wazuh安装
終端
終端系統:win10
agent:wazuh-agent-4.2.2-1?https://packages.wazuh.com/4.x/windows/wazuh-agent-4.2.2-1.msi
服務器
安裝方式:單步安裝Step-by-step installation - All-in-one deployment
echo "1 install necessary packages" yum install curl unzip wget libcap -y rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH cat > /etc/yum.repos.d/wazuh.repo << EOF [wazuh] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-\$releasever - Wazuh baseurl=https://packages.wazuh.com/4.x/yum/ protect=1 EOFecho "2 install wazuh manager" yum install wazuh-manager -y systemctl daemon-reload systemctl enable wazuh-manager systemctl start wazuh-manager systemctl status wazuh-managerecho "3 install es" yum install opendistroforelasticsearch -yecho "config es" curl -so /etc/elasticsearch/elasticsearch.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/7.x/elasticsearch_all_in_one.ymlecho "add user, role" curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles.yml curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles_mapping.yml curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/internal_users.ymlecho "remove demo certificates" rm /etc/elasticsearch/esnode-key.pem /etc/elasticsearch/esnode.pem /etc/elasticsearch/kirk-key.pem /etc/elasticsearch/kirk.pem /etc/elasticsearch/root-ca.pem -fecho "generate and deploy the certificates" curl -so ~/wazuh-cert-tool.sh https://packages.wazuh.com/resources/4.2/open-distro/tools/certificate-utility/wazuh-cert-tool.sh curl -so ~/instances.yml https://packages.wazuh.com/resources/4.2/open-distro/tools/certificate-utility/instances_aio.yml bash ~/wazuh-cert-tool.shmkdir /etc/elasticsearch/certs/ mv ~/certs/elasticsearch* /etc/elasticsearch/certs/ mv ~/certs/admin* /etc/elasticsearch/certs/ cp ~/certs/root-ca* /etc/elasticsearch/certs/systemctl daemon-reload systemctl enable elasticsearch systemctl start elasticsearch export JAVA_HOME=/usr/share/elasticsearch/jdk/ && /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -nhnv -cacert /etc/elasticsearch/certs/root-ca.pem -cert /etc/elasticsearch/certs/admin.pem -key /etc/elasticsearch/certs/admin-key.pemecho "test whether install success" curl -XGET https://localhost:9200 -u admin:admin -kecho "remove es analyzer tool" /usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro-performance-analyzer systemctl restart elasticsearchecho "4 install filebeat" yum install filebeat -ycurl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/resources/4.2/open-distro/filebeat/7.x/filebeat_all_in_one.yml curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json chmod go+r /etc/filebeat/wazuh-template.json curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz | tar -xvz -C /usr/share/filebeat/modulemkdir /etc/filebeat/certs cp ~/certs/root-ca.pem /etc/filebeat/certs/ mv ~/certs/filebeat* /etc/filebeat/certs/systemctl daemon-reload systemctl enable filebeat systemctl start filebeatfilebeat test outputecho "5 install kibana" yum install opendistroforelasticsearch-kibana -ycurl -so /etc/kibana/kibana.yml https://packages.wazuh.com/resources/4.2/open-distro/kibana/7.x/kibana_all_in_one.ymlmkdir /usr/share/kibana/data chown -R kibana:kibana /usr/share/kibana/datacd /usr/share/kibana sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.10.2-1.zipmkdir /etc/kibana/certs cp ~/certs/root-ca.pem /etc/kibana/certs/ mv ~/certs/kibana* /etc/kibana/certs/ chown kibana:kibana /etc/kibana/certs/*setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/nodesystemctl daemon-reload systemctl enable kibana systemctl start kibana安裝kibana失敗
[root@localhost kibana]# sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.10.2-1.zip Attempting to transfer from https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.10.2-1.zip Transferring 34628785 bytes.... Transfer complete Retrieving metadata from plugin archive Error: end of central directory record signature not foundat /usr/share/kibana/node_modules/yauzl/index.js:187:14at /usr/share/kibana/node_modules/yauzl/index.js:631:5at /usr/share/kibana/node_modules/fd-slicer/index.js:32:7at FSReqWrap.wrapper [as oncomplete] (fs.js:467:17) Plugin installation was unsuccessful due to error "Error retrieving metadata from plugin archive"下載太慢導致安裝失敗,用迅雷下載到本地之后,以文件方式安裝
[root@localhost GitHub]# sudo -u kibana /usr/share/kibana/bin/kibana-plugin install file:///mnt/hgfs/wazuh_kibana-4.2.2_7.10.2-1.zip Found previous install attempt. Deleting... Attempting to transfer from file:///mnt/hgfs/wazuh_kibana-4.2.2_7.10.2-1.zip Transferring 34628785 bytes.................... Transfer complete Retrieving metadata from plugin archive Extracting plugin archive Extraction complete Plugin installation complete訪問kibana web
URL: https://<wazuh_server_ip>? ? //例如:?https://192.168.1.66
user: admin
password: admin?
???https://192.168.1.66/app/wazuh#/manager/?tab=status 沒有agent在線,通過方式添加agent
agent連接wazuh server
給agent生成一個key,讓他能夠連接到wazuh server, 運行以下命令
[root@localhost Hub]# /var/ossec/bin/manage_agents?給agent配置?
agent連接wazuh server失敗
agent安裝在vmware win7中,連接到另一個臺vmware centos wazuh server,提示連接失敗
telnet 192.168.1.66 1514失敗,在centos中查看1514端口是處理監聽狀態,因此應該是防火墻沒有開1514端口,通過以下命令開放1514之后連接成功
firewall-cmd --list-portsfirewall-cmd --zone=public --add-port=1514/tcp --permanent ? ?(--permanent永久生效,沒有此參數重啟后失效) firewall-cmd --zone=public --add-port=1515/tcp --permanentfirewall-cmd --reload?查看狀態
?wazuh相關進程
總結
- 上一篇: Vite的优化配置
- 下一篇: 计算机无法播放器,完美解决Win7系统W