Deployment variables for macOS
For an agent to be fully deployed and connected to the ThreatLockDown server, it needs to be installed, registered, and configured. The installers can use variables that allow configuration provisioning to make the process simple.
Below you can find a table describing the variables used by ThreatLockDown installers, and a few examples of how to use them.
Option |
Description |
---|---|
WAZUH_MANAGER |
Specifies the manager IP address or hostname. If you want to specify multiple managers, you can add them separated by commas. See address. |
WAZUH_MANAGER_PORT |
Specifies the manager connection port. See port. |
WAZUH_PROTOCOL |
Sets the communication protocol between the manager and the agent. Accepts UDP and TCP. The default is TCP. See protocol. |
WAZUH_REGISTRATION_SERVER |
Specifies the ThreatLockDown registration server used for the agent registration. See manager_address. If empty, the value set in |
WAZUH_REGISTRATION_PORT |
Specifies the port used by the ThreatLockDown registration server. See port. |
WAZUH_REGISTRATION_PASSWORD |
Sets password used to authenticate during register, stored in |
WAZUH_KEEP_ALIVE_INTERVAL |
Sets the time between agent checks for manager connection. See notify_time. |
WAZUH_TIME_RECONNECT |
Sets the time interval for the agent to reconnect with the ThreatLockDown manager when connectivity is lost. See time-reconnect. |
WAZUH_REGISTRATION_CA |
Host SSL validation need of Certificate of Authority. This option specifies the CA path. See server_ca_path. |
WAZUH_REGISTRATION_CERTIFICATE |
The SSL agent verification needs a CA signed certificate and the respective key. This option specifies the certificate path. See agent_certificate_path. |
WAZUH_REGISTRATION_KEY |
Specifies the key path completing the required variables with WAZUH_REGISTRATION_CERTIFICATE for the SSL agent verification process. See agent_key_path. |
WAZUH_AGENT_NAME |
Designates the agent's name. By default it will be the computer name. See agent_name. |
WAZUH_AGENT_GROUP |
Assigns the agent to one or more existing groups (separated by commas). See agent_groups. |
ENROLLMENT_DELAY |
Assigns the time that agentd should wait after a successful registration. See delay_after_enrollment. |
Examples:
Registration with password:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_PASSWORD='TopSecret' && \ WAZUH_AGENT_NAME='macos-agent'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.intel64.pkg -target /
Registration with password and assigning a group:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_REGISTRATION_PASSWORD='TopSecret' && \ WAZUH_AGENT_GROUP='my-group'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.intel64.pkg -target /
Registration with relative path to CA. It will be searched at your ThreatLockDown installation folder:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_AGENT_NAME='macos-agent' && \ WAZUH_REGISTRATION_CA='rootCA.pem'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.intel64.pkg -target /
Registration with protocol:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_AGENT_NAME='macos-agent' && \ WAZUH_PROTOCOL='udp'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.intel64.pkg -target /
Registration and adding multiple address:
# echo "WAZUH_MANAGER='10.0.0.2,10.0.0.3' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && \ WAZUH_AGENT_NAME='macos-agent'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.intel64.pkg -target /
Absolute paths to CA, certificate or key that contain spaces can be written as shown below:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_REGISTRATION_KEY='/var/ossec/etc/sslagent.key' && \ WAZUH_REGISTRATION_CERTIFICATE='/var/ossec/etc/sslagent.cert'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.intel64.pkg -target /
Registration with password:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_PASSWORD='TopSecret' && \ WAZUH_AGENT_NAME='macos-agent'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.arm64.pkg -target /
Registration with password and assigning a group:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_REGISTRATION_PASSWORD='TopSecret' && \ WAZUH_AGENT_GROUP='my-group'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.arm64.pkg -target /
Registration with relative path to CA. It will be searched at your ThreatLockDown installation folder:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_AGENT_NAME='macos-agent' && \ WAZUH_REGISTRATION_CA='rootCA.pem'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.arm64.pkg -target /
Registration with protocol:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_AGENT_NAME='macos-agent' && \ WAZUH_PROTOCOL='udp'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.arm64.pkg -target /
Registration and adding multiple address:
# echo "WAZUH_MANAGER='10.0.0.2,10.0.0.3' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && \ WAZUH_AGENT_NAME='macos-agent'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.arm64.pkg -target /
Absolute paths to CA, certificate or key that contain spaces can be written as shown below:
# echo "WAZUH_MANAGER='10.0.0.2' && WAZUH_REGISTRATION_SERVER='10.0.0.2' && WAZUH_REGISTRATION_KEY='/var/ossec/etc/sslagent.key' && \ WAZUH_REGISTRATION_CERTIFICATE='/var/ossec/etc/sslagent.cert'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.9.0-1.arm64.pkg -target /
Note
It’s necessary to use both KEY and PEM options to verify agents' identities with the registration server. See the Registration Service with host verification - Agent verification with host validation section.