🥳
DevOps
  • Intro
  • Docker
    • Installing Docker and Docker Compose on an Ubuntu server:
    • Cannot perform an interactive login from a non TTY device
  • Git & Github
    • Auto-merge in github
    • Basic Recon with github actions
  • Dotnet
    • Amazon Lightsail for ASP.NET Core
    • AWS CodeBuild DotNet Core
    • Dotnet runtime: 7.0.2
    • Unable to locate package dotnet-sdk-8.0
    • Deploy a Dotnet Web on Ubuntu with Nginx Reserve Proxy
    • Unexpected Absence of .NET Core Runtime
    • Dotnet Runtime Missing (Solved)
  • Nginx
    • Service deployment and monitoring
    • Connection reset by peer
    • Deploy APIs on Nginx webserver in Ubuntu
    • Hide Nginx Server Info
    • Issuing SSL Certificate
    • Understanding SameSite cookies
    • Apache Tomcat
  • Ansible
    • Introduction
    • Ansible modules
    • Ansible Playbook
    • Handle lots of servers at one time
  • Jenkins
    • Attach trivy report on email (jenkins pipeline)
    • ng not found error while docker build in jenkins pipeline (script)
    • Auto Trigger Jenkins Build /Jobs with github webhook
    • Gradle for jenkins
  • Terraform
    • Terraform installation
    • Install jenkins docker image with Terraform
  • AWS
    • Hands-on labs
      • EC2 instance using AWS CLI
      • How to Create a Security Group
      • How to Create an AWS GP3 Volume
      • Subnet Creation Guide
      • Allocate Elastic IP
      • Create EC2 Instance Guide
      • Switching EC2 Instance Type
      • Assign Elastic IP to EC2 Instance
      • Enable EC2 Instance Termination Protection
      • Attach ENI to EC2 Instance Easily
      • Attach AWS Volume to EC2 Instance
      • How to Stop an Amazon EC2 Instance
      • How to Create an IAM User
      • EC2 Console Read-Only IAM Policy
      • How to Attach IAM Policy to User
      • Create EC2 IAM Role with Policy Guide
      • How to Delete an IAM Group
      • How to Delete an IAM Role
      • Private S3 Bucket Setup Guide
      • How to Create Public S3 Bucket
      • Enable S3 Bucket Versioning
      • Move Data into Existing S3 Bucket
      • Manage S3 Bucket Data Efficiently
      • Public RDS Instance Guide
      • Snapshot Creation for RDS Instances
      • Upgrade MySQL in RDS Using AWS Console
      • Remove RDS Instance Safely
      • How to Create a VPC
      • Understanding VPC CIDR
      • VPC IPv6 Implementation Guide
      • Create Private S3 Bucket Using AWS CLI
      • AWS CLI: Launch EC2 Instance Guide
      • Change EC2 Instance Type Using AWS CLI
      • AWS CLI: Delete EC2 Instance Guide
      • Host Apps on EC2 with Elastic IP
      • Host Apps on EC2 with Elastic IP
      • Increase EC2 Storage for Development
      • Launch EC2 Instances with Custom AMIs
      • Application Load Balancer Setup for EC2
      • EC2 Instance Setup and Cloud Watch Alarm
      • Set Up EC2 Web Server with Nginx
      • Migrate S3 Buckets with AWS CLI
      • Private RDS Setup for Development Projects
      • RDS Instance: Allow Public Access
      • Set Up Public VPC and EC2 for Internet Access
    • Install the CodeDeploy agent for Ubuntu Server
    • S3 Bucket Misconfiguration
    • Cloud Security Resources
    • Extend a Linux file system after resizing a volume
    • userdata for instances
    • Amazon EC2 User Data Scripts Dashboard
    • Patch Manager
  • Apache Solr
    • Introduction
    • Data Import Handler (DIH)
    • Create Core & Add Data in Solr
    • Import csv, xml data & Delete data
  • Kubernetes
    • K8s
    • Deploying Pods in Kubernetes Made Easy
    • Kubernetes Deployment for App Deployment
    • Kubernetes: Setup Namespaces and PODs
    • Kubernetes Pod Resource Limiting Guide
    • Kubernetes Pod Resource Limiting Guide
    • Kubernetes Rolling Updates Guide
    • Revert Deployment to Previous Version
    • Kubernetes Cronjob Scheduling Guide
    • Kubernetes Countdown Job Setup Guide
    • Kubernetes Time Check Pod Setup Guide
  • Prometheus & Grafana
    • Prometheus Installation
    • Grafana Installation
    • Telegraf
    • Influx DB
    • Prometheus alert rules
    • Config sysinfo-web
  • Splunk
    • Introduction
    • Uses of Splunk
    • Install Splunk on AWS EC2 Instance
    • Indexes in Splunk
      • Basic Searching
  • Linux Security
    • Package in linux
    • ICMP vulnerability:
    • Tunnelmole
  • Wazuh
    • Introduction
    • Creating an infra using Terraform
    • Manually creating aws infra
    • Ansible servers
    • Ansible (master with worker)
    • Wazuh manager and agent
    • Kibana
Powered by GitBook
On this page
  • Ansible Project
  • Directory Structure
  • Prerequisites
  • Usage
  • Scripts Overview
  • Task Files
  1. Wazuh

