Wazuh Agent Install - CentOS
-
Add CentOS repository
cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=Wazuh repository baseurl=https://packages.wazuh.com/3.x/yum/ protect=1 EOF
Install agent
yum install -y wazuh-agent
Disable automatic updates for agents
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo yum update
Copy ossec.conf file for agent configuration settings.
I used this area to push an automatically configured ossec.conf file down to client You can manually edit /var/ossec/etc/ossec.conf
Add agent to wazuh server using SSL
systemctl restart wazuh-agent /var/ossec/bin/agent-auth -m 192.168.1.1 systemctl restart wazuh-agent********************************************************** Manual agent registration notes are below in case automation fails *********************************************************** #*********************************************************** #On Wazuh Manager #*********************************************************** # sudo /var/ossec/bin/manage_agents # A to add # Enter Hostname and IP address of client(s) # E to Extract Key for Agent #*********************************************************** #*********************************************************** #On Wazuh Agent Machine #*********************************************************** # sudo /var/ossec/bin/manage_agents # I to import key (copy and paste key from wazuh manager) #********************************************************** -
Why are you disabling agent updates?
-
@JaredBusch said in Wazuh Agent Install - CentOS:
Why are you disabling agent updates?
It is recommended by wazuh in their documentation to prevent automatic updates.
-
@JaredBusch said in Wazuh Agent Install - CentOS:
Why are you disabling agent updates?
Wazuh doesn't understand how to maintain their own repository, so when OSSIM updates their stuff, it breaks Wazuh. It's silly, easily fixable, and I don't have the time to maintain the thing myself.
