This is the documentation for Wazuh 3.1. Check out the docs for the latest version of Wazuh!

wodle name=”cis-cat”

New in version 3.1.0.

XML section name

<wodle name="cis-cat">
</wodle>

Configuration options of the CIS-CAT wodle.

Warning

CIS-CAT is not installed by default. It is a proprietary software that you have to obtain for using this module.

Options

Options Allowed values
disabled yes, no
timeout A positive number (seconds)
interval A positive number
scan-on-start yes, no
java_path Any valid path
ciscat_path Any valid path
content N/A

disabled

Disables the CIS-CAT wodle.

Default value no
Allowed values yes, no

timeout

Timeout for each evaluation.

Default value 1800
Allowed values A positive number (seconds)

interval

Interval between CIS-CAT executions.

Default value 1d
Allowed values A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).

scan-on-start

Run evaluation immediately when service is started.

Default value yes
Allowed values yes, no

java_path

Define where Java is located. If this parameter is not set, the wodle will seach for the Java location in the default environment variable $PATH.

Default value /usr/bin
Allowed values Any valid path.

ciscat_path

Define where CIS-CAT is located.

Default value /var/ossec/wodles/ciscat
Allowed values Any valid path.

content

Define an evaluation. At present, you can only run assessments for XCCDF policy files.

Attributes

type Select content type.
path

Use the specified policy file.

Default path: ciscat_path/benchmarks

timeout

Timeout for the evaluation (in seconds).

Use of this attribute overwrites the generic timeout.

profile Select profile.

Example of configuration

<wodle name="cis-cat">

  <disabled>no</disabled>
  <timeout>1800</timeout>
  <interval>1d</interval>
  <scan-on-start>yes</scan-on-start>

  <java_path>/usr/bin</java_path>
  <ciscat_path>/var/ossec/wodles/ciscat</ciscat_path>

  <content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">
    <profile>xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server</profile>
  </content>

</wodle>