Wazuh Agent Install - Ubuntu
-
Install Curl, Apt-Transport-HTTPS and LSB-Release
apt install curl apt install apt-transport-https apt install lsb-release
Extra dependencies for docker
apt install gnupg
Install Wazuh repository and GPG key
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list apt update
Install agent
apt install wazuh-agent
Disable automatic updates for agents
sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list apt update
Copy ossec.conf file for agent configuration settings.
I used this area to push an automatically configured ossec.conf file down to client You can manually edit /var/ossec/etc/ossec.conf
Add agent to wazuh server using SSL
systemctl restart wazuh-agent /var/ossec/bin/agent-auth -m 192.168.1.1 systemctl restart wazuh-agent
********************************************************** Manual agent registration notes are below in case automation fails *********************************************************** #*********************************************************** #On Wazuh Manager #*********************************************************** # sudo /var/ossec/bin/manage_agents # A to add # Enter Hostname and IP address of client(s) # E to Extract Key for Agent #*********************************************************** #*********************************************************** #On Wazuh Agent Machine #*********************************************************** # sudo /var/ossec/bin/manage_agents # I to import key (copy and paste key from wazuh manager) #**********************************************************