wazuh-modulesd:oscap: ERROR: Internal error

[jorg...@gmail.com]

Hi

Im using Wazuh 4.0

I'm trying to configure openscap on a Centos 7 machine but i'm getting this error:

2021/01/22 17:47:12 wazuh-modulesd: INFO: Process started.

2021/01/22 17:47:12 wazuh-modulesd:oscap: INFO: Module started.

2021/01/22 17:47:12 wazuh-modulesd:oscap: INFO: Starting evaluation.

2021/01/22 17:47:12 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...

2021/01/22 17:47:12 sca: INFO: Module started.

2021/01/22 17:47:12 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_rhel7_linux.yml'

2021/01/22 17:47:12 sca: INFO: Starting Security Configuration Assessment scan.

2021/01/22 17:47:12 wazuh-modulesd:syscollector: INFO: Module started.

2021/01/22 17:47:12 wazuh-modulesd:control: INFO: Starting control thread.

2021/01/22 17:47:12 wazuh-modulesd:oscap: ERROR: Internal error. Exiting...

I had to create the folder oscap folder in /var/ossec/wodles/

And I downloaded got the ssg-centos7-ds.xml from ComplianceAsCode github (https://github.com/ComplianceAsCode/content/releases) because I couldn't find them on Wazuh Instalation

my configuration on the agent is:

<wodle name="open-scap">

  <disabled>no</disabled>

  <timeout>1800</timeout>

  <interval>1d</interval>

  <scan-on-start>yes</scan-on-start>

  <content type="xccdf" path="ssg-centos7-ds.xml">

    <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>

    <profile>xccdf_org.ssgproject.content_profile_common</profile>

  </content>

</wodle>

[Jesus Linares]

Hi,

Could you enable the debug mode for wazuh-modulesd? You will see more information about the oscap error. Also, review that all the files/directories have the proper permissions and owners.

On the other hand, I recommend using SCA instead of OpenSCAP. You will not need an external tool (oscap scanner) to perform the security evaluation: https://documentation.wazuh.com/4.0/user-manual/capabilities/sec-config-assessment/index.html.

Let me know if you have any questions.

Regards.