Starting the process
242 views
Skip to first unread message
Jack Luther
Jun 21, 2023, 7:28:18 AM6/21/23
to Wazuh mailing list
Hello,
[root@wazuh-server wazuh-user]# sudo netstat -tulnep | grep 1515
tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN 0 17822 1381/wazuh-authd
[root@wazuh-server wazuh-user]# sudo kill 1381
tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN 0 17822 1381/wazuh-authd
[root@wazuh-server wazuh-user]# sudo kill 1381
I need to disable the TCP 1515 port for a purticular time for that killed the process wazuh-authd and now I need to reenable the port for that I run this command below:
[root@wazuh-server wazuh-user]# sudo systemctl start wazuh-authd
Failed to start wazuh-authd.service: Unit not found.
Failed to start wazuh-authd.service: Unit not found.
But it is not working how to solve this?
Thanks & regards,
Jack
Matias Braida
Jun 21, 2023, 8:11:21 AM6/21/23
to Jack Luther, Wazuh mailing list
Hello Jack,
First of all, thanks for using Wazuh.
"wazuh-authd" is one of the processes of the wazuh-manager service.
If you need to stop for maintenance reasons or whatever other reason, it is recommended to stop the whole wazuh-manager service.
At this point, you can restart the wazuh-manager service by running the command:
sudo systemctl restart wazuh-manager
Let me know if this helps.
Regards
First of all, thanks for using Wazuh.
"wazuh-authd" is one of the processes of the wazuh-manager service.
If you need to stop for maintenance reasons or whatever other reason, it is recommended to stop the whole wazuh-manager service.
At this point, you can restart the wazuh-manager service by running the command:
sudo systemctl restart wazuh-manager
Let me know if this helps.
Regards
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/bb17ddaf-e705-42bb-a27c-22b553180c15n%40googlegroups.com.
--
 |
Matias S. Braida Software Engineer |
Jack Luther
Jun 21, 2023, 11:12:24 AM6/21/23
to Wazuh mailing list
Thanks for your reply, So I need to close the TCP port 1515 to avoid connecting more agents to the server for that is there is any problem when closing the port 1515 permanently. How to do that in OVA
wazuh -manager.
Matias Braida
Jun 21, 2023, 12:30:04 PM6/21/23
to Jack Luther, Wazuh mailing list
Hi,
The manager is not intended to close the authd port because of the number of agents registered it has. The different wazuh-manager processes must not be killed manually.
Maybe you can use manual enrollment instead of automatic to solve your issue.
Let me explain this a little more. The agents' enrollment can be automatic or manual.
Please take a look at the link: https://documentation.wazuh.com/current/user-manual/agent-enrollment/index.html#wazuh-agent-enrollment
* If agent enrollment is automatic (via authd port), then all agents that need to enroll into the manager use the authd port (default 1515) for this operation.
* If agent enrollment is manual (via manager API), then authd port (default 1515) is not used. Only agents enrolled manually can communicate with the manager.
This process requires more configuration work on agents, but this way you don't need to use the authd port and you will not have more agents registered than those you have done manually.
Please take a look at the link:
Enrollment via API: https://documentation.wazuh.com/current/user-manual/agent-enrollment/via-manager-API/index.html
To disable automatic enrollment on the wazuh-manager you need to change the configuration setting <auth> -> <remote_enrollment> to "no".
Please take a look at the link: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/auth.html#remote-enrollment
Hope this helps.
Regards
The manager is not intended to close the authd port because of the number of agents registered it has. The different wazuh-manager processes must not be killed manually.
Maybe you can use manual enrollment instead of automatic to solve your issue.
Let me explain this a little more. The agents' enrollment can be automatic or manual.
Please take a look at the link: https://documentation.wazuh.com/current/user-manual/agent-enrollment/index.html#wazuh-agent-enrollment
* If agent enrollment is automatic (via authd port), then all agents that need to enroll into the manager use the authd port (default 1515) for this operation.
* If agent enrollment is manual (via manager API), then authd port (default 1515) is not used. Only agents enrolled manually can communicate with the manager.
This process requires more configuration work on agents, but this way you don't need to use the authd port and you will not have more agents registered than those you have done manually.
Please take a look at the link:
Enrollment via API: https://documentation.wazuh.com/current/user-manual/agent-enrollment/via-manager-API/index.html
To disable automatic enrollment on the wazuh-manager you need to change the configuration setting <auth> -> <remote_enrollment> to "no".
Please take a look at the link: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/auth.html#remote-enrollment
Hope this helps.
Regards
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/153e03c1-ff21-4a75-bf1b-6bb943ca3109n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages