Skip to content

alonsobsd/wazuh-agent-makejail

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
files
files
 
 
options
options
 
 
LICENSE
LICENSE
 
 
Makejail
Makejail
 
 
README.md
README.md
 
 

Repository files navigation

wazuh-agent-makejail

Wazuh-agent makejail is a AppJail file AppJail-makejail used by deploy a testing Wazuh agent on FreeBSD. The principal goals are helps us to fast way install, configure and run wazuh-agent into a FreeBSD jail. It can be helpful for monitoring jail containers. Take on mind this container as is must be used by testing/learning purpose and it is not recommended for production because it has a minimal configuration for run wazuh.

image

image

Requirements

Before you can install wazuh-agent you need a working wazuh-manager running and some other configurations. For deploy a wazuh single-node cluster (including wazuh-manager) you can use my wazuh-makejail. For testing purpose you can use the same FreeBSD host for install wazuh-manager and wazuh-agent.

Enable Packet filter

We need add somes lines to /etc/rc.conf

# sysrc pf_enable="YES"
# sysrc pflog_enable="YES"

# cat << "EOF" >> /etc/pf.conf
nat-anchor 'appjail-nat/jail/*'
nat-anchor "appjail-nat/network/*"
rdr-anchor "appjail-rdr/*"
EOF
# service pf reload
# service pf restart
# service pflog restart

rdr-anchor section is necessary for use dynamic redirect from jails

Enable forwarding

# sysrc gateway_enable="YES"
# sysctl net.inet.ip.forwarding=1

Bootstrap a FreeBSD version

Before you can begin creating containers, AppJail needs fetch and extract components for create jails. If you are creating FreeBSD jails it must be a version equal or lesser than your host version. In this example we will create a 13.2-RELEASE bootstrap

# appjail fetch

Create a virtualnet

Create a virtualnet for add wazuh-agent jail from wazuh-agent makejail. Otherwise you can use your own virtualnet if you created it previously

# appjail network add wazuh-net 10.0.0.0/24

it will create a bridge named wazuh-net in where wazuh-agent jail epair interfaces will be attached. By default wazuh-agent-makejail will use NAT for internet outbound. Do not forget added a pass rule to /etc/pf.conf because wazuh-agent-makefile will try to download and install packages and some another resources for configuration of it

pass out quick on wazuh-net inet proto { tcp udp } from 10.0.0.3 to any

Also, you need add a rule for permit pass traffic from wazuh-net (10.0.0.0/24) network to wazuh-manager. In this example, wazuh-manager is running at 10.0.0.2

pass in inet proto { tcp udp } from 10.0.0.0/24 to 10.0.0.2

Create a lightweight container system

Create a container named agent01 with a private IP address 10.0.0.3. Take on mind IP address must be part of wazuh-net network

# appjail makejail -f gh+alonsobsd/wazuh-agent-makejail -j agent01 -- --network wazuh-net --agent_ip 10.0.0.3 --agent_name agent01 --server_ip 10.0.0.2 --enrollment managerpasswordenrollment

When it is done, agent01 (10.0.0.3) will try connect to wazuh-manager (10.0.0.2) for auth process. Both using wazuh-net like virtualnet

License

This project is licensed under the BSD-3-Clause license.

About

Wazuh-agent appjail makejail container

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published