Installing the Wazuh agent from sources
The Wazuh agent is a lightweight monitoring software. It is a multi-platform component that provides visibility into the endpoint’s security by collecting critical system and application logs/events. The following section explains how to install it from sources across different operating systems.
This section covers installing dependencies, downloading and compiling the source code, running the installation wizard, and uninstalling the Wazuh agent if necessary.
Installing dependencies
Before compiling Wazuh from sources, you need to install the required build tools and libraries for the destination operating system. This section covers the essential development tools, compilers, and build utilities needed to compile the Wazuh agent successfully on different platforms.
Note
You need root user privileges to run all the commands described below. Since Wazuh 3.5, an Internet connection is required to follow this process.
Note
CMake 3.12.4 is the minimal library version required to build the Wazuh agent solution.
Note
GCC 9.4 is the minimal compiler version required to build the Wazuh agent solution.
Install development tools and compilers. In Linux, this can easily be done using your distribution’s package manager:
# apt-get install python3 gcc g++ make libc6-dev curl policycoreutils automake autoconf libtool libssl-dev procps build-essentialCMake 3.18 installation
# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install # cd .. && rm -rf cmake-*# yum update -y # yum install make gcc gcc-c++ policycoreutils-python automake autoconf libtool centos-release-scl openssl-devel wget bzip2 procps -y # curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /bin/g++ /usr/bin/c++ && ln -fs /bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-*CMake 3.18 installation
# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz # cd cmake-3.18.3 && ./bootstrap --no-system-curl # make -j$(nproc) && make install # cd .. && rm -rf cmake-*# yum install make gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel cmake procps -y # curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /bin/g++ /usr/bin/c++ && ln -fs /bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-* # yum-config-manager --enable PowerTools # yum install libstdc++-static -yCMake 3.18 installation
# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install # cd .. && rm -rf cmake-* # export PATH=/usr/local/bin:$PATH# yum install make gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel cmake procps -y # curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /bin/g++ /usr/bin/c++ && ln -fs /bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-* # yum config-manager --set-enabled crb # yum install libstdc++-static -yCMake 3.18 installation
# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install # cd .. && rm -rf cmake-* # export PATH=/usr/local/bin:$PATH# dnf update -y # dnf groupinstall "Development Tools" # dnf install gmp-devel mpfr-devel libmpc-devel isl-devel make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils procps -y # curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /usr/bin/g++ /bin/c++ && ln -fs /usr/bin/gcc /bin/cc && cd .. && rm -rf gcc-* # dnf config-manager --set-enabled crb # dnf install libstdc++-static -yCMake 3.18 installation
# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install # cd .. && rm -rf cmake-* # export PATH=/usr/local/bin:$PATH# zypper install -y make gcc12 gcc12-c++ policycoreutils-python automake autoconf libtool libopenssl-devel curl # ln -sf /usr/bin/gcc-12 /usr/bin/gcc # ln -sf /usr/bin/g++-12 /usr/bin/g++CMake 3.18 installation
# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install # cd .. && rm -rf cmake-*Note
For Suse 11, it is possible that some of the tools are not found in the package manager. In that case, you can add the following official repository:
# zypper addrepo http://download.opensuse.org/distribution/11.4/repo/oss/ ossGCC/G++ 14 is the recommended version to build Wazuh.
# pacman --noconfirm -Syu curl gcc14 make sudo wget expect gnupg perl-base perl fakeroot python brotli automake autoconf libtool gawk libsigsegv nodejs base-devel inetutils cmake
This section covers installing dependencies on Ubuntu and Windows endpoints. For Windows agent installation, Wazuh uses cross-compilation from a Linux environment to build the Windows installer package.
Note
This procedure is tested on Ubuntu 22.04 and might work with other Debian/Ubuntu versions as well. It is required to use MinGW 10.
Set up the Ubuntu build environment. Install these dependencies to build the Windows Wazuh agent installer on Ubuntu:
# apt-get install curl gcc-mingw-w64 g++-mingw-w64-i686 g++-mingw-w64-x86-64 nsis make cmake
Set up Windows build environment. To generate the installer, the following dependencies must be in place on the Windows machine:
-
Note
If you install a WiX Toolset version other than v3.11 on your Windows endpoint, update the batch file at:
wazuh-4.14.0/src/win32/wazuh-installer-build-msi.bat. On line 3, replace"WiX Toolset v3.11"with the exact version you installed. .NET Framework 3.5.1.
Microsoft Windows SDK.
