This process will go through the installation of the Wazuh Agent in a 1 GB RAM Ubuntu Server 20.04 node, 2 GB Kali Linux.
Note: Root user privileges are required to execute all the following commands.
# apt install curl apt-transport-https lsb-release gnupg2
# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
# echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
# apt update
# WAZUH_MANAGER="10.0.2.15" apt-get install wazuh-agent
Replace the IP with your Wazuh Manager’s host IP.
# systemctl daemon-reload
# systemctl enable wazuh-agent
# systemctl start wazuh-agent
# systemctl status wazuh-agent
It is recommended to disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:
# sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
# apt update
This process will go through the installation of the Wazuh Agent in a 512 MB Windows XP node. But the same process will be applicable to the later versions.
Note: To perform the installation, administrator privileges are required.
To start the installation process, download the Windows installer.
Open CMD as an administrator and run this command:
wazuh-agent-4.1.5-1.msi /q WAZUH_MANAGER="10.0.2.15" WAZUH_REGISTRATION_SERVER="10.0.2.15"
OR, Open Powershell as an administrator and run this command:
.\wazuh-agent-4.1.5-1.msi /q WAZUH_MANAGER="10.0.2.15" WAZUH_REGISTRATION_SERVER="10.0.2.15"
Replace the IP with your Wazuh Manager’s host IP.
By default, all agent files are stored in C:\Program Files (x86)\ossec-agent after the installation.
Now go to the host where Wazuh Manager installed and run this command
# sudo /var/ossec/bin/manage_agents -l
# sudo /var/ossec/bin/agent_control -l
# sudo tail -f /var/ossec/logs/alerts/alerts.log