wodle name=”command”¶

New in version 3.1.0.

XML section name

<wodle name="command">
</wodle>

Configuration options of the Command wodle.

Options¶

disabled
tag
command
interval
run-on-start
ignore-output

Options	Allowed values
disabled	yes, no
tag	A descriptive name
command	Command to be executed
interval	A positive number (seconds)
run-on-start	yes, no
ignore-output	yes, no

disabled¶

Disable the Command wodle.

Default value	no
Allowed values	yes, no

tag¶

Descriptive name for the command.

Default value	N/A
Allowed values	Characters set

command¶

Path and arguments of the command to be executed.

Default value	N/A
Allowed values	An existing command

interval¶

Time between commands executions.

Default value	2s
Allowed values	A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).

run-on-start¶

Run command immediately when service is started.

Default value	yes
Allowed values	yes, no

ignore-output¶

Ignore the command output when executed.

Default value	yes
Allowed values	yes, no

Centralized configuration¶

Remote commands may be specified in the centralized configuration, however, they are disabled by default due to security reasons.

When setting commands in a shared agent configuration, you must enable remote commands for Agent Modules.

This is enabled by adding the following line to the file etc/local_internal_options.conf in the agent:

wazuh_command.remote_commands=1

Example of configuration¶

<wodle name="command">
  <disabled>no</disabled>
  <tag>test</tag>
  <command>/bin/bash /root/script.sh</command>
  <interval>1d</interval>
  <ignore_output>no</ignore_output>
  <run_on_start>yes</run_on_start>
</wodle>

Note

See the Vuls integration section for a use case of this command.