AIX from sources
This guide describes how to install the Wazuh agent from source code for AIX. For other operating systems, please check the list: Install Wazuh agent.
Installing Wazuh agent
Note
All the commands described below need to be executed with root user privileges. Since Wazuh 3.5 it is necessary to have internet connection when following this process.
Install development tools and compilers.
1.1 Download the
wget
tool.# rpm -Uvh --nodeps http://www.oss4aix.org/download/RPMS/wget/wget-1.19.2-1.aix5.1.ppc.rpm
1.2 Download the following script
# wget https://raw.githubusercontent.com/wazuh/wazuh-packages/master/aix/generate_wazuh_packages.sh --no-check-certificate
Note
If you can't download the script this way, then you should copy it through the scp utility.
1.3 Install the necessary dependencies using the script.
# chmod +x generate_wazuh_packages.sh # ./generate_wazuh_packages.sh -eNote
This step may take a few minutes.
Download the latest version.
# wget -O wazuh.tar.gz --no-check-certificate https://api.github.com/repos/wazuh/wazuh/tarball/v3.13.2 && gunzip -c wazuh.tar.gz | tar -xvf -
Note
If you can't download the repository this way, then you should copy it through the scp utility.
Compile the sources.
# cd wazuh-* # gmake -C src deps RESOURCES_URL=https://packages.wazuh.com/deps/3.13 # gmake -C src TARGET=agent USE_SELINUX=no PREFIX=/var/ossec DISABLE_SHARED=yes DISABLE_SYSC=yes
Run the
install.sh
script. This will run a wizard that will guide you through the installation process using the Wazuh sources:# DISABLE_SHARED="yes" DISABLE_SYSC="yes" ./install.sh
If you have previously compiled for another platform, you must clean the build using the Makefile in
src
:# gmake -C src clean-deps # gmake -C src clean
Note
During the installation, users can decide the installation path. Execute the
./install.sh
and select the language, set the installation mode toagent
, then set the installation path (Choose where to install Wazuh [/var/ossec]
). The default path of installation is/var/ossec
. A commonly used custom path might be/opt
. When choosing a different path than the default, if the directory already exist the installer will ask if delete the directory or if installing Wazuh inside. You can also run an unattended installation.Finally apply the following configuration:
# sed '/System inventory/,/^$/{/^$/!d;}' /var/ossec/etc/ossec.conf > /var/ossec/etc/ossec.conf.tmp # mv /var/ossec/etc/ossec.conf.tmp /var/ossec/etc/ossec.conf
Note
Note that the above commands have been executed for the default installation path /var/ossec. If you have installed the agent in another path, you will have to modify the path of those commands.
Now that the agent is installed, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit the document: user manual.
Uninstall
To uninstall Wazuh agent:
# OSSEC_INIT="/etc/ossec-init.conf" # . $OSSEC_INIT 2> /dev/null
Stop the service:
# service wazuh-agent stop 2> /dev/null
Stop the daemon:
# $DIRECTORY/bin/ossec-control stop 2> /dev/null
Remove files and service artifacts:
# rm -rf $DIRECTORY $OSSEC_INIT
Delete the service:
# find /etc/rc.d -name "*wazuh" | xargs rm -f
Remove users:
# userdel ossec 2> /dev/null # userdel ossecm 2> /dev/null # userdel ossecr 2> /dev/null # groupdel ossec 2> /dev/null