-
This section covers installing dependencies on macOS systems. The process involves installing Homebrew and setting up build tools.
Install Homebrew, the package manager for macOS.
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Note
On some macOS versions, this command may fail with a message indicating that
homebrew/coreis a shallow clone. To fix this issue, run:$ rm -rf "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" $ brew tap homebrew/core
Then, re-run the Homebrew installation command above.
Install development tools and compilers through Brew:
$ brew install automake autoconf libtool cmake
This section covers installing dependencies on IBM AIX systems. The process involves setting up the build environment and installing dependencies.
AIX 6.1 TL9 or greater is the supported version for the following installation procedure.
Note
All the commands described below need to be executed with root user privileges. Since Wazuh 3.5, an Internet connection is required for this process.
Download the
wgettool.# rpm -Uvh --nodeps http://packages-dev.wazuh.com/deps/aix/wget-1.19-1.aix6.1.ppc.rpm
Download the following script.
# wget https://raw.githubusercontent.com/wazuh/wazuh/v4.14.0/packages/aix/generate_wazuh_packages.sh --no-check-certificate
Note
If you can’t download the script this way, then you should download it using another machine and copy it to the AIX machine via the scp utility.
Download bash and libiconv.
# rpm -Uvh --nodeps http://packages-dev.wazuh.com/deps/aix/bash-4.4-4.aix6.1.ppc.rpm # rpm -Uvh --nodeps http://packages-dev.wazuh.com/deps/aix/libiconv-1.14-22.aix6.1.ppc.rpm
Install the necessary dependencies using the script.
# chmod +x generate_wazuh_packages.sh # ./generate_wazuh_packages.sh -e
Note
This step may take a few minutes.
This section covers installing dependencies on HP-UX systems. The process involves setting up the build environment and installing dependencies.
Note
All the commands described below need to be executed with root user privileges. Since Wazuh 3.5, an internet connection is required for this process.
Download the
depothelper-2.10-hppa_32-11.31.depotfile.# /usr/local/bin/wget https://raw.githubusercontent.com/wazuh/wazuh/v4.14.0/packages/hp-ux/depothelper-2.20-ia64_64-11.31.depot --no-check-certificate
Note
If you can’t download the script this way, then you should download it using another machine and copy it to the HP-UX machine via the scp utility.
Install the package manager. The absolute path to the depot file is used.
# swinstall -s /ABSOLUTE/PATH/depothelper-2.10-hppa_32-11.31.depot \*
Download the
wgettool (If it is not installed).# /usr/local/bin/depothelper -f wget
Download the following script
# /usr/local/bin/wget https://raw.githubusercontent.com/wazuh/wazuh/v4.14.0/packages/hp-ux/generate_wazuh_packages.sh --no-check-certificate
Note
If you can't download the script this way, then you should copy it via the scp utility.
Install the necessary dependencies using the script.
# chmod +x generate_wazuh_packages.sh # ./generate_wazuh_packages.sh -e
Note
This step may take a long time.
This section covers installing dependencies on Oracle Solaris systems. The process involves setting up build tools and installing dependencies for both i386 and SPARC architectures.
Note
All the commands described below need to be executed with root user privileges. Since Wazuh 3.5, an internet connection is required for this process.
Run the bash shell and install pkgutil.
