Wazuh配置电子邮件警报(SMTP)

6、Wazuh配置电子邮件警报(SMTP)

6.1、环境安装依赖

Ubuntu

apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

Centos

yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain

6.2、配置postfix

在/etc/postfix/main.cf文件中配置Postfix，将以下行添加到文件末尾：

Ubuntu

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
smtp_use_tls = yes

CentOS

relayhost = [mail.qq.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = no

6.3、 配置电子邮件地址和密码：

echo [smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD > /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chmod 400 /etc/postfix/sasl_passwd

6.4、 确保数据库密码：

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

6.5、 重新启动：

systemctl reload postfix

6.6、 使用以下命令测试配置：

echo "Test mail from postfix" | mail -s "Test Postfix" -r "you@example.com" you@example.com

您应该在收到电子邮件you@example.com。

6.7、配置Wazuh

在/var/ossec/etc/ossec.conf如下配置Wazuh ：

<ossec_config>

 <global>
   <jsonout_output>yes</jsonout_output>
   <alerts_log>yes</alerts_log>
   <logall>no</logall>
   <logall_json>no</logall_json>
   <email_notification>yes</email_notification>
   <smtp_server>localhost</smtp_server>
   <email_from>monitor@qq.com</email_from>
   <email_to>name1@qq.com</email_to>
   <email_to>name2@qq.com</email_to>
   <email_maxperhour>12</email_maxperhour>
   <email_log_source>alerts.log</email_log_source>
 </global>