Difference between revisions of "Cyber Security: Wazuh Install Docker"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "Baik, saya kasih panduan step-by-step instalasi **Wazuh di Ubuntu 24.04**. Wazuh biasanya dipasang dalam bentuk **Wazuh server (manager + indexer + dashboard)**, atau **Wazuh...")
 
 
Line 1: Line 1:
Baik, saya kasih panduan step-by-step instalasi **Wazuh di Ubuntu 24.04**.
+
Oke 👍 saya jelaskan langkah-langkah **instalasi Wazuh dengan Docker di Ubuntu 24.04**. Cara ini lebih simpel karena pakai *docker-compose* resmi dari Wazuh.
Wazuh biasanya dipasang dalam bentuk **Wazuh server (manager + indexer + dashboard)**, atau **Wazuh agent** di endpoint.
 
Di sini saya jelaskan instalasi **all-in-one Wazuh server** untuk uji coba/lab (production biasanya dipisah per komponen).
 
  
 
---
 
---
  
## 🔹 1. Persiapan
+
## 1. Persiapan Server
  
Pastikan sistem sudah update:
+
Pastikan Ubuntu sudah update dan punya akses root/sudo:
  
 
```bash
 
```bash
Line 13: Line 11:
 
```
 
```
  
Install paket pendukung:
+
Install paket dasar:
  
 
```bash
 
```bash
sudo apt install curl apt-transport-https unzip wget gnupg lsb-release software-properties-common -y
+
sudo apt install -y curl apt-transport-https ca-certificates gnupg lsb-release
 
```
 
```
  
 
---
 
---
  
## 🔹 2. Tambah Repository Wazuh
+
## 2. Install Docker & Docker Compose
  
Import GPG key:
+
Install Docker CE:
  
 
```bash
 
```bash
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --dearmor -o /usr/share/keyrings/wazuh.gpg
+
curl -fsSL https://get.docker.com | sh
 
```
 
```
  
Tambahkan repo:
+
Tambahkan user ke grup docker (opsional biar tidak perlu sudo):
  
 
```bash
 
```bash
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt stable main" | \
+
sudo usermod -aG docker $USER
  sudo tee /etc/apt/sources.list.d/wazuh.list
 
 
```
 
```
  
Update:
+
→ logout / login lagi agar aktif.
 +
 
 +
Cek versi:
  
 
```bash
 
```bash
sudo apt update
+
docker --version
 +
docker compose version
 
```
 
```
  
 
---
 
---
  
## 🔹 3. Instal Wazuh Manager
+
## 3. Ambil Repository Wazuh Docker
 +
 
 +
Clone repo resmi Wazuh:
  
 
```bash
 
```bash
sudo apt install wazuh-manager -y
+
git clone https://github.com/wazuh/wazuh-docker.git -b v4.8.0
 
```
 
```
  
Jalankan service:
+
*(ganti `v4.8.0` dengan versi terbaru jika ada update)*
 +
 
 +
Masuk ke folder:
  
 
```bash
 
```bash
sudo systemctl daemon-reload
+
cd wazuh-docker/single-node
sudo systemctl enable wazuh-manager
 
sudo systemctl start wazuh-manager
 
sudo systemctl status wazuh-manager
 
 
```
 
```
  
 
---
 
---
  
## 🔹 4. Instal Wazuh Indexer (ElasticSearch fork)
+
## 4. Jalankan Wazuh
  
```bash
+
Jalankan stack Wazuh:
sudo apt install wazuh-indexer -y
 
```
 
 
 
Enable & start:
 
  
 
```bash
 
```bash
sudo systemctl enable wazuh-indexer
+
docker compose up -d
sudo systemctl start wazuh-indexer
 
 
```
 
```
  
---
+
Cek status container:
 
 
## 🔹 5. Instal Wazuh Dashboard (Web UI)
 
  
 
```bash
 
```bash
sudo apt install wazuh-dashboard -y
+
docker ps
 
```
 
```
  
Enable & start:
+
Container yang harusnya jalan:
  
```bash
+
* `wazuh.manager` → core engine
sudo systemctl enable wazuh-dashboard
+
* `wazuh.dashboard` → UI web
sudo systemctl start wazuh-dashboard
+
* `wazuh.indexer` → database/search
```
 
  
 
---
 
---
  
## 🔹 6. Akses Dashboard
+
## 5. Akses Dashboard
  
Default URL:
+
Setelah semua jalan, buka browser ke:
  
 
```
 
```
https://<IP-server>:5601
+
https://<IP_SERVER>:443
 
```
 
```
  
Login awal biasanya:
+
Default login (bisa dicek di `config/wazuh_dashboard_pass`):
  
* **User:** `admin`
+
* User: `admin`
* **Password:** bisa dicek dengan:
+
* Password: auto-generate → lihat pakai:
  
 
   ```bash
 
   ```bash
   sudo cat /etc/wazuh-dashboard/initial_admin_password
+
   docker exec -it wazuh.dashboard cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh-passwords.txt
 
   ```
 
   ```
  
 
---
 
---
  
## 🔹 7. Tambah Wazuh Agent (Contoh di Ubuntu)
+
## 6. Install Agent (contoh Linux)
  
```bash
+
Di endpoint yang ingin dipantau:
sudo apt install wazuh-agent -y
 
```
 
 
 
Edit konfigurasi:
 
 
 
```bash
 
sudo nano /var/ossec/etc/ossec.conf
 
```
 
 
 
Ubah bagian:
 
 
 
```xml
 
<server>
 
  <address>IP_WAZUH_MANAGER</address>
 
</server>
 
```
 
 
 
Jalankan agent:
 
  
 
```bash
 
```bash
 +
curl -sO https://packages.wazuh.com/4.8/wazuh-agent-4.8.0.deb
 +
sudo WAZUH_MANAGER="<IP_SERVER>" dpkg -i ./wazuh-agent-4.8.0.deb
 
sudo systemctl enable wazuh-agent
 
sudo systemctl enable wazuh-agent
 
sudo systemctl start wazuh-agent
 
sudo systemctl start wazuh-agent
Line 139: Line 116:
 
---
 
---
  
## 🔹 8. Verifikasi
+
✅ Selesai! Sekarang log dari agent akan muncul di dashboard Wazuh.
  
* Cek log manager:
+
---
 
 
  ```bash
 
  sudo tail -f /var/ossec/logs/ossec.log
 
  ```
 
* Cek agent status:
 
 
 
 
 
  sudo /var/ossec/bin/agent_control -ls
 
 
 
👉 Dengan langkah di atas, Wazuh sudah bisa berjalan di Ubuntu 24.04 dengan **Manager + Indexer + Dashboard**.
 
  
Mau saya bikinkan juga **versi instalasi via Docker Compose (lebih cepat dan rapi)** atau cukup native saja seperti ini?
+
Mau saya bikinkan juga **docker-compose.yml minimal** (single-node) biar tidak perlu clone repo resmi, cukup copy-paste file saja?

Latest revision as of 10:48, 22 September 2025

Oke 👍 saya jelaskan langkah-langkah **instalasi Wazuh dengan Docker di Ubuntu 24.04**. Cara ini lebih simpel karena pakai *docker-compose* resmi dari Wazuh.

---

    1. 1. Persiapan Server

Pastikan Ubuntu sudah update dan punya akses root/sudo:

```bash sudo apt update && sudo apt upgrade -y ```

Install paket dasar:

```bash sudo apt install -y curl apt-transport-https ca-certificates gnupg lsb-release ```

---

    1. 2. Install Docker & Docker Compose

Install Docker CE:

```bash curl -fsSL https://get.docker.com | sh ```

Tambahkan user ke grup docker (opsional biar tidak perlu sudo):

```bash sudo usermod -aG docker $USER ```

→ logout / login lagi agar aktif.

Cek versi:

```bash docker --version docker compose version ```

---

    1. 3. Ambil Repository Wazuh Docker

Clone repo resmi Wazuh:

```bash git clone https://github.com/wazuh/wazuh-docker.git -b v4.8.0 ```

  • (ganti `v4.8.0` dengan versi terbaru jika ada update)*

Masuk ke folder:

```bash cd wazuh-docker/single-node ```

---

    1. 4. Jalankan Wazuh

Jalankan stack Wazuh:

```bash docker compose up -d ```

Cek status container:

```bash docker ps ```

Container yang harusnya jalan:

  • `wazuh.manager` → core engine
  • `wazuh.dashboard` → UI web
  • `wazuh.indexer` → database/search

---

    1. 5. Akses Dashboard

Setelah semua jalan, buka browser ke:

``` https://<IP_SERVER>:443 ```

Default login (bisa dicek di `config/wazuh_dashboard_pass`):

  • User: `admin`
  • Password: auto-generate → lihat pakai:
 ```bash
 docker exec -it wazuh.dashboard cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh-passwords.txt
 ```

---

    1. 6. Install Agent (contoh Linux)

Di endpoint yang ingin dipantau:

```bash curl -sO https://packages.wazuh.com/4.8/wazuh-agent-4.8.0.deb sudo WAZUH_MANAGER="<IP_SERVER>" dpkg -i ./wazuh-agent-4.8.0.deb sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent ```

---

✅ Selesai! Sekarang log dari agent akan muncul di dashboard Wazuh.

---

Mau saya bikinkan juga **docker-compose.yml minimal** (single-node) biar tidak perlu clone repo resmi, cukup copy-paste file saja?

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Cyber_Security:_Wazuh_Install_Docker&oldid=72829"