lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/net-sec-controls-sec350/wazuh.md
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

981 B
Raw Blame History

Wazuh

Installing Server

  • run the following command: curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
  • remember to save the auto-generated password

Ports to open on firewall

  • 1514/TCP for agent communication.
  • 1515/TCP for enrollment via automatic agent request.
  • 55000/TCP for enrollment via Wazuh server API.

Installing Agents

  • Wazuh dropdown > Agents > enter agent configurations
  • run the generated command on the remote system to install the agent:
  • start agent service:
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

Agent directory structure

Wazuh agent files are stored in /var/ossec/. Key directories include:

  • /var/ossec/etc/ - Configuration files
    • /var/ossec/etc/ossec.conf - agent IP settings
  • /var/ossec/logs/ - Log files
  • /var/ossec/queue/ - Communication queue
  • /var/ossec/agentless/ - Agentless monitoring