wodle name="cis-cat"

New in version 3.1.0.

Configuration options of the CIS-CAT wodle.

Warning

CIS-CAT is not installed by default. It is a proprietary software that you have to obtain for using this module.

Options

Options

Allowed values

disabled

yes, no

timeout

A positive number (seconds)

interval

A positive number

scan-on-start

yes, no

java_path

Any valid path

ciscat_path

Any valid path

content

N/A

disabled

Disables the CIS-CAT wodle.

Default value

no

Allowed values

yes, no

timeout

Timeout for each evaluation.

Default value

1800

Allowed values

A positive number (seconds)

interval

Interval between CIS-CAT executions.

Default value

1d

Allowed values

A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).

scan-on-start

Run evaluation immediately when service is started.

Default value

yes

Allowed values

yes, no

java_path

Define where Java is located. If this parameter is not set, the wodle will search for the Java location in the default environment variable $PATH.

Default value

wodles/java

Allowed values

Any valid path.

Warning

For this field, it can be set a full path or a relative path. Whether you specify a relative path, it concatenates to the Wazuh installation path. ciscat_path has the same behavior.

ciscat_path

Define where CIS-CAT is located.

Default value

wodles/ciscat

Allowed values

Any valid path.

content

Define an evaluation. At present, you can only run assessments for XCCDF policy files.

Attributes

type

Select content type.

path

Use the specified policy file.

timeout

Timeout for the evaluation (in seconds).

Use of this attribute overwrites the generic timeout.

profile

Select profile.

Note

The path attribute can be filled in with the whole path where the benchmark files are located, or with a relative path to the CIS-CAT tool location.

Example of configuration

<wodle name="cis-cat">

  <disabled>no</disabled>
  <timeout>1800</timeout>
  <interval>1d</interval>
  <scan-on-start>yes</scan-on-start>

  <java_path>/usr/bin</java_path>
  <ciscat_path>wodles/ciscat</ciscat_path>

  <content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">
    <profile>xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server</profile>
  </content>

</wodle>