Install the Linux Wazuh agents

Use the following procedure separately on your Linux Agent and Elastic Server instances to install, register and configure them to connect to the Wazuh manager.

Log in and sudo to root

Remember to do this on both your Linux Agent and on your Elastic Server:

[user@user_machine]$ ssh -i Wazuh_Lab.pem centos@ELASTIC_SERVER_IP
[root@elastic-server ~]$ sudo su -

[user@user_machine]$ ssh -i Wazuh_Lab.pem centos@LINUX_AGENT_IP
[centos@linux-agent ~]$ sudo su -

Add the Wazuh yum repository

# cat > /etc/yum.repos.d/wazuh.repo <<\EOF
[wazuh_repo]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=Wazuh repository
baseurl=https://packages.wazuh.com/3.x/yum/
protect=1
EOF

Install and connect Wazuh agent to Manager

Install the Wazuh agent software

# WAZUH_MANAGER="172.30.0.10" WAZUH_REGISTRATION_PASSWORD="please123" \
WAZUH_PROTOCOL="tcp" yum -y install wazuh-agent

Verify the agent has properly connected:

# grep ^status /var/ossec/var/run/ossec-agentd.state

You should see output like this:

status='connected'

Note

The /var/ossec/var/run/ossec-agentd.state file on Unix-like platforms and the C:\Program Files (x86)\ossec-agent\ossec-agent.state file on Windows platforms contain several useful pieces of information about the state of the Wazuh agent's connection with the Wazuh manager. See the file content itself for more information.

Now disable the Wazuh repository in order to prevent a future unintended upgrade that may cause a version conflict with the current installation.

# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo