Added Wazuh Agent as a malware scanner/antivirus

Solves https://github.com/CISOfy/lynis/issues/1304 Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent malware acting as an EDR. Therefore, it seems feasible to add wazuh-agent to the accepted antivirus products. https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/index.html https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
2025-04-08 17:15:25 +02:00 · 2022-07-20 21:41:55 +03:00 · 2022-07-20 21:41:55 +03:00 · e4cd5eaede
commit e4cd5eaede
parent 8d9cdb22f4
1 changed files with 11 additions and 0 deletions
--- a/include/tests_malware
+++ b/include/tests_malware
@ -308,6 +308,17 @@
            Report "malware_scanner[]=trend-micro-av"
        fi

+        # Wazuh agent
+        LogText "Test: checking process wazuh-agent to test for Wazuh agent"
+        if IsRunning "wazuh-agent"; then
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Wazuh agent" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Wazuh component"
+            FOUND=1
+            MALWARE_DAEMON_RUNNING=1
+            MALWARE_SCANNER_INSTALLED=1
+            Report "malware_scanner[]=wazuh"
+        fi
+
        if [ ${FOUND} -eq 0 ]; then
            LogText "Result: no commercial anti-virus tools found"
            AddHP 0 3