What does enabling remote commands involve?

29 views
Skip to first unread message

Facu Basgall

unread,
May 11, 2026, 2:21:47 PM (6 days ago) May 11
to Wazuh | Mailing List

Hello!

I’d like to know what the security implications are of enabling remote commands via `wazuh_command.remote_commands=1`.

Or what would you recommend? Should I enable this feature or not?


I’m currently setting up an agent monitoring integration and need to send commands to them; I know I can do this either this way or directly from the agent.

But I’d like to know what enabling this command entails.


Fabian Ruiz

unread,
May 11, 2026, 2:39:10 PM (6 days ago) May 11
to Wazuh | Mailing List
Hi Facu,

Enabling wazuh_command.remote_commands=1 should only be considered in environments where centralized command execution is strictly necessary, such as controlled remediation tasks, automated operational procedures, or integrations that require managed execution from the Wazuh manager. Due to the security implications of allowing remote command execution on monitored endpoints, this feature should not be enabled globally or by default.

If enabled, it is recommended to restrict its usage to specific agent groups, apply strict RBAC and API access controls, audit all command executions, and limit the allowed commands to predefined and validated operations only, you can read this documentation about the remote commands: https://documentation.wazuh.com/current/user-manual/capabilities/command-monitoring/configuration.html?utm_source=chatgpt.com#the-centralized-configuration-file 


Facu Basgall

unread,
May 11, 2026, 4:01:51 PM (6 days ago) May 11
to Wazuh | Mailing List

I understand that, but what are the security reasons for recommending that it not be enabled? 

Fabio Martins

unread,
May 11, 2026, 5:17:39 PM (6 days ago) May 11
to Facu Basgall, wa...@googlegroups.com
On Mon, 11 May 2026 at 17:02 Facu Basgall <facub...@gmail.com> wrote:

I understand that, but what are the security reasons for recommending that it not be enabled? 

If a security vulnerability is found in wazuh manager or that endpoint is compromised by a third party, all your managed/monitored endpoints can be compromised as well.

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/fb372e6b-39d4-497f-a29e-37d9cdd77d1bn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages