Line 1: |
Line 1: |
| + | =[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) = |
| + | ==Wazuh== |
| + | ===Repo=== |
| + | <nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \ |
| + | Name 'Wazuh repository' \ |
| + | BaseURL 'https://packages.wazuh.com/3.x/yum/' \ |
| + | EnableGroups no \ |
| + | GPGCheck yes \ |
| + | GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \ |
| + | Visible no \ |
| + | status disabled</nowiki> |
| + | |
| + | ===Agent Configuration=== |
| + | [https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions] |
| + | |
| + | Wazuh 3.x installs correctly from the yum repository: |
| + | yum --enablerepo=wazuh install wazuh-agent |
| + | |
| + | Create the client account on the wazuh manager: |
| + | /var/ossec/bin/agent-auth -m [ip.of.wazuh.server] |
| + | |
| + | Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf: |
| + | <nowiki>... |
| + | <client> |
| + | <server> |
| + | <address>MANAGER_IP</address> |
| + | </server> |
| + | <config-profile>rhel, rhel6</config-profile> |
| + | </client> |
| + | ... |
| + | </nowiki> |
| + | |
| + | Start the agent |
| + | /etc/init.d/wazuh-agent start |
| + | |
| + | ===SME Customizations=== |
| + | I added these instructions to /var/ossec/etc/ossec.conf: |
| + | <nowiki> <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dovecot/current</location> |
| + | </localfile> |
| + | |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/tinydns/current</location> |
| + | </localfile> |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dnscache/current</location> |
| + | </localfile> |
| + | |
| + | <localfile> |
| + | <log_format>command</log_format> |
| + | <command>grep -h logterse /var/log/*qpsmtpd/current</command> |
| + | <alias>s/qpsmtpd</alias> |
| + | <frequency>360</frequency> |
| + | </localfile> |
| + | </nowiki> |
| + | |
| + | And this instruction to /var/ossec/etc/local_internal_options.conf: |
| + | <nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html |
| + | # 'it may not be permissible in all environments to allow the Wazuh manager to run |
| + | # arbitrary commands on agents in their root security context.' |
| + | logcollector.remote_commands=1 |
| + | </nowiki> |
| + | |
| + | And restarted the agent using |
| + | /etc/init.d/wazuh-agent restart |
| + | |
| + | =Older= |
| Mariadb notes moved to [[MariaDB_alongside_MySQL]] | | Mariadb notes moved to [[MariaDB_alongside_MySQL]] |
− |
| |
| ==Install Moodle 2.6 using git== | | ==Install Moodle 2.6 using git== |
| ===Requirements=== | | ===Requirements=== |