How to stop vulnerability scans for only redhat

55 views
Skip to first unread message

K Anand

unread,
Oct 17, 2022, 5:02:41 AM10/17/22
to Wazuh mailing list
Hi folks,
I have installed wazuh ova 4.3.9. 
For testing purposes, I had enabled vulnerability scans for windows and Redhat. 
After restart of the manager service, I can see that vulnerabilities have been downloaded and scanning is going on for both windows and RHEL.
Then I disabled for RHEL and left the vulnerability scan on for only windows.
When I restarted the managed service, I can see that scanning is still happening for all hosts including RHEL.
how can I stop this ?
I presume this is because the database has been downloaded already ...Is there any way I can delete the downloaded database for Redhat ?

BTW, this is a fantastic product ...
Thanx in advance
Anand

Belen Valdivia

unread,
Oct 17, 2022, 8:23:06 AM10/17/22
to Wazuh mailing list
Hi!
What you can try is to delete the database cve.db so that the required vulnerabilities are downloaded again.
The database is in /var/ossec/queue/vulnerabilities/cve.db at the Wazuh manager.
Check that redhat is disabled in the ossec.conf:

<!-- RedHat OS vulnerabilities -->
    <provider name="redhat">
    <enabled>no</enabled>
    <os>5</os>
    <os>6</os>
    <os>7</os>
    <os>8</os>
    <os>9</os>
    <update_interval>interval</update_interval>
    </provider>

Execute:
1- rm /var/ossec/queue/vulnerabilities/cve.db
2- Restart Wazuh manager systemctl restart wazuh-manager

Regards!

K Anand

unread,
Oct 18, 2022, 12:30:54 AM10/18/22
to Wazuh mailing list
Thanx....I'll try it .

regards
Anand

Reply all
Reply to author
Forward
0 new messages