使用docker安装wazuh
centos下安装wazuh
官方文档:
https://documentation.wazuh.com/3.9/installation-guide/installing-wazuh-manager/linux/centos/wazuh_server_packages_centos.html#wazuh-server-packages-centos
中文翻译版本:
https://www.cnblogs.com/backlion/p/10397092.html
需要改动此数值,不然wazuh/wazuh-elasticsearch:3.9.3_7.2.0这个容器会启动失败的.
max_map_count文件包含限制一个进程可以拥有的VMA(虚拟内存区域)的数量。虚拟内存区域是一个连续的虚拟地址空间区域。在进程的生命周期中,每当程序尝试在内存中映射文件,链接到共享内存段,或者分配堆空间的时候,这些区域将被创建。调优这个值将限制进程可拥有VMA的数量。限制一个进程拥有VMA的总数可能导致应用程序出错,因为当进程达到了VMA上线但又只能释放少量的内存给其他的内核进程使用时,操作系统会抛出内存不足的错误。如果你的操作系统在NORMAL区域仅占用少量的内存,那么调低这个值可以帮助释放内存给内核用。默认值是65535
262144是默认值的4倍.
sysctl -w vm.max_map_count=262144docker的官方指引
https://documentation.wazuh.com/3.9/docker/wazuh-container.html
首先要安装docker和docker-compose
- 安装依赖包
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2- 添加源
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo- 安装和启动
sudo yum-config-manager --enable docker-ce-nightly
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start dockerdocker-compose安装:
安装和测试docker-compose
官网文档 https://docs.docker.com/compose/install/
- 下载docker-compose可执行文件
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - 设可执行权限
sudo chmod +x /usr/local/bin/docker-compose - 软连接到/usr/bin
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose - 查看安装是否成功
docker-compose --version
- 下载docker-compose可执行文件
使用docker-compose安装
- 下载
Wazuh repository
git clone https://github.com/wazuh/wazuh-docker.git -b 3.9.5_7.2.1 --single-branch使用后台安装
docker-compose up -d
默认端口
1514 Wazuh UDP 1515 Wazuh TCP 514 Wazuh UDP 55000 Wazuh API 9200 Elasticsearch HTTP 80 Nginx http 443 Nginx https
官方的k8s部署.(照搬来了)
Deployment
Clone this repository to deploy the necessary services and pods.
$ git clone https://github.com/wazuh/wazuh-kubernetes.git $ cd wazuh-kubernetes3.1. Wazuh namespace and StorageClass
The Wazuh namespace is used to handle all the Kubernetes elements (services, deployments, pods) necessary for Wazuh. In addition, you must create a StorageClass to use AWS EBS storage in our StatefulSet applications.
$ kubectl apply -f base/wazuh-ns.yaml $ kubectl apply -f base/aws-gp2-storage-class.yaml3.2. Deploy Elasticsearch
$ kubectl apply -f elastic_stack/elasticsearch/elasticsearch-svc.yaml $ kubectl apply -f elastic_stack/elasticsearch/elasticsearch-api-svc.yaml $ kubectl apply -f elastic_stack/elasticsearch/elasticsearch-sts.yaml3.3. Deploy Kibana and Nginx
In case you need to provide a domain name, update the domainName annotation value in the
nginx-svc.yamlfile before deploying that service. You should also set a valid AWS ACM certificate ARN in thenginx-svc.yamlfor the service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation. That certificate should match with the domainName.$ kubectl apply -f elastic_stack/kibana/kibana-svc.yaml $ kubectl apply -f elastic_stack/kibana/nginx-svc.yaml $ kubectl apply -f elastic_stack/kibana/kibana-deploy.yaml $ kubectl apply -f elastic_stack/kibana/nginx-deploy.yaml3.4. Deploy Logstash
$ kubectl apply -f elastic_stack/logstash/logstash-svc.yaml $ kubectl apply -f elastic_stack/logstash/logstash-deploy.yamlDeploy Wazuh
$ kubectl apply -f wazuh_managers/wazuh-master-svc.yaml $ kubectl apply -f wazuh_managers/wazuh-cluster-svc.yaml $ kubectl apply -f wazuh_managers/wazuh-workers-svc.yaml $ kubectl apply -f wazuh_managers/wazuh-master-conf.yaml $ kubectl apply -f wazuh_managers/wazuh-worker-0-conf.yaml $ kubectl apply -f wazuh_managers/wazuh-worker-1-conf.yaml $ kubectl apply -f wazuh_managers/wazuh-master-sts.yaml $ kubectl apply -f wazuh_managers/wazuh-worker-0-sts.yaml $ kubectl apply -f wazuh_managers/wazuh-worker-1-sts.yaml
Verifying the deployment
Namespace
$ kubectl get namespaces | grep wazuh wazuh Active 12m
Services
$ kubectl get services -n wazuh NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE elasticsearch ClusterIP xxx.yy.zzz.249200/TCP 12m kibana ClusterIP xxx.yy.zzz.76 5601/TCP 11m logstash ClusterIP xxx.yy.zzz.41 5000/TCP 10m wazuh LoadBalancer xxx.yy.zzz.209 internal-a7a8... 1515:32623/TCP,55000:30283/TCP 9m wazuh-cluster ClusterIP None 1516/TCP 9m wazuh-elasticsearch ClusterIP None 9300/TCP 12m wazuh-nginx LoadBalancer xxx.yy.zzz.223 internal-a3b1... 80:31831/TCP,443:30974/TCP 11m wazuh-workers LoadBalancer xxx.yy.zzz.26 internal-a7f9... 1514:31593/TCP 9m
Deployments
$ kubectl get deployments -n wazuh NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE wazuh-kibana 1 1 1 1 11m wazuh-logstash 1 1 1 1 10m wazuh-nginx 1 1 1 1 11m
Statefulset
$ kubectl get statefulsets -n wazuh NAME DESIRED CURRENT AGE wazuh-elasticsearch 1 1 13m wazuh-manager-master 1 1 9m wazuh-manager-worker-0 1 1 9m wazuh-manager-worker-1 1 1 9m
Pods
$ kubectl get pods -n wazuh NAME READY STATUS RESTARTS AGE wazuh-elasticsearch-0 1/1 Running 0 15m wazuh-kibana-f4d9c7944-httsd 1/1 Running 0 14m wazuh-logstash-777b7cd47b-7cxfq 1/1 Running 0 13m wazuh-manager-master-0 1/1 Running 0 12m wazuh-manager-worker-0-0 1/1 Running 0 11m wazuh-manager-worker-1-0 1/1 Running 0 11m wazuh-nginx-748fb8494f-xwwhw 1/1 Running 0 14m
Accesing Kibana
In case you created domain names for the services, you should be able to access Kibana using the proposed domain name:
https://wazuh.your-domain.com.Also, you can access using the DNS (Eg:
https://internal-xxx-yyy.us-east-1.elb.amazonaws.com):$ kubectl get services -o wide -n wazuh NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR wazuh-nginx LoadBalancer xxx.xx.xxx.xxx internal-xxx-yyy.us-east-1.elb.amazonaws.com 80:3