diff --git a/.github/deploy.docs.yml b/.github/deploy.docs.yml new file mode 100644 index 0000000..6a69349 --- /dev/null +++ b/.github/deploy.docs.yml @@ -0,0 +1,41 @@ +name: build and deploy docs + +on: + push: + branches: [ "master" ] + paths: ['Writerside/**'] + pull_request: + branches: [ "master" ] + paths: ['Writerside/**'] + +jobs: + + build: + + runs-on: self-hosted + + steps: + - uses: actions/checkout@v3 + - name: Docker login + run: docker login docker.dariusklein.nl -u Darius -p ${{ secrets.DOCKER_PASSWORD }} + - name: Build the Docker image + run: docker build . --file Writerside/Dockerfile --tag docker.dariusklein.nl/wazuh-notifier-docs + - name: Docker push + run: docker push docker.dariusklein.nl/wazuh-notifier-docs + + + publish: + + needs: build + + runs-on: self-hosted + + steps: + - name: Docker stop + run: docker stop WazuhNotifier || true + - name: Docker login + run: docker login docker.dariusklein.nl -u Darius -p ${{ secrets.DOCKER_PASSWORD }} + - name: Docker pull + run: docker pull docker.dariusklein.nl/wazuh-notifier-docs + - name: Docker run + run: docker run --rm -dit -p 9091:80 --name WazuhNotifier docker.dariusklein.nl/wazuh-notifier-docs \ No newline at end of file diff --git a/Writerside/Dockerfile b/Writerside/Dockerfile new file mode 100644 index 0000000..c530390 --- /dev/null +++ b/Writerside/Dockerfile @@ -0,0 +1,21 @@ +FROM registry.jetbrains.team/p/writerside/builder/writerside-builder:241.15989 as build + +ARG INSTANCE=Writerside/notifier + +RUN mkdir /opt/sources + +WORKDIR /opt/sources + +ADD . ./Writerside + +RUN export DISPLAY=:99 && \ +Xvfb :99 & \ +/opt/builder/bin/idea.sh helpbuilderinspect -source-dir /opt/sources --product $INSTANCE --runner other --output-dir /opt/wrs-output/ + +WORKDIR /opt/wrs-output + +RUN unzip webHelpNOTIFIER2-all.zip -d /opt/wrs-output/unzipped-artifact + +FROM httpd:2.4 as http-server + +COPY --from=build /opt/wrs-output/unzipped-artifact/ /usr/local/apache2/htdocs/ \ No newline at end of file diff --git a/Writerside/images/wazuh-discord-basic-message.png b/Writerside/images/wazuh-discord-basic-message.png new file mode 100644 index 0000000..81fcf9c Binary files /dev/null and b/Writerside/images/wazuh-discord-basic-message.png differ diff --git a/Writerside/topics/Wazuh-notifier.md b/Writerside/topics/Wazuh-notifier.md index 16b890c..3862bfe 100644 --- a/Writerside/topics/Wazuh-notifier.md +++ b/Writerside/topics/Wazuh-notifier.md @@ -24,7 +24,7 @@ Download the files from https://github.com/RudiKlein/wazuh-notifier to your serv Copy the 4 Python files to the /var/ossec/active-response/bin/ folder ``` -$ cp /wazuh-*.py /var/ossec/active-response/bin/ +$ cp /wazuh-*.py /var/ossec/active-response/bin/ ``` Set the correct ownership @@ -44,7 +44,7 @@ $ chmod uog+rx /var/ossec/active-response/bin/wazuh-*.py Copy the YAML file to /var/ossec/etc/ ``` -$ cp /wazuh-notifier-config.yaml /var/ossec/etc/ +$ cp /wazuh-notifier-config.yaml /var/ossec/etc/ ``` Set the correct ownership @@ -61,7 +61,7 @@ $ chmod uog+r /var/ossec/etc/wazuh-notifier-config.yaml ### Step 4 ### -Modify the ossec.conf configuration file and add the following
+Modify the /var/ossec/etc/ossec.conf configuration file and add the following
``` @@ -80,7 +80,7 @@ Modify the ossec.conf configuration file and add the following
``` -Add the rules you want to be informed about between the , with the rules id's seperated by comma's. +Add the rules you want to be informed about between the , with the rules id's separated by comma's. Example: 5402, 3461, 8777
(Please refer to the Wazuh online documentation for more information [^Wazuh docs]) @@ -123,4 +123,22 @@ ntfy_priority: "5" ntfy_message: "Test message" ntfy_tags: "information, testing, yaml" ntfy_click: "https://google.com" -``` \ No newline at end of file +``` + +Default settings for the ntfy notifier. This overrules the hardcoded defaults. + +``` +discord_server: "not used. The webhook (server) is a secret stored in .env" +discord_sender: "Security message" +discord_destination: "WAZUH (IDS)" +discord_priority: "5" +discord_message: "Test message" +discord_tags: "informational, testing, yaml" +discord_click: "https://google.com" + +# 1 to send the full event data with the message. 0 only sends the message with basic details +discord_full_message: "0" +``` + + +![wazuh discord basic message](wazuh-discord-basic-message.png) \ No newline at end of file