Difference between revisions of "Cyber Security: Wazuh Agent Install"

From OnnoWiki
Jump to navigation Jump to search
Line 1: Line 1:
 
Sumber: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html
 
Sumber: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html
  
==Deploying Wazuh agents on Linux endpoints==
+
==Deploy Wazuh agent pada Linux endpoint==
  
 
Agent run di host yang ingin Anda pantau dan berkomunikasi dengan server Wazuh, mengirimkan data hampir secara real-time melalui saluran terenkripsi dan diautentikasi.
 
Agent run di host yang ingin Anda pantau dan berkomunikasi dengan server Wazuh, mengirimkan data hampir secara real-time melalui saluran terenkripsi dan diautentikasi.
Line 10: Line 10:
  
  
==Add the Wazuh repository==
+
==Tambahkan Wazuh repository==
  
Add the Wazuh repository to download the official packages.
+
Tambahkan repositori Wazuh untuk mengunduh paket resmi.
  
Install the GPG key:
+
Install GPG key:
  
 
  curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
 
  curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
  
Add the repository:
+
Tambahkan repository:
  
 
  echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
 
  echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
  
Update the package information:
+
Update package:
  
 
  apt-get update
 
  apt-get update
  
Note
+
==Deploy Wazuh agent==
  
For Debian 7, 8, and Ubuntu 14 systems import the GCP key and add the Wazuh repository (steps 1 and 2) using the following commands.
+
Untuk men-deploy Wazuh agent pada endpoint, pilih package manager dan edit WAZUH_MANAGER variable agar berisi Wazuh manager IP address atau hostname.
  
  apt-get install gnupg apt-transport-https
+
  WAZUH_MANAGER="10.0.0.2" apt-get install wazuh-agent
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
 
echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
 
  
==Deploy a Wazuh agent==
+
Untuk opsi penerapan tambahan seperti nama agen, grup agen, dan password pendaftaran, lihat bagian Variabel penerapan untuk Linux https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-linux.html
  
To deploy the Wazuh agent on your endpoint, select your package manager and edit the WAZUH_MANAGER variable to contain your Wazuh manager IP address or hostname.
+
Catatan Selain itu, jika Anda ingin menginstal agen tanpa mendaftarkannya, abaikan variabel penerapan. Untuk mempelajari lebih lanjut tentang berbagai metode pendaftaran, lihat bagian pendaftaran agent Wazuh https://documentation.wazuh.com/current/user-manual/agent-enrollment/index.html
  
WAZUH_MANAGER="10.0.0.2" apt-get install wazuh-agent
+
Aktifkan dan mulai service agent Wazuh.
 
 
For additional deployment options such as agent name, agent group, and registration password, see the Deployment variables for Linux section.
 
 
 
Note Alternatively, if you want to install an agent without registering it, omit the deployment variables. To learn more about the different registration methods, see the Wazuh agent enrollment section.
 
Enable and start the Wazuh agent service.
 
  
 
  systemctl daemon-reload
 
  systemctl daemon-reload
Line 49: Line 42:
 
  systemctl start wazuh-agent
 
  systemctl start wazuh-agent
  
The deployment process is now complete, and the Wazuh agent is successfully running on your Linux system.
+
Proses deployment selesai, dan Wazuh agent berhasil jalan di Linux system.
  
 
==Recommended action - Disable Wazuh updates==
 
==Recommended action - Disable Wazuh updates==
Line 63: Line 56:
 
  echo "wazuh-agent hold" | dpkg --set-selections
 
  echo "wazuh-agent hold" | dpkg --set-selections
  
==Uninstall a Wazuh agent==
+
==Uninstall Wazuh agent==
 
 
To uninstall the agent, run the following commands:
 
  
Remove the Wazuh agent installation.
+
Untuk uninstall agent, run command berikut:
  
 
  apt-get remove wazuh-agent
 
  apt-get remove wazuh-agent

Revision as of 16:48, 14 July 2023

Sumber: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html

Deploy Wazuh agent pada Linux endpoint

Agent run di host yang ingin Anda pantau dan berkomunikasi dengan server Wazuh, mengirimkan data hampir secara real-time melalui saluran terenkripsi dan diautentikasi.

Penerapan agent Wazuh pada sistem Linux menggunakan variabel penerapan yang memfasilitasi tugas penginstalan, pendaftaran, dan konfigurasi agen. Atau, jika Anda ingin mengunduh langsung paket agen Wazuh, lihat bagian daftar packages https://documentation.wazuh.com/current/installation-guide/packages-list.html

Catatan Anda memerlukan hak pengguna root untuk menjalankan semua perintah yang dijelaskan di bawah ini.


Tambahkan Wazuh repository

Tambahkan repositori Wazuh untuk mengunduh paket resmi.

Install GPG key: 

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

Tambahkan repository: 

echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

Update package: 

apt-get update

Deploy Wazuh agent

Untuk men-deploy Wazuh agent pada endpoint, pilih package manager dan edit WAZUH_MANAGER variable agar berisi Wazuh manager IP address atau hostname. 

WAZUH_MANAGER="10.0.0.2" apt-get install wazuh-agent

Untuk opsi penerapan tambahan seperti nama agen, grup agen, dan password pendaftaran, lihat bagian Variabel penerapan untuk Linux https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-linux.html

Catatan Selain itu, jika Anda ingin menginstal agen tanpa mendaftarkannya, abaikan variabel penerapan. Untuk mempelajari lebih lanjut tentang berbagai metode pendaftaran, lihat bagian pendaftaran agent Wazuh https://documentation.wazuh.com/current/user-manual/agent-enrollment/index.html

Aktifkan dan mulai service agent Wazuh. 

systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent

Proses deployment selesai, dan Wazuh agent berhasil jalan di Linux system.

Recommended action - Disable Wazuh updates

Compatibility between the Wazuh agent and the Wazuh manager is guaranteed when the Wazuh manager version is later than or equal to that of the Wazuh agent. Therefore, we recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command: 


sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
apt-get update

Alternatively, you can set the package state to hold. This action stops updates but you can still upgrade it manually using apt-get install. 

echo "wazuh-agent hold" | dpkg --set-selections

Uninstall Wazuh agent

Untuk uninstall agent, run command berikut: 

apt-get remove wazuh-agent

Some files are marked as configuration files. Due to this designation, the package manager does not remove these files from the filesystem. If you want to completely remove all files, run the following command: 

apt-get remove --purge wazuh-agent

Disable the Wazuh agent service. 

systemctl disable wazuh-agent
systemctl daemon-reload

The Wazuh agent is now completely removed from your Linux endpoint.


Referensi


Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Cyber_Security:_Wazuh_Agent_Install&oldid=69178"