Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt SCA rules to the new designed syntax #404

Closed
chemamartinez opened this issue May 20, 2019 · 3 comments
Closed

Adapt SCA rules to the new designed syntax #404

chemamartinez opened this issue May 20, 2019 · 3 comments
Assignees
@JuantAldea @Skeptor
Labels
enhancement SCA SCA policies related issues
Projects
Wazuh 3.10.0
Milestone
25th week

Comments

@chemamartinez
Copy link
Contributor

chemamartinez commented May 20, 2019
edited

As developed at wazuh/wazuh#3249, SCA rules for versions from 3.10 will change in the following points:

  • The logic will be inverted. That it is, now checks are considered as passed when the rule is satisfied, and failed when not.
  • Rules have not to be finished with a semicolon ;.
  • The operators IN/NIN are deprecated in favor of not. This operator should be located at the start of the rule, not in the middle.
  • The conditions all required and any required are deprecated. The requirements section is enough to determine if evaluate a policy or not.

These changes imply a rework of every SCA policy.
@chemamartinez chemamartinez added enhancement SCA SCA policies related issues labels May 20, 2019
@chemamartinez chemamartinez added this to To do in Wazuh 3.10.0 via automation May 20, 2019
@chemamartinez chemamartinez added this to the 21st week milestone May 20, 2019
@JuantAldea JuantAldea mentioned this issue May 22, 2019
Merged
@chemamartinez chemamartinez modified the milestones: 21st week, 22nd week May 27, 2019
@chemamartinez chemamartinez moved this from To do to In progress in Wazuh 3.10.0 May 27, 2019
@JuantAldea
Copy link
Contributor

JuantAldea commented May 29, 2019
edited

Files Adapted:

  • ├── applications
  • │   ├── cis_apache2224_rcl.yml
  • │   ├── cis_mysql5-6_community_rcl.yml
  • │   └── cis_mysql5-6_enterprise_rcl.yml
  • ├── darwin
  • │   ├── 15
  • │   │   └── cis_apple_macOS_10.11.yml
  • │   ├── 16
  • │   │   └── cis_apple_macOS_10.12.yml
  • │   ├── 17
  • │   │   └── cis_apple_macOS_10.13.yml
  • │   └── system_audit_rcl_mac.yml
  • ├── debian
  • │   ├── cis_debianlinux7-8_L1_rcl.yml
  • │   ├── cis_debianlinux7-8_L2_rcl.yml
  • │   └── cis_debian_linux_rcl.yml
  • ├── generic
  • │   ├── system_audit_pw.yml
  • │   ├── system_audit_ssh.yml
  • │   └── web_vulnerabilities.yml
  • ├── rhel
  • │   ├── 5
  • │   │   └── cis_rhel5_linux_rcl.yml
  • │   ├── 6
  • │   │   └── cis_rhel6_linux_rcl.yml
  • │   └── 7
  • │   ├── cis_rhel7_linux_rcl.yml
  • ├── sles
  • │   ├── 11
  • │   │   └── cis_sles11_linux_rcl.yml
  • │   └── 12
  • │   └── cis_sles12_linux_rcl.yml
  • ├── sunos
  • │   └── cis_solaris11_rcl.yml
  • ├── windows
  • │   ├── acsc_office2016_rcl.yml
  • │   ├── cis_win10_enterprise_L1_rcl.yml
  • │   ├── cis_win10_enterprise_L2_rcl.yml
  • │   ├── cis_win2012r2_domainL1_rcl.yml
  • │   ├── cis_win2012r2_domainL2_rcl.yml
  • │   ├── cis_win2012r2_memberL1_rcl.yml
  • │   ├── cis_win2012r2_memberL2_rcl.yml
  • │   └── win_audit_rcl.yml

@crd1985 crd1985 mentioned this issue May 29, 2019
Closed
@Lopuiz Lopuiz mentioned this issue May 31, 2019
Closed
@Skeptor Skeptor self-assigned this Jun 4, 2019
@chemamartinez chemamartinez mentioned this issue Jun 5, 2019
Closed
27 tasks
@chemamartinez chemamartinez modified the milestones: 22nd week, 25th week Jun 17, 2019
@chemamartinez
Copy link
Contributor Author

chemamartinez commented Jun 26, 2019
edited by cristgl

We have decided to reorganize the Debian policies, it hasn't sense to have the same policy file for all Debian versions (7, 8 and 9) due to the conflicts found between them.

So, finally, the SCA policies available for Debian (and all debian-based Operating Systems) in Wazuh 3.10 will be:

Related commits:

Related commits:

Including these new policies was a request from the community as well (#297).

This was referenced Jul 3, 2019
Closed
Closed
@chemamartinez chemamartinez moved this from In progress to Review in progress in Wazuh 3.10.0 Aug 12, 2019
@chemamartinez
Copy link
Contributor Author

Merged #406

Wazuh 3.10.0 automation moved this from Review in progress to Done Aug 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JuantAldea JuantAldea

@Skeptor Skeptor

Labels
enhancement SCA SCA policies related issues
Projects
No open projects
Wazuh 3.10.0
  
Done
Milestone
25th week
Development

No branches or pull requests
3 participants
@JuantAldea @Skeptor @chemamartinez