Cyber Security: Wazuh Agent Install

From OnnoWiki
Revision as of 16:48, 14 July 2023 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Sumber: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html

Deploy Wazuh agent pada Linux endpoint

Agent run di host yang ingin Anda pantau dan berkomunikasi dengan server Wazuh, mengirimkan data hampir secara real-time melalui saluran terenkripsi dan diautentikasi.

Penerapan agent Wazuh pada sistem Linux menggunakan variabel penerapan yang memfasilitasi tugas penginstalan, pendaftaran, dan konfigurasi agen. Atau, jika Anda ingin mengunduh langsung paket agen Wazuh, lihat bagian daftar packages https://documentation.wazuh.com/current/installation-guide/packages-list.html

Catatan Anda memerlukan hak pengguna root untuk menjalankan semua perintah yang dijelaskan di bawah ini.


Tambahkan Wazuh repository

Tambahkan repositori Wazuh untuk mengunduh paket resmi.

Install GPG key: 

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

Tambahkan repository: 

echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

Update package: 

apt-get update

Deploy Wazuh agent

Untuk men-deploy Wazuh agent pada endpoint, pilih package manager dan edit WAZUH_MANAGER variable agar berisi Wazuh manager IP address atau hostname. 

WAZUH_MANAGER="10.0.0.2" apt-get install wazuh-agent

Untuk opsi penerapan tambahan seperti nama agen, grup agen, dan password pendaftaran, lihat bagian Variabel penerapan untuk Linux https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-linux.html

Catatan Selain itu, jika Anda ingin menginstal agen tanpa mendaftarkannya, abaikan variabel penerapan. Untuk mempelajari lebih lanjut tentang berbagai metode pendaftaran, lihat bagian pendaftaran agent Wazuh https://documentation.wazuh.com/current/user-manual/agent-enrollment/index.html

Aktifkan dan mulai service agent Wazuh. 

systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent

Proses deployment selesai, dan Wazuh agent berhasil jalan di Linux system.

Recommended action - Disable Wazuh updates

Compatibility between the Wazuh agent and the Wazuh manager is guaranteed when the Wazuh manager version is later than or equal to that of the Wazuh agent. Therefore, we recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command: 


sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
apt-get update

Alternatively, you can set the package state to hold. This action stops updates but you can still upgrade it manually using apt-get install. 

echo "wazuh-agent hold" | dpkg --set-selections

Uninstall Wazuh agent

Untuk uninstall agent, run command berikut: 

apt-get remove wazuh-agent

Some files are marked as configuration files. Due to this designation, the package manager does not remove these files from the filesystem. If you want to completely remove all files, run the following command: 

apt-get remove --purge wazuh-agent

Disable the Wazuh agent service. 

systemctl disable wazuh-agent
systemctl daemon-reload

The Wazuh agent is now completely removed from your Linux endpoint.


Referensi


Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Cyber_Security:_Wazuh_Agent_Install&oldid=69178"