Difference between revisions of "Cyber Security: Wazuh Install"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "Quickstart Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent a...")
 
Line 1: Line 1:
Quickstart
+
Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh server, the Wazuh indexer, and the Wazuh dashboard.
Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh server, the Wazuh indexer, and the Wazuh dashboard. For more information, check the Getting Started documentation.
 
  
 
Wazuh is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).
 
Wazuh is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).
Line 8: Line 7:
 
Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.
 
Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.
  
Requirements
+
==Requirements==
Hardware
+
 
 +
===Hardware===
 
Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.
 
Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.
  
 
Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:
 
Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:
  
Agents
+
{| class="wikitable"
 +
|+ Keperluan Hardware
 +
|-
 +
! Agents !! CPU !! RAM !! Storage (90 days)
 +
|-
 +
|  1–25 || 4 vCPU || 8 GiB || 50 GB
 +
|-
 +
|  25–50 || 8 vCPU || 8 GiB || 100 GB
 +
|-
 +
| 50–100 || 8 vCPU || 8 GiB || 200 GB
 +
|}
  
CPU
+
For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh server and for the Wazuh indexer, providing high availability and load balancing.
 
 
RAM
 
 
 
Storage (90 days)
 
 
 
1–25
 
 
 
4 vCPU
 
 
 
8 GiB
 
 
 
50 GB
 
 
 
25–50
 
 
 
8 vCPU
 
 
 
8 GiB
 
 
 
100 GB
 
 
 
50–100
 
 
 
8 vCPU
 
 
 
8 GiB
 
 
 
200 GB
 
  
For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh server and for the Wazuh indexer, providing high availability and load balancing.
+
===Operating system===
  
Operating system
 
 
Wazuh central components can be installed on a 64-bit Linux operating system. Wazuh recommends any of the following operating system versions:
 
Wazuh central components can be installed on a 64-bit Linux operating system. Wazuh recommends any of the following operating system versions:
  
Amazon Linux 2
+
* Amazon Linux 2
 +
* CentOS 7, 8
 +
* Red Hat Enterprise Linux 7, 8, 9
 +
* Ubuntu 16.04, 18.04, 20.04, 22.04
  
CentOS 7, 8
+
===Browser compatibility===
  
Red Hat Enterprise Linux 7, 8, 9
 
 
Ubuntu 16.04, 18.04, 20.04, 22.04
 
 
Browser compatibility
 
 
Wazuh dashboard supports the following web browsers:
 
Wazuh dashboard supports the following web browsers:
  
Chrome 95 or later
+
* Chrome 95 or later
 +
* Firefox 93 or later
 +
* Safari 13.7 or later
  
Firefox 93 or later
+
Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.
  
Safari 13.7 or later
+
==Installing Wazuh==
  
Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.
 
 
Installing Wazuh
 
 
Download and run the Wazuh installation assistant.
 
Download and run the Wazuh installation assistant.
  
 +
curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
  
curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
 
 
Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.
 
Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.
  
 +
INFO: --- Summary ---
 +
INFO: You can access the web interface https://<wazuh-dashboard-ip>
 +
    User: admin
 +
    Password: <ADMIN_PASSWORD>
 +
INFO: Installation finished.
  
INFO: --- Summary ---
 
INFO: You can access the web interface https://<wazuh-dashboard-ip>
 
    User: admin
 
    Password: <ADMIN_PASSWORD>
 
INFO: Installation finished.
 
 
You now have installed and configured Wazuh.
 
You now have installed and configured Wazuh.
  
 
Access the Wazuh web interface with https://<wazuh-dashboard-ip> and your credentials:
 
Access the Wazuh web interface with https://<wazuh-dashboard-ip> and your credentials:
  
Username: admin
+
Username: admin
 
+
Password: <ADMIN_PASSWORD>
Password: <ADMIN_PASSWORD>
 
  
 
When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.
 
When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.
Line 95: Line 72:
 
Note You can find the passwords for all the Wazuh indexer and Wazuh API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:
 
Note You can find the passwords for all the Wazuh indexer and Wazuh API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:
  
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
+
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
 +
 
 
If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option -u or –-uninstall.
 
If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option -u or –-uninstall.
 
 
  
  

Revision as of 06:23, 10 July 2023

Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh server, the Wazuh indexer, and the Wazuh dashboard.

Wazuh is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).

This quickstart shows you how to install the Wazuh central components, on the same host, using our installation assistant. You can check our Installation guide for more details and other installation options.

Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.

Requirements

Hardware

Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.

Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:

Keperluan Hardware
Agents CPU RAM Storage (90 days)
1–25 4 vCPU 8 GiB 50 GB
25–50 8 vCPU 8 GiB 100 GB
50–100 8 vCPU 8 GiB 200 GB

For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh server and for the Wazuh indexer, providing high availability and load balancing.

Operating system

Wazuh central components can be installed on a 64-bit Linux operating system. Wazuh recommends any of the following operating system versions:

  • Amazon Linux 2
  • CentOS 7, 8
  • Red Hat Enterprise Linux 7, 8, 9
  • Ubuntu 16.04, 18.04, 20.04, 22.04

Browser compatibility

Wazuh dashboard supports the following web browsers:

  • Chrome 95 or later
  • Firefox 93 or later
  • Safari 13.7 or later

Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.

Installing Wazuh

Download and run the Wazuh installation assistant.

curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.

INFO: --- Summary ---
INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: <ADMIN_PASSWORD>
INFO: Installation finished.

You now have installed and configured Wazuh.

Access the Wazuh web interface with https://<wazuh-dashboard-ip> and your credentials:

Username: admin
Password: <ADMIN_PASSWORD>

When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.

Note You can find the passwords for all the Wazuh indexer and Wazuh API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:

sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option -u or –-uninstall.


Referensi