Closed TomasTurina closed 1 year ago
The purpose of this issue is to rename ossec.conf in Wazuh Cloud Formation according to https://github.com/wazuh/wazuh/issues/7787:
ossec.conf
Agent configuration: All settings related to Wazuh Agent will be located at agent.conf. Blocks:
agent.conf
<active-response>
<agent-upgrade>
<client>
<client_buffer>
<fluent-forward>
<gcp-pubsub>
<labels>
<localfile>
<logging>
<rootcheck>
<sca>
<socket>
<syscheck>
<wodle>
<wodle name="agent-key-polling">
<wodle name="aws-s3">
<wodle name="azure-logs">
<wodle name="cis-cat">
<wodle name="command">
<wodle name="docker-listener">
<wodle name="open-scap">
<wodle name="osquery">
<wodle name="syscollector">
Manager configuration: All settings related to Wazuh Manager will be located at manager.conf. Blocks:
manager.conf
<agentless>
<alerts>
<auth>
<cluster>
<command>
<database_output>
<email_alerts>
<global>
<integration>
<remote>
<reports>
<rule_test>
<ruleset>
<syslog_output>
<task-manager>
<vulnerability-detector>
Also, to avoid confusion, agent.conf shared configuration file should be renamed to shared.conf and agent-template.conf file to shared-template.conf.
shared.conf
agent-template.conf
shared-template.conf
In addition, gen_ossec.sh script file has to be renamed to gen_wazuh.sh.
gen_ossec.sh
gen_wazuh.sh
The purpose of this issue is to rename
ossec.conf
in Wazuh Cloud Formation according to https://github.com/wazuh/wazuh/issues/7787:Agent configuration: All settings related to Wazuh Agent will be located at
agent.conf
. Blocks:<active-response>
(client side)<agent-upgrade>
(client side)<client>
<client_buffer>
<fluent-forward>
<gcp-pubsub>
<labels>
(same as manager)<localfile>
<logging>
(same as manager)<rootcheck>
<sca>
<socket>
<syscheck>
<wodle>
<wodle name="agent-key-polling">
<wodle name="aws-s3">
<wodle name="azure-logs">
<wodle name="cis-cat">
<wodle name="command">
<wodle name="docker-listener">
<wodle name="open-scap">
<wodle name="osquery">
<wodle name="syscollector">
Manager configuration: All settings related to Wazuh Manager will be located at
manager.conf
. Blocks:<active-response>
(manager side)<agentless>
<agent-upgrade>
(manager side)<alerts>
<auth>
<cluster>
<command>
<database_output>
<email_alerts>
<global>
<integration>
<labels>
(same as agent)<logging>
(same as agent)<remote>
<reports>
<rule_test>
<ruleset>
<syslog_output>
<task-manager>
<vulnerability-detector>
Also, to avoid confusion,
agent.conf
shared configuration file should be renamed toshared.conf
andagent-template.conf
file toshared-template.conf
.In addition,
gen_ossec.sh
script file has to be renamed togen_wazuh.sh
.