tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-28 00:04:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added Wazuh Agent as a malware scanner/antivirus

Browse Source 
Solves https://github.com/CISOfy/lynis/issues/1304

Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent malware acting as an EDR. Therefore, it seems feasible to add wazuh-agent to the accepted antivirus products.

https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/index.html
https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
This commit is contained in:
Zafer Balkan 2022-07-20 21:41:55 +03:00 committed by GitHub
parent 8d9cdb22f4
commit e4cd5eaede
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
include/tests_malware
View File

@ -308,6 +308,17 @@
Report "malware_scanner[]=trend-micro-av" Report "malware_scanner[]=trend-micro-av"
fi fi
# Wazuh agent
LogText "Test: checking process wazuh-agent to test for Wazuh agent"
if IsRunning "wazuh-agent"; then
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Wazuh agent" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Wazuh component"
FOUND=1
MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=wazuh"
fi
if [ ${FOUND} -eq 0 ]; then if [ ${FOUND} -eq 0 ]; then
LogText "Result: no commercial anti-virus tools found" LogText "Result: no commercial anti-virus tools found"
AddHP 0 3 AddHP 0 3