# bash # PATH="${PATH}:/usr/sbin:/usr/bin:/usr/sbin/:/opt/csw/gnu/:/usr/sfw/bin/:/opt/csw/bin/" # export PATH # pkgadd -d http://get.opencsw.org/now
Install the following tools:
# /opt/csw/bin/pkgutil -y -i git cmake automake autoconf gmake libtool wget curl gcc5core gcc5g++ gtar
Download and build the gcc/g++ 5.5 compiler:
# curl -L http://packages.wazuh.com/utils/gcc/gcc-5.5.0.tar.gz | gtar xz && cd gcc-5.5.0 # curl -L http://packages.wazuh.com/utils/gcc/mpfr-2.4.2.tar.bz2 | gtar xj && mv mpfr-2.4.2 mpfr # curl -L http://packages.wazuh.com/utils/gcc/gmp-4.3.2.tar.bz2 | gtar xj && mv gmp-4.3.2 gmp # curl -L http://packages.wazuh.com/utils/gcc/mpc-0.8.1.tar.gz | gtar xz && mv mpc-0.8.1 mpc # curl -L http://packages.wazuh.com/utils/gcc/isl-0.14.tar.bz2 | gtar xj && mv isl-0.14 isl # unset CPLUS_INCLUDE_PATH && unset LD_LIBRARY_PATH # export PATH=/usr/sbin:/usr/bin:/usr/ccs/bin:/opt/csw/bin # mkdir -p /usr/local # ./configure --prefix=/usr/local/gcc-5.5.0 --enable-languages=c,c++ --disable-multilib --disable-libsanitizer --disable-bootstrap --with-ld=/usr/ccs/bin/ld --without-gnu-ld --with-gnu-as --with-as=/opt/csw/bin/gas # gmake && gmake install # export CPLUS_INCLUDE_PATH=/usr/local/gcc-5.5.0/include/c++/5.5.0 # export LD_LIBRARY_PATH=/usr/local/gcc-5.5.0/lib # echo "export PATH=/usr/sbin:/usr/bin:/usr/ccs/bin:/opt/csw/bin" >> /etc/profile # echo "export CPLUS_INCLUDE_PATH=/usr/local/gcc-5.5.0/include/c++/5.5.0" >> /etc/profile # echo "export LD_LIBRARY_PATH=/usr/local/gcc-5.5.0/lib" >> /etc/profile # rm -rf gcc-* # ln -sf /usr/local/gcc-5.5.0/bin/g++ /usr/bin/g++ # cd ..
Note
The
gmakestep will take several minutes to complete. This is normal behavior.Install cmake library:
# curl -sL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz | gtar xz # cd cmake-3.18.3 # ./bootstrap # gmake && gmake install # cd .. && rm -rf cmake-3.18.3 # ln -sf /usr/local/bin/cmake /usr/bin/cmake
Download and install perl 5.10.1.
# wget http://www.cpan.org/src/5.0/perl-5.10.1.tar.gz # gunzip ./perl-5.10.1.tar.gz && tar xvf perl-5.10.1.tar # cd perl-5.10.1 # ./Configure -Dcc=gcc -d -e -s # gmake clean && gmake -d -s # gmake install -d -s # cd ..
Remove the old version of perl and replace it with perl 5.10.1.
# rm /usr/bin/perl # mv /opt/csw/bin/perl5.10.1 /usr/bin/ # mv /usr/bin/perl5.10.1 /usr/bin/perl # rm -rf perl-5.10.1*
Install pkgutil and update it.
# pkgadd -d http://get.opencsw.org/now # export PATH="${PATH}:/usr/sfw/bin:/opt/csw/bin:/opt/ccs/bin" # pkgutil -y -U
Install python 2.7.
# /opt/csw/bin/pkgutil -y -i python27 # ln -sf /opt/csw/bin/python2.7 /usr/bin/python
Install the following tools:
# /opt/csw/bin/pkgutil -y -i git gmake cmake gcc5core gcc5g++
Install a gcc version to include all files needed in the next step:
# pkg install gcc-45
Download and build the gcc/g++ 5.5 compiler:
# curl -O https://packages.wazuh.com/utils/gcc/gcc-5.5.0.tar.gz && gtar xzf gcc-5.5.0.tar.gz # ln -sf gcc-5.5.0 gcc # cd gcc && ./contrib/download_prerequisites # cd .. && mkdir -p gcc-build && cd gcc-build # ../gcc/configure --prefix=/usr/local/gcc-5.5.0 --enable-languages=c,c++ --disable-multilib --disable-libsanitizer --disable-bootstrap --with-ld=/usr/ccs/bin/ld --without-gnu-ld --with-gnu-as --with-as=/opt/csw/bin/gas # gmake # gmake install # export PATH=/usr/local/gcc-5.5.0/bin/:/usr/local/bin/:/usr/bin/:/usr/sbin/:$PATH # export CPLUS_INCLUDE_PATH=/usr/local/gcc-5.5.0/include/c++/5.5.0/ # export LD_LIBRARY_PATH=/usr/local/gcc-5.5.0/lib/ # cd ..
Note
The
gmakestep will take several minutes to complete. This is normal behavior.Install cmake library:
# curl -O -L https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && gtar xzf cmake-3.18.3.tar.gz && ln -sf cmake-3.18.3 cmake # cd cmake && ./bootstrap # gmake # gmake install # cd .. && rm -rf cmake-*
Installing the Wazuh agent
This section walks you through downloading the Wazuh source code, compiling it, and running the installation wizard to set up the Wazuh agent on your system.
