The API will bind to port 55000/tcp by default and requires username and password authentication. The default username and password is "foo" and "bar".

Configuration script

Run the script /var/ossec/api/scripts/ to configure the basic settings.

The script supports both unattended and attended configuration. To set the parameters of the unattended configuration use the file /var/ossec/api/configuration/preloaded_vars.conf. This file will be removed after running the script to remove any sensitive information written there.

Configuration file

You can configure certain API settings in the file /var/ossec/api/configuration/config.js:

// Path
config.ossec_path = "/var/ossec";
// The host to bind the API to. = "";
// TCP Port used by the API.
config.port = "55000";
// Use HTTP protocol over TLS/SSL. Values: yes, no.
config.https = "yes";
// Use HTTP authentication. Values: yes, no.
config.basic_auth = "yes";
//In case the API run behind a proxy server, turn to "yes" this feature. Values: yes, no.
config.BehindProxyServer = "no";

Make sure to restart wazuh-api service after editing the configuration file:

  1. For Systemd:

# systemctl restart wazuh-api
  1. For SysV Init:

# service wazuh-api restart

Basic Authentication

It is generally recommended that new credentials be created to replace foo:bar. This can be done very easily with the following steps, substituting your desired username for myUserName:

# cd /var/ossec/api/configuration/auth
# node htpasswd -c user myUserName

Once you run the above command, enter your desired password at the prompt.

Do not forget to restart the API to apply the changes:

  1. For Systemd:

# systemctl restart wazuh-api
  1. For SysV Init:

# service wazuh-api restart

Manually enable https support

Generate the key and certificate request (the Openssl package is required):

# cd /var/ossec/api/configuration/ssl
# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr

By default, the key's password must be entered every time you run the server. If you don't want to enter the password every time, you can remove it by running these commands:

# cp server.key
# openssl rsa -in -out server.key

Next generate your self-signed certificate:

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

And remove temporary files:

# rm server.csr
# rm