Guides

Wazuh agent installation on Debian Linux

Step-by-step tutorial on installing and configuring Wazuh Agent on the Debian Operating System

echoxecauthorechoxecauthor
Jun 29, 2025 - 17:44
Jun 29, 2025 - 17:47
 0  1
Wazuh agent installation on Debian Linux

Introduction

Wazuh Agent is lightweight software that runs on endpoint devices (Windows machines or Linux). It collects logs from that endpoint and sends them via an authenticated channel to the Wazuh manager for analysis. Wazuh agent plays a role in host-based intrusion detection by checking the file integrity (FIM), logs, running processes, system, and user behaviour activity.

 

Prerequisites

  • Internet access to download the Wazuh agent.
  • Up and running Wazuh manager
  • Allow ports 1514/TCP, 1515/TCP, and 55000/TCP from the endpoint to the Wazuh manager.

 

Step 1: Add the Wazuh repository

Before downloading the Wazuh package, we need to add a repository to pull the package to our Debian endpoint. So, login to your Debian endpoint and perform the following command execution.

Run the command below to install the GPG key, add the repository, and update.

#curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

#echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

#apt-get update

Step 2:  Install Wazuh Agent

To install the Wazuh agent to monitor your Debian endpoint, you need to have the IP address of your Wazuh manager. If you don't have Wazuh Manager yet, please click here to see all the steps to install Wazuh Manager. My manager's IP is 192.168.68.128

Run the below command to install the Wazuh agent

#WAZUH_MANAGER="192.168.68.128" apt-get install wazuh-agent

A screenshot of a computer program AI-generated content may be incorrect.

Then we need to start the services so the agent can connect to the manager and send logs.

#systemctl daemon-reload

#systemctl enable wazuh-agent

#systemctl start wazuh-agent

A screenshot of a computer program AI-generated content may be incorrect.

Wazuh recommends disabling auto or accidental updates to avoid incompatibility issues with the manager and agents' versions.

 

Run the below commands

#sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list

#apt-get update

A screenshot of a computer program AI-generated content may be incorrect.

Now, the agent is connected to the manager through the default group.

A black background with a red line AI-generated content may be incorrect.

I will edit the group from the default to Linux
A screenshot of a computer AI-generated content may be incorrect.

As you can see below, the summary of the security log from the endpoint monitored by the Wazuh agent

A screenshot of a computer AI-generated content may be incorrect.

Tags:

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0
echoxecauthor
echoxecauthor

Related Posts

Installation of Wazuh in Ubuntu 24.04.2

Installation of Wazuh in Ubuntu 24.04.2

echoxecauthor May 19, 2025  0  80

Wazuh agent installation on the Windows Operating System

Wazuh agent installation on the Windows Operating System

echoxecauthor May 30, 2025  0  69