wodle name=”command”¶
New in version 3.1.0.
XML section name
<wodle name="command">
</wodle>
Configuration options of the Command wodle.
Options¶
Options |
Allowed values |
---|---|
yes, no |
|
A descriptive name |
|
Command to be executed |
|
A positive number (seconds) |
|
yes, no |
|
yes, no |
|
A positive number (seconds) |
|
MD5 checksum |
|
SHA1 checksum |
|
SHA256 checksum |
|
yes, no |
command¶
Path and arguments of the command to be executed.
Default value |
N/A |
Allowed values |
An existing command |
interval¶
Time between commands executions.
Default value |
2s |
Allowed values |
A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days). |
run_on_start¶
Run command immediately when service is started.
Default value |
yes |
Allowed values |
yes, no |
timeout¶
New in version 3.2.2.
Timeout for each command to wait for the end of the execution. Whether this parameter is set to 0, it will wait indefinitely for the end of the process. However, if the timeout is other than 0, the execution will finish if it expires.
Default value |
n/a |
Allowed values |
A positive number (seconds) |
verify_md5¶
New in version 3.6.0.
Verify the binary MD5 sum.
Default value |
n/a |
Allowed values |
MD5 checksum |
verify_sha1¶
New in version 3.6.0.
Verify the binary SHA1 sum.
Default value |
n/a |
Allowed values |
SHA1 checksum |
verify_sha256¶
New in version 3.6.0.
Verify the binary SHA256 sum.
Default value |
n/a |
Allowed values |
SHA256 checksum |
skip_verification¶
New in version 3.6.0.
Run the command defined although the checksum does not match. In this case, the agent will log that the checksum verification failed but will run the application.
Default value |
no |
Allowed values |
yes, no |
Centralized configuration¶
Remote commands may be specified in the centralized configuration, however, they are disabled by default due to security reasons.
When setting commands in a shared agent configuration, you must enable remote commands for Agent Modules.
This is enabled by adding the following line to the file etc/local_internal_options.conf in the agent:
wazuh_command.remote_commands=1
Example of configuration¶
<wodle name="command">
<disabled>no</disabled>
<tag>test</tag>
<command>/bin/bash /root/script.sh</command>
<interval>1d</interval>
<ignore_output>no</ignore_output>
<run_on_start>yes</run_on_start>
<timeout>0</timeout>
<verify_md5>5aada3704685dad6fd27beb58e6687de</verify_md5>
<verify_sha1>da39a3ee5e6b4b0d3255bfef95601890afd80709</verify_sha1>
<verify_sha256>292a188e498caea5c5fbfb0beca413c980e7a5edf40d47cf70e1dbc33e4f395e</verify_sha256>
</wodle>