Amazon Linux from package
The RPM package is suitable for installation on Amazon Linux 1 or greater. For other operating systems or Linux distributions, please check the list: Install Wazuh agent.
Note
All the commands described below need to be executed with root user privileges.
Installing Wazuh agent
Adding the Wazuh repository:
# rpm --import http://packages.wazuh.com/key/GPG-KEY-WAZUH # cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=Wazuh repository baseurl=https://packages.wazuh.com/3.x/yum/ protect=1 EOF
On your terminal, install the Wazuh agent. You can choose an installation or a deployment:
Installation:
# yum install wazuh-agent-3.11.4-1Now that the agent is installed, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit the document: user manual.
Deployment:
You can automate the agent registration and configuration using variables. It is necessary to define at least the variable
WAZUH_MANAGER
. The agent will use this value to register and it will be the assigned manager for forwarding events.# WAZUH_MANAGER="10.0.0.2" yum install wazuh-agent-3.11.4-1See the following document for additional automated deployment options: deployment variables.
(Optional) Disable the Wazuh repository:
We recommend maintaining the Wazuh manager version greater or equal to that of the Wazuh agents. As a result, we recommended disabling the Wazuh repository in order to prevent accidental upgrades. To do this, use the following command:
# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
Alternatively, if you want to download the wazuh-agent package directly, or check the compatible versions, you can do it from here.
Uninstall
To uninstall the agent:
# yum remove wazuh-agent
There are files marked as configuration files. Due to this designation, the package manager doesn't remove those files from the filesystem. The complete files removal action is a user responsibility. It can be done by removing the folder /var/ossec
.