Linux
1. Log into the agent machine
2. Stop the ossec agent
systemctl stop ossec-hids
3. As root run the following command (substitute your OS equivalent)
yum update ossec-hids
4. Start the ossec agent and it will reconnect to the OSSEC HUB
systemctl start ossec-hids
Windows
1. Log into the agent machine
2. Stop the ossec service using the Windows services
3. Run Windows PowerShell as Admin
4. Download the most recent agent installer from your HUB (Make sure to download to a folder in which you have permissions)
Invoke-WebRequest http://HUB_ADDRESS/installers/agent_deployV2.ps1 -Outfile .\agent_deployV2.ps1
5. Run the following command to install the newest agent
powershell -executionpolicy bypass -file .\agent_deployV2.ps1 -ossec_exe http://HUB_ADDRESS/channels/awp-hub-repo/windows/ossec-agent-latest.exe -server_ip HUB_ADDRESS
When installing the Windows agent, the following command line parameters are available
-agent_name <name> - (optional) name to use for the agent. Default: windows hostname -port <port> - (optional) Agent registration port. Default: 1515/TCP -password <password> - (optional) password for authenticated agent registration -secure_port <secure_port> - (optional) port for agent traffic. Default: 1514/UDP -prompt_agent_name [0|1] - (optional) interactive mode to prompt for the agent name. Cannot be used in a GPO -use_fqdns [0|1] - (optional) Use the Fully Qualified DNS Name (FQDN) for the agent name -update_agent - (optional) Update agent to specified version. Default: ossec-agent-latest -reinstall [0|1] - (optional) reinstall the agent. Note this will replace the existing key and config -rekey [0|1] - (optional) forces an existing installation to request a new key -default_name - (optional) use <external IP>-<hostname> naming key for the agent. -help - display help