Re: Wazuh Agent Connection and Enrollment through Port 443
340 views
Skip to first unread message
Message has been deleted
Andres Micalizzi
May 24, 2022, 4:32:21 PM5/24/22
to Wazuh mailing list
Hi Jose,
Thanks for using WAzuh.
In order to configure enrollment for your wazuh agents through por 443, you need to change the auth section on your manager to enable that port.
The default configuration will look like this:
<auth>
<disabled>no</disabled>
<port>1515</port> ------------------> Change to 443
<use_source_ip>no</use_source_ip>
<purge>yes</purge>
<use_password>no</use_password>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
</auth>
What you would need to apply the changes on the tags specified above on your manager's ossec.conf.
Then you need to configure your agent's ossec.conf in order for them to connect and enroll with the manager. You have three options, enroll via configuration, enroll through API, or using the agent-auth tool.
Thanks for using WAzuh.
In order to configure enrollment for your wazuh agents through por 443, you need to change the auth section on your manager to enable that port.
The default configuration will look like this:
<auth>
<disabled>no</disabled>
<port>1515</port> ------------------> Change to 443
<use_source_ip>no</use_source_ip>
<purge>yes</purge>
<use_password>no</use_password>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
</auth>
What you would need to apply the changes on the tags specified above on your manager's ossec.conf.
Then you need to configure your agent's ossec.conf in order for them to connect and enroll with the manager. You have three options, enroll via configuration, enroll through API, or using the agent-auth tool.
To enroll through configuration:
- Modify the <address>MANAGER_IP</address> in the client section to the WM IP you want the agent to connect to.
- (Optional) Add the enrollment tag inside the client section, with the agent's name and or groups. Adding the name is recommended to avoid duplicated default names.<enrollment> <agent_name>EXAMPLE_NAME</agent_name> <groups>GROUP1,GROUP2,GROUP3</groups> ... </enrollment>
- Start the agent.
To enroll through agent-auth tool (Linux/macos/solaris):
- Modify the <address>MANAGER_IP</address> in the client section to the WM IP you want the agent to connect to.
- run the /var/ossec/bin/agent-auth command with the following options -m MANAGER_IP -A AGENT_NAME
- Replace the MANAGER_IP for the IP of the manager node you added in the ossec.conf
- Replace the AGENT_NAME for the name you want the agent to have on your cluster. (Avoid duplicate names)
- Start agent
- Modify the <address>MANAGER_IP</address> in the client section to the WM IP you want the agent to connect to.
- Request the agent's key with the corresponding call for your agent's environment. More info, here
- Import the ID and key obtained using the manage_agents tool. More info, here
- Start the agent.
This are the options for enrollment for your agents. In order to make them enroll through port 443, basically what you need is to open that port on your manager's ossec.conf.
I hope this answers your question. In case of any further doubts, do not hesitate to ask.
Cheers!
On Tuesday, May 24, 2022 at 2:21:43 PM UTC-3 nithin...@gmail.com wrote:
Hello All,Please need your support to know about the scenario that needs to use port 443 for agent communication and enrollment for remotely working systems.2 IPs can secure for WM to achieve the mentioned scenario, help needs on how to implement the remaining part and also for the configuration side.Best Regards,Nithin Jose
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages