wodle name="command"
New in version 3.1.0.
Configuration options of the Command wodle.
Options
Main options
Main options |
Allowed values |
|---|---|
yes, no |
|
A descriptive name |
|
Command to be executed |
|
yes, no |
|
A positive number (seconds) |
|
MD5 checksum |
|
SHA1 checksum |
|
SHA256 checksum |
|
yes, no |
Scheduling options
disabled
Disable the Command wodle.
Default value |
no |
Allowed values |
yes, no |
tag
Descriptive name for the command.
Default value |
N/A |
Allowed values |
Characters set |
command
Path and arguments of the command to be executed.
Default value |
N/A |
Allowed values |
|
ignore_output
Ignore the command output when executed.
Default value |
no |
Allowed values |
yes, no |
timeout
New in version 3.2.2.
Timeout for each command to wait for the end of the execution. Whether this parameter is set to 0, it will wait indefinitely for the end of the process. However, if the timeout is other than 0, the execution will finish if it expires.
Default value |
n/a |
Allowed values |
A positive number (seconds) |
verify_md5
New in version 3.6.0.
Verify the MD5 sum of the binary or the script specified on the command option.
Default value |
n/a |
Allowed values |
MD5 checksum |
verify_sha1
New in version 3.6.0.
Verify the SHA1 sum of the binary or the script specified on the command option.
Default value |
n/a |
Allowed values |
SHA1 checksum |
verify_sha256
New in version 3.6.0.
Verify the SHA256 sum of the binary or the script specified on the command option.
Default value |
n/a |
Allowed values |
SHA256 checksum |
skip_verification
New in version 3.6.0.
Run the command defined although the checksum does not match. In this case, the agent will log that the checksum verification failed but will run the application.
Default value |
no |
Allowed values |
yes, no |
run_on_start
Run command immediately when service is started.
Default value |
yes |
Allowed values |
yes, no |
interval
Time between commands executions.
Default value |
2s |
Allowed values |
A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days), M (months). |
day
Day of the month to run the scan.
Default value |
n/a |
Allowed values |
Day of the month [1..31] |
Note
When the day option is set, the interval value must be a multiple of months. By default, the interval is set to a month.
wday
Day of the week to run the scan. This option is not compatible with the day option.
Default value |
n/a |
Allowed values |
|
Note
When the wday option is set, the interval value must be a multiple of weeks. By default, the interval is set to a week.
time
Time of the day to run the scan. It has to be represented in the format hh:mm.
Default value |
n/a |
Allowed values |
Time of day [hh:mm] |
Note
When only the time option is set, the interval value must be a multiple of days or weeks. By default, the interval is set to a day.
Centralized configuration
Remote commands may be specified in the centralized configuration, however, they are disabled by default due to security reasons.
When setting commands in a shared agent configuration, you must enable remote commands for Agent Modules.
This is enabled by adding the following line to the file etc/local_internal_options.conf in the agent:
wazuh_command.remote_commands=1
Example of configuration
<wodle name="command">
<disabled>no</disabled>
<tag>test</tag>
<command>/bin/bash /root/script.sh</command>
<interval>1d</interval>
<ignore_output>no</ignore_output>
<run_on_start>yes</run_on_start>
<timeout>0</timeout>
<verify_md5>5aada3704685dad6fd27beb58e6687de</verify_md5>
<verify_sha1>da39a3ee5e6b4b0d3255bfef95601890afd80709</verify_sha1>
<verify_sha256>292a188e498caea5c5fbfb0beca413c980e7a5edf40d47cf70e1dbc33e4f395e</verify_sha256>
</wodle>