This is the documentation for Wazuh 3.1. Check out the docs for the latest version of Wazuh!

wodle name=”command”

New in version 3.1.0.

XML section name

<wodle name="command">
</wodle>

Configuration options of the Command wodle.

Options

Options Allowed values
disabled yes, no
tag A descriptive name
command Command to be executed
interval A positive number (seconds)
run-on-start yes, no
ignore-output yes, no

disabled

Disable the Command wodle.

Default value no
Allowed values yes, no

tag

Descriptive name for the command.

Default value N/A
Allowed values Characters set

command

Path and arguments of the command to be executed.

Default value N/A
Allowed values An existing command

interval

Time between commands executions.

Default value 2s
Allowed values A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).

run-on-start

Run command immediately when service is started.

Default value yes
Allowed values yes, no

ignore-output

Ignore the command output when executed.

Default value yes
Allowed values yes, no

Centralized configuration

Remote commands may be specified in the centralized configuration, however, they are disabled by default due to security reasons.

When setting commands in a shared agent configuration, you must enable remote commands for Agent Modules.

This is enabled by adding the following line to the file etc/local_internal_options.conf in the agent:

wazuh_command.remote_commands=1

Example of configuration

<wodle name="command">
  <disabled>no</disabled>
  <tag>test</tag>
  <command>/bin/bash /root/script.sh</command>
  <interval>1d</interval>
  <ignore_output>no</ignore_output>
  <run_on_start>yes</run_on_start>
</wodle>

Note

See the Vuls integration section for a use case of this command.