6、Wazuh配置电子邮件警报(SMTP)
6.1、环境安装依赖
Ubuntu
apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
Centos
yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
6.2、配置postfix
在/etc/postfix/main.cf文件中配置Postfix,将以下行添加到文件末尾:
Ubuntu
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
smtp_use_tls = yes
CentOS
relayhost = [mail.qq.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = no
6.3、 配置电子邮件地址和密码:
echo [smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD > /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chmod 400 /etc/postfix/sasl_passwd
6.4、 确保数据库密码:
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
6.5、 重新启动:
systemctl reload postfix
6.6、 使用以下命令测试配置:
echo "Test mail from postfix" | mail -s "Test Postfix" -r "you@example.com" you@example.com
您应该在收到电子邮件you@example.com。
6.7、配置Wazuh
在/var/ossec/etc/ossec.conf如下配置Wazuh :
<ossec_config>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>monitor@qq.com</email_from>
<email_to>name1@qq.com</email_to>
<email_to>name2@qq.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
</global>