Windows from sources

This section describes how to download and build the Wazuh HIDS Windows Agent from sources. This process begins with compiling the Agent on a Linux system to generate the .msi installer for the Windows installation.

Note

The following procedure has been tested on Ubuntu 16.04 and other Debian based distributions and may work with other Debian/Ubuntu versions as well.

  1. Set up the Ubuntu build environment. Install these dependencies to build the Windows Wazuh agent installer on Ubuntu:

    # apt-get install gcc-mingw-w64
    # apt-get install nsis
    # apt-get install make
    
  2. Set up Windows build environment. To generate the installer, the following dependencies must be in place on the Windows machine:

  • WiX Toolset.

  • .NET framework 3.5.1.

  • Microsoft Windows SDK.

  1. Download the Wazuh source code and unzip it:

    # curl -Ls https://github.com/wazuh/wazuh/archive/v3.11.4.tar.gz | tar zx
    # cd wazuh-3.11.4/src
    
  2. Compile the Agent by running the make command:

    # make deps
    # make TARGET=winagent
    

    The following output will appear at the end of the building process:

    Done building winagent
    
  3. Moves the entire repository to the Windows machine. It is recommended to compress it to speed up the process.

    # zip -r wazuh.zip ../../wazuh-3.11.4
    
  4. Decompress the repository on the Windows machine, run the wazuh-installer-build-msi.bat script from the win32 folder.

    cd wazuh-3.11.4\src\win32
    .\wazuh-installer-build-msi.bat
    

If you do not want to sign the installer, you will have to comment or delete the signtool line in the previous script.

:: signtool sign /a /tr http://rfc3161timestamp.globalsign.com/advanced /d "%MSI_NAME%" /td SHA256 "%MSI_NAME%"

Note

Once the Agent is deployed with a normal or unattended installation, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit user manual.

Uninstall

To uninstall the agent, the original MSI file will be needed to perform the unattended process:

msiexec.exe /x wazuh-agent-3.11.4-1.msi /qn