This method is similar to the simple registration service, except that it provides additional protection of the Wazuh manager from unauthorized registrations by using a password.
Before the registration process, enabling the password authorization option and creating the registration password has to be done on the Wazuh manager. This password can be used for the subsequent agent registrations with the same Wazuh manager.
When those steps are completed, the Wazuh agent can be registered using the
agent-auth utility and providing the password. After the registration, the Wazuh agent has to be configured to indicate the destination where the collected security events will be sent.
Enabling the password authorization option and creating a registration password on the Wazuh manager
To enable password authorization amend the Wazuh manager’s
/var/ossec/etc/ossec.confconfiguration file as shown below:
<auth> ... <use_password>yes</use_password> ... </auth>
Choose custom password or let the registration service generate one:
Using a custom password
Using a random password
Restart the Wazuh manager: