|
|
|
|
@ -73,21 +73,22 @@ pushd .
@@ -73,21 +73,22 @@ pushd .
|
|
|
|
|
cd /opt/mistborn |
|
|
|
|
|
|
|
|
|
# ensure group exists |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml exec wazuh /var/ossec/bin/agent_groups -a -g suricata -q 2>/dev/null |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml exec -T wazuh /var/ossec/bin/agent_groups -a -g suricata -q 2>/dev/null |
|
|
|
|
|
|
|
|
|
# add this host to group |
|
|
|
|
WAZUH_ID=$(sudo docker-compose -f extra/wazuh.yml exec wazuh /var/ossec/bin/manage_agents -l | egrep ^\ *ID | grep $(hostname) | awk '{print $2}' | tr -d ',') |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml exec wazuh /var/ossec/bin/agent_groups -a -i ${WAZUH_ID} -g suricata -q |
|
|
|
|
WAZUH_ID=$(sudo docker-compose -f extra/wazuh.yml exec -T wazuh /var/ossec/bin/manage_agents -l | egrep ^\ *ID | grep $(hostname) | awk '{print $2}' | tr -d ',') |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml exec -T wazuh /var/ossec/bin/agent_groups -a -i ${WAZUH_ID} -g suricata -q |
|
|
|
|
|
|
|
|
|
# write agent.conf |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml exec wazuh cat > /var/ossec/etc/shared/linux/agent.conf << EOF |
|
|
|
|
AGENT_CONFIG=" |
|
|
|
|
<agent_config> |
|
|
|
|
<localfile> |
|
|
|
|
<log_format>json</log_format> |
|
|
|
|
<location>/var/log/suricata/eve.json</location> |
|
|
|
|
</localfile> |
|
|
|
|
</agent_config> |
|
|
|
|
EOF |
|
|
|
|
" |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml exec -T wazuh bash -c "echo ${AGENT_CONFIG} > /var/ossec/etc/shared/suricata/agent.conf" |
|
|
|
|
|
|
|
|
|
# restart manager |
|
|
|
|
sudo docker-compose -f extra/wazuh.yml restart wazuh |
|
|
|
|
|
Steven Foerster
5 years ago