安装wazuh-agent
1. windows
下载地址:https://packages.wazuh.com/3.x/windows/wazuh-agent-3.9.5-1.msi
安装运行
- 设置服务端ip
- 设置服务端生成的key.
设置端生成ip
root@wazuh-manager:/# /var/ossec/bin/manage_agents
#1. 按A添加一个agent,ip如果不是固定的,输入any
#2. 按E查看提取指定agent的key 先输入机器的id号,然后复制下来输入到agent中
****************************************
* Wazuh v3.9.3 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q: E
Available agents:
ID: 003, Name: alihk, IP: any
ID: 004, Name: win1064Bit-msv, IP: any
Provide the ID of the agent to extract the key (or 'q' to quit): 004
Agent key information for '004' is:
MDA0IHdpbjEwNjRCaXQtbXN2IGFueSBmM2ExZjRlMGIzOTkyMTE4ODUyMTBiMDA5NzNlYjI2NDI4OWViNjVkYTg0YzkyM2NkYjEwYjY1MzY0MzM4ODA3
2. debain
apt-get install curl apt-transport-https lsb-release gnupg2
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
apt-get update
#设置wazuh服务端ip
WAZUH_MANAGER_IP="192.168.1.90"
apt-get install wazuh-agent
#关闭wazuh更新
sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
apt-get update
手动配置版本
- 配置ossec.conf中的manage_ip为服务端ip
vim /var/ossec/etc/ossec.conf
- 导入服务端的key
/var/ossec/bin/manage_agents
systemctl restart wasuh-agent
3. centos
和debain操作都差不多,只是安装不一样.
# rpm --import http://packages.wazuh.com/key/GPG-KEY-WAZUH
# cat > /etc/yum.repos.d/wazuh.repo <<EOF
[wazuh_repo]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=Wazuh repository
baseurl=https://packages.wazuh.com/3.x/yum/
protect=1
EOF
yum install wazuh-agent