You can protect the manager from unauthorized registrations by using a password. Choose one by yourself, or let the registration service generate a random password. To register an agent using the registration service and a password, first follow the steps from the Manager section and then, follow the steps from the correspondig OS.
To allow this option, change the value to yes in the
<auth> ... <use_password>yes</use_password> ... </auth>
After changing the
ossec.conf file, you can use a custom password or let the registration process to generate a random password:
Using a custom password: create this file
/var/ossec/etc/authd.passand write in it your custom password. For example, if we want to use TopSecret as a password:# echo "TopSecret" > /var/ossec/etc/authd.pass
Using a random password: If no password is specified on
/var/ossec/etc/authd.pass, the registration service will create a random password. You can find the password in
/var/ossec/logs/ossec.log.# grep "Random password" /var/ossec/logs/ossec.log2019/04/25 15:09:50 ossec-authd: INFO: Accepting connections on port 1515. Random password chosen for agent authentication: 3027022fa85bb4c697dc0ed8274a4554
To enable these changes, you need to restart the Wazuh manager:
For Systemd:# systemctl start wazuh-manager
For SysV Init:# service wazuh-manager start
In this example, the password to registering the Wazuh agent is TopSecret.