yum install -y centos-release-scl yum install -y python27
если python -V показывает 2.6
strip /usr/local/lib/libpython2.7.so.1.0
curl -Ls https://github.com/wazuh/wazuh/archive/v2.0.tar.gz | tar zx cd wazuh2.0
Устанавливаем серве
curl -Ls https://github.com/wazuh/wazuh/archive/v2.0.tar.gz | tar zx && cd wazuh2.0 ./install.sh
установка nodejs
потом api
curl —silent —location https://rpm.nodesource.com/setup_6.x | bash —
yum -y install nodejs
установка API
curl -s -o install_api.sh https://raw.githubusercontent.com/wazuh/wazuh-api/2.0/install_api.sh \ && bash ./install_api.sh download
API URL: http://host_ip:55000/
user: ‘foo’
password: ‘bar’
Сменить стандартного пользователя и пароль
$ cd /var/ossec/api/configuration/auth
$ sudo node htpasswd -c user myUserName
# Do not forget to restart the API to apply the changes:
$ systemctl restart wazuh-api
$ service wazuh-api restart
Запускаем wazuh-manager
/var/ossec/bin/ossec-control start
https://github.com/wazuh/wazuh-kibana-app
Запуск elastic
service elasticsearch start
Загружаем таюлицы в elastic
curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/template_file.json | \
curl -XPUT ‘http://localhost:9200/_template/wazuh’ -H ‘Content-Type: application/json’ -d @-
curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/alert_sample.json | \
curl -XPUT «http://localhost:9200/wazuh-alerts-«`date +%Y.%m.%d`»/wazuh/sample» -H ‘Content-Type: application/json’ -d @-
yum install logstash
закгружаем конфиги
curl -so /etc/logstash/conf.d/01-wazuh.conf https://raw.githubusercontent.com/wazuh/wazuh/2.0/extensions/logstash/01-wazuh.conf
curl -so /etc/logstash/wazuh-elastic5-template.json https://raw.githubusercontent.com/wazuh/wazuh/2.0/extensions/elasticsearch/wazuh-elastic5-template.json
Устанавливам плагин
/usr/share/logstash/bin/logstash-plugin install logstash-filter-multiline
управление логсташем
initctl start logstash
yum install kibana
ставим плагин
/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip
vim /etc/kibana/kibana.yml
server.host: «0.0.0.0»
Activate API
https://documentation.wazuh.com/2.0/installation-guide/installing-elastic-stack/connect_wazuh_app.html
Устанавливаем агент
curl -Ls https://github.com/wazuh/wazuh/archive/v2.0.tar.gz | tar zx cd wazuh2.0
./install.sh
Регистрируем агент на сервере
$ curl -u foo:bar -k -X POST -d 'name=NewAgent&ip=10.0.0.8' https://API_IP:55000/agents {"error":0,"data":"001"}
$curl -u foo:bar -k -X GET https://API_IP:55000/agents/001/key {"error":0,"data":"MDAxIE5ld0FnZW50IDEwLjAuMC44IDM0MGQ1NjNkODQyNjcxMWIyYzUzZTE1MGIzYjEyYWVlMTU1ODgxMzVhNDE3MWQ1Y2IzZDY4M2Y0YjA0ZWVjYzM="}
$ /var/ossec/bin/manage_agents -i MDAxIE5ld0FnZW50IDEwLjAuMC44IDM0MGQ1NjNkODQyNjcxMWIyYzUzZTE1MGIzYjEyYWVlMTU1ODgxMzVhNDE3MWQ1Y2IzZDY4M2Y0YjA0ZWVjYzM=
0 Comment