Wazuh Agent Install - Ubuntu




  • Install Curl, Apt-Transport-HTTPS and LSB-Release


    apt install curl
    apt install apt-transport-https
    apt install lsb-release
    

    Extra dependencies for docker


    apt install gnupg
    

    Install Wazuh repository and GPG key


    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
    echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
    apt update
    

    Install agent


    apt install wazuh-agent
    

    Disable automatic updates for agents


    sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
    apt update
     
    

    Copy ossec.conf file for agent configuration settings.


    I used this area to push an automatically configured ossec.conf file down to client
    You can manually edit /var/ossec/etc/ossec.conf
    

    Add agent to wazuh server using SSL


    systemctl restart wazuh-agent
    /var/ossec/bin/agent-auth -m 192.168.1.1
    systemctl restart wazuh-agent
     
    
    **********************************************************
    Manual agent registration notes are below in case
    automation fails
    ***********************************************************
    
    
    #***********************************************************
    #On Wazuh Manager
    #***********************************************************
    
    # sudo /var/ossec/bin/manage_agents
    # A to add
    # Enter Hostname and IP address of client(s)
    # E to Extract Key for Agent
    #***********************************************************
    
    #***********************************************************
    #On Wazuh Agent Machine
    #***********************************************************
    # sudo /var/ossec/bin/manage_agents
    # I to import key (copy and paste key from wazuh manager)
    #**********************************************************