安裝 Wazuh 資安管理平台(Docker)

安裝 Docker : Docker 語法與操作整理

設定相關系統參數

sysctl -w vm.max_map_count=262144
echo "vm.max_map_count = 262144" >> /etc/sysctl.conf

安裝 Wazuh v4.6.0

git clone https://github.com/wazuh/wazuh-docker.git -b v4.6.0
cd wazuh-docker/single-node/
docker compose -f generate-indexer-certs.yml run --rm generator
sudo ls -lt config/wazuh_indexer_ssl_certs/
docker compose up -d

可以開啟 https://server-ip (admin / SecretPassword) 登入

其他文件提到修改 /var/ossec/etc/ossec.conf 需要修改 ~/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf 然後重啟 docker compse

https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html

https://www.youtube.com/watch?v=i68atPbB8uQ

https://www.reddit.com/r/Wazuh/comments/16gtsv0/turning_on_vulnerability_scanning_in_a_docker/