How to install ubuntu on RaspberryPi: Timeframe 3:40-7:45 of this video https://www.youtube.com/watch?v=SJ7FbxVS_gY
How to install ubuntu server on virtual machine: https://www.youtube.com/watch?v=YtH9D2SqBqA
Setting up the backend
Wazuh Documentation: https://documentation.wazuh.com/current/quickstart.html
Switch to root user: sudo su
One line install script: curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
Access your Wazuh dashboard with https://your-wazuh-ip
Setting up agents on the endpoints--
Switch to root user: sudo su
Run the agent installation command
Run the agent start command
Edit the wazuh config file on the endpoint: nano /var/ossec/etc/ossec.conf
Make sure you wazuh server address is correct on your config file
The audit log block can be found here https://documentation.wazuh.com/current/user-manual/capabilities/system-calls-monitoring/audit-configuration.html
Restart Wazuh agent after changing config file: systemctl restart wazuh-agent.service
Install Auditd on your enpoint: apt install auditd
Edit AuditD rules: nano /etc/audit/rules.d/audit.rules
Add 2 rules:
-a exit,always -F arch=b64 -F euid=0 -S execve -k audit-wazuh-c
-a exit,always -F arch=b32 -F euid=0 -S execve -k audit-wazuh-c
Reload the auditd rules: auditctl -R /etc/audit/rules.d/audit.rules
Follow me on Twitter: https://twitter.com/ModoTech2021
Join me on Discord: https://discord.io/ModoTech
Buy me a beer with ETH
0xE76753910b631ace1412Ede7D88E7a73779ca35f
Buy me a beer with FLUX
t1VWvzYBe9eJ3iaKiQuFbC6dkCFT77911jU
Disclaimer:
I'm required by my HR to state that everything published by me in this channel is my personal opinion and is not intended to convey the official views of my employer.
This channel does not provide any financial or legal advice. Everything is for educational and entertainment purposes only.
12 Comments