From c522882db4af816024c0ea5ee9a7ecc517fd69e8 Mon Sep 17 00:00:00 2001 From: sebasfalcone Date: Mon, 8 Apr 2024 16:48:57 +0200 Subject: [PATCH] CL: - Removed deprecated page - Updated removedUrls list - Removed references to deprecated functionallity --- source/_static/js/redirects.js | 1 + .../vulnerability-detection/allow-os.rst | 112 ------------------ .../vulnerability-detection/how-it-works.rst | 4 - .../vulnerability-detection/index.rst | 1 - 4 files changed, 1 insertion(+), 117 deletions(-) delete mode 100644 source/user-manual/capabilities/vulnerability-detection/allow-os.rst diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js index a9daab9165..c4092a1905 100644 --- a/source/_static/js/redirects.js +++ b/source/_static/js/redirects.js @@ -76,6 +76,7 @@ removedUrls['4.8'] = [ '/user-manual/capabilities/vulnerability-detection/cpe-helper.html', '/user-manual/capabilities/vulnerability-detection/querying-the-vulnerability-database.html', '/user-manual/capabilities/vulnerability-detection/scan-types.html', + '/user-manual/capabilities/vulnerability-detection/allow-os.html' ]; /* Redirections from 4.7 to 4.8 */ diff --git a/source/user-manual/capabilities/vulnerability-detection/allow-os.rst b/source/user-manual/capabilities/vulnerability-detection/allow-os.rst deleted file mode 100644 index dae20a5fab..0000000000 --- a/source/user-manual/capabilities/vulnerability-detection/allow-os.rst +++ /dev/null @@ -1,112 +0,0 @@ -.. Copyright (C) 2015, Wazuh, Inc. - -.. meta:: - :description: Check out how Scan vulnerabilities on unsupported systems and learn how to use the allow option of the Vulnerability Detection module of Wazuh. - -Scanning unsupported systems -============================ - -Our Cyber Threat Intelligence (CTI) platform supports :ref:`a comprehensive list ` of operating systems for vulnerability detection. Operating systems not in this list are unsupported systems. Examples of unsupported operating systems are Linux Mint and Oracle Linux. To detect vulnerabilities in unsupported operating systems, you must configure the Vulnerability Detection module to use existing vulnerability content documents for supported operating systems. You can do this using the ``allow`` option. The ``allow`` option indicates that the module can detect the vulnerabilities of an unsupported operating system using an alternative source. - -This section explains how to extend support for unsupported operating systems. - -.. warning:: - - This configuration can lead to false positives. The OS vendor of the unsupported operating system handles the package management and security patching independently of the configured source. - -Checking the registered name of the operating system ----------------------------------------------------- - -The registered name of the operating system on which you have installed the Wazuh agent is the name in the Wazuh database. The operating system registered name may differ from what you expect. You can check the name using the steps below. - -#. Generate a JSON Web Token (JWT) for authenticating to the Wazuh server by running the following command. The default API credentials are ``wazuh:wazuh``. - - .. code-block:: console - - # TOKEN=$(curl -u : -k -X GET "https://:55000/security/user/authenticate?raw=true") - - Run the command ``echo $TOKEN`` to confirm that the token was successfully generated. You should get an output like this: - - .. code-block:: console - :class: output - - eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjQzMDExMjQ0LCJleHAiOjE2NDMwMTIxNDQsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.Ad6zOZvx0BEV7K0J6s3pIXAXTWB-zdVfxaX2fotLfZMQkiYPMkwDaQHUFiOInsWJ_7KZV3y2BbhEs9-kBqlJAMvMAD0NDBPhEQ2qBd_iutZ7QWZECd6eYfIP83xGqH9iqS7uMI6fXOKr3w4aFV13Q6qsHSUQ1A-1LgDnnDGGaqF5ITYo - -#. Run the following command to use the Wazuh RESTful API endpoint :api-ref:`GET /agents `: - - .. code-block:: console - - # curl -k -X GET "https://localhost:55000/agents?pretty=true&agents_list=&select=os.name,os.major" -H "Authorization: Bearer $TOKEN" - - Where `` is the agent ID whose operating system we want to check, for example `005`. - - .. code-block:: json - :class: output - :emphasize-lines: 3 - - { - "data": { - "affected_items": [{"os": {"major": "7", "name": "Oracle Linux Server"}, "id": "005"}], - "total_affected_items": 1, - "total_failed_items": 0, - "failed_items": [], - }, - "message": "All selected agents information was returned", - "error": 0, - } - - Alternatively run the following command to check the database manually: - - .. code-block:: console - - # sqlite3 /var/ossec/queue/db/global.db "SELECT OS_NAME, OS_MAJOR FROM AGENT WHERE ID = ;" - - Where `` is the ID of the agent whose operating system we want to check, for example `5`. - - .. code-block:: console - :class: output - - Oracle Linux Server|7 - - You need the name and major operating system version to configure the Vulnerability Detection module. - -Configuring Vulnerability Detection module to include unsupported systems -------------------------------------------------------------------------- - -Use the format ``OS_name-OS_major`` with the ``allow`` attribute to include the operating system. For example ``Oracle Linux Server-7``. Add a list of systems separated by commas to include more than one operating system. - -For example, if you want to scan PopOS 18 and Linux Mint 19 using the vulnerability content documents for Canonical, add the following setting: - -.. code-block:: xml - :emphasize-lines: 5 - - - yes - yes - 60m - canonical - - -To scan Kali Linux 2023 using the vulnerability content documents for Debian, add the following setting: - -.. code-block:: xml - :emphasize-lines: 5 - - - yes - yes - 60m - debian - - -You can also detect vulnerabilities in other operating systems using vulnerability content documents for Redhat. Additionally, you can use a substring of the operating system extracted from the agent in the second step. For this reason, you see ``Oracle Linux`` instead of ``Oracle Linux Server`` in the following example. - -.. code-block:: xml - :emphasize-lines: 5 - - - yes - yes - 60m - redhat - diff --git a/source/user-manual/capabilities/vulnerability-detection/how-it-works.rst b/source/user-manual/capabilities/vulnerability-detection/how-it-works.rst index 9309e3334c..a5720585cc 100644 --- a/source/user-manual/capabilities/vulnerability-detection/how-it-works.rst +++ b/source/user-manual/capabilities/vulnerability-detection/how-it-works.rst @@ -54,7 +54,3 @@ The following list shows the operating systems the CTI platform currently suppor - AlmaLinux 8, 9. - Windows XP and later. - macOS Sierra and later. - -.. note:: - - Users can extend support for operating systems that aren't listed above by using the :doc:`allow ` option. diff --git a/source/user-manual/capabilities/vulnerability-detection/index.rst b/source/user-manual/capabilities/vulnerability-detection/index.rst index abdf6a9e71..4f05daeb4b 100644 --- a/source/user-manual/capabilities/vulnerability-detection/index.rst +++ b/source/user-manual/capabilities/vulnerability-detection/index.rst @@ -22,5 +22,4 @@ The Wazuh Vulnerability Detection module helps users discover vulnerabilities in how-it-works configuring-scans - allow-os offline-update