The Wazuh manager configuration file in the LME setup is located at:
/opt/lme/config/wazuh_cluster/wazuh_manager.conf
This file is mounted into the Wazuh manager container running in Podman. Here's how to manage this configuration:
-
Open the file with your preferred text editor (you may need sudo privileges):
sudo nano /opt/lme/config/wazuh_cluster/wazuh_manager.conf -
Make the necessary changes to the configuration file. Some important sections you might want to modify include:
<global>: Global settings for Wazuh<ruleset>: Define rules and decoders<syscheck>: File integrity monitoring settings<rootcheck>: Rootkit detection settings<wodle>: Wazuh modules configuration
-
Save the changes and exit the editor.
After modifying the configuration file, you need to restart the Wazuh manager service for the changes to take effect:
-
Restart the Wazuh manager container:
podman restart lme-wazuh-manageror with systemctl
sudo systemctl restart lme-wazuh-manager.service -
Check the status of the Wazuh manager to ensure it started successfully:
podman logs lme-wazuh-manager
This command will validate your configuration and report any errors.
-
Always backup the configuration file before making changes:
sudo cp /opt/lme/config/wazuh_cluster/wazuh_manager.conf /opt/lme/config/wazuh_cluster/wazuh_manager.conf.bak -
Use comments in the configuration file to document your changes.
-
Test configuration changes in a non-production environment before applying them to your production setup.
-
Regularly review and update your Wazuh configuration to ensure it aligns with your current security needs and policies.
Remember to consult the official Wazuh documentation for detailed information on all available configuration options.