Changes

From SME Server
Jump to navigationJump to search

User talk:Mmccarn (view source)

Revision as of 14:11, 22 January 2018

258 bytes removed ,  14:11, 22 January 2018
m
update time stamp
Line 1: Line 1: −
=[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 16:33, 26 November 2017 (CET)=
+
=[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) =
 
==Wazuh==
 
==Wazuh==
 
===Repo===
 
===Repo===
 
  <nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \
 
  <nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \
Name 'CentOS-$releasever - Wazuh' \
+
Name 'Wazuh repository' \
BaseURL 'https://packages.wazuh.com/yum/el/$releasever/$basearch' \
+
BaseURL 'https://packages.wazuh.com/3.x/yum/' \
MirrorList 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-$releasever&arch=$basearch' \
   
EnableGroups no \
 
EnableGroups no \
 
GPGCheck yes \
 
GPGCheck yes \
Line 11: Line 10:  
Visible no \
 
Visible no \
 
status disabled</nowiki>
 
status disabled</nowiki>
 +
 
===Agent Configuration===
 
===Agent Configuration===
The [https://documentation.wazuh.com/2.0/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions] say to use '''yum install wazuh-agent''' (which, since the repo created above is disabled by default, would need to be '''yum --enablerepo=wazuh install wazuh-agent''' on a SME server), but this does not work...
+
[https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions]  
 +
 
 +
Wazuh 3.x installs correctly from the yum repository:
 +
yum --enablerepo=wazuh install wazuh-agent
 +
 
 +
Create the client account on the wazuh manager:
 +
/var/ossec/bin/agent-auth -m [ip.of.wazuh.server]
   −
Instead, I had to download the rpm and do use localinstall
+
Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf:
<nowiki>mkdir -p ~/wazuh
+
<nowiki>...
cd ~/wazuh
+
<client>
wget https://packages.wazuh.com/yum/rhel/6Server/x86_64/wazuh-agent-2.0.1-1.rhel6.x86_64.rpm
+
    <server>
yum --enablerepo=wazuh localinstall wazuh-agent-2.0.1-1.rhel6.x86_64.rpm
+
      <address>MANAGER_IP</address>
/var/ossec/bin/agent-auth -m <Ip.of.wazuh.srvr>
+
    </server>
 +
    <config-profile>rhel, rhel6</config-profile>
 +
</client>
 +
...
 
</nowiki>
 
</nowiki>
   −
You also need to enter "Ip.of.wazuh.srvr" into <server-ip>...</server-ip> in this file:
+
Start the agent
/var/ossec/etc/ossec.conf
  −
 
  −
Then start the agent
   
  /etc/init.d/wazuh-agent start
 
  /etc/init.d/wazuh-agent start
  
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/34197...34369"

Navigation menu