<no title> — wazuh-api-kit 1.0.0 documentation

#searchbox, #searchdesc { display: none; } @media (max-width: 768px) { #navbar-toggle { display: none; } #cs-mobile-menu { display: block; } #cs-layout { margin-top: 12rem; } #cs-ext-links { margin-right: 2rem!important; } }

Provides the WazuhAgentRootcheckConfiguration which allows to parse the rootcheck section of the Wazuh local configuration (ossec.conf).

class WazuhAgentRootcheckConfiguration(**kwargs)#

Bases: object

Object representation of an agent’s rootcheck configuration section.

Wazuh reference: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/rootcheck.html

base_directory: str#: Base directory on which the rootcheck is being performed.

check_dev: bool = True#: Indicates whether /dev is being checked or not.

check_files: bool = True#: Indicates whether files are being checked or not.

check_if: bool = True#: Indicates whether network interfaces are being checked or not.

check_pids: bool = True#: Indicates whether process IDs are being checked or not.

check_ports: bool = True#: Indicates whether network ports are being checked or not.

check_sys: bool = True#: Indicates whether anomalous file system objects are being checked or not.

check_trojans: bool = True#: Indicates whether the system is being checked for trojans or not.

check_unixaudit: bool = True#: Indicates whether unixaudit is being checked or not.

check_winapps: bool = True#: Indicates whether winapps are being checked or not.

check_winaudit: bool = True#: Indicates whether winaudit is being checked or not.

check_winmalware: bool = True#: Indicates whether the system is being checked for Windows malware or not.

disabled: bool = False#: Indicates whether rootcheck is disabled for the agent or not.

frequency: int | None#: Frequency in seconds in which the rootcheck is being performed.

ignore: list[str]#: List of files or directories that will be ignored.

ignore_sregex: list[str]#: List of regular expression patterns on files or directories that will be ignored.

readall: bool = False#: Indicates whether the rootcheck will read and compare all system files.

rootkit_files: str | None#: Path to the rootkit files database file.

rootkit_trojans: str | None#: Path to the rootkit trojans database file.

scanall: bool = False#: Indicates whether rootcheck scans the entire system or not.

skip_nfs: bool = True#: Indicates whether network mounted filesystems will be skipped or not.

system_audit: str | None#: Path to the audit definition file.

windows_apps: str | None#: Path to the Windows application definition file.

windows_audit: str | None#: Path to the Windows audit definition file.

windows_malware: str | None#: Path to the Windows malware definition file.

On this page