ossec-authd

The ossec-authd program can automatically add an agent to a Wazuh manager and provide the key to the agent. The agent-auth application is the client application used with ossec-authd. ossec-authd creates an agent with an IP address of “any” instead of using a specifig IP address.

Warning

By default, there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.

-V

Version and license message.

-h

This help message.

-d

Debug mode. Use this parameter multiple times to increase the debug level.

-t

Test configuration.

-f

Run in foreground.

-i

Use client’s source IP address instead of any.

-F <time>

Remove old agent with same name or IP if its keepalive has more than the specified number of seconds.

-F no

Disable force insertion.

-r

Do not keep removed agents (delete).

-g <group>

Group to run as.

Default

ossec

-D <dir>

Directory to chroot into.

Default

/var/ossec

-p <port>

Manager port.

Default

1515

-P

Enable shared password authentication, at /var/ossec/etc/authd.pass or random.

-c <ciphers>

SSL cipher list. The format of this parameter is described in SSL ciphers.

Default

HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH

-v <path>

Full path to CA certificate used to verify clients.

-s

Used with -v, enable source host verification.

-x <path>

Full path to server certificate.

Default

/var/ossec/etc/sslmanager.cert.

-k <path>

Full path to server key.

Default

/var/ossec/etc/sslmanager.key.

-a

Auto negotiate the most secure common SSL/TLS method with the client.

Default

TLS v1.2 only (if supported by the server).

-L

Force insertion even though agent limit has been reached.