Windows from sources¶
This section describes how to download and build the Wazuh HIDS Windows Agent from sources. This process begins with compiling the Agent on a Linux system to generate the .msi installer for the Windows installation.
The following procedure has been tested on Ubuntu 16.04 and other Debian based distributions and may work with other Debian/Ubuntu versions as well.
Set up the Ubuntu build environment. Install these dependencies to build the Windows Wazuh agent installer on Ubuntu:
# apt-get install gcc-mingw-w64 # apt-get install nsis # apt-get install make
Set up Windows build environment. To generate the installer, the following dependencies must be in place on the Windows machine:
.NET framework 3.5.1.
Microsoft Windows SDK.
Download the Wazuh source code and unzip it:
# curl -Ls https://github.com/wazuh/wazuh/archive/v3.11.4.tar.gz | tar zx # cd wazuh-3.11.4/src
Compile the Agent by running the
# make deps # make TARGET=winagent
The following output will appear at the end of the building process:
Done building winagent
Moves the entire repository to the Windows machine. It is recommended to compress it to speed up the process.
# zip -r wazuh.zip ../../wazuh-3.11.4
Decompress the repository on the Windows machine, run the wazuh-installer-build-msi.bat script from the win32 folder.
cd wazuh-3.11.4\src\win32 .\wazuh-installer-build-msi.bat
If you do not want to sign the installer, you will have to comment or delete the signtool line in the previous script.:: signtool sign /a /tr http://rfc3161timestamp.globalsign.com/advanced /d "%MSI_NAME%" /td SHA256 "%MSI_NAME%"
Once the Agent is deployed with a normal or unattended installation, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit user manual.
To uninstall the agent, the original MSI file will be needed to perform the unattended process:
msiexec.exe /x wazuh-agent-3.11.4-1.msi /qn