OpenSCAP and CIS
974 views
Skip to first unread message
sang thanh
Sep 28, 2022, 7:35:52 PM9/28/22
to Wazuh mailing list
Hello all,
I’m followed the document guide looking for the way to use the OpenSCAP and the CIS module, but can’t seem to find the osap.py & CIS-CAT.sh
You guys can share to me those file?
Thanks a lot.
Federico Pacher
Oct 3, 2022, 10:15:27 AM10/3/22
to Wazuh mailing list
Hi there,
<policy>/some/custom/policy/folder/policy_file_to_enable.yml</policy>
to the policies section of the SCA module.
For more information about SCA, please take a look at these documentation links:
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/what-is-it.html
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/how-to-configure.html
https://wazuh.com/blog/security-configuration-assessment/
In case you still want or need to set up OpenSCAP, you will need to solve the error manually by adding the missing folder /var/ossec/wodles/oscap because the debugging logs show that the required oscap.py script does not exist in that path. For doing this, you can download the folder from the Wazuh v4 GitHub repository:
https://github.com/wazuh/wazuh/tree/4.0/wodles/oscap
As it is stated in the Breaking Changes section for the last Wazuh version, OpenSCAP policies were removed from RPM and DEB packages, and the present folder policies in the agent installation will be removed.
This is the related link in case you need more information:
https://documentation.wazuh.com/current/release-notes/release-4-0-0.html
The same for CIS-CAT, we're deprecating the CIS-CAT integration module, in favor of SCA, which performs scans of security policies based on CIS Benchmarks.
I hope this information helps.
Regards
Currently, we recommend using SCA instead of configuring OpenSCAP as SCA is our opensource option for hardening, which means increasing the security of hosts by reducing their vulnerability surface. By default, the Wazuh Agent will run SCA scans for every policy (.yaml or .yml files) present in their ruleset folder:
Linux agents: <agent-installation-folder>/ruleset/sca
Windows agents: <agent-installation-folder>\ruleset\sca
To enable a policy file that is outside the default folder, add a line like
Linux agents: <agent-installation-folder>/ruleset/sca
Windows agents: <agent-installation-folder>\ruleset\sca
To enable a policy file that is outside the default folder, add a line like
<policy>/some/custom/policy/folder/policy_file_to_enable.yml</policy>
to the policies section of the SCA module.
For more information about SCA, please take a look at these documentation links:
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/what-is-it.html
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/how-to-configure.html
https://wazuh.com/blog/security-configuration-assessment/
In case you still want or need to set up OpenSCAP, you will need to solve the error manually by adding the missing folder /var/ossec/wodles/oscap because the debugging logs show that the required oscap.py script does not exist in that path. For doing this, you can download the folder from the Wazuh v4 GitHub repository:
https://github.com/wazuh/wazuh/tree/4.0/wodles/oscap
As it is stated in the Breaking Changes section for the last Wazuh version, OpenSCAP policies were removed from RPM and DEB packages, and the present folder policies in the agent installation will be removed.
This is the related link in case you need more information:
https://documentation.wazuh.com/current/release-notes/release-4-0-0.html
The same for CIS-CAT, we're deprecating the CIS-CAT integration module, in favor of SCA, which performs scans of security policies based on CIS Benchmarks.
I hope this information helps.
Regards
Bill Justesen
Oct 3, 2022, 3:38:37 PM10/3/22
to Wazuh mailing list
Wish I would have read the response a few hours ago. I've just been spinning my wheels on integrating CIS-CAT. At least I know not to bother now. I'm assuming the documentation will be updated at some point reflecting the changes.
Reply all
Reply to author
Forward
0 new messages