Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
Wazuh Agent as Docker Image with auto registration on Wazuh server.
As well as local docker You can deploy the image to Kubernetes as DaemonSet.
Current agent version is 4.0.4
JOIN_MANAGER_PROTOCOL
- http or https, default https
JOIN_MANAGER_MASTER_HOST
- Ip address or Domain name of Wazuh server
JOIN_MANAGER_WORKER_HOST
- Ip address or Domain name of Wazuh worker
JOIN_MANAGER_USER
- Username for authorization on Wazuh server
JOIN_MANAGER_PASSWORD
- Password for authorization
JOIN_MANAGER_API_PORT
- Wazuh server api port, default 55000
JOIN_MANAGER_PORT
- Wazuh server port for communication between agent and server,
defaul 1514
NODE_NAME
- Node name if not present image will use HOSTNAME
system variable
HEALTH_CHECK_PROCESSES
- process list for health checks determinate by comma
VIRUS_TOTAL_KEY
- Api key for VirusTotal integration
FLASK_DEBUG
- Switch on Flask debug, default 0
The Simplest way of running the container
docker run --rm kennyopennix/wazuh-agent:latest
Advanced usage
docker run -d --name wazuh -v /:/rootfs:ro --net host --hostname ${HOSTNAME} \
-e JOIN_MANAGER_MASTER_HOST=172.17.0.1 -e JOIN_MANAGER_WORKER_HOST=172.17.0.1 \
-e JOIN_PASSWORD=test123 -e JOIN_MANAGER_USER=user \
-v /etc/os-release:/etc/os-release -v /var/run/docker.sock:/var/run/docker.sock \
kennyopennix/wazuh-agent:latest
Setup environments in wazuh-daemon-sets.yaml
like above.
Example:
env:
- name: JOIN_MANAGER_MASTER_HOST
value: "wazuh.wazuh.svc.cluster.local"
- name: JOIN_MANAGER_WORKER_HOST
value: "wazuh-workers.wazuh.svc.cluster.local"
- name: JOIN_MANAGER_PROTOCOL
value: "https"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: WAZUH_GROUPS
value: default
- name: JOIN_MANAGER_USER
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: username
- name: JOIN_MANAGER_PASSWORD
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: password
- name: JOIN_MANAGER_API_PORT
value: "55000"
- name: JOIN_MANAGER_PORT
value: "1514"
- name: HEALTH_CHECK_PROCESSES
value: "ossec-execd,ossec-syscheckd,ossec-logcollector,wazuh-modulesd,ossec-authd"
And apply template kubectl -f wazuh-daemon-sets.yaml
DaemonSet will deploy to wazuh namespace.
docker build . -t wazuh-agent:latest