search
HomeTech JournalsPersonal ProjectsSysadmin Wiki

Lab 3.2: Wazuh

hashtag
Summary

During this lab we setup our Wazuh box with Wazoh and added the agent to web01.

hashtag
Wazuh Install

  1. Curl install file and run it

curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Take not of the password that is gernated in the terminal if you miss it. It's in plane text in the wazuh-install-files.tar

  1. Navigate to the wazuh machines IP. Here you login with wazuh|<passwd from before>

hashtag
Wazuh Agent Setup

  1. In the web gui navigate to the Agents tab

  1. Fill out correct information

  2. It will give you the commands to install the agent on selected machine

  1. Run that command on selected machine

  2. enable and start the agent

  1. Now under the Agents tab it should populate with the machines information

hashtag
Wazuh Agent Config

Wazuh config files information is located in /var/ossec. The main config is /var/ossec/etc/shared/agent.conf

Config Documentation: https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.htmlarrow-up-right

PreviousLab 3.1: SegmentationNextLab 4.1: Network Firewalls 1

Last updated