wazuh-ruleset icon indicating copy to clipboard operation
wazuh-ruleset copied to clipboard

Published 20 hours ago verified publisher icon wazuh

How to update Wazuh ruleset with proxy ?

Open NRGLine4Sec opened this issue 4 years ago • 6 comments

NRGLine4Sec avatar Oct 20 '20 16:10 NRGLine4Sec

So I succeeded to check the update with some modifications in /var/ossec/framework/scripts/update_ruleset.py. I added :

http_proxy  = "http://172.16.2.87:3128"
https_proxy = "http://172.16.2.87:3128"

proxyDict = { 
              "http"  : http_proxy, 
              "https" : https_proxy, 
            }

above of def get_new_ruleset(source, url, branch_name=None): And I modify the line f_url = requests.get(url_ruleset) with f_url = requests.get(url_ruleset, proxies=proxyDict). So it works but when I check the file after the update, modifications are gone. How to do it permanently ?

Is there an easier way to update with a proxy ?

NRGLine4Sec avatar Oct 20 '20 16:10 NRGLine4Sec

Hello!

The update replaces the update_ruleset.py script. The following function do it:

https://github.com/wazuh/wazuh-ruleset/blob/be216805001c0bd66d401b538f36e02feb59cabb/update_ruleset#L251-L318

You should modify it too.

Regards, Eva

Lopuiz avatar Nov 03 '20 08:11 Lopuiz

Hi Eva, Thanks for your reply. It is in your roadmap to support proxy for Wazuh ruleset update ?

NRGLine4Sec avatar Nov 03 '20 11:11 NRGLine4Sec

Sorry, I have no idea. I'll stay this issue open to try to support it.

Lopuiz avatar Nov 03 '20 16:11 Lopuiz

OK, thanks

NRGLine4Sec avatar Nov 03 '20 16:11 NRGLine4Sec

Hi @Lopuiz, Any update on this issue ?

NRGLine4Sec avatar Apr 12 '21 12:04 NRGLine4Sec