Deployment variables for Linux
Below is a table describing the variables used by Wazuh agent packages on Linux endpoints and a few examples of how to use them.
Option |
Description |
---|---|
WAZUH_MANAGER |
This is the primary Wazuh manager that the Wazuh agent will connect to for ongoing communication and security data exchange. Specifies the Wazuh manager IP address or FQDN (Fully Qualified Domain Name). If you want to specify multiple managers, you can add them separated by commas. See address. |
WAZUH_MANAGER_PORT |
Specifies the Wazuh manager connection port. See port. |
WAZUH_PROTOCOL |
Sets the communication protocol between the Wazuh manager and the Wazuh agent. Accepts UDP and TCP. The default is TCP. See protocol. |
WAZUH_REGISTRATION_SERVER |
Specifies the Wazuh enrollment server, used for the Wazuh agent enrollment. See manager_address. If empty, the value set in |
WAZUH_REGISTRATION_PORT |
Specifies the port used by the Wazuh enrollment server. See port. |
WAZUH_REGISTRATION_PASSWORD |
Sets password used to authenticate during enrollment, stored in |
WAZUH_KEEP_ALIVE_INTERVAL |
Sets the time between Wazuh agent checks for Wazuh manager connection. See notify_time. |
WAZUH_TIME_RECONNECT |
Sets the time interval for the Wazuh agent to reconnect with the Wazuh manager when connectivity is lost. See time-reconnect. |
WAZUH_REGISTRATION_CA |
Host SSL validation need of Certificate of Authority. This option specifies the CA path. See server_ca_path. |
WAZUH_REGISTRATION_CERTIFICATE |
The SSL agent verification needs a CA signed certificate and the respective key. This option specifies the certificate path. See agent_certificate_path. |
WAZUH_REGISTRATION_KEY |
Specifies the key path completing the required variables with WAZUH_REGISTRATION_CERTIFICATE for the SSL agent verification process. See agent_key_path. |
WAZUH_AGENT_NAME |
Designates the Wazuh agent's name. By default, it will be the computer name. See agent_name. |
WAZUH_AGENT_GROUP |
Assigns the Wazuh agent to one or more existing groups (separated by commas). See agent_groups. |
ENROLLMENT_DELAY |
Assigns the time that agentd should wait after a successful enrollment. See delay_after_enrollment. |
Examples:
Enrollment with password:
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" \ WAZUH_AGENT_NAME="yum-agent" yum install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" \ WAZUH_AGENT_NAME="apt-agent" apt-get install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" \ WAZUH_AGENT_NAME="zypper-agent" zypper install wazuh-agent
Enrollment with password and assigning a group:
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" \ WAZUH_AGENT_GROUP="my-group" yum install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" \ WAZUH_AGENT_GROUP="my-group" apt-get install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" \ WAZUH_AGENT_GROUP="my-group" zypper install wazuh-agent
Enrollment with relative path to CA. It will be searched at your Wazuh installation folder:
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_AGENT_NAME="yum-agent" \ WAZUH_REGISTRATION_CA="rootCA.pem" yum install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_AGENT_NAME="apt-agent" \ WAZUH_REGISTRATION_CA="rootCA.pem" apt-get install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_AGENT_NAME="zypper-agent" \ WAZUH_REGISTRATION_CA="rootCA.pem" zypper install wazuh-agent
Enrollment with protocol:
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_AGENT_NAME="yum-agent" \ WAZUH_PROTOCOL="udp" yum install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_AGENT_NAME="apt-agent" \ WAZUH_PROTOCOL="udp" apt-get install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_AGENT_NAME="zypper-agent" \ WAZUH_PROTOCOL="udp" zypper install wazuh-agent
Enrollment and adding multiple addresses:
# WAZUH_MANAGER="10.0.0.2,10.0.0.3" WAZUH_REGISTRATION_SERVER="10.0.0.2" \ WAZUH_AGENT_NAME="yum-agent" yum install wazuh-agent
# WAZUH_MANAGER="10.0.0.2,10.0.0.3" WAZUH_REGISTRATION_SERVER="10.0.0.2" \ WAZUH_AGENT_NAME="apt-agent" apt-get install wazuh-agent
# WAZUH_MANAGER="10.0.0.2,10.0.0.3" WAZUH_REGISTRATION_SERVER="10.0.0.2" \ WAZUH_AGENT_NAME="zypper-agent" zypper install wazuh-agent
Absolute paths to CA, certificate, or key that contain spaces can be written as shown below:
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_KEY="/var/ossec/etc/sslagent.key" \ WAZUH_REGISTRATION_CERTIFICATE="/var/ossec/etc/sslagent.cert" yum install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_KEY="/var/ossec/etc/sslagent.key" \ WAZUH_REGISTRATION_CERTIFICATE="/var/ossec/etc/sslagent.cert" apt-get install wazuh-agent
# WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_KEY="/var/ossec/etc/sslagent.key" \ WAZUH_REGISTRATION_CERTIFICATE="/var/ossec/etc/sslagent.cert" zypper install wazuh-agent
Note
It’s necessary to use both KEY and PEM options to verify Wazuh agents' identities with the enrollment server. See the additional security options section.