差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

兩邊的前次修訂版 前次修改
下次修改		 前次修改
tech:wazuh [2023/12/06 11:53] – [參考網址] jonathantech:wazuh [2025/01/19 08:47] (目前版本) – [Agent 端] jonathan
行 10: 行 10:
 echo "vm.max_map_count = 262144" >> /etc/sysctl.conf echo "vm.max_map_count = 262144" >> /etc/sysctl.conf
 </cli> </cli>
-  * 安裝 Wazuh v4.6.0 <cli> +  * 安裝 Wazuh v4.7.0 <cli> 
-git clone https://github.com/wazuh/wazuh-docker.git -b v4.6.0+git clone https://github.com/wazuh/wazuh-docker.git -b v4.7.0
 cd wazuh-docker/single-node/ cd wazuh-docker/single-node/
 docker compose -f generate-indexer-certs.yml run --rm generator docker compose -f generate-indexer-certs.yml run --rm generator
行 20: 行 20:
  
 ===== 設定啟用 ===== ===== 設定啟用 =====
 +==== Server 端 ====
   * 其他文件提到修改 /var/ossec/etc/ossec.conf 需要修改 ~/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf 然後重啟 docker compse   * 其他文件提到修改 /var/ossec/etc/ossec.conf 需要修改 ~/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf 然後重啟 docker compse
 +==== Agent 端 ====
 +=== 安裝 Agent 方式 ===
 +  * Exp. Wazuh Server IP : 10.20.2.38
 +== Ubuntu / Debian ==
 +  * <cli>
 +apt install lsb-release && wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.7.0-1_amd64.deb && WAZUH_MANAGER='10.20.2.38' dpkg -i ./wazuh-agent_4.7.0-1_amd64.deb
 +systemctl daemon-reload
 +systemctl enable wazuh-agent
 +systemctl restart wazuh-agent
 +</cli>
 +
 +== Alpine ==
 +  * <cli>
 +wget -O /etc/apk/keys/[email protected] https://packages.wazuh.com/key/alpine-devel%40wazuh.com-633d7457.rsa.pub
 +echo "https://packages.wazuh.com/4.x/alpine/v3.12/main" >> /etc/apk/repositories
 +apk update
 +apk add wazuh-agent
 +export WAZUH_MANAGER="10.20.2.38" && sed -i "s|MANAGER_IP|$WAZUH_MANAGER|g" /var/ossec/etc/ossec.conf
 +/var/ossec/bin/wazuh-control start
 +sed -i "s|^https://packages.wazuh.com|#https://packages.wazuh.com|g" /etc/apk/repositories
 +</cli>
 +
 +=== 修改 Agent 端設定 ===
 +  * Linux Agent 主要安裝路徑 /var/ossec
 +  * 修改 ossec.conf 檔 -> /var/ossec/etc/ossec.conf
 +  * 修改後重啟 Agent <cli>systemctl restart wazuh-agent</cli>
 +
 +=== 移除 Agent 方式 ===
 +  * ref - https://documentation.wazuh.com/current/installation-guide/uninstalling-wazuh/agent.html#uninstalling-linux-agent
 +== Ubuntu / Debian ==
 +  * <cli>
 +apt remove --purge wazuh-agent
 +</cli>
 +== alpine ==
 +  * <cli>
 +/var/ossec/bin/wazuh-control stop
 +apk del wazuh-agent
 +rm -rf /var/ossec
 +rm /etc/apk/keys/[email protected]
 +sed -i '/packages.wazuh.com/d' /etc/apk/repositories
 +</cli>
 +
 ===== 參考網址 ===== ===== 參考網址 =====
   * https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html   * https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html
  • tech/wazuh.1701834812.txt.gz
  • 上一次變更: 2023/12/06 11:53
  • jonathan