Closed mjcr99 closed 1 week ago
Manager installed at the RHEL 9.4 machine by following this guide.Using a the vagrant box: nikomarinov/RHEL
.
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
It was needed to disable the firewall to get the agent to connect:
systemctl stop firewalld
Edit /var/ossec/etc/shared/default/agent.conf
SCA is officially supported on RHEL 9. Default configuration was used.
Configuration by default.
Use case: Restarting the Wazuh agent with active response
Manager ossec.conf configuration:
<active-response>
<command>restart-wazuh</command>
<location>local</location>
<rules_id>550</rules_id>
</active-response>
Force a FIM modify alert (id 550) to get the restart.sh script executed with active response:
Link to the docu guide: https://documentation.wazuh.com/current/user-manual/manager/manual-syslog-output.html
Link to syslog_output
config: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syslog-output.html#reference-ossec-syslog-output
See https://github.com/wazuh/wazuh/issues/23312#issuecomment-2102782010
To avoid the nginx installation problem this test has been performed without using a Load Balancer, following this documentation.
LGTM.
Description
Hello team, this issue is to check the full compatibility of Wazuh Manager on the newfound version of Red Hat Enterprise Linux 9.4 operating system.
OSs checks issue: https://github.com/wazuh/wazuh/issues/23311
For this, it is necessary to perform the following tests to check that everything works as expected: