Step-by-Step Guide to Installing Wazuh on Ubuntu Server 24.04

Wazuh is a powerful, open-source security platform for monitoring and threat detection. In this guide, we will walk you through the installation process of Wazuh on Ubuntu Server 24.04.

1. Add the Wazuh Repository

To begin, add the Wazuh repository to your Ubuntu server. This requires importing the GPG key and configuring the repository.

sudo apt update
sudo apt install gnupg apt-transport-https
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --dearmor | sudo tee /usr/share/keyrings/wazuh.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list

2. Install the Wazuh Manager

The Wazuh Manager is the central component that analyzes data and generates alerts.

  1. Update your package list and install the Wazuh Manager:sudo apt update sudo apt install wazuh-manager
  2. Enable and start the Wazuh Manager service:sudo systemctl enable --now wazuh-manager

3. Install the Wazuh Indexer

The Wazuh Indexer is essential for storing and indexing alerts generated by the Manager.

  1. Install the Indexer:sudo apt install wazuh-indexer
  2. Enable and start the Wazuh Indexer service:sudo systemctl enable --now wazuh-indexer

4. Install the Wazuh Dashboard

The Dashboard provides a web-based interface for monitoring and managing Wazuh alerts.

  1. Install the Dashboard:sudo apt install wazuh-dashboard
  2. Enable and start the Dashboard service:sudo systemctl enable --now wazuh-dashboard

5. Configure SSL/TLS Certificates

To secure communication between Wazuh components, configure SSL/TLS certificates.

  1. Download the Wazuh Certificates Tool and Configuration File:wget https://packages.wazuh.com/4.x/wazuh-certs-tool.sh wget https://packages.wazuh.com/4.x/config.yml
  2. Edit the config.yml file to specify the IP addresses and names of your Wazuh nodes.
  3. Generate the certificates:bash ./wazuh-certs-tool.sh -A

Generated certificates will be stored in the wazuh-certificates directory.

6. Configure Filebeat

Filebeat is used to forward logs and events to the Wazuh Indexer.

  1. Install Filebeat:sudo apt install filebeat
  2. Download the preconfigured Filebeat configuration file:curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.x/tpl/wazuh/filebeat/filebeat.yml
  3. Edit the /etc/filebeat/filebeat.yml file to update the hosts field with your Wazuh Indexer address.
  4. Enable and start Filebeat:sudo systemctl enable --now filebeat

7. Access the Wazuh Dashboard

Once the installation is complete, you can access the Wazuh Dashboard.

  • Open your web browser and navigate to: https://<server-ip>
  • Use the default credentials (admin for both username and password) to log in.

Leave a Comment


syncbricks

Computer and IT updates, tech news, reviews, tips comparisons, insight, how to of consumer and enterprise IT.

Menu

Home

Web Hosting

Categories

Best Tools

Contact Us

Guest Posting

Web Hosting

Bluehost

A2Hosting

HostGator

InMotion

HostPole

Siteground

Newsletter

Enter your email address to get the latest updates and offers.

Syncbricks LMS

Discover a world of opportunities with my comprehensive range of IT courses, designed to empower individuals and organizations to thrive in today’s digital landscape. Whether you’re looking to enhance your skills in automation, explore cutting-edge AI technologies, or master essential IT tools, I offer everything you need to succeed.