DEV Community: Babs

Learn Bash Scripting With Me 🚀 - Day 8

Babs — Wed, 01 Oct 2025 12:42:47 +0000

Day 8 - Positional Parameters

In case you’d like to revisit or catch up on what we covered on Day Seven, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-7-40nc

Positional parameters in Bash scripting are special variables that hold the arguments passed to a script, a function, or a command. They are numerically named: $1, $2, $3, and so on, up to $9. For arguments beyond the ninth, you must use braces, like ${10}, ${11}, etc.

NB- The first argument $0 is owned by the script itself which is when you run the script e.g ./script.sh

You might be confused but it will make more sense as we move on.

SCRIPT

For this lab we want to create a script that will automatically create a user for us.

The script:

#!/bin/bash

echo "Execution of script: $0"
echo "Please enter the name of the new user: $1"

# Adding user command
adduser --home /$1 $1

🔍 Line-by-Line Breakdown

A. Shebang:

#!/bin/bash

Tells the system to execute this script with the Bash shell.

B. Script Name Output

echo "Execution of script: $0"

$0 is a positional parameter that contains the script’s filename, If you run ./user.sh bob, $0 will be ./user.sh.

C. User Input (via Positional Parameter)

echo "Please enter the name of the new user: $1"

$1 is the first argument passed to the script, e.g "./user.sh bob" $1 will be bob.

D. Adding the User

adduser --home /$1 $1

Runs the adduser command to create a new user.

--home /$1 → sets the home directory to /$1.

Example: if $1 = bob, home directory becomes /bob.

$1 → the username.

HOW TO RUN THE SCRIPT

My script is created and saved as user.sh So if I want to create the user babs, I would run the script with root privilege with the command:

./user.sh babs

Output of the script

The user babs has been successfully created.

🚀 Key Takeaways

$0 → script name

$1 → first argument (the new username)

If you would like to learn more about Bash scripting you can checkout the bash scripting room on TRYHACKME. Link attached below ⬇️

https://tryhackme.com/room/bashscripting

Learn Bash Scripting With Me 🚀 - Day 7

Babs — Thu, 25 Sep 2025 22:20:20 +0000

Day 7 - Functions

In case you’d like to revisit or catch up on what we covered on Day Six, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-6-1i1n

A function in Bash is a named block of code that you can define once and then call (reuse) multiple times in your script or shell session.

It’s like a mini-script inside your script.

How To Declare A Function

NB- a function must be declared before it is called upon to execute. (note this cause I am about to confuse you later)

There are two ways to declare a function:

Style 1: with function, no parentheses needed (but you can add it if you want)

function function_name {
echo "Hello from function"
}

🔎 Breakdown

function - This keyword tells Bash: "Hey, I’m about to define a function."
function_name - This is the name of the function. You can call it later just by typing: function_name
{ ... } The curly braces wrap the block of commands that belong to the function. Everything inside will run when you call function_name.

Important detail:

The opening brace { must be on the same line as the function name (or else Bash might get confused).

You need a space before {.

The closing brace } should be on its own line (or at least separated properly).

echo "Hello from function" - This is the body of the function — the actual command(s) that will run when you call it.
Style 2: without function, parentheses are required

my_bash() {
echo "Hello from function"
}

NB- parenthesis () is a must

🔎 Breakdown

my_bash() This is the function name followed by empty parentheses. The () tells Bash: "This is a function definition, not a normal command or variable." Unlike the function keyword style, here the parentheses are required.
{ ... } Curly braces wrap the body of the function. Everything inside will run when the function is called.

Formatting rules:

There must be a space between () and {.
Each command inside should be on its own line (or separated by ;).
The closing } should be on its own line.
echo "Hello from function" This is the command inside the function body.

Sample Using Style 1

#!/bin/bash 

# The goal of this script is to test if the /etc/shadow file that stores password hash exists

function test_shadow {
    echo "---checking for shadow file---"
    if [ -e /etc/shadow ]; then
        echo "shadow file exists"
    fi
}

🔎 Breakdown

#!/bin/bash

The shebang line: Tells the system to run this script using the Bash interpreter located at /bin/bash.

# The goal of this script is to test if the /etc/shadow file that stores password hash exists

The # is used for comment or documentation

function test_shadow { ... }

Declares a function named test_shadow. Everything between { ... } will be executed when you call test_shadow.

echo "---checking for shadow file---"

Inside the function: Prints a message to show the script is about to test for the file.
if [ -e /etc/shadow ]; then echo "shadow file exists" fi
if starts a conditional statement.
[ -e /etc/shadow ] checks if the file /etc/shadow exists.
-e means “file exists (any type)”.
; then separates the condition from the commands that should run if it’s true.
echo "shadow file exists" runs only if the condition is true.
fi ends the if block (fi is literally if spelled backwards).

Calling the function

To execute it, you need to add this at the bottom:
test_shadow

Output Of The Script

The above image shows the output of the script

NB- Remember I mentioned "a function must be declared before it is called upon to execute. (note this cause I am about to confuse you later)"

This is actually not the case when running a function inside a function.

Running A Function Inside A Function

When you run a Bash script, the shell does two main steps:

Parsing (reading and analyzing)

Bash reads the whole script text first.

It breaks the text into commands, keywords, and function definitions.

At this stage, it doesn’t execute the commands — it just understands the structure.

That’s how Bash already knows that there are functions, even before they are called.

Execution (actually running commands)

After parsing, Bash starts executing line by line in order.

Sample Script

the above is a script I created, run it, share your output and see if you can explain the script or make sense of it on your own.

The output of the script

Note: If this is your first time working with Bash scripting or functions, it’s a good idea to run the scripts first and observe what they do. Afterwards, come back to read the explanations again,this will help you understand the breakdown more clearly.

Learn Bash Scripting With Me 🚀 - Day 6

Babs — Wed, 17 Sep 2025 18:26:34 +0000

Day 6 - Ping Sweep

In case you’d like to revisit or catch up on what we covered on Day Five, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-5-45di

In this lab session, we will create a script that utilizes a for loop, as introduced in the previous post. This exercise will give you a clearer understanding of how for loops are used in practical scenarios. The script we will develop is particularly useful for professionals in penetration testing and cybersecurity.

The main objective of this script is to ping a set of IP addresses of your choice and determine which ones are online. For example, imagine needing to ping a list of over 200 computers to quickly identify which machines are active on the network—doing this manually would be extremely time-consuming.

We will begin by defining the interpreter at the top of the script using the shebang (#!/bin/bash). Additionally, ensure that the script file you create is executable—you should already be familiar with making a file executable by now.

The Script

The image above shows the script created, so I will be explaining the script below.

Explanation

#!/bin/bash

The above is called a shebang, It tells the system to use the Bash shell to run this script.

#Creating a simple pingsweep script

The line above is a comment. In Bash, any text that starts with # is ignored by the interpreter and is not executed as part of the script. Comments are used to provide explanations or notes within your code, making the script easier to understand and maintain for yourself and others.

echo “Please enter the first 3 IP address Octet for your environment as shown in the example e.g 10.10.1”

The echo command above displays the specified message on the terminal when the script is run. In this case, it prompts the user to enter the first three octets of the IP addresses for their environment (e.g., 10.10.1).

read SUBNET

The read command captures input from the user and stores it in a variable. In this case, the input provided by the user is saved to the variable SUBNET.

for IP in $(seq 1 200); do

In this line, we define a new variable called IP. The $(seq 1 200) generates a sequence of numbers from 1 to 200, which the for loop will iterate over. The semicolon (;) is used to separate commands on the same line—it tells the shell that the for statement is complete, and the following do marks the start of the loop’s body.

ping -c2 $SUBNET.$IP

The ping -c2 command sends two pings to the IP address to check if it is online.
$SUBNET is replaced with the first three parts of the IP address that the user entered.
The dot . separates the subnet from the last octet.
$IP is the last part of the IP address, which changes from 1 to 200 as the loop runs.
Together, this command pings each IP in the range like 10.10.1.1, 10.10.1.2, ..., up to 10.10.1.200.

done

In Bash, done is used to mark the end of a for loop.

You can now run the script by entering the first three octets of your device’s IP address. The script will then check which other devices on your network are online.

The Output would look like something shown below:

NB - The output from the script displays the standard results you would get from running a ping command for all 200 IPs.

You can also stop the script at any time by pressing Ctrl + C.

Learn Bash Scripting With Me 🚀 - Day 5

Babs — Mon, 15 Sep 2025 22:12:47 +0000

Day 5 – for loop

In case you’d like to revisit or catch up on what we covered on Day Four, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-4-fo7

In Bash, a for loop is used to iterate over a list of items (strings, numbers, files, command outputs, etc.) and execute a block of code repeatedly for each item.

It helps automate repetitive tasks without having to write the same command multiple times.

Iterate simply means to repeat a process step by step.

Imagine you have a basket of fruits:
apple, banana, cherry

If you iterate over the basket, you:

Pick up the apple → do something with it.
Pick up the banana → do something with it.
Pick up the cherry → do something with it.

Creating A For Loop Script

First, we’ll create a file that contains a list of fruits. Later, we’ll use this file in a for loop.

The image above shows a text file I created, named fruits.txt, which contains a list of five fruits.

The Script

The image above is a simple for loop script created, so I will be explaining the script below.

Explanation

#!/bin/bash

The above is called a shebang, It tells the system to use the Bash shell to run this script.

for FRUITS in $(cat fruits.txt);

The above starts a for loop with FRUITS being the variable name.

$(cat fruits.txt);

The above runs the cat command, which reads the contents of the file fruits.txt.

Purpose of the semicolon

In Bash, the semicolon (;) is used to separate two commands written on the same line.
The semicolon here tells Bash:
👉 "The for ... in ... command part is finished, and the next command (do) begins."

NB- If you write do on a new line, you don’t need the semicolon but I am used to it that's why I included it.

do ... done
Everything between do and done will run once for each fruit in the list.

echo "I enjoy eating $FRUITS"

echo prints text to the terminal.
$FRUITS is replaced with the fruits from the list.

The image above is the output of the script we ran.

✅ In Summary: This script reads a list of fruits from a file (fruits.txt) and prints a custom message for each fruit using a for loop.

Learn Bash Scripting With Me 🚀 - Day 4

Babs — Sat, 13 Sep 2025 18:00:00 +0000

Day 4 – If and If else conditional statement

In case you’d like to revisit or catch up on what we covered on Day Three, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-3-4kib

In Bash scripting, conditional statements are used to make decisions in your script — i.e., execute certain commands only if a condition is true (or false).

The image above is a simple conditional script created, so I will be explaining the script below.

Explanation

Square brackets [ ] are used to define the condition.
Notice that there are spaces around the condition:

[ "$NAME" = "Babs" ]

If the spaces are missing, Bash will treat it incorrectly (e.g., as variable assignment instead of comparison).
The semicolon ; after ] is important when writing the then statement. It tells Bash that one command (the condition defined in the square bracket) has ended and another (then) begins.
The then statement contains the commands to run when the condition is true.
Every if statement must be closed with fi, which marks the end of the statement.

✨ Understanding Bash Conditional Statements In the Image

When creating the conditional statement to check if the variable is equal to "Babs", we spaced it because:

If we do not space it, it would mean that we are trying to change the variable for "NAME" which we already defined.

We also end the conditional statement after closing the square bracket with a semicolon ";" because:

We are joining two commands together.
What I mean by that is because we want the statement to do something based on the condition described, which is why the then statement was included in order to tell it to:

echo "welcome boss"

And also note that:

We always close an if statement with fi, or else the script will fail.
fi denotes the end of the if statement.

The above is the output of the script

✅ The if-else Statement

Now for the if/else

Create and run the above script and see the outcome.
By now you should be familiar with the echo and read command
So in the above script created, the echo displays the instruction for us to enter our username
The read command takes input from us and saves it as the variable NAME
So the if statement would check if the username is equal to Babs which if it is will then echo the information “welcome back boss”
And the else is to display something else if the name is not equal to Babs so it will echo "who are you" and then the fi is to signify the end of the if statement.

The above image is the output of the script when the name is equal to Babs

The above is the output when the name is something else other than Babs.

🏁 Summary

Use [ ] to wrap conditions in Bash.
Always keep spaces around brackets and operators.
Use then to specify what should happen if the condition is true.
Use else to define an alternative action.
Close every conditional block with fi.

