How to push wazuh_command.remote_commands=1 to agents from master node

[Grzegorz G.]

Hi Everyone,
I'm trying find on this place answer how can I push configuration to agents from master node which run below functions for agents ex.:
logcollector.remote_commands=1
wazuh_command.remote_commands=1

That it is posible to do from server or only manually adding commands to file local_internal_options.conf ?

Thank you in advance for any advice.

[Md. Nazmur Sakib]

Hi Grzegorz,

These internal options  have to be set on each agent's local_internal_options.conf to enable remote commands:

• wazuh_command.remote_commands=1

• logcollector.remote_commands=1
  
  

It can only be enabled from the endpoints because of security concerns. By enabling remote command execution, the Wazuh server gains the ability to execute commands on the monitored endpoint. Remote commands are disabled by default as a security measure, which helps reduce the attack surface in case the Wazuh server is compromised.

As a side note, there is no need to modify the internal_options.conf file. Every setting on local_internal_options.conf will override the one on internal_options.conf. Also internal_options.conf will be overwritten during upgrades. In order to maintain custom changes, you must use the /var/ossec/etc/local_internal_options.conf file.

Ref: https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html
https://documentation.wazuh.com/current/user-manual/reference/internal-options.html

I hope you find this information useful.