Breaking News

How to config wazuh-server and wazuh-agent

3:31 PM

 wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.10.1-1_amd64.deb && WAZUH_MANAGER='192.168.1.111' WAZUH_AGENT_GROUP='server' WAZUH_AGENT_NAME='wazuh-8kanal' dpkg -i ./wazuh-agent_4.10.1-1_amd64.deb

systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent

jika wazuh-agent tidak dapat di uninstall
apt remove wazuh-agent
rm -rf /var/ossec
rm -f /var/lib/dpkg/info/wazuh-agent*

nano /var/ossec/etc/ossec.conf
pastikan manager_ip terisi ip-server-wazuh

rename or add wazuh-agent-name from agent-server
/var/ossec/bin/agent-auth -m <WAZUH-MANAGER-IP> -A <YOUR_NEW_AGENT_NAME>
service wazuh-agent restart

delete wazuh-agent from manager-server
/var/ossec/bin/manage_agents -r <agentID>

deploy wazuh-agent berbasis rpm
curl -o wazuh-agent-4.10.1-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.10.1-1.x86_64.rpm && sudo WAZUH_MANAGER='192.168.1.111' WAZUH_AGENT_GROUP='server' WAZUH_AGENT_NAME='wazuh-4-jurnal' rpm -ihv wazuh-agent-4.10.1-1.x86_64.rpm

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

sudo iptables-save > /opt/iptrules.txt
sudo iptables-restore < /opt/iptrules.txt
iptables -nL --line-numbers
sudo iptables -A INPUT -p tcp --dport 1514 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 1514 -m conntrack --ctstate ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1515 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 1515 -m conntrack --ctstate ESTABLISHED -j ACCEPT

No comments

Subscribe to: Post Comments ( Atom )