Doc::Secure: Difference between revisions
Jump to navigation
Jump to search
Created page with "== Introduction == The department offers a security and vulnerability monitoring service. It is primarily aimed at Linux based machines, but also supports Windows and Mac. == How it Works == The service is based on Wazuh (https://wazuh.com/). It runs a lightweight agent on the endpoint that automatically scans the machine for vulnerabilities, and reports any alerts to our central service. Here are some examples of the type of things wazuh scans for: * Malware detectio..." |
No edit summary |
||
Line 25: | Line 25: | ||
protect=1 | protect=1 | ||
EOF | EOF | ||
sudo WAZUH_MANAGER=' | sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' yum install wazuh-agent | ||
</pre> | </pre> | ||
Line 34: | Line 34: | ||
sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list | sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list | ||
sudo apt update | sudo apt update | ||
sudo WAZUH_MANAGER=' | sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' apt install wazuh-agent | ||
</pre> | </pre> | ||
Line 41: | Line 41: | ||
<pre> | <pre> | ||
curl -o wazuh-agent-4.9.0-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.9.0-1.x86_64.rpm | curl -o wazuh-agent-4.9.0-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.9.0-1.x86_64.rpm | ||
sudo WAZUH_MANAGER=' | sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' rpm -ihv wazuh-agent-4.9.0-1.x86_64.rpm | ||
sudo systemctl daemon-reload | sudo systemctl daemon-reload | ||
sudo systemctl enable --now wazuh-agent | sudo systemctl enable --now wazuh-agent | ||
Line 50: | Line 50: | ||
<pre> | <pre> | ||
wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.9.0-1_amd64.deb | wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.9.0-1_amd64.deb | ||
sudo WAZUH_MANAGER=' | sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' dpkg -i ./wazuh-agent_4.9.0-1_amd64.deb | ||
sudo systemctl daemon-reload | sudo systemctl daemon-reload | ||
sudo systemctl enable --now wazuh-agent | sudo systemctl enable --now wazuh-agent | ||
</pre> | </pre> |
Revision as of 14:37, 16 October 2024
Introduction
The department offers a security and vulnerability monitoring service. It is primarily aimed at Linux based machines, but also supports Windows and Mac.
How it Works
The service is based on Wazuh (https://wazuh.com/). It runs a lightweight agent on the endpoint that automatically scans the machine for vulnerabilities, and reports any alerts to our central service. Here are some examples of the type of things wazuh scans for:
- Malware detection
- Known software vulnerabilties
- File Integrity - changes to known system files
- Logs for active threats
Install
Installing the CS secure service is easy, and usually a set and forget operation.
Redhat, Rocky, or CentOS based Linux
Run the following commands, requires sudo access:
sudo rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH sudo cat > /etc/yum.repos.d/wazuh.repo << EOF [wazuh] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-\$releasever - Wazuh baseurl=https://packages.wazuh.com/4.x/yum/ protect=1 EOF sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' yum install wazuh-agent
Ubuntu or Debian based Linux =
Run the following commands, requires sudo access:
sudo curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list sudo apt update sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' apt install wazuh-agent
Other RPM based Linux
Run the following commands, requires sudo access:
curl -o wazuh-agent-4.9.0-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.9.0-1.x86_64.rpm sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' rpm -ihv wazuh-agent-4.9.0-1.x86_64.rpm sudo systemctl daemon-reload sudo systemctl enable --now wazuh-agent
Other DEB based Linux
Run the following commands, request sudo access:
wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.9.0-1_amd64.deb sudo WAZUH_MANAGER='secure.cs.vt.edu' WAZUH_REGISTRATION_PASSWORD=$'secure' dpkg -i ./wazuh-agent_4.9.0-1_amd64.deb sudo systemctl daemon-reload sudo systemctl enable --now wazuh-agent