How to add wazuh-agent
Artikel kali ini berisi beberapa operasi dasar pada wazuh-manager dan wazuh-agent
wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.10.1-1_amd64.deb && WAZUH_MANAGER='192.168.1.111' WAZUH_AGENT_GROUP='server' WAZUH_AGENT_NAME='wazuh-8kanal' dpkg -i ./wazuh-agent_4.10.1-1_amd64.deb
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent
jika wazuh-agent tidak dapat di uninstall
apt remove wazuh-agent
rm -rf /var/ossec
rm -f /var/lib/dpkg/info/wazuh-agent*
nano /var/ossec/etc/ossec.conf
pastikan manager_ip terisi ip-server-wazuh
rename or add wazuh-agent-name from agent-node
/var/ossec/bin/agent-auth -m <WAZUH-MANAGER-IP> -A <YOUR_NEW_AGENT_NAME>
service wazuh-agent restart
/var/ossec/bin/agent_control -l
deply wazuh-agent berbasis rpm
curl -o wazuh-agent-4.10.1-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.10.1-1.x86_64.rpm && sudo WAZUH_MANAGER='192.168.1.111' WAZUH_AGENT_GROUP='server' WAZUH_AGENT_NAME='wazuh-4-jurnal' rpm -ihv wazuh-agent-4.10.1-1.x86_64.rpm
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
sudo iptables-save > /opt/iptrules.txt
sudo iptables-restore < /opt/iptrules.txt
iptables -nL --line-numbers
iptables -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 1514 -j ACCEPT
iptables -A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1514 -j ACCEPT
iptables -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 1515 -j ACCEPT
iptables -A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1515 -j ACCEPT
iptables -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW -m udp --dport 1514 -j ACCEPT
iptables -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1514 -j ACCEPT
iptables -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW -m udp --dport 1515 -j ACCEPT
iptables -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1515 -j ACCEPT
No comments