Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider wazuh-syscheckd to satisfy FINT-4328 #1444

Closed
afunix opened this issue Oct 26, 2023 · 4 comments
Closed

Consider wazuh-syscheckd to satisfy FINT-4328 #1444

afunix opened this issue Oct 26, 2023 · 4 comments
Assignees
@mboelen

Comments

@afunix
Copy link
Contributor

afunix commented Oct 26, 2023

Is your feature request related to a problem? Please describe.
lynis supports ossec-syscheckd as a file integrity tool satisfying FINT-4328. However OSSEC is not actively maintained for quite some time and Wazuh is a currently maintained fork.

Describe the solution you'd like
Update lynis FINT-4328-related functions to test if wazuh-syscheckd is running

Required changes
include/tests_file_integrity
@vk6xebec
Copy link
Contributor

vk6xebec commented Apr 7, 2024

+upvote

@mboelen
Copy link
Member

mboelen commented May 15, 2024

Can you test with the recent changes that detection is working now?

@mboelen mboelen self-assigned this May 15, 2024
@afunix
Copy link
Contributor Author

afunix commented May 15, 2024

I can confirm that lynis 3.1.1 detects wazuh-syscheckd and passing "File integrity software installed" check.

# dpkg -l | grep lynis
ii  lynis                                  3.1.1-100                               all          security tool to audit systems running Linux, macOS, and Unix

2024-05-15 08:42:02 ====
2024-05-15 08:42:02 Performing test ID FINT-4344 (Wazuh syscheck daemon running)
2024-05-15 08:42:02 Test: Checking if Wazuh syscheck daemon is running
2024-05-15 08:42:02 Performing pgrep scan without uid
2024-05-15 08:42:02 IsRunning: process 'wazuh-syscheckd' found (14377 1031181 2818649 3021642 3021943 3023003 3114636 3116131 3148379 3232945 3233216 3234903 3235737 3242300 3277189 3278161 3284681 3354022 3354092 3354546 3357383 3358101 3359143 )
2024-05-15 08:42:02 Result: syscheck (Wazuh) active
2024-05-15 08:42:02 ====

2024-05-15 08:42:02 ====
2024-05-15 08:42:02 Performing test ID FINT-4350 (File integrity software installed)
2024-05-15 08:42:02 Test: Check if at least on file integrity tool is available/installed
2024-05-15 08:42:02 Result: found at least one file integrity tool
2024-05-15 08:42:02 Hardening: assigned maximum number of hardening points for this item (5). Currently having 299 points (out of 331)
2024-05-15 08:42:02 Security check: file is normal
2024-05-15 08:42:02 Checking permissions of /usr/share/lynis/include/tests_tooling
2024-05-15 08:42:02 File permissions are OK
2024-05-15 08:42:02 ====

@mboelen
Copy link
Member

mboelen commented May 16, 2024

Perfect, closing this issue then.

@mboelen mboelen closed this as completed May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboelen mboelen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@afunix @mboelen @vk6xebec