trevormiller6 Posted January 16, 2020 Share Posted January 16, 2020 Trying to create one for wazuh which is a free and open source endpoint solution. https://wazuh.com/ I get how to expose ports and volumes but what about all the RUN and COPY commands? Any help would be awesome! Docker file: https://hub.docker.com/r/wazuh/wazuh/dockerfile Quote Link to comment
Squid Posted January 16, 2020 Share Posted January 16, 2020 https://forums.unraid.net/topic/57181-docker-faq/page/2/#comment-566095 1 Quote Link to comment
trevormiller6 Posted January 16, 2020 Author Share Posted January 16, 2020 1 hour ago, Squid said: https://forums.unraid.net/topic/57181-docker-faq/page/2/#comment-566095 Thanks for the reply! So as an example i would just add the below into the extra parameters field? RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \ curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \ curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \ echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \ echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \ groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec Quote Link to comment
Squid Posted January 16, 2020 Share Posted January 16, 2020 No, since there isn't an adequate docker run command listed in the docker page, you'd want to use these instructions instead https://forums.unraid.net/topic/36057-noobie-docker-setup-guide/#comment-345882 Quote Link to comment
trevormiller6 Posted January 17, 2020 Author Share Posted January 17, 2020 3 hours ago, Squid said: No, since there isn't an adequate docker run command listed in the docker page, you'd want to use these instructions instead https://forums.unraid.net/topic/36057-noobie-docker-setup-guide/#comment-345882 haha i was way over thinking it. I thought i had to replicate the dockerfile in the template but i just needed the paths ports and variables and unraid still runs the docker file. I was confused, the below worked just fine. Thanks for the help! Quote Link to comment
surfshack66 Posted February 15, 2020 Share Posted February 15, 2020 @trevormiller6 Are you running the other wazuh containers or just this? I have separate instances of elasticsearch, kibana, and logstash so I'm trying to integrate this container into my existing stack. Quote Link to comment
trevormiller6 Posted February 15, 2020 Author Share Posted February 15, 2020 7 hours ago, surfshack66 said: @trevormiller6 Are you running the other wazuh containers or just this? I have separate instances of elasticsearch, kibana, and logstash so I'm trying to integrate this container into my existing stack. This is the wazuh server and then you would install the kibana app in your case or if using splunk you would install the splunk app. From the app you connect to the server using the API. The app serves as the UI for wazuh. Quote Link to comment
surfshack66 Posted February 16, 2020 Share Posted February 16, 2020 21 hours ago, trevormiller6 said: This is the wazuh server and then you would install the kibana app in your case or if using splunk you would install the splunk app. From the app you connect to the server using the API. The app serves as the UI for wazuh. So to answer my original question it sounds like you're running their elastic stack as opposed to the official kibana, logstash, and elasticsearch. Quote Link to comment
trevormiller6 Posted February 17, 2020 Author Share Posted February 17, 2020 4 hours ago, surfshack66 said: So to answer my original question it sounds like you're running their elastic stack as opposed to the official kibana, logstash, and elasticsearch. No I am running splunk Enterprise... Wazuh has a splunk app that you install in splunk. Here is the documentation for kibana. https://documentation.wazuh.com/3.11/user-manual/kibana-app/ Quote Link to comment
guruleenyc Posted September 13, 2020 Share Posted September 13, 2020 This is definitely something I'm interested in. However, I'd like to see support for the Wazuh agent on unraid for logs and HIDS to Wazuh Manager running on a distributed separate system. Has anyone try to compile the agent on the Unraid OS? Quote Link to comment
jabajames Posted June 29, 2021 Share Posted June 29, 2021 On 9/13/2020 at 12:26 PM, guruleenyc said: This is definitely something I'm interested in. However, I'd like to see support for the Wazuh agent on unraid for logs and HIDS to Wazuh Manager running on a distributed separate system. Has anyone try to compile the agent on the Unraid OS? Also interested in this although note this is a post from some time ago. @guruleenyc did you get an reply on this? Quote Link to comment
Mad_Scientist Posted July 25, 2023 Share Posted July 25, 2023 On 1/16/2020 at 2:29 PM, trevormiller6 said: Trying to create one for wazuh which is a free and open source endpoint solution. https://wazuh.com/ I get how to expose ports and volumes but what about all the RUN and COPY commands? Any help would be awesome! Docker file: https://hub.docker.com/r/wazuh/wazuh/dockerfile could you outline the steps to get this working? I ended up copying the contents of the "single node" git download to the unraid docker projects folder. this put the .yml file in the correct place and it shows up in unraid, and the stack does start. however, the previous step of generating certs i didn manually in terminal and it failed so ultimately the stack didnt do anything. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.