Decided I was unhappy with the unsupported, very old school visualization OSSEC-WUI. It’s been unsupported for a while. There must be something new out there.
Lo an behold. Wazuh open source host and endpoint security
In general, the step-by-step instructions are clear and explicit. I had do some steps manually though.
1. Created the
wazuh.repo repository file
[wazuh_repo] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=CentOS-$releasever - Wazuh baseurl=https://packages.wazuh.com/yum/el/$releasever/$basearch protect=1
2. For NodeJS install, had to add ‘sudo’ in order for bash to run correctly
$ curl --silent --location https://rpm.nodesource.com/setup_6.x | sudo bash -
3. And I need Python 2.7. Python 2.6 is installed already for yum, but Wazuh wants 2.8.
$ yum install -y centos-release-scl $ yum install -y python27
4. Also had to create the
elastic.repo repository file
[elastic-5.x] name=Elastic repository for 5.x packages baseurl=https://artifacts.elastic.co/packages/5.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
But uh oh. I can’t run elasticsearch. Not enough memory. Hm.
So far, I have installed:
Hm. Maybe it’s time to admit that I’m overpaying for hosting with Rackspace – well, overpaying for what I need.
Time for another rabbit hole.