Skip to content

CIS-CAT: Support full and relative paths in configuration#419

Merged
vikman90 merged 4 commits into3.2from
3.2-ciscat-path
Mar 2, 2018
Merged

CIS-CAT: Support full and relative paths in configuration#419
vikman90 merged 4 commits into3.2from
3.2-ciscat-path

Conversation

@chemamartinez
Copy link
Contributor

@chemamartinez chemamartinez commented Feb 27, 2018
edited
Loading

Added the possibility of defining the configurable paths of the CIS-CAT wodle configuration in two different ways:

  • Using the full path:
  <!-- CIS policies evaluation -->
  <wodle name="cis-cat">
    <disabled>no</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>

    <java_path>C:\Program Files (x86)\ossec-agent\wodles\ciscat\Java\bin</java_path>
    <ciscat_path>C:\Program Files (x86)\ossec-agent\wodles\ciscat\cis-cat-full</ciscat_path>
	
	<content type="xccdf" path="C:\Program Files (x86)\ossec-agent\wodles\ciscat\cis-cat-full\benchmarks\CIS_Microsoft_Windows_7_Benchmark_v3.0.1-xccdf.xml" />
  </wodle>
  • Or using relative paths (for any of the needed path):
  <!-- CIS policies evaluation -->
  <wodle name="cis-cat">
    <disabled>no</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>

    <java_path>wodles\ciscat\Java\bin</java_path>
    <ciscat_path>wodles\ciscat\cis-cat-full</ciscat_path>
	
	<content type="xccdf" path="benchmarks\CIS_Microsoft_Windows_7_Benchmark_v3.0.1-xccdf.xml" />
  </wodle>

For Windows systems, it is also possible to set the location in shared folders as follows:

  <!-- CIS policies evaluation -->
  <wodle name="cis-cat">
    <disabled>no</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>

    <java_path>\\myserver\wodles\ciscat\Java\bin</java_path>
    <ciscat_path>wodles\ciscat\cis-cat-full</ciscat_path>
	
	<content type="xccdf" path="\\myserver\benchmarks\CIS_Microsoft_Windows_7_Benchmark_v3.0.1-xccdf.xml" />
  </wodle>

Both ways allow the wodle to validate the input paths.

If a relative path is specified for the benchmark file, it will be relative to the location of the CIS-CAT scripts. On the other hand, when setting a relative path for Java or CIS-CAT location, it is relative to the Installation directory.

The three modified paths have been tested on Linux (Ubuntu 16.04) and Windows 7 for the following cases:

  • A full path.
  • A relative path.
  • A wrong path.
  • An empty path with only the tags.
  • An empty path without any tag.

Always with the desired behavior.

@chemamartinez chemamartinez changed the title CIS-CAT: Support full and relative benchmark path in configuration CIS-CAT: Support full and relative paths in configuration Feb 28, 2018
@chemamartinez chemamartinez requested a review from snaow February 28, 2018 08:55
vikman90
vikman90 requested changes Mar 1, 2018
View reviewed changes
src/wazuh_modules/wm_ciscat.c Outdated
case 1:
// Relative path
#ifdef WIN32
if (current)
Copy link
Member

@vikman90 vikman90 Mar 1, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

current will always be a valid pointer, but it may be empty.
Should be if (*current) {}

Missing else part.
If current is empty, cis_path may not be initialized and copy trash data.
I think we may use a relative path if we can't get the current directory:

else {
    strncpy(cis_path, ciscat->ciscat_path, OS_MAXSTR - 1);
    cis_path[OS_MAXSTR - 1] = '\0;
}

src/wazuh_modules/wm_ciscat.c Outdated
break;
case 1:
#ifdef WIN32
if (current)
Copy link
Member

@vikman90 vikman90 Mar 1, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing else part (same as line 136)

src/wazuh_modules/wm_ciscat.c Outdated
} else {
#ifdef WIN32
snprintf(cis_path, OS_MAXSTR - 1, "%s", WM_CISCAT_DEFAULT_DIR_WIN);
if (current)
Copy link
Member

@vikman90 vikman90 Mar 1, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing else part.

src/wazuh_modules/wm_ciscat.c Outdated
mterror(WM_CISCAT_LOGTAG, "Couldn't find benchmark path. Skipping...");
}

os_strdup(bench_fullpath, eval->path);
Copy link
Member

@vikman90 vikman90 Mar 1, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May duplicate trash data (very long string) if the path is empty: wm_relative_path would return -1 and bench_fullpath won't be initialized.

Consider null the string after mterror() and/or leave eval->path as NULL.

@vikman90 vikman90 self-assigned this Mar 1, 2018
@vikman90 vikman90 merged commit 348f0b1 into 3.2 Mar 2, 2018
@vikman90 vikman90 deleted the 3.2-ciscat-path branch March 2, 2018 03:56
@soynof soynof mentioned this pull request Aug 7, 2023
Merged
4 tasks
Darioortegaleyva pushed a commit that referenced this pull request Feb 6, 2026
@AdriiiPRodri @crd1985
Mapping script for HIPAA and NIST 800 53 to compliance in SCA policies (
38d502c 
#419)

Add script to add new compliance standards to SCA checks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vikman90 vikman90 vikman90 approved these changes

@snaow snaow Awaiting requested review from snaow

Assignees

@vikman90 vikman90

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chemamartinez @vikman90