How to stop vulnerability scans for only redhat

[K Anand]

Hi folks,

I have installed wazuh ova 4.3.9. 

For testing purposes, I had enabled vulnerability scans for windows and Redhat. 

After restart of the manager service, I can see that vulnerabilities have been downloaded and scanning is going on for both windows and RHEL.

Then I disabled for RHEL and left the vulnerability scan on for only windows.

When I restarted the managed service, I can see that scanning is still happening for all hosts including RHEL.

how can I stop this ?

I presume this is because the database has been downloaded already ...Is there any way I can delete the downloaded database for Redhat ?

BTW, this is a fantastic product ...

Thanx in advance

Anand

[Belen Valdivia]

Hi!

What you can try is to delete the database cve.db so that the required vulnerabilities are downloaded again.

The database is in /var/ossec/queue/vulnerabilities/cve.db at the Wazuh manager.

Check that redhat is disabled in the ossec.conf:

<!-- RedHat OS vulnerabilities -->

    <provider name="redhat">

    <enabled>no</enabled>

    <os>5</os>

    <os>6</os>

    <os>7</os>

    <os>8</os>

    <os>9</os>

    <update_interval>interval</update_interval>

    </provider>

Execute:

1- rm /var/ossec/queue/vulnerabilities/cve.db

2- Restart Wazuh manager systemctl restart wazuh-manager

Regards!

[K Anand]

Thanx....I'll try it .

regards

Anand