Download and extract the latest version:
# curl -Ls https://github.com/wazuh/wazuh/archive/v4.14.0.tar.gz | tar zx # cd wazuh-4.14.0
If you have previously compiled for another platform, you must clean the build using the Makefile in
src/:# make -C src clean # make -C src clean-deps
Build the Wazuh agent with gcc-14 and g++-14, this only applies to distributions with the Pacman package manager:
# cd wazuh-4.14.0/src # make TARGET=agent deps # make TARGET=agent CC=gcc-14 CXX=g++-14 # cd ..
Run the
install.shscript. This will run a wizard that will guide you through the installation process using the Wazuh sources:# cd wazuh-4.14.0 # ./install.sh
Note
During the installation, users can decide the installation path. Execute the
./install.shscript and select the language, set the installation mode toagent, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default installation path is/var/ossec. A commonly used custom path is/opt. When choosing a different path than the default, if the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it. You can also run an unattended installation.The script will ask about what kind of installation you want. Type
agentto install a Wazuh agent:1- What kind of installation do you want (manager, agent, local, hybrid or help)? agent
This process involves compiling the Wazuh agent and generating an MSI installer package.
Download the Wazuh source code on the Ubuntu machine and unzip it:
# curl -Ls https://github.com/wazuh/wazuh/archive/v4.14.0.tar.gz | tar zx # cd wazuh-4.14.0/src
Compile the Agent by running the
makecommand:# make deps TARGET=winagent # make TARGET=winagent
The following output will appear at the end of the building process:
Done building winagent
Move the repository to the Windows machine. We recommend compressing it to speed up the process:
# cd ../.. && zip -r wazuh.zip wazuh-4.14.0
Decompress the repository on the Windows machine, run the
wazuh-installer-build-msi.batscript from the win32 folder:> cd wazuh-4.14.0\src\win32 > .\wazuh-installer-build-msi.bat
If you do not want to sign the installer, you will have to comment out or delete the signtool line in the previous script.
Specify the version and the revision number when prompted. This will also generate the Windows installer file. In the following output, the version is set as 4.14.0, and the revision is set as 1. This generates the Windows installer
wazuh-agent-4.14.0-1.msiC:\wazuh\wazuh-4.14.0\src\win32>REM IF VERSION or REVISION are empty, ask for their value C:\wazuh\wazuh-4.14.0\src\win32>IF [] == [] set /p VERSION=Enter the version of the Wazuh agent (x.y.z): Enter the version of the Wazuh agent (x.y.z):4.14.0 C:\wazuh\wazuh-4.14.0\src\win32>IF [] == [] set /p REVISION=Enter the revision of the Wazuh agent: Enter the revision of the Wazuh agent:1 C:\wazuh\wazuh-4.14.0\src\win32>SET MSI_NAME=wazuh-agent-4.14.0-1.msi
Install
wazuh-agent-4.14.0-1.msi. See the installation guide.
This section covers installing the Wazuh agent from sources on macOS systems
Download and extract the latest version:
# curl -Ls https://github.com/wazuh/wazuh/archive/v4.14.0.tar.gz | tar zx
Note
All the commands described below need to be executed with root user privileges.
If you have previously compiled for another platform, you must clean the build using the Makefile in
src:# cd wazuh-4.14.0 # make -C src clean # make -C src clean-deps
Run the
install.shscript. This will run a wizard that will guide you through the installation process using the Wazuh sources:# cd wazuh-4.14.0 # USER_DIR="/Library/Ossec" ./install.sh
Note
Note that with the variable
USER_DIR, it has been indicated that the agent installation path is/Library/OssecThe script will ask about what kind of installation you want. Type
agentto install a Wazuh agent:1- What kind of installation do you want (manager, agent, local, hybrid, or help)? agent
Note
During the installation, users can decide on the installation path. Execute the
./install.shscript and select the language, set the installation mode toagent, then set the installation path (Choose where to install Wazuh [/Library/Ossec]). The default installation path is/Library/Ossec. When choosing a different path than the default, if the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it. You can also run an unattended installation.
Download the latest version:
# wget -O wazuh.tar.gz --no-check-certificate https://api.github.com/repos/wazuh/wazuh/tarball/v4.14.0 # gunzip -c wazuh.tar.gz | tar -xvf -
Note
If you can't download the repository this way, then you should copy it via the scp utility.
