wodle name=”cis-cat”¶
New in version 3.1.0.
XML section name
<wodle name="cis-cat">
</wodle>
Configuration options of the CIS-CAT wodle.
Warning
CIS-CAT is not installed by default. It is a proprietary software that you have to obtain for using this module.
Options¶
Main options¶
| Main options | Allowed values |
|---|---|
| disabled | yes, no |
| timeout | A positive number (seconds) |
| java_path | Any valid path |
| ciscat_path | Any valid path |
| content | N/A |
Scheduling options¶
| Scheduling options | Allowed values |
|---|---|
| scan-on-start | yes, no |
| interval | A positive number + suffix |
| day | A day of the month |
| wday | A day of the week |
| time | A time of the day [hh:mm] |
In the CIS-CAT integration section are shown some cases of using these options.
timeout¶
Timeout for each evaluation. In case the execution takes longer that the specified timeout, it stops.
| Default value | 1800 |
| Allowed values | A positive number (seconds) |
java_path¶
Define where Java is located. If this parameter is not set, the wodle will search for the Java location in the default environment variable $PATH.
| Default value | $PATH |
| Allowed values | Any valid path. |
Warning
For this field, it can be set a full path or a relative path. Whether you specify a relative path, it concatenates to the Wazuh installation path. ciscat_path has the same behavior.
ciscat_path¶
Define where CIS-CAT is located.
| Default value | wodles/ciscat |
| Allowed values | Any valid path. |
content¶
Define an evaluation. At present, you can only run assessments for XCCDF policy files.
Attributes
| type | Select content type. |
| path | Use the specified policy file. |
| timeout | Timeout for the evaluation (in seconds). Use of this attribute overwrites the generic timeout. |
| profile | Select profile. |
Note
The path attribute can be filled in with the whole path where the benchmark files are located, or with a relative path to the CIS-CAT tool location.
scan-on-start¶
Run evaluation immediately when service is started.
| Default value | yes |
| Allowed values | yes, no |
interval¶
Interval between CIS-CAT executions.
| Default value | 1d |
| Allowed values | A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days), w (weeks), M (months) |
The interval option is conditioned by the following described options day, wday and time. If none of these options are set, the interval can take any allowed value.
day¶
New in version 3.5.0.
Day of the month to run the CIS-CAT scan.
| Default value | n/a |
| Allowed values | Day of the month [1..31] |
Note
When the day option is set, the interval value must be a multiple of months. By default, the interval is set to a month.
wday¶
New in version 3.5.0.
Day of the week to run the CIS-CAT scan. This option is not compatible with the day option.
| Default value | n/a |
| Allowed values |
|
Note
When the wday option is set, the interval value must be a multiple of weeks. By default, the interval is set to a week.
time¶
New in version 3.5.0.
Time of the day to run the scan. It has to be represented in the format hh:mm.
| Default value | n/a |
| Allowed values | Time of day [hh:mm] |
Note
When only the time option is set, the interval value must be a multiple of days or weeks. By default, the interval is set to a day.
Example of configuration¶
<wodle name="cis-cat">
<disabled>no</disabled>
<timeout>1800</timeout>
<wday>monday</wday>
<time>04:00</time>
<interval>2w</interval>
<scan-on-start>yes</scan-on-start>
<java_path>/usr/bin</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
<content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">
<profile>xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server</profile>
</content>
</wodle>