Wazuh and WHM/cPanel - anyone doing this?

[Neal Rauhauser]

I have an associate who runs some cPanel systems - these are CentOS machines with their Cloud Linux hardening and the Kernel Care live update/no reboot service.

I searched and I see no messages here at all about this. Google searches for cPanel/Wazuh come up empty, cPanel/OSSEC is a maze of dated, remedial stuff.

Am I going to be the first to set foot on this path?

[Santiago Bassett]

Hi Neal,

never heard of this. How did it go?

Best regards,

Santiago.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e0524787-3af4-42df-b8f7-54c7b779917e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Neal Rauhauser]

Santiago,

Install not a problem, it's running on a couple DNS servers, but the actual WHM box has finicky firewall rule set and I've not got back to that yet. The machine in question also has Suricata on it, so I guess I'm getting familiar with that sooner rather than later.

              Neal

[Neal Rauhauser]

I just wanted to put a neat end on this for other WHM aka cPanel operators. All you need on a host is to edit firewall rules to permit the port/protocol combination in /var/ossec/ossec.conf - so that's UDP/1514 or maybe TCP/1514 if you're getting fancy.

I have not done any detailed work on WHM specific requirements, just got it running at this point.

[Hugo Menno]

Hello Neal,

I want to ask you something about this integration of cPanel into Wazuh. May I ask more information about this or maybe do you have any references that I could use so that I could monitor logs from cPanel in Wazuh? Thank you in advance.

Best regards,

Menno Hugo

On Saturday, February 17, 2018 at 12:29:55 AM UTC+7 Neal Rauhauser wrote:

I just wanted to put a neat end on this for other WHM aka cPanel operators. All you need on a host is to edit firewall rules to permit the port/protocol combination in /var/ossec/ossec.conf - so that's UDP/1514 or maybe TCP/1514 if you're getting fancy.

I have not done any detailed work on WHM specific requirements, just got it running at this point.

On Monday, January 29, 2018 at 11:13:29 PM UTC-8, Neal Rauhauser wrote:

Santiago,

Install not a problem, it's running on a couple DNS servers, but the actual WHM box has finicky firewall rule set and I've not got back to that yet. The machine in question also has Suricata on it, so I guess I'm getting familiar with that sooner rather than later.

              Neal

On Monday, January 29, 2018 at 10:01:35 PM UTC-8, Santiago Bassett wrote:

Hi Neal,

never heard of this. How did it go?

Best regards,

Santiago.

On Tue, Jan 9, 2018 at 5:47 AM, Neal Rauhauser <nrauh...@gmail.com> wrote:

I have an associate who runs some cPanel systems - these are CentOS machines with their Cloud Linux hardening and the Kernel Care live update/no reboot service.

I searched and I see no messages here at all about this. Google searches for cPanel/Wazuh come up empty, cPanel/OSSEC is a maze of dated, remedial stuff.

Am I going to be the first to set foot on this path?

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

[Muhammad Zildan]

can you share the tutorial sir?

[Cybersecurity]

I am having an issue where when I edit the csf.conf to allow traffic on the ports 1514 and 1515 for wazuh, the file overwrites itself and returns to default. Anybody else having that issue ?