-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Server Certificate Validation to Wazuh Agent #389
Labels
Comments
vikman90
added
level/task
Task issue
type/enhancement
Enhancement issue
module/agent
labels
Dec 5, 2024
3 tasks
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently, the Wazuh Agent supports communication over HTTP and HTTPS but does not validate the server's SSL/TLS certificate. This lack of validation introduces potential security risks, such as exposure to man-in-the-middle attacks. To mitigate these risks, we propose adding functionality for certificate validation to the agent.
Proposed Changes
We will enhance the agent to:
New Configuration Parameter
Introduce a new configuration parameter in the
agent.yml
file to control the verification behavior:Possible Values:
full
(default):certificate
:none
:Note: This mode disables critical SSL/TLS security features and is not recommended for production environments.
Benefits
Tasks
verification_mode
parameter.Testing
full
,certificate
,none
).The text was updated successfully, but these errors were encountered: