lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/net-sec-controls-sec350/wazuh.md
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

28 lines
981 B
Markdown
Raw Permalink Blame History

# Wazuh
## Installing Server
- run the following command: `curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i`
- remember to save the auto-generated password
### Ports to open on firewall
- **1514/TCP** for agent communication.
- **1515/TCP** for enrollment via automatic agent request.
- **55000/TCP** for enrollment via Wazuh server API.
## Installing Agents
- Wazuh dropdown > Agents > enter agent configurations
- run the generated command on the remote system to install the agent:
- start agent service:
```
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```
## Agent directory structure
Wazuh agent files are stored in /var/ossec/. Key directories include:
- `/var/ossec/etc/` - Configuration files
- `/var/ossec/etc/ossec.conf` - agent IP settings
- `/var/ossec/logs/` - Log files
- `/var/ossec/queue/` - Communication queue
- `/var/ossec/agentless/` - Agentless monitoring
View git blame Copy permalink