windows agent: syscollector : add hotfixes option

[aderumier]

Hi,

last windows agent have a new "hotfixes" option in syscollector, for vulnerabilities scanner.
it could be great to add it

https://documentation.wazuh.com/3.11/user-manual/capabilities/vulnerability-detection/running_vu_scan.html

no 1h yes yes yes

[jm404]

Hi @aderumier,

As you stated, after the recent changes in the vulnerability-detector module, it's required to update the vulndetector template.

Thanks for reporting this, let me enumerate the required tasks to fix the issue so we can use them when addressing the issue

Tasks

• Adapt wodle syscollector template and its related variables and config. for the agent config.

• Test the changes on Linux and Windows hosts

Best regards,

Jose

[rshad]

Working Branch: feature-214-agent-vulnerability-conf.

[rshad]

Hi @aderumier,

The required changes are added as you can check in #241.

The default installation of wazuh-puppet for wazuh-agent in a Windows host is:

<wodle name="syscollector">
  <disabled>no</disabled>
  <interval>1h</interval>
  <scan_on_start>yes</scan_on_start>
  <hardware>yes</hardware>
  <os>yes</os>
  <network>yes</network>
  <packages>yes</packages>
  <ports all="no">yes</ports>
  <processes>yes</processes>
  <hotfixes>yes</hotfixes>
</wodle>

Successful Puppet Log on Windows host

Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for serv-test-windows-1
Info: Applying configuration version '1585674079'
Notice: /Stage[main]/Wazuh::Agent/File[C:\Temp]/ensure: created
Notice: /Stage[main]/Wazuh::Agent/File[wazuh-agent]/ensure: defined content as '{mtime}2020-03-24 10:09:16 UTC'
Notice: /Stage[main]/Wazuh::Agent/Package[Wazuh Agent]/ensure: created
Notice: /Stage[main]/Wazuh::Agent/Concat[ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]/content:

Info: Computing checksum on file C:/Program Files (x86)/ossec-agent/ossec.conf
Info: /Stage[main]/Wazuh::Agent/Concat[ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]: Filebucketed C:/Program Files (x86)/ossec-agent/ossec.conf to puppet with sum 72329be2aa95155e8c230b854f4c0f7a
Notice: /Stage[main]/Wazuh::Agent/Concat[ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]/content: content changed '{md5}72329be2aa95155e8c230b854f4c0f7a' to '{md5}4aab0e943728544cfeefb27408af7184'
Notice: /Stage[main]/Wazuh::Agent/Concat[ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]/owner: owner changed 'NT AUTHORITY\SYSTEM' to 'SERV-TEST-WINDO\Administrator'
Notice: /Stage[main]/Wazuh::Agent/Concat[ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]/group: group changed 'NT AUTHORITY\SYSTEM' to 'BUILTIN\Administrators'
Notice: /Stage[main]/Wazuh::Agent/Concat[ossec.conf]/File[C:\Program Files (x86)\ossec-agent\ossec.conf]/mode: mode changed '2000776' to '0644'
Info: Concat[ossec.conf]: Scheduling refresh of Service[OssecSvc]
                                                       Notice: /Stage[main]/Wazuh::Agent/Exec[agent-auth-windows]/returns: executed successfully
Notice: /Stage[main]/Wazuh::Agent/Service[OssecSvc]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Wazuh::Agent/Service[OssecSvc]: Unscheduling refresh on Service[OssecSvc]
Info: Creating state file C:/ProgramData/PuppetLabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 41.94 seconds

C:\Program Files\Puppet Labs\Puppet\bin>

ossec.log in Linux when enabling hotfixes parameter

wazuh-modulesd WARNING: hotfixes parameter is only available for Windows. Ignoring.

Kr,

Rshad