API tools faq
paste
Advertisement
Kungsinokaman

wazuh installation

Kungsinokaman
Jan 25th, 2024 (edited)
1,259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 2.96 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. Acknowledgement
  2. Please check the wazuh-manager first if it is running before installing a wazuh-agent to the users.
  3.  
  4. 1. Run CMD as Administrator
  5. type command: powershell
  6. press enter
  7. 2. Next enter the following commands one by one
  8. ---------------------------------------------------------------------------------------
  9. command 1: $whoami=[System.Security.Principal.WindowsIdentity]::GetCurrent().Name
  10. ---------------------------------------------------------------------------------------
  11. Explanation 1: The command1 is to identify the username of the account, if the powershell did not acknowledge the $whoami value then we have to manually input the username of the AD account it must follow this format example only if username is User Test: 'IS6_U_Test'
  12. note: must include quotation marks ''
  13.  
  14. ---------------------------------------------------------------------------------------
  15. command 2: Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.2-1.msi -OutFile ${env.tmp}\wazuh-agent; msiexec.exe /i ${env.tmp}\wazuh-agent /q WAZUH_MANAGER='10.1.113.214' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME=$whoami WAZUH_REGISTRATION_SERVER='10.1.113.214'
  16. ---------------------------------------------------------------------------------------
  17. If you encountered Explanation 1: then replace the $whoami at command2 following the format username
  18. sample:
  19. WAZUH_AGENT_NAME='IS6_U_Test'
  20.  
  21. ------------------------
  22. command 3: net start WazuhSvc
  23. ------------------------
  24. This is for starting the wazuh-agent service
  25.  
  26.  
  27. 3. Check the wazuh dashboard for verification
  28. https://10.1.113.214
  29. password: R5pSJynpYwRfFR6yfC5cX7uH+Ds*LU0J
  30.  
  31.  
  32. ----------------
  33. Troubleshooting
  34. ----------------
  35. If the wazuh dashboard displays an error  (eg. API error)
  36. goto IWU and open the ubuntu server
  37. username: wazuh.server
  38. password: 1wu@W4zuH!~
  39. 1.
  40. Open terminal and type command: sudo su
  41. press enter
  42. enter the wazuh.server password
  43.  
  44. 2.
  45. Once we have entered the correct password then
  46. type command: systemctl restart wazuh-manager
  47. this is to start/restart the wazuh-manager if suddenly the server has shutdown or encountered an issue
  48.  
  49. 3. Check the status of wazuh-manager
  50. systemctl status wazuh-manager
  51. If the output is active/running then proceed on installing an agent
  52.  
  53.  
  54. If the wazuh-agent has been installed and the user device is not listed on the active agents
  55. then we have to remove the current agent installed and reinstall it
  56.  
  57. 1. Easy way is to download the agent installer:
  58. https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-windows.html
  59.  
  60. after installation, open it and click remove.
  61. Repeat the installation process through the powershell again.
  62.  
  63. Optional:
  64. 2. Manual removal of agent to the wazuh-server
  65. To uninstall the agent, the original Windows installer file is required to perform the unattended process:
  66.  
  67. msiexec.exe /x wazuh-agent-4.7.2-1.msi /qn
  68. The Wazuh agent is now completely removed from your Windows endpoint.
  69.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!