Help creating a template for Wazuh


Recommended Posts

1 hour ago, Squid said:

 

Thanks for the reply! So as an example i would just add the below into the extra parameters field?

RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
   curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
   echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
   echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
   groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec

 

Link to comment
3 hours ago, Squid said:

No, since there isn't an adequate docker run command listed in the docker page, you'd want to use these instructions instead

 

https://forums.unraid.net/topic/36057-noobie-docker-setup-guide/#comment-345882

 

 

haha i was way over thinking it. I thought i had to replicate the dockerfile in the template but i just needed the paths ports and variables and unraid still runs the docker file. I was confused, the below worked just fine.  Thanks for the help!

 

wazuh_unraid.thumb.PNG.f1e35cc247cfdbf111df350b4ccda2e3.PNG

Link to comment
  • 5 weeks later...
7 hours ago, surfshack66 said:

@trevormiller6 Are you running the other wazuh containers or just this? I have separate instances of elasticsearch, kibana, and logstash so I'm trying to integrate this container into my existing stack.

This is the wazuh server and then you would install the kibana app in your case or if using splunk you would install the splunk app. From the app you connect to the server using the API. The app serves as the UI for wazuh.

Link to comment
21 hours ago, trevormiller6 said:

This is the wazuh server and then you would install the kibana app in your case or if using splunk you would install the splunk app. From the app you connect to the server using the API. The app serves as the UI for wazuh.

So to answer my original question it sounds like you're running their elastic stack as opposed to the official kibana, logstash, and elasticsearch.

 

Link to comment
4 hours ago, surfshack66 said:

So to answer my original question it sounds like you're running their elastic stack as opposed to the official kibana, logstash, and elasticsearch.

 

No I am running splunk Enterprise... Wazuh has a splunk app that you install in splunk.

 

Here is the documentation for kibana.

https://documentation.wazuh.com/3.11/user-manual/kibana-app/

Link to comment
  • 6 months later...
  • 9 months later...
On 9/13/2020 at 12:26 PM, guruleenyc said:

This is definitely something I'm interested in. However, I'd like to see support for the Wazuh agent on unraid for logs and HIDS to Wazuh Manager running on a distributed separate system. Has anyone try to compile the agent on the Unraid OS? 

Also interested in this although note this is a post from some time ago. @guruleenyc did you get an reply on this?

Link to comment
  • 2 years later...
On 1/16/2020 at 2:29 PM, trevormiller6 said:

Trying to create one for wazuh which is a free and open source endpoint solution. https://wazuh.com/

I get how to expose ports and volumes but what about all the RUN and COPY commands? Any help would be awesome!

 

Docker file:
https://hub.docker.com/r/wazuh/wazuh/dockerfile

could you outline the steps to get this working?   I ended up copying the contents of the "single node"  git download to the unraid docker projects folder. this put the .yml file in the correct place and it shows up in unraid, and the stack does start. however, the previous step of generating certs i didn manually in terminal and it failed so ultimately the stack didnt do anything. 

  • Upvote 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.