Unattended Installation

The unattended installation saves time deploying agents, allowing the user to predefine several installation variables instead of waiting for them to be prompted. This can be made by modifying the preloaded-vars.conf file and uncommenting the configuration lines that you want to automate during the installation process.

Global

USER_LANGUAGE

Defines the language to be used.

Allowed values

"en", "br", "cn", "de", "el", "es", "fr", "hu", "it", "jp", "nl", "pl", "ru", "sr", "tr"

USER_NO_STOP

If it is set to anything, the confirmation messages are not going to be asked for.

USER_INSTALL_TYPE

Defines the role for the ThreatLockDown instance that is being installed.

Allowed values

"local", "agent", "server"

USER_DIR

Defines the location to install Wazuh.

Allowed values

Any path

USER_DELETE_DIR

If it is set to "y", the directory to install ThreatLockDown will be removed if exists.

Allowed values

"y", "n"

USER_ENABLE_ACTIVE_RESPONSE

If it is set to "n", active response will be disabled.

Allowed values

"y", "n"

USER_ENABLE_SYSCHECK

If it is set to "n", syscheck will be disabled.

Allowed values

"y", "n"

USER_ENABLE_ROOTCHECK

If it is set to "n", rootcheck will be disabled.

Allowed values

"y", "n"

USER_ENABLE_OPENSCAP

If it is set to "n", OpenSCAP will be disabled.

Allowed values

"y", "n"

USER_ENABLE_AUTHD

If it is set to "y", Authd will be enabled.

Allowed values

"y", "n"

USER_GENERATE_AUTHD_CERT

If it is set to "y", the Authd certificate will be auto generated.

Allowed values

"y", "n"

USER_UPDATE

If it is set to anything, the update installation will be done.

USER_BINARYINSTALL

If it is set to anything, the installation is not going to compile the code, but use the binaries from ./bin/

USER_CA_STORE

Custom location for certificates to verify incoming WPK packages for remote upgrades.

Allowed values

If none "n", otherwise the path to a X509 certificate or to a folder containing certificates.

Agent

USER_AGENT_SERVER_IP

Specifies the IP address of the ThreatLockDown server.

USER_AGENT_SERVER_NAME

Specifies the hostname of the ThreatLockDown server.

USER_AGENT_CONFIG_PROFILE

Specifies the agent's config profile name. This is used to create configuration profiles for this particular profile name.

Example:

USER_LANGUAGE="en"
USER_NO_STOP="y"
USER_INSTALL_TYPE="agent"
USER_DIR="/var/ossec"
USER_ENABLE_SYSCHECK="y"
USER_ENABLE_ROOTCHECK="y"
USER_ENABLE_OPENSCAP="y"
USER_ENABLE_ACTIVE_RESPONSE="y"

Manager/local

USER_ENABLE_EMAIL

Enables or disables alerts by e-mail.

Allowed values

"y", "n"

USER_AUTO_START

Enables or disables the auto-start of Wazuh.

USER_EMAIL_ADDRESS

Defines the destination e-mail for the alerts.

Allowed values

A valid e-mail address.

USER_EMAIL_SMTP

Defines the SMTP server to send the e-mails.

Allowed values

A valid SMTP server.

USER_ENABLE_SYSLOG

Enables or disables remote syslog.

Allowed values

"y", "n"

USER_WHITE_LIST

List of IP addresses or networks that are going to be set to never be blocked.

Example:

USER_LANGUAGE="en"
USER_NO_STOP="y"
USER_INSTALL_TYPE="server"
USER_DIR="/var/ossec"
USER_ENABLE_EMAIL="n"
USER_ENABLE_SYSCHECK="y"
USER_ENABLE_ROOTCHECK="y"
USER_ENABLE_OPENSCAP="y"
USER_WHITE_LIST="n"
USER_ENABLE_SYSLOG="y"
USER_CA_STORE="n"

API

Parameters for install_api.sh:

REINSTALL

Reinstall Wazuh.

Allowed values

"y", "n"

REMOVE

Remove current installation.

Allowed values

"y", "n"

DIRECTORY

Installation directory.

Allowed values

Any path

Parameters for configure_api.sh:

PORT

The port used to connect to the ThreatLockDown API.

Allowed values

Any valid port.

HTTPS

Enable HTTPS.

Allowed values

"y", "n"

AUTHD

Enable Authd authentication.

Allowed values

"y", "n"

PROXY

Change proxy.

Allowed values

"y", "n"

Parameters for certificate generation:

COUNTRY

Certificate country.

STATE

Certificate state.

LOCALITY

Certificate locality.

ORG_NAME

Organization name.

ORG_UNIT

Organization unit name.

COMMON_NAME

Common Name.

PASSWORD

Certificate password.

Parameters for basic auth:

USER

API user.

PASS

API password.

Note

To automate deployments in Windows, you can use the parameters of its installer.