In AWS VPC, create an Internet Gateway (igw-xxx) and attach it to your VPC.

In AWS VPC, create 2 subnets INTERNET (10.20.0.0/24) and DMZ (10.20.1.0/24).

Configure the route table for the INTERNET subnet like this :

Destination Target
10.20.0.0/16 local
0.0.0.0/0 igw-xxx

In AWS EC2, launch the FreeBSD 10.3 firewall instance.

Attach 2 interfaces eth0 and eth1 to the firewall instance.

Subnet Interface Address
INTERNET eth0 10.20.0.11
DMZ eth1 10.20.1.10

Configure the route table for the DMZ subnet like this :

Destination Target
10.20.0.0/16 local
0.0.0.0/0 eth1 / instance

Allocate a new Elastic IP address and associate it to the eth0 interface.

The firewall instance will use 10.20.0.1 for its default gateway.

You should be able to login to the firewall instance using your ssh key.

ssh -i key.pem ec2-user@elastic-ip-address

Configure the other instances behind the firewall with one interface attached to the DMZ subnet and use 10.20.1.1 for the default gateway.

Modify the following files

vi /etc/rc.conf
------------------------------ cut here ------------------------------
ec2_configinit_enable=YES
ec2_fetchkey_enable=YES
ec2_ephemeralswap_enable=YES
ec2_loghostkey_enable=YES
firstboot_freebsd_update_enable=YES
firstboot_pkgs_enable=YES
growfs_enable="YES"
ifconfig_DEFAULT="SYNCDHCP"
sshd_enable="YES"
firstboot_pkgs_list="awscli"
gateway_enable="YES"
------------------------------ cut here ------------------------------

vi /etc/dhclient.conf
------------------------------ cut here ------------------------------
supersede host-name "firewall-host.domain";
supersede domain-name "domain";
supersede domain-name-servers 127.0.0.1;
------------------------------ cut here ------------------------------

vi /etc/hosts
------------------------------ cut here ------------------------------
::1                     localhost localhost.domain
127.0.0.1               localhost localhost.domain
10.20.0.11              firewall-host firewall-host.domain
10.20.1.10              firewall-host-dmz firewall-host-dmz.domain
10.20.1.11              php-host-dmz php-host-dmz.domain
------------------------------ cut here ------------------------------

vi /etc/nsswitch.conf
------------------------------ cut here ------------------------------
group: files
passwd: files
services: files
------------------------------ cut here ------------------------------

Add swap file and a second disk for /usr

dd if=/dev/zero of=/boot/swap1 bs=1m count=1024
chmod 0600 /boot/swap1

In EC2, create a new EBS Volume (10G) and attach it to the firewall instance (/dev/sdf).

sysctl kern.disks
------------------------------ cut here ------------------------------
kern.disks: xbd5 ada0
------------------------------ cut here ------------------------------

gpart create -s GPT xbd5
gpart add -t freebsd-ufs -a 1M xbd5

gpart show
------------------------------ cut here ------------------------------
=>       3  20971515  ada0  GPT  (10G)
         3        32     1  freebsd-boot  (16K)
        35  20971483     2  freebsd-ufs  (10G)

=>      34  20971453  xbd5  GPT  (10G)
        34      2014        - free -  (1.0M)
      2048  20967424     1  freebsd-ufs  (10G)
  20969472      2015        - free -  (1.0M)
------------------------------ cut here ------------------------------

newfs -U /dev/xbd5p1

mkdir /newdisk
mount /newdisk

cd /usr
tar cf - . | ( cd /newdisk/.; tar xpf - )

mkdir /newhome
cd /home
tar cf - . | ( cd /newhome/.; tar xpf - )

mv /home /home-
mv /newhome /home

mv /usr /usr-
mkdir /usr

vi /etc/fstab
------------------------------ cut here ------------------------------
/dev/gpt/rootfs   /       ufs     rw      1       1
/dev/xbd5p1       /usr    ufs     rw      2       2
md99              none    swap    sw,file=/boot/swap1,late 0 0
------------------------------ cut here ------------------------------

swapon -aL
swapinfo -k

reboot

/bin/rm -f /home-
chflags -R noschg /usr-
/bin/rm -rf /usr-

Enable unbound (local caching DNS resolver)

vi /etc/rc.conf.d/local_unbound
------------------------------ cut here ------------------------------
local_unbound_enable="YES"
local_unbound_forwarders="8.8.8.8"
------------------------------ cut here ------------------------------

vi /etc/resolvconf.conf
------------------------------ cut here ------------------------------
resolv_conf="/dev/null"
resolvconf="NO"
------------------------------ cut here ------------------------------

