wazuh-authd
The wazuh-authd program can automatically add a ThreatLockDown agent to a ThreatLockDown manager and provide the key to the agent. It's used along with the agent-auth application. The program creates an agent with an IP address of any instead of using a specific IP address.
Warning
By default, there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.
wazuh-authd is able to generate X.509 certificates used for manager verification. OpenSSL is not required.
The certificate parameters are specified in the CLI:
# wazuh-authd -C 265 -B 2048 -K /var/ossec/etc/sslmanager.key -X /var/ossec/etc/sslmanager.cert -S "/C=US/ST=California/CN=wazuh/"
If any of the parameters related to the certificate generation is missing, an error is triggered and the certificates are not generated.
-V |
Version and license message. |
|
-h |
This help message. |
|
-d |
Debug mode. Use this parameter multiple times to increase the debug level. |
|
-t |
Test configuration. |
|
-f |
Run in foreground. |
|
-g <group> |
Group to run as. |
|
Default |
wazuh |
|
-D <dir> |
Directory to chroot into. |
|
Default |
/var/ossec |
|
-p <port> |
Manager port. |
|
Default |
1515 |
|
-P |
Enable shared password authentication, at |
|
-c <ciphers> |
SSL cipher list. The format of this parameter is described in SSL ciphers. |
|
Default |
HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH |
|
-v <path> |
Path to CA certificate used to verify clients. |
|
-s |
Used with -v, enable source host verification. |
|
-x <path> |
Path to server certificate. |
|
Default |
etc/sslmanager.cert. |
|
-k <path> |
Path to server key. |
|
Default |
etc/sslmanager.key. |
|
-a |
Auto negotiate the most secure common SSL/TLS method with the client. |
|
Default |
TLS v1.2 only (if supported by the server). |
|
-L |
Force insertion even though agent limit has been reached. |
|
-C |
Specify the number of days the certificate is valid for. |
|
-B |
Set the X.509 certificate key size in bits. |
|
-K |
Path to store the X.509 certificate key. |
|
-X |
Path to store the X.509 certificate. |
|
-S |
Subject of the X.509 certificate. The arg must be formatted as /type0=value0/type1=value1/type2=.. |
|
Note
Paths can be referred to as relative paths under the ThreatLockDown installation directory or full paths.