The ossec-authd
program can automatically add a Wazuh agent to a Wazuh manager and provide the key to the agent. It's used along with the agent-auth
application. The program creates an agent with an IP address of any
instead of using a specific IP address.
Warning
By default, there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.
+------------------+-------------------------------------------------------------------------------------------------------+ | -V | Version and license message. | +------------------+-------------------------------------------------------------------------------------------------------+ | -h | This help message. | +------------------+-------------------------------------------------------------------------------------------------------+ | -d | Debug mode. Use this parameter multiple times to increase the debug level. | +------------------+-------------------------------------------------------------------------------------------------------+ | -t | Test configuration. | +------------------+-------------------------------------------------------------------------------------------------------+ | -f | Run in foreground. | +------------------+-------------------------------------------------------------------------------------------------------+ | -g <group> | Group to run as. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | ossec | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -D <dir> | Directory to chroot into. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | /var/ossec | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -p <port> | Manager port. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | 1515 | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -P | Enable shared password authentication, at /var/ossec/etc/authd.pass or random. | +------------------+-------------------------------------------------------------------------------------------------------+ | -c <ciphers> | SSL cipher list. The format of this parameter is described in SSL ciphers. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -v <path> | Full path to CA certificate used to verify clients. | +------------------+-------------------------------------------------------------------------------------------------------+ | -s | Used with -v, enable source host verification. | +------------------+-------------------------------------------------------------------------------------------------------+ | -x <path> | Full path to server certificate. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | /var/ossec/etc/sslmanager.cert. | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -k <path> | Full path to server key. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | /var/ossec/etc/sslmanager.key. | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -a | Auto negotiate the most secure common SSL/TLS method with the client. | + +-------------+-----------------------------------------------------------------------------------------+ | | Default | TLS v1.2 only (if supported by the server). | +------------------+-------------+-----------------------------------------------------------------------------------------+ | -L | Force insertion even though agent limit has been reached. | +------------------+-------------------------------------------------------------------------------------------------------+