wazuh · jm404 · Jan 7, 2020 · Dec 10, 2019 · Dec 10, 2019 · Dec 10, 2019
diff --git a/cookbooks/wazuh_agent/attributes/localfile.rb b/cookbooks/wazuh_agent/attributes/localfile.rb
@@ -92,6 +92,12 @@
  'location' => '/var/log/secure'
  }
  },
+ {
+ 'content!' => {
+ 'log_format' => 'syslog',
+ 'location' => '/var/log/maillog'
+ }
+ },
  ]
 else
  raise "Currently platforn not supported yet. Feel free to open an issue on https://github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"

diff --git a/cookbooks/wazuh_agent/attributes/logging.rb b/cookbooks/wazuh_agent/attributes/logging.rb
@@ -0,0 +1 @@
+default['ossec']['conf']['logging']['log_format'] = 'plain'
diff --git a/cookbooks/wazuh_agent/attributes/sca.rb b/cookbooks/wazuh_agent/attributes/sca.rb
@@ -2,5 +2,4 @@
 default['ossec']['conf']['sca']['enabled'] = true
 default['ossec']['conf']['sca']['scan_on_start'] = true
 default['ossec']['conf']['sca']['interval'] = "12h"
-default['ossec']['conf']['sca']['skip_nfs'] = true
-default['ossec']['conf']['sca']['policies']['policy'] = [ 'cis_debian_linux_rcl.yml', 'system_audit_rcl.yml', 'system_audit_ssh.yml', 'system_audit_pw.yml']
+default['ossec']['conf']['sca']['skip_nfs'] = true
diff --git a/cookbooks/wazuh_agent/attributes/version.rb b/cookbooks/wazuh_agent/attributes/version.rb
@@ -1 +1 @@
-default['wazuh-agent']['version'] = "3.11.0"
+default['wazuh-agent']['version'] = "3.11.0"
diff --git a/cookbooks/wazuh_agent/attributes/wodle.rb b/cookbooks/wazuh_agent/attributes/wodle.rb
@@ -1,10 +1,4 @@
 default['ossec']['conf']['wodle'] = [
- { '@name' => 'open-scap',
- 'disabled' => 'yes',
- 'timeout' => '1800',
- 'interval' => '1d',
- 'scan-on-start' => 'yes'
- },
  { '@name' => 'cis-cat',
  'disabled' => 'yes',
  'timeout' => '1800',

diff --git a/cookbooks/wazuh_manager/attributes/sca.rb b/cookbooks/wazuh_manager/attributes/sca.rb
@@ -2,5 +2,4 @@
 default['ossec']['conf']['sca']['enabled'] = true
 default['ossec']['conf']['sca']['scan_on_start'] = true
 default['ossec']['conf']['sca']['interval'] = "12h"
-default['ossec']['conf']['sca']['skip_nfs'] = true
-default['ossec']['conf']['sca']['policies']['policy'] = [ 'cis_debian_linux_rcl.yml', 'system_audit_rcl.yml', 'system_audit_ssh.yml', 'system_audit_pw.yml']
+default['ossec']['conf']['sca']['skip_nfs'] = true
diff --git a/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb b/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb
@@ -0,0 +1,26 @@
+default['ossec']['conf']['vulnerability-detector']['enabled'] = 'no'
+default['ossec']['conf']['vulnerability-detector']['interval'] = '5m'
+default['ossec']['conf']['vulnerability-detector']['ignore_time'] = '6h'
+default['ossec']['conf']['vulnerability-detector']['run_on_start'] = 'yes'
+default['ossec']['conf']['vulnerability-detector']['provider'] = [
+ { '@name' => 'canonical',
+ 'enabled' => 'no',
+ 'os' => ['precise', 'trusty', 'xenial', 'bionic'],
+ 'update_interval' => '1h'
+ },
+ { '@name' => 'debian',
+ 'enabled' => 'no',
+ 'os' => ['wheezy', 'stretch', 'jessie', 'buster'],
+ 'update_interval' => '1h'
+ },
+ { '@name' => 'redhat',
+ 'enabled' => 'no',
+ 'update_from_year' => '2010',
+ 'update_interval' => '1h'
+ },
+ { '@name' => 'nvd',
+ 'enabled' => 'no',
+ 'update_from_year' => '2010',
+ 'update_interval' => '1h'
+ }
+]
diff --git a/cookbooks/wazuh_manager/attributes/wodle.rb b/cookbooks/wazuh_manager/attributes/wodle.rb
@@ -30,26 +30,5 @@
  'packages' => 'yes',
  'ports' => { '@all' => 'no', 'content!' => 'yes'},
  'processes' => 'yes'
- },
- { '@name' => 'vulnerability-detector',
- 'disabled' => 'yes',
- 'interval' => '5m',
- 'ignore_time' => '6h',
- 'run_on_start' => 'yes',
- 'feed' => [
- { '@name' => "ubuntu-18",
- 'disabled' => "yes",
- 'update_interval' => '1h'
- },
- { '@name' => "redhat",
- 'disabled' => "yes",
- 'update_from_year' => '2010',
- 'update_interval' => '1h'
- },
- { '@name' => "debian-9",
- 'disabled' => "yes",
- 'update_interval' => '1h'
- }
- ]
- }
+ }
 ]