Hello!
After a lot of trial and error, I succeed to compilate and install Wazuh. It's not really clean, but it's working. The hardest thing to set up is that the unraid OS is not persistent, so you need a script to set up files and services every time the server is restarted.
Step 1: Set Up Docker Container
Open Unraid GUI: Navigate to the Apps tab.
Search and Install: Look for "AutoSlackPack" and install the SpaceinvaderOne/AutoSlackPack Docker container.
Configure Container:
Set the Autobuild package: environment variable to no.
Map a host path (e.g., /mnt/user/appdata/wazuh-build) to /output in the container.
Step 2: Access and Compile Wazuh
Start the Container: Access its console.
Download Wazuh:
curl -Lo wazuh-4.9.1.tar.gz https://github.com/wazuh/wazuh/archive/v4.9.1.tar.gz
tar xzf wazuh-4.9.1.tar.gz
cd wazuh-4.9.1
Install Wazuh: Run ./install.sh and choose /tmp/wazuh-agent-install as the installation directory.
Step 3: Create Slackware Package
Prepare Package Description:
mkdir -p /tmp/package/install
cat > /tmp/package/install/slack-desc << EOF
# HOW TO EDIT THIS FILE:
|-----handy-ruler------------------------------------------------------|
wazuh-agent: wazuh-agent (Wazuh Agent for endpoint security)
wazuh-agent:
wazuh-agent: The Wazuh agent is a security agent that performs system data
wazuh-agent: collection and provides real-time protection for the monitored system.
wazuh-agent:
wazuh-agent: It communicates with the Wazuh server, sending data in near real-time
wazuh-agent: through an encrypted and authenticated channel.
wazuh-agent:
wazuh-agent: Homepage: https://wazuh.com
EOF
Build Package:
cd /tmp/wazuh-agent-install
/sbin/makepkg -l y -c n /tmp/wazuh-agent-4.9.1-unraid.txz
Step 4: Retrieve and Store Files
Copy Files to Output Directory:
cp /tmp/wazuh-agent-4.9.1-unraid.txz /output/
cp /tmp/wazuh-agent-install/etc/ossec.conf /output/
Exit Container and open terminal session on your Unraid host
Move Files to Boot Directory:
cp /mnt/user/appdata/wazuh-build/wazuh-agent-4.9.1-unraid.txz /boot/config/plugins/
cp /mnt/user/appdata/wazuh-build/ossec.conf /boot/config/plugins/
Step 5: Create Installation Script
Create a script at /boot/config/plugins/install_wazuh_agent.sh with the following content:
#!/bin/bash
# Set environment variable permanently
if ! grep -q "export WAZUH_HOME=" /boot/config/go; then
echo "export WAZUH_HOME=/var/ossec" >> /boot/config/go
fi
# Set WAZUH_HOME for the current session
export WAZUH_HOME=/var/ossec
# Create wazuh group if it doesn't exist
if ! getent group wazuh > /dev/null 2>&1; then
groupadd -r wazuh
fi
# Create wazuh user if it doesn't exist
if ! id wazuh > /dev/null 2>&1; then
useradd -r -g wazuh -d /var/ossec -s /sbin/nologin wazuh
fi
# Install the Wazuh agent package
installpkg /boot/config/plugins/wazuh-agent-4.9.1-unraid.txz
# Ensure proper permissions
chown -R wazuh:wazuh /var/ossec
# Create a symlink for the configuration file
if [ ! -f /boot/config/plugins/ossec.conf ]; then
cp /var/ossec/etc/ossec.conf /boot/config/plugins/ossec.conf
fi
ln -sf /boot/config/plugins/ossec.conf /etc/ossec.conf
# Create the rc.wazuh-agent script
cat > /etc/rc.d/rc.wazuh-agent << EOF
#!/bin/sh
# Copyright (C) 2015, Wazuh Inc.
# OSSEC Controls Wazuh
# Author: Daniel B. Cid <
[email protected]>
# Modified for slackware by Jack S. Lai
WAZUH_HOME=/var/ossec
WAZUH_CONTROL="\$WAZUH_HOME/bin/wazuh-control"
start() {
\${WAZUH_CONTROL} start
}
stop() {
\${WAZUH_CONTROL} stop
}
status() {
\${WAZUH_CONTROL} status
}
case "\$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "*** Usage: \$0 {start|stop|restart|status}"
exit 1
esac
exit 0
EOF
# Make the rc.wazuh-agent script executable
chmod +x /etc/rc.d/rc.wazuh-agent
# Start the Wazuh agent
/etc/rc.d/rc.wazuh-agent start
Script Breakdown
Set Environment Variable Permanently:
Checks if WAZUH_HOME is already set in /boot/config/go.
If not, it appends export WAZUH_HOME=/var/ossec to ensure it's set on every boot.
Set Environment Variable for Current Session:
Exports WAZUH_HOME=/var/ossec for the current session, making it immediately available.
Create Wazuh Group:
Checks if the wazuh group exists. If not, it creates it with groupadd.
Create Wazuh User:
Checks if the wazuh user exists. If not, it creates the user with:
Home directory: /var/ossec
Shell: /sbin/nologin
Group: wazuh
Install Wazuh Agent Package:
Installs the package located at /boot/config/plugins/wazuh-agent-4.9.1-unraid.txz using installpkg.
Set Permissions:
Changes ownership of /var/ossec to the wazuh user and group to ensure proper access rights.
Create Symlink for Configuration File:
Copies ossec.conf to /boot/config/plugins if it doesn't exist there.
Creates a symbolic link from /boot/config/plugins/ossec.conf to /etc/ossec.conf.
Create rc.wazuh-agent Script:
Writes a control script to /etc/rc.d/rc.wazuh-agent for managing the Wazuh agent service.
The script includes functions to start, stop, and check the status of the agent.
Make Script Executable:
Sets execute permissions on /etc/rc.d/rc.wazuh-agent.
Start Wazuh Agent:
Executes the start function of the control script to launch the Wazuh agent.
Step 6: Make Script Executable and Persistent
chmod +x /boot/config/plugins/install_wazuh_agent.sh
Add these lines to /boot/config/go to run at startup:
export WAZUH_HOME=/var/ossec
bash /boot/config/plugins/install_wazuh_agent.sh
Feel free to ask any questions or provide feedback!