migrate to git.charlotte.sh
This commit is contained in:
Charlotte Croce
commit
fbd588721e
412 changed files with 13750 additions and 0 deletions
28
net-sec-controls-sec350/wazuh.md
Normal file
28
net-sec-controls-sec350/wazuh.md
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
# Wazuh
|
||||
|
||||
## Installing Server
|
||||
- run the following command: `curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i`
|
||||
- remember to save the auto-generated password
|
||||
|
||||
### Ports to open on firewall
|
||||
- **1514/TCP** for agent communication.
|
||||
- **1515/TCP** for enrollment via automatic agent request.
|
||||
- **55000/TCP** for enrollment via Wazuh server API.
|
||||
|
||||
## Installing Agents
|
||||
- Wazuh dropdown > Agents > enter agent configurations
|
||||
- run the generated command on the remote system to install the agent:
|
||||
- start agent service:
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable wazuh-agent
|
||||
sudo systemctl start wazuh-agent
|
||||
```
|
||||
|
||||
## Agent directory structure
|
||||
Wazuh agent files are stored in /var/ossec/. Key directories include:
|
||||
- `/var/ossec/etc/` - Configuration files
|
||||
- `/var/ossec/etc/ossec.conf` - agent IP settings
|
||||
- `/var/ossec/logs/` - Log files
|
||||
- `/var/ossec/queue/` - Communication queue
|
||||
- `/var/ossec/agentless/` - Agentless monitoring
|
||||
Loading…
Add table
Add a link
Reference in a new issue