SCA is not defined in the Wazuh Manager and Wazuh Agent templates

[jm404]

Hi team,

The Wazuh Agent/Manager installation doesn't include the <sca> configuration block in the ossec.conf file.

This block is included and enabled in a default installation and should be added in order to make use of SCA functionalities

Tasks:

• Implement <sca> block in the Wazuh templates

• Add related variables to enable and configure this block

• Test configuration with different variables values

Best regards,

Jose

[jm404]

Hi team,

I updated the template in the Wazuh Manager and Wazuh Agent adding the following configuration:

wazuh-ansible/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

Lines 273 to 298 in d45ad1d

	{% if ansible_system == "Linux" %}
	<sca>
	{% if wazuh_agent_config.sca.enabled | length > 0 %}
	<enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
	{% endif %}
	{% if wazuh_agent_config.sca.scan_on_start | length > 0 %}
	<scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start>
	{% endif %}
	{% if wazuh_agent_config.sca.interval | length > 0 %}
	<interval>{{ wazuh_agent_config.sca.interval }}</interval>
	{% endif %}
	{% if wazuh_agent_config.sca.skip_nfs | length > 0 %}
	<skip_nfs>yes</skip_nfs>
	{% endif %}
	{% if wazuh_agent_config.sca.day | length > 0 %}
	<day>yes</day>
	{% endif %}
	{% if wazuh_agent_config.sca.wday | length > 0 %}
	<wday>yes</wday>
	{% endif %}
	{% if wazuh_agent_config.sca.time | length > 0 %}
	<time>yes</time>
	{% endif %}
	</sca>
	{% endif %}

Also, related values are now initialized by default:

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/defaults/main.yml

Lines 157 to 164 in 7371e73

	sca:
	enabled: 'yes'
	scan_on_start: 'yes'
	interval: '12h'
	skip_nfs: 'yes'
	day: ''
	wday: ''
	time: ''

From Wazuh 3.10, SCA no longer contains the <policy> field relative to every OS, making much easier to mantain the specified template in Jinja2

Best regards,

Jose