| 兩邊的前次修訂版 前次修改
下次修改 | 前次修改
|
| tech:wazuh [2023/11/19 20:50] – [設定啟用] jonathan | tech:wazuh [2025/01/19 08:47] (目前版本) – [Agent 端] jonathan |
|---|
| echo "vm.max_map_count = 262144" >> /etc/sysctl.conf | echo "vm.max_map_count = 262144" >> /etc/sysctl.conf |
| </cli> | </cli> |
| * 安裝 Wazuh v4.6.0 <cli> | * 安裝 Wazuh v4.7.0 <cli> |
| git clone https://github.com/wazuh/wazuh-docker.git -b v4.6.0 | git clone https://github.com/wazuh/wazuh-docker.git -b v4.7.0 |
| cd wazuh-docker/single-node/ | cd wazuh-docker/single-node/ |
| docker compose -f generate-indexer-certs.yml run --rm generator | docker compose -f generate-indexer-certs.yml run --rm generator |
| |
| ===== 設定啟用 ===== | ===== 設定啟用 ===== |
| | ==== Server 端 ==== |
| * 其他文件提到修改 /var/ossec/etc/ossec.conf 需要修改 ~/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf 然後重啟 docker compse | * 其他文件提到修改 /var/ossec/etc/ossec.conf 需要修改 ~/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf 然後重啟 docker compse |
| | ==== Agent 端 ==== |
| | === 安裝 Agent 方式 === |
| | * Exp. Wazuh Server IP : 10.20.2.38 |
| | == Ubuntu / Debian == |
| | * <cli> |
| | apt install lsb-release && wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.7.0-1_amd64.deb && WAZUH_MANAGER='10.20.2.38' dpkg -i ./wazuh-agent_4.7.0-1_amd64.deb |
| | systemctl daemon-reload |
| | systemctl enable wazuh-agent |
| | systemctl restart wazuh-agent |
| | </cli> |
| | |
| | == Alpine == |
| | * <cli> |
| | wget -O /etc/apk/keys/[email protected] https://packages.wazuh.com/key/alpine-devel%40wazuh.com-633d7457.rsa.pub |
| | echo "https://packages.wazuh.com/4.x/alpine/v3.12/main" >> /etc/apk/repositories |
| | apk update |
| | apk add wazuh-agent |
| | export WAZUH_MANAGER="10.20.2.38" && sed -i "s|MANAGER_IP|$WAZUH_MANAGER|g" /var/ossec/etc/ossec.conf |
| | /var/ossec/bin/wazuh-control start |
| | sed -i "s|^https://packages.wazuh.com|#https://packages.wazuh.com|g" /etc/apk/repositories |
| | </cli> |
| | |
| | === 修改 Agent 端設定 === |
| | * Linux Agent 主要安裝路徑 /var/ossec |
| | * 修改 ossec.conf 檔 -> /var/ossec/etc/ossec.conf |
| | * 修改後重啟 Agent <cli>systemctl restart wazuh-agent</cli> |
| | |
| | === 移除 Agent 方式 === |
| | * ref - https://documentation.wazuh.com/current/installation-guide/uninstalling-wazuh/agent.html#uninstalling-linux-agent |
| | == Ubuntu / Debian == |
| | * <cli> |
| | apt remove --purge wazuh-agent |
| | </cli> |
| | == alpine == |
| | * <cli> |
| | /var/ossec/bin/wazuh-control stop |
| | apk del wazuh-agent |
| | rm -rf /var/ossec |
| | rm /etc/apk/keys/[email protected] |
| | sed -i '/packages.wazuh.com/d' /etc/apk/repositories |
| | </cli> |
| | |
| ===== 參考網址 ===== | ===== 參考網址 ===== |
| * https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html | * https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html |
| * https://www.youtube.com/watch?v=i68atPbB8uQ | * https://www.youtube.com/watch?v=i68atPbB8uQ |
| * https://www.reddit.com/r/Wazuh/comments/16gtsv0/turning_on_vulnerability_scanning_in_a_docker/ | * https://www.reddit.com/r/Wazuh/comments/16gtsv0/turning_on_vulnerability_scanning_in_a_docker/ |
| | * https://documentation.wazuh.com/current/proof-of-concept-guide/integrate-network-ids-suricata.html |
| |
| {{tag>資安管理}} | {{tag>資安管理}} |