Saturday, August 21, 2021

Monday, July 19, 2021

Wazuh on Windows using docker

You can ignore the memory instructions athttps://documentation.wazuh.com/current/docker/wazuh-container.html and just bring up a git bash shell from https://git-scm.com/download/win

git clone https://github.com/wazuh/wazuh-docker.git - b v4.1.5 --depth=1
cd wazuh-docker
docker-compose up

You'll need to install an agent on the host and point it to localhost. Here's the command that the "Add agent" gives you for a privileged PowerShell: 

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.5-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='localhost' WAZUH_REGISTRATION_SERVER='localhost' WAZUH_AGENT_GROUP='default'

If the agent doesn't seem to register, do:

C:\Program Files (x86)\ossec-agent\agent-auth.exe' -m localhost

Check the log for errors etc via:

more 'C:\Program Files (x86)\ossec-agent\ossec.log'

If you need to remove an existing agent to try again, do:

msiexec.exe /x wazuh-agent.msi /qn 

Tuesday, June 29, 2021

Monday, June 28, 2021

Wazuh on Windows



 


Download an OVA from: https://documentation.wazuh.com/current/virtual-machine/virtual-machine.html

Fire up VirtualBox and choose File, Import Appliance:

Find the file you downloaded:

 

 Accept the settings and import:


 Make sure you are using the Bridged Adapter. Start the VM it should look like:

 The login is root/wazuh. You need to find the IP address via "ip a":

It's been my experience that elasticsearch doesn't always come up, so check via "systemctl status elastic.service". If it's not up, do "systemctl restart elastic.service" and check via status again.



Now, you should be able to get the login screen via your browser at https://<the IP address of the VM>. You will get the warning; this is one of the few times you should accept the risk as it's a VM on your own machine with a self-signed certificate.



You can now login to Wazuh with admin/admin

After some checks, you'll see the home screen. It shows zero agents, so you'll need to "Add agent".


Choose Windows, the IP address from before and the default group.

This will give you a command you need to issue in PowerShell, which you have to run as administrator.

Paste the command, a number of shells will pop up briefly as the client is installed.

Now, you should be able to go to the Wazuh home screen and see that the agent is communicating.

A good place to start is the "Security configuration assessment" for the agent.









 

Monday, December 14, 2020

DIY standup desk

 I like standup desks and had a design rattling around in my noggin. Here is the parts list.

  1. 7, 1 in. Black Iron Floor Flange
  2. 3, 1 in. x 12 in. Black Iron Threaded Pipe
  3. 1, 1 in. x 18 in. Black Iron Threaded Pipe
  4. 28, #10 x 3/4 in. Zinc Plated Phillips Flat Head Wood Screw
  5. 1, 2 ft. x 4 ft. 3/4 in. hardwood ply (I used birch)
  6. 1, Universal Bracket Pole Mount with Removable 75mm and 100mm VESA Plate
I maximized the sheet of plywood by marking two triangles with 32 in. on the long side. That left small 16 in. triangles.

I clamped a guide on before cutting with a circular saw. I should have used a plywood blade, but I didn't have one laying around.  It splintered a little, but not bad.

Here's the 18 in. pipe with the VESA clamp.

And the whole thing with a Pi 400.







Requried software

 I work to do most things via the keyboard instead of the mouse. Having a clipboard manager is huge. Here are a few things I use.

Linux

MacOS

Also, I like information on the desktop.