Using the registration service with password authorization

You can protect the manager from unauthorized registrations by using a password. Choose one by yourself, or let the registration service generate a random password. To register an agent using the registration service and a password, first follow the steps from the Manager section and then, follow the steps from the correspondig OS.

Manager

To allow this option, change the value to yes in the /var/ossec/etc/ossec.conf file:

<auth>
  ...
  <use_password>yes</use_password>
  ...
</auth>

After changing the ossec.conf file, you can use a custom password or let the registration process to generate a random password:

  1. Using a custom password: create this file /var/ossec/etc/authd.pass and write in it your custom password. For example, if we want to use TopSecret as a password:

# echo "TopSecret" > /var/ossec/etc/authd.pass

  1. Using a random password: If no password is specified on /var/ossec/etc/authd.pass, the registration service will create a random password. You can find the password in /var/ossec/logs/ossec.log.

# grep "Random password" /var/ossec/logs/ossec.log

2019/04/25 15:09:50 ossec-authd: INFO: Accepting connections on port 1515. Random password chosen for agent authentication: 3027022fa85bb4c697dc0ed8274a4554

To enable these changes, you need to restart the Wazuh manager:

  1. For Systemd:

# systemctl start wazuh-manager

  1. For SysV Init:

# service wazuh-manager start

Note

In this example, the password to registering the Wazuh agent is TopSecret.

Agents

Now, follow the instructions to register the agent depending on the OS of the host: