Latest revision as of 20:30, 23 January 2024

CPu & Memory Requirements

https://groups.google.com/g/wazuh/c/LJFebJGNziE

Compare

Install Server/Manager

1

apt-get install gnupg apt-transport-https && curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg && echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list && apt-get update && apt-get -y install wazuh-manager

2

systemctl daemon-reload
systemctl enable wazuh-manager
systemctl start wazuh-manager

3

systemctl status wazuh-manager

Install Agent

Download

Windows

https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.2-1.msi

Auto Registration with pass

https://documentation.wazuh.com/current/user-manual/agent-enrollment/security-options/using-password-authentication.html

echo "secretregpass" > /var/ossec/etc/authd.pass
chmod 640 /var/ossec/etc/authd.pass
chown root:wazuh /var/ossec/etc/authd.pass
systemctl restart wazuh-manager

vim /var/ossec/etc/ossec.conf

<auth>
  <use_password>yes</use_password>
</auth>

Agent Install with reg pass

https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-linux.html

WAZUH_MANAGER="10.x.x.x" WAZUH_REGISTRATION_PASSWORD="TopSecret" \
     apt-get install wazuh-agent
     # WAZUH_AGENT_NAME="apt-agent" apt-get install wazuh-agent

systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent

Get token for agent

domain=example.com
TOKEN=$(curl -u wazuh:wazuh -k -X POST "https://wazuh.$domain:55000/security/user/authenticate?raw=true")
curl -k -X POST -d '{"name":"ws-w10"}' "https://wazuh.$domain:55000/agents?pretty=true" -H "Content-Type:application/json" -H "Authorization: Bearer $TOKEN"

/var/ossec/bin/agent_control -l

File integrity

HIPPA

https://documentation.wazuh.com/current/compliance/hipaa/index.html

CVEs

Tripewire as lot less CVEs though. Hopefully Wazuh has fixed their QA on that.
https://www.cvedetails.com/vulnerability-list/vendor_id-195/Tripwire.html?page=1&order=1&trc=6&sha=56f128771299bfbc37c73003cacb61068e1e48f4
https://www.cvedetails.com/vulnerability-list/vendor_id-19545/Wazuh.html

Difference between revisions of "Wazuh"

Latest revision as of 20:30, 23 January 2024

Contents

CPu & Memory Requirements

Compare

Install Server/Manager

1

2

3

Install Agent

Download

Windows

Auto Registration with pass

Agent Install with reg pass

Get token for agent

File integrity

HIPPA

CVEs

Navigation menu

Search

@@ Line 50: / Line 50: @@
 chown root:wazuh /var/ossec/etc/authd.pass
 systemctl restart wazuh-manager
+```
+vim /var/ossec/etc/ossec.conf
+```
+<auth>
+  <use_password>yes</use_password>
+</auth>
 ```
 ### Agent Install with reg pass
 - https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-linux.html
+```
+WAZUH_MANAGER="10.x.x.x" WAZUH_REGISTRATION_PASSWORD="TopSecret" \
+     apt-get install wazuh-agent
+     # WAZUH_AGENT_NAME="apt-agent" apt-get install wazuh-agent
+systemctl daemon-reload
+systemctl enable wazuh-agent
+systemctl start wazuh-agent
+```
 ## Get token for agent
@@ Line 69: / Line 87: @@
 - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/how-to-configure-fim.html
 - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/how-it-works.html
+# HIPPA
+- https://documentation.wazuh.com/current/compliance/hipaa/index.html
+# CVEs
+- Tripewire as lot less CVEs though. Hopefully Wazuh has fixed their QA on that.
+- https://www.cvedetails.com/vulnerability-list/vendor_id-195/Tripwire.html?page=1&order=1&trc=6&sha=56f128771299bfbc37c73003cacb61068e1e48f4
+- https://www.cvedetails.com/vulnerability-list/vendor_id-19545/Wazuh.html