# Lab 3.2: Wazuh ### Summary During this lab we setup our Wazuh box with Wazoh and added the agent to web01. ### Wazuh Install 1. Curl install file and run it ``` curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a ``` Take not of the password that is gernated in the terminal if you miss it. It's in plane text in the `wazuh-install-files.tar` 2. Navigate to the wazuh machines IP. Here you login with `wazuh|` ### Wazuh Agent Setup 1. In the web gui navigate to the Agents tab

2. Fill out correct information 3. It will give you the commands to install the agent on selected machine

4. Run that command on selected machine 5. enable and start the agent ``` sudo systmectl deamon-reload sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent ``` 6. Now under the Agents tab it should populate with the machines information

### Wazuh Agent Config Wazuh config files information is located in /var/ossec. The main config is /var/ossec/etc/shared/agent.conf

Config Documentation: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://paul-gleason.gitbook.io/sec-350-enterprise-and-network-security-controls-1/labs/lab-3.2-wazuh.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.