taylor_socfortress taylorwalton
taylorwalton
/ deploy_certs
Created
October 1, 2022 13:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir /etc/wazuh-indexer/certs | |
| tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem | |
| mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem | |
| mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem | |
| chmod 500 /etc/wazuh-indexer/certs | |
| chmod 400 /etc/wazuh-indexer/certs/* | |
| chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs |
taylorwalton
/ deploy_certs_dashboards
Created
October 1, 2022 13:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir /etc/wazuh-dashboard/certs | |
| tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem | |
| mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem | |
| mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem | |
| chmod 500 /etc/wazuh-dashboard/certs | |
| chmod 400 /etc/wazuh-dashboard/certs/* | |
| chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs |
taylorwalton
/ mogobd_repo
Last active
October 9, 2022 13:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - | |
| echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list | |
| sudo apt-get update | |
| sudo apt-get install -y mongodb-org | |
| sudo systemctl daemon-reload | |
| sudo systemctl enable mongod.service | |
| sudo systemctl restart mongod.service | |
| sudo systemctl --type=service --state=active | grep mongod |
taylorwalton
/ graylog_install
Created
October 8, 2022 14:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb | |
| sudo dpkg -i graylog-4.3-repository_latest.deb | |
| sudo apt-get update && sudo apt-get install graylog-server graylog-integrations-plugins |
taylorwalton
/ graylog_start
Created
October 8, 2022 14:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo systemctl daemon-reload | |
| sudo systemctl enable graylog-server.service | |
| sudo systemctl start graylog-server.service | |
| sudo systemctl --type=service --state=active | grep graylog |
taylorwalton
/ graylog_keystore
Created
October 8, 2022 14:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir /etc/graylog/server/certs | |
| cp -a /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts /etc/graylog/server/certs/cacerts | |
| keytool -importcert -keystore /etc/graylog/server/certs/cacerts -storepass changeit -alias root_ca -file /etc/graylog/server/certs/rootCA.crt |
taylorwalton
/ wazuh prerequisites
Created
October 13, 2022 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get install gnupg apt-transport-https | |
| curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list | |
| apt-get update |
taylorwalton
/ fluent-bit.conf
Created
October 13, 2022 13:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [SERVICE] | |
| flush 5 | |
| daemon Off | |
| log_level info | |
| parsers_file parsers.conf | |
| plugins_file plugins.conf | |
| http_server Off | |
| http_listen 0.0.0.0 | |
| http_port 2020 | |
| storage.metrics on |
taylorwalton
/ vuln_detection ossec.conf
Created
October 13, 2022 14:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <vulnerability-detector> | |
| <enabled>yes</enabled> | |
| <interval>5m</interval> | |
| <min_full_scan_interval>6h</min_full_scan_interval> | |
| <run_on_start>yes</run_on_start> | |
| <!-- Ubuntu OS vulnerabilities --> | |
| <provider name="canonical"> | |
| <enabled>yes</enabled> | |
| <os>trusty</os> |
taylorwalton
/ linux agent group
Created
October 13, 2022 14:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <agent_config> | |
| <client_buffer> | |
| <!-- Agent buffer options --> | |
| <disabled>no</disabled> | |
| <queue_size>5000</queue_size> | |
| <events_per_second>500</events_per_second> | |
| </client_buffer> | |
| <!-- Policy monitoring --> | |
| <rootcheck> | |
| <disabled>no</disabled> |
OlderNewer