Lab 3.2: Wazuh

Summary

During this lab we setup our Wazuh box with Wazoh and added the agent to web01.

Wazuh Install

1. Curl install file and run it

curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Take not of the password that is gernated in the terminal if you miss it. It's in plane text in the wazuh-install-files.tar

1. Navigate to the wazuh machines IP. Here you login with wazuh|<passwd from before>

Wazuh Agent Setup

1. In the web gui navigate to the Agents tab

1. Fill out correct information

2. It will give you the commands to install the agent on selected machine

1. Run that command on selected machine

2. enable and start the agent

sudo systmectl deamon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

1. Now under the Agents tab it should populate with the machines information

Wazuh Agent Config

Wazuh config files information is located in /var/ossec. The main config is /var/ossec/etc/shared/agent.conf

Config Documentation: https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html