Fetch and extract the ports tree

portsnap fetch
portsnap extract
portsnap fetch update

Install portmaster and rpl utilities

cd /usr/ports/ports-mgmt/portmaster
make clean all install
make clean

portmaster -d misc/rpl

Adjust sshd

vi /etc/ssh/sshd_config
------------------------------ cut here ------------------------------
ClientAliveInterval 900
IgnoreRhosts yes
LoginGraceTime 30
MaxAuthTries 3
PermitEmptyPasswords no
PermitRootLogin no
PubkeyAuthentication yes
------------------------------ cut here ------------------------------

sh /etc/rc.d/sshd restart

Adjust syslog

vi /etc/syslog.conf
------------------------------ cut here ------------------------------
*.*                                             /var/log/all.log
------------------------------ cut here ------------------------------

touch /var/log/all.log
chmod 0640 /var/log/all.log
chown root:wheel /var/log/all.log

sh /etc/rc.d/syslogd restart

vi /etc/newsyslog.conf
-------------------------- cut here --------------------------
/var/log/all.log                       600  12    *    $M1D0 J
-------------------------- cut here --------------------------

Enable NTP

ntpdate 0.freebsd.pool.ntp.org

vi /etc/ntp.conf
------------------------------ cut here ------------------------------
server 0.pool.ntp.org iburst maxpoll 9
server 1.pool.ntp.org iburst maxpoll 9
server 2.pool.ntp.org iburst maxpoll 9
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
------------------------------ cut here ------------------------------

vi /etc/rc.conf.d/ntpd
------------------------------ cut here ------------------------------
ntpd_enable="YES"
ntpd_program="/usr/sbin/ntpd"
ntpd_config="/etc/ntp.conf"
ntpd_sync_on_start="YES"
ntpd_flags="-p /var/run/ntpd.pid"
------------------------------ cut here ------------------------------

sh /etc/rc.d/ntpd start

Install postfix

portmaster -d mail/postfix

vi /etc/periodic.conf
------------------------------ cut here ------------------------------
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
------------------------------ cut here ------------------------------

sh /etc/rc.d/sendmail stop

vi /etc/rc.conf.d/sendmail
------------------------------ cut here ------------------------------
sendmail_enable="NONE"
------------------------------ cut here ------------------------------

vi /etc/rc.conf.d/postfix
------------------------------ cut here ------------------------------
postfix_enable="YES"
------------------------------ cut here ------------------------------

sh /usr/local/etc/rc.d/postfix start

Update FreeBSD

freebsd-update fetch
freebsd-update fetch install

Fetch and extract the src tree

portmaster -d devel/subversion
portmaster -d security/ca_root_nss

svn co https://svn0.us-west.FreeBSD.org/base/releng/10.3 /usr/src
svn up /usr/src
cd /usr/src
make clean
make update SVN_UPDATE=yes

vi /etc/make.conf
------------------------------ cut here ------------------------------
WITHOUT_X11=yes
WITHOUT_ATM=yes
WITHOUT_I4B=yes
WITHOUT_IPX=yes
WITHOUT_NIS=yes
DEFAULT_VERSIONS+=ssl=openssl
------------------------------ cut here ------------------------------

vi /etc/src.conf
------------------------------ cut here ------------------------------
WITHOUT_X11=yes
WITHOUT_ATM=yes
WITHOUT_I4B=yes
WITHOUT_IPX=yes
WITHOUT_NIS=yes
------------------------------ cut here ------------------------------

Install the following ports

portmaster -d sysutils/lsof
portmaster -d security/sudo
portmaster -d security/openssl

