Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCA checks without compliance field can't be expanded #2264

Closed
BraulioV opened this issue Jun 15, 2020 · 1 comment
Closed

SCA checks without compliance field can't be expanded #2264

BraulioV opened this issue Jun 15, 2020 · 1 comment
Assignees
@Joanes04
Labels
type/bug Bug issue
Projects
Wazuh 3.13
Milestone
Sprint 113

Comments

@BraulioV
Copy link

BraulioV commented Jun 15, 2020
edited

Wazuh Elastic Rev
3.13.0 7.6.2 0870

Description
Hi team,

SCA allows creating rules without compliance field (see SCA checks). So, while I was creating a custom SCA file, I can't expand those rules without this field in the SCA section of the agent.

If you want to reproduce it, add this rule to any SCA file:

  - id: 7101
    title: "Ensure ufw is installed"
    description: "ufw the default firewall manager in Ubuntu and can be installed in your Raspberry Pi to help you to set up the firewall rules"
    rationale: "A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. ufw uses iptables to set up the firewall but with less complicated rules. This will filter your network traffic and block non-desired or malicious traffic."
    remediation: "Install ufw using the following command. # apt install ufw"
    references:
      - 'https://www.raspberrypi.org/documentation/configuration/security.md'
    condition: none
    rules:
      - 'c:dpkg -s ufw -> r:install ok installed'

Steps to reproduce

  1. Go to Security configuration assessment.
  2. Select the agent with the rule from above.
  3. Select the policy with the rule from above.
  4. Try to expand the rule to get more info:

Screenshots

  • Rule without compliance: image
  • Rule with compliance: image

Additional context

  • Wazuh Manager: Ubuntu 16.04
  • Environment: The Wazuh Manager and ELK run in Docker containers.
  • Agent: Raspbian GNU/Linux 10 (buster)
  • Browser: Mozilla Firefox 77.0.1
@BraulioV BraulioV added type/bug Bug issue cicd labels Jun 15, 2020
@juankaromo juankaromo added this to the Sprint 113 milestone Jun 15, 2020
@juankaromo juankaromo added this to To do in Wazuh 3.13 via automation Jun 15, 2020
@Joanes04
Copy link
Contributor

Hi @BraulioV ,

We have already solved the problem you told us about with the compliance field:

image

On the other hand, we have added the necessary controls so that we do not have that problem in the fields that are not mandatory (see SCA checks).

Thank you very much for finding and detailing this bug.

Regards,
Alberto

@Joanes04 Joanes04 self-assigned this Jun 17, 2020
@Joanes04 Joanes04 mentioned this issue Jun 17, 2020
Merged
Wazuh 3.13 automation moved this from To do to Done Jun 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Joanes04 Joanes04

Labels
type/bug Bug issue
Projects
No open projects
Wazuh 3.13
  
Done
Milestone
Sprint 113
Development

No branches or pull requests
3 participants
@BraulioV @Joanes04 @juankaromo