Wazuh-agent makejail is a AppJail file AppJail-makejail used by deploy a testing Wazuh agent on FreeBSD. The principal goals are helps us to fast way install, configure and run wazuh-agent into a FreeBSD jail. It can be helpful for monitoring jail containers. Take on mind this container as is must be used by testing/learning purpose and it is not recommended for production because it has a minimal configuration for run wazuh.
Before you can install wazuh-agent you need a working wazuh-manager running and some other configurations. For deploy a wazuh single-node cluster (including wazuh-manager) you can use my wazuh-makejail. For testing purpose you can use the same FreeBSD host for install wazuh-manager and wazuh-agent.
We need add somes lines to /etc/rc.conf
# sysrc pf_enable="YES"
# sysrc pflog_enable="YES"
# cat << "EOF" >> /etc/pf.conf
nat-anchor 'appjail-nat/jail/*'
nat-anchor "appjail-nat/network/*"
rdr-anchor "appjail-rdr/*"
EOF
# service pf reload
# service pf restart
# service pflog restart
rdr-anchor section is necessary for use dynamic redirect from jails
# sysrc gateway_enable="YES"
# sysctl net.inet.ip.forwarding=1
Before you can begin creating containers, AppJail needs fetch and extract components for create jails. If you are creating FreeBSD jails it must be a version equal or lesser than your host version. In this example we will create a 13.2-RELEASE bootstrap
# appjail fetch
Create a virtualnet for add wazuh-agent jail from wazuh-agent makejail. Otherwise you can use your own virtualnet if you created it previously
# appjail network add wazuh-net 10.0.0.0/24
it will create a bridge named wazuh-net in where wazuh-agent jail epair interfaces will be attached. By default wazuh-agent-makejail will use NAT for internet outbound. Do not forget added a pass rule to /etc/pf.conf because wazuh-agent-makefile will try to download and install packages and some another resources for configuration of it
pass out quick on wazuh-net inet proto { tcp udp } from 10.0.0.3 to any
Also, you need add a rule for permit pass traffic from wazuh-net (10.0.0.0/24) network to wazuh-manager. In this example, wazuh-manager is running at 10.0.0.2
pass in inet proto { tcp udp } from 10.0.0.0/24 to 10.0.0.2
Create a container named agent01 with a private IP address 10.0.0.3. Take on mind IP address must be part of wazuh-net network
# appjail makejail -f gh+alonsobsd/wazuh-agent-makejail -j agent01 -- --network wazuh-net --agent_ip 10.0.0.3 --agent_name agent01 --server_ip 10.0.0.2 --enrollment managerpasswordenrollment
When it is done, agent01 (10.0.0.3) will try connect to wazuh-manager (10.0.0.2) for auth process. Both using wazuh-net like virtualnet
This project is licensed under the BSD-3-Clause license.