Registering Wazuh agents - additional information
OpenSSL package requirement
The registration service
requires an SSL certificate on the Wazuh manager in order to work. This certificate will be automatically generated by the package during the installation if the openssl
package is installed. The package will create the certificate and the key needed to run the authentication process called ossec-authd
. This certificate and the key can be found on the Wazuh manager in the /var/ossec/etc/sslmanager.cert
and the
/var/ossec/etc/sslmanager.key
files.
The ossec-authd
service is used to obtain an unique key, one per each Wazuh agent, which allows to authenticate with the Wazuh communication service and to encrypt traffic. The communication is done over TLS protocol.
The agent-auth
program is the client application used along with the ossec-authd
to automatically add the Wazuh agent to the Wazuh manager.
Wazuh agents' keys
The Wazuh manager uses the /var/ossec/etc/client.keys
file to store the registration record of each Wazuh agent, which includes ID, name, IP, and key.
Example:
001 Server1 any e20e0394dca71bacdea57d4ca25d203f836eca12eeca1ec150c2e5f4309a653a
002 ServerProd 192.246.247.247 b0c5548beda537daddb4da698424d0856c3d4e760eaced803d58c07ad1a95f4c
003 DBServer 192.168.0.1/24 8ec4843da9e61647d1ec3facab542acc26bd0e08ffc010086bb3a6fc22f6f65b
The Wazuh agents also have the /var/ossec/etc/client.keys
file, containing only their own registration record.
Example for Server1
Wazuh agent:
001 Server1 any e20e0394dca71bacdea57d4ca25d203f836eca12eeca1ec150c2e5f4309a653a
Basic data for registering the Wazuh agent
In order to register Wazuh agent, it is necessary to provide the name and the IP address of the Wazuh agent.
There are several ways to set the Wazuh agent's IP:
Any IP
: Allows the Wazuh agent to connect with any IP address. Example:Server1
hasany
IP.
Fixed IP
: Allows the Wazuh agent to connect only with the specified IP. Example:ServerProd
has the IP192.246.247.247
.
Range IP
: Allows the Wazuh agent to connect with the IP within the specified range. Example:DBServer
has the IP range192.168.0.1/24
.
Registration methods using agent-auth
utility can automatically detect the IP of the Wazuh agent during the registration process.