480 Milestone 8 Putting the Sec in DevSecOps - InaFricke/SEC-480 GitHub Wiki

480 Milestone 8 Putting the Sec in DevSecOps

I spoke with you (Ryan) in class, and you told me it was fine to use the ubuntu box I already created in milestone 7.

AD RoxiBoxi32

Post-deployment configuration: Prepping the server for Ansible

I will use a previously deployed server. Ubuntu-1 to do this lab (with the permission of Ryan).

  1. Change hostname

set-hostname wazuhh-server

  1. set static IP and delete all the extras
  1. sudo netplan apply
  1. Up the RAM Wazuh wants atleast 4
  1. Restart box
  1. Create the inventory file
  1. Create wazuh-install.yaml
  1. Test ping
  1. Check if I need to add --ask-become-pass
  1. troubleshooting playbook errors, checking the log
  1. problem full disk
  1. Added a new hard disk because it would not let me increase the original to 40
sudo pvcreate /dev/sdb
sudo vgextend ubuntu-vg /dev/sdb
sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
sudo resize2fs /dev/ubuntu-vg/ubuntu-lv
  1. Run ansible-playbook -i inventory-wazuh.yml wazuh-install.yml

Get credentials

  1. On the wazuhh server sudo tar -xvf /tmp/wazuh-install-files.tar && cat wazuh-install-files/wazuh-passwords.txt

Username: admin

Password: m*NCaeiXqa9agrT82zPw2vxLS7.gwEuF

Agent Install

  1. Check Rocky-3 IP
  1. Update inventory-wazuh.yml
  1. create wazuh-agent.yml
  1. Error

FIX: Set DNS on Rocky-3 to 10.0.17.4

snapshot

Logging Proof

  1. Log in using the identified credentials

  1. Agent was not connecting so I had to revert the snapshot and update my script to the correct version number

  2. Agent can now be seen on Wazuh!

  1. Events are showing up