Cyber Security: Wazuh Install Docker

From OnnoWiki
Revision as of 10:47, 22 September 2025 by Onnowpurbo (talk | contribs) (Created page with "Baik, saya kasih panduan step-by-step instalasi **Wazuh di Ubuntu 24.04**. Wazuh biasanya dipasang dalam bentuk **Wazuh server (manager + indexer + dashboard)**, atau **Wazuh...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Baik, saya kasih panduan step-by-step instalasi **Wazuh di Ubuntu 24.04**. Wazuh biasanya dipasang dalam bentuk **Wazuh server (manager + indexer + dashboard)**, atau **Wazuh agent** di endpoint. Di sini saya jelaskan instalasi **all-in-one Wazuh server** untuk uji coba/lab (production biasanya dipisah per komponen).

---

    1. 🔹 1. Persiapan

Pastikan sistem sudah update:

```bash sudo apt update && sudo apt upgrade -y ```

Install paket pendukung:

```bash sudo apt install curl apt-transport-https unzip wget gnupg lsb-release software-properties-common -y ```

---

    1. 🔹 2. Tambah Repository Wazuh

Import GPG key:

```bash curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --dearmor -o /usr/share/keyrings/wazuh.gpg ```

Tambahkan repo:

```bash echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt stable main" | \ 

 sudo tee /etc/apt/sources.list.d/wazuh.list

```

Update:

```bash sudo apt update ```

---

    1. 🔹 3. Instal Wazuh Manager

```bash sudo apt install wazuh-manager -y ```

Jalankan service:

```bash sudo systemctl daemon-reload sudo systemctl enable wazuh-manager sudo systemctl start wazuh-manager sudo systemctl status wazuh-manager ```

---

    1. 🔹 4. Instal Wazuh Indexer (ElasticSearch fork)

```bash sudo apt install wazuh-indexer -y ```

Enable & start:

```bash sudo systemctl enable wazuh-indexer sudo systemctl start wazuh-indexer ```

---

    1. 🔹 5. Instal Wazuh Dashboard (Web UI)

```bash sudo apt install wazuh-dashboard -y ```

Enable & start:

```bash sudo systemctl enable wazuh-dashboard sudo systemctl start wazuh-dashboard ```

---

    1. 🔹 6. Akses Dashboard

Default URL:

``` https://<IP-server>:5601 ```

Login awal biasanya:

  • **User:** `admin`
  • **Password:** bisa dicek dengan:
 ```bash
 sudo cat /etc/wazuh-dashboard/initial_admin_password
 ```

---

    1. 🔹 7. Tambah Wazuh Agent (Contoh di Ubuntu)

```bash sudo apt install wazuh-agent -y ```

Edit konfigurasi:

```bash sudo nano /var/ossec/etc/ossec.conf ```

Ubah bagian:

```xml <server> 

 <address>IP_WAZUH_MANAGER</address>

</server> ```

Jalankan agent:

```bash sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent ```

---

    1. 🔹 8. Verifikasi
  • Cek log manager:
 ```bash
 sudo tail -f /var/ossec/logs/ossec.log
 ```
  • Cek agent status:


 sudo /var/ossec/bin/agent_control -ls

👉 Dengan langkah di atas, Wazuh sudah bisa berjalan di Ubuntu 24.04 dengan **Manager + Indexer + Dashboard**.

Mau saya bikinkan juga **versi instalasi via Docker Compose (lebih cepat dan rapi)** atau cukup native saja seperti ini?

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Cyber_Security:_Wazuh_Install_Docker&oldid=72828"