Last active
March 26, 2020 21:19
-
-
Save austinsonger/9f5f30c67d883d5433823eecc002ba64 to your computer and use it in GitHub Desktop.
Install Wazuh - Centos
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
yum update -y | |
yum upgrade -y | |
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u172-b11/a58eab1ec242421181065cdc37240b08/jdk-8u172-linux-x64.rpm" | |
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u172-b11/a58eab1ec242421181065cdc37240b08/jre-8u172-linux-x64.rpm" | |
https://download.oracle.com/otn/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jdk-8u202-linux-x64.rpm | |
https://download.oracle.com/otn/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm | |
rpm -ivh jdk-8u172-linux-x64.rpm | |
rpm -ivh jre-8u172-linux-x64.rpm | |
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
echo "[logstash-7.x] | |
name=Elastic repository for 7.x packages | |
baseurl=https://artifacts.elastic.co/packages/7.x/yum | |
gpgcheck=1 | |
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
enabled=1 | |
autorefresh=1 | |
type=rpm-md" > /etc/yum.repos.d/elasticsearch.repo | |
yum update -y | |
yum -y install elasticsearch-7.4.0 kibana-7.4.0 logstash-7.4.0 | |
chkconfig --add kibana | |
chkconfig --add logstash | |
chkconfig --add elasticsearch | |
chkconfig logstash on | |
chkconfig elasticsearch on | |
chkconfig kibana on | |
/usr/share/logstash/bin/logstash-plugin install logstash-output-email | |
echo "cluster.name: elk01 | |
node.name: elk01-nodo01 | |
bootstrap.memory_lock: true | |
network.host: 127.0.0.1" >> /etc/elasticsearch/elasticsearch.yml | |
sed -i 's/-Xms1g/-Xms32g/g' /etc/elasticsearch/jvm.options | |
sed -i 's/-Xmx1g/-Xmx32g/g' /etc/elasticsearch/jvm.options | |
echo "ES_HOME=/usr/share/elasticsearch | |
CONF_DIR=/etc/elasticsearch | |
DATA_DIR=/var/lib/elasticsearch | |
LOG_DIR=/var/log/elasticsearch | |
PID_DIR=/var/run/elasticsearch | |
ES_USER=elasticsearch | |
ES_GROUP=elasticsearch | |
ES_STARTUP_SLEEP_TIME=5 | |
MAX_OPEN_FILES=9965536" >> /etc/sysconfig/elasticsearch | |
echo 'server.port: 5601 | |
server.host: "localhost" | |
server.name: "ELK01" | |
elasticsearch.url: "http://localhost:9200" | |
elasticsearch.preserveHost: true | |
kibana.index: ".kibana" | |
kibana.defaultAppId: "discover"' >> /etc/kibana/kibana.yml | |
service elasticsearch start | |
service kibana start | |
cat > /etc/yum.repos.d/wazuh.repo <<\EOF | |
[wazuh_repo] | |
gpgcheck=1 | |
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH | |
enabled=1 | |
name=Wazuh repository | |
baseurl=https://packages.wazuh.com/3.x/yum/ | |
protect=1 | |
EOF | |
yum update | |
yum -y install wazuh-manager | |
service wazuh-manager status | |
curl --silent --location https://rpm.nodesource.com/setup_10.x | bash - | |
yum install -y nodejs | |
python --version | |
netstat -tapn | grep LISTEN | |
yum -y install wazuh-api | |
service wazuh-api status | |
curl https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-alerts.json | curl -XPUT 'http://localhost:9200/_template/wazuh' -H 'Content-Type: application/json' -d @- | |
curl -so /etc/logstash/conf.d/01-wazuh.conf https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/logstash/01-wazuh-local.conf | |
chown logstash:logstash /etc/logstash/conf.d/01-wazuh.conf | |
usermod -a -G ossec logstash | |
systemctl daemon-reload | |
export NODE_OPTIONS="--max-old-space-size=3072" | |
/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.10.2_7.4.0.zip | |
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/elasticsearch.repo | |
node /var/ossec/api/configuration/auth/htpasswd -c /var/ossec/api/configuration/auth/user manager | |
service wazuh-api restart | |
echo "PASSWORD" /var/ossec/etc/authd.pass | |
/var/ossec/bin/ossec-authd -i -P -a | |
firewall-cmd --permanent --add-port=1515/tcp | |
firewall-cmd --permanent --add-port=1514/udp | |
firewall-cmd --reload | |
service logstash start | |
service kibana restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment