How to Install Wazuh Server on Ubuntu

Admin
Posted:
April 18, 2024
Home
Posts
Cybersecurity
How to Install Wazuh Server on Ubuntu
Contents
Example H2

The Wazuh server is the central component that collects and analyzes security data from deployed Wazuh agents. It triggers alerts when threats or anomalies are detected. This guide will walk through installing the Wazuh server on Ubuntu step-by-step.

Prerequisites

  • Ubuntu server with root privileges
  • Wazuh indexer installed (if using same host, Wazuh repository is already added)

1. Add Wazuh Repository

Import the Wazuh GPG key:

rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH

Add the Wazuh repository:

echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list

Update package lists:

sudo apt update

2. Install Wazuh Manager

Install the Wazuh manager package:

sudo apt install wazuh-manager

3. Install Filebeat Module

curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module

4. Deploy Certificates

Copy the wazuh-certificates.tar file created during initial configuration to the working directory. Extract using:

tar -xvf wazuh-certificates.tar

Replace <server-node-name> with your server node certificate name and run:

sudo mv server-node-name.crt /etc/wazuh-cert/cert.crt
sudo mv server-node-name.key /etc/wazuh-cert/cert.key
sudo chmod 640 /etc/wazuh-cert/cert.crt /etc/wazuh-cert/cert.key

5. Enable and Start Services

sudo systemctl daemon-reload
sudo systemctl enable wazuh-manager
sudo systemctl start wazuh-manager

The Wazuh server is now installed! For a single-node setup, you're all set. For a multi-node cluster, repeat steps 1-4 on other nodes, then configure the master and worker nodes. If you're looking more about Wazuh, you can check this Wazuh training:

wazuh training details

The course contains:

  • Introduction to Wazuh
  • Capabilities of Wazuh
  • Architectural Structure of Wazuh
  • Wazuh Server Installation
  • Windows Wazuh Agent Installation and Log Collection
  • Linux Wazuh Agent Installation and collecting Logs
  • Collecting Logs with Syslog
  • The Use of Wazuh Dashboard
  • Custom Log Parsing
  • Writing a Custom Rule/Correlation
  • Sample Attack Scenarios

Share
letsdefend description card

You might also be interested in ...

How to detect Directory Traversal Attacks

November 13, 2024

Malware Analyst Interview Questions ans Answers

November 10, 2024

Threat Hunter Interview Questions and Answers

November 6, 2024

Start learning cybersecurity today

Explore courses