Wazuh на centos

Июл 05, 2017 0 Comment By lestard 
yum install -y centos-release-scl
yum install -y python27

 

если python -V показывает 2.6

strip /usr/local/lib/libpython2.7.so.1.0
curl -Ls https://github.com/wazuh/wazuh/archive/v2.0.tar.gz | tar zx
cd wazuh2.0

 

Устанавливаем серве

curl -Ls https://github.com/wazuh/wazuh/archive/v2.0.tar.gz | tar zx && cd wazuh2.0

./install.sh

 

установка nodejs
потом api

curl —silent —location https://rpm.nodesource.com/setup_6.x | bash —
yum -y install nodejs

установка API

curl -s -o install_api.sh https://raw.githubusercontent.com/wazuh/wazuh-api/2.0/install_api.sh \
&& bash ./install_api.sh download

 

API URL: http://host_ip:55000/
user: ‘foo’
password: ‘bar’
Сменить стандартного пользователя и пароль
$ cd /var/ossec/api/configuration/auth
$ sudo node htpasswd -c user myUserName

# Do not forget to restart the API to apply the changes:
$ systemctl restart wazuh-api
$ service wazuh-api restart

 

Запускаем wazuh-manager
/var/ossec/bin/ossec-control start

 

 

https://github.com/wazuh/wazuh-kibana-app

 

Запуск elastic
service elasticsearch start
Загружаем таюлицы в elastic

curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/template_file.json | \
curl -XPUT ‘http://localhost:9200/_template/wazuh’ -H ‘Content-Type: application/json’ -d @-

curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/alert_sample.json | \
curl -XPUT «http://localhost:9200/wazuh-alerts-«`date +%Y.%m.%d`»/wazuh/sample» -H ‘Content-Type: application/json’ -d @-

 

yum install logstash

закгружаем конфиги

curl -so /etc/logstash/conf.d/01-wazuh.conf https://raw.githubusercontent.com/wazuh/wazuh/2.0/extensions/logstash/01-wazuh.conf

 

curl -so /etc/logstash/wazuh-elastic5-template.json https://raw.githubusercontent.com/wazuh/wazuh/2.0/extensions/elasticsearch/wazuh-elastic5-template.json

 

Устанавливам плагин

/usr/share/logstash/bin/logstash-plugin install logstash-filter-multiline

 

управление логсташем
initctl start logstash

 

 

yum install kibana

ставим плагин
/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip

vim /etc/kibana/kibana.yml
server.host: «0.0.0.0»

Activate API
https://documentation.wazuh.com/2.0/installation-guide/installing-elastic-stack/connect_wazuh_app.html

 

 

Устанавливаем агент

curl -Ls https://github.com/wazuh/wazuh/archive/v2.0.tar.gz | tar zx cd wazuh2.0

./install.sh

Регистрируем агент на сервере

$ curl -u foo:bar -k -X POST -d 'name=NewAgent&ip=10.0.0.8' https://API_IP:55000/agents
{"error":0,"data":"001"}

 

$curl -u foo:bar -k -X GET https://API_IP:55000/agents/001/key
{"error":0,"data":"MDAxIE5ld0FnZW50IDEwLjAuMC44IDM0MGQ1NjNkODQyNjcxMWIyYzUzZTE1MGIzYjEyYWVlMTU1ODgxMzVhNDE3MWQ1Y2IzZDY4M2Y0YjA0ZWVjYzM="}

 

$ /var/ossec/bin/manage_agents -i MDAxIE5ld0FnZW50IDEwLjAuMC44IDM0MGQ1NjNkODQyNjcxMWIyYzUzZTE1MGIzYjEyYWVlMTU1ODgxMzVhNDE3MWQ1Y2IzZDY4M2Y0YjA0ZWVjYzM=
FIREWALL

Related Articles

0 Comment

Leave a Comment

Ваш адрес email не будет опубликован.