$nginx_config: /etc/nginx/nf,/usr/local/nginx/conf/nf The variables section is optional, and we will use it to evaluate more than one target file (possible locations of the NGINX configuration file) in the same rule.This policy helps to improve the security of NGINX web servers running on Linux or UNIX-like operating systems." It runs on UNIX, GNU/Linux, BSD variants, Mac OS X, Solaris, and Microsoft Windows. The fields are self-explanatory, as we can see below:ĭescription: "NGINX is a lightweight, high-performance web server/reverse proxy and e-mail (IMAP/POP3) proxy. The header section includes the needed information to identify and describe the policy.The created policy follows a defined structure, that includes the following sections: header, variables, requirements, and checks. Our SCA policy is based on security practices for NGINX, found on several security blogs (see Reference section below). More information on how to create custom policies is available in our technical documentation. See screenshot below: Security Configuration Assessment example: Assessing Nginx configurationįor this example, we are creating an SCA policy from scratch, to assess the NGINX configuration for one of our monitored systems. Users can also create their own custom policies, as we will see in this article.Īfter a scan is completed, the agent reports to the results to the manager, and those become available in the web user interface (Wazuh Kibana plugin). In addition, on the manager side, you can find all Wazuh SCA policies. These policies are specific to the operating system where the agents get installed. The SCA module automatically loads the default policies, available at the directory ruleset/sca. Rules, among other things, can run custom commands, inspect configuration files and look for running processes or Windows registry keys. These checks do use a rule, or a combination of rules, to verify the state of a system. You can find the complete list of settings in our reference documentation.Īn SCA policy is a group of configuration checks. Just use the following configuration stanza, in your Wazuh agent configuration file ( nf), to enable it: Setting up the SCA module is quite simple. This blog post is an introduction to the SCA module and will give you a good understanding of how to use it efficiently. Furthermore, pre-defined policies help meet regulatory compliance such as HIPAA or PCI DSS or meet standards like CIS (Center of Internet Security). The Security Configuration Assessment module provides an engine to interpret and run configuration checks in YAML format. The module works on all Wazuh supported platforms (Linux, macOS, Windows, Solaris, AIX and HP-UX). It provides out-of-the-box checks that are used for systems hardening. The Security Configuration Assessment module ( SCA) was added to the Wazuh platform in version 3.9.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |