zoukankan      html  css  js  c++  java
  • 使用docker安装wazuh

    使用docker安装wazuh

    centos下安装wazuh
    官方文档:
    https://documentation.wazuh.com/3.9/installation-guide/installing-wazuh-manager/linux/centos/wazuh_server_packages_centos.html#wazuh-server-packages-centos

    中文翻译版本:

    https://www.cnblogs.com/backlion/p/10397092.html

    需要改动此数值,不然wazuh/wazuh-elasticsearch:3.9.3_7.2.0这个容器会启动失败的.

    max_map_count文件包含限制一个进程可以拥有的VMA(虚拟内存区域)的数量。虚拟内存区域是一个连续的虚拟地址空间区域。在进程的生命周期中,每当程序尝试在内存中映射文件,链接到共享内存段,或者分配堆空间的时候,这些区域将被创建。调优这个值将限制进程可拥有VMA的数量。限制一个进程拥有VMA的总数可能导致应用程序出错,因为当进程达到了VMA上线但又只能释放少量的内存给其他的内核进程使用时,操作系统会抛出内存不足的错误。如果你的操作系统在NORMAL区域仅占用少量的内存,那么调低这个值可以帮助释放内存给内核用。默认值是65535
    262144是默认值的4倍.

    sysctl -w vm.max_map_count=262144
    

    docker的官方指引

    https://documentation.wazuh.com/3.9/docker/wazuh-container.html

    首先要安装docker和docker-compose

    • 安装依赖包  
    sudo yum install -y yum-utils 
    device-mapper-persistent-data 
    lvm2
    
    • 添加源  
    sudo yum-config-manager 
    --add-repo 
    https://download.docker.com/linux/centos/docker-ce.repo
    
    • 安装和启动
    sudo yum-config-manager --enable docker-ce-nightly
    sudo yum install docker-ce docker-ce-cli containerd.io
    sudo systemctl start docker
    
    • docker-compose安装:

      • 安装和测试docker-compose

        官网文档 https://docs.docker.com/compose/install/

        • 下载docker-compose可执行文件
          sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
        • 设可执行权限
          sudo chmod +x /usr/local/bin/docker-compose
        • 软连接到/usr/bin
          sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
        • 查看安装是否成功
          docker-compose --version

    使用docker-compose安装

    • 下载Wazuh repository
    git clone https://github.com/wazuh/wazuh-docker.git -b 3.9.5_7.2.1 --single-branch
    
    • 使用后台安装

      1. docker-compose up -d
        
    • 默认端口

      1514 Wazuh UDP
      1515 Wazuh TCP
      514 Wazuh UDP
      55000 Wazuh API
      9200 Elasticsearch HTTP
      80 Nginx http
      443 Nginx https

    官方的k8s部署.(照搬来了)

    1. Deployment

      Clone this repository to deploy the necessary services and pods.

      $ git clone https://github.com/wazuh/wazuh-kubernetes.git
      $ cd wazuh-kubernetes
      

      3.1. Wazuh namespace and StorageClass

      The Wazuh namespace is used to handle all the Kubernetes elements (services, deployments, pods) necessary for Wazuh. In addition, you must create a StorageClass to use AWS EBS storage in our StatefulSet applications.

      $ kubectl apply -f base/wazuh-ns.yaml
      $ kubectl apply -f base/aws-gp2-storage-class.yaml
      

      3.2. Deploy Elasticsearch

      $ kubectl apply -f elastic_stack/elasticsearch/elasticsearch-svc.yaml
      $ kubectl apply -f elastic_stack/elasticsearch/elasticsearch-api-svc.yaml
      $ kubectl apply -f elastic_stack/elasticsearch/elasticsearch-sts.yaml
      
      

      3.3. Deploy Kibana and Nginx

      In case you need to provide a domain name, update the domainName annotation value in the nginx-svc.yaml file before deploying that service. You should also set a valid AWS ACM certificate ARN in the nginx-svc.yaml for the service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation. That certificate should match with the domainName.

      $ kubectl apply -f elastic_stack/kibana/kibana-svc.yaml
      $ kubectl apply -f elastic_stack/kibana/nginx-svc.yaml
      
      $ kubectl apply -f elastic_stack/kibana/kibana-deploy.yaml
      $ kubectl apply -f elastic_stack/kibana/nginx-deploy.yaml
      
      

      3.4. Deploy Logstash

      $ kubectl apply -f elastic_stack/logstash/logstash-svc.yaml
      $ kubectl apply -f elastic_stack/logstash/logstash-deploy.yaml
      
      
    2. Deploy Wazuh

      $ kubectl apply -f wazuh_managers/wazuh-master-svc.yaml
      $ kubectl apply -f wazuh_managers/wazuh-cluster-svc.yaml
      $ kubectl apply -f wazuh_managers/wazuh-workers-svc.yaml
      
      $ kubectl apply -f wazuh_managers/wazuh-master-conf.yaml
      $ kubectl apply -f wazuh_managers/wazuh-worker-0-conf.yaml
      $ kubectl apply -f wazuh_managers/wazuh-worker-1-conf.yaml
      
      $ kubectl apply -f wazuh_managers/wazuh-master-sts.yaml
      $ kubectl apply -f wazuh_managers/wazuh-worker-0-sts.yaml
      $ kubectl apply -f wazuh_managers/wazuh-worker-1-sts.yaml
      
      

    Verifying the deployment

    Namespace

    $ kubectl get namespaces | grep wazuh
    wazuh         Active    12m
    
    

    Services

    $ kubectl get services -n wazuh
    NAME                  TYPE           CLUSTER-IP       EXTERNAL-IP        PORT(S)                          AGE
    elasticsearch         ClusterIP      xxx.yy.zzz.24    <none>             9200/TCP                         12m
    kibana                ClusterIP      xxx.yy.zzz.76    <none>             5601/TCP                         11m
    logstash              ClusterIP      xxx.yy.zzz.41    <none>             5000/TCP                         10m
    wazuh                 LoadBalancer   xxx.yy.zzz.209   internal-a7a8...   1515:32623/TCP,55000:30283/TCP   9m
    wazuh-cluster         ClusterIP      None             <none>             1516/TCP                         9m
    wazuh-elasticsearch   ClusterIP      None             <none>             9300/TCP                         12m
    wazuh-nginx           LoadBalancer   xxx.yy.zzz.223   internal-a3b1...   80:31831/TCP,443:30974/TCP       11m
    wazuh-workers         LoadBalancer   xxx.yy.zzz.26    internal-a7f9...   1514:31593/TCP                   9m
    
    

    Deployments

    $ kubectl get deployments -n wazuh
    NAME             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
    wazuh-kibana     1         1         1            1           11m
    wazuh-logstash   1         1         1            1           10m
    wazuh-nginx      1         1         1            1           11m
    
    

    Statefulset

    $ kubectl get statefulsets -n wazuh
    NAME                     DESIRED   CURRENT   AGE
    wazuh-elasticsearch      1         1         13m
    wazuh-manager-master     1         1         9m
    wazuh-manager-worker-0   1         1         9m
    wazuh-manager-worker-1   1         1         9m
    
    

    Pods

    $ kubectl get pods -n wazuh
    NAME                              READY     STATUS    RESTARTS   AGE
    wazuh-elasticsearch-0             1/1       Running   0          15m
    wazuh-kibana-f4d9c7944-httsd      1/1       Running   0          14m
    wazuh-logstash-777b7cd47b-7cxfq   1/1       Running   0          13m
    wazuh-manager-master-0            1/1       Running   0          12m
    wazuh-manager-worker-0-0          1/1       Running   0          11m
    wazuh-manager-worker-1-0          1/1       Running   0          11m
    wazuh-nginx-748fb8494f-xwwhw      1/1       Running   0          14m
    
    

    Accesing Kibana

    In case you created domain names for the services, you should be able to access Kibana using the proposed domain name: https://wazuh.your-domain.com.

    Also, you can access using the DNS (Eg: https://internal-xxx-yyy.us-east-1.elb.amazonaws.com):

    $ kubectl get services -o wide -n wazuh
    NAME                  TYPE           CLUSTER-IP       EXTERNAL-IP                                                    PORT(S)                          AGE       SELECTOR
    wazuh-nginx           LoadBalancer   xxx.xx.xxx.xxx   internal-xxx-yyy.us-east-1.elb.amazonaws.com                   80:3
    
    
  • 相关阅读:
    Python 极简教程(十)集合 set
    Python 极简教程(九)元组 tuple
    Python 极简教程(七)列表 list
    Python 极简教程(八)字符串 str
    DevOps实践之一:基于Docker构建企业Jenkins CI平台
    kubernetes实践之一:kubernetes二进制包安装
    Linux挖矿病毒 khugepageds详细解决步骤
    kubernetes实践之五:深入理解Service及内部DNS搭建
    kubernetes实践之四:深入理解控制器(workload)
    kubernetes实践之三:深入理解Pod对象
  • 原文地址:https://www.cnblogs.com/lovesKey/p/11497998.html
Copyright © 2011-2022 走看看