wodle name=”cis-cat”¶
New in version 3.1.0.
XML section name
<wodle name="cis-cat">
</wodle>
Configuration options of the CIS-CAT wodle.
Warning
CIS-CAT is not installed by default. It is a proprietary software that you have to obtain for using this module.
Options¶
| Options | Allowed values |
|---|---|
| disabled | yes, no |
| timeout | A positive number (seconds) |
| interval | A positive number |
| scan-on-start | yes, no |
| java_path | Any valid path |
| ciscat_path | Any valid path |
| content | N/A |
interval¶
Interval between CIS-CAT executions.
| Default value | 1d |
| Allowed values | A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days). |
scan-on-start¶
Run evaluation immediately when service is started.
| Default value | yes |
| Allowed values | yes, no |
java_path¶
Define where Java is located. If this parameter is not set, the wodle will seach for the Java location in the default environment variable $PATH.
| Default value | /usr/bin |
| Allowed values | Any valid path. |
ciscat_path¶
Define where CIS-CAT is located.
| Default value | /var/ossec/wodles/ciscat |
| Allowed values | Any valid path. |
content¶
Define an evaluation. At present, you can only run assessments for XCCDF policy files.
Attributes
| type | Select content type. |
| path | Use the specified policy file. Default path: |
| timeout | Timeout for the evaluation (in seconds). Use of this attribute overwrites the generic timeout. |
| profile | Select profile. |
Example of configuration¶
<wodle name="cis-cat">
<disabled>no</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>/usr/bin</java_path>
<ciscat_path>/var/ossec/wodles/ciscat</ciscat_path>
<content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">
<profile>xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server</profile>
</content>
</wodle>