Using Ansible to install Wazuh agent

This is a topology to use Ansible to automatically install Wazuh agent.

This image has an empty alt attribute; its file name is image-460.png

On Debian server, edit sshd_configle file to allow root login and restart Opensshd daemon.

vi /etc/ssh/sshd_config Add the line “PermitRootLogin yes”

On LinutMint Ansible Controller.

Configure to access SSH daemon on Debian server via public key authentication.

Next, we need to set up Public key authentication on LinuxMint.

ssh-keygen -b 4096

Copy the key to the Debian server that you want to access.

Modify hosts on Ansible.

Create Wazuh file under /etc/ansible/group_vars.

ansible_ssh user:root

cd /etc/ansible/roles/
sudo git clone --branch v4.2.5 https://github.com/wazuh/wazuh-ansible.git
ls

Create Wazuh.yml file under /etc/ansible

---
- hosts: Wazuh
  roles:
    - /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-agent 
  vars:

    wazuh_managers:
      - address: 192.168.5.34
        port: 1514
        protocol: udp
        api_port: 55000
        api_proto: 'http'
        api_user: ansible
    wazuh_agent_authd:
      registration_address: 192.168.5.31
      enable: true
      port: 1515
      ssl_agent_ca: null
      ssl_auto_negotiate: 'no'

Run ansible to test on Debian host.

 ansible -m ping Wazuh -i /etc/ansible/hosts

Run ansible-playbook to install wazuh agent on Linux Debian server.

ansible-playbook -i /etc/ansible/hosts Wazuh.yml -u root

Tung Le

Cloud. Virtualization. PowerShell. Automation. Network. Security

Using Ansible to install Wazuh agent

February 17, 2022