wodle name=”command”¶
New in version 3.1.0.
XML section name
<wodle name="command">
</wodle>
Configuration options of the Command wodle.
Options¶
Options |
Allowed values |
---|---|
yes, no |
|
A descriptive name |
|
Command to be executed |
|
A positive number (seconds) |
|
yes, no |
|
yes, no |
command¶
Path and arguments of the command to be executed.
Default value |
N/A |
Allowed values |
An existing command |
interval¶
Time between commands executions.
Default value |
2s |
Allowed values |
A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days). |
run-on-start¶
Run command immediately when service is started.
Default value |
yes |
Allowed values |
yes, no |
Centralized configuration¶
Remote commands may be specified in the centralized configuration, however, they are disabled by default due to security reasons.
When setting commands in a shared agent configuration, you must enable remote commands for Agent Modules.
This is enabled by adding the following line to the file etc/local_internal_options.conf in the agent:
wazuh_command.remote_commands=1
Example of configuration¶
<wodle name="command">
<disabled>no</disabled>
<tag>test</tag>
<command>/bin/bash /root/script.sh</command>
<interval>1d</interval>
<ignore_output>no</ignore_output>
<run_on_start>yes</run_on_start>
</wodle>
Note
See the Vuls integration section for a use case of this command.