本文借鉴https://www.cnblogs.com/backlion/p/10394369.html,在此谢谢大佬指明方向!!
本人又总结了wazuh界面上opencat,Vulnerabilities的后台配置情况,以及agent版本升级情况,
系统为:Centos7
建议搭建分布式,本文是单主机架构
系统处于联网状态下
Manager-ip: 10.0.0.50
Agent-ip: 10.0.0.51
Agent2-ip: 10.0.0.52(Windows)
注:elk搭建时。版本问题必须匹配!!!
wazuh-manager wazuh-api版本必须相同
登录Manager-ip
1.安装Wazuh-Manager
cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=Wazuh repository baseurl=https://packages.wazuh.com/3.x/yum/ protect=1 EOF
2. yum -y install wazuh-manager
执行安装结束后,可以查看到wazuh-manager的状态(正常情况已经running)
3. systemctl status wazuh-manager
4. 安装 Wazuh api
要运行Wazuh API,需要NodeJS> = 4.6.1,如果您没有安装NodeJS或者您的版本低于4.6.1
curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
最后提示
## Run `sudo yum install -y nodejs` to install Node.js 8.x LTS Carbon and npm.
## You may also need development tools to build native addons:
sudo yum install gcc-c++ make
## To install the Yarn package manager, run:
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn
建议先安装上面所提的软件:(若已安装可略过)
yum install gcc-c++ make
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
yum install yarn
yum install nodejs.x86_64
4.1.验证安装情况
node -v
v8.15.1
4.2
yum install wazuh-api -y
查看api状态
systemctl status wazuh-api
防止自动升级
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
5.安装ELK
安装es
Logstash和Elasticsearch需要Oracle Java JRE 8
cd /opt
curl -Lo jre-8-linux-x64.rpm --header "Cookie: oraclelicense=accept-securebackup-cookie" "https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm"
rpm -qlp jre-8-linux-x64.rpm > /dev/null 2>&1 && echo "Java package downloaded successfully" || echo "Java package did not download successfully"
Java package downloaded successfully (提示成功)
yum -y install jre-8-linux-x64.rpm
java -version
java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
显示安装成功
然后:
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
cat > /etc/yum.repos.d/elastic.repo << EOF [elasticsearch-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF
然后安装elasticsearch
如果没有epel库,自己装,否则yum会提示没有elas*的包
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm