Skip to content

dgalus/wazuh-gmail

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

wazuh-gmail.py

wazuh-gmail.py

 
 

Repository files navigation

wazuh-gmail

Gmail relay for wazuh.

Requirements

  • python3 < 3.12
  • wazuh-server

Installation

  1. Clone repository.
git clone https://github.com/dgalus/wazuh-gmail
sudo cp wazuh-gmail /opt
cd /opt/wazuh-gmail
  1. Create python virtual environment and install dependencies.
sudo python3 -m venv venv
./venv/bin/pip install -r requirements.txt
  1. Navigate to your Google API console and
  • create new project or select existing
  • under "Credentials", select "Create credentials" and create a new "OAuth client ID". If you would already have such an ID, you can skip this step and just re-use the one you have
  • you will be asked which type of app will use this ID, choose “Other” and give your app an easy-to-remember name
  • next up comes the most important screen, giving you your client ID and secret key. Write both of these down and do not give these out to others!
  1. Run sudo ./venv/bin/python wazuh-gmail.py --configure.
  • enter Client ID
  • enter Client Secret
  • enter selected gmail email address
  • open URL address generated by script and follow the instructions
  • enter verification code.
  1. Create file /etc/systemd/system/wazuh-gmail.service, insert the following content and save it.
[Unit]
Description=Wazuh Gmail Relay
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/opt/wazuh-gmail
ExecStart=/opt/wazuh-gmail/venv/bin/python /opt/wazuh-gmail/wazuh-gmail.py --run
RemainAfterExit=no
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target
  1. Start service.
sudo systemctl enable wazuh-gmail
sudo systemctl start wazuh-gmail
  1. Open /var/ossec/etc/ossec.conf and check if:
  • there is the following content in section <ossec_config><global>
<email_notification>yes</email_notification>
<smtp_server>127.0.0.1</smtp_server>
<email_from>YOUR_SENDER_EMAIL_ADDRESS@gmail.com</email_from>
<email_to>YOUR_RECIPIENT_EMAIL_ADDRESS@gmail.com</email_to>
<email_log_source>alerts.log</email_log_source>
  • there is the following section in <ossec_config>
<alerts>
  <log_alert_level>4</log_alert_level>
  <email_alert_level>12</email_alert_level>
</alerts>
  1. Restart wazuh.
sudo systemctl restart wazuh-gmail

About

Gmail relay for wazuh.

Topics

relay oauth google oauth2 gmail smtp mta wazuh wazuh-maild

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages