Wazuh Installation and Configuration
Wazuh Installation and Configuration
Architecture
Wazuh: Installation & Configuration
Requirements
Hardware – all in one
The minimum requirements for 25 agents and 90
days of history are as follows:
4 CPU
8 GB RAM
50 GB available disk space – preferably SSD
Installation alternatives
https://documentation.wazuh.com/current/deployment-options/index.html
Wazuh: Installation & Configuration
Documentation
https://documentation.wazuh.com/current/index.html
2
Wazuh indexer
Wazuh: Installation & Configuration
Wazuh indexer
Hardware recommendations for each node
Minimum
2 CPU
4 GB RAM
Recommended
8 CPU
16 GB RAM
Wazuh server
Hardware recommendations for each node
Minimum
2 CPU
2 GB RAM
Recommended
8 CPU
4 GB RAM
Wazuh dashboard
Hardware recommendations for each node
Minimum
2 CPU
4 GB RAM
Recommended
4 CPU
8 GB RAM
Browser compatibility
Chrome 95 or later
Firefox 93 or later
Safari 13.7 or later
Other Chromium-based browsers might also work.
Internet Explorer 11 is not supported
Wazuh: Installation & Configuration
Wazuh agents
The agent was developed considering the need to
monitor a wide variety of different endpoints without
impacting their performance
Agent supported on the most popular operating systems
Requires 35 MB of RAM on average
Demo time
Wazuh: Installation & Configuration
# Edit ./config.yml and replace the node names and IP values with the corresponding names and IP addresses.
nano ./config.yml
# Deploying certificates
NODE_NAME=wazuh-demo
mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-
ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
# Add the default username and password admin:admin to the secrets keystore.
echo admin | filebeat keystore add username --stdin --force
echo admin | filebeat keystore add password --stdin --force
Wazuh: Installation & Configuration
# Deploying certificates
NODE_NAME=wazuh-demo
mkdir /etc/filebeat/certs
tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
chmod 500 /etc/filebeat/certs
chmod 400 /etc/filebeat/certs/*
chown -R root:root /etc/filebeat/certs
# Deploying certificates
NODE_NAME=wazuh-demo
mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
ll /etc/wazuh-dashboard/certs/
Contact us:
Phone: +420 800 244 442
Web: https://www.initmax.cz
Email: [email protected]
LinkedIn: https://www.linkedin.com/company/initmax
Twitter: https://twitter.com/initmax