Compile the sources:
# cd wazuh-4.14.0 # cd src # gmake clean-deps # gmake clean # gmake deps TARGET=agent RESOURCES_URL=http://packages.wazuh.com/deps/27 # gmake TARGET=agent USE_SELINUX=no PREFIX=/var/ossec
If you have previously compiled for another platform, you must clean the build using the Makefile in
src/:# gmake -C src clean-deps # gmake -C src clean
Run the
install.shscript. This will run a wizard that will guide you through the installation process using the Wazuh sources:# cd .. # ./install.sh
Note
During the installation, users can decide on the installation path. Execute the
./install.shscript and select the language, set the installation mode toagent, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default installation path is/var/ossec. A commonly used custom path is/opt. When choosing a different path than the default, if the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it. You can also run an unattended installation.Finally, apply the following configuration:
# sed '/System inventory/,/^$/{/^$/!d;}' /var/ossec/etc/ossec.conf > /var/ossec/etc/ossec.conf.tmp # mv /var/ossec/etc/ossec.conf.tmp /var/ossec/etc/ossec.conf
Note
Note that the above commands have been executed for the default installation path /var/ossec. If you have installed the agent in another path, you will have to modify the path of those commands.
Download the latest version:
# /usr/local/bin/curl -k -L -O https://github.com/wazuh/wazuh/archive/v4.14.0.zip && /usr/local/bin/unzip v4.14.0
Note
If you can't download the repository this way, then you should copy it via the scp utility.
Compile the sources:
# cd wazuh-4.14.0 # /usr/local/bin/gmake -C src deps RESOURCES_URL=http://packages.wazuh.com/deps/27 TARGET=agent # /usr/local/bin/gmake -C src TARGET=agent USE_SELINUX=no
If you have previously compiled for another platform, you must clean the build using the Makefile in
src/:# /usr/local/bin/gmake -C src clean-deps # /usr/local/bin/gmake -C src clean
Run the
install.shscript. This will run a wizard that will guide you through the installation process using the Wazuh sources:# ./install.shNote
During the installation, users can decide the installation path. Execute the
./install.shscript and select the language, set the installation mode toagent, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default installation path is/var/ossec. A commonly used custom path is/opt. When choosing a different path than the default, if the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it. You can also run an unattended installation.
Download the latest version of Wazuh:
# /opt/csw/bin/git clone -b v4.14.0 https://github.com/wazuh/wazuh.git
Compile the sources.
For Solaris 10 i386:
# export PATH=/usr/local/gcc-5.5.0/bin:/usr/sbin:/usr/bin:/usr/ccs/bin:/opt/csw/bin:/opt/csw/gnu # export CPLUS_INCLUDE_PATH=/usr/local/gcc-5.5.0/include/c++/5.5.0 # export LD_LIBRARY_PATH=/usr/local/gcc-5.5.0/lib # cd wazuh/src # gmake clean # gmake deps TARGET=agent # gmake -j 4 TARGET=agent PREFIX=/var/ossec USE_SELINUX=no # cd ..
For Solaris 10 SPARC:
# export PATH=/usr/local/gcc-5.5.0/bin:/usr/sbin:/usr/bin:/usr/ccs/bin:/opt/csw/bin:/opt/csw/gnu # export CPLUS_INCLUDE_PATH=/usr/local/gcc-5.5.0/include/c++/5.5.0 # export LD_LIBRARY_PATH=/usr/local/gcc-5.5.0/lib # cd wazuh/src # gmake clean # gmake deps TARGET=agent RESOURCES_URL=http://packages.wazuh.com/deps/27 # gmake -j 4 TARGET=agent PREFIX=/var/ossec USE_SELINUX=no USE_BIG_ENDIAN=yes # cd ..
Patch Solaris 10
shfiles to change the shebang:# for file in $(find . -name "*.sh");do sed 's:#!/bin/sh:#!/usr/xpg4/bin/sh:g' $file > $file.new mv $file.new $file && chmod +x $file done
If you have previously compiled for another platform, you must clean the build using the Makefile in
src/:# gmake -C src clean # gmake -C src clean-deps
Run the
install.shscript. This will run a wizard that will guide you through the installation process using the Wazuh sources:# bash install.sh
Note
During the installation, users can decide on the installation path. Execute the
./install.shscript and select the language, set the installation mode toagent, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default installation path is/var/ossec. A commonly used custom path is/opt. When choosing a different path than the default, if the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it. You can also run an unattended installation.The script will ask about what kind of installation you want. Type
agentto install a Wazuh agent:1- What kind of installation do you want (manager, agent, local, hybrid, or help)? agent
Download the latest version.
# git clone -b v4.14.0 https://github.com/wazuh/wazuh.git
Note
If you can’t download the file due to an OpenSSL error, then you should copy the directory with the scp utility.
