I am not a sysadministrator (I am a software developer) but this time I have to install some agents on some CentOS machines that have to be monitored by Wazuh (a SIEM software) and I have the following doubt. After a successful installation of the agent via YUM I have to enable the service related to this Wazuh agent.
Then I have to enable the wazuh-agent service performing the following command:
[adminuser@my-machine ~]$ systemctl enable wazuh-agent
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ===
Authentication is required to manage system service or unit files.
Multiple identities can be used for authentication:
1. Cloud User (centos)
2. adminuser
3. user2
The problem is that performing the command it is asking to me with what user I wanto to enable the service (requiring user authentication).
On this machine I have defined 3 users:
- centos: it is an user with administrative privileges that was used to perform the first access to this machine via SSH and from here it was used to create the other 2 users.
- adminuser: it is my admin user (and have SSH access). It have administrative privileges.
- user2 it is a second admin user that have not SSH access. It have administrative privileges but it is used by another person working on this machine that is not involved in this Wazuh agent activity.
So what is the best choice? I was thinking to use my personal admin user (adminuser) but I am not sure that it is the best choice.
Another doubt is: with this command I am enabling this wazuh-agent service. What happens if the machine is rebooted? After the reboot this service will automatically startup or it is needed a manual start?
