Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning message in ossec.log related to Vulnerability Detector - Demo environment #1745

Closed
mauromalara opened this issue Jul 18, 2022 · 1 comment
Closed

Warning message in ossec.log related to Vulnerability Detector - Demo environment #1745

mauromalara opened this issue Jul 18, 2022 · 1 comment
Labels
qa/report

Comments

@mauromalara
Copy link

mauromalara commented Jul 18, 2022
edited
Loading

Wazuh version Install type Action performed Platform
4.3.6 Manager Installation Amazon Linux release 2

Description

The following warning message appears in the logs of the master node in the demo environment. The agent with ID 001 is a Debian Agent and the message appears every 5 minutes in the log.

[root@wazuh-manager-master-0 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2022/07/18 16:58:24 wazuh-modulesd:vulnerability-detector: WARNING: (5575): Unavailable vulnerability data for the agent '001' OS. Skipping it.
@mauromalara mauromalara mentioned this issue Jul 18, 2022
Closed
10 tasks
@juliamagan juliamagan moved this to Triage in Release 4.3.6 Jul 19, 2022
@mauromalara
Copy link
Author

mauromalara commented Jul 19, 2022
edited
Loading

Bad report

The support for Debian finished on June 30, 2022. So, the feeds are no longer available, and Wazuh cannot scan the agent as there are no vulnerabilities.

Verification:

OS info:

PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Search for vulnerabilities:

# sqlite3 /var/ossec/queue/vulnerabilities/cve.db "select target,count (*) from VULNERABILITIES group by TARGET;"
ARCH|8175
Amazon-Linux|48349
Amazon-Linux-2|22681
BIONIC|42657
BUSTER|26690
FOCAL|30381
RHEL5|24936
RHEL6|78981
RHEL7|92261
RHEL8|87090
TRUSTY|49736
XENIAL|42428

As you can see, stretch does not appears in the list. So, the warning message is correct.

@mauromalara mauromalara moved this from Triage to Done in Release 4.3.6 Jul 19, 2022
@mauromalara mauromalara closed this as not planned Won't fix, can't repro, duplicate, stale Jul 19, 2022
@Damian-Mangold Damian-Mangold mentioned this issue Aug 18, 2022
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
qa/report
Projects
No open projects
Release 4.3.6
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mauromalara @juliamagan