Lab 3.2: Wazuh - squatchulator/Tech-Journal GitHub Wiki

Lab 3.2 - Wazuh

Wazuh Installation (Single-node) On Wazuh (SSH from Mgmt01 to copy password easier): curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i

• Note: This will automatically start the Wazuh installation. You can access from https:// On Mgmt01 (In Wazuh):
• From the top drop-down, select -> Management -> Groups & make a new group called linux
• From the top drop-down, select -> Agents -> Deploy Agent
  • Now, select Redhat/CentOS -> CentOS 6 or higher - > x86_64 -> 172.16.200.10 -> Linux
• Run the output command on Web01 On Web01:

sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.11-1.x86_64.rpm
sudo systemctl enable wazuh
sudo systemctl start wazuh

Config file for agents: /var/ossec/etc/ossec.conf.