These basics of if and if-else lay the foundation for more advanced conditionals.

Learn Bash Scripting With Me 🚀 - Day 3

Babs — Fri, 12 Sep 2025 18:46:39 +0000

Day 3 – User Input and Comments

In case you’d like to revisit or catch up on what we covered on Day Two, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-2-36k0

When writing Bash scripts, it’s often useful to get input directly from the user. This allows your script to be interactive and dynamic. Let’s walk through how to use the "read" command in Bash to achieve this.

The below would clearly explain what you see in the image above.

1. Declaring the Shell

Every Bash script should start by declaring the shell that will interpret the script. We do this using the shebang:

#!/bin/bash

This tells the system to use Bash when executing the script.

2. Using read with -p

The read command is used to take input from the user.
Adding the -p option lets you display a prompt before the input is taken.
you will understand this better when you run the script, it’s almost the same thing as using the command echo.

Example:

#!/bin/bash

read -p "Please enter your name: " NAME
echo "Your name is $NAME"

Explanation

read -p "Enter your name: " → Displays the text before waiting for user input.

NAME → The variable where the input is stored.

echo "Your name is $NAME" → Prints the stored input.

PS- Run the script and show your outcome.

3. Adding Comments

Comments are basically used to describe something in your own word, which is basically you leaving a comment in the script so you can make your script more readable or explanatory for other people and this is done using “#” and it tells the script not to add it to the list of things to run.

Just as seen in the image below:

Example:

#!/bin/bash

# This script asks the user for their name
read -p "Enter your name: " NAME

# Output the name back to the user
echo "Your name is $NAME"

NB- Anything after # is ignored by the script when it runs.

4. Another Way to Use read (Multiple Variables)

Instead of using -p, you can first use echo to display instructions, and then use read to take multiple inputs at once.

Example:

#!/bin/bash

# Ask for first name and last name
echo "Kindly enter your first name and last name: "
read FNAME LNAME

echo "Your name is $FNAME $LNAME"

Explanation

echo "Enter your first name and last name: " → Displays a message.

read FNAME LNAME → Takes two inputs: the first is stored in FNAME, the second in LNAME.

echo then displays both variables.

My outcome is shown below

5. Don’t Forget Executable Permission

Before running your script, make sure it has executable permissions:

chmod +x script.sh

Then run it:

./script.sh

Learn Bash Scripting With Me 🚀 - Day 2

Babs — Thu, 04 Sep 2025 21:20:21 +0000

Day 2 – Variables

In case you’d like to revisit or catch up on what we covered on Day One, here’s the link:

https://dev.to/babsarena/learn-bash-scripting-with-me-day-1-1ekd

Variables in Bash scripting are used to store data, such as numbers, text, or file paths. They are a way to label and reference information that can be used later in a script.

We begin by creating a file using any text editor of our choice and naming it variables.sh.

Declaring the Shell

At the very top of the script, specify the shell you want to use:

#!/bin/bash

Creating a Variable

Let’s create a variable called NAME.

👉 Best Practice:

Variable names in Bash are usually written in capital (block) letters.
Using lowercase will still work, but uppercase is the recommended convention.

Important Rules When Declaring Variables

No spaces before or after the = sign, otherwise the script will fail.

NAME = "Babs" ❌ Invalid
NAME="Babs" ✅ Valid

NB - Strings must be inside quotes (" ").

NB - Numbers don’t need quotes.

AGE=25 ✅ Valid
CITY="Nairobi" ✅ Valid

Using Variables

To call a variable, use the dollar sign ($):

echo "My name is $NAME"

NB - You can also use curly braces {} when combining variables with text:

SPORT="Foot"
echo "The most popular sport is ${SPORT}ball"
Output: The most popular sport is Football

Pictorial Examples of the script and the outcome

Script 1
Script 1 Outcome:

Script 2

Script 2 Outcome:

Naming Rules

Variable names must start with an alphabet (A–Z or a–z).
They cannot start with a number.

01_NAME="Test" # ❌ Invalid
NAME_01="Test" # ✅ Valid
SPORT_07="Test" # ✅ Valid

NB - If variables are not properly declared, the script will return an error.

