wodle name="command"
New in version 3.1.0.
Configuration options of the Command wodle.
Options
Options |
Allowed values |
|---|---|
yes, no |
|
A descriptive name |
|
Command to be executed |
|
A positive number (seconds) |
|
yes, no |
|
yes, no |
disabled
Disable the Command wodle.
Default value |
no |
Allowed values |
yes, no |
tag
Descriptive name for the command.
Default value |
N/A |
Allowed values |
Characters set |
command
Path and arguments of the command to be executed.
Default value |
N/A |
Allowed values |
An existing command |
interval
Time between commands executions.
Default value |
2s |
Allowed values |
A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days). |
run-on-start
Run command immediately when service is started.
Default value |
yes |
Allowed values |
yes, no |
ignore-output
Ignore the command output when executed.
Default value |
yes |
Allowed values |
yes, no |
Centralized configuration
Remote commands may be specified in the centralized configuration, however, they are disabled by default due to security reasons.
When setting commands in a shared agent configuration, you must enable remote commands for Agent Modules.
This is enabled by adding the following line to the file etc/local_internal_options.conf in the agent:
wazuh_command.remote_commands=1
Example of configuration
<wodle name="command">
<disabled>no</disabled>
<tag>test</tag>
<command>/bin/bash /root/script.sh</command>
<interval>1d</interval>
<ignore_output>no</ignore_output>
<run_on_start>yes</run_on_start>
</wodle>
Note
See the Vuls integration section for a use case of this command.