🔥
SEC-350: Enterprise and Network Security Controls
HomeTech JournalsPersonal ProjectsSysadmin Wiki
  • SEC-350: Enterprise and Network Security Controls
  • Breakdown
    • Course Overview
  • Labs
    • Lab 1.1: Routing and DMZ (VYOS/LOG)
    • Lab 2.1: Standardizing on Timezone
    • Lab 2.2: Syslog Organization on log01
    • Lab 3.1: Segmentation
    • Lab 3.2: Wazuh
    • Lab 4.1: Network Firewalls 1
    • Lab 6.1: Port Forwarding and Jump Boxes
    • Assessment Prep
    • Network Diagram After Assessment
    • Lab 10.1: Windows Logging
  • Projects
    • osquery
    • VPN Project
    • Threat Hunting
Powered by GitBook
On this page
  • Summary
  • Wazuh Install
  • Wazuh Agent Setup
  • Wazuh Agent Config
  1. Labs

Lab 3.2: Wazuh

PreviousLab 3.1: SegmentationNextLab 4.1: Network Firewalls 1

Last updated 2 years ago

Summary

During this lab we setup our Wazuh box with Wazoh and added the agent to web01.

Wazuh Install

  1. Curl install file and run it

curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Take not of the password that is gernated in the terminal if you miss it. It's in plane text in the wazuh-install-files.tar

  1. Navigate to the wazuh machines IP. Here you login with wazuh|<passwd from before>

Wazuh Agent Setup

  1. In the web gui navigate to the Agents tab

  1. Fill out correct information

  2. It will give you the commands to install the agent on selected machine

  1. Run that command on selected machine

  2. enable and start the agent

sudo systmectl deamon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
  1. Now under the Agents tab it should populate with the machines information

Wazuh Agent Config

Wazuh config files information is located in /var/ossec. The main config is /var/ossec/etc/shared/agent.conf

Config Documentation:

https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html