{"id":9590,"date":"2021-07-10T23:26:03","date_gmt":"2021-07-10T20:26:03","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9590"},"modified":"2024-03-18T19:40:18","modified_gmt":"2024-03-18T16:40:18","slug":"install-wazuh-agent-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-wazuh-agent-on-rocky-linux-8\/","title":{"rendered":"Install Wazuh Agent on Rocky Linux 8"},"content":{"rendered":"\n

In this tutorial, you will learn how to install Wazuh agent on Rocky Linux 8. Our previous setup was on setting up Wazuh server with ELK on Rocky Linux. The Wazuh agent<\/a> is multi-platform and runs on the hosts that the user wants to monitor. It communicates with the Wazuh manager, sending data in near real time through an encrypted and authenticated channel<\/em>.<\/p>\n\n\n\n

In our previous guide, we learnt how to install Wazuh server on Rocky Linux 8.<\/p>\n\n\n\n

Install Wazuh Server on Rocky Linux 8<\/a><\/p>\n\n\n\n

Installing Wazuh Agent on Rocky Linux 8<\/h2>\n\n\n\n

In this tutorial, we are going to install the Wazuh agent in another Rocky Linux 8 Desktop acting at the end point from which we are collecting logs. <\/p>\n\n\n\n

Create the Wazuh Repository<\/h3>\n\n\n\n

Run the command below to create the Wazuh 4.x repository on Rocky Linux 8.<\/p>\n\n\n\n

\ncat > \/etc\/yum.repos.d\/wazuh.repo << 'EOL'\n[wazuh_repo] \ngpgcheck=1 \ngpgkey=https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH \nenabled=1 \nname=Wazuh repository \nbaseurl=https:\/\/packages.wazuh.com\/4.x\/yum\/ \nprotect=1 \nEOL\n<\/code><\/pre>\n\n\n\n
Import the Wazuh repository GPG key<\/p>\n\n\n\n
rpm --import http:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH<\/code><\/pre>\n\n\n\n
Install Wazuh Agent<\/h3>\n\n\n\n
Once the repos are in place, you can install Wazuh agent by running the command below;<\/p>\n\n\n\n
dnf -y install wazuh-agent<\/code><\/pre>\n\n\n\n
The installation is now complete.<\/p>\n\n\n\n
You can also specify the Wazuh manager from the command line. Replace the IP appropriately.<\/p>\n\n\n\n
WAZUH_MANAGER=<\/strong>\"192.168.60.19\" dnf install wazuh-agent<\/code><\/pre>\n\n\n\n
The next step is to enable the agent to communicate with the manager.<\/p>\n\n\n\n
Add Wazuh Agent on Wazuh Server<\/h3>\n\n\n\n
Login to Wazuh manager<\/strong>, and run the command below to add the agent to the server.<\/p>\n\n\n\n
\/var\/ossec\/bin\/manage_agents<\/code><\/pre>\n\n\n\n
\nWazuh v4.1.5 Agent manager. *\nThe following options are available: *\n\n(A)dd an agent (A).\n(E)xtract key for an agent (E).\n(L)ist already added agents (L).\n(R)emove an agent (R).\n(Q)uit.\nChoose your action: A,E,L,R or Q: A\n<\/code><\/pre>\n\n\n\n
Select add an agent (A) and press enter.<\/p>\n\n\n\n
Provide a name for the agent(in our case RockyLinux8Desktop) and IP of the agent and confirm.<\/p>\n\n\n\n
\n- Adding a new agent (use '\\q' to return to the main menu).\n  Please provide the following:\n   * A name for the new agent: RockyLinux8Desktop\n   * The IP Address of the new agent: 192.168.60.18\nConfirm adding it?(y\/n): y\nAgent added with ID 001.\n<\/code><\/pre>\n\n\n\n
Note the ID given to the agent<\/strong>, 001, in our case.<\/p>\n\n\n\n
If you want to add more agents, please do so.<\/p>\n\n\n\n
To automatically add the agent, Wazuh from the command line, simply use the command below;<\/p>\n\n\n\n
\/var\/ossec\/bin\/manage_agents -a <agent_IP> -n <agent_name><\/code><\/pre>\n\n\n\n
For example, to add the second agent to Wazuh server;<\/p>\n\n\n\n
\/var\/ossec\/bin\/manage_agents -a 192.168.60.20 -n Ubuntu20<\/code><\/pre>\n\n\n\n
Sample output;<\/p>\n\n\n\n
\n****************************************\n* Wazuh v4.1.5 Agent manager.          *\n* The following options are available: *\n****************************************\n   (A)dd an agent (A).\n   (E)xtract key for an agent (E).\n   (L)ist already added agents (L).\n   (R)emove an agent (R).\n   (Q)uit.\nChoose your action: A,E,L,R or Q: \n- Adding a new agent (use '\\q' to return to the main menu).\n  Please provide the following:\n   * A name for the new agent:    * The IP Address of the new agent: Confirm adding it?(y\/n): Agent added with ID 002.\n\nmanage_agents: Exiting.\n<\/code><\/pre>\n\n\n\n
You can list the agents using the command below;<\/p>\n\n\n\n
\/var\/ossec\/bin\/manage_agents -l<\/code><\/pre>\n\n\n\n
Sample output;<\/p>\n\n\n\n
Available agents:
ID: 001, Name: RockyLinux8Desktop, IP: 192.168.60.18
ID: 002, Name: Ubuntu20, IP: 192.168.60.20<\/code><\/pre>\n\n\n\n
Register Wazuh Agents<\/h3>\n\n\n\n
For an agent to communicate with the manager, you need to register the the agent key from the server and install it on the agent.<\/p>\n\n\n\n
There are two ways in which you can register Wazuh agents.<\/p>\n\n\n\n