Using the registration service with password authorization

You can protect the manager from unauthorized registrations by using a password. Choose one by yourself, or let the registration service generate a random password. To register an agent using the registration service and a password, first follow the steps from the Manager section and then, follow the steps from the corresponding OS.


To allow this option, change the value to yes in the /var/ossec/etc/ossec.conf file:


After changing the ossec.conf file, you can use a custom password or let the registration process to generate a random password:

  1. Using a custom password: create this file /var/ossec/etc/authd.pass and write in it your custom password. For example, if we want to use TopSecret as a password:

# echo "TopSecret" > /var/ossec/etc/authd.pass
  1. Using a random password: If no password is specified on /var/ossec/etc/authd.pass, the registration service will create a random password. You can find the password in /var/ossec/logs/ossec.log.

# grep "Random password" /var/ossec/logs/ossec.log
2019/04/25 15:09:50 ossec-authd: INFO: Accepting connections on port 1515. Random password chosen for agent authentication: 3027022fa85bb4c697dc0ed8274a4554

To enable these changes, you need to restart the Wazuh manager:

  1. For Systemd:

# systemctl start wazuh-manager
  1. For SysV Init:

# service wazuh-manager start


In this example, the password to registering the Wazuh agent is TopSecret.


Now, follow the instructions to register the agent depending on the OS of the host: