The DEB package is suitable for Debian 7 or greater. For other operating systems or Linux distributions, please check the list: Install Wazuh agent.
All the commands described below need to be executed with root user privileges.
To perform this procedure, the
lsb-releasepackages must be installed on your system. If they are not already present, install them using the commands below:
# apt-get install curl apt-transport-https lsb-release gnupg2
Install the Wazuh repository GPG key:
# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
Add the repository:
# echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
Update the package information:
# apt-get update
On your terminal, install the Wazuh agent. You can choose installation or deployment:
Installation:# apt-get install wazuh-agent
Now that the agent is installed, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit the document: user manual.
You can automate the agent registration and configuration using variables. It is necessary to define at least the variable
WAZUH_MANAGER. The agent will use this value to register and it will be the assigned manager for forwarding events.# WAZUH_MANAGER="10.0.0.2" apt-get install wazuh-agent
See the following document for additional deployment options: deployment variables.
(Optional) Disable the Wazuh updates:
We recommend maintaining the Wazuh manager version greater or equal to that of the Wazuh agents. As a result, we recommended disabling the Wazuh repository in order to prevent accidental upgrades. To do this, use the following command:# sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list # apt-get update
Alternatively, if you want to download the wazuh-agent package directly, or check the compatible versions, you can do it from here.
To uninstall the agent:
# apt-get remove wazuh-agent
There are files marked as configuration files. Due to this designation, the package manager doesn't remove those files from the filesystem. The complete files removal action can be done using the following command:
# apt-get remove --purge wazuh-agent