Wazuh Configuration Management

Managing the Wazuh Configuration File

The Wazuh manager configuration file in the LME setup is located at:

/opt/lme/config/wazuh_cluster/wazuh_manager.conf

This file is mounted into the Wazuh Manager container when running in Podman.

Open the file with your preferred text editor (you may need sudo privileges) by running:
```
sudo nano /opt/lme/config/wazuh_cluster/wazuh_manager.conf
```
Update the relevant sections. Common configuration areas include:
- <global>: Set global settings for Wazuh
- <ruleset>: Define rules and decoders
- <syscheck>: File integrity monitoring settings
- <rootcheck>: Rootkit detection settings
- <wodle>: Wazuh modules configuration
Save the changes and exit the editor.

After editing the configuration file, restart the Wazuh Manager service for the changes to take effect.

Restart the Wazuh Manager service container by running:

podman restart lme-wazuh-manager

Or with systemctl by running:

sudo systemctl restart lme-wazuh-manager.service

Verify the status of the Wazuh Manager service to ensure it started successfully by running:
```
podman logs lme-wazuh-manager
```

This command will validate your configuration and report any errors.

Always backup the configuration file before making changes by running:

sudo cp /opt/lme/config/wazuh_cluster/wazuh_manager.conf /opt/lme/config/wazuh_cluster/wazuh_manager.conf.bak

Provide comments within the configuration file to document your changes and explain customizations.
Test configuration changes in a non-production environment before applying them to your production setup.
Regularly review and update your Wazuh configuration to ensure it aligns with your current security needs and policies.

Note: Reference the official Wazuh documentation for detailed information on all available configuration options.