tech on target Watch on YouTube

Wazuh tutorial 9. wazuh installation on docker env using docker-compose mulit-node-infra in english

3 min read 1 hour ago
Published on Oct 03, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the installation of Wazuh on a Docker environment using Docker Compose for a multi-node infrastructure. Wazuh is a powerful security monitoring tool that provides threat detection, integrity monitoring, incident response, and compliance. Using Docker and Docker Compose simplifies the deployment process, making it accessible for both beginners and experienced users.

Step 1: Install Docker and Docker Compose

Before you can install Wazuh, ensure that Docker and Docker Compose are installed on your system.

  1. Install Docker:

    • For Windows or Mac, download and install Docker Desktop from the Docker website.

    • For Linux, use the following commands:

      sudo apt update
sudo apt install docker.io

  2. Install Docker Compose:

    • You can install Docker Compose using the following command:

      sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

  3. Verify Installation:

    • Check if Docker and Docker Compose are installed correctly:

      docker --version
docker-compose --version

Step 2: Set Up the Wazuh Docker Compose File

Create a Docker Compose file to define the Wazuh services.

  1. Create a directory for Wazuh:

    mkdir wazuh-docker
cd wazuh-docker

  2. Create a docker-compose.yml file:

    • Open your preferred text editor and create a new file named docker-compose.yml.

  3. Add the following content to the docker-compose.yml file:

    version: '3.7'
services:
  wazuh-manager:
    image: wazuh/wazuh:latest
    container_name: wazuh-manager
    environment:
      - WAZUH_PASSWORD=your_password_here
    volumes:
      - wazuh-data:/var/ossec/data
    ports:
      - "55000:55000"

  elasticsearch:
    image: elasticsearch:7.9.3
    container_name: elasticsearch
    environment:
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms512m -Xmx512m
    volumes:
      - esdata:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
  
  kibana:
    image: kibana:7.9.3
    container_name: kibana
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
    ports:
      - "5601:5601"

volumes:
  wazuh-data:
  esdata:

  4. Adjust the WAZUH_PASSWORD to a secure password of your choice.

Step 3: Deploy the Wazuh Stack

Now that you have set up the Docker Compose file, you can deploy the Wazuh stack.

  1. Run the following command in the directory containing your docker-compose.yml file:

    docker-compose up -d

  2. Check the status of your containers:

    docker-compose ps

    Ensure that all containers are running properly.

Step 4: Access Wazuh and Kibana

Once the containers are running, you can access the Wazuh and Kibana interfaces.

  1. Access Wazuh:

    • Open your web browser and go to http://localhost:55000.
    • Log in using the username wazuh and the password you set in the docker-compose.yml file.

  2. Access Kibana:

    • Open your web browser and go to http://localhost:5601.

Conclusion

You have successfully installed Wazuh on a Docker environment using Docker Compose for a multi-node infrastructure. This setup allows you to monitor security events effectively. Next steps could include configuring Wazuh agents on your monitored systems, exploring Kibana dashboards for data visualization, or integrating additional services into your infrastructure. Happy monitoring!

Table of Contents

Recent