Install NGINX

portmaster -d www/nginx

vi /usr/local/etc/nginx/nginx.conf
------------------------------ cut here ------------------------------
worker_processes  1;
error_log /var/log/nginx/error.log;

events {
 worker_connections 1024;
}

http {
 include mime.types;
 default_type application/octet-stream;
 access_log /var/log/nginx/access.log;
 sendfile on;
 keepalive_timeout 65;

 server {
  listen 10.20.0.11:80;
  server_name www.domain;
  return 301 https://www.domain$request_uri;
 }

 log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $status / upstream $upstream_status $request upstream_response_time $upstream_response_time msec $msec request_time $request_time body: $request_body';

 upstream backend_hosts {
  server php-host-dmz;
 }

 server {
  listen 10.20.0.11:443;
  ssl on;
  ssl_certificate /usr/local/etc/nginx/crt.pem;
  ssl_certificate_key /usr/local/etc/nginx/key.pem;
  server_name www.domain;
  #access_log /var/log/nginx/ssl-access.log upstreamlog;
  #error_log /var/log/nginx/ssl-error.log debug;
  access_log /var/log/nginx/ssl-access.log;
  error_log /var/log/nginx/ssl-error.log;
  proxy_http_version 1.1;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Accept-Language $http_accept_language;
  set $ref $http_referer;
  if ($ref ~* '^https?://(.*)$') {
   set $ref http://$1;
  }
  proxy_set_header Referer $ref;
  location / {
   proxy_pass http://backend_hosts;
   proxy_redirect http:// https://;
  }
 }
}
------------------------------ cut here ------------------------------

openssl req -new -newkey rsa:2048 -nodes -keyout /usr/local/etc/nginx/key.pem -out /usr/local/etc/nginx/csr.pem

Get your SSL certificate (Ex : GoDaddy).

cat /usr/local/etc/nginx/fdcf9fc805c10328.crt /usr/local/etc/nginx/gd_bundle-g2-g1.crt > /usr/local/etc/nginx/crt.pem

Start NGINX.

vi /etc/rc.conf.d/nginx
------------------------------ cut here ------------------------------
nginx_enable="YES"
nginx_profiles="firewall"
nginx_firewall_configfile="/usr/local/etc/nginx/nginx.conf"
------------------------------ cut here ------------------------------

sh /usr/local/etc/rc.d/nginx start

Install SNORT IDS

portmaster -d security/snort

vi /etc/rc.conf.d/snort
------------------------------ cut here ------------------------------
snort_enable="YES"
snort_conf="/usr/local/etc/snort/snort.conf"
snort_flags="-D -q"
snort_interface="xn0"
------------------------------ cut here ------------------------------

sed -i '' '/^include \$RULE_PATH\/.*.rules$/d' /usr/local/etc/snort/snort.conf
rpl '_PATH ./' '_PATH /usr/local/etc/snort/' /usr/local/etc/snort/snort.conf
rpl '# output unified2:' 'output unified2:' /usr/local/etc/snort/snort.conf
rpl 'policy windows' 'policy bsd' /usr/local/etc/snort/snort.conf

vi /usr/local/etc/snort/snort.conf
------------------------------ cut here ------------------------------
var WHITE_LIST_PATH /usr/local/etc/snort/rules/iplists
var BLACK_LIST_PATH /usr/local/etc/snort/rules/iplists
preprocessor reputation: \
   memcap 500, \
   scan_local, \
   priority whitelist, \
   white trust, \
   nested_ip inner, \
   whitelist $WHITE_LIST_PATH/white_list.rules, \
   blacklist $BLACK_LIST_PATH/black_list.rules
output alert_fast: /var/log/snort/snort.alert
include $RULE_PATH/local.rules
include $RULE_PATH/snort.rules
------------------------------ cut here ------------------------------

vi /usr/local/etc/snort/snort.conf
------------------------------ cut here ------------------------------
ipvar HOME_NET [10.20.0.11,10.20.1.0/24]
ipvar EXTERNAL_NET any
------------------------------ cut here ------------------------------

Get your snort oinkcode.

cp /usr/local/etc/pulledpork/pulledpork.conf.sample /usr/local/etc/pulledpork/pulledpork.conf
rpl https://www.snort.org/reg-rules/ https://www.snort.org/rules/ /usr/local/etc/pulledpork/pulledpork.conf
rpl snortrules-snapshot.tar.gz snortrules-snapshot-2990.tar.gz /usr/local/etc/pulledpork/pulledpork.conf
rpl https://snort.org/downloads/community/ https://www.snort.org/downloads/community/ /usr/local/etc/pulledpork/pulledpork.conf
rpl '<oinkcode>' 'youroinkcode' /usr/local/etc/pulledpork/pulledpork.conf
rpl /iplists/default.blacklist /iplists/black_list.rules /usr/local/etc/pulledpork/pulledpork.conf

vi /usr/local/etc/pulledpork/pulledpork.conf
------------------------------ cut here ------------------------------
rule_url=https://www.snort.org/downloads/community/|community-rules.tar.gz|09188442b1e1cf975615d42225cd8065e386129d
------------------------------ cut here ------------------------------

mkdir /usr/local/etc/snort/so_rules
touch /usr/local/etc/snort/rules/local.rules
mkdir /usr/local/etc/snort/rules/iplists
touch /usr/local/etc/snort/rules/iplists/white_list.rules
touch /usr/local/etc/snort/rules/iplists/black_list.rules

vi /usr/local/etc/snort/rules/iplists/white_list.rules
------------------------------ cut here ------------------------------
10.20.0.1
------------------------------ cut here ------------------------------

cp /dev/null /var/log/sid_changes.log
rm /tmp/snortrules-snapshot-2990.tar.gz* /tmp/opensource.gz*

cp /usr/local/etc/pulledpork/disablesid.conf.sample /usr/local/etc/pulledpork/disablesid.conf
cp /usr/local/etc/pulledpork/dropsid.conf.sample /usr/local/etc/pulledpork/dropsid.conf
cp /usr/local/etc/pulledpork/enablesid.conf.sample /usr/local/etc/pulledpork/enablesid.conf
cp /usr/local/etc/pulledpork/modifysid.conf.sample /usr/local/etc/pulledpork/modifysid.conf

vi /usr/local/etc/pulledpork/disablesid.conf
------------------------------ cut here ------------------------------
136:2  # spp_reputation: Packets Wwhitelisted
------------------------------ cut here ------------------------------

pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -i /usr/local/etc/pulledpork/disablesid.conf -l -v -P

vi /usr/local/etc/rc.d/snort
------------------------------ cut here ------------------------------
/sbin/ifconfig $snort_interface -rxcsum -txcsum -tso -lro
------------------------------ cut here ------------------------------

vi /usr/local/etc/snort/preproc_rules/preprocessor.rules
------------------------------ cut here ------------------------------
#alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
------------------------------ cut here ------------------------------

sh /usr/local/etc/rc.d/snort start

vi /etc/daily.local
------------------------------ cut here ------------------------------
#!/bin/sh

/usr/local/bin/pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -i /usr/local/etc/pulledpork/disablesid.conf -l -v 2>&1 > /root/pulledpork.out
/bin/sh /etc/rc.d/pf reload
------------------------------ cut here ------------------------------

chmod 700 /etc/daily.local

vi /etc/rc.conf.d/barnyard2
------------------------------ cut here ------------------------------
barnyard2_enable="NO"
------------------------------ cut here ------------------------------

Install OSSEC

portmaster -d security/ossec-hids-local

cp /usr/local/ossec-hids/etc/ossec.conf.sample /usr/local/ossec-hids/etc/ossec.conf

rpl daniel.cid@xxx.com root@host.domain /usr/local/ossec-hids/etc/ossec.conf
rpl smtp.xxx.com. host.domain /usr/local/ossec-hids/etc/ossec.conf
rpl ossecm@ossec.xxx.com. ossecm@host.domain /usr/local/ossec-hids/etc/ossec.conf

vi /usr/local/ossec-hids/etc/ossec.conf
------------------------------ cut here ------------------------------
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>10.20.0.11</white_list>
    <white_list>10.20.1.0/24</white_list>>
  </global>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/all.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/usr/local/ossec-hids/logs/active-responses.log</location>
  </localfile>

  <localfile>
    <log_format>snort-fast</log_format>
    <location>/var/log/snort/snort.alert</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/access.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/error.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/ssl-access.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/ssl-error.log</location>
  </localfile>
------------------------------ cut here ------------------------------

vi /etc/rc.conf.d/ossechids
------------------------------ cut here ------------------------------
ossechids_enable="YES"
ossechids_user="ossec"
ossechids_group="ossec"
------------------------------ cut here ------------------------------

cp /etc/localtime /usr/local/ossec-hids/var/etc/localtime
chown root:ossec /usr/local/ossec-hids/var/etc/localtime

vi /usr/local/ossec-hids/rules/local_rules.xml
------------------------------ cut here ------------------------------
<group name="local,syslog,">
  <rule id="100001" level="0">
    <if_sid>1002</if_sid>
    <match>normalizations disabled because not inline</match>
    <description>Ignore pulledpork normalizations disabled because not inline</description>
  </rule>
</group> <!-- SYSLOG,LOCAL -->

<group name="web,">
  <rule id="600003" level="0">
    <if_sid>31533</if_sid>
    <description>Ignore High amount of POST requests in a small period of time (likely bot)</description>
  </rule>
</group>
------------------------------ cut here ------------------------------

mv /usr/local/ossec-hids/active-response/bin/firewall-drop.sh /usr/local/ossec-hids/active-response/bin/iptables.sh
cp /usr/local/ossec-hids/active-response/bin/pf.sh /usr/local/ossec-hids/active-response/bin/firewall-drop.sh

sh /usr/local/etc/rc.d/ossec-hids start

Enable pf

vi /boot/loader.conf
------------------------------ cut here ------------------------------
net.pf.states_hashsize="524288"
pf_load="YES"
pflog_load="YES"
------------------------------ cut here ------------------------------

vi /etc/rc.conf.d/pf
------------------------------ cut here ------------------------------
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_program="/sbin/pfctl"
pf_flags=""
------------------------------ cut here ------------------------------

vi /etc/rc.conf.d/pflog
------------------------------ cut here ------------------------------
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_program="/sbin/pflogd"
pflog_flags=""
------------------------------ cut here ------------------------------

mkdir /home/pf
touch /home/pf/blackhole

vi /home/pf/martians
------------------------------ cut here ------------------------------
0.0.0.0/8
10.0.0.0/8
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.168.0.0/23
192.168.2.0/24
192.168.4.0/22
192.168.8.0/21
192.168.16.0/20
192.168.32.0/19
192.168.64.0/18
192.168.128.0/17
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4
255.255.255.255/32
------------------------------ cut here ------------------------------

vi /home/pf/trusted
------------------------------ cut here ------------------------------
x.x.x.x/x
x.x.x.x
------------------------------ cut here ------------------------------

vi /etc/pf.conf
------------------------------ cut here ------------------------------
int_if="xn0"
dmz_if="xn1"

int_nb = "{ 10.20.0.0, 10.20.0.255 }"
dmz_nb = "{ 10.20.1.0, 10.20.1.255 }"
broadcast = "255.255.255.255"
multicast = "224.0.0.1"

int_network = "10.20.0.0/24"
int_address = "10.20.0.11"
int_gateway = "10.20.0.1"
dmz_network = "10.20.1.0/24"
dmz_address = "10.20.1.10"
dmz_gateway = "10.20.1.1"

auth_port = "{ 113 }"

icmp_types = "{ echorep, echoreq, timex, unreach }"

table <firewall> const { self }

table <ossec_fwtable> persist

table <blacklist> persist file "/usr/local/etc/snort/rules/iplists/black_list.rules"
table <blackhole> persist file "/home/pf/blackhole"
table <martians> persist file "/home/pf/martians"
table <trusted> persist file "/home/pf/trusted"

# Play nice
set block-policy return

# Increase default max state table entries
set limit { states 50000, frags 50000, table-entries 500000 }

# Allow anything via interface lo0
set skip on lo0

# Normalisation of incoming packets
scrub in

rdr on $int_if inet proto tcp from <trusted> to $int_address port 222 -> 10.20.1.11 port 22

nat on $int_if from $dmz_network to any -> $int_address

# Default rule (just to be sure)
pass in
pass out

# Default rule (just to be safe)
block in log
block out log

# block blackhole'd prefixes
block quick from <blacklist> to any
block quick from <blackhole> to any

# Reset ident
block return-rst in quick proto tcp from any to any port $auth_port flags S/SA

# Pass int in
pass in quick inet proto icmp from any to $int_address icmp-type $icmp_types keep state
pass in quick inet proto udp from 10.20.0.1 to $int_address port 68
pass in quick on $int_if inet proto tcp from <trusted> to any keep state
pass in quick on $int_if inet proto udp from <trusted> to any keep state

# Pass int out
pass out quick inet proto icmp from $int_address to any keep state
pass out quick inet proto udp from $int_address to any port 67

# Pass dmz in
pass in quick inet proto icmp from any to $dmz_address icmp-type $icmp_types keep state

# Pass dmz out
pass out quick on $dmz_if inet proto tcp from $dmz_address to $dmz_network keep state
pass out quick on $dmz_if inet proto tcp from <trusted> to any keep state
pass out quick on $dmz_if inet proto udp from <trusted> to any keep state

# Block anti-spoofing
block in log quick from urpf-failed

block in quick from any to $broadcast
block in quick from any to $multicast

# Block dmz in
block in quick log on $dmz_if from ($dmz_if) to any
block in quick log on $dmz_if from $dmz_nb to any

# Block dmz out
block out quick log on $dmz_if from !($dmz_if) to any
block out quick log on $dmz_if from any to ($dmz_if)
block out quick log on $dmz_if from any to $dmz_nb

# Block int in
block drop in quick on $int_if from $int_address to any
block drop in quick on $int_if from <martians> to any
block drop in quick on $int_if from <ossec_fwtable> to any
block out quick log on $int_if from any to $dmz_network
block out quick log on $int_if from any to $int_nb

# Pass dmz in/out
pass quick on $dmz_if

# Pass int in
pass in quick on $int_if inet proto tcp from any to $int_address port 443 keep state

# Pass int out
pass out quick on $int_if
------------------------------ cut here ------------------------------

pfctl -nf /etc/pf.conf
sh /etc/rc.d/pf start

Optionally install Wazuh agent (if you have a Wazuh manager)

portmaster -d lang/gcc

cd /root
fetch https://github.com/wang/gcczuh/wazuh/archive/v2.1.0.tar.gz
tar zxf v2.1.0.tar.gz
cd wazuh-2.1.0
./install.sh

vi /var/ossec/etc/ossec.conf
------------------------------ cut here ------------------------------
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/all.log</location>
  </localfile>
------------------------------ cut here ------------------------------

vi /usr/local/etc/rc.d/wazuh-agent
------------------------------ cut here ------------------------------
#!/bin/sh
#
# PROVIDE: wazuhagent
# REQUIRE: DAEMON
# BEFORE:  LOGIN
# KEYWORD: shutdown

. /etc/rc.subr

name="wazuhagent"
rcvar=wazuhagent_enable

load_rc_config $name

: ${wazuhagent_enable="NO"}

start_cmd="wazuhagent_command start"
stop_cmd="wazuhagent_command stop"
restart_cmd="wazuhagent_command restart"
status_cmd="wazuhagent_command status"
reload_cmd="wazuhagent_command reload"

command="/var/ossec/bin/ossec-control"
required_files="/var/ossec/etc/ossec.conf"
extra_commands="reload"

wazuhagent_command() {
        ${command} ${rc_arg}
}

run_rc_command "$1"
------------------------------ cut here ------------------------------

vi /etc/rc.conf.d/wazuhagent
------------------------------ cut here ------------------------------
wazuhagent_enable="YES"
------------------------------ cut here ------------------------------

/var/ossec/bin/agent-auth -m wazuh_manager_ip_address

cp /etc/localtime /var/ossec/etc/localtime

sh /usr/local/etc/rc.d/wazuh-agent start

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

required