh-agent is running on my laptop. My laptop is running Linux. Wazuh-agent access to the files that is store information about my OS, CPU, RAM.... But with these files, I have to type login password to access to them. So, how Wazuh-agent can access these files without know my login password?

Sorry about my English!!

[Marcel Kemp]

Hi Võ Chung Nguyễn Lê,

Wazuh accesses several files where it obtains information about the hardware, as well as accesses some commands that allow it to know additional information about the OS or the hardware: 

• https://documentation.wazuh.com/current/user-manual/capabilities/syscollector.html

In the case of Linux, you can see that the code where this information is obtained is found in sysInfoLinux.cpp, where we can see the following:

• The CPU information is obtained from the file: /proc/cpuinfo
• The RAM information is obtained from the file: /proc/meminfo
• And the information about the OS is obtained from the command: uname

If you still have questions, don't hesitate to ask.

[Võ Chung Nguyễn Lê]

Hi,

Wazuh-agent get serial number by access /sys/class/dmi/id/board_serial file, but how wazuh-agent can access this file because I need to type login password to access it and wazuh-agent don't know my login password

Vào lúc 17:50:05 UTC+7 ngày Thứ Ba, 7 tháng 2, 2023, marce...@wazuh.com đã viết:

[Marcel Kemp]

Hi again,

This is because Wazuh has root-level permissions (with its own user), so it can access all files as if it were an administrator.

Wazuh requires root-level permissions because it needs access to sensitive system information and the ability to make changes to the system to improve security. 

The root-level access allows Wazuh to perform these tasks effectively and provide the highest level of security for the system.

Examples:

• System Monitoring
  
• File Integrity Monitoring
  
• Configuration Management
  
• Performance Optimization
  
• Low-level Operating System Access

I hope this solves your question.