On the Wazuh VM,I installed Wazuh using the command, curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
After the installation, I browsed to the wazuh server from mgmt01 and logged in as the admin user. The result is shown below:
Wazuh Agent on web01
In the Wazuh configuraition page in the "Wazuh dropdown > management > groups" created a new group called "linux"
In "Wazuh dropdown > agents", I deployed a new agent with the following configuration:
Step 1: Redhat/CentoS
Step 2: CentOS 6 or higher (Note, it will work on rocky 8)
Step 3: x86_64
Step 4: 172.16.200.10
Step 5: linux
Step 6: I ran this command on the web01 server sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.10-1.x86_64.rpm
Step 7: Start the Wazuh agent on web01 using the following commands:
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
After setup is complete, the wazuh agents page looks like the following:
Logging
Wazuh will log events that occur on the wazuh agents.
I tested this by using invalid ssh logins on the web01 system. Wazuh logged the invalid logins, which can be seen below:
