Get Wazuh
- # project: https://github.com/wazuh/wazuh-docker
- git clone https://github.com/wazuh/wazuh-docker.git -b v4.12.0
Cert
- sudo docker-compose -f generate-indexer-certs.yml run --rm generator
Run
- Set ufw 9200/tcp,1514-1516/tcp/udp,443/tcp
- sudo docker-compose up -d
- open https://ip:your_port or space(443) check status
use default account admin and password SecretPassword to login
- Windows:install Agent and modify ip point to wazuh ip before start service
- Linux: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html
- sudo -s
- check curl be install
- GPG Key
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg - REPO
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list - sudo apt-get update
- CONFIG
sudo apt-get install gnupg apt-transport-https
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - - WAZUH_MANAGER="<wazuh_ip>
- apt-get install wazuh-agent
- SERVICE
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent - STOP UPDATE: agent update use manager control panel
sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
sudo apt-get update
沒有留言:
張貼留言