Wazuh agent enrollment password
1,010 views
Skip to first unread message
ITBTFSI -
Apr 4, 2024, 5:50:45 PM4/4/24
to Wazuh | Mailing List
Hi All,
Hope you are all well.
I have installed the wazuh agent on several computers but without the password option. I would like to know if there is a way to update these agents with a password or would I have to remove and reinstall the agent (but with the password intergrated)
thanks!
Hatem
Apr 4, 2024, 6:15:42 PM4/4/24
to ITBTFSI -, Wazuh | Mailing List
Hi
What do you mean by password intergrated
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e17c3de0-f10a-482d-a3f7-e348fd4c7789n%40googlegroups.com.
Stuti Gupta
Apr 4, 2024, 10:50:40 PM4/4/24
to Wazuh | Mailing List
Hi team!
Please allow me some time. I'm looking into this query and will update you with an appropriate answer.
Please allow me some time. I'm looking into this query and will update you with an appropriate answer.
Stuti Gupta
Apr 5, 2024, 5:30:10 AM4/5/24
to Wazuh | Mailing List
Hi Hatem
Hope you are doing well.
There is no need to remove and reinstall the agent You just need to follow these steps:
1. Enable the password authentication option by adding the configuration highlighted below to the <auth> section of the manager configuration file /var/ossec/etc/ossec.conf.
<auth>
<use_password>yes</use_password>
</auth>
2. Setting your own password. This is done by creating the file /var/ossec/etc/authd.pass on the manager with your password. Replace <CUSTOM_PASSWORD> with your chosen agent enrollment password and run the following command:
echo "<CUSTOM_PASSWORD>" > /var/ossec/etc/authd.pass
3. Change the authd.pass file permissions and ownership.
chmod 640 /var/ossec/etc/authd.pass
chown root:wazuh /var/ossec/etc/authd.pass
4. Restart the Wazuh service for the changes to take effect. systemctl restart wazuh-manager
At agent side:
The following steps serve as a guide on how to enroll a Linux/Unix endpoint with password authentication:
1. Create the file /var/ossec/etc/authd.pass with the enrollment password in it.
echo "<CUSTOM_PASSWORD>" > /var/ossec/etc/authd.pass
You have to replace <CUSTOM_PASSWORD> with the agents enrollment password created on the manager.
2. File permissions for the authd.pass file should be set to 640 and the owner should be root. The permissions and ownership can be configured by running the commands below:
chmod 640 /var/ossec/etc/authd.pass
chown root:wazuh /var/ossec/etc/authd.pass
3. Restart the agent to make the changes effective: systemctl restart wazuh-agent
Select the “agents” tab to check for its connection status in the Wazuh dashboard .
Hope this helps
Hope you are doing well.
There is no need to remove and reinstall the agent You just need to follow these steps:
1. Enable the password authentication option by adding the configuration highlighted below to the <auth> section of the manager configuration file /var/ossec/etc/ossec.conf.
<auth>
<use_password>yes</use_password>
</auth>
2. Setting your own password. This is done by creating the file /var/ossec/etc/authd.pass on the manager with your password. Replace <CUSTOM_PASSWORD> with your chosen agent enrollment password and run the following command:
echo "<CUSTOM_PASSWORD>" > /var/ossec/etc/authd.pass
3. Change the authd.pass file permissions and ownership.
chmod 640 /var/ossec/etc/authd.pass
chown root:wazuh /var/ossec/etc/authd.pass
4. Restart the Wazuh service for the changes to take effect. systemctl restart wazuh-manager
At agent side:
The following steps serve as a guide on how to enroll a Linux/Unix endpoint with password authentication:
1. Create the file /var/ossec/etc/authd.pass with the enrollment password in it.
echo "<CUSTOM_PASSWORD>" > /var/ossec/etc/authd.pass
You have to replace <CUSTOM_PASSWORD> with the agents enrollment password created on the manager.
2. File permissions for the authd.pass file should be set to 640 and the owner should be root. The permissions and ownership can be configured by running the commands below:
chmod 640 /var/ossec/etc/authd.pass
chown root:wazuh /var/ossec/etc/authd.pass
3. Restart the agent to make the changes effective: systemctl restart wazuh-agent
Select the “agents” tab to check for its connection status in the Wazuh dashboard .
Hope this helps
Reply all
Reply to author
Forward
0 new messages