Lab Overview

This lab involved setting up a wazuh manager (Ubuntu Server) and adding a client (RHEL).

Installing Wazuh on Ubuntu Server

1. Run the following command to install wazuh on the manager system:

curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i

This command gets the install script from wazuh and runs it without checking for system requirements (-i).

2. Now that wazuh is installed, the web portal can now be accessed using the IP of the wazuh manager system:

https://<wazuh-manager-system-ip>

Creating a group

1. Groups can be created using the wazuh dashboard Management/Groups
2. In this example the group linux was created.

Registering wazuh agent

Agents can be configured through the CLI on the wazuh manager system or through the web portal. These instructions will be for the web portal.

1. Navigate to Wazuh/Agents and click Deploy New Agent
2. Follow the steps given for the agent system making sure to select proper architecture etc...
3. Using the commands provided from the process, install and run wazuh-agent on the agent system.
4. The agent should now be visible on the wazuh dashboard

Helpful tips

Sometimes the web portal can be dificult to navigate, this is an extremely helpful command that can be run on the wazuh manager to troubleshoot what is going on behind the scenes.

sudo /var/ossec/bin/manage_agents

This menu can allow you to get keys from agents as well as listing and adding new agents.

Regarding the agent, the configuration files are stored in /var/ossec/. Other dirs like /bin, and active-response are stored in this directory.