Wazuh manager and agent

PreviousAnsible (master with worker)NextKibana

Last updated 4 months ago

Ansible Project

This repository contains Ansible playbooks, inventory, and scripts designed to automate the installation and configuration of Wazuh (Manager and Agent). This project simplifies setting up and managing these components in your environment.

Get the repo: 

git clone https://github.com/whoami-anoint/wazu/
cd ansible/

Directory Structure

ansible/
├── inventory
│   └── hosts                # Inventory file listing target systems
├── main.yml                 # Main Ansible playbook
├── scripts
│   ├── wazuh-agent-setup.sh # Script for setting up Wazuh Agent
│   └── wazuh-server-setup.sh # Script for setting up Wazuh Manager
├── tasks
│   ├── wazuh-agent.yml         # Task file for Wazuh Agent configuration
│   └── wazuh-setup.yml         # Task file for Wazuh Manager setup

Prerequisites

  1. Ansible Installed: Ensure Ansible is installed on your control node.

  2. SSH Access: Passwordless SSH access should be configured between the control node and target systems.

  3. Dependencies:

    • Target systems should have internet access to download necessary packages.

    • Ensure sudo privileges on target systems.

Usage

Step 1: Update the Inventory

Update the inventory/hosts file to define the target systems for the Wazuh Manager and Agent installation. Below is an example:

[wazuh_manager]
manager ansible_host=192.168.1.100 ansible_user=ubuntu
[wazuh_agent]
agent ansible_host=192.168.1.101 ansible_user=ubuntu

Use to ping the commands now:

ansible all -i inventory/hosts -m ping

Step 2: Customize Variables

If needed, customize the variables in the playbooks or scripts to match your environment.

Step 3: Run the Playbook

Execute the main playbook to set up Docker, Wazuh Manager, and Wazuh Agent:

ansible-playbook -i inventory/hosts main.yml
ansible-playbook -i inventory/hosts azuh-setup.yml
ansible-playbook -i inventory/hosts wazuh-agent.yml

Step 4: Verify Installation

  • For Wazuh Manager:

    • Ensure the Wazuh Manager service is running on the designated host.

  • For Wazuh Agent:

    • Verify the Wazuh Agent is connected to the Wazuh Manager.

Scripts Overview

  • wazuh-agent-setup.sh: Sets up the Wazuh Agent on the target system.

  • wazuh-server-setup.sh: Configures and starts the Wazuh Manager.

Task Files

  • wazuh-agent.yml: Configures Wazuh Agent on the target host.

  • wazuh-setup.yml: Configures Wazuh Manager.

On manager

On Wazuh agent

Pending tasks:

  • Need to be manually setup kibana which I will mention on page:

Kibana