anti_tampering
You can configure anti-tampering to prevent uninstallation of the Wazuh agent package on Linux without manager validation.
Options
package_uninstallation
Enables or disables the validation requirement for a user to uninstall the Wazuh agent package.
Default value |
no |
Allowed values |
yes, no |
Configuration example
<!-- Enables validation requirement to uninstall Wazuh agent package -->
<anti_tampering>
<package_uninstallation>yes</package_uninstallation>
</anti_tampering>
Wazuh server API connection data
Environment variables |
Description |
Required/Optional |
---|---|---|
VALIDATION_TOKEN |
Token to make a Wazuh server API request. |
Either |
VALIDATION_LOGIN |
Wazuh server API username and password to generate a
token. Format: |
Either |
VALIDATION_SSL_VERIFY |
Enable SSL verification with the Wazuh server API
certificate. Format: |
Optional - |
VALIDATION_HOST |
Host and port where the Wazuh server API is installed.
Format: |
Required |
You can create a file such as /$(WAZUH_DIR)/etc/uninstall_validation.env
to export the environment variables. For example:
#!/bin/sh
export VALIDATION_LOGIN="wazuh:wazuh"
export VALIDATION_HOST="192.168.0.3:55000"
export VALIDATION_SSL_VERIFY="false"