docker-wazuh-agent

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Description

Wazuh Agent as Docker Image with auto registration on Wazuh server.

As well as local docker You can deploy the image to Kubernetes as DaemonSet.

Current agent version is 4.0.4

Environments

JOIN_MANAGER_PROTOCOL - http or https, default https

JOIN_MANAGER_MASTER_HOST - Ip address or Domain name of Wazuh server

JOIN_MANAGER_WORKER_HOST - Ip address or Domain name of Wazuh worker

JOIN_MANAGER_USER - Username for authorization on Wazuh server

JOIN_MANAGER_PASSWORD - Password for authorization

JOIN_MANAGER_API_PORT - Wazuh server api port, default 55000

JOIN_MANAGER_PORT - Wazuh server port for communication between agent and server, defaul 1514

NODE_NAME - Node name if not present image will use HOSTNAME system variable

HEALTH_CHECK_PROCESSES - process list for health checks determinate by comma

VIRUS_TOTAL_KEY - Api key for VirusTotal integration

FLASK_DEBUG - Switch on Flask debug, default 0

Run as docker image

The Simplest way of running the container

docker run --rm kennyopennix/wazuh-agent:latest

Advanced usage

docker run -d --name wazuh -v /:/rootfs:ro --net host --hostname ${HOSTNAME} \
-e JOIN_MANAGER_MASTER_HOST=172.17.0.1 -e JOIN_MANAGER_WORKER_HOST=172.17.0.1 \
-e JOIN_PASSWORD=test123 -e JOIN_MANAGER_USER=user \
-v /etc/os-release:/etc/os-release -v /var/run/docker.sock:/var/run/docker.sock \
 kennyopennix/wazuh-agent:latest

Run as Kubernetes DaemonSet

Setup environments in wazuh-daemon-sets.yaml like above.

Example:

env:
    - name: JOIN_MANAGER
      value: "wazuh.wazuh.svc.cluster.local"
    - name: JOIN_MANAGER_MASTER_HOST
      value: "wazuh.wazuh.svc.cluster.local"
    - name: JOIN_MANAGER_WORKER_HOST
      value: "wazuh-workers.wazuh.svc.cluster.local"
    - name: JOIN_MANAGER_PROTOCOL
      value: "https"
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          fieldPath: spec.nodeName
    - name: WAZUH_GROUPS
      value: default
    - name: JOIN_PASSWORD
      value: password
    - name: JOIN_MANAGER_USER
      valueFrom:
       secretKeyRef:
         name: wazuh-api-cred
         key: username
    - name: JOIN_MANAGER_PASSWORD
      valueFrom:
        secretKeyRef:
          name: wazuh-api-cred
          key: password
    - name: JOIN_MANAGER_API_PORT
      value: "55000"
    - name: JOIN_MANAGER_PORT
      value: "1514"
    - name: HEALTH_CHECK_PROCESSES
      value: "ossec-execd,ossec-syscheckd,ossec-logcollector,wazuh-modulesd,ossec-authd"

And apply template kubectl -f wazuh-daemon-sets.yaml DaemonSet will deploy to wazuh namespace.

Build docker image

docker build . -t wazuh-agent:latest

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.dockerignore		.dockerignore
.flake8		.flake8
.gitignore		.gitignore
.pep8		.pep8
.pre-commit-config.yaml		.pre-commit-config.yaml
Dockerfile		Dockerfile
Makefile		Makefile
README.md		README.md
local_internal_options.jinja2		local_internal_options.jinja2
ossec.jinja2		ossec.jinja2
register_agent.py		register_agent.py
requirements.txt		requirements.txt
wazuh-daemonset.yaml		wazuh-daemonset.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

docker-wazuh-agent

Description

Environments

Run as docker image

Run as Kubernetes DaemonSet

Build docker image

About

Releases

Packages

Languages

yehaotong/docker-wazuh-agent

Folders and files

Latest commit

History

Repository files navigation

docker-wazuh-agent

Description

Environments

Run as docker image

Run as Kubernetes DaemonSet

Build docker image

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages