AIX from sources

This guide describes how to install the Wazuh agent from source code for AIX. For other operating systems, please check the list: Install Wazuh agent.

Installing Wazuh agent

Note

All the commands described below need to be executed with root user privileges. Since Wazuh 3.5 it is necessary to have internet connection when following this process.

  1. Install development tools and compilers.

    1.1 Download the wget tool.

    # rpm -Uvh --nodeps http://www.oss4aix.org/download/RPMS/wget/wget-1.19.2-1.aix5.1.ppc.rpm
    

    1.2 Download the following script

    # wget https://raw.githubusercontent.com/wazuh/wazuh-packages/master/aix/generate_wazuh_packages.sh --no-check-certificate
    

    Note

    If you can't download the script this way, then you should copy it through the scp utility.

1.3 Install the necessary dependencies using the script.

# chmod +x generate_wazuh_packages.sh
# ./generate_wazuh_packages.sh -e

Note

This step may take a few minutes.

  1. Download the latest version.

    # wget -O wazuh.tar.gz --no-check-certificate https://api.github.com/repos/wazuh/wazuh/tarball/v3.13.2  && gunzip -c wazuh.tar.gz | tar -xvf -
    

    Note

    If you can't download the repository this way, then you should copy it through the scp utility.

  2. Compile the sources.

    # cd wazuh-*
    # gmake -C src deps RESOURCES_URL=https://packages.wazuh.com/deps/3.13
    # gmake -C src TARGET=agent USE_SELINUX=no PREFIX=/var/ossec DISABLE_SHARED=yes DISABLE_SYSC=yes
    
  3. Run the install.sh script. This will run a wizard that will guide you through the installation process using the Wazuh sources:

    # DISABLE_SHARED="yes" DISABLE_SYSC="yes" ./install.sh
    

    If you have previously compiled for another platform, you must clean the build using the Makefile in src:

    # gmake -C src clean-deps
    # gmake -C src clean
    

    Note

    During the installation, users can decide the installation path. Execute the ./install.sh and select the language, set the installation mode to agent, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default path of installation is /var/ossec. A commonly used custom path might be /opt. When choosing a different path than the default, if the directory already exist the installer will ask if delete the directory or if installing Wazuh inside. You can also run an unattended installation.

  4. Finally apply the following configuration:

    # sed '/System inventory/,/^$/{/^$/!d;}' /var/ossec/etc/ossec.conf > /var/ossec/etc/ossec.conf.tmp
    # mv /var/ossec/etc/ossec.conf.tmp /var/ossec/etc/ossec.conf
    

    Note

    Note that the above commands have been executed for the default installation path /var/ossec. If you have installed the agent in another path, you will have to modify the path of those commands.

Now that the agent is installed, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit the document: user manual.

Uninstall

To uninstall Wazuh agent:

# OSSEC_INIT="/etc/ossec-init.conf"
# . $OSSEC_INIT 2> /dev/null

Stop the service:

# service wazuh-agent stop 2> /dev/null

Stop the daemon:

# $DIRECTORY/bin/ossec-control stop 2> /dev/null

Remove files and service artifacts:

# rm -rf $DIRECTORY $OSSEC_INIT

Delete the service:

# find /etc/rc.d -name "*wazuh" | xargs rm -f

Remove users:

# userdel ossec 2> /dev/null
# userdel ossecm 2> /dev/null
# userdel ossecr 2> /dev/null
# groupdel ossec 2> /dev/null