安装wazuh-agent
1. windows
下载地址:https://packages.wazuh.com/3.x/windows/wazuh-agent-3.9.5-1.msi
安装运行
- 设置服务端ip
- 设置服务端生成的key.
设置端生成ip
root@wazuh-manager:/# /var/ossec/bin/manage_agents#1. 按A添加一个agent,ip如果不是固定的,输入any#2. 按E查看提取指定agent的key 先输入机器的id号,然后复制下来输入到agent中***************************************** Wazuh v3.9.3 Agent manager. ** The following options are available: ***************************************** (A)dd an agent (A). (E)xtract key for an agent (E). (L)ist already added agents (L). (R)emove an agent (R). (Q)uit.Choose your action: A,E,L,R or Q: EAvailable agents: ID: 003, Name: alihk, IP: any ID: 004, Name: win1064Bit-msv, IP: anyProvide the ID of the agent to extract the key (or '\q' to quit): 004Agent key information for '004' is:MDA0IHdpbjEwNjRCaXQtbXN2IGFueSBmM2ExZjRlMGIzOTkyMTE4ODUyMTBiMDA5NzNlYjI2NDI4OWViNjVkYTg0YzkyM2NkYjEwYjY1MzY0MzM4ODA3
2. debain
apt-get install curl apt-transport-https lsb-release gnupg2curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.listapt-get update#设置wazuh服务端ipWAZUH_MANAGER_IP="192.168.1.90" apt-get install wazuh-agent#关闭wazuh更新sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.listapt-get update
手动配置版本
- 配置ossec.conf中的manage_ip为服务端ip
vim /var/ossec/etc/ossec.conf
导入服务端的key
/var/ossec/bin/manage_agents
systemctl restart wasuh-agent3. centos
和debain操作都差不多,只是安装不一样.
# rpm --import http://packages.wazuh.com/key/GPG-KEY-WAZUH# cat > /etc/yum.repos.d/wazuh.repo <<\EOF[wazuh_repo]gpgcheck=1gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUHenabled=1name=Wazuh repositorybaseurl=https://packages.wazuh.com/3.x/yum/protect=1EOF
yum install wazuh-agent