From 32a39eaaf884444baa7b5ec76a87b8e2990906ae Mon Sep 17 00:00:00 2001
From: Zafer Balkan <zafer@zaferbalkan.com>
Date: Wed, 20 Jul 2022 21:50:26 +0300
Subject: [PATCH] Added Wazuh agent as a rootkit scanner

Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent rootkits. Therefore, it seems feasible to add wazuh-agent to the accepted rootkit detection products.

https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
---
 include/tests_malware | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/tests_malware b/include/tests_malware
index 3ddc9277..237b7cc1 100644
--- a/include/tests_malware
+++ b/include/tests_malware
@@ -43,6 +43,7 @@
     SYMANTEC_SCANNER_RUNNING=0
     SYNOLOGY_DAEMON_RUNNING=0
     TRENDMICRO_DSA_DAEMON_RUNNING=0
+    WAZUH_DAEMON_RUNNING=0
 #
 #################################################################################
 #
@@ -314,8 +315,10 @@
             if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Wazuh agent" --result "${STATUS_FOUND}" --color GREEN; fi
             LogText "Result: found Wazuh component"
             FOUND=1
+            WAZUH_DAEMON_RUNNING=1
             MALWARE_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
+            ROOTKIT_SCANNER_FOUND=1
             Report "malware_scanner[]=wazuh"
         fi