X marks the spot

random commentary on life, the universe, and anything

Open source projects have the craziest names – Wazuh

| 0 comments

Decided I was unhappy with the unsupported, very old school visualization OSSEC-WUI. It’s been unsupported for a while. There must be something new out there.

Lo an behold. Wazuh open source host and endpoint security

Great documentation:
Migrating OSSEC manager installed from packages
Install Wazuh server with RPM packages

In general, the step-by-step instructions are clear and explicit. I had do some steps manually though.

1. Created the wazuh.repo repository file /etc/yum.repos.d/wazuh.repo

[wazuh_repo]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=CentOS-$releasever - Wazuh
baseurl=https://packages.wazuh.com/yum/el/$releasever/$basearch
protect=1

2. For NodeJS install, had to add ‘sudo’ in order for bash to run correctly

$ curl --silent --location https://rpm.nodesource.com/setup_6.x | sudo bash -

3. And I need Python 2.7. Python 2.6 is installed already for yum, but Wazuh wants 2.8.

$ yum install -y centos-release-scl
$ yum install -y python27

4. Also had to create the elastic.repo repository file /etc/yum.repos.d/elastic.repo

[elastic-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

But uh oh. I can’t run elasticsearch. Not enough memory. Hm.

So far, I have installed:

wazuh-manager
wazuh-api
filebeat
elastisearch

Hm. Maybe it’s time to admit that I’m overpaying for hosting with Rackspace – well, overpaying for what I need.

Time for another rabbit hole.

Leave a Reply