🔎 Things to Keep in Mind

If your script fails to run, ensure that the file is executable.

You can check this with:

ls -la

If it’s not executable, make it executable with:

chmod +x variables.sh

Always enclose string variables in quotation marks (" ").
Missing quotes may cause your script to fail.

✨ And that’s the foundation of working with variables in Bash scripting for day 2!

Learn Bash Scripting With Me 🚀 - Day 1

Babs — Tue, 02 Sep 2025 21:59:36 +0000

LearnBashScriptingWithMe 🚀

Day 1 – Introduction, Shebang & File Permissions

Bash scripting is the process of creating a file that contains a sequence of commands and then running that file as a script.

A shell in Kali Linux is a command-line interpreter that provides an interface for the user to interact with the operating system. It allows users to execute commands, scripts, and programs to manage the system, navigate the file system, and perform various administrative tasks.

👉 We start by creating a file using the “sh” extension as this is used to denote that we are creating a shell script, e.g test.sh

👉 After that the next thing we need to do is to define the kind of interpreter we are going to be using and for this, the interpreter is BASH and we denote that using

#!/bin/bash

👉 Inside the script, we can use the echo command to display output. For example, printing “Hello World!”

echo "Hello World!"

👉 Now we can now save and run the script by using the command “./(filename)”
e.g:

./test.sh

Note that the command "./" is telling the shell to use the interpreter defined in the file we want to run which was what was defined first when we wrote "#!/bin/bash" in the file

But notice—you might get a “permission denied” error. That’s because the file isn’t yet executable.

👉 To fix this, grant execution permission with:

chmod +x test.sh

Now, when you run ./test.sh, the script executes successfully 🎉

Bash #scripting

🐍 Using Python Web Server to Share Files Across VMs and OSes

Babs — Mon, 14 Jul 2025 23:02:40 +0000

In my work environment, I deal with multiple operating systems hosted on different virtual machines. A frequent challenge I face is transferring files between these systems — especially when copy-paste and drag-and-drop functionalities are disabled for security reasons.

Ideally, if all these systems existed within the same Active Directory (AD) domain, I could’ve easily used a shared network folder. But that’s not the case. Fortunately, I discovered a simple yet powerful solution using… Python!

Who would’ve thought a snake 🐍 would solve my file-sharing problem?

⚡ The Quickest Cross-OS File Sharing Method

With Python’s built-in web server, I can now instantly share files between any operating system — as long as they’re on the same network. It’s basically the fastest version of AirDrop I’ve ever seen for VMs and local systems.

🔧 How to Set Up a Python Web Server on Windows

Here’s a step-by-step guide to setting it up:

1. Install Python
Go to the official Python website and download the latest version.

During installation, make sure to check the box that says “Add Python to PATH” (important!).

Complete the installation.

2. Verify or Manually Add Python to System Environment Variables
In case Python isn't added to PATH automatically:

Press the Windows key, search for Python, right-click on the one that shows “(64-bit)”, and choose Open File Location.

Copy the path (e.g., C:\Users\YourName\AppData\Local\Programs\Python\Python311)

Now, add this path to the system environment variables:

Search for “Environment Variables” in Windows search.
Under System Properties, click Environment Variables.

Under System variables, click New.

For Variable Name, you can enter something like PYTHON.
For Variable Value, paste the copied Python path.

Click OK and save.

3. Start the Python Web Server
Open Command Prompt (CMD), navigate to the folder you want to share, and run:

python -m http.server 8080

Or if python doesn’t work, try:

python3 -m http.server 8080

This starts a basic web server that serves files from the current folder on port 8080.

4. Access the Server from Another Device
Now on any device (Windows, Linux, macOS, Android, etc.) connected to the same network, open a browser and type:

http://<IP_ADDRESS>:8080

For example:

http://192.168.8.102:8080

This opens the hosted directory in a browser — allowing you to download files easily and it can also be gotten via phones to.

⚠️ Troubleshooting Tip

If you get an error saying 'python' is not recognized as an internal or external command, it means Python isn’t properly installed or added to the system PATH.

To fix:

Just type "python" in CMD.
If it redirects you to the Microsoft Store, download Python from there.
Then repeat the earlier steps to set it up properly.

✅ Final Thoughts

With this method, I no longer struggle with sharing files across different virtual machines and OS environments. It’s lightweight, doesn't require external tools, and works instantly over LAN.

Python just became my new best friend for file sharing — fast, simple, and cross-platform.

🔐 How I Granted Local Admin Rights to a User Without Compromising Domain Security

Babs — Sun, 22 Jun 2025 21:50:06 +0000

In an enterprise environment, it’s common to restrict admin access on user machines using Active Directory (AD) policies. But what happens when a team member urgently needs elevated privileges—outside work hours and without VPN access?

That’s exactly the situation I faced recently. Here’s how I resolved it efficiently by granting local admin rights—without compromising domain security.

📌 Scenario Overview

A team member was working on a time-sensitive project that required:

Installing applications
Running scripts or commands with admin privileges

However:

The AD setup restricts such actions to domain admins only
She would be working after-hours and during the weekend

She suggested calling me whenever she needed admin access so I could remotely control her screen and enter the credentials for her. However, this would be time-consuming and impractical in the long run.

✅ The Solution

Instead of providing domain admin access (which poses a security risk), I granted her local administrator privileges on her system only.

🔐 Note: Local admin rights only apply to the specific machine. This doesn't make the user a domain admin.

🧭 Step-by-Step Walkthrough

1. 🔓 Open an Elevated Command Prompt
open Command Prompt as Administrator.

2. ➕ Add the User to the Local Administrators Group
Run the following command:

net localgroup administrators "YOURDOMAIN\username" /add

Example:

net localgroup administrators "ETCG\john.doe" /add

✅ This command tells the local machine to treat john.doe as a system administrator—on that PC only

3. 🔍 Confirm It Worked
To verify the user was successfully added, run:

net localgroup administrators

You should see the domain user listed:

YOURDOMAIN\username

That confirms they now have admin rights on the system.

4. ✅ What the User Can Now Do
With local admin privileges, the user can:

Install software
Run commands or scripts with elevated permissions
Make system changes without needing your intervention

And since it’s tied to her domain account on that system, she simply uses her own password for elevation.

5. 🔒 Removing Local Admin Access (After Project Completion)
Once the project is done and elevated privileges are no longer needed, revoke access by running:

net localgroup administrators "YOURDOMAIN\username" /delete

Example:

net localgroup administrators "ETCG\john.doe" /delete

This safely removes her from the local admin group, restoring the default security posture.

🧠 Key Takeaways

It's a least-privilege approach—user has elevated access only where and when needed
Always remember to remove access when no longer required

If you’re in a similar situation, this method strikes the right balance between user productivity and security hygiene.

Exploring Wazuh SIEM Capabilities in a Hands-On Lab Session

Babs — Tue, 10 Jun 2025 21:14:40 +0000

A while ago, I had the opportunity to lead a practical session with a few of my students, where we explored the power and flexibility of Wazuh—a free, open-source security platform offering extended detection and response (XDR) and SIEM capabilities.

The goal of the session was to help them understand how Wazuh can be used to monitor system integrity, detect malware, and centralize security operations. Here's a detailed breakdown of what we covered during the lab:

✅ Deploying Wazuh & Integrating Agents

We started with deploying Wazuh and installing its agent on both Kali Linux and Windows OS systems in our lab environment. The students learned how to ensure the agent is properly connected and visible within the Wazuh dashboard.

✅ SSH Access for Easier Configuration

One of the key things I emphasized was the importance of SSH access to the Wazuh server. Since the Wazuh CLI doesn’t support easy copy-paste functionality, making changes or executing multiple commands can be tedious. By SSHing into the Wazuh server from either Kali Linux or Windows, students could seamlessly copy and paste configuration commands—dramatically improving efficiency during setup and troubleshooting.

✅ Changing the Wazuh Admin GUI Password

A critical security aspect I demonstrated was how to change the Wazuh admin GUI password. As this cannot be done directly from the GUI interface, I walked them through the proper process using the Wazuh CLI. This highlighted the importance of CLI proficiency when managing SIEM tools like Wazuh.

✅ File Integrity Monitoring (FIM)

Next, we moved on to one of Wazuh's most powerful features—File Integrity Monitoring. I guided the students in setting up FIM on the Downloads directory of Kali Linux. Once configured, Wazuh started monitoring file changes in real-time.

We created and modified test files and observed how Wazuh instantly reported those changes. Impressively, the system not only flagged that a change had occurred but also showed precisely what was modified—a critical feature for forensic investigations and compliance tracking.

✅ VirusTotal Integration & Malware Detection

To extend Wazuh's capabilities, we integrated VirusTotal by adding API keys to our configuration. This enabled Wazuh to scan files against VirusTotal’s extensive malware database.

To test this integration, we downloaded the EICAR test file—a harmless file used to test malware detection systems. Wazuh, now integrated with VirusTotal, flagged the file as malware and automatically removed it upon detection. This real-time response to malware threats reinforced the power of Wazuh in endpoint protection.

✅ Student Assignment: Windows FIM Setup

To wrap up the session, I assigned a practical challenge: each student was to replicate the File Integrity Monitoring setup and VirusTotal integration—but this time on their Windows operating system. This not only ensured they could apply what they learned independently but also gave them the opportunity to explore platform-specific nuances.

Final Thoughts

This session showcased just a few of the powerful capabilities that Wazuh offers for security operations. From agent management and file monitoring to malware detection and real-time alerting, Wazuh provides a unified platform that’s both accessible and deeply customizable.

For students and professionals stepping into the world of cybersecurity and SIEM tools, hands-on experience like this is invaluable. I’m glad to have been able to guide them through this and look forward to seeing how they build on these skills in the future.

💡 Real-World Cybersecurity Experience: Teaching Wazuh Deployment and Troubleshooting

Babs — Fri, 06 Jun 2025 02:07:11 +0000

Recently, I guided a few of my students through a hands-on deployment of Wazuh, a powerful and open-source platform for Extended Detection and Response (XDR) and Security Information and Event Management (SIEM). Wazuh helps organizations detect threats, monitor system integrity, and maintain compliance across various environments.

🛠️ What We Did

We began by deploying Wazuh in a lab environment and successfully installed Wazuh agents on both a Linux and a Windows machine. I demonstrated:

How to access the Wazuh web interface via its IP address.
How to SSH into the Wazuh server from both Windows and Linux.
How to install and link a Linux machine using the Wazuh agent.

Everything went smoothly with the Linux integration. After that, I showed them how to install the agent on a Windows machine — but deliberately stopped short of completing the link successfully.

🎯 The Assignment

I tasked the students with figuring out why the Windows agent failed to register with the Wazuh manager. My goal was to simulate real-world conditions, because as any cybersecurity engineer knows: deployments often come with challenges, and troubleshooting is part of the daily job.

🧩 Their Observations

The students investigated the issue and noticed that:

The authentication key for the Windows agent wasn’t being generated or displayed.
Even after attempting to manually link the agent via the Windows CLI, the issue persisted.

They brainstormed potential causes and suspected it had something to do with the agent’s authentication key.

🔍 The Real Issue

Eventually, I stepped in to guide them through the problem:

The Wazuh manager we deployed was version 4.11.
They had installed the Wazuh agent version 4.12 on Windows.

Because of this version mismatch, the Windows agent could not successfully register with the Wazuh manager.

✅ The Fix

Here’s how we resolved it:

1. Uninstalled the incorrect agent version (4.12) on the Windows machine.

2. Installed the correct agent version (4.11) to match the Wazuh manager.

3. Configured the agent with the manager’s IP.

At this point, they tried to link the Windows agent to Wazuh, but the authentication key still wasn’t appearing, and they couldn’t figure out why. After some investigation, I revealed the missing piece:

4. Restarting the Wazuh agent on the Windows machine after inputting the necessary details.

Once we restarted the agent, everything clicked into place, and the link was successfully established.

🧠 Key Takeaways

Always match the agent version with the Wazuh manager version.
Restarting services can resolve issues after configuration changes.
Real-world cybersecurity engineering involves constant troubleshooting — things rarely work on the first try.
Creating structured problems for learners helps them develop resilience, critical thinking, and a practical mindset.

This experience reminded all of us:

Sometimes, all you need is the right version and a good restart.

That’s the reality of being a cybersecurity engineer. 🔐