If you have previously compiled for another platform, you must clean the build using the Makefile in
src/:# gmake -C src clean # gmake -C src clean-deps
Run the
install.shscript. This will run a wizard that will guide you through the installation process using the Wazuh sources:# cd wazuh* # ./install.sh
Note
During the installation, users can decide on the installation path. Execute the
./install.shscript and select the language, set the installation mode toagent, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default installation path is/var/ossec. A commonly used custom path is/opt. When choosing a different path than the default, if the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it. You can also run an unattended installation.The script will ask about what kind of installation you want. Type
agentto install a Wazuh agent:1- What kind of installation do you want (manager, agent, local, hybrid, or help)? agent
Next steps
Now that the agent is installed, the next step is to enroll the agent with the Wazuh server. For more information about this process, please check the Wazuh agent enrollment section.
Uninstall
To uninstall the Wazuh agent, set
WAZUH_HOMEwith the current installation path:# WAZUH_HOME="/WAZUH/INSTALLATION/PATH"
Stop the service:
# service wazuh-agent stop 2> /dev/null
Stop the daemon:
# $WAZUH_HOME/bin/wazuh-control stop 2> /dev/null
Remove the installation folder and all its content:
# rm -rf $WAZUH_HOME
Delete the service:
# [ -f /etc/rc.local ] && sed -i'' '/wazuh-control start/d' /etc/rc.local # find /etc/{init.d,rc*.d} -name "*wazuh*" | xargs rm -f
# find /etc/systemd/system -name "wazuh*" | xargs rm -f # systemctl daemon-reload
Remove Wazuh user and group:
# userdel wazuh 2> /dev/null # groupdel wazuh 2> /dev/null
To uninstall the agent, the original MSI file will be needed to perform the unattended process:
msiexec.exe /x wazuh-agent-4.14.0-1.msi /qn
To uninstall the Wazuh agent, set
WAZUH_HOMEto the current installation path:# WAZUH_HOME="/WAZUH/INSTALLATION/PATH"
Stop the service:
# service wazuh-agent stop 2> /dev/null
Stop the daemon:
# $WAZUH_HOME/bin/wazuh-control stop 2> /dev/null
Remove the installation folder and all its content:
# rm -rf $WAZUH_HOME
Delete the service:
# rm -rf /Library/StartupItems/WAZUH
Remove Wazuh user and group:
# dscl . -delete "/Users/wazuh" > /dev/null 2>&1 # dscl . -delete "/Groups/wazuh" > /dev/null 2>&1
To uninstall the Wazuh agent, set
WAZUH_HOMEto the current installation path:# WAZUH_HOME="/WAZUH/INSTALLATION/PATH"
Stop the service:
# service wazuh-agent stop 2> /dev/null
Stop the daemon:
# $WAZUH_HOME/bin/wazuh-control stop 2> /dev/null
Remove the installation folder and all its content:
# rm -rf $WAZUH_HOME
Delete the service:
# find /etc/rc.d -name "*wazuh*" | xargs rm -f
Remove Wazuh user and group:
# userdel wazuh 2> /dev/null # groupdel wazuh 2> /dev/null
To uninstall the Wazuh agent, set
WAZUH_HOMEto the current installation path:# WAZUH_HOME="/WAZUH/INSTALLATION/PATH"
Stop the service:
# service wazuh-agent stop 2> /dev/null
Stop the daemon:
# $WAZUH_HOME/bin/wazuh-control stop 2> /dev/null
Remove the installation folder and all its content:
# rm -rf $WAZUH_HOME
Delete the service:
# find /sbin/{init.d,rc*.d} -name "*wazuh*" | xargs rm -f
Remove the Wazuh user and group
# userdel wazuh 2> /dev/null # groupdel wazuh 2> /dev/null
To uninstall the Wazuh agent, set
WAZUH_HOMEto the current installation path:# WAZUH_HOME="/WAZUH/INSTALLATION/PATH"
Stop the service:
# service wazuh-agent stop 2> /dev/null
Stop the daemon:
# $WAZUH_HOME/bin/wazuh-control stop 2> /dev/null
Remove the installation folder and all its content:
# rm -rf $WAZUH_HOME
Delete the service:
# find /etc/{init.d,rc*.d} -name "*wazuh*" | xargs rm -f
Remove Wazuh user and group:
# userdel wazuh 2> /dev/null # groupdel wazuh 2> /dev/null