Difference between revisions of "Cyber Security: Ubuntu 26.04: Wazuh Agent Install"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Prompt: install wazuh agent untuk IP wazuh manager 192.168.0.5 nama device server-korban-192.168.0.100 CLI: sudo apt-get update sudo apt-get install -y gnupg apt-transpo...") |
Onnowpurbo (talk | contribs) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Prompt: | Prompt: | ||
| − | install wazuh agent untuk IP wazuh manager 192.168.0. | + | install wazuh agent untuk IP wazuh manager 192.168.0.105 nama device server-korban-192.168.0.100 |
CLI: | CLI: | ||
| Line 7: | Line 7: | ||
sudo apt-get update | sudo apt-get update | ||
sudo apt-get install -y gnupg apt-transport-https curl | sudo apt-get install -y gnupg apt-transport-https curl | ||
| − | + | ||
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | \ | curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | \ | ||
sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import | sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import | ||
sudo chmod 644 /usr/share/keyrings/wazuh.gpg | sudo chmod 644 /usr/share/keyrings/wazuh.gpg | ||
| − | + | ||
| − | |||
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | \ | echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | \ | ||
sudo tee /etc/apt/sources.list.d/wazuh.list | sudo tee /etc/apt/sources.list.d/wazuh.list | ||
| Line 21: | Line 20: | ||
Install: | Install: | ||
| − | sudo WAZUH_MANAGER="192.168.0. | + | sudo WAZUH_MANAGER="192.168.0.105" \ |
| − | WAZUH_AGENT_NAME="server- | + | WAZUH_AGENT_NAME="server-wazuh" \ |
apt-get install -y wazuh-agent | apt-get install -y wazuh-agent | ||
| Line 36: | Line 35: | ||
Cek Config | Cek Config | ||
| − | sudo grep -A5 -B2 "192.168.0. | + | sudo grep -A5 -B2 "192.168.0.105" /var/ossec/etc/ossec.conf |
nc -zv 192.168.0.5 1514 1515 | nc -zv 192.168.0.5 1514 1515 | ||
| Line 46: | Line 45: | ||
Wazuh Dashboard → Agents management → Summary | Wazuh Dashboard → Agents management → Summary | ||
| + | |||
| + | |||
| + | Untuk Wazuh Docker | ||
| + | |||
| + | sudo docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}" | grep wazuh | ||
| + | |||
| + | Misalnya: | ||
| + | |||
| + | single-node-wazuh.dashboard-1 wazuh/wazuh-dashboard:4.14.5 Up 23 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp | ||
| + | single-node-wazuh.manager-1 wazuh/wazuh-manager:4.14.5 Up 23 minutes 0.0.0.0:1514-1515->1514-1515/tcp, [::]:1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, [::]:514->514/udp, 0.0.0.0:55000->55000/tcp, [::]:55000->55000/tcp, 1516/tcp | ||
| + | single-node-wazuh.indexer-1 wazuh/wazuh-indexer:4.14.5 Up 23 minutes 0.0.0.0:9200->9200/tcp, [::]:9200->9200/tcp | ||
| + | |||
| + | |||
| + | Cek Agent | ||
| + | |||
| + | sudo docker exec -it single-node-wazuh.manager-1 /var/ossec/bin/agent_control -l | ||
Latest revision as of 15:07, 23 June 2026
Prompt:
install wazuh agent untuk IP wazuh manager 192.168.0.105 nama device server-korban-192.168.0.100
CLI:
sudo apt-get update sudo apt-get install -y gnupg apt-transport-https curl curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | \ sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import sudo chmod 644 /usr/share/keyrings/wazuh.gpg echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | \ sudo tee /etc/apt/sources.list.d/wazuh.list sudo apt-get update
Install:
sudo WAZUH_MANAGER="192.168.0.105" \ WAZUH_AGENT_NAME="server-wazuh" \ apt-get install -y wazuh-agent
Load & Cek:
sudo systemctl daemon-reload sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent sudo systemctl status wazuh-agent
Cek Config
sudo grep -A5 -B2 "192.168.0.105" /var/ossec/etc/ossec.conf nc -zv 192.168.0.5 1514 1515
Di Wazuh Server
sudo /var/ossec/bin/agent_control -l
Atau lewat dashboard:
Wazuh Dashboard → Agents management → Summary
Untuk Wazuh Docker
sudo docker ps --format "table Template:.Names\tTemplate:.Image\tTemplate:.Status\tTemplate:.Ports" | grep wazuh
Misalnya:
single-node-wazuh.dashboard-1 wazuh/wazuh-dashboard:4.14.5 Up 23 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.manager-1 wazuh/wazuh-manager:4.14.5 Up 23 minutes 0.0.0.0:1514-1515->1514-1515/tcp, [::]:1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, [::]:514->514/udp, 0.0.0.0:55000->55000/tcp, [::]:55000->55000/tcp, 1516/tcp single-node-wazuh.indexer-1 wazuh/wazuh-indexer:4.14.5 Up 23 minutes 0.0.0.0:9200->9200/tcp, [::]:9200->9200/tcp
Cek Agent
sudo docker exec -it single-node-wazuh.manager-1 /var/ossec/bin/agent_control -l