Tabla de contenido
Wazuh has become an essential tool for security management in information systems. Thanks to its ability to detect intrusions, ensure data integrity, and monitor security, many companies and individuals choose to set up their own Wazuh server. Here I will explain how you can install and configure your Wazuh server, step by step, without using complicated lists or enumerations.
What is Wazuh and Why Should You Use It?
Wazuh is an open-source security platform that provides intrusion detection, integrity monitoring, incident response, and compliance auditing. Its versatility makes it ideal for both small businesses and large corporations. Furthermore, being open-source, Wazuh is completely free and allows modifications to meet any specific needs.
Initial Preparations Before Installation
Before you dive into the installation of Wazuh, it is crucial that you prepare your system. This involves ensuring that the operating system is updated and setting up the environment to support the installation of Wazuh through Docker. Here is how you do it:
First, it is necessary to disable the firewall to prevent it from interfering with the installation process. To do this, simply execute in the terminal:
ufw disable
This command will disable the firewall, ensuring that it will not block any of the necessary connections during the installation.
Next, you must ensure that all system packages are updated and that git is installed, as you will need it to clone the Wazuh repository. Execute:
apt update && apt install git
With these commands, your system will be updated and ready for the next phase.
Installing Docker
Wazuh in Docker simplifies dependency management and ensures that the platform can run isolated and secure. To install Docker, you can use the script provided by Docker, which sets up everything automatically:
curl -sSL https://get.docker.com/ | sh
Once Docker is installed, it is essential to ensure it automatically runs at system startup:
systemctl start docker systemctl enable docker
These commands will start the Docker service and configure it to automatically start at each system boot.
Docker Compose
If you install Docker as previously indicated, you do not need to install this tool, but if you already have Docker and it does not support “docker compose”, you can install docker-compose like this:
curl -L "https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
The following commands that have “docker compose” should be executed as docker-compose.
Setting Up the Wazuh Environment
With Docker already configured, the next step is to prepare the specific environment for Wazuh. Head to the optimal directory to keep organized the files related to security:
cd /opt
Now, it is time to clone the most recent version of the Wazuh repository for Docker:
git clone https://github.com/wazuh/wazuh-docker.git -b v4.7.3
This command downloads all the necessary files to run Wazuh in a Docker container.
Generating Certificates and Starting Up Wazuh
Before starting Wazuh, you must generate the necessary certificates for the proper functioning of the Wazuh components. Navigate to the correct directory and execute the certificate generator:
cd wazuh-docker/single-node/ docker compose -f generate-indexer-certs.yml run --rm generator
With the certificates generated, you are now ready to start all the Wazuh services:
docker compose up -d
This last command lifts all the containers necessary for Wazuh to operate properly in a single-node mode, ideal for test environments or small implementations.
Verification of the Installation
Once all the previous steps are completed, it is important to verify that everything is working as expected. You can check the status of the Docker containers to ensure that all Wazuh services are active and running. Additionally, access the Wazuh web interface to start exploring the functionalities and available settings.
Customization and Monitoring
With your Wazuh server now operational, the next step is to customize the configuration to adapt it to your specific needs. Wazuh offers a wide variety of options for configuring rules, alerts, and automatic responses to incidents. Take advantage of the available documentation to explore all the possibilities that Wazuh offers.
Installing and configuring your own Wazuh server may seem like a complex task, but by following these steps, you will have a robust computer security system without needing large investments. Not only will it improve the security of your information, but it will also provide you with a powerful tool to monitor and proactively respond to any incident.
Changing Wazuh’s Password
You can see how to change the password in the official documentation:
https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#change-pwd-existing-usr