SEC 350 Lab 3.2 Wazuh - DefiantCoder/Tech-Journals GitHub Wiki
Install
curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
- Make sure to save your password. if you miss it it is in the
wazuh-install-files.tarfile. You will need the loginwazuhand that password to access your Wazuh
On log01-adam
firewall-cmd --add-port 1515/tcp --permanent
firewall-cmd --add-port 1514/tcp --permanent
firewall-cmd --add-port 514/tcp --permanent
firewall-cmd --add-port 514/udp --permanent
firewall-cmd --add-port 55000/tcp --permanent
firewall-cmd --add-port 443/tcp --permanent
web01 Wazuh setup
Access Wazuh at 172.16.200.10 using the credentials stated above.
Redhat/CentoS
CentOS 6 or higher (Note, it will work on rocky 8)
x86_64
172.16.200.10
linux
Run this command on your web01 server
Start the Wazuh agent on web01
sudo systmectl deamon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
- Wazuh config files information is in
/var/ossec.- The main config is
/var/ossec/etc/shared/agent.conf
- The main config is
